onboarding.authorization

Protocol authorization for the onboarding app.

Module Contents

class onboarding.authorization.HasOnboardingConfig[source]

Bases: Protocol

Structural type for any model that carries onboarding / no-onboarding config FKs.

onboarding_config: onboarding.models.OnboardingConfigModel | None[source]
no_onboarding_config: onboarding.models.NoOnboardingConfigModel | None[source]
class onboarding.authorization.ProtocolCheckStrategy[source]

Bases: abc.ABC

Abstract strategy for validating a protocol value against a SecurityConfig allow-list.

abstractmethod check(subject, cfg)[source]

Execute the protocol check.

Parameters:
  • subject (HasOnboardingConfig) – Any model instance that carries onboarding_config and no_onboarding_config attributes (e.g. a device or an issuing CA).

  • cfg (management.models.SecurityConfig) – The active SecurityConfig policy object.

Raises:

ValueError – If the protocol used by subject is not permitted by cfg.

Return type:

None

class onboarding.authorization.OnboardingProtocolAuthorization(strategy=None)[source]

Bases: trustpoint.logger.LoggerMixin

Checks that the subject’s onboarding protocol is permitted by the active security config.

Parameters:

strategy (ProtocolCheckStrategy | None)

check(subject)[source]

Run the onboarding-protocol policy check against the active security config.

Parameters:

subject (HasOnboardingConfig)

Return type:

None

class onboarding.authorization.NoOnboardingPkiProtocolAuthorization(strategy=None)[source]

Bases: trustpoint.logger.LoggerMixin

Checks that the already-onboarded subject’s active PKI protocols are permitted by the security config.

Parameters:

strategy (ProtocolCheckStrategy | None)

check(subject)[source]

Run the no-onboarding PKI-protocol policy check against the active security config.

Parameters:

subject (HasOnboardingConfig)

Return type:

None

class onboarding.authorization.PermittedProtocolsAuthorization(onboarding_strategy=None, no_onboarding_strategy=None)[source]

Bases: trustpoint.logger.LoggerMixin

Dispatcher that selects the correct protocol authorization check based on the subject’s state.

Parameters:
check(subject)[source]

Dispatch to the correct authorization check for subject.

Parameters:

subject (HasOnboardingConfig)

Return type:

None