d-bis/sankofa-hw-infra
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
sankofa-hw-infra/docs/compliance-profiles.md
defiQUG 93df3c8c20
Some checks failed
CI / lint-and-test (push) Has been cancelled
Details
Initial commit: add .gitignore and README
2026-02-09 21:51:50 -08:00

1.3 KiB
Raw Permalink Blame History

Compliance profiles

Compliance profiles define firmware freeze, allowed hardware generations, and approved SKUs per sovereign (org) or per site. They feed purchasing (approved buy lists) and UniFi device approval.

Purpose

  • Firmware freeze: Lock to a version or range (e.g. 2024.Q2, or min/max version) so only compliant firmware is allowed.
  • Allowed generations: Restrict hardware to e.g. Gen2 and Enterprise only (from UniFi product catalog).
  • Approved SKUs: Explicit list of SKUs that may be purchased or deployed; optional per-site override.

Profiles are attached to org_id (sovereign/tenant); optionally site_id for site-specific rules.

API

  • GET /api/v1/compliance-profiles — list profiles for the current org.
  • GET /api/v1/compliance-profiles/:id — get one profile.
  • POST /api/v1/compliance-profiles — create (body: name, firmwareFreezePolicy, allowedGenerations, approvedSkus, siteId).
  • PATCH /api/v1/compliance-profiles/:id — update.
  • DELETE /api/v1/compliance-profiles/:id — delete.

Use in validation

When generating the approved purchasing catalog or when syncing UniFi devices, filter or flag by compliance profile: only SKUs in approved_skus or in allowed_generations (from the UniFi product catalog) are considered approved for that sovereign/site.

Reference in New Issue View Git Blame Copy Permalink