From c9078266149bc87f6506e12f4be9a9d2b63f67fe Mon Sep 17 00:00:00 2001 From: Peter Hamilton Date: Thu, 17 Nov 2016 14:55:05 -0500 Subject: [PATCH] Adding an examples directory with conf and policy example files This change adds configuration and policy example files, to make the setup and usage of the PyKMIP client and server easier for users. --- examples/policy.json | 166 +++++++++++++++++++++++++++++++++++++++++++ examples/pykmip.conf | 12 ++++ examples/server.conf | 8 +++ 3 files changed, 186 insertions(+) create mode 100644 examples/policy.json create mode 100644 examples/pykmip.conf create mode 100644 examples/server.conf diff --git a/examples/policy.json b/examples/policy.json new file mode 100644 index 0000000..2f8b04a --- /dev/null +++ b/examples/policy.json @@ -0,0 +1,166 @@ +{ + "example": { + "CERTIFICATE": { + "LOCATE": "ALLOW_ALL", + "CHECK": "ALLOW_ALL", + "GET": "ALLOW_ALL", + "GET_ATTRIBUTES": "ALLOW_ALL", + "GET_ATTRIBUTE_LIST": "ALLOW_ALL", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_ALL", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "SYMMETRIC_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PUBLIC_KEY": { + "LOCATE": "ALLOW_ALL", + "CHECK": "ALLOW_ALL", + "GET": "ALLOW_ALL", + "GET_ATTRIBUTES": "ALLOW_ALL", + "GET_ATTRIBUTE_LIST": "ALLOW_ALL", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_ALL", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PRIVATE_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "SPLIT_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "TEMPLATE": { + "LOCATE": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER" + }, + "SECRET_DATA": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "OPAQUE_DATA": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PGP_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + } + } +} diff --git a/examples/pykmip.conf b/examples/pykmip.conf new file mode 100644 index 0000000..9db02e9 --- /dev/null +++ b/examples/pykmip.conf @@ -0,0 +1,12 @@ +[client] +host=127.0.0.1 +port=5696 +keyfile=/etc/pykmip/certs/client_private_key.pem +certfile=/etc/pykmip/certs/client_cert.pem +cert_reqs=CERT_REQUIRED +ssl_version=PROTOCOL_SSLv23 +ca_certs=/etc/pykmip/certs/server_ca_cert.pem +do_handshake_on_connect=True +suppress_ragged_eofs=True +username=example_username +password=example_password diff --git a/examples/server.conf b/examples/server.conf new file mode 100644 index 0000000..25ceb6d --- /dev/null +++ b/examples/server.conf @@ -0,0 +1,8 @@ +[server] +hostname=127.0.0.1 +port=5696 +certificate_path=/etc/pykmip/certs/server_cert.pem +key_path=/etc/pykmip/certs/server_private_key.pem +ca_path=/etc/pykmip/certs/server_ca_cert.pem +auth_suite=Basic +policy_path=/etc/pykmip/policies