Context Navigation

attr.py @ 6cd69a0

abac0-leakabac0-mei

Last change on this file since 6cd69a0 was ec550f7, checked in by Mei <mei@…>, 11 years ago

1) reworked how API doc is generated
2) tweak top level Makefile.am
3) loading issuer principal as side-effect of loading

an attribute credentials

4) add examples of GENI specific attribute credentials

and principal certificates into the regression testing

5) rename examples to tests

Property mode set to 100755

File size: 3.0 KB

Line
1	#!/usr/bin/env python
2
3	"""
4	See README in this directory for the semantics of the example. This file
5	constructs the credentials described and puts copies into this directory
6
7	cmd: ./attr.py
8	"""
9
10	import os
11	import ABAC
12
13	ctxt = ABAC.Context()
14
15	# retrieve principals' keyid value from local credential files
16	acmeID=ABAC.ID("Acme_ID.pem");
17	acmeID.load_privkey("Acme_private.pem");
18	ctxt.load_id_chunk(acmeID.cert_chunk())
19	acme=acmeID.keyid()
20
21	bobID=ABAC.ID("Bob_ID.pem");
22	bobID.load_privkey("Bob_private.pem");
23	ctxt.load_id_chunk(bobID.cert_chunk())
24	bob=bobID.keyid()
25
26	aliceID=ABAC.ID("Alice_ID.pem");
27	aliceID.load_privkey("Alice_private.pem");
28	ctxt.load_id_chunk(aliceID.cert_chunk())
29	alice=aliceID.keyid()
30
31	globotronID=ABAC.ID("Globotron_ID.pem");
32	globotronID.load_privkey("Globotron_private.pem");
33	ctxt.load_id_chunk(globotronID.cert_chunk())
34	globotron=globotronID.keyid()
35
36	################################################
37	# Credential 1, Anyone who is allowed to create experiment by Acme's
38	# partners can create experiment at Acme
39	# [keyid:Acme].role:experiment_create
40	# <- [keyid:Acme].role:partner.role:experiment_create
41
42	# compose the policy attribute
43	attr = ABAC.Attribute(acmeID, "experiment_create", 0)
44	# creating a linking role
45	tail = attr.linking_role(acme,"partner","experiment_create")
46	# finalize the policy
47	attr.bake()
48
49	# write out the policy to an external file
50	attr.write_file("Acme_experiment_create__Acme_partner_experiment_create_attr.xml")
51	# load the policy into the context by accessing that external file
52	ctxt.load_attribute_file("Acme_experiment_create__Acme_partner_experiment_create_attr.xml")
53
54	#################################################
55	# Credential 2
56	# [keyid:Acme].role:partner <- [keyid:Globotron]
57	#
58	attr = ABAC.Attribute(acmeID, "partner", 0)
59	attr.principal(globotron)
60	attr.bake()
61	attr.write_file("Acme_partner__Globotron_attr.xml")
62	ctxt.load_attribute_file("Acme_partner__Globotron_attr.xml")
63
64	#################################################
65	# Credential 3
66	# [keyid:Globotron].role:expriment_create
67	# <- [keyid:Globotron].role:admin.role:power_user
68	attr = ABAC.Attribute(globotronID, "experiment_create", 0)
69	attr.linking_role(globotron,"admin","power_user")
70	attr.bake()
71	attr.write_file("Globotron_experiment_create__Globotron_admin_power_user_attr.xml")
72	ctxt.load_attribute_file("Globotron_experiment_create__Globotron_admin_power_user_attr.xml")
73
74	#################################################
75	# Credential 4,
76	# [keyid:Globotron].role:admin <- [keyid:Alice]
77	attr = ABAC.Attribute(globotronID, "admin", 0)
78	attr.principal(alice)
79	attr.bake()
80	attr.write_file("Globotron_admin__Alice_attr.xml")
81	ctxt.load_attribute_file("Globotron_admin__Alice_attr.xml")
82
83	#################################################
84	# Credential 5,
85	# [keyid:Alice].role:power_user <- [keyid:Bob]
86	attr = ABAC.Attribute(aliceID, "power_user", 0)
87	attr.principal(bob)
88	attr.bake()
89	attr.write_file("Alice_power_user__Bob_attr.xml")
90	ctxt.load_attribute_file("Alice_power_user__Bob_attr.xml")
91

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: tests/python_tests/experiment_create_rt0/attr.py @ 6cd69a0

Download in other formats: