source: examples/access_tests/creddy_prover/s3_query.py @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 5.6 KB
Line 
1#!/usr/bin/env python
2
3"""
4  s3_query.py
5using python api
6
7"""
8
9print("=====================s3_query.py==================")
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set, using current directory...")
23    ctxt.load_directory(".")
24
25##########################################################################
26def get_next(CTXT) :
27    while( 1 ) :
28        print ("\nnext proof:")
29        (success, out) = CTXT.next_proof()
30        if(success) :
31            for c in out:
32                print "%s <- %s" % (c.head_string(), c.tail_string())
33        else:
34            print("no more..\n")
35            return
36
37# dump the loaded principals/policies
38def dump_all(CTXT,msg) :
39    out = CTXT.context_principals()
40    print "\n...%s principal set..." % msg
41    for x in out[1]:
42        print "#PP# %s " % x.string()
43    out = CTXT.context_credentials()
44    print "\n...%s policy attribute set..." %msg
45    for c in out[1]:
46        print "#CC# %s <- %s" % (c.head_string(), c.tail_string())
47
48##########################################################################
49# retrieve principals' keyid value from local credential files
50gID=ABAC.ID("G_ID.pem");
51g=gID.id_keyid()
52
53paID=ABAC.ID("PA_ID.pem");
54pa=paID.id_keyid()
55
56drdID=ABAC.ID("Drd_ID.pem");
57drd=drdID.id_keyid()
58
59johnID=ABAC.ID("John_ID.pem");
60john=johnID.id_keyid()
61
62timID=ABAC.ID("Tim_ID.pem");
63tim=timID.id_keyid()
64
65joeID=ABAC.ID("Joe_ID.pem");
66joe=joeID.id_keyid()
67
68lisaID=ABAC.ID("Lisa_ID.pem");
69lisa=lisaID.id_keyid()
70
71jamesID=ABAC.ID("James_ID.pem");
72james=jamesID.id_keyid()
73##########################################################################
74##########################################################################
75#dump_all(ctxt,"initial")
76#ctxt.set_no_partial_proof()
77
78##########################################################################
79# [keyid:PA].role:memberQ_([string:'proj2'],[string:'info']) <-?- [keyid:James]
80role = ABAC.Role(pa,"memberQ_")
81param1=ABAC.DataTerm("string", "'proj2'")
82param2=ABAC.DataTerm("string", "'info'")
83role.role_add_data_term(param1)
84role.role_add_data_term(param2)
85p = ABAC.Role(james)
86
87print "\n===good============ PA.memberQ_('proj2','info') <-?- James"
88out = ctxt.query(role, p)
89for c in out[1]:
90    print "%s <- %s" % (c.head_string(), c.tail_string())
91get_next(ctxt)
92
93# [keyid:PA].role:memberQ([string:'proj1'],[string:'info']) <-?- [keyid:Lisa]
94role = ABAC.Role(pa,"memberQ")
95param1=ABAC.DataTerm("string", "'proj1'")
96param2=ABAC.DataTerm("string", "'info'")
97role.role_add_data_term(param1)
98role.role_add_data_term(param2)
99p = ABAC.Role(lisa)
100
101print "\n===good============ PA.memberQ('proj1','info') <-?- Lisa"
102out = ctxt.query(role, p)
103for c in out[1]:
104    print "%s <- %s" % (c.head_string(), c.tail_string())
105get_next(ctxt)
106
107##########################################################################
108# [keyid:PA].role:memberQ([string:'proj1'],[string:'info']) <-?- [keyid:John]
109role = ABAC.Role(pa,"memberQ")
110param1=ABAC.DataTerm("string", "'proj1'")
111param2=ABAC.DataTerm("string", "'info'")
112role.role_add_data_term(param1)
113role.role_add_data_term(param2)
114p = ABAC.Role(john)
115
116print "\n===good============ PA.memberQ('proj1','info') <-?- John"
117out = ctxt.query(role, p)
118for c in out[1]:
119    print "%s <- %s" % (c.head_string(), c.tail_string())
120get_next(ctxt)
121
122##########################################################################
123# [keyid:PA].role:memberQ([string:'proj2'],[string:'instantiate']) <-?- [keyid:John]
124role = ABAC.Role(pa,"memberQ")
125param1=ABAC.DataTerm("string", "'proj2'")
126param2=ABAC.DataTerm("string", "'instantiate'")
127role.role_add_data_term(param1)
128role.role_add_data_term(param2)
129p = ABAC.Role(john)
130
131print "\n===bad============ PA.memberQ('proj2','instantiate') <-?- John"
132out = ctxt.query(role, p)
133for c in out[1]:
134    print "%s <- %s" % (c.head_string(), c.tail_string())
135
136##########################################################################
137# [keyid:PA].role:memberQ([string:'proj1'],[string:'instantiate']) <-?- [keyid:Tim]
138role = ABAC.Role(pa,"memberQ")
139param1=ABAC.DataTerm("string", "'proj1'")
140param2=ABAC.DataTerm("string", "'instantiate'")
141role.role_add_data_term(param1)
142role.role_add_data_term(param2)
143p = ABAC.Role(tim)
144
145print "\n===good============ PA.memberQ('proj1','instantiate') <-?- Tim"
146out = ctxt.query(role, p)
147for c in out[1]:
148    print "%s <- %s" % (c.head_string(), c.tail_string())
149get_next(ctxt)
150
151##########################################################################
152# [keyid:PA].role:memberQ([string:'proj2'],[string:'info']) <-?- [keyid:Tim]
153role = ABAC.Role(pa,"memberQ")
154param1=ABAC.DataTerm("string", "'proj2'")
155param2=ABAC.DataTerm("string", "'instantiate'")
156role.role_add_data_term(param1)
157role.role_add_data_term(param2)
158p = ABAC.Role(tim)
159
160print "\n===bad============ PA.memberQ('proj2','info') <-?- Tim"
161out = ctxt.query(role, p)
162for c in out[1]:
163    print "%s <- %s" % (c.head_string(), c.tail_string())
164
165##########################################################################
166# [keyid:PA].role:memberQ([string:'proj2'],[string:'info']) <-?- [keyid:Joe]
167role = ABAC.Role(pa,"memberQ")
168param1=ABAC.DataTerm("string", "'proj2'")
169param2=ABAC.DataTerm("string", "'info'")
170role.role_add_data_term(param1)
171role.role_add_data_term(param2)
172p = ABAC.Role(john)
173
174print "\n===good============ PA.memberQ('proj2','info') <-?- Joe"
175out = ctxt.query(role, p)
176for c in out[1]:
177    print "%s <- %s" % (c.head_string(), c.tail_string())
178
179##########################################################################
180
181print("\n\n")
Note: See TracBrowser for help on using the repository browser.