def create_permission_file(path: pathlib.Path, domain_id,
policy_element) -> None:
permissions_xsl_path = get_transport_template('dds', 'permissions.xsl')
permissions_xsl = etree.XSLT(etree.parse(str(permissions_xsl_path)))
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
permissions_xsd = etree.XMLSchema(etree.parse(str(permissions_xsd_path)))
kwargs = {}
cert_path = path.parent.joinpath('cert.pem')
cert_content = _utilities.load_cert(cert_path)
kwargs['not_valid_before'] = etree.XSLT.strparam(
cert_content.not_valid_before.isoformat())
kwargs['not_valid_after'] = etree.XSLT.strparam(
cert_content.not_valid_after.isoformat())
if get_rmw_implementation_identifier() in _RMW_WITH_ROS_GRAPH_INFO_TOPIC:
kwargs['allow_ros_discovery_topic'] = etree.XSLT.strparam('1')
permissions_xml = permissions_xsl(policy_element, **kwargs)
domain_id_elements = permissions_xml.findall(
'permissions/grant/*/domains/id')
for domain_id_element in domain_id_elements:
domain_id_element.text = domain_id
try:
permissions_xsd.assertValid(permissions_xml)
except etree.DocumentInvalid as e:
raise sros2.errors.InvalidPermissionsXMLError(e) from e
with open(path, 'wb') as f:
f.write(etree.tostring(permissions_xml, pretty_print=True))
def test_policy_to_permissions():
# Get paths
policy_xsd_path = get_policy_schema('policy.xsd')
permissions_xsl_path = get_transport_template('dds', 'permissions.xsl')
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
# Parse files
policy_xsd = etree.XMLSchema(etree.parse(policy_xsd_path))
permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path))
permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path))
# Get policy
test_dir = os.path.dirname(os.path.abspath(__file__))
policy_xml_path = os.path.join(test_dir, 'policies', 'sample_policy.xml')
policy_xml = etree.parse(policy_xml_path)
policy_xml.xinclude()
# Validate policy schema
policy_xsd.assertValid(policy_xml)
# Transform policy
permissions_xml = permissions_xsl(policy_xml)
# Validate permissions schema
permissions_xsd.assertValid(permissions_xml)
# Assert expected permissions
permissions_xml_path = os.path.join(test_dir, 'policies',
'permissions.xml')
with open(permissions_xml_path) as f:
expected = f.read()
actual = etree.tostring(permissions_xml, pretty_print=True).decode()
assert actual == expected
def test_policy_to_permissions():
# Get paths
policy_xsd_path = get_policy_schema('policy.xsd')
permissions_xsl_path = get_transport_template('dds', 'permissions.xsl')
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
# Parse files
policy_xsd = etree.XMLSchema(etree.parse(policy_xsd_path))
permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path))
permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path))
# Get policy
test_dir = Path(__file__).resolve().parent
policy_xml_path = test_dir / 'policies' / 'sample.policy.xml'
policy_xml = etree.parse(str(policy_xml_path))
policy_xml.xinclude()
# Validate policy schema
policy_xsd.assertValid(policy_xml)
# Transform policy
permissions_xml = permissions_xsl(policy_xml)
# Validate permissions schema
permissions_xsd.assertValid(permissions_xml)
# Assert expected permissions
permissions_xml_path = test_dir / 'policies' / 'permissions' / 'sample' / 'permissions.xml'
with permissions_xml_path.open() as f:
expected = f.read()
actual = etree.tostring(permissions_xml, pretty_print=True).decode()
assert actual == expected
def test_create_permission(enclave_dir):
assert enclave_dir.joinpath('permissions.xml').is_file()
assert enclave_dir.joinpath('permissions.p7s').is_file()
tree = lxml.etree.parse(str(enclave_dir.joinpath('permissions.xml')))
# Validate the schema
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
permissions_xsd = lxml.etree.XMLSchema(
lxml.etree.parse(permissions_xsd_path))
permissions_xsd.assertValid(tree)
dds = tree.getroot()
assert dds.tag == 'dds'
permissions = list(dds.iterchildren(tag='permissions'))
assert len(permissions) == 1
grants = list(permissions[0].iterchildren(tag='grant'))
assert len(grants) == 1
assert grants[0].get('name') == _test_identity
allow_rules = list(grants[0].iterchildren(tag='allow_rule'))
if rclpy.get_rmw_implementation_identifier(
) in _permission._RMW_WITH_ROS_GRAPH_INFO_TOPIC:
assert len(allow_rules) == 2
else:
assert len(allow_rules) == 1
publish_rules = list(allow_rules[0].iterchildren(tag='publish'))
assert len(publish_rules) == 1
subscribe_rules = list(allow_rules[0].iterchildren(tag='subscribe'))
assert len(subscribe_rules) == 1
published_topics_set = list(publish_rules[0].iterchildren(tag='topics'))
assert len(published_topics_set) == 1
published_topics = [
c.text for c in published_topics_set[0].iterchildren(tag='topic')
]
assert len(published_topics) > 0
subscribed_topics_set = list(subscribe_rules[0].iterchildren(tag='topics'))
assert len(subscribed_topics_set) == 1
subscribed_topics = [
c.text for c in subscribed_topics_set[0].iterchildren(tag='topic')
]
assert len(subscribed_topics) > 0
# Verify that publication is allowed on chatter, but not subscription
assert 'rt/chatter' in published_topics
assert 'rt/chatter' not in subscribed_topics
def create_permission_file(path, domain_id, policy_element):
permissions_xsl_path = get_transport_template('dds', 'permissions.xsl')
permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path))
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path))
permissions_xml = permissions_xsl(policy_element)
domain_id_elements = permissions_xml.findall(
'permissions/grant/*/domains/id')
for domain_id_element in domain_id_elements:
domain_id_element.text = domain_id
try:
permissions_xsd.assertValid(permissions_xml)
except etree.DocumentInvalid as e:
raise RuntimeError(str(e))
with open(path, 'wb') as f:
f.write(etree.tostring(permissions_xml, pretty_print=True))
def create_governance_file(path, domain_id):
# for this application we are only looking to authenticate and encrypt;
# we do not need/want access control at this point.
governance_xml_path = get_transport_default('dds', 'governance.xml')
governance_xml = etree.parse(governance_xml_path)
governance_xsd_path = get_transport_schema('dds', 'governance.xsd')
governance_xsd = etree.XMLSchema(etree.parse(governance_xsd_path))
domain_id_elements = governance_xml.findall(
'domain_access_rules/domain_rule/domains/id')
for domain_id_element in domain_id_elements:
domain_id_element.text = domain_id
try:
governance_xsd.assertValid(governance_xml)
except etree.DocumentInvalid as e:
raise RuntimeError(str(e))
with open(path, 'wb') as f:
f.write(etree.tostring(governance_xml, pretty_print=True))
def create_permission_file(path, domain_id, policy_element):
print('creating permission')
permissions_xsl_path = get_transport_template('dds', 'permissions.xsl')
permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path))
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path))
kwargs = {}
if get_rmw_implementation_identifier() in _RMW_WITH_ROS_GRAPH_INFO_TOPIC:
kwargs['allow_ros_discovery_topic'] = etree.XSLT.strparam('1')
permissions_xml = permissions_xsl(policy_element, **kwargs)
domain_id_elements = permissions_xml.findall('permissions/grant/*/domains/id')
for domain_id_element in domain_id_elements:
domain_id_element.text = domain_id
try:
permissions_xsd.assertValid(permissions_xml)
except etree.DocumentInvalid as e:
raise RuntimeError(str(e))
with open(path, 'wb') as f:
f.write(etree.tostring(permissions_xml, pretty_print=True))
def test_permissions_xml(enclave_keys_dir):
permissions_xml = etree.parse(str(enclave_keys_dir / 'permissions.xml'))
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
permissions_xsd = etree.XMLSchema(etree.parse(str(permissions_xsd_path)))
permissions_xsd.assertValid(permissions_xml)
def test_permissions_xml(node_keys_dir):
permissions_xml = etree.parse(
os.path.join(node_keys_dir, 'permissions.xml'))
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path))
permissions_xsd.assertValid(permissions_xml)
import glob
from pathlib import Path
from lxml import etree
from sros2.policy import (
get_policy_schema,
get_transport_schema,
get_transport_template,
)
# Get paths
policy_xsd_path = get_policy_schema('policy.xsd')
permissions_xsl_path = get_transport_template('dds', 'permissions.xsl')
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
# Parse files
policy_xsd = etree.XMLSchema(etree.parse(policy_xsd_path))
permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path))
permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path))
for policy_xml_path in glob.glob('*.policy.xml'):
# Get policy
policy_xml = etree.parse(policy_xml_path)
policy_xml.xinclude()
# Validate policy schema
policy_xsd.assertValid(policy_xml)