source: examples/python_tests/access_rt2/query.py @ d6ff6f1

mei_rt2mei_rt2_fix_1
Last change on this file since d6ff6f1 was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests
  • Property mode set to 100755
File size: 3.0 KB
Line 
1#!/usr/bin/env python
2
3"""
4Run the queries described in README
5
6cmd1:env keystore=`pwd` ./query.py
7cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
8
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set...")
23    exit(1) 
24
25# Load the principals created in ./attr.py and ./setup.py.  Each has an
26# identity and private key.
27alphaID=ABAC.ID("Alpha_ID.pem");
28alphaID.id_load_privkey_file("Alpha_private.pem");
29alpha=alphaID.id_keyid()
30
31bobID=ABAC.ID("Bob_ID.pem");
32bobID.id_load_privkey_file("Bob_private.pem");
33bob=bobID.id_keyid()
34
35joeID=ABAC.ID("Joe_ID.pem");
36joeID.id_load_privkey_file("Joe_private.pem");
37joe=joeID.id_keyid()
38
39##########################################################################
40# dump the loaded principals/policies
41#
42out = ctxt.context_principals()
43print "\n...final principal set..."
44for x in out[1]:
45    print "%s " % x.string()
46out = ctxt.context_credentials()
47print "\n...final policy attribute set..."
48for c in out[1]:
49    print "%s <- %s" % (c.head_string(), c.tail_string())
50
51##########################################################################
52# Construct and run the queries.  In each case we create a role object and a
53# principal and call the query method on the context.  The contents of the
54# proof are printed for successful queries.
55# role is the role to look for
56# p is the principal to check.
57##########################################################################
58# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
59# p = "[keyid:bob]"
60param1=ABAC.DataTerm("string", "'Read'")
61param2=ABAC.DataTerm("urn","'file//fileA'")
62role = ABAC.Role(alpha,"access")
63role.role_add_data_term(param1)
64role.role_add_data_term(param2)
65
66p = ABAC.Role(bob)
67print "\n===good============ Alpha.access(Read,fileA)<-?-Bob"
68out = ctxt.query(role, p)
69
70for c in out[1]:
71    print "%s <- %s" % (c.head_string(), c.tail_string())
72
73##########################################################################
74# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
75# p = "[keyid:joe]"
76param1=ABAC.DataTerm("string", "'Read'")
77param2=ABAC.DataTerm("urn","'file//fileA'")
78role = ABAC.Role(alpha,"access")
79role.role_add_data_term(param1)
80role.role_add_data_term(param2)
81p = ABAC.Role(joe)
82
83print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe"
84out = ctxt.query(role,p)
85
86for c in out[1]:
87    print "%s <- %s" % (c.head_string(), c.tail_string())
88
89
90##########################################################################
91# role =[keyid:alpha].role:team([string:'proj2'])
92# p = "[keyid:joe]"
93param=ABAC.DataTerm("string", "'proj2'")
94role = ABAC.Role(alpha,"team")
95role.role_add_data_term(param)
96p = ABAC.Role(joe)
97print "\n===good============ Alpha.team(proj2)<-?-Joe"
98out = ctxt.query(role,p)
99
100for c in out[1]:
101    print "%s <- %s" % (c.head_string(), c.tail_string())
102
Note: See TracBrowser for help on using the repository browser.