Completely agree here, while the documentation is under a design page, every rmw implementation has a very similar structure. My question alludes to the numerous duplicate definitions in each rmw implemention layer instead of defining these constants in the rmw interface layer.
I’m interested in a strongly typed, structured permission file as well. However, we also need a timeline for when/what we will be changing is sros2. I would like to enable security by default. In other words, reduce the amount of overhead to develop and deploy ROS2 with security on. These features are summarized here.
One of these features generates the policy.yaml file from a running ROS system. This allows developers/deployment engineers to use an sros2 command line tool to generate their entire system’s policies. The status of this feature is that it currently works with the node graph implementation and secures topics with sros2 create_permission verb. We would like to push these features for ROS2 users sooner rather than later. @ruffsl do we expect these sros2 changes to occur soon, or should we simply change the yaml definition for now to secure services?
Generate an sros2 yaml permissions file with the permissions of every visible node
on the dds network.
Example: run the minimal_publisher_lambda node
Execute: `ros2 security generate_permissions node_policies.yaml`
It will create the node_policies.yaml file in the current directory:
nodes:
minimal_publisher:
services:
describe_parameters:
allows: rr
.
.
.
topics:
parameter_events:
allows: ps
topic:
allows: p