Update sros2_cmake to use security contexts

Signed-off-by: Ivan Santiago Paunovic <[email protected]>
ros2 · Mar 31, 2020 · c0a1c46 · c0a1c46
1 parent 7b2910f
commit c0a1c46
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 20 deletions.
diff --git a/sros2_cmake/README.md b/sros2_cmake/README.md
@@ -1,19 +1,21 @@
 # Security Helper
-Add node authentication, cryptography, and access control security keys using a cmake macro.
-The macro will generate the secure root directory if it does not exists, then create authentication and cryptography keys in the secure root directory.
+Add authentication, cryptography, and access control security keys using a cmake macro.
+The macro will generate the secure root directory if it does not exists, then create authentication and cryptography keys.
 
 In package.xml add:  
 `<depend>sros2_cmake</depend>`  
 In CMakeLists add:  
 `find_package(sros2_cmake REQUIRED)`  
-`ros2_secure_node(NODES <node_name>)`  
+`sros2_generate_artifacts(SECURITY_CONTEXTS <context_name>)`  
 
 Macro definition:  
 ```
-    # ros2_secure_node(NODES <node_1> <node_2>...<node_n>)
+    # sros2_generate_artifacts(SECURITY_CONTEXTS <context_1> <context_2>...<context_n>)
 
-    # NODES (macro multi-arg) takes the node names for which keys will be generated
+    # SECURITY_CONTEXTS (macro multi-arg) takes the security contexts names for which keys will be generated
+    #   Executables can use a different or the same security contexts.
+    #   All nodes in the same process use the same security context.
     # SECURITY (cmake arg) if not define or OFF, will not generate key/keystores
     # ROS_SECURITY_ROOT_DIRECTORY (env variable) the location of the keystore
-    # POLICY_FILE (cmake arg) if defined, will compile policies by node name into the access private certificates (e.g POLICY_FILE=/etc/policies/<policy.xml>, Generate: <node_name> /etc/policies/<policy.xml>) **if defined, all nodes must have a policy defined for them**
+    # POLICY_FILE (cmake arg) if defined, will generate security artifacts for each context defined in the policy file.
 ```
diff --git a/sros2_cmake/cmake/ros2_secure_node.cmake → ...make/cmake/sros2_generate_artifacts.cmake b/sros2_cmake/cmake/ros2_secure_node.cmake → ...make/cmake/sros2_generate_artifacts.cmake
@@ -1,4 +1,4 @@
-# Copyright 2016-2019 Open Source Robotics Foundation, Inc.
+# Copyright 2016-2020 Open Source Robotics Foundation, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,12 +12,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-macro(ros2_secure_node)
-  # ros2_secure_node(NODES <node_1> <node_2>...<node_n>)
+macro(sros2_generate_artifacts)
+  # sros2_generate_artifacts(SECURITY_CONTEXTS <context_1> <context_1>...<context_1>)
   #
-  # NODES (macro multi-arg) takes the node names for which artifacts will be generated
+  # SECURITY_CONTEXTS (macro multi-arg) takes the context names for which artifacts will be generated
   # SECURITY (cmake arg) if not defined or OFF, will not generate keystore/keys/permissions
-  # POLICY_FILE (cmake arg) if defined, policies defined in the file will used to generate permission files for all the nodes listed in the policy file
+  # POLICY_FILE (cmake arg) if defined, policies defined in the file will used to generate
+  #   permission files for all the security contexts listed in the policy file.
   # ROS_SECURITY_ROOT_DIRECTORY (env variable) will be the location of the keystore
   if(NOT SECURITY)
     message(STATUS "Not generating security files")
@@ -30,13 +31,13 @@ macro(ros2_secure_node)
   else()
     set(SECURITY_KEYSTORE ${DEFAULT_KEYSTORE})
   endif()
-  cmake_parse_arguments(ros2_secure_node "" "" "NODES" ${ARGN})
+  cmake_parse_arguments(ros2_generate_security_artifacts "" "" "SECURITY_CONTEXTS" ${ARGN})
   set(generate_artifacts_command ${PROGRAM} security generate_artifacts -k ${SECURITY_KEYSTORE})
-  list(LENGTH ros2_secure_node_NODES nb_nodes)
-  if(${nb_nodes} GREATER "0")
-    list(APPEND generate_artifacts_command "-n")
-    foreach(node ${ros2_secure_node_NODES})
-        list(APPEND generate_artifacts_command ${node})
+  list(LENGTH ros2_generate_security_artifacts_SECURITY_CONTEXTS nb_security_contexts)
+  if(${nb_security_contexts} GREATER "0")
+    list(APPEND generate_artifacts_command "-c")
+    foreach(security_context ${ros2_generate_security_artifacts_SECURITY_CONTEXTS})
+        list(APPEND generate_artifacts_command security_context)
     endforeach()
   endif()
   if(POLICY_FILE)

diff --git a/sros2_cmake/package.xml b/sros2_cmake/package.xml
@@ -4,7 +4,7 @@
     <package format="3">
     <name>sros2_cmake</name>
     <version>0.8.1</version>
-    <description>CMake macros to configure security for nodes</description>
+    <description>Cmake macros to configure security</description>
     <maintainer email="[email protected]">ROS Security Working Group</maintainer>
     <license>Apache 2.0</license>
 

diff --git a/sros2_cmake/sros2_cmake-extras.cmake b/sros2_cmake/sros2_cmake-extras.cmake
@@ -1,4 +1,4 @@
-# Copyright 2019 Open Source Robotics Foundation Inc.
+# Copyright 2019-2020 Open Source Robotics Foundation Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,5 +14,5 @@
 
 set(DEFAULT_KEYSTORE "${CMAKE_INSTALL_PREFIX}/ros2_security/keystore")
 
-include("${sros2_cmake_DIR}/ros2_secure_node.cmake")
+include("${sros2_cmake_DIR}/sros2_generate_artifacts.cmake")