def create_permission_file(path: pathlib.Path, domain_id, policy_element) -> None: permissions_xsl_path = get_transport_template('dds', 'permissions.xsl') permissions_xsl = etree.XSLT(etree.parse(str(permissions_xsl_path))) permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') permissions_xsd = etree.XMLSchema(etree.parse(str(permissions_xsd_path))) kwargs = {} cert_path = path.parent.joinpath('cert.pem') cert_content = _utilities.load_cert(cert_path) kwargs['not_valid_before'] = etree.XSLT.strparam( cert_content.not_valid_before.isoformat()) kwargs['not_valid_after'] = etree.XSLT.strparam( cert_content.not_valid_after.isoformat()) if get_rmw_implementation_identifier() in _RMW_WITH_ROS_GRAPH_INFO_TOPIC: kwargs['allow_ros_discovery_topic'] = etree.XSLT.strparam('1') permissions_xml = permissions_xsl(policy_element, **kwargs) domain_id_elements = permissions_xml.findall( 'permissions/grant/*/domains/id') for domain_id_element in domain_id_elements: domain_id_element.text = domain_id try: permissions_xsd.assertValid(permissions_xml) except etree.DocumentInvalid as e: raise sros2.errors.InvalidPermissionsXMLError(e) from e with open(path, 'wb') as f: f.write(etree.tostring(permissions_xml, pretty_print=True))
def test_policy_to_permissions(): # Get paths policy_xsd_path = get_policy_schema('policy.xsd') permissions_xsl_path = get_transport_template('dds', 'permissions.xsl') permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') # Parse files policy_xsd = etree.XMLSchema(etree.parse(policy_xsd_path)) permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path)) permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path)) # Get policy test_dir = os.path.dirname(os.path.abspath(__file__)) policy_xml_path = os.path.join(test_dir, 'policies', 'sample_policy.xml') policy_xml = etree.parse(policy_xml_path) policy_xml.xinclude() # Validate policy schema policy_xsd.assertValid(policy_xml) # Transform policy permissions_xml = permissions_xsl(policy_xml) # Validate permissions schema permissions_xsd.assertValid(permissions_xml) # Assert expected permissions permissions_xml_path = os.path.join(test_dir, 'policies', 'permissions.xml') with open(permissions_xml_path) as f: expected = f.read() actual = etree.tostring(permissions_xml, pretty_print=True).decode() assert actual == expected
def test_policy_to_permissions(): # Get paths policy_xsd_path = get_policy_schema('policy.xsd') permissions_xsl_path = get_transport_template('dds', 'permissions.xsl') permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') # Parse files policy_xsd = etree.XMLSchema(etree.parse(policy_xsd_path)) permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path)) permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path)) # Get policy test_dir = Path(__file__).resolve().parent policy_xml_path = test_dir / 'policies' / 'sample.policy.xml' policy_xml = etree.parse(str(policy_xml_path)) policy_xml.xinclude() # Validate policy schema policy_xsd.assertValid(policy_xml) # Transform policy permissions_xml = permissions_xsl(policy_xml) # Validate permissions schema permissions_xsd.assertValid(permissions_xml) # Assert expected permissions permissions_xml_path = test_dir / 'policies' / 'permissions' / 'sample' / 'permissions.xml' with permissions_xml_path.open() as f: expected = f.read() actual = etree.tostring(permissions_xml, pretty_print=True).decode() assert actual == expected
def test_create_permission(enclave_dir): assert enclave_dir.joinpath('permissions.xml').is_file() assert enclave_dir.joinpath('permissions.p7s').is_file() tree = lxml.etree.parse(str(enclave_dir.joinpath('permissions.xml'))) # Validate the schema permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') permissions_xsd = lxml.etree.XMLSchema( lxml.etree.parse(permissions_xsd_path)) permissions_xsd.assertValid(tree) dds = tree.getroot() assert dds.tag == 'dds' permissions = list(dds.iterchildren(tag='permissions')) assert len(permissions) == 1 grants = list(permissions[0].iterchildren(tag='grant')) assert len(grants) == 1 assert grants[0].get('name') == _test_identity allow_rules = list(grants[0].iterchildren(tag='allow_rule')) if rclpy.get_rmw_implementation_identifier( ) in _permission._RMW_WITH_ROS_GRAPH_INFO_TOPIC: assert len(allow_rules) == 2 else: assert len(allow_rules) == 1 publish_rules = list(allow_rules[0].iterchildren(tag='publish')) assert len(publish_rules) == 1 subscribe_rules = list(allow_rules[0].iterchildren(tag='subscribe')) assert len(subscribe_rules) == 1 published_topics_set = list(publish_rules[0].iterchildren(tag='topics')) assert len(published_topics_set) == 1 published_topics = [ c.text for c in published_topics_set[0].iterchildren(tag='topic') ] assert len(published_topics) > 0 subscribed_topics_set = list(subscribe_rules[0].iterchildren(tag='topics')) assert len(subscribed_topics_set) == 1 subscribed_topics = [ c.text for c in subscribed_topics_set[0].iterchildren(tag='topic') ] assert len(subscribed_topics) > 0 # Verify that publication is allowed on chatter, but not subscription assert 'rt/chatter' in published_topics assert 'rt/chatter' not in subscribed_topics
def create_permission_file(path, domain_id, policy_element): permissions_xsl_path = get_transport_template('dds', 'permissions.xsl') permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path)) permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path)) permissions_xml = permissions_xsl(policy_element) domain_id_elements = permissions_xml.findall( 'permissions/grant/*/domains/id') for domain_id_element in domain_id_elements: domain_id_element.text = domain_id try: permissions_xsd.assertValid(permissions_xml) except etree.DocumentInvalid as e: raise RuntimeError(str(e)) with open(path, 'wb') as f: f.write(etree.tostring(permissions_xml, pretty_print=True))
def create_governance_file(path, domain_id): # for this application we are only looking to authenticate and encrypt; # we do not need/want access control at this point. governance_xml_path = get_transport_default('dds', 'governance.xml') governance_xml = etree.parse(governance_xml_path) governance_xsd_path = get_transport_schema('dds', 'governance.xsd') governance_xsd = etree.XMLSchema(etree.parse(governance_xsd_path)) domain_id_elements = governance_xml.findall( 'domain_access_rules/domain_rule/domains/id') for domain_id_element in domain_id_elements: domain_id_element.text = domain_id try: governance_xsd.assertValid(governance_xml) except etree.DocumentInvalid as e: raise RuntimeError(str(e)) with open(path, 'wb') as f: f.write(etree.tostring(governance_xml, pretty_print=True))
def create_permission_file(path, domain_id, policy_element): print('creating permission') permissions_xsl_path = get_transport_template('dds', 'permissions.xsl') permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path)) permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path)) kwargs = {} if get_rmw_implementation_identifier() in _RMW_WITH_ROS_GRAPH_INFO_TOPIC: kwargs['allow_ros_discovery_topic'] = etree.XSLT.strparam('1') permissions_xml = permissions_xsl(policy_element, **kwargs) domain_id_elements = permissions_xml.findall('permissions/grant/*/domains/id') for domain_id_element in domain_id_elements: domain_id_element.text = domain_id try: permissions_xsd.assertValid(permissions_xml) except etree.DocumentInvalid as e: raise RuntimeError(str(e)) with open(path, 'wb') as f: f.write(etree.tostring(permissions_xml, pretty_print=True))
def test_permissions_xml(enclave_keys_dir): permissions_xml = etree.parse(str(enclave_keys_dir / 'permissions.xml')) permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') permissions_xsd = etree.XMLSchema(etree.parse(str(permissions_xsd_path))) permissions_xsd.assertValid(permissions_xml)
def test_permissions_xml(node_keys_dir): permissions_xml = etree.parse( os.path.join(node_keys_dir, 'permissions.xml')) permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path)) permissions_xsd.assertValid(permissions_xml)
import glob from pathlib import Path from lxml import etree from sros2.policy import ( get_policy_schema, get_transport_schema, get_transport_template, ) # Get paths policy_xsd_path = get_policy_schema('policy.xsd') permissions_xsl_path = get_transport_template('dds', 'permissions.xsl') permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd') # Parse files policy_xsd = etree.XMLSchema(etree.parse(policy_xsd_path)) permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path)) permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path)) for policy_xml_path in glob.glob('*.policy.xml'): # Get policy policy_xml = etree.parse(policy_xml_path) policy_xml.xinclude() # Validate policy schema policy_xsd.assertValid(policy_xml)