diff --git a/.gitmodules b/.gitmodules index e6afa8a..ade3e35 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ -[submodule "submodules/kuksa.val"] - path = submodules/kuksa.val - url = https://github.com/eclipse/kuksa.val -[submodule "submodules/kuksa-common"] - path = submodules/kuksa-common - url = https://github.com/eclipse-kuksa/kuksa-common +[submodule "submodules/kuksa-databroker"] + path = submodules/kuksa-databroker + url = https://github.com/eclipse-kuksa/kuksa-databroker diff --git a/docs/cli.md b/docs/cli.md index 68c1d86..331ea27 100644 --- a/docs/cli.md +++ b/docs/cli.md @@ -56,20 +56,12 @@ KUKSA Client uses TLS to connect to databroker when the schema part of the serve kuksa-client grpcs://localhost:55555 ``` -By default the KUKSA example Root CA and Client keys are used, but client keys have no effect currently as mutual authentication is not supported by KUKSA Databroker or KUKSA Server. +The KUKSA Python SDK does not include any default certificates or key. +If you want to run using KUKSA example Root CA you need to providee it from [kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/tls). -This call with all parameters specified give same effect: - -``` -kuksa-client --certificate ../kuksa_certificates/Client.pem --keyfile ../kuksa_certificates/Client.key --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555 -``` - -There is actually no reason to specify client key and certificate, as mutual authentication is not supported in KUKSA Databroker, -so the command can be simplified like this: - ``` -kuksa-client --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555 +kuksa-client --cacertificate ~/kuksa-common/tls/CA.pem grpcs://localhost:55555 ``` The example server protocol list 127.0.0.1 as an alternative name, but the TLS-client currently used does not accept it, @@ -77,20 +69,15 @@ instead a valid server name must be given as argument. Currently `Server` and `localhost` are valid names from the example certificates. ``` -kuksa-client --cacertificate ../kuksa_certificates/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555 +kuksa-client --cacertificate ~/kuksa-common/tls/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555 ``` -## TLS with val-server -Val-server also supports TLS. KUKSA Client uses TLS to connect to val-server when the schema part of the server URI is `wss`. A valid command to connect to a local TLS enabled val-server is - -``` -kuksa-client wss://localhost:8090 -``` +## TLS with Websocket +Websocket access also supports TLS. KUKSA Client uses TLS to connect to Weboscket when the schema part of the server URI is `wss`. A valid command to connect to a local TLS enabled VSS Server (KUKSA Databroker, VISSR, ...) supporting Websocket is -This corresponds to this call: ``` -kuksa-client --cacertificate ../kuksa_certificates/CA.pem wss://localhost:8090 +kuksa-client --cacertificate .~/kuksa-common/tls/CA.pem wss://localhost:8090 ``` In some environments the `--tls-server-name` argument must be used to specify alternative server name @@ -100,7 +87,7 @@ if connecting to the server by numerical IP address like `wss://127.0.0.1:8090`. If the connected KUKSA Server or KUKSA Databroker require authorization the first step after a connection is made is to authorize. KUKSA Server and KUKSA Databroker use different token formats. -The jwt tokens for testing can either be found in the [kuksa.val repository](https://github.com/eclipse/kuksa.val/tree/master/kuksa_certificates/jwt) +The jwt tokens for testing can either be found in the [kuksa-common repository](https://github.com/eclipse/kuksa.val/tree/master/kuksa_certificates/jwt) or you can also use following command inside `kuksa-client` to find the via `pip` installed certificate directory. ```console diff --git a/kuksa-client/kuksa/val/v1/README.md b/kuksa-client/kuksa/val/v1/README.md index e3c7451..07f51a3 120000 --- a/kuksa-client/kuksa/val/v1/README.md +++ b/kuksa-client/kuksa/val/v1/README.md @@ -1 +1 @@ -../../../../submodules/kuksa.val/proto/kuksa/val/v1/README.md \ No newline at end of file +../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/README.md \ No newline at end of file diff --git a/kuksa-client/kuksa/val/v1/types.proto b/kuksa-client/kuksa/val/v1/types.proto index c006b2d..446f09c 120000 --- a/kuksa-client/kuksa/val/v1/types.proto +++ b/kuksa-client/kuksa/val/v1/types.proto @@ -1 +1 @@ -../../../../submodules/kuksa.val/proto/kuksa/val/v1/types.proto \ No newline at end of file +../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/types.proto \ No newline at end of file diff --git a/kuksa-client/kuksa/val/v1/val.proto b/kuksa-client/kuksa/val/v1/val.proto index a5c8ed0..3b80543 120000 --- a/kuksa-client/kuksa/val/v1/val.proto +++ b/kuksa-client/kuksa/val/v1/val.proto @@ -1 +1 @@ -../../../../submodules/kuksa.val/proto/kuksa/val/v1/val.proto \ No newline at end of file +../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/val.proto \ No newline at end of file diff --git a/kuksa-client/kuksa_client/__main__.py b/kuksa-client/kuksa_client/__main__.py index fcac43d..cd0a7a7 100755 --- a/kuksa-client/kuksa_client/__main__.py +++ b/kuksa-client/kuksa_client/__main__.py @@ -39,7 +39,6 @@ from cmd2.utils import basic_complete from urllib.parse import urlparse -from kuksa_client import kuksa_server_certificates from kuksa_client import KuksaClientThread from kuksa_client import _metadata @@ -351,7 +350,6 @@ def __init__( with (pathlib.Path(scriptDir) / "logo").open("r", encoding="utf-8") as f: logo = f.read() print(logo.replace("%ver%", str(_metadata.__version__))) - print("Default tokens directory: " + self.getDefaultTokenDir()) print() self.connect() @@ -646,15 +644,6 @@ def do_connect(self, args): self.server = args.server self.connect() - def getDefaultTokenDir(self): - try: - return os.path.join(kuksa_server_certificates.__certificate_dir__, "jwt") - except AttributeError: - guessTokenDir = os.path.join(scriptDir, "kuksa_server_certificates/jwt") - if os.path.isdir(guessTokenDir): - return guessTokenDir - return "Unknown" - @with_category(INFO_COMMANDS) def do_info(self, _args): """Show summary info of the client""" @@ -662,25 +651,18 @@ def do_info(self, _args): print("Uri: " + _metadata.__uri__) print("Author: " + _metadata.__author__) print("Copyright: " + _metadata.__copyright__) - print("Default tokens directory: " + self.getDefaultTokenDir()) @with_category(INFO_COMMANDS) def do_version(self, _args): """Show version of the client""" print(_metadata.__version__) - @with_category(INFO_COMMANDS) - def do_printTokenDir(self, _args): - """Show default token directory""" - print(self.getDefaultTokenDir()) - # pylint: enable=too-many-public-methods # pylint: enable=too-many-instance-attributes # Main Function - def main(): parser = argparse.ArgumentParser() parser.add_argument( diff --git a/kuksa-client/kuksa_client/cli_backend/__init__.py b/kuksa-client/kuksa_client/cli_backend/__init__.py index 2cfe51e..750e99d 100644 --- a/kuksa-client/kuksa_client/cli_backend/__init__.py +++ b/kuksa-client/kuksa_client/cli_backend/__init__.py @@ -16,9 +16,6 @@ # SPDX-License-Identifier: Apache-2.0 ######################################################################## -import pathlib -from kuksa_client import kuksa_server_certificates - class Backend: def __init__(self, config): @@ -28,16 +25,11 @@ def __init__(self, config): self.insecure = config.getboolean('insecure', False) except AttributeError: self.insecure = config.get('insecure', False) - self.default_cert_path = pathlib.Path(kuksa_server_certificates.__path__[0]) - self.cacertificate = config.get( - 'cacertificate', str(self.default_cert_path / 'CA.pem')) - self.certificate = config.get('certificate', str( - self.default_cert_path / 'Client.pem')) - self.keyfile = config.get('keyfile', str( - self.default_cert_path / 'Client.key')) + self.cacertificate = config.get('cacertificate', None) + self.certificate = config.get('certificate', None) + self.keyfile = config.get('keyfile', None) self.tls_server_name = config.get('tls_server_name', "") - self.token_or_tokenfile = config.get('token_or_tokenfile', str( - self.default_cert_path / 'jwt/all-read-write.json.token')) + self.token_or_tokenfile = config.get('token_or_tokenfile', None) @staticmethod def from_config(config): diff --git a/kuksa-client/kuksa_client/cli_backend/grpc.py b/kuksa-client/kuksa_client/cli_backend/grpc.py index bd1d8c4..92efcc9 100644 --- a/kuksa-client/kuksa_client/cli_backend/grpc.py +++ b/kuksa-client/kuksa_client/cli_backend/grpc.py @@ -57,9 +57,12 @@ def default(self, obj): class Backend(cli_backend.Backend): def __init__(self, config): super().__init__(config) - self.cacertificate = pathlib.Path(self.cacertificate) - self.keyfile = pathlib.Path(self.keyfile) - self.certificate = pathlib.Path(self.certificate) + if self.cacertificate is not None: + self.cacertificate = pathlib.Path(self.cacertificate) + if self.keyfile is not None: + self.keyfile = pathlib.Path(self.keyfile) + if self.certificate is not None: + self.certificate = pathlib.Path(self.certificate) if self.token_or_tokenfile is not None: if os.path.isfile(self.token_or_tokenfile): self.token_or_tokenfile = pathlib.Path(self.token_or_tokenfile) diff --git a/kuksa-client/setup.cfg b/kuksa-client/setup.cfg index d0d18e2..c90a109 100644 --- a/kuksa-client/setup.cfg +++ b/kuksa-client/setup.cfg @@ -44,8 +44,6 @@ test = kuksa_client = logging.ini logo - kuksa_server_certificates/* - kuksa_server_certificates/jwt/* [options.packages.find] where = . diff --git a/submodules/kuksa-common b/submodules/kuksa-common deleted file mode 160000 index 495d627..0000000 --- a/submodules/kuksa-common +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 495d627225dc09d8171afd13970da152ce8a2cf8 diff --git a/submodules/kuksa-databroker b/submodules/kuksa-databroker new file mode 160000 index 0000000..7b2d798 --- /dev/null +++ b/submodules/kuksa-databroker @@ -0,0 +1 @@ +Subproject commit 7b2d798b54f90da02eff6d8ae27972d840c08df5 diff --git a/submodules/kuksa.val b/submodules/kuksa.val deleted file mode 160000 index df6dcb0..0000000 --- a/submodules/kuksa.val +++ /dev/null @@ -1 +0,0 @@ -Subproject commit df6dcb0fafd651d5e9bec037194c352a822cd3f9