Robotics StackExchange | Archived questions

How to use rostopic on SROS2 protected topics

May I know if it's possible to get the info related to an SROS2 protected topic? For instance, if I use ros2 topic list, I can only see the available topics. Is it possible for me to list the topics protected by SROS in case that I have the security enclave files?

Asked by tomteng on 2021-08-27 03:20:22 UTC

Comments

I have the same question, would be nice to have some answer from the SROS or ROS CLI Team, if this is even possible or considered to work?

My guess why it might not be considered. Disable security for the system while monitoring it. Or other way around enable security only on production level systems where you don't need to do rostopic commands.

Asked by wienans on 2022-12-12 08:59:27 UTC

You should be able to make yourself an admin enclave with access to all topics and services and pass that enclave to your CLI tools. Example of a policy accessing all topics/services https://github.com/ros-swg/turtlebot3_demo/blob/2719e0f579029944a63fa6368486d9d6d2f2d09f/policies/tb3_gazebo_policy.xml#L44-L55

Asked by marguedas on 2022-12-12 16:48:54 UTC

Hi @margedas The problem is not the enclave but passing it to CLI, as —ros-args does not work with these cli tools

Asked by wienans on 2022-12-13 00:44:42 UTC

Oh I see, there use to be an environment variable allowing to override the enclave used ROS_SECURITY_ENCLAVE_OVERRIDE: https://github.com/ros2/design/blob/12f61b14698b80170824c699c70608d9ded3a6d7/articles/180_ros2_dds_security.md#manual-specification

Asked by marguedas on 2022-12-13 01:12:06 UTC

@marguedas Thanks that works without a problem :) @tomteng this can be marked as answer to the question

Asked by wienans on 2022-12-13 02:27:45 UTC

Answers

You should be able to make yourself an admin enclave with access to all topics and services and pass that enclave to your CLI tools. Example of a policy accessing all topics/services https://github.com/ros-swg/turtlebot3_demo/blob/2719e0f579029944a63fa6368486d9d6d2f2d09f/policies/tb3_gazebo_policy.xml#L44-L55

Edit:

The problem is not the enclave but passing it to CLI, as —ros-args does not work with these cli tools

Oh I see, there use to be an environment variable allowing to override the enclave used ROS_SECURITY_ENCLAVE_OVERRIDE: https://github.com/ros2/design/blob/12f61b14698b80170824c699c70608d9ded3a6d7/articles/180_ros2_dds_security.md#manual-specification


Could not convert above comments to answer so I reposted them as an answer :/

Asked by marguedas on 2022-12-14 14:58:29 UTC

Comments

Hi @marguedas, I try to use the environment variable ROS_SECURITY_ENCLAVE_OVERRIDE, but the ros2 topic list return null, I think we should add --no-daemon behind the command sometimes. :)

my English is poor,sry :(

Asked by yangsho on 2023-02-20 20:53:57 UTC