[2e9455f] | 1 | |
---|
| 2 | policy.sh is the main policy file. It contains the RT policy |
---|
| 3 | rules Ted translated from Jeff's initial GENI authorization |
---|
| 4 | writeup. There are 6 scenario setups and related query tests. |
---|
| 5 | |
---|
| 6 | scenario_s1.sh, a simple user and project example |
---|
| 7 | s1_query.py and s1_run_query are 2 sets of query calls where |
---|
| 8 | the first is in python and 2nd uses the prover bundled with |
---|
| 9 | libabac |
---|
| 10 | |
---|
| 11 | scenario_s2.sh, various member, member_(delegated) and |
---|
| 12 | delegate_member_ relations between different users are setup to |
---|
| 13 | show different possible access policy proof solutions |
---|
| 14 | s2_query.py and s2_run_query are the query calls |
---|
| 15 | |
---|
| 16 | scenario_s3.sh, various memberQ, memberQ_(delegated) and |
---|
| 17 | delegate_memberQ_ relations between users are setup similar to |
---|
| 18 | scenario_s2.sh but with the role qualified. |
---|
| 19 | s3_query.py and s3_run_query are the query scripts |
---|
| 20 | |
---|
| 21 | scenario_s4.sh, various controls, controls_(delegated) and |
---|
| 22 | delegate_controls_ relations between slices and users are setup |
---|
| 23 | to show access permission to slices. |
---|
| 24 | s4_query.py and s4_run_query are the query scripts. |
---|
| 25 | |
---|
| 26 | scenario_s5.sh, various controlsQ, controlsQ_(delegated) and |
---|
| 27 | delegate_controlsQ_ relations between slices and users are setup |
---|
| 28 | similar to scenario_s4 but with qualifed role. |
---|
| 29 | s5_query.py and s5_run_query are the query scripts |
---|
| 30 | |
---|
| 31 | scenario_s6.sh, setup relations to test createSlice and speaksFor |
---|
| 32 | s6_query.py and s5_run_query are the query scripts |
---|
| 33 | |
---|
| 34 | Note: delegate_member_ |
---|
| 35 | delegate_memberQ_ |
---|
| 36 | delegate_controls_ |
---|
| 37 | delegate_controlsQ_ |
---|
| 38 | are needed to avoid the recursing in the original policy rule |
---|
| 39 | PA.member_(?P:PA.standard) <- (PA.member_(?P)).member_ |
---|
| 40 | |
---|
| 41 | run_test, is the main test control script |
---|
| 42 | |
---|
| 43 | |
---|
| 44 | resulting files after ./run_test call, |
---|
| 45 | yap_clauses, is the prolog clauses that libabac generated for policy.sh |
---|
| 46 | main_yap_clauses, is the prolog clauses in more user friendly form |
---|
| 47 | s#_yap_clauses, contains the prolog clauses libabac generated for each |
---|
| 48 | of scenario setup |
---|
| 49 | my_s#_yap_clauses, is the more user friendly form of s#_yap_clauses |
---|
| 50 | s#_result.cn, is the more user friendly proof result |
---|
| 51 | s#_result.sha, is the proof result with sha values |
---|
| 52 | s#_result.save, is the baseline result used for regression test comparison |
---|
| 53 | |
---|
| 54 | |
---|
| 55 | |
---|