Add and update security designs for Contexts #274
Conversation
Signed-off-by: ruffsl <roxfoxpox@gmail.com> Co-Authored-By: Mikael Arguedas <mikael.arguedas@gmail.com>
ruffsl
requested review from
wjwwood,
gbiggs,
mjcarroll,
kyrofa,
jacobperron,
dirk-thomas,
hidmic and
ivanpauno
|
This pull request has been mentioned on ROS Discourse. There might be relevant details there: https://discourse.ros.org/t/ros-2-security-working-group-meeting-02-25-2020/12958/2 |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Co-Authored-By: Kyle Fazzari <kyle@canonical.com>
Co-Authored-By: Kyle Fazzari <kyle@canonical.com>
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
@ruffsl @mikaelarguedas Let me know if you can open PRs for the re-naming. |
@ivanpauno I took a stab at this:
|
|
I think we can do the aircraft control to track these and other PRs in flight over on ros2/sros2#182 . |
|
@mikaelarguedas I aborted the Windows build since it was stuck for 1+h on |
|
@mikaelarguedas @ruffsl Do you think there is anything else missing to merge this? |
|
@ivanpauno, one last bit. I've added two commits to update the environment variables. |
The renaming sounds good to me. |
As discussed on Matrix, if we rename the variables associated to the keystore, I believe we should rename it everywhere and remove any mention to "secure_root". Currently this only renames the env variables and not the associated datastructures and functions
I think we would benefit from an "Enclaves" sub-section in the "Concepts" section, however I won't have time to work on that today |
I left the associated data structures and functions alone for the time being as file system paths are at present the only current supported keystore URI. I also couldn't think of a better substitute term given most of the functions and tests where file system oriented. |
Sounds good.
Though I agree an update would be good, that API is not directly used by the user, and the only thing that the user get access is the environment variable names.
Sounds good. |
Now that those have been merged, I'll merge here as well so that the security design is up to date. |
* Add initial draft for ROS 2 Security Contexts Signed-off-by: ruffsl <roxfoxpox@gmail.com> Co-Authored-By: Mikael Arguedas <mikael.arguedas@gmail.com> * Update policy schema for contexts * Update DDS-Security integration for contexts * Allow contexts to formalize cross domain bridging * Update context vocab * Update design for runtime argument * Simplify context arg * Removing shell specific $ from variables * Restore notes on synlinks * Remove the use of alternate lookup methods It's now redundan given context paths can be independent of namespace ros2#274 (comment) * Update policy schema to match that currently used * Update key argument name for security context * Publish Security Contexts document * Update context directory overide env name * Update story for ROS_SECURITY_ROOT_DIRECTORY * Context -> Enclave * Rename for enclave terminology change * Update runtime argument for enclave assignment * Relegate lunch interrogation to future work * Disassociate context paths from namespaces * Update override example of root directory and CLA * Rename security environment variables * Update behavor of ROS_SECURITY_ENCLAVE_OVERRIDE Co-authored-by: Mikael Arguedas <mikael.arguedas@gmail.com> Co-authored-by: Kyle Fazzari <kyle@canonical.com>
* Add initial draft for ROS 2 Security Contexts Signed-off-by: ruffsl <roxfoxpox@gmail.com> Co-Authored-By: Mikael Arguedas <mikael.arguedas@gmail.com> * Update policy schema for contexts * Update DDS-Security integration for contexts * Allow contexts to formalize cross domain bridging * Update context vocab * Update design for runtime argument * Simplify context arg * Removing shell specific $ from variables * Restore notes on synlinks * Remove the use of alternate lookup methods It's now redundan given context paths can be independent of namespace ros2#274 (comment) * Update policy schema to match that currently used * Update key argument name for security context * Publish Security Contexts document * Update context directory overide env name * Update story for ROS_SECURITY_ROOT_DIRECTORY * Context -> Enclave * Rename for enclave terminology change * Update runtime argument for enclave assignment * Relegate lunch interrogation to future work * Disassociate context paths from namespaces * Update override example of root directory and CLA * Rename security environment variables * Update behavor of ROS_SECURITY_ENCLAVE_OVERRIDE Co-authored-by: Mikael Arguedas <mikael.arguedas@gmail.com> Co-authored-by: Kyle Fazzari <kyle@canonical.com>
With the migration to contexts in ROS2 underway, I’ve been iterating with @mikaelarguedas on adjustments to SROS2 tooling to accommodate this mapping of nodes to participants (ruffsl#1). This PR proposes relevant changes to the keystore layout, security directory lookup, and policy schema.
Related tickets:
Feel free to ping any interested parties I've missed from scraping the above ticket discussions.