Merge branch 'main' into sch-UID2-5851-migration-to-key-rotation

sophia-chen-ttd · web-flow · commit 260a9ca4d510 · 2025-08-27T15:08:37.000+10:00
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-admin</artifactId>
-    <version>6.10.10</version>
+    <version>6.10.17</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
@@ -11,6 +11,7 @@ public enum OktaCustomScope {
     SECRET_ROTATION("uid2.admin.secret-rotation", Role.SECRET_ROTATION),
     SITE_SYNC("uid2.admin.site-sync", Role.PRIVATE_OPERATOR_SYNC),
     METRICS_EXPORT("uid2.admin.metrics-export", Role.METRICS_EXPORT),
+    ENCLAVE_REGISTRAR("uid2.admin.enclave-registrar", Role.ENCLAVE_REGISTRAR),
     INVALID("invalid", Role.UNKNOWN);
     private final String name;
     private final Role role;
diff --git a/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java b/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java
@@ -57,7 +57,7 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handleEnclaveAdd(ctx);
             }
-        }, new AuditParams(List.of("name", "protocol", "enclave_id"), Collections.emptyList()), Role.PRIVILEGED));
+        }, new AuditParams(List.of("name", "protocol", "enclave_id"), Collections.emptyList()), Role.PRIVILEGED, Role.ENCLAVE_REGISTRAR));
         router.post(API_ENCLAVE_DEL.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleEnclaveDel(ctx);
diff --git a/src/test/java/com/uid2/admin/vertx/EnclaveIdServiceTest.java b/src/test/java/com/uid2/admin/vertx/EnclaveIdServiceTest.java
@@ -96,7 +96,7 @@ public void enclaveId_Add_Success(String protocol, Vertx vertx, VertxTestContext
     }
 
     @ParameterizedTest
-    @EnumSource(value = Role.class, names = {"PRIVILEGED", "SUPER_USER"}, mode = EnumSource.Mode.EXCLUDE)
+    @EnumSource(value = Role.class, names = {"PRIVILEGED", "SUPER_USER", "ENCLAVE_REGISTRAR"}, mode = EnumSource.Mode.EXCLUDE)
     public void enclaveId_Add_NotAuthorized(Role role, Vertx vertx, VertxTestContext vertxTestContext) {
         fakeAuth(role);
 
@@ -238,4 +238,27 @@ public void enclaveId_Delete_NotAuthorized(Role role, Vertx vertx, VertxTestCont
         });
     }
 
+    @ParameterizedTest
+    @ValueSource(strings = {
+            "/api/enclave/list",
+            "/api/enclave/metadata",
+            "/api/enclave/del?name=some-name",
+    })
+    public void enclaveId_Endpoints_NotAuthorized_ForEnclaveRegistrar(String url, Vertx vertx, VertxTestContext vertxTestContext) {
+        fakeAuth(Role.ENCLAVE_REGISTRAR);
+
+        // Use GET for list/metadata, POST for delete
+        if (url.contains("/del")) {
+            post(vertx, vertxTestContext, url, "", response -> {
+                assertEquals(401, response.statusCode());
+                vertxTestContext.completeNow();
+            });
+        } else {
+            get(vertx, vertxTestContext, url, response -> {
+                assertEquals(401, response.statusCode());
+                vertxTestContext.completeNow();
+            });
+        }
+    }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ public void setupRoutes(Router router) {`
`57`	`57`	`synchronized (writeLock) {`
`58`	`58`	`this.handleEnclaveAdd(ctx);`
`59`	`59`	`}`
`60`		`- }, new AuditParams(List.of("name", "protocol", "enclave_id"), Collections.emptyList()), Role.PRIVILEGED));`
	`60`	`+ }, new AuditParams(List.of("name", "protocol", "enclave_id"), Collections.emptyList()), Role.PRIVILEGED, Role.ENCLAVE_REGISTRAR));`
`61`	`61`	`router.post(API_ENCLAVE_DEL.toString()).blockingHandler(auth.handle((ctx) -> {`
`62`	`62`	`synchronized (writeLock) {`
`63`	`63`	`this.handleEnclaveDel(ctx);`