Skip to content

Commit

Permalink
Removing default tokens/certs and change submodule reference
Browse files Browse the repository at this point in the history
  • Loading branch information
erikbosch committed Apr 29, 2024
1 parent e9c29e2 commit 9711e0b
Show file tree
Hide file tree
Showing 11 changed files with 18 additions and 62 deletions.
9 changes: 3 additions & 6 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
[submodule "submodules/kuksa.val"]
path = submodules/kuksa.val
url = https://github.com/eclipse/kuksa.val
[submodule "submodules/kuksa-common"]
path = submodules/kuksa-common
url = https://github.com/eclipse-kuksa/kuksa-common
[submodule "submodules/kuksa-databroker"]
path = submodules/kuksa-databroker
url = https://github.com/eclipse-kuksa/kuksa-databroker
26 changes: 7 additions & 19 deletions docs/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,18 +56,11 @@ KUKSA Client uses TLS to connect to databroker when the schema part of the serve
kuksa-client grpcs://localhost:55555
```

By default the KUKSA example Root CA and Client keys are used, but client keys have no effect currently as mutual authentication is not supported by KUKSA Databroker or KUKSA Server.
The KUKSA Python SDK does not include any default certificates or key.
If you want to run using KUKSA example Root CA you need to use specify it, either by using it from the submodule
(`submodules/kuksa-common/tls/CA.pem`) or by downloading it from [kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/tls).


This call with all parameters specified give same effect:

```
kuksa-client --certificate ../kuksa_certificates/Client.pem --keyfile ../kuksa_certificates/Client.key --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555
```

There is actually no reason to specify client key and certificate, as mutual authentication is not supported in KUKSA Databroker,
so the command can be simplified like this:

```
kuksa-client --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555
```
Expand All @@ -77,20 +70,15 @@ instead a valid server name must be given as argument.
Currently `Server` and `localhost` are valid names from the example certificates.

```
kuksa-client --cacertificate ../kuksa_certificates/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555
kuksa-client --cacertificate ../submodules/kuksa-common/tls/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555
```

## TLS with val-server
Val-server also supports TLS. KUKSA Client uses TLS to connect to val-server when the schema part of the server URI is `wss`. A valid command to connect to a local TLS enabled val-server is

```
kuksa-client wss://localhost:8090
```
## TLS with Websocket
Websocket access also supports TLS. KUKSA Client uses TLS to connect to Weboscket when the schema part of the server URI is `wss`. A valid command to connect to a local TLS enabled VSS Server (KUKSA Databroker, VISSR, ...) supporting Websocket is

This corresponds to this call:

```
kuksa-client --cacertificate ../kuksa_certificates/CA.pem wss://localhost:8090
kuksa-client --cacertificate ../submodules/kuksa-common/tls/CA.pem wss://localhost:8090
```

In some environments the `--tls-server-name` argument must be used to specify alternative server name
Expand Down
2 changes: 1 addition & 1 deletion kuksa-client/kuksa/val/v1/README.md
2 changes: 1 addition & 1 deletion kuksa-client/kuksa/val/v1/types.proto
2 changes: 1 addition & 1 deletion kuksa-client/kuksa/val/v1/val.proto
18 changes: 0 additions & 18 deletions kuksa-client/kuksa_client/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@
from cmd2.utils import basic_complete
from urllib.parse import urlparse

from kuksa_client import kuksa_server_certificates
from kuksa_client import KuksaClientThread
from kuksa_client import _metadata

Expand Down Expand Up @@ -351,7 +350,6 @@ def __init__(
with (pathlib.Path(scriptDir) / "logo").open("r", encoding="utf-8") as f:
logo = f.read()
print(logo.replace("%ver%", str(_metadata.__version__)))
print("Default tokens directory: " + self.getDefaultTokenDir())

print()
self.connect()
Expand Down Expand Up @@ -646,41 +644,25 @@ def do_connect(self, args):
self.server = args.server
self.connect()

def getDefaultTokenDir(self):
try:
return os.path.join(kuksa_server_certificates.__certificate_dir__, "jwt")
except AttributeError:
guessTokenDir = os.path.join(scriptDir, "kuksa_server_certificates/jwt")
if os.path.isdir(guessTokenDir):
return guessTokenDir
return "Unknown"

@with_category(INFO_COMMANDS)
def do_info(self, _args):
"""Show summary info of the client"""
print("kuksa-client version " + _metadata.__version__)
print("Uri: " + _metadata.__uri__)
print("Author: " + _metadata.__author__)
print("Copyright: " + _metadata.__copyright__)
print("Default tokens directory: " + self.getDefaultTokenDir())

@with_category(INFO_COMMANDS)
def do_version(self, _args):
"""Show version of the client"""
print(_metadata.__version__)

@with_category(INFO_COMMANDS)
def do_printTokenDir(self, _args):
"""Show default token directory"""
print(self.getDefaultTokenDir())


# pylint: enable=too-many-public-methods
# pylint: enable=too-many-instance-attributes

# Main Function


def main():
parser = argparse.ArgumentParser()
parser.add_argument(
Expand Down
16 changes: 4 additions & 12 deletions kuksa-client/kuksa_client/cli_backend/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,6 @@
# SPDX-License-Identifier: Apache-2.0
########################################################################

import pathlib
from kuksa_client import kuksa_server_certificates


class Backend:
def __init__(self, config):
Expand All @@ -28,16 +25,11 @@ def __init__(self, config):
self.insecure = config.getboolean('insecure', False)
except AttributeError:
self.insecure = config.get('insecure', False)
self.default_cert_path = pathlib.Path(kuksa_server_certificates.__path__[0])
self.cacertificate = config.get(
'cacertificate', str(self.default_cert_path / 'CA.pem'))
self.certificate = config.get('certificate', str(
self.default_cert_path / 'Client.pem'))
self.keyfile = config.get('keyfile', str(
self.default_cert_path / 'Client.key'))
self.cacertificate = config.get('cacertificate', '')
self.certificate = config.get('certificate', '')
self.keyfile = config.get('keyfile', '')
self.tls_server_name = config.get('tls_server_name', "")
self.token_or_tokenfile = config.get('token_or_tokenfile', str(
self.default_cert_path / 'jwt/all-read-write.json.token'))
self.token_or_tokenfile = config.get('token_or_tokenfile', '')

@staticmethod
def from_config(config):
Expand Down
2 changes: 0 additions & 2 deletions kuksa-client/setup.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@ test =
kuksa_client =
logging.ini
logo
kuksa_server_certificates/*
kuksa_server_certificates/jwt/*

[options.packages.find]
where = .
Expand Down
1 change: 0 additions & 1 deletion submodules/kuksa-common
Submodule kuksa-common deleted from 495d62
1 change: 1 addition & 0 deletions submodules/kuksa-databroker
Submodule kuksa-databroker added at 7b2d79
1 change: 0 additions & 1 deletion submodules/kuksa.val
Submodule kuksa.val deleted from df6dcb

0 comments on commit 9711e0b

Please sign in to comment.