onboarding.authorization¶
Protocol authorization for the onboarding app.
Module Contents¶
- class onboarding.authorization.HasOnboardingConfig[source]¶
Bases:
ProtocolStructural type for any model that carries onboarding / no-onboarding config FKs.
- onboarding_config: onboarding.models.OnboardingConfigModel | None[source]¶
- no_onboarding_config: onboarding.models.NoOnboardingConfigModel | None[source]¶
- class onboarding.authorization.ProtocolCheckStrategy[source]¶
Bases:
abc.ABCAbstract strategy for validating a protocol value against a SecurityConfig allow-list.
- abstractmethod check(subject, cfg)[source]¶
Execute the protocol check.
- Parameters:
subject (HasOnboardingConfig) – Any model instance that carries
onboarding_configandno_onboarding_configattributes (e.g. a device or an issuing CA).cfg (management.models.SecurityConfig) – The active
SecurityConfigpolicy object.
- Raises:
ValueError – If the protocol used by subject is not permitted by cfg.
- Return type:
None
- class onboarding.authorization.OnboardingProtocolAuthorization(strategy=None)[source]¶
Bases:
trustpoint.logger.LoggerMixinChecks that the subject’s onboarding protocol is permitted by the active security config.
- Parameters:
strategy (ProtocolCheckStrategy | None)
- check(subject)[source]¶
Run the onboarding-protocol policy check against the active security config.
- Parameters:
subject (HasOnboardingConfig)
- Return type:
None
- class onboarding.authorization.NoOnboardingPkiProtocolAuthorization(strategy=None)[source]¶
Bases:
trustpoint.logger.LoggerMixinChecks that the already-onboarded subject’s active PKI protocols are permitted by the security config.
- Parameters:
strategy (ProtocolCheckStrategy | None)
- check(subject)[source]¶
Run the no-onboarding PKI-protocol policy check against the active security config.
- Parameters:
subject (HasOnboardingConfig)
- Return type:
None
- class onboarding.authorization.PermittedProtocolsAuthorization(onboarding_strategy=None, no_onboarding_strategy=None)[source]¶
Bases:
trustpoint.logger.LoggerMixinDispatcher that selects the correct protocol authorization check based on the subject’s state.
- Parameters:
onboarding_strategy (ProtocolCheckStrategy | None)
no_onboarding_strategy (ProtocolCheckStrategy | None)
- check(subject)[source]¶
Dispatch to the correct authorization check for subject.
- Parameters:
subject (HasOnboardingConfig)
- Return type:
None