1 | #!/usr/bin/env python |
---|
2 | |
---|
3 | """ |
---|
4 | cmd1:env keystore=`pwd` ./query.py |
---|
5 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
---|
6 | |
---|
7 | """ |
---|
8 | |
---|
9 | import os |
---|
10 | import ABAC |
---|
11 | |
---|
12 | ctxt = ABAC.Context() |
---|
13 | |
---|
14 | # Keystore is the directory containing the principal credentials. |
---|
15 | # Load existing principals and/or policy credentials |
---|
16 | if (os.environ.has_key("keystore")) : |
---|
17 | keystore=os.environ["keystore"] |
---|
18 | ctxt.load_directory(keystore) |
---|
19 | else: |
---|
20 | print("keystore is not set...") |
---|
21 | exit(1) |
---|
22 | |
---|
23 | # retrieve principals' keyid value from local credential files |
---|
24 | acmeID=ABAC.ID("Acme_ID.pem"); |
---|
25 | acme=acmeID.id_keyid() |
---|
26 | |
---|
27 | oshID=ABAC.ID("Osh_ID.pem"); |
---|
28 | osh=oshID.id_keyid() |
---|
29 | |
---|
30 | coyoteID=ABAC.ID("Coyote_ID.pem"); |
---|
31 | coyote=coyoteID.id_keyid() |
---|
32 | |
---|
33 | ladybugID=ABAC.ID("Ladybug_ID.pem"); |
---|
34 | ladybug=ladybugID.id_keyid() |
---|
35 | |
---|
36 | ########################################################################## |
---|
37 | # dump the loaded principals/policies |
---|
38 | # |
---|
39 | out = ctxt.context_principals() |
---|
40 | print "\n...final principal set..." |
---|
41 | for x in out[1]: |
---|
42 | print "%s " % x.string() |
---|
43 | out = ctxt.context_credentials() |
---|
44 | print "\n...final policy attribute set..." |
---|
45 | for c in out[1]: |
---|
46 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
47 | |
---|
48 | ########################################################################## |
---|
49 | # can coyote buy rockets from Acme ? |
---|
50 | # role=[keyid:Acme].role:buy_rockets |
---|
51 | # p =[keyid:coyote] |
---|
52 | role = ABAC.Role(acme,"buy_rockets") |
---|
53 | p = ABAC.Role(coyote) |
---|
54 | print "\n===good============ Acme.buy_rockets <- Coyote" |
---|
55 | out = ctxt.query(role, p) |
---|
56 | for c in out[1]: |
---|
57 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
58 | |
---|
59 | ########################################################################## |
---|
60 | # can ladybug buy rockets from Acme ? |
---|
61 | # role=[keyid:Acme].role:buy_rockets |
---|
62 | # p =[keyid:ladybug] |
---|
63 | role = ABAC.Role(acme,"buy_rockets") |
---|
64 | p = ABAC.Role(ladybug) |
---|
65 | print "\n===bad============ Acme.buy_rockets <- Ladybug" |
---|
66 | out = ctxt.query(role, p) |
---|
67 | for c in out[1]: |
---|
68 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
69 | |
---|
70 | ########################################################################## |
---|
71 | # can ladybug buy rockets from Osh ? |
---|
72 | # role=[keyid:Osh].role:buy_rockets |
---|
73 | # p =[keyid:ladybug] |
---|
74 | role = ABAC.Role(osh,"buy_rockets") |
---|
75 | p = ABAC.Role(ladybug) |
---|
76 | print "\n===good============ Osh.buy_rockets <- Ladybug" |
---|
77 | out = ctxt.query(role, p) |
---|
78 | for c in out[1]: |
---|
79 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
80 | |
---|
81 | |
---|