[5f551d3] | 1 | #!/usr/bin/env python |
---|
| 2 | |
---|
| 3 | """ |
---|
| 4 | to test with python |
---|
| 5 | |
---|
| 6 | cmd1:env keystore=`pwd` ./query.py |
---|
| 7 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
---|
| 8 | |
---|
| 9 | """ |
---|
| 10 | |
---|
| 11 | import os |
---|
| 12 | import ABAC |
---|
| 13 | |
---|
| 14 | ctxt = ABAC.Context() |
---|
| 15 | |
---|
| 16 | # print "ABAC version %s" % ctxt.version() |
---|
| 17 | |
---|
| 18 | keystore=os.environ["keystore"] |
---|
| 19 | |
---|
| 20 | ctxt.load_directory(keystore) |
---|
| 21 | |
---|
| 22 | acmeID=ABAC.ID("Acme_ID.pem"); |
---|
| 23 | acmeID.id_load_privkey_file("Acme_private.pem"); |
---|
| 24 | acme=acmeID.id_keyid() |
---|
| 25 | |
---|
| 26 | bobID=ABAC.ID("Bob_ID.pem"); |
---|
| 27 | bobID.id_load_privkey_file("Bob_private.pem"); |
---|
| 28 | bob=bobID.id_keyid() |
---|
| 29 | |
---|
| 30 | aliceID=ABAC.ID("Alice_ID.pem"); |
---|
| 31 | aliceID.id_load_privkey_file("Alice_private.pem"); |
---|
| 32 | alice=aliceID.id_keyid() |
---|
| 33 | |
---|
| 34 | globotronID=ABAC.ID("Globotron_ID.pem"); |
---|
| 35 | globotronID.id_load_privkey_file("Globotron_private.pem"); |
---|
| 36 | globotron=globotronID.id_keyid() |
---|
| 37 | |
---|
| 38 | ########################################################################## |
---|
| 39 | # role=[keyid:Globotron].role:admin |
---|
| 40 | # p=[keyid:Alice] |
---|
| 41 | role = ABAC.Role(globotron,"admin") |
---|
| 42 | p = ABAC.Role(alice) |
---|
| 43 | print "\n===good=============== Globotron.admin <- Alice" |
---|
| 44 | out = ctxt.query(role, p) |
---|
| 45 | for c in out[1]: |
---|
| 46 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 47 | |
---|
| 48 | ########################################################################## |
---|
| 49 | # role=[keyid:Globotron].role:admin |
---|
| 50 | # p=[keyid:Bob] |
---|
| 51 | role = ABAC.Role(globotron,"admin") |
---|
| 52 | p = ABAC.Role(bob) |
---|
| 53 | print "\n===bad=============== Globotron.admin <- Bob" |
---|
| 54 | out = ctxt.query(role, p) |
---|
| 55 | for c in out[1]: |
---|
| 56 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 57 | |
---|
| 58 | |
---|
| 59 | ########################################################################## |
---|
| 60 | # role=[keyid:Acme].role:experiment_create |
---|
| 61 | # p=[keyid:Bob] |
---|
| 62 | role = ABAC.Role(acme,"experiment_create") |
---|
| 63 | p = ABAC.Role(bob) |
---|
| 64 | print "\n===good=============== Acme.experiment_create <- Bob" |
---|
| 65 | out = ctxt.query(role, p) |
---|
| 66 | for c in out[1]: |
---|
| 67 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 68 | |
---|
| 69 | |
---|
| 70 | ########################################################################## |
---|
| 71 | # dump the loaded principals/policies |
---|
| 72 | # |
---|
| 73 | out = ctxt.context_principals() |
---|
| 74 | print "\n...final principal set..." |
---|
| 75 | for x in out[1]: |
---|
| 76 | print "%s " % x.string() |
---|
| 77 | print "\n" |
---|
| 78 | out = ctxt.context_credentials() |
---|
| 79 | print "\n...final policy attribute set..." |
---|
| 80 | for c in out[1]: |
---|
| 81 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 82 | print "\n" |
---|
| 83 | |
---|
| 84 | |
---|