source: examples/access_tests/creddy_prover/s3_run_query @ 7751094

mei_rt2
Last change on this file since 7751094 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 2.1 KB
Line 
1#!/bin/sh
2
3# geni s3_run_query
4# using aba_prover_yap
5
6echo "=====================s3_run_query=================="
7
8pwd=`pwd`
9
10eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
11if [ "$eloc" = "" ]; then
12  echo "ERROR: abac_prover_yap is not in the search path!!!"
13  exit 1
14fi
15
16keyloc=$pwd
17
18g=`creddy --keyid --cert $keyloc/G_ID.pem`
19pa=`creddy --keyid --cert $keyloc/PA_ID.pem`
20sa=`creddy --keyid --cert $keyloc/SA_ID.pem`
21
22drd=`creddy --keyid --cert $keyloc/Drd_ID.pem`
23frank=`creddy --keyid --cert $keyloc/Frank_ID.pem`
24dan=`creddy --keyid --cert $keyloc/Dan_ID.pem`
25lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem`
26john=`creddy --keyid --cert $keyloc/John_ID.pem`
27joe=`creddy --keyid --cert $keyloc/Joe_ID.pem`
28tim=`creddy --keyid --cert $keyloc/Tim_ID.pem`
29james=`creddy --keyid --cert $keyloc/James_ID.pem`
30
31## dump all credentials
32env ABAC_CN=1 $eloc/abac_prover_yap  --keystore $keyloc --dump s3_creds_dump
33
34#  runMember John $john what good bad
35runMember() {
36   id=$2 
37   what="'$3'"
38   role="[keyid:$pa].role:memberQ_([string:'proj1'],[string:$what])"
39   prin="[keyid:$id]"
40   echo " "
41   echo "===$4============ PA.memberQ_("proj1",$what)<-?-$1"
42   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"
43
44   role="[keyid:$pa].role:memberQ([string:'proj1'],[string:$what])"
45   prin="[keyid:$id]"
46   echo " "
47   echo "===$5============ PA.memberQ("proj1",$what)<-?-$1"
48   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"
49}
50
51
52runMember Dan $dan 'info' bad good
53runMember Dan $dan 'stop' bad good
54runMember Frank $frank 'info' good good
55runMember Frank $frank 'stop' good good
56runMember James $james 'info' bad good
57runMember James $james 'stop' bad good
58runMember Lisa $lisa 'info' bad good
59runMember Lisa $lisa 'stop' bad good
60runMember Tim $tim 'info' good good
61runMember Tim $tim 'stop' good good
62
63## special case,
64role="[keyid:$john].role:memberQ([string:'proj2'],[string:'info'])"
65prin="[keyid:$joe]"
66echo " "
67echo "===good============ John.memberQ("proj2","info")<-?-$ Joe"
68$eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"
69
70
71echo "\n\n"
72
73
Note: See TracBrowser for help on using the repository browser.