[be6cb41] | 1 | #!/usr/bin/env python |
---|
| 2 | |
---|
| 3 | """ |
---|
| 4 | Run the queries described in README |
---|
| 5 | |
---|
| 6 | cmd: env keystore=`pwd` ./query.py |
---|
| 7 | |
---|
| 8 | """ |
---|
| 9 | |
---|
| 10 | import os |
---|
| 11 | import ABAC |
---|
| 12 | |
---|
[3c30b59] | 13 | from test_util import runTest |
---|
| 14 | |
---|
[be6cb41] | 15 | ctxt = ABAC.Context() |
---|
| 16 | |
---|
| 17 | # Keystore is the directory containing the principal credentials. |
---|
| 18 | # Load existing principals and/or policy credentials |
---|
| 19 | if (os.environ.has_key("keystore")) : |
---|
| 20 | keystore=os.environ["keystore"] |
---|
| 21 | ctxt.load_directory(keystore) |
---|
| 22 | else: |
---|
[3c30b59] | 23 | print("keystore is not set, using current directory...") |
---|
| 24 | ctxt.load_directory(".") |
---|
[be6cb41] | 25 | |
---|
| 26 | # retrieve principals' keyid value from local credential files |
---|
| 27 | acmeID=ABAC.ID("Acme_ID.pem"); |
---|
| 28 | acmeID.load_privkey("Acme_private.pem"); |
---|
| 29 | acme=acmeID.keyid() |
---|
| 30 | |
---|
| 31 | coyoteID=ABAC.ID("Coyote_ID.pem"); |
---|
| 32 | coyoteID.load_privkey("Coyote_private.pem"); |
---|
| 33 | coyote=coyoteID.keyid() |
---|
| 34 | |
---|
| 35 | bigbirdID=ABAC.ID("Bigbird_ID.pem"); |
---|
| 36 | bigbirdID.load_privkey("Bigbird_private.pem"); |
---|
| 37 | bigbird=bigbirdID.keyid() |
---|
| 38 | |
---|
| 39 | ########################################################################## |
---|
| 40 | # dump the loaded attribute policies |
---|
| 41 | # |
---|
| 42 | print "\n...policy attribute set..." |
---|
| 43 | credentials = ctxt.credentials() |
---|
| 44 | for credential in credentials: |
---|
| 45 | print "context: %s <- %s" % (credential.head().string(), credential.tail().string()) |
---|
| 46 | |
---|
| 47 | ########################################################################## |
---|
| 48 | # is coyote a preferred_customer of Acme ? |
---|
| 49 | # role=[keyid:Acme].role:preferred_customer |
---|
| 50 | # p =[keyid:coyote] |
---|
[3c30b59] | 51 | print "===good============ Acme.preferred_customer <- Coyote" |
---|
| 52 | runTest("python_tests/acme_rockets_rt0","test1",ctxt,"%s.preferred_customer" % acme, coyote, 1, "simple single rule matchup") |
---|
[be6cb41] | 53 | |
---|
| 54 | ########################################################################## |
---|
| 55 | # can coyote buy rockets from Acme ? |
---|
| 56 | # role=[keyid:Acme].role:buy_rockets |
---|
| 57 | # p =[keyid:coyote] |
---|
[3c30b59] | 58 | print "===good============ Acme.buy_rockets <- Coyote" |
---|
| 59 | runTest("python_tests/acme_rockets_rt0","test2",ctxt,"%s.buy_rockets" % acme, coyote, 1, "very simplequery") |
---|
[be6cb41] | 60 | |
---|
| 61 | ########################################################################## |
---|
| 62 | # is Acme a friend of coyote ? |
---|
| 63 | # role=[keyid:Coyote].role:friend |
---|
| 64 | # p=[keyid:Acme] |
---|
[3c30b59] | 65 | print "===bad=============== Coyote.friend <- Acme" |
---|
| 66 | runTest("python_tests/acme_rockets_rt0","test3",ctxt,"%s.friend" % coyote, acme, 0, "none existing relation") |
---|
[be6cb41] | 67 | |
---|
| 68 | ########################################################################## |
---|
| 69 | # using complex role to ask a question.. expecting to fail |
---|
| 70 | # role=[keyid:Acme].role:buy_rockets |
---|
| 71 | # p=[keyid:Acme].role:preferred_customer |
---|
[3c30b59] | 72 | print "===bad?=============== Acme.buy_rockets <- Acme.preferred_customer" |
---|
| 73 | runTest("python_tests/acme_rockets_rt0","test4",ctxt,"%s.buy_rockets" % acme, "%s.preferred_customer" % acme, 1, "complex role query should fail") |
---|
[be6cb41] | 74 | |
---|