Removing default tokens/certs and change submodule reference

boschglobal · Apr 29, 2024 · fb092ce · fb092ce
1 parent e9c29e2
commit fb092ce
Show file tree

Hide file tree

Showing 12 changed files with 25 additions and 67 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -1,6 +1,3 @@
-[submodule "submodules/kuksa.val"]
-	path = submodules/kuksa.val
-	url = https://github.com/eclipse/kuksa.val
-[submodule "submodules/kuksa-common"]
-	path = submodules/kuksa-common
-	url = https://github.com/eclipse-kuksa/kuksa-common
+[submodule "submodules/kuksa-databroker"]
+	path = submodules/kuksa-databroker
+	url = https://github.com/eclipse-kuksa/kuksa-databroker
diff --git a/docs/cli.md b/docs/cli.md
@@ -56,41 +56,28 @@ KUKSA Client uses TLS to connect to databroker when the schema part of the serve
 kuksa-client grpcs://localhost:55555
 ```
 
-By default the KUKSA example Root CA and Client keys are used, but client keys have no effect currently as mutual authentication is not supported by KUKSA Databroker or KUKSA Server.
+The KUKSA Python SDK does not include any default certificates or key.
+If you want to run using KUKSA example Root CA you need to providee it from [kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/tls).
 
 
-This call with all parameters specified give same effect:
-
-```
-kuksa-client --certificate ../kuksa_certificates/Client.pem --keyfile ../kuksa_certificates/Client.key --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555
-```
-
-There is actually no reason to specify client key and certificate, as mutual authentication is not supported in KUKSA Databroker,
-so the command can be simplified like this:
-
 ```
-kuksa-client --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555
+kuksa-client --cacertificate ~/kuksa-common/tls/CA.pem grpcs://localhost:55555
 ```
 
 The example server protocol list 127.0.0.1 as an alternative name, but the TLS-client currently used does not accept it,
 instead a valid server name must be given as argument.
 Currently `Server` and `localhost` are valid names from the example certificates.
 
 ```
-kuksa-client --cacertificate ../kuksa_certificates/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555
+kuksa-client --cacertificate ~/kuksa-common/tls/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555
 ```
 
-## TLS with val-server
-Val-server also supports TLS. KUKSA Client uses TLS to connect to val-server when the schema part of the server URI is `wss`.  A valid command to connect to a local TLS enabled val-server is
-
-```
-kuksa-client wss://localhost:8090
-```
+## TLS with Websocket
+Websocket access also supports TLS. KUKSA Client uses TLS to connect to Weboscket when the schema part of the server URI is `wss`.  A valid command to connect to a local TLS enabled VSS Server (KUKSA Databroker, VISSR, ...)  supporting Websocket is
 
-This corresponds to this call:
 
 ```
-kuksa-client --cacertificate ../kuksa_certificates/CA.pem wss://localhost:8090
+kuksa-client --cacertificate .~/kuksa-common/tls/CA.pem wss://localhost:8090
 ```
 
 In some environments the `--tls-server-name` argument must be used to specify alternative server name
@@ -100,7 +87,7 @@ if connecting to the server by numerical IP address like `wss://127.0.0.1:8090`.
 
 If the connected KUKSA Server or KUKSA Databroker require authorization the first step after a connection is made is to authorize. KUKSA Server and KUKSA Databroker use different token formats.
 
-The jwt tokens for testing can either be found in the [kuksa.val repository](https://github.com/eclipse/kuksa.val/tree/master/kuksa_certificates/jwt)
+The jwt tokens for testing can either be found in the [kuksa-common repository](https://github.com/eclipse/kuksa.val/tree/master/kuksa_certificates/jwt)
 or you can also use following command inside `kuksa-client` to find the via `pip` installed certificate directory.
 
 ```console

diff --git a/kuksa-client/kuksa/val/v1/README.md b/kuksa-client/kuksa/val/v1/README.md
@@ -1 +1 @@
-../../../../submodules/kuksa.val/proto/kuksa/val/v1/README.md
+../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/README.md
diff --git a/kuksa-client/kuksa/val/v1/types.proto b/kuksa-client/kuksa/val/v1/types.proto
@@ -1 +1 @@
-../../../../submodules/kuksa.val/proto/kuksa/val/v1/types.proto
+../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/types.proto
diff --git a/kuksa-client/kuksa/val/v1/val.proto b/kuksa-client/kuksa/val/v1/val.proto
@@ -1 +1 @@
-../../../../submodules/kuksa.val/proto/kuksa/val/v1/val.proto
+../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/val.proto
diff --git a/kuksa-client/kuksa_client/__main__.py b/kuksa-client/kuksa_client/__main__.py
@@ -39,7 +39,6 @@
 from cmd2.utils import basic_complete
 from urllib.parse import urlparse
 
-from kuksa_client import kuksa_server_certificates
 from kuksa_client import KuksaClientThread
 from kuksa_client import _metadata
 
@@ -351,7 +350,6 @@ def __init__(
         with (pathlib.Path(scriptDir) / "logo").open("r", encoding="utf-8") as f:
             logo = f.read()
             print(logo.replace("%ver%", str(_metadata.__version__)))
-        print("Default tokens directory: " + self.getDefaultTokenDir())
 
         print()
         self.connect()
@@ -646,41 +644,25 @@ def do_connect(self, args):
         self.server = args.server
         self.connect()
 
-    def getDefaultTokenDir(self):
-        try:
-            return os.path.join(kuksa_server_certificates.__certificate_dir__, "jwt")
-        except AttributeError:
-            guessTokenDir = os.path.join(scriptDir, "kuksa_server_certificates/jwt")
-            if os.path.isdir(guessTokenDir):
-                return guessTokenDir
-            return "Unknown"
-
     @with_category(INFO_COMMANDS)
     def do_info(self, _args):
         """Show summary info of the client"""
         print("kuksa-client version " + _metadata.__version__)
         print("Uri: " + _metadata.__uri__)
         print("Author: " + _metadata.__author__)
         print("Copyright: " + _metadata.__copyright__)
-        print("Default tokens directory: " + self.getDefaultTokenDir())
 
     @with_category(INFO_COMMANDS)
     def do_version(self, _args):
         """Show version of the client"""
         print(_metadata.__version__)
 
-    @with_category(INFO_COMMANDS)
-    def do_printTokenDir(self, _args):
-        """Show default token directory"""
-        print(self.getDefaultTokenDir())
-
 
 # pylint: enable=too-many-public-methods
 # pylint: enable=too-many-instance-attributes
 
 # Main Function
 
-
 def main():
     parser = argparse.ArgumentParser()
     parser.add_argument(

diff --git a/kuksa-client/kuksa_client/cli_backend/__init__.py b/kuksa-client/kuksa_client/cli_backend/__init__.py
@@ -16,9 +16,6 @@
 # SPDX-License-Identifier: Apache-2.0
 ########################################################################
 
-import pathlib
-from kuksa_client import kuksa_server_certificates
-
 
 class Backend:
     def __init__(self, config):
@@ -28,16 +25,11 @@ def __init__(self, config):
             self.insecure = config.getboolean('insecure', False)
         except AttributeError:
             self.insecure = config.get('insecure', False)
-        self.default_cert_path = pathlib.Path(kuksa_server_certificates.__path__[0])
-        self.cacertificate = config.get(
-            'cacertificate', str(self.default_cert_path / 'CA.pem'))
-        self.certificate = config.get('certificate', str(
-            self.default_cert_path / 'Client.pem'))
-        self.keyfile = config.get('keyfile', str(
-            self.default_cert_path / 'Client.key'))
+        self.cacertificate = config.get('cacertificate', None)
+        self.certificate = config.get('certificate', None)
+        self.keyfile = config.get('keyfile', None)
         self.tls_server_name = config.get('tls_server_name', "")
-        self.token_or_tokenfile = config.get('token_or_tokenfile', str(
-            self.default_cert_path / 'jwt/all-read-write.json.token'))
+        self.token_or_tokenfile = config.get('token_or_tokenfile', None)
 
     @staticmethod
     def from_config(config):

diff --git a/kuksa-client/kuksa_client/cli_backend/grpc.py b/kuksa-client/kuksa_client/cli_backend/grpc.py
@@ -57,9 +57,12 @@ def default(self, obj):
 class Backend(cli_backend.Backend):
     def __init__(self, config):
         super().__init__(config)
-        self.cacertificate = pathlib.Path(self.cacertificate)
-        self.keyfile = pathlib.Path(self.keyfile)
-        self.certificate = pathlib.Path(self.certificate)
+        if self.cacertificate is not None:
+            self.cacertificate = pathlib.Path(self.cacertificate)
+        if self.keyfile is not None:
+            self.keyfile = pathlib.Path(self.keyfile)
+        if self.certificate is not None:
+            self.certificate = pathlib.Path(self.certificate)
         if self.token_or_tokenfile is not None:
             if os.path.isfile(self.token_or_tokenfile):
                 self.token_or_tokenfile = pathlib.Path(self.token_or_tokenfile)

diff --git a/kuksa-client/setup.cfg b/kuksa-client/setup.cfg
@@ -44,8 +44,6 @@ test =
 kuksa_client =
     logging.ini
     logo
-    kuksa_server_certificates/*
-    kuksa_server_certificates/jwt/*
 
 [options.packages.find]
 where = .

diff --git a/submodules/kuksa-common b/submodules/kuksa-common
diff --git a/submodules/kuksa-databroker b/submodules/kuksa-databroker
diff --git a/submodules/kuksa.val b/submodules/kuksa.val
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		../../../../submodules/kuksa.val/proto/kuksa/val/v1/README.md
		../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/README.md