[WIP] Register common policies with the ament index

sros2/sros2/policy/__init__.py

@@ -61,6 +61,7 @@ def load_policy(policy_file_path):
     if not os.path.isfile(policy_file_path):
         raise FileNotFoundError("policy file '%s' does not exist" % policy_file_path)
     policy = etree.parse(policy_file_path)
+
     policy.xinclude()
     try:
         policy_xsd_path = get_policy_schema('policy.xsd')

sros2/test/policies/talker_listener.xml

@@ -3,15 +3,13 @@
   xmlns:xi="http://www.w3.org/2001/XInclude">
   <profiles>
     <profile ns="/" node="talker">
-      <xi:include href="common/node.xml"
-        xpointer="xpointer(/profile/*)"/>
+      <sros2_policy package="sros2_common_policies" policy="node.xml" />
       <topics publish="ALLOW" >
         <topic>chatter</topic>
       </topics>
     </profile>
     <profile ns="/" node="listener">
-      <xi:include href="common/node.xml"
-        xpointer="xpointer(/profile/*)"/>
+      <sros2_policy package="sros2_common_policies" policy="node.xml" />
       <topics subscribe="ALLOW" >
         <topic>chatter</topic>
       </topics>

sros2_cmake/cmake/sros2_cmake_install_policies.cmake

@@ -0,0 +1,35 @@
+# Copyright 2019 Open Source Robotics Foundation, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Installed sros2 security policies and register with the ament resource index.
+#
+# :param ARGN: the policy files to install
+# :type ARGN: list of strings
+#
+macro(sros2_cmake_install_policies)
+  if(${ARGC} GREATER 0)
+    _sros2_cmake_register_package_hook()
+    foreach(_policy_file ${ARGN})
+      get_filename_component(_parent_folder "${_policy_file}" DIRECTORY)
+      install(
+        FILES ${_policy_file}
+        DESTINATION "share/${PROJECT_NAME}/${_parent_folder}"
+      )
+      get_filename_component(_name "${_policy_file}" NAME)
+      list(APPEND _sros2_cmake_POLICY_FILES "${_parent_folder}/${_name}")
+    endforeach()
+  endif()
+endmacro()
+

sros2_cmake/cmake/sros2_cmake_package_hook.cmake

@@ -0,0 +1,18 @@
+# Copyright 2019 Open Source Robotics Foundation, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# register sros2 policies
+ament_index_register_resource(
+  "sros2_policies" CONTENT "${_sros2_cmake_POLICY_FILES}")
+

sros2_cmake/sros2_cmake-extras.cmake

@@ -12,7 +12,22 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# copied from sros2_cmake/sros2_cmake-extras.cmake
+
 set(DEFAULT_KEYSTORE "${CMAKE_INSTALL_PREFIX}/ros2_security/keystore")
 
 include("${sros2_cmake_DIR}/ros2_secure_node.cmake")
 
+# register ament_package() hook for security policies once.
+macro(_sros2_cmake_register_package_hook)
+  if(NOT DEFINED _SROS2_CMAKE_PACKAGE_HOOK_REGISTERED)
+    set(_SROS2_CMAKE_PACKAGE_HOOK_REGISTERED TRUE)
+
+    find_package(ament_cmake_core QUIET REQUIRED)
+    ament_register_extension("ament_package" "sros2_cmake"
+      "sros2_cmake_package_hook.cmake")
+  endif()
+endmacro()
+
+include("${sros2_cmake_DIR}/sros2_cmake_install_policies.cmake")
+

sros2_common_policies/CMakeLists.txt

@@ -0,0 +1,20 @@
+cmake_minimum_required(VERSION 3.5)
+project(sros2_common_policies)
+
+find_package(ament_cmake REQUIRED)
+find_package(sros2_cmake REQUIRED)
+
+if(BUILD_TESTING)
+  find_package(ament_lint_auto REQUIRED)
+  ament_lint_auto_find_test_dependencies()
+endif()
+
+sros2_cmake_install_policies(
+  policies/node.xml
+  policies/node/logging.xml
+  policies/node/parameters.xml
+  policies/node/time.xml
+)
+
+ament_package(
+)

sros2_common_policies/find_policies.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+
+import os
+
+from ament_index_python import get_resource
+from ament_index_python import get_resources
+from ament_index_python import has_resource
+
+from ament_index_python import get_package_share_directory
+
+POLICIES_RESOURCE_TYPE = 'sros2_policies'
+
+def get_package_names_with_policies():
+    """Get the names of all packages that register policies in the ament index."""
+    return list(get_resources(POLICIES_RESOURCE_TYPE).keys())
+
+def get_package_policies(*, package_name=None):
+    """
+    Get all policies registered in the ament index for the given package.
+    :param package_name: whose policies are to be retrieved.
+    :return: a list of policy names.
+    """
+    if not has_resource(POLICIES_RESOURCE_TYPE, package_name):
+        return []
+    policies, _ = get_resource(POLICIES_RESOURCE_TYPE, package_name)
+    return policies.split(';')
+
+def get_registered_policies():
+    """
+    Get all policies registered in the ament index.
+    :return: a list of (package name, policy file) tuples.
+    """
+    return [
+        (package_name, get_package_policies(package_name=package_name))
+        for package_name in get_package_names_with_policies()
+    ]
+
+if __name__ == "__main__":
+    policies = get_registered_policies()
+
+    for (package, policies) in get_registered_policies():
+        print(package)
+        share_dir = get_package_share_directory(package)
+        for policy in policies:
+            print("\t" + policy)
+            print("\t" + os.path.join(share_dir, policy))
+
+

sros2_common_policies/package.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+    <package format="2">
+    <name>sros2_common_policies</name>
+    <version>0.7.0</version>
+    <description>Common policies profiles for security nodes via SROS2</description>
+    <author email="michael@openrobotics.org">Michael Carroll</author>
+    <maintainer email="michael@openrobotics.org">Michael Carroll</maintainer>
+    <license>Apache 2.0</license>
+
+    <buildtool_depend>ament_cmake</buildtool_depend>
+
+    <build_depend>ament_cmake_test</build_depend>
+    <build_depend>sros2_cmake</build_depend>
+
+    <test_depend>ament_lint_auto</test_depend>
+    <test_depend>ament_lint_common</test_depend>
+
+    <export>
+        <build_type>ament_cmake</build_type>
+    </export>
+</package>

sros2_common_policies/policies/node.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<profile xmlns:xi="http://www.w3.org/2003/XInclude">
+  <sros2_policy package="sros2_common_policies" policy="node/logging.xml" />
+  <sros2_policy package="sros2_common_policies" policy="node/time.xml" />
+  <sros2_policy package="sros2_common_policies" policy="node/parameters.xml" />
+</profile>

sros2_common_policies/talker_listener.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<policy version="0.1.0"
+  xmlns:xi="http://www.w3.org/2001/XInclude">
+  <profiles>
+    <profile ns="/" node="talker">
+      <xi:include href="common/node.xml"
+        xpointer="xpointer(/profile/*)"/>
+      <topics publish="ALLOW" >
+        <topic>chatter</topic>
+      </topics>
+    </profile>
+    <profile ns="/" node="listener">
+      <xi:include href="common/node.xml"
+        xpointer="xpointer(/profile/*)"/>
+      <topics subscribe="ALLOW" >
+        <topic>chatter</topic>
+      </topics>
+    </profile>
+  </profiles>
+</policy>