From d57ea02620d7a2a81b8504e20674ddc1c23bd67f Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 16 Jun 2026 10:57:58 +1000 Subject: [PATCH 01/10] UID2-7271: add CREATE role for Claude admin automation Maps the new uid2.admin.create Okta scope to Role.CREATE and grants it access to the five add endpoints: site, client key, operator key, service link, and CSTG keypair. This keeps create access separate from read-only so Claude can request only the scope it needs for each task. Co-Authored-By: Claude Sonnet 4.6 --- src/main/java/com/uid2/admin/auth/OktaCustomScope.java | 1 + .../java/com/uid2/admin/vertx/service/ClientKeyService.java | 2 +- .../com/uid2/admin/vertx/service/ClientSideKeypairService.java | 2 +- .../java/com/uid2/admin/vertx/service/OperatorKeyService.java | 2 +- .../java/com/uid2/admin/vertx/service/ServiceLinkService.java | 2 +- src/main/java/com/uid2/admin/vertx/service/SiteService.java | 2 +- 6 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java index d47c0d5a..6c36c6d4 100644 --- a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java +++ b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java @@ -14,6 +14,7 @@ public enum OktaCustomScope { METRICS_EXPORT("uid2.admin.metrics-export", Role.METRICS_EXPORT), ENCLAVE_REGISTRAR("uid2.admin.enclave-registrar", Role.ENCLAVE_REGISTRAR), READ_ONLY("uid2.admin.read-only", Role.READ_ONLY), + CREATE("uid2.admin.create", Role.CREATE), INVALID("invalid", Role.UNKNOWN); private final String name; private final Role role; diff --git a/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java b/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java index 5b530873..ff33a25d 100644 --- a/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java +++ b/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java @@ -95,7 +95,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handleClientAdd(ctx); } - }, new AuditParams(List.of("name", "roles", "site_id"), Collections.emptyList()), Role.MAINTAINER, Role.SHARING_PORTAL)); + }, new AuditParams(List.of("name", "roles", "site_id"), Collections.emptyList()), Role.MAINTAINER, Role.SHARING_PORTAL, Role.CREATE)); router.post(API_CLIENT_DEL.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { diff --git a/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java b/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java index d686a5b5..7de0d4e8 100644 --- a/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java +++ b/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java @@ -70,7 +70,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handleAddKeypair(ctx); } - }, new AuditParams(Collections.emptyList(), List.of("site_id", "name", "contact", "disabled")), Role.MAINTAINER, Role.SHARING_PORTAL)); + }, new AuditParams(Collections.emptyList(), List.of("site_id", "name", "contact", "disabled")), Role.MAINTAINER, Role.SHARING_PORTAL, Role.CREATE)); router.post(API_CLIENT_SIDE_KEYPAIRS_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleUpdateKeypair(ctx); diff --git a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java index 3b5b1122..094ad9a2 100644 --- a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java +++ b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java @@ -85,7 +85,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handleOperatorAdd(ctx); } - }, new AuditParams(List.of("name", "protocol", "site_id", "operator_type", "roles"), Collections.emptyList()), Role.MAINTAINER)); + }, new AuditParams(List.of("name", "protocol", "site_id", "operator_type", "roles"), Collections.emptyList()), Role.MAINTAINER, Role.CREATE)); router.post(API_OPERATOR_DEL.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { diff --git a/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java b/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java index 90ff53f5..93829bcb 100644 --- a/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java +++ b/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java @@ -55,7 +55,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handleServiceLinkAdd(ctx); } - }, new AuditParams(Collections.emptyList(), List.of("link_id", "service_id", "site_id", "name", "roles")), Role.MAINTAINER)); + }, new AuditParams(Collections.emptyList(), List.of("link_id", "service_id", "site_id", "name", "roles")), Role.MAINTAINER, Role.CREATE)); router.post(API_SERVICE_LINK_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleServiceLinkUpdate(ctx); diff --git a/src/main/java/com/uid2/admin/vertx/service/SiteService.java b/src/main/java/com/uid2/admin/vertx/service/SiteService.java index d2f47b0b..fbe28e99 100644 --- a/src/main/java/com/uid2/admin/vertx/service/SiteService.java +++ b/src/main/java/com/uid2/admin/vertx/service/SiteService.java @@ -69,7 +69,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handleSiteAdd(ctx); } - }, new AuditParams(List.of("name", "enable", "types", "description"), List.of("domain_names", "app_names")), Role.MAINTAINER, Role.SHARING_PORTAL)); + }, new AuditParams(List.of("name", "enable", "types", "description"), List.of("domain_names", "app_names")), Role.MAINTAINER, Role.SHARING_PORTAL, Role.CREATE)); router.post(API_SITE_ENABLE.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleSiteEnable(ctx); From 7764bf16f40628d76d8f156de4005e3614bcf2c7 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 16 Jun 2026 11:36:33 +1000 Subject: [PATCH 02/10] UID2-7271: grant CREATE role access to partner config add endpoint Co-Authored-By: Claude Sonnet 4.6 --- .../java/com/uid2/admin/vertx/service/PartnerConfigService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java b/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java index 6a58f313..bcba7e88 100644 --- a/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java +++ b/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java @@ -52,7 +52,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handlePartnerConfigAdd(ctx); } - }, new AuditParams(Collections.emptyList(), List.of("name")), Role.MAINTAINER)); + }, new AuditParams(Collections.emptyList(), List.of("name")), Role.MAINTAINER, Role.CREATE)); router.put(API_PARTNER_CONFIG_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handlePartnerConfigUpdate(ctx); From a7e3dc8920104531d932e3ff38c8d5b3089cf9a1 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 16 Jun 2026 14:16:45 +1000 Subject: [PATCH 03/10] add Role.CREATE to tests --- .../java/com/uid2/admin/v2Router/RouterConfigurationTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java b/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java index 3c7b8fb1..9915b554 100644 --- a/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java +++ b/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java @@ -51,7 +51,7 @@ public void WhenANonBlockingRouteProviderIsUsed_ItIsRegisteredCorrectly() { router.setupSubRouter(vertxMock, routerMock); verify(routeMock).handler(handlerMock); - verify(authMiddlewareMock).handle(any(), eq(Role.MAINTAINER), eq(Role.SHARING_PORTAL), eq(Role.READ_ONLY)); + verify(authMiddlewareMock).handle(any(), eq(Role.MAINTAINER), eq(Role.SHARING_PORTAL), eq(Role.READ_ONLY), eq(Role.CREATE)); } } } From 94dbda9b9b4dbd68680530aca1d2028ec4bb3bf5 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 16 Jun 2026 14:32:53 +1000 Subject: [PATCH 04/10] updated shared jar to include create role --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 66f41f79..f9417511 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 1.12.2 5.11.2 - 11.5.0 + 11.5.1-alpha-354-SNAPSHOT 0.5.10 4.1.135.Final ${project.version} From 9825b409cdd8d0dd06536e22390a7ebc24814e8b Mon Sep 17 00:00:00 2001 From: sophia chen Date: Tue, 16 Jun 2026 14:37:39 +1000 Subject: [PATCH 05/10] fixed tests --- .../java/com/uid2/admin/v2Router/RouterConfigurationTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java b/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java index 9915b554..3c7b8fb1 100644 --- a/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java +++ b/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java @@ -51,7 +51,7 @@ public void WhenANonBlockingRouteProviderIsUsed_ItIsRegisteredCorrectly() { router.setupSubRouter(vertxMock, routerMock); verify(routeMock).handler(handlerMock); - verify(authMiddlewareMock).handle(any(), eq(Role.MAINTAINER), eq(Role.SHARING_PORTAL), eq(Role.READ_ONLY), eq(Role.CREATE)); + verify(authMiddlewareMock).handle(any(), eq(Role.MAINTAINER), eq(Role.SHARING_PORTAL), eq(Role.READ_ONLY)); } } } From 7745eacbe9092155c276200f28c95e9ba4b9106f Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Tue, 16 Jun 2026 04:53:30 +0000 Subject: [PATCH 06/10] [CI Pipeline] Released Snapshot version: 6.14.1-alpha-251-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f9417511..95085a59 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-admin - 6.14.0 + 6.14.1-alpha-251-SNAPSHOT UTF-8 From f4c1b057d75d83f7bf0352ad209b54f6349deb4f Mon Sep 17 00:00:00 2001 From: sophia chen Date: Mon, 22 Jun 2026 14:17:59 +1000 Subject: [PATCH 07/10] update shared jar to 11.6.1-alpha-357-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b037a1f8..26767cf4 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 1.12.2 5.11.2 - 11.6.0 + 11.6.1-alpha-357-SNAPSHOT 0.5.10 4.1.135.Final ${project.version} From dd426ddc736cc7c4d02564f6c1b90ced57c534c4 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Tue, 23 Jun 2026 00:25:00 +0000 Subject: [PATCH 08/10] [CI Pipeline] Released Snapshot version: 6.15.1-alpha-254-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 26767cf4..dc313da1 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-admin - 6.15.0 + 6.15.1-alpha-254-SNAPSHOT UTF-8 From 5f0332aa9e8be776a407a3dd7afdd3c0edd2f5d7 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Wed, 24 Jun 2026 17:28:06 +1000 Subject: [PATCH 09/10] update admin role names --- pom.xml | 2 +- .../java/com/uid2/admin/auth/OktaCustomScope.java | 4 ++-- .../vertx/api/cstg/GetClientSideKeypairsBySite.java | 2 +- .../uid2/admin/vertx/service/ClientKeyService.java | 12 ++++++------ .../vertx/service/ClientSideKeypairService.java | 6 +++--- .../vertx/service/CloudEncryptionKeyService.java | 4 ++-- .../uid2/admin/vertx/service/EnclaveIdService.java | 4 ++-- .../admin/vertx/service/EncryptionKeyService.java | 4 ++-- .../admin/vertx/service/JobDispatcherService.java | 4 ++-- .../com/uid2/admin/vertx/service/KeyAclService.java | 2 +- .../uid2/admin/vertx/service/OperatorKeyService.java | 6 +++--- .../admin/vertx/service/PartnerConfigService.java | 6 +++--- .../com/uid2/admin/vertx/service/SaltService.java | 2 +- .../uid2/admin/vertx/service/ServiceLinkService.java | 4 ++-- .../com/uid2/admin/vertx/service/ServiceService.java | 4 ++-- .../com/uid2/admin/vertx/service/SharingService.java | 10 +++++----- .../com/uid2/admin/vertx/service/SiteService.java | 6 +++--- .../uid2/admin/v2Router/RouterConfigurationTest.java | 2 +- 18 files changed, 42 insertions(+), 42 deletions(-) diff --git a/pom.xml b/pom.xml index 26767cf4..760931a0 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 1.12.2 5.11.2 - 11.6.1-alpha-357-SNAPSHOT + 11.6.2-alpha-360-SNAPSHOT 0.5.10 4.1.135.Final ${project.version} diff --git a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java index 6c36c6d4..8959c498 100644 --- a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java +++ b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java @@ -13,8 +13,8 @@ public enum OktaCustomScope { SITE_SYNC("uid2.admin.site-sync", Role.PRIVATE_OPERATOR_SYNC), METRICS_EXPORT("uid2.admin.metrics-export", Role.METRICS_EXPORT), ENCLAVE_REGISTRAR("uid2.admin.enclave-registrar", Role.ENCLAVE_REGISTRAR), - READ_ONLY("uid2.admin.read-only", Role.READ_ONLY), - CREATE("uid2.admin.create", Role.CREATE), + READ_ONLY("uid2.admin.read-only", Role.ADMIN_READ_ONLY), + CREATE("uid2.admin.create", Role.ADMIN_CREATE), INVALID("invalid", Role.UNKNOWN); private final String name; private final Role role; diff --git a/src/main/java/com/uid2/admin/vertx/api/cstg/GetClientSideKeypairsBySite.java b/src/main/java/com/uid2/admin/vertx/api/cstg/GetClientSideKeypairsBySite.java index 6cbcf25d..26ecef89 100644 --- a/src/main/java/com/uid2/admin/vertx/api/cstg/GetClientSideKeypairsBySite.java +++ b/src/main/java/com/uid2/admin/vertx/api/cstg/GetClientSideKeypairsBySite.java @@ -27,7 +27,7 @@ public GetClientSideKeypairsBySite(IKeypairManager keypairManager) { @Path("/sites/:siteId/client-side-keypairs") @Method(ApiMethod.GET) - @Roles({Role.MAINTAINER, Role.SHARING_PORTAL, Role.READ_ONLY}) + @Roles({Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_READ_ONLY}) public Handler getHandler() { return UrlParameterProviders.provideSiteId(this::handleGetClientSideKeys); } diff --git a/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java b/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java index ff33a25d..70982136 100644 --- a/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java +++ b/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java @@ -69,7 +69,7 @@ public ClientKeyService(JsonObject config, @Override public void setupRoutes(Router router) { router.get(API_CLIENT_METADATA.toString()).handler( - auth.handle(this::handleClientMetadata, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleClientMetadata, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.post(API_CLIENT_REWRITE_METADATA.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleRewriteMetadata(ctx); @@ -77,16 +77,16 @@ public void setupRoutes(Router router) { }, Role.PRIVILEGED)); router.get(API_CLIENT_LIST.toString()).handler( - auth.handle(this::handleClientList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.READ_ONLY)); + auth.handle(this::handleClientList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.ADMIN_READ_ONLY)); router.get(API_CLIENT_LIST_SITEID.toString()).handler( - auth.handle(this::handleClientListBySite, Role.MAINTAINER, Role.SHARING_PORTAL, Role.READ_ONLY)); + auth.handle(this::handleClientListBySite, Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_READ_ONLY)); router.get(API_CLIENT_KEYID.toString()).handler( - auth.handle(this::handleClientByKeyId, Role.MAINTAINER, Role.SHARING_PORTAL, Role.READ_ONLY)); + auth.handle(this::handleClientByKeyId, Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_READ_ONLY)); router.get(API_CLIENT_CONTACT.toString()).handler( - auth.handle(this::handleClientByContact, Role.MAINTAINER, Role.SHARING_PORTAL, Role.READ_ONLY)); + auth.handle(this::handleClientByContact, Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_READ_ONLY)); router.get(API_CLIENT_REVEAL.toString()).handler( auth.handle(this::handleClientReveal, Role.PRIVILEGED)); @@ -95,7 +95,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handleClientAdd(ctx); } - }, new AuditParams(List.of("name", "roles", "site_id"), Collections.emptyList()), Role.MAINTAINER, Role.SHARING_PORTAL, Role.CREATE)); + }, new AuditParams(List.of("name", "roles", "site_id"), Collections.emptyList()), Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_CREATE)); router.post(API_CLIENT_DEL.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { diff --git a/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java b/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java index 7de0d4e8..4e260b77 100644 --- a/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java +++ b/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java @@ -70,7 +70,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handleAddKeypair(ctx); } - }, new AuditParams(Collections.emptyList(), List.of("site_id", "name", "contact", "disabled")), Role.MAINTAINER, Role.SHARING_PORTAL, Role.CREATE)); + }, new AuditParams(Collections.emptyList(), List.of("site_id", "name", "contact", "disabled")), Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_CREATE)); router.post(API_CLIENT_SIDE_KEYPAIRS_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleUpdateKeypair(ctx); @@ -82,9 +82,9 @@ public void setupRoutes(Router router) { } }, new AuditParams(Collections.emptyList(), List.of("subscription_id")), Role.PRIVILEGED, Role.SHARING_PORTAL)); router.get(API_CLIENT_SIDE_KEYPAIRS_LIST.toString()).handler( - auth.handle(this::handleListAllKeypairs, Role.MAINTAINER, Role.METRICS_EXPORT, Role.READ_ONLY)); + auth.handle(this::handleListAllKeypairs, Role.MAINTAINER, Role.METRICS_EXPORT, Role.ADMIN_READ_ONLY)); router.get(API_CLIENT_SIDE_KEYPAIRS_SUBSCRIPTIONID.toString()).handler( - auth.handle(this::handleListKeypair, Role.MAINTAINER, Role.READ_ONLY) + auth.handle(this::handleListKeypair, Role.MAINTAINER, Role.ADMIN_READ_ONLY) ); } diff --git a/src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java b/src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java index debbee53..d3bbb137 100644 --- a/src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java +++ b/src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java @@ -36,10 +36,10 @@ public CloudEncryptionKeyService( @Override public void setupRoutes(Router router) { router.get(Endpoints.CLOUD_ENCRYPTION_KEY_METADATA.toString()).handler( - auth.handle(this::handleMetadata, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleMetadata, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.get(Endpoints.CLOUD_ENCRYPTION_KEY_LIST.toString()).handler( - auth.handle(this::handleList, Role.MAINTAINER, Role.READ_ONLY) + auth.handle(this::handleList, Role.MAINTAINER, Role.ADMIN_READ_ONLY) ); router.post(Endpoints.CLOUD_ENCRYPTION_KEY_ROTATE.toString()).handler( diff --git a/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java b/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java index 49b844e9..4e66e816 100644 --- a/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java +++ b/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java @@ -49,9 +49,9 @@ public EnclaveIdService(AdminAuthMiddleware auth, @Override public void setupRoutes(Router router) { router.get(API_ENCLAVE_METADATA.toString()).handler( - auth.handle(this::handleEnclaveMetadata, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleEnclaveMetadata, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.get(API_ENCLAVE_LIST.toString()).handler( - auth.handle(this::handleEnclaveList, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleEnclaveList, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.post(API_ENCLAVE_ADD.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { diff --git a/src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java b/src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java index 08be1abe..208f140a 100644 --- a/src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java +++ b/src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java @@ -125,11 +125,11 @@ public EncryptionKeyService(JsonObject config, @Override public void setupRoutes(Router router) { router.get(API_KEY_LIST.toString()).handler( - auth.handle(this::handleKeyList, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleKeyList, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); if(enableKeysets) { router.get(API_KEY_LIST_KEYSET_KEYS.toString()).handler( - auth.handle(this::handleKeysetKeyList, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleKeysetKeyList, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); } router.post(API_KEY_REWRITE_METADATA.toString()).blockingHandler(auth.handle((ctx) -> { diff --git a/src/main/java/com/uid2/admin/vertx/service/JobDispatcherService.java b/src/main/java/com/uid2/admin/vertx/service/JobDispatcherService.java index 850afb65..ee5455a4 100644 --- a/src/main/java/com/uid2/admin/vertx/service/JobDispatcherService.java +++ b/src/main/java/com/uid2/admin/vertx/service/JobDispatcherService.java @@ -30,7 +30,7 @@ public void setupRoutes(Router router) { } }, //can be other role - Role.MAINTAINER, Role.READ_ONLY)); + Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.get(API_JOB_DISPATCHER_JOB_QUEUE.toString()).blockingHandler(auth.handle((ctx) -> { try { @@ -40,6 +40,6 @@ public void setupRoutes(Router router) { } }, //can be other role - Role.MAINTAINER, Role.READ_ONLY)); + Role.MAINTAINER, Role.ADMIN_READ_ONLY)); } } diff --git a/src/main/java/com/uid2/admin/vertx/service/KeyAclService.java b/src/main/java/com/uid2/admin/vertx/service/KeyAclService.java index 7d90bbfc..d88ccaff 100644 --- a/src/main/java/com/uid2/admin/vertx/service/KeyAclService.java +++ b/src/main/java/com/uid2/admin/vertx/service/KeyAclService.java @@ -51,7 +51,7 @@ public KeyAclService(AdminAuthMiddleware auth, @Override public void setupRoutes(Router router) { router.get(API_KEYS_ACL_LIST.toString()).handler( - auth.handle(this::handleKeyAclList, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleKeyAclList, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.post(API_KEYS_ACL_REWRITE_METADATA.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { diff --git a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java index 094ad9a2..cc4ee7ee 100644 --- a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java +++ b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java @@ -75,9 +75,9 @@ public OperatorKeyService(JsonObject config, @Override public void setupRoutes(Router router) { router.get(API_OPERATOR_METADATA.toString()).handler( - auth.handle(this::handleOperatorMetadata, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleOperatorMetadata, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.get(API_OPERATOR_LIST.toString()).handler( - auth.handle(this::handleOperatorList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.READ_ONLY)); + auth.handle(this::handleOperatorList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.ADMIN_READ_ONLY)); router.get(API_OPERATOR_REVEAL.toString()).handler( auth.handle(this::handleOperatorReveal, new AuditParams(List.of("name"), Collections.emptyList()), Role.MAINTAINER)); @@ -85,7 +85,7 @@ public void setupRoutes(Router router) { synchronized (writeLock) { this.handleOperatorAdd(ctx); } - }, new AuditParams(List.of("name", "protocol", "site_id", "operator_type", "roles"), Collections.emptyList()), Role.MAINTAINER, Role.CREATE)); + }, new AuditParams(List.of("name", "protocol", "site_id", "operator_type", "roles"), Collections.emptyList()), Role.MAINTAINER, Role.ADMIN_CREATE)); router.post(API_OPERATOR_DEL.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { diff --git a/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java b/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java index bcba7e88..bcf56325 100644 --- a/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java +++ b/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java @@ -44,15 +44,15 @@ public PartnerConfigService(AdminAuthMiddleware auth, @Override public void setupRoutes(Router router) { router.get(API_PARTNER_CONFIG_LIST.toString()).handler( - auth.handle(this::handlePartnerConfigList, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handlePartnerConfigList, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.get(API_PARTNER_CONFIG_GET.toString()).handler( - auth.handle(this::handlePartnerConfigGet, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handlePartnerConfigGet, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.post(API_PARTNER_CONFIG_ADD.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handlePartnerConfigAdd(ctx); } - }, new AuditParams(Collections.emptyList(), List.of("name")), Role.MAINTAINER, Role.CREATE)); + }, new AuditParams(Collections.emptyList(), List.of("name")), Role.MAINTAINER, Role.ADMIN_CREATE)); router.put(API_PARTNER_CONFIG_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handlePartnerConfigUpdate(ctx); diff --git a/src/main/java/com/uid2/admin/vertx/service/SaltService.java b/src/main/java/com/uid2/admin/vertx/service/SaltService.java index fdde46e2..85635118 100644 --- a/src/main/java/com/uid2/admin/vertx/service/SaltService.java +++ b/src/main/java/com/uid2/admin/vertx/service/SaltService.java @@ -65,7 +65,7 @@ public SaltService(AdminAuthMiddleware auth, @Override public void setupRoutes(Router router) { router.get(API_SALT_SNAPSHOTS.toString()).handler( - auth.handle(this::handleSaltSnapshots, Role.MAINTAINER, Role.READ_ONLY)); + auth.handle(this::handleSaltSnapshots, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.post(API_SALT_REBUILD.toString()).blockingHandler(auth.handle(ctx -> { synchronized (writeLock) { diff --git a/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java b/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java index 93829bcb..218d8cfd 100644 --- a/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java +++ b/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java @@ -50,12 +50,12 @@ public ServiceLinkService(AdminAuthMiddleware auth, @Override public void setupRoutes(Router router) { - router.get(API_SERVICE_LINK_LIST.toString()).handler(auth.handle(this::handleServiceLinkList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.READ_ONLY)); + router.get(API_SERVICE_LINK_LIST.toString()).handler(auth.handle(this::handleServiceLinkList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.ADMIN_READ_ONLY)); router.post(API_SERVICE_LINK_ADD.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleServiceLinkAdd(ctx); } - }, new AuditParams(Collections.emptyList(), List.of("link_id", "service_id", "site_id", "name", "roles")), Role.MAINTAINER, Role.CREATE)); + }, new AuditParams(Collections.emptyList(), List.of("link_id", "service_id", "site_id", "name", "roles")), Role.MAINTAINER, Role.ADMIN_CREATE)); router.post(API_SERVICE_LINK_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleServiceLinkUpdate(ctx); diff --git a/src/main/java/com/uid2/admin/vertx/service/ServiceService.java b/src/main/java/com/uid2/admin/vertx/service/ServiceService.java index 5133712f..4837b2f2 100644 --- a/src/main/java/com/uid2/admin/vertx/service/ServiceService.java +++ b/src/main/java/com/uid2/admin/vertx/service/ServiceService.java @@ -52,8 +52,8 @@ public ServiceService(AdminAuthMiddleware auth, @Override public void setupRoutes(Router router) { - router.get(API_SERVICE_LIST.toString()).handler(auth.handle(this::handleServiceListAll, Role.MAINTAINER, Role.METRICS_EXPORT, Role.READ_ONLY)); - router.get(API_SERVICE_LIST_SERVICE_ID.toString()).handler(auth.handle(this::handleServiceList, Role.MAINTAINER, Role.READ_ONLY)); + router.get(API_SERVICE_LIST.toString()).handler(auth.handle(this::handleServiceListAll, Role.MAINTAINER, Role.METRICS_EXPORT, Role.ADMIN_READ_ONLY)); + router.get(API_SERVICE_LIST_SERVICE_ID.toString()).handler(auth.handle(this::handleServiceList, Role.MAINTAINER, Role.ADMIN_READ_ONLY)); router.post(API_SERVICE_ADD.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleServiceAdd(ctx); diff --git a/src/main/java/com/uid2/admin/vertx/service/SharingService.java b/src/main/java/com/uid2/admin/vertx/service/SharingService.java index b1083792..0f4c02b1 100644 --- a/src/main/java/com/uid2/admin/vertx/service/SharingService.java +++ b/src/main/java/com/uid2/admin/vertx/service/SharingService.java @@ -61,26 +61,26 @@ public SharingService(AdminAuthMiddleware auth, public void setupRoutes(Router router) { if(!enableKeysets) return; router.get(API_SHARING_LISTS.toString()).handler( - auth.handle(this::handleListAllAllowedSites, Role.MAINTAINER, Role.SHARING_PORTAL, Role.METRICS_EXPORT, Role.READ_ONLY) + auth.handle(this::handleListAllAllowedSites, Role.MAINTAINER, Role.SHARING_PORTAL, Role.METRICS_EXPORT, Role.ADMIN_READ_ONLY) ); router.get(API_SHARING_LIST_SITEID.toString()).handler( - auth.handle(this::handleListAllowedSites, Role.MAINTAINER, Role.SHARING_PORTAL, Role.READ_ONLY) + auth.handle(this::handleListAllowedSites, Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_READ_ONLY) ); router.post(API_SHARING_LIST_SITEID.toString()).handler( auth.handle(this::handleSetAllowedSites, new AuditParams(Collections.emptyList(), List.of("hash", "allowed_sites", "allowed_types")), Role.MAINTAINER, Role.SHARING_PORTAL) ); router.get(API_SHARING_KEYSETS.toString()).handler( - auth.handle(this::handleListAllKeysets, Role.MAINTAINER, Role.READ_ONLY) + auth.handle(this::handleListAllKeysets, Role.MAINTAINER, Role.ADMIN_READ_ONLY) ); router.post(API_SHARING_KEYSET.toString()).handler( auth.handle(this::handleSetKeyset, new AuditParams(Collections.emptyList(), List.of("site_id", "name", "allowed_sites", "allowed_types")), Role.MAINTAINER) ); router.get(API_SHARING_KEYSET_KEYSETID.toString()).handler( - auth.handle(this::handleListKeyset, Role.MAINTAINER, Role.READ_ONLY) + auth.handle(this::handleListKeyset, Role.MAINTAINER, Role.ADMIN_READ_ONLY) ); router.get(API_SHARING_KEYSETS_RELATED.toString()).handler( - auth.handle(this::handleListAllKeysetsRelated, Role.MAINTAINER, Role.READ_ONLY) + auth.handle(this::handleListAllKeysetsRelated, Role.MAINTAINER, Role.ADMIN_READ_ONLY) ); } diff --git a/src/main/java/com/uid2/admin/vertx/service/SiteService.java b/src/main/java/com/uid2/admin/vertx/service/SiteService.java index fbe28e99..d87125db 100644 --- a/src/main/java/com/uid2/admin/vertx/service/SiteService.java +++ b/src/main/java/com/uid2/admin/vertx/service/SiteService.java @@ -62,14 +62,14 @@ public void setupRoutes(Router router) { }, Role.PRIVILEGED)); router.get(API_SITE_LIST.toString()).handler( - auth.handle(this::handleSiteList, Role.MAINTAINER, Role.SHARING_PORTAL, Role.METRICS_EXPORT, Role.READ_ONLY)); + auth.handle(this::handleSiteList, Role.MAINTAINER, Role.SHARING_PORTAL, Role.METRICS_EXPORT, Role.ADMIN_READ_ONLY)); router.get(API_SITE_SITEID.toString()).handler( - auth.handle(this::handleSiteById, Role.MAINTAINER, Role.SHARING_PORTAL, Role.READ_ONLY)); + auth.handle(this::handleSiteById, Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_READ_ONLY)); router.post(API_SITE_ADD.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleSiteAdd(ctx); } - }, new AuditParams(List.of("name", "enable", "types", "description"), List.of("domain_names", "app_names")), Role.MAINTAINER, Role.SHARING_PORTAL, Role.CREATE)); + }, new AuditParams(List.of("name", "enable", "types", "description"), List.of("domain_names", "app_names")), Role.MAINTAINER, Role.SHARING_PORTAL, Role.ADMIN_CREATE)); router.post(API_SITE_ENABLE.toString()).blockingHandler(auth.handle((ctx) -> { synchronized (writeLock) { this.handleSiteEnable(ctx); diff --git a/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java b/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java index 3c7b8fb1..3714f6da 100644 --- a/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java +++ b/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java @@ -51,7 +51,7 @@ public void WhenANonBlockingRouteProviderIsUsed_ItIsRegisteredCorrectly() { router.setupSubRouter(vertxMock, routerMock); verify(routeMock).handler(handlerMock); - verify(authMiddlewareMock).handle(any(), eq(Role.MAINTAINER), eq(Role.SHARING_PORTAL), eq(Role.READ_ONLY)); + verify(authMiddlewareMock).handle(any(), eq(Role.MAINTAINER), eq(Role.SHARING_PORTAL), eq(Role.ADMIN_READ_ONLY)); } } } From 26f3d21fab289009559256ec623b8191b65e7210 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Thu, 25 Jun 2026 11:28:13 +1000 Subject: [PATCH 10/10] updated shared jar to include admin create role --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index fa61812d..9f2f581d 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 1.12.2 5.11.2 - 11.6.2-alpha-360-SNAPSHOT + 11.7.0 0.5.10 4.1.135.Final ${project.version}