Update test script for ABAC.
This commit is contained in:
parent
e5c116ef5f
commit
08b1a62054
|
@ -25,10 +25,11 @@ from django.core.management.base import BaseCommand, CommandError
|
|||
from django.db import transaction
|
||||
from django.contrib.auth.models import User
|
||||
|
||||
from attribute_aggregator.xacml_constants import *
|
||||
from attribute_aggregator.models import AttributeSource, LdapSource, \
|
||||
from acs.attribute_aggregator.xacml_constants import *
|
||||
from acs.attribute_aggregator.models import AttributeSource, LdapSource, \
|
||||
AttributeData
|
||||
from attribute_aggregator.core import set_user_alias_in_source
|
||||
from acs.attribute_aggregator.core import set_user_alias_in_source, \
|
||||
load_or_create_user_profile
|
||||
|
||||
from acs.abac.models import *
|
||||
from acs.abac.core import check_predicates, \
|
||||
|
@ -93,30 +94,25 @@ class Command(BaseCommand):
|
|||
rule.save()
|
||||
|
||||
adef_sn1 = AssertionDefinition(definition='surname')
|
||||
adef_sn1.save()
|
||||
adef_sn1.add_source(s1)
|
||||
print "AssertionDefinition: %s" % adef_sn1
|
||||
adef_sn2 = AssertionDefinition(definition='surname')
|
||||
adef_sn2.save()
|
||||
adef_sn2.add_source(s4)
|
||||
print "AssertionDefinition: %s" % adef_sn2
|
||||
|
||||
p1 = PredicateRequired(assertion_definition=adef_sn1,
|
||||
rule=rule)
|
||||
p1.save()
|
||||
p1 = PredicateRequired(assertion_definition=adef_sn1)
|
||||
rule.add_predicate(p1)
|
||||
print "PredicateRequired: %s" % p1
|
||||
p2 = PredicateRequired(assertion_definition=adef_sn2,
|
||||
rule=rule)
|
||||
p2.save()
|
||||
p2 = PredicateRequired(assertion_definition=adef_sn2)
|
||||
rule.add_predicate(p2)
|
||||
print "PredicateRequired: %s" % p2
|
||||
|
||||
p3 = PredicateComparison(operand1=adef_sn1, operand2=adef_sn2,
|
||||
comparison_type=ACS_XACML_COMPARISON_EQUALITY_STRING_IGN_CASE,
|
||||
multivalues='EQUAL_OP1_SUBSET_OP2', rule=rule)
|
||||
p3.save()
|
||||
multivalues='EQUAL_OP1_SUBSET_OP2')
|
||||
rule.add_predicate(p3)
|
||||
|
||||
adef_age1 = AssertionDefinition(definition='age')
|
||||
adef_age1.save()
|
||||
adef_age1.add_source(s1)
|
||||
print "AssertionDefinition: %s" % adef_sn1
|
||||
|
||||
|
@ -124,28 +120,24 @@ class Command(BaseCommand):
|
|||
print "AttributeData: %s" % val18.__unicode__()
|
||||
val18_d = AssertionData()
|
||||
val18_d.set_attribute_data(val18)
|
||||
val18_d.save()
|
||||
print "AssertionData: %s" % val18_d
|
||||
|
||||
p4 = PredicateComparison(operand1=adef_age1, operand2=val18_d,
|
||||
comparison_type=ACS_XACML_COMPARISON_INTEGER_GRT_OE,
|
||||
operand1_single_value=True, operand2_single_value=True,
|
||||
rule=rule)
|
||||
p4.save()
|
||||
operand1_single_value=True, operand2_single_value=True)
|
||||
rule.add_predicate(p4)
|
||||
|
||||
adef_fn1 = AssertionDefinition(definition='firstname')
|
||||
adef_fn1.save()
|
||||
adef_fn1 = AssertionDefinition(definition='gn')
|
||||
adef_fn1.add_source(s1)
|
||||
print "AssertionDefinition: %s" % adef_fn1
|
||||
adef_fn2 = AssertionDefinition(definition='firstname')
|
||||
adef_fn2.save()
|
||||
adef_fn2 = AssertionDefinition(definition='gn')
|
||||
adef_fn2.add_source(s2)
|
||||
print "AssertionDefinition: %s" % adef_fn2
|
||||
|
||||
p5 = PredicateComparison(operand1=adef_fn1, operand2=adef_fn2,
|
||||
comparison_type=ACS_XACML_COMPARISON_EQUALITY_STRING_IGN_CASE,
|
||||
multivalues='EQUAL_EXACT_MATCH', rule=rule)
|
||||
p5.save()
|
||||
multivalues='EQUAL_EXACT_MATCH')
|
||||
rule.add_predicate(p5)
|
||||
|
||||
print '--> Create a user'
|
||||
rdm_str = ''.join(random.choice(string.ascii_uppercase + \
|
||||
|
@ -218,21 +210,21 @@ class Command(BaseCommand):
|
|||
print '<--\n'
|
||||
|
||||
print '--> Create one predicateRole'
|
||||
p16 = PredicateRole(role=role_2, rule=rule)
|
||||
p16.save()
|
||||
print "Predicate role 16 %s, id: %s" % (p16, p16.id)
|
||||
p6 = PredicateRole(role=role_2)
|
||||
print "Predicate role 16 %s" % (p6)
|
||||
rule.add_predicate(p6)
|
||||
|
||||
'''
|
||||
Set ABAC Rule
|
||||
'''
|
||||
str_rule = "%s&%s&%s&%s&%s&%s" % (p1.id, p2.id, p3.id, p4.id, p5.id, p16.id)
|
||||
str_rule = "1&2&3&4&5&6"
|
||||
#TODO: set_rule (strip space!)
|
||||
rule.expression=str_rule
|
||||
rule.save()
|
||||
|
||||
'''
|
||||
r1 -- user
|
||||
\_ r2
|
||||
\_ r2
|
||||
v1 -- o1
|
||||
\_ v2 -- o2
|
||||
A1 -- a1
|
||||
|
@ -342,7 +334,7 @@ class Command(BaseCommand):
|
|||
attr = {}
|
||||
attr['name'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth'
|
||||
attr['namespace'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims'
|
||||
attr['values'] = ('19', )
|
||||
attr['values'] = ('18', )
|
||||
data.append(attr)
|
||||
attributes['IdP1'] = data
|
||||
|
||||
|
@ -354,6 +346,14 @@ class Command(BaseCommand):
|
|||
data.append(attr)
|
||||
attributes['IdP2'] = data
|
||||
|
||||
profile = load_or_create_user_profile(user=user)
|
||||
print '--> The profile is %s' % profile
|
||||
print '<--\n'
|
||||
|
||||
profile.load_by_dic(attributes)
|
||||
print '--> The profile is %s' % profile
|
||||
print '<--\n'
|
||||
|
||||
decision, msg, error = \
|
||||
is_authorized_by_names_with_abac(requestor_name=user.username,
|
||||
who_name=user.username,
|
||||
|
|
Reference in New Issue