Skip to content

Commit

Permalink
Loop through polcies when generating permissions
Browse files Browse the repository at this point in the history 
Signed-off-by: Ivan Santiago Paunovic <[email protected]>
  • Loading branch information
@ivanpauno
ivanpauno committed Mar 31, 2020
1 parent 8e10288 commit 2552283
Show file tree
Hide file tree
Showing 6 changed files with 358 additions and 21 deletions.
106 changes: 106 additions & 0 deletions sros2/test/policies/permissions/add_two_ints/permissions.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
<permissions>
<grant name="/add_two_ints_server">
<subject_name>CN=/add_two_ints_server</subject_name>
<validity>
<not_before>2013-10-26T00:00:00</not_before>
<not_after>2023-10-26T22:45:30</not_after>
</validity>
<allow_rule>
<domains>
<id>0</id>
</domains>
<publish>
<topics>
<topic>rq/add_two_ints_server/describe_parametersRequest</topic>
<topic>rq/add_two_ints_server/get_parameter_typesRequest</topic>
<topic>rq/add_two_ints_server/get_parametersRequest</topic>
<topic>rq/add_two_ints_server/list_parametersRequest</topic>
<topic>rq/add_two_ints_server/set_parametersRequest</topic>
<topic>rq/add_two_ints_server/set_parameters_atomicallyRequest</topic>
<topic>rr/add_two_intsReply</topic>
<topic>rr/add_two_ints_server/describe_parametersReply</topic>
<topic>rr/add_two_ints_server/get_parameter_typesReply</topic>
<topic>rr/add_two_ints_server/get_parametersReply</topic>
<topic>rr/add_two_ints_server/list_parametersReply</topic>
<topic>rr/add_two_ints_server/set_parametersReply</topic>
<topic>rr/add_two_ints_server/set_parameters_atomicallyReply</topic>
<topic>rt/parameter_events</topic>
<topic>rt/rosout</topic>
</topics>
</publish>
<subscribe>
<topics>
<topic>rq/add_two_intsRequest</topic>
<topic>rq/add_two_ints_server/describe_parametersRequest</topic>
<topic>rq/add_two_ints_server/get_parameter_typesRequest</topic>
<topic>rq/add_two_ints_server/get_parametersRequest</topic>
<topic>rq/add_two_ints_server/list_parametersRequest</topic>
<topic>rq/add_two_ints_server/set_parametersRequest</topic>
<topic>rq/add_two_ints_server/set_parameters_atomicallyRequest</topic>
<topic>rr/add_two_ints_server/describe_parametersReply</topic>
<topic>rr/add_two_ints_server/get_parameter_typesReply</topic>
<topic>rr/add_two_ints_server/get_parametersReply</topic>
<topic>rr/add_two_ints_server/list_parametersReply</topic>
<topic>rr/add_two_ints_server/set_parametersReply</topic>
<topic>rr/add_two_ints_server/set_parameters_atomicallyReply</topic>
<topic>rt/clock</topic>
<topic>rt/parameter_events</topic>
</topics>
</subscribe>
</allow_rule>
<default>DENY</default>
</grant>
<grant name="/add_two_ints_client">
<subject_name>CN=/add_two_ints_client</subject_name>
<validity>
<not_before>2013-10-26T00:00:00</not_before>
<not_after>2023-10-26T22:45:30</not_after>
</validity>
<allow_rule>
<domains>
<id>0</id>
</domains>
<publish>
<topics>
<topic>rq/add_two_intsRequest</topic>
<topic>rq/add_two_ints_client/describe_parametersRequest</topic>
<topic>rq/add_two_ints_client/get_parameter_typesRequest</topic>
<topic>rq/add_two_ints_client/get_parametersRequest</topic>
<topic>rq/add_two_ints_client/list_parametersRequest</topic>
<topic>rq/add_two_ints_client/set_parametersRequest</topic>
<topic>rq/add_two_ints_client/set_parameters_atomicallyRequest</topic>
<topic>rr/add_two_ints_client/describe_parametersReply</topic>
<topic>rr/add_two_ints_client/get_parameter_typesReply</topic>
<topic>rr/add_two_ints_client/get_parametersReply</topic>
<topic>rr/add_two_ints_client/list_parametersReply</topic>
<topic>rr/add_two_ints_client/set_parametersReply</topic>
<topic>rr/add_two_ints_client/set_parameters_atomicallyReply</topic>
<topic>rt/parameter_events</topic>
<topic>rt/rosout</topic>
</topics>
</publish>
<subscribe>
<topics>
<topic>rq/add_two_ints_client/describe_parametersRequest</topic>
<topic>rq/add_two_ints_client/get_parameter_typesRequest</topic>
<topic>rq/add_two_ints_client/get_parametersRequest</topic>
<topic>rq/add_two_ints_client/list_parametersRequest</topic>
<topic>rq/add_two_ints_client/set_parametersRequest</topic>
<topic>rq/add_two_ints_client/set_parameters_atomicallyRequest</topic>
<topic>rr/add_two_intsReply</topic>
<topic>rr/add_two_ints_client/describe_parametersReply</topic>
<topic>rr/add_two_ints_client/get_parameter_typesReply</topic>
<topic>rr/add_two_ints_client/get_parametersReply</topic>
<topic>rr/add_two_ints_client/list_parametersReply</topic>
<topic>rr/add_two_ints_client/set_parametersReply</topic>
<topic>rr/add_two_ints_client/set_parameters_atomicallyReply</topic>
<topic>rt/clock</topic>
<topic>rt/parameter_events</topic>
</topics>
</subscribe>
</allow_rule>
<default>DENY</default>
</grant>
</permissions>
</dds>
118 changes: 118 additions & 0 deletions sros2/test/policies/permissions/minimal_action/permissions.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
<permissions>
<grant name="/minimal_action_server">
<subject_name>CN=/minimal_action_server</subject_name>
<validity>
<not_before>2013-10-26T00:00:00</not_before>
<not_after>2023-10-26T22:45:30</not_after>
</validity>
<allow_rule>
<domains>
<id>0</id>
</domains>
<publish>
<topics>
<topic>rq/minimal_action_server/describe_parametersRequest</topic>
<topic>rq/minimal_action_server/get_parameter_typesRequest</topic>
<topic>rq/minimal_action_server/get_parametersRequest</topic>
<topic>rq/minimal_action_server/list_parametersRequest</topic>
<topic>rq/minimal_action_server/set_parametersRequest</topic>
<topic>rq/minimal_action_server/set_parameters_atomicallyRequest</topic>
<topic>rr/fibonacci/_action/cancel_goalReply</topic>
<topic>rr/fibonacci/_action/get_resultReply</topic>
<topic>rr/fibonacci/_action/send_goalReply</topic>
<topic>rt/fibonacci/_action/feedback</topic>
<topic>rt/fibonacci/_action/status</topic>
<topic>rr/minimal_action_server/describe_parametersReply</topic>
<topic>rr/minimal_action_server/get_parameter_typesReply</topic>
<topic>rr/minimal_action_server/get_parametersReply</topic>
<topic>rr/minimal_action_server/list_parametersReply</topic>
<topic>rr/minimal_action_server/set_parametersReply</topic>
<topic>rr/minimal_action_server/set_parameters_atomicallyReply</topic>
<topic>rt/parameter_events</topic>
<topic>rt/rosout</topic>
</topics>
</publish>
<subscribe>
<topics>
<topic>rq/fibonacci/_action/cancel_goalRequest</topic>
<topic>rq/fibonacci/_action/get_resultRequest</topic>
<topic>rq/fibonacci/_action/send_goalRequest</topic>
<topic>rq/minimal_action_server/describe_parametersRequest</topic>
<topic>rq/minimal_action_server/get_parameter_typesRequest</topic>
<topic>rq/minimal_action_server/get_parametersRequest</topic>
<topic>rq/minimal_action_server/list_parametersRequest</topic>
<topic>rq/minimal_action_server/set_parametersRequest</topic>
<topic>rq/minimal_action_server/set_parameters_atomicallyRequest</topic>
<topic>rr/minimal_action_server/describe_parametersReply</topic>
<topic>rr/minimal_action_server/get_parameter_typesReply</topic>
<topic>rr/minimal_action_server/get_parametersReply</topic>
<topic>rr/minimal_action_server/list_parametersReply</topic>
<topic>rr/minimal_action_server/set_parametersReply</topic>
<topic>rr/minimal_action_server/set_parameters_atomicallyReply</topic>
<topic>rt/clock</topic>
<topic>rt/parameter_events</topic>
</topics>
</subscribe>
</allow_rule>
<default>DENY</default>
</grant>
<grant name="/minimal_action_client">
<subject_name>CN=/minimal_action_client</subject_name>
<validity>
<not_before>2013-10-26T00:00:00</not_before>
<not_after>2023-10-26T22:45:30</not_after>
</validity>
<allow_rule>
<domains>
<id>0</id>
</domains>
<publish>
<topics>
<topic>rq/fibonacci/_action/cancel_goalRequest</topic>
<topic>rq/fibonacci/_action/get_resultRequest</topic>
<topic>rq/fibonacci/_action/send_goalRequest</topic>
<topic>rq/minimal_action_client/describe_parametersRequest</topic>
<topic>rq/minimal_action_client/get_parameter_typesRequest</topic>
<topic>rq/minimal_action_client/get_parametersRequest</topic>
<topic>rq/minimal_action_client/list_parametersRequest</topic>
<topic>rq/minimal_action_client/set_parametersRequest</topic>
<topic>rq/minimal_action_client/set_parameters_atomicallyRequest</topic>
<topic>rr/minimal_action_client/describe_parametersReply</topic>
<topic>rr/minimal_action_client/get_parameter_typesReply</topic>
<topic>rr/minimal_action_client/get_parametersReply</topic>
<topic>rr/minimal_action_client/list_parametersReply</topic>
<topic>rr/minimal_action_client/set_parametersReply</topic>
<topic>rr/minimal_action_client/set_parameters_atomicallyReply</topic>
<topic>rt/parameter_events</topic>
<topic>rt/rosout</topic>
</topics>
</publish>
<subscribe>
<topics>
<topic>rq/minimal_action_client/describe_parametersRequest</topic>
<topic>rq/minimal_action_client/get_parameter_typesRequest</topic>
<topic>rq/minimal_action_client/get_parametersRequest</topic>
<topic>rq/minimal_action_client/list_parametersRequest</topic>
<topic>rq/minimal_action_client/set_parametersRequest</topic>
<topic>rq/minimal_action_client/set_parameters_atomicallyRequest</topic>
<topic>rr/fibonacci/_action/cancel_goalReply</topic>
<topic>rr/fibonacci/_action/get_resultReply</topic>
<topic>rr/fibonacci/_action/send_goalReply</topic>
<topic>rt/fibonacci/_action/feedback</topic>
<topic>rt/fibonacci/_action/status</topic>
<topic>rr/minimal_action_client/describe_parametersReply</topic>
<topic>rr/minimal_action_client/get_parameter_typesReply</topic>
<topic>rr/minimal_action_client/get_parametersReply</topic>
<topic>rr/minimal_action_client/list_parametersReply</topic>
<topic>rr/minimal_action_client/set_parametersReply</topic>
<topic>rr/minimal_action_client/set_parameters_atomicallyReply</topic>
<topic>rt/clock</topic>
<topic>rt/parameter_events</topic>
</topics>
</subscribe>
</allow_rule>
<default>DENY</default>
</grant>
</permissions>
</dds>
0 sros2/test/policies/permissions.xml → ...licies/permissions/sample/permissions.xml
View file
File renamed without changes.
104 changes: 104 additions & 0 deletions sros2/test/policies/permissions/talker_listener/permissions.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
<permissions>
<grant name="/talker">
<subject_name>CN=/talker</subject_name>
<validity>
<not_before>2013-10-26T00:00:00</not_before>
<not_after>2023-10-26T22:45:30</not_after>
</validity>
<allow_rule>
<domains>
<id>0</id>
</domains>
<publish>
<topics>
<topic>rq/talker/describe_parametersRequest</topic>
<topic>rq/talker/get_parameter_typesRequest</topic>
<topic>rq/talker/get_parametersRequest</topic>
<topic>rq/talker/list_parametersRequest</topic>
<topic>rq/talker/set_parametersRequest</topic>
<topic>rq/talker/set_parameters_atomicallyRequest</topic>
<topic>rr/talker/describe_parametersReply</topic>
<topic>rr/talker/get_parameter_typesReply</topic>
<topic>rr/talker/get_parametersReply</topic>
<topic>rr/talker/list_parametersReply</topic>
<topic>rr/talker/set_parametersReply</topic>
<topic>rr/talker/set_parameters_atomicallyReply</topic>
<topic>rt/chatter</topic>
<topic>rt/parameter_events</topic>
<topic>rt/rosout</topic>
</topics>
</publish>
<subscribe>
<topics>
<topic>rq/talker/describe_parametersRequest</topic>
<topic>rq/talker/get_parameter_typesRequest</topic>
<topic>rq/talker/get_parametersRequest</topic>
<topic>rq/talker/list_parametersRequest</topic>
<topic>rq/talker/set_parametersRequest</topic>
<topic>rq/talker/set_parameters_atomicallyRequest</topic>
<topic>rr/talker/describe_parametersReply</topic>
<topic>rr/talker/get_parameter_typesReply</topic>
<topic>rr/talker/get_parametersReply</topic>
<topic>rr/talker/list_parametersReply</topic>
<topic>rr/talker/set_parametersReply</topic>
<topic>rr/talker/set_parameters_atomicallyReply</topic>
<topic>rt/clock</topic>
<topic>rt/parameter_events</topic>
</topics>
</subscribe>
</allow_rule>
<default>DENY</default>
</grant>
<grant name="/listener">
<subject_name>CN=/listener</subject_name>
<validity>
<not_before>2013-10-26T00:00:00</not_before>
<not_after>2023-10-26T22:45:30</not_after>
</validity>
<allow_rule>
<domains>
<id>0</id>
</domains>
<publish>
<topics>
<topic>rq/listener/describe_parametersRequest</topic>
<topic>rq/listener/get_parameter_typesRequest</topic>
<topic>rq/listener/get_parametersRequest</topic>
<topic>rq/listener/list_parametersRequest</topic>
<topic>rq/listener/set_parametersRequest</topic>
<topic>rq/listener/set_parameters_atomicallyRequest</topic>
<topic>rr/listener/describe_parametersReply</topic>
<topic>rr/listener/get_parameter_typesReply</topic>
<topic>rr/listener/get_parametersReply</topic>
<topic>rr/listener/list_parametersReply</topic>
<topic>rr/listener/set_parametersReply</topic>
<topic>rr/listener/set_parameters_atomicallyReply</topic>
<topic>rt/parameter_events</topic>
<topic>rt/rosout</topic>
</topics>
</publish>
<subscribe>
<topics>
<topic>rq/listener/describe_parametersRequest</topic>
<topic>rq/listener/get_parameter_typesRequest</topic>
<topic>rq/listener/get_parametersRequest</topic>
<topic>rq/listener/list_parametersRequest</topic>
<topic>rq/listener/set_parametersRequest</topic>
<topic>rq/listener/set_parameters_atomicallyRequest</topic>
<topic>rr/listener/describe_parametersReply</topic>
<topic>rr/listener/get_parameter_typesReply</topic>
<topic>rr/listener/get_parametersReply</topic>
<topic>rr/listener/list_parametersReply</topic>
<topic>rr/listener/set_parametersReply</topic>
<topic>rr/listener/set_parameters_atomicallyReply</topic>
<topic>rt/chatter</topic>
<topic>rt/clock</topic>
<topic>rt/parameter_events</topic>
</topics>
</subscribe>
</allow_rule>
<default>DENY</default>
</grant>
</permissions>
</dds>
39 changes: 24 additions & 15 deletions sros2/test/policies/policy_to_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.

import os
import glob
from pathlib import Path

from lxml import etree

Expand All @@ -32,21 +33,29 @@
permissions_xsl = etree.XSLT(etree.parse(permissions_xsl_path))
permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path))

# Get policy
policy_xml_path = 'sample.policy.xml'
policy_xml = etree.parse(policy_xml_path)
policy_xml.xinclude()
for policy_xml_path in glob.glob('*.policy.xml'):

# Validate policy schema
policy_xsd.assertValid(policy_xml)
# Get policy
policy_xml = etree.parse(policy_xml_path)
policy_xml.xinclude()

# Transform policy
permissions_xml = permissions_xsl(policy_xml)
# Validate policy schema
policy_xsd.assertValid(policy_xml)

# Validate permissions schema
permissions_xsd.assertValid(permissions_xml)
# Transform policy
permissions_xml = permissions_xsl(policy_xml)

# Output permissions
permissions_xml_path = os.path.join('permissions.xml')
with open(permissions_xml_path, 'w') as f:
f.write(etree.tostring(permissions_xml, pretty_print=True).decode())
# Validate permissions schema
permissions_xsd.assertValid(permissions_xml)

# Get permissions directory
policy_name = Path(policy_xml_path).name
index_of_dot = policy_name.index('.')
policy_name = policy_name[:index_of_dot]
permissions_dir = Path('permissions') / policy_name
permissions_dir.mkdir(parents=True, exist_ok=True)

# Output permissions
permissions_xml_path = permissions_dir / 'permissions.xml'
with open(permissions_xml_path, 'w') as f:
f.write(etree.tostring(permissions_xml, pretty_print=True).decode())
Loading

0 comments on commit 2552283

Please sign in to comment.