Examples
To demonstrate the execution of the translator we will use policies and images, with step-by-step instructions.
Visualizer
Suppose we have only the users Bob and Alice, belonging to Looker. We want to give all files access to both; Bob, however, should not access EMAIL. This policy can be written in Hapi, having the following format:
data Actors =
Looker(Analyst),
Analyst(Alice, Bob),
Alice, Bob;
data Actions = Reads, Deletes, Updates;
data Resources =
Claims(Finance),
Finance(Customers, Companies),
Customers(CCN), Companies(EMAIL, SSN),
CCN, EMAIL, SSN;
main =
DENY
EXCEPT {
ALLOW {
Actors: Analyst
Resources
Actions
}
EXCEPT {
DENY {
Actors: Bob
Resources: EMAIL
Actions: Deletes, Updates, Reads
}
}
};
Try it yourself! Copy this policy to Visualizer, inside the field Input - Hapi. Then, press the button Generate; the application will execute the translator on it, and the result below should appear in Output - YAML:
data: [SSN, EMAIL, CCN]
rules:
- identities:
users: Bob
Updates:
data: [SSN, CCN]
Deletes:
data: [SSN, CCN]
Reads:
data: [SSN, CCN]
- identities:
users: Alice
Updates:
data: [SSN, EMAIL, CCN]
Deletes:
data: [SSN, EMAIL, CCN]
Reads:
data: [SSN, EMAIL, CCN]
Now just download your fresh YAML policy, and use it wherever you wish.
Command Terminal
Consider the same policy as above, the only difference now will be the means by which the translator is executed. In the root directory ..\hapi\, to translate the file ..\hapi\src\test\Example1.hp, the user should run the command (Fig. 1):
gradle run --args=src\test\Exemplo1.hpThat will generate the resulting YAML file Example1.yaml (Fig. 2).
