Can a Node cross DDS Domains? And can I host a service on one domain, and call a service (with the same name) on another?

asked 2020-12-23 11:04:16 -0500

CraigH92 gravatar image

updated 2020-12-24 05:47:03 -0500

I want to create a PermissionCheckedActionAndServiceProxy, with the intention of introducing a lightweight way to add user permissions to already existing actions and services.

For example, say you have a service of type 'Trigger' and name 'say_hello'. The 'PermissionCheckedActionAndServiceProxy' will host a new service with name '{srv_name}_proxy' and the type 'PermisionCheckedTrigger'. The Permission Checked versions of the services have two request fields: 'requester' and 'srv_request'. The requester is the ID of the user who called the service, and the srv_request is the original TriggerRequest. They also have two response fields, 'permitted' and 'srv_responce'. The 'permitted' field is a boolean indicating if the requester was permitted to call the service, and the 'srv_responce' is the original TriggerResponce. For other service types, the 'srv_request' and 'srv_responce' will be the equivalent Request and Response types of that service.

I would like the original services to be on one DDS domain and the "permission checked" versions to be on another. The clients of the proxy (i.e, the GUI used by the operators) will be on the same domain as the "permission checked" versions, but not of the original, to prevent them from bypassing the proxy.

Is this possible? And if it is, would I be able to have the same service name for the "permission checked" and original versions? (i.e instead of calling it '{srv_name}_proxy' ). If they are on different domains, this should prevent the names from clashing, but if the PermissionCheckedActionAndServiceProxy exists on both domains then perhaps this would cause the names to clash. Although it hosts one and is a client of another, so maybe it will be okay?

Here is my prototype of this Node:

from rclpy import Node
from rclpy.service import Service
from rclpy.action import ActionServer, ActionClient
from rclpy.client import Client
from typing import TypeVar, Generic
from dataclasses import dataclass

# -- type hints ---
Request=TypeVar('Request')
Responce=TypeVar('Responce')
@dataclass
class PermisionCheckedRequest(Generic[Request]):
    requester: int
    srv_request: Request
@dataclass
class PermisionCheckedResponce(Generic[Responce]):
    permited: bool
    srv_responce: Responce

class PermissionCheckedActionAndServiceProxy(Node):

    """
    A lightweight way to add user permisions to allready existing actions and services.

    For example, say you have a service of type "Trigger" and name "say_hello". The
    PermissionCheckedActionAndServiceProxy will host a new service with name '{srv_name}_proxy'
    and the  type "PermisionCheckedTrigger". The Permission Checked versions of the services
    have two request fields: 'requester' and 'srv_request'. The requester is the ID of the user
    who called the service, and the srv_request is the original TriggerRequest. They also have
    two response fields, 'permitted' and 'srv_responce'. The 'permitted' field is a boolean
    indicating if the requester was permitted to call the service, and the 'srv_responce' is
    the original TriggerResponce. For other service types, the 'srv_request' and 'srv_responce'
    will be the equivalent Request and Response types of that service.
    """

    #TODO Action proxy
    #TODO Partion domains, so only permison checked versions are available to clients
    #TODO Can permison checked versions use the same name as original? (on different domains)
    #TODO (Optional) Prevent rogue node joining permision checked domain

    def ...
(more)
edit retag flag offensive close merge delete

Comments

How would you prevent "rogue" nodes from simply joining the "permissioned" domain?

And just making sure: have you seen SROS2?

gvdhoorn gravatar image gvdhoorn  ( 2020-12-23 14:10:53 -0500 )edit

Hi @gvdhoorn.

You raise a good point. I am still in the playing around with ideas phase, so perhaps using domains for permission checked services isn't the best idea.

Then again, I don't have any strict requirements for security, and this feature is more for usability. On the permission checked domain you can list all services, and not accidentally call the wrong one.

From my understanding, SROS is more about making sure the Nodes you communicate with are the real node, and not a "rogue" node as you say. As I understand it, SROS doesn't provide a feature to assign roles and permissions to users, and only allow users that are permitted to to call a service (which is what I want).

If SROS does have this, could you please point me in the direction to get started creating such a service? And would I still be ...(more)

CraigH92 gravatar image CraigH92  ( 2020-12-23 14:31:31 -0500 )edit

If it doesn't, perhaps a combination of both SROS and the solution I have in the original question will achieve what I want.

CraigH92 gravatar image CraigH92  ( 2020-12-23 14:32:41 -0500 )edit

I would recommend you reach out to the SROS2 developers. Perhaps even join a session of the security working group.

SROS2 supports ACL, which could potentially be used for what you are trying to do.

IIRC, there is the possibility for using PAM fi, so that could give you the user auth you mention. But I haven't checked.

gvdhoorn gravatar image gvdhoorn  ( 2020-12-24 02:25:33 -0500 )edit
add a comment