onboarding.authorization ======================== .. py:module:: onboarding.authorization .. autoapi-nested-parse:: Protocol authorization for the onboarding app. Module Contents --------------- .. py:class:: HasOnboardingConfig Bases: :py:obj:`Protocol` Structural type for any model that carries onboarding / no-onboarding config FKs. .. py:attribute:: onboarding_config :type: onboarding.models.OnboardingConfigModel | None .. py:attribute:: no_onboarding_config :type: onboarding.models.NoOnboardingConfigModel | None .. py:class:: ProtocolCheckStrategy Bases: :py:obj:`abc.ABC` Abstract strategy for validating a protocol value against a SecurityConfig allow-list. .. py:method:: check(subject, cfg) :abstractmethod: Execute the protocol check. :param subject: Any model instance that carries ``onboarding_config`` and ``no_onboarding_config`` attributes (e.g. a device or an issuing CA). :param cfg: The active :class:`~management.models.SecurityConfig` policy object. :raises ValueError: If the protocol used by *subject* is not permitted by *cfg*. .. py:class:: OnboardingProtocolAuthorization(strategy = None) Bases: :py:obj:`trustpoint.logger.LoggerMixin` Checks that the subject's onboarding protocol is permitted by the active security config. .. py:method:: check(subject) Run the onboarding-protocol policy check against the active security config. .. py:class:: NoOnboardingPkiProtocolAuthorization(strategy = None) Bases: :py:obj:`trustpoint.logger.LoggerMixin` Checks that the already-onboarded subject's active PKI protocols are permitted by the security config. .. py:method:: check(subject) Run the no-onboarding PKI-protocol policy check against the active security config. .. py:class:: PermittedProtocolsAuthorization(onboarding_strategy = None, no_onboarding_strategy = None) Bases: :py:obj:`trustpoint.logger.LoggerMixin` Dispatcher that selects the correct protocol authorization check based on the subject's state. .. py:method:: check(subject) Dispatch to the correct authorization check for *subject*.