request.authorization.base ========================== .. py:module:: request.authorization.base .. autoapi-nested-parse:: Provides the `AuthorizationComponent` class for authorization logic. Module Contents --------------- .. py:class:: AuthorizationComponent Bases: :py:obj:`abc.ABC` Abstract base class for authorization components. .. py:method:: authorize(context) :abstractmethod: Execute authorization logic. .. py:class:: ProtocolAuthorization(allowed_protocols) Bases: :py:obj:`AuthorizationComponent`, :py:obj:`trustpoint.logger.LoggerMixin` Ensures the request is under the correct protocol: CMP or EST. .. py:attribute:: allowed_protocols .. py:method:: authorize(context) Authorize the request based on the protocol. .. py:class:: CertificateProfileAuthorization Bases: :py:obj:`AuthorizationComponent`, :py:obj:`trustpoint.logger.LoggerMixin` Ensures the device is allowed to use the requested certificate profile. .. py:method:: authorize(context) Authorize the request based on the certificate profile. .. py:class:: DomainScopeValidation Bases: :py:obj:`AuthorizationComponent`, :py:obj:`trustpoint.logger.LoggerMixin` Ensures the request is within the authorized domain. .. py:method:: authorize(context) Authorize the request based on the domain scope. .. py:class:: OnboardingDomainCredentialAuthorization Bases: :py:obj:`AuthorizationComponent`, :py:obj:`trustpoint.logger.LoggerMixin` Ensures that a device requiring onboarding has a valid domain credential first. .. py:method:: authorize(context) Reject enrollment when the onboarding device lacks a valid domain credential. .. py:class:: DevOwnerIDAuthorization Bases: :py:obj:`AuthorizationComponent`, :py:obj:`trustpoint.logger.LoggerMixin` Ensure that if this is an AOKI request, we have a matching DevOwnerID to the IDevID. .. py:method:: authorize(context) Authorize the request based on the DevOwnerID corresponding to the client certificate. .. py:class:: SecurityConfigAuthorization Bases: :py:obj:`AuthorizationComponent`, :py:obj:`trustpoint.logger.LoggerMixin` Validates a certificate request against the active :class:`~management.models.SecurityConfig` policy. .. py:method:: authorize(context) Run all applicable :class:`SecurityConfig` policy checks. .. py:class:: CompositeAuthorization Bases: :py:obj:`AuthorizationComponent`, :py:obj:`trustpoint.logger.LoggerMixin` Composite authorization handler for grouping and executing multiple authorization components. .. py:attribute:: components :type: list[AuthorizationComponent] :value: [] .. py:method:: add(component) Add a new authorization component to the composite. .. py:method:: remove(component) Remove an authorization component from the composite. .. py:method:: authorize(context) Iterate through all child authorization components and execute their authorization logic.