Thank you for all your comments!
Unless I’m missing something, you’d still have to specify the override directory, so the best we could do with that approach would probably look like:
ros2 <verb> <action> --sdir="~/cli_sec_dir"
I’d like to understand what was this based on. ROS2 Security is not really reliant on naming - ROS nodes can change their name and decide to use w/e name they want. It relies on having a set of keys & signed permissions files locally accessible by the node. The way it performs dir lookup is a minor implementation detail. To minimize confusion or unexpected behavior, the node could print a log message that says which security directory was loaded.
We assume that most production ROS2 systems would use ROS2 Security. Not necessarily right from the start, but that’s the direction it’s going towards. With that in mind - we thought that when operating a production system, having the ability to use the CLI tools would be extremely useful in investigating & resolving issues. Does that make sense?
For example: right now, if I have access control & encryption enabled, I can’t use rosbag2 to record node communication without creating permissions explicitly for that node. Then say I want to do ros2 topic pub, I would need to generate a new set for the CLI publisher. I may want to run ros2 param get but once again I’d need to generate a new set for the CLI service node. I wouldn’t be able to ros2 topic echo at all because the name is not known in advance.
If you grant somenode permissions, what makes those permissions specific to somenode? Precisely the fact that the somenode executable has the platform-specific permissions to access and read the locally-stored keys & permissions files.
As an extension of that, a developer working on ROS2 systems would want to differentiate between development machine setup and production setup. For example:
- Development setup: generate ros2cli_node security dir and have it accessible to assist throughout development (alternatively, turn off security when troubleshooting).
- Production setup: do not deploy ros2cli_node security dir to the system. When there’s an issue on a specific robot, deploy it to that robot in order to use the CLI tool for the investigation (alternatively, have it deployed but with locked down file permissions, depending on the level of security you need).
I’m not sure what did you mean here, could you elaborate? To clarify, ros2cli would not get any special treatment. The user would still need to generate keys & permissions for it.