source: examples/python_tests/acme_friend_rt1/query.py @ 880e924

#!/usr/bin/env python

"""
Run the queries described in README

cmd1:env keystore=`pwd` ./query.py 
cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
"""

import os
import ABAC

ctxt = ABAC.Context()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set...")
    exit(1)

# extract principal's keyid from local principal cert files
acmeID=ABAC.ID("Acme_ID.pem")
acmeID.id_load_privkey_file("Acme_private.pem");
acme=acmeID.id_keyid()

coyoteID=ABAC.ID("Coyote_ID.pem")
coyoteID.id_load_privkey_file("Coyote_private.pem");
coyote=coyoteID.id_keyid()

roadrunnerID=ABAC.ID("Roadrunner_ID.pem")
roadrunnerID.id_load_privkey_file("Roadrunner_private.pem");
roadrunner=roadrunnerID.id_keyid()

jackrabbitID=ABAC.ID("Jackrabbit_ID.pem")
jackrabbitID.id_load_privkey_file("Jackrabbit_private.pem");
jackrabbit=jackrabbitID.id_keyid()

##########################################################################
# dump the loaded principals/policies
#
out = ctxt.context_principals()
print "\n...final principal set..."
for x in out[1]:
    print "%s " % x.string()
out = ctxt.context_credentials()
print "\n...final policy attribute set..."
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# is coyote a friend of roadrunner?
# role =[keyid:Acme].role:friendof([keyid:Roadrunner]) 
# p= [keyid:Coyote]
param=ABAC.DataTerm(roadrunnerID)
role = ABAC.Role(acme,"friendof")
role.role_add_data_term(param)
p = ABAC.Role(coyote)
print "\n===bad============ Acme.friendOf(Roadrunner) <- Coyote"
out = ctxt.query(role, p)

for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# is jackrabbit a friend of roadrunner ?
# role =[keyid:Acme].role:friendof([keyid:Roadrunner]) 
# p= [keyid:Jackrabbit]
param=ABAC.DataTerm(roadrunnerID)
role = ABAC.Role(acme,"friendof")
role.role_add_data_term(param)
p = ABAC.Role(jackrabbit)
print "\n===good============ Acme.friendOf(Roadrunner) <- Jackrabbit"
out = ctxt.query(role, p)

for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())


##########################################################################
# is jackrabbit a preferred_customer of Acme ?
# role =[keyid:Acme].role:preferred_customer
# p =[keyid:Jackrabbit]
role = ABAC.Role(acme,"preferred_customer")
p = ABAC.Role(jackrabbit)
print "\n===good============ Acme.preferred_customer <- Jackrabbit"
out = ctxt.query(role, p)

for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# is coyote a preferred_customer of Acme ?
# role =[keyid:Acme].role:preferred_customer
# p =[keyid:Coyote]
role = ABAC.Role(acme,"preferred_customer")
p = ABAC.Role(coyote)
print "\n===good============ Acme.preferred_customer <- Coyote"
out = ctxt.query(role, p)

for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())


##########################################################################
# is blah_blah a preferred_customer of Acme ?
# role =[keyid:Acme].role:preferred_customer
# p =[keyid:badCoyote]
role = ABAC.Role(acme,"preferred_customer")
# some random SHA keyid value
badcoyote="1fb66793d453226f0b93a48c7f6ae0d51632e628"
p = ABAC.Role(badcoyote)
print "\n===bad============ Acme.preferred_customer <- badcoyote"
out = ctxt.query(role, p)

for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())