Skip to content

Wzh UI d2 5765 enclave id registration authorization #554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lizk886 merged 13 commits into from
Aug 21, 2025
Merged

Wzh UI d2 5765 enclave id registration authorization #554

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
ca4ddc8
add okta custom group, still in devedlopment
lizk886 Jul 31, 2025
ef621f4
draft of add a new scope for enclave id registration
lizk886 Aug 4, 2025
bc44b13
update authorziation scope
lizk886 Jul 31, 2025
6709eac
update test to conform that enclave_registar should be able to access…
lizk886 Jul 31, 2025
c749dc6
[CI Pipeline] Released Snapshot version: 6.10.1-alpha-205-SNAPSHOT
Jul 31, 2025
c0d5203
[CI Pipeline] Released Snapshot version: 6.10.2-alpha-207-SNAPSHOT
Aug 1, 2025
f801664
[CI Pipeline] Released Snapshot version: 6.10.3-alpha-208-SNAPSHOT
Aug 1, 2025
f8ae657
[CI Pipeline] Released Snapshot version: 6.10.4-alpha-209-SNAPSHOT
Aug 4, 2025
c38441a
test to confirm enclaveid scope access other enclave api will get 401…
lizk886 Aug 5, 2025
48854bf
Update uid2-shared.version to 10.9.4
lizk886 Aug 21, 2025
b2c36bb
Merge branch 'main' into wzh-UID2-5765-enclaveID-registration-authori…
lizk886 Aug 21, 2025
284899e
Update Vert.x and plugin versions in pom.xml
lizk886 Aug 21, 2025
e2d70b9
spacing
lizk886 Aug 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
<!-- check micrometer.version vertx-micrometer-metrics consumes before bumping up -->
<micrometer.version>1.12.2</micrometer.version>
<junit-jupiter.version>5.11.2</junit-jupiter.version>
<uid2-shared.version>10.9.0</uid2-shared.version>
<uid2-shared.version>10.9.4</uid2-shared.version>
<okta-jwt.version>0.5.10</okta-jwt.version>
<image.version>${project.version}</image.version>
</properties>
Expand Down
1 change: 1 addition & 0 deletions src/main/java/com/uid2/admin/auth/OktaCustomScope.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ public enum OktaCustomScope {
SECRET_ROTATION("uid2.admin.secret-rotation", Role.SECRET_ROTATION),
SITE_SYNC("uid2.admin.site-sync", Role.PRIVATE_OPERATOR_SYNC),
METRICS_EXPORT("uid2.admin.metrics-export", Role.METRICS_EXPORT),
ENCLAVE_REGISTRAR("uid2.admin.enclave-registrar", Role.ENCLAVE_REGISTRAR),
INVALID("invalid", Role.UNKNOWN);
private final String name;
private final Role role;
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public void setupRoutes(Router router) {
synchronized (writeLock) {
this.handleEnclaveAdd(ctx);
}
}, new AuditParams(List.of("name", "protocol", "enclave_id"), Collections.emptyList()), Role.PRIVILEGED));
}, new AuditParams(List.of("name", "protocol", "enclave_id"), Collections.emptyList()), Role.PRIVILEGED, Role.ENCLAVE_REGISTRAR));
router.post(API_ENCLAVE_DEL.toString()).blockingHandler(auth.handle((ctx) -> {
synchronized (writeLock) {
this.handleEnclaveDel(ctx);
Expand Down
25 changes: 24 additions & 1 deletion src/test/java/com/uid2/admin/vertx/EnclaveIdServiceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ public void enclaveId_Add_Success(String protocol, Vertx vertx, VertxTestContext
}

@ParameterizedTest
@EnumSource(value = Role.class, names = {"PRIVILEGED", "SUPER_USER"}, mode = EnumSource.Mode.EXCLUDE)
@EnumSource(value = Role.class, names = {"PRIVILEGED", "SUPER_USER", "ENCLAVE_REGISTRAR"}, mode = EnumSource.Mode.EXCLUDE)
public void enclaveId_Add_NotAuthorized(Role role, Vertx vertx, VertxTestContext vertxTestContext) {
fakeAuth(role);

Expand Down Expand Up @@ -238,4 +238,27 @@ public void enclaveId_Delete_NotAuthorized(Role role, Vertx vertx, VertxTestCont
});
}

@ParameterizedTest
@ValueSource(strings = {
"/api/enclave/list",
"/api/enclave/metadata",
"/api/enclave/del?name=some-name",
})
public void enclaveId_Endpoints_NotAuthorized_ForEnclaveRegistrar(String url, Vertx vertx, VertxTestContext vertxTestContext) {
fakeAuth(Role.ENCLAVE_REGISTRAR);

// Use GET for list/metadata, POST for delete
if (url.contains("/del")) {
post(vertx, vertxTestContext, url, "", response -> {
assertEquals(401, response.statusCode());
vertxTestContext.completeNow();
});
} else {
get(vertx, vertxTestContext, url, response -> {
assertEquals(401, response.statusCode());
vertxTestContext.completeNow();
});
}
}

}