From 9711e0bd6a13043993d9d311a1cbc476940d7af7 Mon Sep 17 00:00:00 2001 From: Erik Jaegervall Date: Wed, 3 Apr 2024 12:48:21 +0200 Subject: [PATCH] Removing default tokens/certs and change submodule reference --- .gitmodules | 9 +++---- docs/cli.md | 26 +++++-------------- kuksa-client/kuksa/val/v1/README.md | 2 +- kuksa-client/kuksa/val/v1/types.proto | 2 +- kuksa-client/kuksa/val/v1/val.proto | 2 +- kuksa-client/kuksa_client/__main__.py | 18 ------------- .../kuksa_client/cli_backend/__init__.py | 16 +++--------- kuksa-client/setup.cfg | 2 -- submodules/kuksa-common | 1 - submodules/kuksa-databroker | 1 + submodules/kuksa.val | 1 - 11 files changed, 18 insertions(+), 62 deletions(-) delete mode 160000 submodules/kuksa-common create mode 160000 submodules/kuksa-databroker delete mode 160000 submodules/kuksa.val diff --git a/.gitmodules b/.gitmodules index e6afa8a..ade3e35 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ -[submodule "submodules/kuksa.val"] - path = submodules/kuksa.val - url = https://github.com/eclipse/kuksa.val -[submodule "submodules/kuksa-common"] - path = submodules/kuksa-common - url = https://github.com/eclipse-kuksa/kuksa-common +[submodule "submodules/kuksa-databroker"] + path = submodules/kuksa-databroker + url = https://github.com/eclipse-kuksa/kuksa-databroker diff --git a/docs/cli.md b/docs/cli.md index 68c1d86..9e71d80 100644 --- a/docs/cli.md +++ b/docs/cli.md @@ -56,18 +56,11 @@ KUKSA Client uses TLS to connect to databroker when the schema part of the serve kuksa-client grpcs://localhost:55555 ``` -By default the KUKSA example Root CA and Client keys are used, but client keys have no effect currently as mutual authentication is not supported by KUKSA Databroker or KUKSA Server. +The KUKSA Python SDK does not include any default certificates or key. +If you want to run using KUKSA example Root CA you need to use specify it, either by using it from the submodule +(`submodules/kuksa-common/tls/CA.pem`) or by downloading it from [kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/tls). -This call with all parameters specified give same effect: - -``` -kuksa-client --certificate ../kuksa_certificates/Client.pem --keyfile ../kuksa_certificates/Client.key --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555 -``` - -There is actually no reason to specify client key and certificate, as mutual authentication is not supported in KUKSA Databroker, -so the command can be simplified like this: - ``` kuksa-client --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555 ``` @@ -77,20 +70,15 @@ instead a valid server name must be given as argument. Currently `Server` and `localhost` are valid names from the example certificates. ``` -kuksa-client --cacertificate ../kuksa_certificates/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555 +kuksa-client --cacertificate ../submodules/kuksa-common/tls/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555 ``` -## TLS with val-server -Val-server also supports TLS. KUKSA Client uses TLS to connect to val-server when the schema part of the server URI is `wss`. A valid command to connect to a local TLS enabled val-server is - -``` -kuksa-client wss://localhost:8090 -``` +## TLS with Websocket +Websocket access also supports TLS. KUKSA Client uses TLS to connect to Weboscket when the schema part of the server URI is `wss`. A valid command to connect to a local TLS enabled VSS Server (KUKSA Databroker, VISSR, ...) supporting Websocket is -This corresponds to this call: ``` -kuksa-client --cacertificate ../kuksa_certificates/CA.pem wss://localhost:8090 +kuksa-client --cacertificate ../submodules/kuksa-common/tls/CA.pem wss://localhost:8090 ``` In some environments the `--tls-server-name` argument must be used to specify alternative server name diff --git a/kuksa-client/kuksa/val/v1/README.md b/kuksa-client/kuksa/val/v1/README.md index e3c7451..07f51a3 120000 --- a/kuksa-client/kuksa/val/v1/README.md +++ b/kuksa-client/kuksa/val/v1/README.md @@ -1 +1 @@ -../../../../submodules/kuksa.val/proto/kuksa/val/v1/README.md \ No newline at end of file +../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/README.md \ No newline at end of file diff --git a/kuksa-client/kuksa/val/v1/types.proto b/kuksa-client/kuksa/val/v1/types.proto index c006b2d..446f09c 120000 --- a/kuksa-client/kuksa/val/v1/types.proto +++ b/kuksa-client/kuksa/val/v1/types.proto @@ -1 +1 @@ -../../../../submodules/kuksa.val/proto/kuksa/val/v1/types.proto \ No newline at end of file +../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/types.proto \ No newline at end of file diff --git a/kuksa-client/kuksa/val/v1/val.proto b/kuksa-client/kuksa/val/v1/val.proto index a5c8ed0..3b80543 120000 --- a/kuksa-client/kuksa/val/v1/val.proto +++ b/kuksa-client/kuksa/val/v1/val.proto @@ -1 +1 @@ -../../../../submodules/kuksa.val/proto/kuksa/val/v1/val.proto \ No newline at end of file +../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/val.proto \ No newline at end of file diff --git a/kuksa-client/kuksa_client/__main__.py b/kuksa-client/kuksa_client/__main__.py index fcac43d..cd0a7a7 100755 --- a/kuksa-client/kuksa_client/__main__.py +++ b/kuksa-client/kuksa_client/__main__.py @@ -39,7 +39,6 @@ from cmd2.utils import basic_complete from urllib.parse import urlparse -from kuksa_client import kuksa_server_certificates from kuksa_client import KuksaClientThread from kuksa_client import _metadata @@ -351,7 +350,6 @@ def __init__( with (pathlib.Path(scriptDir) / "logo").open("r", encoding="utf-8") as f: logo = f.read() print(logo.replace("%ver%", str(_metadata.__version__))) - print("Default tokens directory: " + self.getDefaultTokenDir()) print() self.connect() @@ -646,15 +644,6 @@ def do_connect(self, args): self.server = args.server self.connect() - def getDefaultTokenDir(self): - try: - return os.path.join(kuksa_server_certificates.__certificate_dir__, "jwt") - except AttributeError: - guessTokenDir = os.path.join(scriptDir, "kuksa_server_certificates/jwt") - if os.path.isdir(guessTokenDir): - return guessTokenDir - return "Unknown" - @with_category(INFO_COMMANDS) def do_info(self, _args): """Show summary info of the client""" @@ -662,25 +651,18 @@ def do_info(self, _args): print("Uri: " + _metadata.__uri__) print("Author: " + _metadata.__author__) print("Copyright: " + _metadata.__copyright__) - print("Default tokens directory: " + self.getDefaultTokenDir()) @with_category(INFO_COMMANDS) def do_version(self, _args): """Show version of the client""" print(_metadata.__version__) - @with_category(INFO_COMMANDS) - def do_printTokenDir(self, _args): - """Show default token directory""" - print(self.getDefaultTokenDir()) - # pylint: enable=too-many-public-methods # pylint: enable=too-many-instance-attributes # Main Function - def main(): parser = argparse.ArgumentParser() parser.add_argument( diff --git a/kuksa-client/kuksa_client/cli_backend/__init__.py b/kuksa-client/kuksa_client/cli_backend/__init__.py index 2cfe51e..5b58414 100644 --- a/kuksa-client/kuksa_client/cli_backend/__init__.py +++ b/kuksa-client/kuksa_client/cli_backend/__init__.py @@ -16,9 +16,6 @@ # SPDX-License-Identifier: Apache-2.0 ######################################################################## -import pathlib -from kuksa_client import kuksa_server_certificates - class Backend: def __init__(self, config): @@ -28,16 +25,11 @@ def __init__(self, config): self.insecure = config.getboolean('insecure', False) except AttributeError: self.insecure = config.get('insecure', False) - self.default_cert_path = pathlib.Path(kuksa_server_certificates.__path__[0]) - self.cacertificate = config.get( - 'cacertificate', str(self.default_cert_path / 'CA.pem')) - self.certificate = config.get('certificate', str( - self.default_cert_path / 'Client.pem')) - self.keyfile = config.get('keyfile', str( - self.default_cert_path / 'Client.key')) + self.cacertificate = config.get('cacertificate', '') + self.certificate = config.get('certificate', '') + self.keyfile = config.get('keyfile', '') self.tls_server_name = config.get('tls_server_name', "") - self.token_or_tokenfile = config.get('token_or_tokenfile', str( - self.default_cert_path / 'jwt/all-read-write.json.token')) + self.token_or_tokenfile = config.get('token_or_tokenfile', '') @staticmethod def from_config(config): diff --git a/kuksa-client/setup.cfg b/kuksa-client/setup.cfg index d0d18e2..c90a109 100644 --- a/kuksa-client/setup.cfg +++ b/kuksa-client/setup.cfg @@ -44,8 +44,6 @@ test = kuksa_client = logging.ini logo - kuksa_server_certificates/* - kuksa_server_certificates/jwt/* [options.packages.find] where = . diff --git a/submodules/kuksa-common b/submodules/kuksa-common deleted file mode 160000 index 495d627..0000000 --- a/submodules/kuksa-common +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 495d627225dc09d8171afd13970da152ce8a2cf8 diff --git a/submodules/kuksa-databroker b/submodules/kuksa-databroker new file mode 160000 index 0000000..7b2d798 --- /dev/null +++ b/submodules/kuksa-databroker @@ -0,0 +1 @@ +Subproject commit 7b2d798b54f90da02eff6d8ae27972d840c08df5 diff --git a/submodules/kuksa.val b/submodules/kuksa.val deleted file mode 160000 index df6dcb0..0000000 --- a/submodules/kuksa.val +++ /dev/null @@ -1 +0,0 @@ -Subproject commit df6dcb0fafd651d5e9bec037194c352a822cd3f9