[be6cb41] | 1 | #!/usr/bin/env python |
---|
| 2 | |
---|
| 3 | """ |
---|
| 4 | Run the queries described in README |
---|
| 5 | |
---|
| 6 | cmd: env keystore=`pwd` ./query.py |
---|
| 7 | """ |
---|
| 8 | |
---|
| 9 | import os |
---|
| 10 | import ABAC |
---|
| 11 | |
---|
[3c30b59] | 12 | from test_util import runTest |
---|
| 13 | |
---|
[be6cb41] | 14 | ctxt = ABAC.Context() |
---|
| 15 | |
---|
| 16 | # Keystore is the directory containing the principal credentials. |
---|
| 17 | # Load existing principals and/or policy credentials |
---|
| 18 | if (os.environ.has_key("keystore")) : |
---|
| 19 | keystore=os.environ["keystore"] |
---|
| 20 | ctxt.load_directory(keystore) |
---|
| 21 | else: |
---|
[3c30b59] | 22 | print("keystore is not set, using current directory...") |
---|
| 23 | ctxt.load_directory(".") |
---|
[be6cb41] | 24 | |
---|
| 25 | # retrieve principals' keyid value from local credential files |
---|
| 26 | acmeID=ABAC.ID("Acme_ID.pem"); |
---|
| 27 | acmeID.load_privkey("Acme_private.pem"); |
---|
| 28 | ctxt.load_id_chunk(acmeID.cert_chunk()) |
---|
| 29 | acme=acmeID.keyid() |
---|
| 30 | |
---|
| 31 | bobID=ABAC.ID("Bob_ID.pem"); |
---|
| 32 | bobID.load_privkey("Bob_private.pem"); |
---|
| 33 | ctxt.load_id_chunk(bobID.cert_chunk()) |
---|
| 34 | bob=bobID.keyid() |
---|
| 35 | |
---|
| 36 | aliceID=ABAC.ID("Alice_ID.pem"); |
---|
| 37 | aliceID.load_privkey("Alice_private.pem"); |
---|
| 38 | ctxt.load_id_chunk(aliceID.cert_chunk()) |
---|
| 39 | alice=aliceID.keyid() |
---|
| 40 | |
---|
| 41 | globotronID=ABAC.ID("Globotron_ID.pem"); |
---|
| 42 | globotronID.load_privkey("Globotron_private.pem"); |
---|
| 43 | ctxt.load_id_chunk(globotronID.cert_chunk()) |
---|
| 44 | globotron=globotronID.keyid() |
---|
| 45 | |
---|
| 46 | ########################################################################## |
---|
| 47 | # dump the loaded attribute policies |
---|
| 48 | # |
---|
| 49 | print "\n...policy attribute set..." |
---|
| 50 | credentials = ctxt.credentials() |
---|
| 51 | for credential in credentials: |
---|
| 52 | print "context: %s <- %s" % (credential.head().string(), credential.tail().string()) |
---|
| 53 | |
---|
| 54 | ########################################################################## |
---|
| 55 | # is alice a admin at Globotron ? |
---|
| 56 | # role=[keyid:Globotron].role:admin |
---|
| 57 | # p=[keyid:Alice] |
---|
[3c30b59] | 58 | print "===good=============== Globotron.admin <- Alice" |
---|
| 59 | runTest("python_tests/experiment_create_rt0","test1",ctxt,"%s.admin" % globotron, alice, 1, "query in python") |
---|
[be6cb41] | 60 | |
---|
| 61 | ########################################################################## |
---|
| 62 | # is bob a admin at Globotron ? |
---|
| 63 | # role=[keyid:Globotron].role:admin |
---|
| 64 | # p=[keyid:Bob] |
---|
[3c30b59] | 65 | print "===bad=============== Globotron.admin <- Bob" |
---|
| 66 | runTest("python_tests/experiment_create_rt0","test2",ctxt,"%s.admin" % globotron, bob, 0, "no linking relation") |
---|
[be6cb41] | 67 | |
---|
| 68 | ########################################################################## |
---|
| 69 | # can bob create experiment at Acme ? |
---|
| 70 | # role=[keyid:Acme].role:experiment_create |
---|
| 71 | # p=[keyid:Bob] |
---|
[3c30b59] | 72 | print "===good=============== Acme.experiment_create <- Bob" |
---|
| 73 | runTest("python_tests/experiment_create_rt0","test3",ctxt,"%s.experiment_create" % acme, bob, 1, "query python with inference") |
---|
[be6cb41] | 74 | |
---|