#!/usr/bin/env python """ Run the queries described in README cmd1:env keystore=`pwd` ./query.py cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py """ import os import ABAC ctxt = ABAC.Context() # Keystore is the directory containing the principal credentials. # Load existing principals and/or policy credentials if (os.environ.has_key("keystore")) : keystore=os.environ["keystore"] ctxt.load_directory(keystore) else: print("keystore is not set...") exit(1) # retrieve principals' keyid value from local credential files ralphsID=ABAC.ID("Ralphs_ID.pem"); ralphs=ralphsID.id_keyid() bobID=ABAC.ID("Bob_ID.pem"); bob=bobID.id_keyid() maryID=ABAC.ID("Mary_ID.pem"); mary=maryID.id_keyid() ########################################################################## # dump the loaded principals/policies # fd=os.open("creds_dump",os.O_WRONLY|os.O_CREAT) out = ctxt.context_principals() for x in out[1]: os.write(fd, x.string()) os.write(fd,"\n") out = ctxt.context_credentials() for c in out[1]: string="%s <- %s\n" % (c.head_string(), c.tail_string()) os.write(fd,string) os.close(fd) ########################################################################## # Would Mary eat navel orange ? # oset = [keyid:mary].oset:what2eat # p [string:'navel orange'] oset = ABAC.Oset(mary,"what2eat") term=ABAC.DataTerm("string", "'navel orange'") p = ABAC.Oset(term) print "\n===good============ mary.what2eat <- navel orange" out = ctxt.query(oset, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # Would Mary eat kiwi ? # oset = [keyid:mary].oset:what2eat # p [string:'kiwi'] oset = ABAC.Oset(mary,"what2eat") term=ABAC.DataTerm("string", "'kiwi'") p = ABAC.Oset(term) print "\n===good============ mary.what2eat <- kiwi" out = ctxt.query(oset, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # Would Bob eat navel orange ? # oset = [keyid:bob].oset:what2eat # p [string:'navel orange'] oset = ABAC.Oset(bob,"what2eat") term=ABAC.DataTerm("string", "'navel orange'") p = ABAC.Oset(term) print "\n===bad============ bob.what2eat <- navel orange" out = ctxt.query(oset, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # Is Apple 1.50 at Ralphs ? # oset = [keyid:$ralphs].oset:fruitprice([float:1.50]) # p = [string:'apple'] param=ABAC.DataTerm("float", "1.50") oset = ABAC.Oset(ralphs,"fruitprice") oset.oset_add_data_term(param) term=ABAC.DataTerm("string", "'apple'") p = ABAC.Oset(term) print "\n===good============ ralphs.fruitprice(1.50) <- apple" out = ctxt.query(oset, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # Is green apple 1.50 at Ralphs ? # oset = [keyid:$ralphs].oset:fruitprice([float:1.50]) # p = [string:'green apple'] param=ABAC.DataTerm("float", "1.50") oset = ABAC.Oset(ralphs,"fruitprice") oset.oset_add_data_term(param) term=ABAC.DataTerm("string", "'green apple'") p = ABAC.Oset(term) print "\n===bad============ ralphs.fruitprice(1.50) <- green apple" out = ctxt.query(oset, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # dump the yap dB # #ctxt.dump_yap_db()