[5f551d3] | 1 | #!/usr/bin/env python |
---|
| 2 | |
---|
| 3 | """ |
---|
[f824a9e] | 4 | Run the queries described in README |
---|
[5f551d3] | 5 | |
---|
| 6 | cmd1:env keystore=`pwd` ./query.py |
---|
| 7 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
---|
| 8 | |
---|
| 9 | """ |
---|
| 10 | |
---|
| 11 | import os |
---|
| 12 | import ABAC |
---|
| 13 | |
---|
| 14 | ctxt = ABAC.Context() |
---|
| 15 | |
---|
[f824a9e] | 16 | # Keystore is the directory containing the principal credentials. |
---|
| 17 | # Load existing principals and/or policy credentials |
---|
| 18 | if (os.environ.has_key("keystore")) : |
---|
| 19 | keystore=os.environ["keystore"] |
---|
| 20 | ctxt.load_directory(keystore) |
---|
| 21 | else: |
---|
| 22 | print("keystore is not set...") |
---|
| 23 | exit(1) |
---|
[5f551d3] | 24 | |
---|
[f824a9e] | 25 | # retrieve principals' keyid value from local credential files |
---|
[5f551d3] | 26 | isiID=ABAC.ID("ISI_ID.pem") |
---|
| 27 | isiID.id_load_privkey_file("ISI_private.pem"); |
---|
| 28 | isi=isiID.id_keyid() |
---|
| 29 | |
---|
| 30 | uscID=ABAC.ID("USC_ID.pem") |
---|
| 31 | uscID.id_load_privkey_file("USC_private.pem"); |
---|
| 32 | usc=uscID.id_keyid() |
---|
| 33 | |
---|
| 34 | maryannID=ABAC.ID("Maryann_ID.pem") |
---|
| 35 | maryannID.id_load_privkey_file("Maryann_private.pem"); |
---|
| 36 | maryann=maryannID.id_keyid() |
---|
| 37 | |
---|
| 38 | johnID=ABAC.ID("John_ID.pem") |
---|
| 39 | johnID.id_load_privkey_file("John_private.pem"); |
---|
| 40 | john=johnID.id_keyid() |
---|
| 41 | |
---|
| 42 | ########################################################################## |
---|
[f824a9e] | 43 | # dump the loaded principals/policies |
---|
| 44 | # |
---|
| 45 | out = ctxt.context_principals() |
---|
| 46 | print "\n...final principal set..." |
---|
| 47 | for x in out[1]: |
---|
| 48 | print "%s " % x.string() |
---|
| 49 | out = ctxt.context_credentials() |
---|
| 50 | print "\n...final policy attribute set..." |
---|
| 51 | for c in out[1]: |
---|
| 52 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 53 | |
---|
| 54 | ########################################################################## |
---|
| 55 | # is john an evaluator of maryann ? |
---|
[5f551d3] | 56 | #role=[keyid:USC].role:evaluatorOf([keyid:Maryann]) |
---|
| 57 | #p=[keyid:John] |
---|
| 58 | param=ABAC.DataTerm(maryannID) |
---|
| 59 | role = ABAC.Role(usc,"evaluatorOf") |
---|
| 60 | role.role_add_data_term(param) |
---|
| 61 | p = ABAC.Role(john) |
---|
| 62 | print "\n===good============ USC.evaluatorOf(Maryann) <- John" |
---|
| 63 | out = ctxt.query(role, p) |
---|
| 64 | for c in out[1]: |
---|
| 65 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 66 | |
---|
| 67 | ########################################################################## |
---|
[f824a9e] | 68 | # is john a manager of maryann ? |
---|
[5f551d3] | 69 | #role=[keyid:USC].role:managerOf([keyid:Maryann]) |
---|
| 70 | #p=[keyid:John] |
---|
| 71 | param=ABAC.DataTerm(maryannID) |
---|
| 72 | role = ABAC.Role(usc,"managerOf") |
---|
| 73 | role.role_add_data_term(param) |
---|
| 74 | p = ABAC.Role(john) |
---|
| 75 | print "\n===good============ USC.managerOf(Maryann) <- John" |
---|
| 76 | out = ctxt.query(role, p) |
---|
| 77 | for c in out[1]: |
---|
| 78 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 79 | |
---|
| 80 | ########################################################################## |
---|
[f824a9e] | 81 | # is john an employee of usc ? |
---|
[5f551d3] | 82 | # role=[keyid:USC].role:employee |
---|
| 83 | # p=[keyid:John]" |
---|
| 84 | role = ABAC.Role(usc,"employee") |
---|
| 85 | p = ABAC.Role(john) |
---|
| 86 | print "\n===good============ USC.employee <-?- John" |
---|
| 87 | out = ctxt.query(role,p) |
---|
| 88 | for c in out[1]: |
---|
| 89 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|