Removing default tokens/certs and change submodule reference

.gitmodules

@@ -1,6 +1,3 @@
-[submodule "submodules/kuksa.val"]
-	path = submodules/kuksa.val
-	url = https://github.com/eclipse/kuksa.val
-[submodule "submodules/kuksa-common"]
-	path = submodules/kuksa-common
-	url = https://github.com/eclipse-kuksa/kuksa-common
+[submodule "submodules/kuksa-databroker"]
+	path = submodules/kuksa-databroker
+	url = https://github.com/eclipse-kuksa/kuksa-databroker

docs/cli.md

@@ -50,47 +50,30 @@ kuksa-client ws://127.0.0.1:8090
 
 ## TLS with databroker
 
-KUKSA Client uses TLS to connect to databroker when the schema part of the server URI is `grpcs`, i.e. a valid command to connect to a TLS enabled local databroker is
+KUKSA Client uses TLS to connect to Databroker when the schema part of the server URI is `grpcs`.
+The KUKSA Python SDK does not include any default certificates or keys.
+The root certificate used to authenticate the Databroker must be specified with `--cacertificate <path>`.
+If you want to use KUKSA example Root CA you need to provide it from [kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/tls).
 
-```
-kuksa-client grpcs://localhost:55555
-```
-
-By default the KUKSA example Root CA and Client keys are used, but client keys have no effect currently as mutual authentication is not supported by KUKSA Databroker or KUKSA Server.
-
-
-This call with all parameters specified give same effect:
-
-```
-kuksa-client --certificate ../kuksa_certificates/Client.pem --keyfile ../kuksa_certificates/Client.key --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555
-```
-
-There is actually no reason to specify client key and certificate, as mutual authentication is not supported in KUKSA Databroker,
-so the command can be simplified like this:
 
 ```
-kuksa-client --cacertificate ./kuksa_certificates/CA.pem grpcs://localhost:55555
+kuksa-client --cacertificate ~/kuksa-common/tls/CA.pem grpcs://localhost:55555
 ```
 
 The example server protocol list 127.0.0.1 as an alternative name, but the TLS-client currently used does not accept it,
 instead a valid server name must be given as argument.
 Currently `Server` and `localhost` are valid names from the example certificates.
 
 ```
-kuksa-client --cacertificate ../kuksa_certificates/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555
+kuksa-client --cacertificate ~/kuksa-common/tls/CA.pem --tls-server-name Server grpcs://127.0.0.1:55555
 ```
 
-## TLS with val-server
-Val-server also supports TLS. KUKSA Client uses TLS to connect to val-server when the schema part of the server URI is `wss`.  A valid command to connect to a local TLS enabled val-server is
+## TLS with Websocket
+Websocket access also supports TLS. KUKSA Client uses TLS to connect to Weboscket when the schema part of the server URI is `wss`.  A valid command to connect to a local TLS enabled VSS Server (KUKSA Databroker, VISSR, ...) supporting Websocket is
 
-```
-kuksa-client wss://localhost:8090
-```
-
-This corresponds to this call:
 
 ```
-kuksa-client --cacertificate ../kuksa_certificates/CA.pem wss://localhost:8090
+kuksa-client --cacertificate ~/kuksa-common/tls/CA.pem wss://localhost:8090
 ```
 
 In some environments the `--tls-server-name` argument must be used to specify alternative server name
@@ -100,12 +83,8 @@ if connecting to the server by numerical IP address like `wss://127.0.0.1:8090`.
 
 If the connected KUKSA Server or KUKSA Databroker require authorization the first step after a connection is made is to authorize. KUKSA Server and KUKSA Databroker use different token formats.
 
-The jwt tokens for testing can either be found in the [kuksa.val repository](https://github.com/eclipse/kuksa.val/tree/master/kuksa_certificates/jwt)
-or you can also use following command inside `kuksa-client` to find the via `pip` installed certificate directory.
+The KUKSA jwt tokens for testing can be found in the [kuksa-common repository](https://github.com/eclipse/kuksa.val/tree/master/kuksa_certificates/jwt).
 
-```console
-Test Client> printTokenDir
-```
 Select one of the tokens and use the `authorize` command like below:
 
 ```console
@@ -114,8 +93,7 @@ Test Client> authorize /some/path/kuksa_certificates/jwt/super-admin.json.token
 
 ## Authorizing against KUKSA Databroker
 
-If connecting to Databroker the command `printTokenDir` is not much help as it shows the default token directories
-for KUKSA Server example tokens. If the KUKSA Databroker use default example tokens then one of the
+If the KUKSA Databroker use default example tokens then one of the
 tokens in [kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/jwt) can be used, like in the example below:
 
 ```console
@@ -141,7 +119,6 @@ getServerAddress    Gets the IP Address for the VISS/gRPC Server
 Info Commands
 ================================================================================
 info                Show summary info of the client
-printTokenDir       Show default token directory
 version             Show version of the client
 
 Kuksa Interaction Commands

kuksa-client/kuksa/val/v1/README.md

@@ -1 +1 @@
-../../../../submodules/kuksa.val/proto/kuksa/val/v1/README.md
+../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/README.md

kuksa-client/kuksa/val/v1/types.proto

@@ -1 +1 @@
-../../../../submodules/kuksa.val/proto/kuksa/val/v1/types.proto
+../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/types.proto

kuksa-client/kuksa/val/v1/val.proto

@@ -1 +1 @@
-../../../../submodules/kuksa.val/proto/kuksa/val/v1/val.proto
+../../../../submodules/kuksa-databroker/proto/kuksa/val/v1/val.proto

kuksa-client/kuksa_client/__main__.py

@@ -39,7 +39,6 @@
 from cmd2.utils import basic_complete
 from urllib.parse import urlparse
 
-from kuksa_client import kuksa_server_certificates
 from kuksa_client import KuksaClientThread
 from kuksa_client import _metadata
 
@@ -351,7 +350,6 @@ def __init__(
         with (pathlib.Path(scriptDir) / "logo").open("r", encoding="utf-8") as f:
             logo = f.read()
             print(logo.replace("%ver%", str(_metadata.__version__)))
-        print("Default tokens directory: " + self.getDefaultTokenDir())
 
         print()
         self.connect()
@@ -595,7 +593,10 @@ def connect(self):
             config["port"] = srv.port
 
         if srv.scheme in ["grpcs", "wss"]:
-            config["insecure"] = False
+            if self.cacertificate is None:
+                print("TLS cannot be used as no CA Certificate specifed!")
+            else:
+                config["insecure"] = False
 
         if srv.hostname is None:
             print("No hostname or IP given")
@@ -646,41 +647,25 @@ def do_connect(self, args):
         self.server = args.server
         self.connect()
 
-    def getDefaultTokenDir(self):
-        try:
-            return os.path.join(kuksa_server_certificates.__certificate_dir__, "jwt")
-        except AttributeError:
-            guessTokenDir = os.path.join(scriptDir, "kuksa_server_certificates/jwt")
-            if os.path.isdir(guessTokenDir):
-                return guessTokenDir
-            return "Unknown"
-
     @with_category(INFO_COMMANDS)
     def do_info(self, _args):
         """Show summary info of the client"""
         print("kuksa-client version " + _metadata.__version__)
         print("Uri: " + _metadata.__uri__)
         print("Author: " + _metadata.__author__)
         print("Copyright: " + _metadata.__copyright__)
-        print("Default tokens directory: " + self.getDefaultTokenDir())
 
     @with_category(INFO_COMMANDS)
     def do_version(self, _args):
         """Show version of the client"""
         print(_metadata.__version__)
 
-    @with_category(INFO_COMMANDS)
-    def do_printTokenDir(self, _args):
-        """Show default token directory"""
-        print(self.getDefaultTokenDir())
-
 
 # pylint: enable=too-many-public-methods
 # pylint: enable=too-many-instance-attributes
 
 # Main Function
 
-
 def main():
     parser = argparse.ArgumentParser()
     parser.add_argument(

kuksa-client/kuksa_client/cli_backend/__init__.py

@@ -16,9 +16,6 @@
 # SPDX-License-Identifier: Apache-2.0
 ########################################################################
 
-import pathlib
-from kuksa_client import kuksa_server_certificates
-
 
 class Backend:
     def __init__(self, config):
@@ -28,16 +25,14 @@ def __init__(self, config):
             self.insecure = config.getboolean('insecure', False)
         except AttributeError:
             self.insecure = config.get('insecure', False)
-        self.default_cert_path = pathlib.Path(kuksa_server_certificates.__path__[0])
-        self.cacertificate = config.get(
-            'cacertificate', str(self.default_cert_path / 'CA.pem'))
-        self.certificate = config.get('certificate', str(
-            self.default_cert_path / 'Client.pem'))
-        self.keyfile = config.get('keyfile', str(
-            self.default_cert_path / 'Client.key'))
+        self.cacertificate = config.get('cacertificate', None)
+        # If no CA Certificate is given we will use an insecure connection, requested or not
+        if self.cacertificate is None:
+            self.insecure = True
+        self.certificate = config.get('certificate', None)
+        self.keyfile = config.get('keyfile', None)
         self.tls_server_name = config.get('tls_server_name', "")
-        self.token_or_tokenfile = config.get('token_or_tokenfile', str(
-            self.default_cert_path / 'jwt/all-read-write.json.token'))
+        self.token_or_tokenfile = config.get('token_or_tokenfile', None)
 
     @staticmethod
     def from_config(config):

kuksa-client/kuksa_client/cli_backend/grpc.py

@@ -57,9 +57,12 @@ def default(self, obj):
 class Backend(cli_backend.Backend):
     def __init__(self, config):
         super().__init__(config)
-        self.cacertificate = pathlib.Path(self.cacertificate)
-        self.keyfile = pathlib.Path(self.keyfile)
-        self.certificate = pathlib.Path(self.certificate)
+        if self.cacertificate is not None:
+            self.cacertificate = pathlib.Path(self.cacertificate)
+        if self.keyfile is not None:
+            self.keyfile = pathlib.Path(self.keyfile)
+        if self.certificate is not None:
+            self.certificate = pathlib.Path(self.certificate)
         if self.token_or_tokenfile is not None:
             if os.path.isfile(self.token_or_tokenfile):
                 self.token_or_tokenfile = pathlib.Path(self.token_or_tokenfile)

kuksa-client/setup.cfg

@@ -44,8 +44,6 @@ test =
 kuksa_client =
     logging.ini
     logo
-    kuksa_server_certificates/*
-    kuksa_server_certificates/jwt/*
 
 [options.packages.find]
 where = .