#!/usr/bin/env python """ to test with python cmd1:env keystore=`pwd` ./query.py cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py """ import os import ABAC ctxt = ABAC.Context() # print "ABAC version %s" % ctxt.version() keystore=os.environ["keystore"] ctxt.load_directory(keystore) geniID=ABAC.ID("Geni_ID.pem"); geniID.id_load_privkey_file("Geni_private.pem"); geni=geniID.id_keyid() bobID=ABAC.ID("Bob_ID.pem"); bobID.id_load_privkey_file("Bob_private.pem"); bob=bobID.id_keyid() jackID=ABAC.ID("Jack_ID.pem"); jackID.id_load_privkey_file("Jack_private.pem"); jack=jackID.id_keyid() joeID=ABAC.ID("Joe_ID.pem"); joeID.id_load_privkey_file("Joe_private.pem"); joe=joeID.id_keyid() ########################################################################## # role=[keyid:geni].role:leader # p=[keyid:Bob] role = ABAC.Role(geni,"leader") p = ABAC.Role(bob) print "\n===good============ geni.leader <- Bob" out = ctxt.query(role, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # role=[keyid:geni].role:leader # p=[keyid:Jack] role = ABAC.Role(geni,"leader") p = ABAC.Role(jack) print "\n===bad============ geni.leader <- Jack" out = ctxt.query(role, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # role=[keyid:geni].role:leader # p=[keyid:Joe] role = ABAC.Role(geni,"leader") p = ABAC.Role(joe) print "\n===good============ geni.leader <- Joe" out = ctxt.query(role, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # dump the loaded principals/policies # out = ctxt.context_principals() print "\n...final principal set..." for x in out[1]: print "%s " % x.string() print "\n" out = ctxt.context_credentials() print "\n...final policy attribute set..." for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) print "\n"