source: examples/python_tests/access_rt2/query.py @ e205b49

mei_rt2mei_rt2_fix_1
Last change on this file since e205b49 was e3462b4, checked in by Mei <mei@…>, 12 years ago

1) make regression test to use just runcheck (hide runall)
2) alter the absolute path in the error message so the regression testing

would not be so user dependent when doing validation

3) add the missing null setting in abac_verifier's issuer_id line 335
  • Property mode set to 100755
File size: 3.0 KB
RevLine 
[5110d42]1#!/usr/bin/env python
2
3"""
[f824a9e]4Run the queries described in README
[5110d42]5
6cmd1:env keystore=`pwd` ./query.py
7cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
8
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
[f824a9e]16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set...")
23    exit(1) 
[5110d42]24
[47d5cf9]25# Load the principals created in ./attr.py and ./setup.py.  Each has an
26# identity and private key.
[5110d42]27alphaID=ABAC.ID("Alpha_ID.pem");
[5d06689]28alphaID.id_load_privkey_file("Alpha_private.pem");
29alpha=alphaID.id_keyid()
[5110d42]30
31bobID=ABAC.ID("Bob_ID.pem");
[5d06689]32bobID.id_load_privkey_file("Bob_private.pem");
33bob=bobID.id_keyid()
[5110d42]34
35joeID=ABAC.ID("Joe_ID.pem");
[5d06689]36joeID.id_load_privkey_file("Joe_private.pem");
37joe=joeID.id_keyid()
[5110d42]38
[f824a9e]39##########################################################################
40# dump the loaded principals/policies
41#
42out = ctxt.context_principals()
43print "\n...final principal set..."
44for x in out[1]:
45    print "%s " % x.string()
46out = ctxt.context_credentials()
47print "\n...final policy attribute set..."
48for c in out[1]:
49    print "%s <- %s" % (c.head_string(), c.tail_string())
50
51##########################################################################
[47d5cf9]52# Construct and run the queries.  In each case we create a role object and a
53# principal and call the query method on the context.  The contents of the
54# proof are printed for successful queries.
55# role is the role to look for
56# p is the principal to check.
[5110d42]57##########################################################################
58# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
59# p = "[keyid:bob]"
60param1=ABAC.DataTerm("string", "'Read'")
61param2=ABAC.DataTerm("urn","'file//fileA'")
62role = ABAC.Role(alpha,"access")
[5d06689]63role.role_add_data_term(param1)
64role.role_add_data_term(param2)
[5110d42]65
[47d5cf9]66p = ABAC.Role(bob)
[5110d42]67print "\n===good============ Alpha.access(Read,fileA)<-?-Bob"
68out = ctxt.query(role, p)
69
70for c in out[1]:
71    print "%s <- %s" % (c.head_string(), c.tail_string())
72
73##########################################################################
74# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
75# p = "[keyid:joe]"
76param1=ABAC.DataTerm("string", "'Read'")
77param2=ABAC.DataTerm("urn","'file//fileA'")
78role = ABAC.Role(alpha,"access")
[5d06689]79role.role_add_data_term(param1)
80role.role_add_data_term(param2)
[5110d42]81p = ABAC.Role(joe)
82
83print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe"
84out = ctxt.query(role,p)
85
86for c in out[1]:
87    print "%s <- %s" % (c.head_string(), c.tail_string())
88
89
90##########################################################################
91# role =[keyid:alpha].role:team([string:'proj2'])
92# p = "[keyid:joe]"
93param=ABAC.DataTerm("string", "'proj2'")
94role = ABAC.Role(alpha,"team")
[5d06689]95role.role_add_data_term(param)
[5110d42]96p = ABAC.Role(joe)
97print "\n===good============ Alpha.team(proj2)<-?-Joe"
98out = ctxt.query(role,p)
99
100for c in out[1]:
101    print "%s <- %s" % (c.head_string(), c.tail_string())
102
[e3462b4]103
104## ctxt.dump_yap_db()
Note: See TracBrowser for help on using the repository browser.