source: examples/python_tests/access_rt2/query.py @ d6ff6f1

mei_rt2mei_rt2_fix_1
Last change on this file since d6ff6f1 was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests
  • Property mode set to 100755
File size: 3.0 KB
RevLine 
[5110d42]1#!/usr/bin/env python
2
3"""
[f824a9e]4Run the queries described in README
[5110d42]5
6cmd1:env keystore=`pwd` ./query.py
7cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
8
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
[f824a9e]16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set...")
23    exit(1) 
[5110d42]24
[47d5cf9]25# Load the principals created in ./attr.py and ./setup.py.  Each has an
26# identity and private key.
[5110d42]27alphaID=ABAC.ID("Alpha_ID.pem");
[5d06689]28alphaID.id_load_privkey_file("Alpha_private.pem");
29alpha=alphaID.id_keyid()
[5110d42]30
31bobID=ABAC.ID("Bob_ID.pem");
[5d06689]32bobID.id_load_privkey_file("Bob_private.pem");
33bob=bobID.id_keyid()
[5110d42]34
35joeID=ABAC.ID("Joe_ID.pem");
[5d06689]36joeID.id_load_privkey_file("Joe_private.pem");
37joe=joeID.id_keyid()
[5110d42]38
[f824a9e]39##########################################################################
40# dump the loaded principals/policies
41#
42out = ctxt.context_principals()
43print "\n...final principal set..."
44for x in out[1]:
45    print "%s " % x.string()
46out = ctxt.context_credentials()
47print "\n...final policy attribute set..."
48for c in out[1]:
49    print "%s <- %s" % (c.head_string(), c.tail_string())
50
51##########################################################################
[47d5cf9]52# Construct and run the queries.  In each case we create a role object and a
53# principal and call the query method on the context.  The contents of the
54# proof are printed for successful queries.
55# role is the role to look for
56# p is the principal to check.
[5110d42]57##########################################################################
58# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
59# p = "[keyid:bob]"
60param1=ABAC.DataTerm("string", "'Read'")
61param2=ABAC.DataTerm("urn","'file//fileA'")
62role = ABAC.Role(alpha,"access")
[5d06689]63role.role_add_data_term(param1)
64role.role_add_data_term(param2)
[5110d42]65
[47d5cf9]66p = ABAC.Role(bob)
[5110d42]67print "\n===good============ Alpha.access(Read,fileA)<-?-Bob"
68out = ctxt.query(role, p)
69
70for c in out[1]:
71    print "%s <- %s" % (c.head_string(), c.tail_string())
72
73##########################################################################
74# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
75# p = "[keyid:joe]"
76param1=ABAC.DataTerm("string", "'Read'")
77param2=ABAC.DataTerm("urn","'file//fileA'")
78role = ABAC.Role(alpha,"access")
[5d06689]79role.role_add_data_term(param1)
80role.role_add_data_term(param2)
[5110d42]81p = ABAC.Role(joe)
82
83print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe"
84out = ctxt.query(role,p)
85
86for c in out[1]:
87    print "%s <- %s" % (c.head_string(), c.tail_string())
88
89
90##########################################################################
91# role =[keyid:alpha].role:team([string:'proj2'])
92# p = "[keyid:joe]"
93param=ABAC.DataTerm("string", "'proj2'")
94role = ABAC.Role(alpha,"team")
[5d06689]95role.role_add_data_term(param)
[5110d42]96p = ABAC.Role(joe)
97print "\n===good============ Alpha.team(proj2)<-?-Joe"
98out = ctxt.query(role,p)
99
100for c in out[1]:
101    print "%s <- %s" % (c.head_string(), c.tail_string())
102
Note: See TracBrowser for help on using the repository browser.