1 | |
---|
2 | policy.sh is the main policy file. It contains the RT policy |
---|
3 | rules Ted translated from Jeff's initial GENI authorization |
---|
4 | writeup. There are 6 scenario setups and related query tests. |
---|
5 | |
---|
6 | scenario_s1.sh, a simple user and project example |
---|
7 | s1_query.py and s1_run_query are 2 sets of query calls where |
---|
8 | the first is in python and 2nd uses the prover bundled with |
---|
9 | libabac |
---|
10 | |
---|
11 | scenario_s2.sh, various member, member_(delegated) and |
---|
12 | delegate_member_ relations between different users are setup to |
---|
13 | show different possible access policy proof solutions |
---|
14 | s2_query.py and s2_run_query are the query calls |
---|
15 | |
---|
16 | scenario_s3.sh, various memberQ, memberQ_(delegated) and |
---|
17 | delegate_memberQ_ relations between users are setup similar to |
---|
18 | scenario_s2.sh but with the role qualified. |
---|
19 | s3_query.py and s3_run_query are the query scripts |
---|
20 | |
---|
21 | scenario_s4.sh, various controls, controls_(delegated) and |
---|
22 | delegate_controls_ relations between slices and users are setup |
---|
23 | to show access permission to slices. |
---|
24 | s4_query.py and s4_run_query are the query scripts. |
---|
25 | |
---|
26 | scenario_s5.sh, various controlsQ, controlsQ_(delegated) and |
---|
27 | delegate_controlsQ_ relations between slices and users are setup |
---|
28 | similar to scenario_s4 but with qualifed role. |
---|
29 | s5_query.py and s5_run_query are the query scripts |
---|
30 | |
---|
31 | scenario_s6.sh, setup relations to test createSlice and speaksFor |
---|
32 | s6_query.py and s5_run_query are the query scripts |
---|
33 | |
---|
34 | Note: delegate_member_ |
---|
35 | delegate_memberQ_ |
---|
36 | delegate_controls_ |
---|
37 | delegate_controlsQ_ |
---|
38 | are needed to avoid the recursing in the original policy rule |
---|
39 | PA.member_(?P:PA.standard) <- (PA.member_(?P)).member_ |
---|
40 | |
---|
41 | run_test, is the main test control script |
---|
42 | |
---|
43 | dumpdb.py, a python script that loads what is there in the directory and |
---|
44 | then dump the complete content of YAP db. |
---|
45 | If ran like this, "env ABAC_CN=1 ./dumpdb.py", the result would replace |
---|
46 | SHA value with CN and the resulting output is more readable |
---|
47 | |
---|
48 | resulting files after ./run_test call, |
---|
49 | yap_clauses, is the prolog clauses that libabac generated for policy.sh |
---|
50 | main_yap_clauses, is the prolog clauses in more user friendly form |
---|
51 | s#_yap_clauses, contains the prolog clauses libabac generated for each |
---|
52 | of scenario setup |
---|
53 | my_s#_yap_clauses, is the more user friendly form of s#_yap_clauses |
---|
54 | s#_result.cn, is the more user friendly proof result |
---|
55 | s#_result.sha, is the proof result with sha values |
---|
56 | s#_result.save, is the baseline result used for regression test comparison |
---|
57 | |
---|
58 | |
---|
59 | |
---|