source: examples/python_tests/access_rt2/query.py @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 3.0 KB
Line 
1#!/usr/bin/env python
2
3"""
4Run the queries described in README
5
6cmd1:env keystore=`pwd` ./query.py
7cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
8
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15ctxt.set_no_partial_proof()
16
17# Keystore is the directory containing the principal credentials.
18# Load existing principals and/or policy credentials
19if (os.environ.has_key("keystore")) :
20    keystore=os.environ["keystore"]
21    ctxt.load_directory(keystore)
22else:
23    print("keystore is not set...")
24    exit(1) 
25
26# Load the principals created in ./attr.py and ./setup.py.  Each has an
27# identity and private key.
28alphaID=ABAC.ID("Alpha_ID.pem");
29alphaID.id_load_privkey_file("Alpha_private.pem");
30alpha=alphaID.id_keyid()
31
32bobID=ABAC.ID("Bob_ID.pem");
33bobID.id_load_privkey_file("Bob_private.pem");
34bob=bobID.id_keyid()
35
36joeID=ABAC.ID("Joe_ID.pem");
37joeID.id_load_privkey_file("Joe_private.pem");
38joe=joeID.id_keyid()
39
40##########################################################################
41# dump the loaded principals/policies
42#
43out = ctxt.context_principals()
44print "\n...final principal set..."
45for x in out[1]:
46    print "%s " % x.string()
47
48out = ctxt.context_credentials()
49print "\n...final policy attribute set..."
50for c in out[1]:
51    print "%s <- %s" % (c.head_string(), c.tail_string())
52
53
54##########################################################################
55# Construct and run the queries.  In each case we create a role object and a
56# principal and call the query method on the context.  The contents of the
57# proof are printed for successful queries.
58# role is the role to look for
59# p is the principal to check.
60##########################################################################
61# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
62# p = "[keyid:bob]"
63param1=ABAC.DataTerm("string", "'Read'")
64param2=ABAC.DataTerm("urn","'file//fileA'")
65role = ABAC.Role(alpha,"access")
66role.role_add_data_term(param1)
67role.role_add_data_term(param2)
68
69p = ABAC.Role(bob)
70print "\n===good============ Alpha.access(Read,fileA)<-?-Bob"
71out = ctxt.query(role, p)
72
73for c in out[1]:
74    print "%s <- %s" % (c.head_string(), c.tail_string())
75
76##########################################################################
77# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
78# p = "[keyid:joe]"
79param1=ABAC.DataTerm("string", "'Read'")
80param2=ABAC.DataTerm("urn","'file//fileA'")
81role = ABAC.Role(alpha,"access")
82role.role_add_data_term(param1)
83role.role_add_data_term(param2)
84p = ABAC.Role(joe)
85
86print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe"
87out = ctxt.query(role,p)
88
89for c in out[1]:
90    print "%s <- %s" % (c.head_string(), c.tail_string())
91
92
93##########################################################################
94# role =[keyid:alpha].role:team([string:'proj2'])
95# p = "[keyid:joe]"
96param=ABAC.DataTerm("string", "'proj2'")
97role = ABAC.Role(alpha,"team")
98role.role_add_data_term(param)
99p = ABAC.Role(joe)
100print "\n===good============ Alpha.team(proj2)<-?-Joe"
101out = ctxt.query(role,p)
102
103for c in out[1]:
104    print "%s <- %s" % (c.head_string(), c.tail_string())
105
Note: See TracBrowser for help on using the repository browser.