source: tests/python_tests/experiment_create_rt0/attr.py @ ec550f7

abac0-leakabac0-meimei-idtvf-new-xml
Last change on this file since ec550f7 was ec550f7, checked in by Mei <mei@…>, 11 years ago

1) reworked how API doc is generated
2) tweak top level Makefile.am
3) loading issuer principal as side-effect of loading

an attribute credentials

4) add examples of GENI specific attribute credentials

and principal certificates into the regression testing

5) rename examples to tests
  • Property mode set to 100755
File size: 3.0 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5constructs the credentials described and puts copies into this directory
6
7cmd: ./attr.py
8"""
9
10import os
11import ABAC
12
13ctxt = ABAC.Context()
14
15# retrieve principals' keyid value from local credential files
16acmeID=ABAC.ID("Acme_ID.pem");
17acmeID.load_privkey("Acme_private.pem");
18ctxt.load_id_chunk(acmeID.cert_chunk())
19acme=acmeID.keyid()
20
21bobID=ABAC.ID("Bob_ID.pem");
22bobID.load_privkey("Bob_private.pem");
23ctxt.load_id_chunk(bobID.cert_chunk())
24bob=bobID.keyid()
25
26aliceID=ABAC.ID("Alice_ID.pem");
27aliceID.load_privkey("Alice_private.pem");
28ctxt.load_id_chunk(aliceID.cert_chunk())
29alice=aliceID.keyid()
30
31globotronID=ABAC.ID("Globotron_ID.pem");
32globotronID.load_privkey("Globotron_private.pem");
33ctxt.load_id_chunk(globotronID.cert_chunk())
34globotron=globotronID.keyid()
35
36################################################
37# Credential 1, Anyone who is allowed to create experiment by Acme's
38#               partners can create experiment at Acme
39# [keyid:Acme].role:experiment_create
40#           <- [keyid:Acme].role:partner.role:experiment_create
41
42# compose the policy attribute
43attr = ABAC.Attribute(acmeID, "experiment_create", 0)
44# creating a linking role
45tail = attr.linking_role(acme,"partner","experiment_create")
46# finalize the policy
47attr.bake()
48
49# write out the policy to an external file
50attr.write_file("Acme_experiment_create__Acme_partner_experiment_create_attr.xml")
51# load the policy into the context by accessing that external file
52ctxt.load_attribute_file("Acme_experiment_create__Acme_partner_experiment_create_attr.xml")
53
54#################################################
55# Credential 2
56# [keyid:Acme].role:partner <- [keyid:Globotron]
57#
58attr = ABAC.Attribute(acmeID, "partner", 0)
59attr.principal(globotron)
60attr.bake()
61attr.write_file("Acme_partner__Globotron_attr.xml")
62ctxt.load_attribute_file("Acme_partner__Globotron_attr.xml")
63
64#################################################
65# Credential 3
66# [keyid:Globotron].role:expriment_create
67#           <- [keyid:Globotron].role:admin.role:power_user
68attr = ABAC.Attribute(globotronID, "experiment_create", 0)
69attr.linking_role(globotron,"admin","power_user")
70attr.bake()
71attr.write_file("Globotron_experiment_create__Globotron_admin_power_user_attr.xml")
72ctxt.load_attribute_file("Globotron_experiment_create__Globotron_admin_power_user_attr.xml")
73
74#################################################
75# Credential 4,
76# [keyid:Globotron].role:admin <- [keyid:Alice]
77attr = ABAC.Attribute(globotronID, "admin", 0)
78attr.principal(alice)
79attr.bake()
80attr.write_file("Globotron_admin__Alice_attr.xml")
81ctxt.load_attribute_file("Globotron_admin__Alice_attr.xml")
82
83#################################################
84# Credential 5,
85# [keyid:Alice].role:power_user <- [keyid:Bob]
86attr = ABAC.Attribute(aliceID, "power_user", 0)
87attr.principal(bob)
88attr.bake()
89attr.write_file("Alice_power_user__Bob_attr.xml")
90ctxt.load_attribute_file("Alice_power_user__Bob_attr.xml")
91
Note: See TracBrowser for help on using the repository browser.