How to use rostopic on SROS2 protected topics
May I know if it's possible to get the info related to an SROS2 protected topic?
For instance, if I use ros2 topic list
, I can only see the available topics. Is it possible for me to list the topics protected by SROS in case that I have the security enclave files?
Asked by tomteng on 2021-08-27 03:20:22 UTC
Answers
You should be able to make yourself an admin enclave with access to all topics and services and pass that enclave to your CLI tools. Example of a policy accessing all topics/services https://github.com/ros-swg/turtlebot3_demo/blob/2719e0f579029944a63fa6368486d9d6d2f2d09f/policies/tb3_gazebo_policy.xml#L44-L55
Edit:
The problem is not the enclave but passing it to CLI, as —ros-args does not work with these cli tools
Oh I see, there use to be an environment variable allowing to override the enclave used ROS_SECURITY_ENCLAVE_OVERRIDE: https://github.com/ros2/design/blob/12f61b14698b80170824c699c70608d9ded3a6d7/articles/180_ros2_dds_security.md#manual-specification
Could not convert above comments to answer so I reposted them as an answer :/
Asked by marguedas on 2022-12-14 14:58:29 UTC
Comments
Hi @marguedas, I try to use the environment variable ROS_SECURITY_ENCLAVE_OVERRIDE, but the ros2 topic list
return null, I think we should add --no-daemon
behind the command sometimes. :)
my English is poor,sry :(
Asked by yangsho on 2023-02-20 20:53:57 UTC
Comments
I have the same question, would be nice to have some answer from the SROS or ROS CLI Team, if this is even possible or considered to work?
My guess why it might not be considered. Disable security for the system while monitoring it. Or other way around enable security only on production level systems where you don't need to do rostopic commands.
Asked by wienans on 2022-12-12 08:59:27 UTC
You should be able to make yourself an admin enclave with access to all topics and services and pass that enclave to your CLI tools. Example of a policy accessing all topics/services https://github.com/ros-swg/turtlebot3_demo/blob/2719e0f579029944a63fa6368486d9d6d2f2d09f/policies/tb3_gazebo_policy.xml#L44-L55
Asked by marguedas on 2022-12-12 16:48:54 UTC
Hi @margedas The problem is not the enclave but passing it to CLI, as —ros-args does not work with these cli tools
Asked by wienans on 2022-12-13 00:44:42 UTC
Oh I see, there use to be an environment variable allowing to override the enclave used
ROS_SECURITY_ENCLAVE_OVERRIDE
: https://github.com/ros2/design/blob/12f61b14698b80170824c699c70608d9ded3a6d7/articles/180_ros2_dds_security.md#manual-specificationAsked by marguedas on 2022-12-13 01:12:06 UTC
@marguedas Thanks that works without a problem :) @tomteng this can be marked as answer to the question
Asked by wienans on 2022-12-13 02:27:45 UTC