diff --git a/pom.xml b/pom.xml
index 5f31c9c10..5c8ad7062 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,7 @@
1.12.2
5.11.2
- 11.4.16
+ 11.4.21-alpha-349-SNAPSHOT
0.5.10
4.1.133.Final
${project.version}
diff --git a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
index d1fd7aed0..690a9aee1 100644
--- a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
+++ b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
@@ -13,6 +13,7 @@ public enum OktaCustomScope {
SITE_SYNC("uid2.admin.site-sync", Role.PRIVATE_OPERATOR_SYNC),
METRICS_EXPORT("uid2.admin.metrics-export", Role.METRICS_EXPORT),
ENCLAVE_REGISTRAR("uid2.admin.enclave-registrar", Role.ENCLAVE_REGISTRAR),
+ CLAUDE_ACCESS("uid2.admin.claude-access", Role.CLAUDE_ACCESS),
INVALID("invalid", Role.UNKNOWN);
private final String name;
private final Role role;
diff --git a/src/main/java/com/uid2/admin/vertx/api/cstg/GetClientSideKeypairsBySite.java b/src/main/java/com/uid2/admin/vertx/api/cstg/GetClientSideKeypairsBySite.java
index ee9f2005c..49968132a 100644
--- a/src/main/java/com/uid2/admin/vertx/api/cstg/GetClientSideKeypairsBySite.java
+++ b/src/main/java/com/uid2/admin/vertx/api/cstg/GetClientSideKeypairsBySite.java
@@ -27,7 +27,7 @@ public GetClientSideKeypairsBySite(IKeypairManager keypairManager) {
@Path("/sites/:siteId/client-side-keypairs")
@Method(ApiMethod.GET)
- @Roles({Role.MAINTAINER, Role.SHARING_PORTAL})
+ @Roles({Role.MAINTAINER, Role.SHARING_PORTAL, Role.CLAUDE_ACCESS})
public Handler getHandler() {
return UrlParameterProviders.provideSiteId(this::handleGetClientSideKeys);
}
diff --git a/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java b/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java
index e13aa3d9b..01502d170 100644
--- a/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java
@@ -69,7 +69,7 @@ public ClientKeyService(JsonObject config,
@Override
public void setupRoutes(Router router) {
router.get(API_CLIENT_METADATA.toString()).handler(
- auth.handle(this::handleClientMetadata, Role.MAINTAINER));
+ auth.handle(this::handleClientMetadata, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.post(API_CLIENT_REWRITE_METADATA.toString()).blockingHandler(auth.handle((ctx) -> {
synchronized (writeLock) {
this.handleRewriteMetadata(ctx);
@@ -77,16 +77,16 @@ public void setupRoutes(Router router) {
}, Role.PRIVILEGED));
router.get(API_CLIENT_LIST.toString()).handler(
- auth.handle(this::handleClientList, Role.MAINTAINER, Role.METRICS_EXPORT));
+ auth.handle(this::handleClientList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.CLAUDE_ACCESS));
router.get(API_CLIENT_LIST_SITEID.toString()).handler(
- auth.handle(this::handleClientListBySite, Role.MAINTAINER, Role.SHARING_PORTAL));
+ auth.handle(this::handleClientListBySite, Role.MAINTAINER, Role.SHARING_PORTAL, Role.CLAUDE_ACCESS));
router.get(API_CLIENT_KEYID.toString()).handler(
- auth.handle(this::handleClientByKeyId, Role.MAINTAINER, Role.SHARING_PORTAL));
+ auth.handle(this::handleClientByKeyId, Role.MAINTAINER, Role.SHARING_PORTAL, Role.CLAUDE_ACCESS));
router.get(API_CLIENT_CONTACT.toString()).handler(
- auth.handle(this::handleClientByContact, Role.MAINTAINER, Role.SHARING_PORTAL));
+ auth.handle(this::handleClientByContact, Role.MAINTAINER, Role.SHARING_PORTAL, Role.CLAUDE_ACCESS));
router.get(API_CLIENT_REVEAL.toString()).handler(
auth.handle(this::handleClientReveal, Role.PRIVILEGED));
diff --git a/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java b/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java
index 4d2715b50..2f8c896d6 100644
--- a/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java
@@ -82,9 +82,9 @@ public void setupRoutes(Router router) {
}
}, new AuditParams(Collections.emptyList(), List.of("subscription_id")), Role.PRIVILEGED, Role.SHARING_PORTAL));
router.get(API_CLIENT_SIDE_KEYPAIRS_LIST.toString()).handler(
- auth.handle(this::handleListAllKeypairs, Role.MAINTAINER, Role.METRICS_EXPORT));
+ auth.handle(this::handleListAllKeypairs, Role.MAINTAINER, Role.METRICS_EXPORT, Role.CLAUDE_ACCESS));
router.get(API_CLIENT_SIDE_KEYPAIRS_SUBSCRIPTIONID.toString()).handler(
- auth.handle(this::handleListKeypair, Role.MAINTAINER)
+ auth.handle(this::handleListKeypair, Role.MAINTAINER, Role.CLAUDE_ACCESS)
);
}
diff --git a/src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java b/src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java
index 10df2a86d..de081f3c8 100644
--- a/src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java
@@ -36,10 +36,10 @@ public CloudEncryptionKeyService(
@Override
public void setupRoutes(Router router) {
router.get(Endpoints.CLOUD_ENCRYPTION_KEY_METADATA.toString()).handler(
- auth.handle(this::handleMetadata, Role.MAINTAINER));
+ auth.handle(this::handleMetadata, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.get(Endpoints.CLOUD_ENCRYPTION_KEY_LIST.toString()).handler(
- auth.handle(this::handleList, Role.MAINTAINER)
+ auth.handle(this::handleList, Role.MAINTAINER, Role.CLAUDE_ACCESS)
);
router.post(Endpoints.CLOUD_ENCRYPTION_KEY_ROTATE.toString()).handler(
diff --git a/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java b/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java
index 9e4859ee9..bd013a08d 100644
--- a/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java
@@ -49,9 +49,9 @@ public EnclaveIdService(AdminAuthMiddleware auth,
@Override
public void setupRoutes(Router router) {
router.get(API_ENCLAVE_METADATA.toString()).handler(
- auth.handle(this::handleEnclaveMetadata, Role.MAINTAINER));
+ auth.handle(this::handleEnclaveMetadata, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.get(API_ENCLAVE_LIST.toString()).handler(
- auth.handle(this::handleEnclaveList, Role.MAINTAINER));
+ auth.handle(this::handleEnclaveList, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.post(API_ENCLAVE_ADD.toString()).blockingHandler(auth.handle((ctx) -> {
synchronized (writeLock) {
diff --git a/src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java b/src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java
index a07551b71..993836064 100644
--- a/src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java
@@ -125,11 +125,11 @@ public EncryptionKeyService(JsonObject config,
@Override
public void setupRoutes(Router router) {
router.get(API_KEY_LIST.toString()).handler(
- auth.handle(this::handleKeyList, Role.MAINTAINER));
+ auth.handle(this::handleKeyList, Role.MAINTAINER, Role.CLAUDE_ACCESS));
if(enableKeysets) {
router.get(API_KEY_LIST_KEYSET_KEYS.toString()).handler(
- auth.handle(this::handleKeysetKeyList, Role.MAINTAINER));
+ auth.handle(this::handleKeysetKeyList, Role.MAINTAINER, Role.CLAUDE_ACCESS));
}
router.post(API_KEY_REWRITE_METADATA.toString()).blockingHandler(auth.handle((ctx) -> {
diff --git a/src/main/java/com/uid2/admin/vertx/service/JobDispatcherService.java b/src/main/java/com/uid2/admin/vertx/service/JobDispatcherService.java
index 51156200d..80a221d2e 100644
--- a/src/main/java/com/uid2/admin/vertx/service/JobDispatcherService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/JobDispatcherService.java
@@ -30,7 +30,7 @@ public void setupRoutes(Router router) {
}
},
//can be other role
- Role.MAINTAINER));
+ Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.get(API_JOB_DISPATCHER_JOB_QUEUE.toString()).blockingHandler(auth.handle((ctx) -> {
try {
@@ -40,6 +40,6 @@ public void setupRoutes(Router router) {
}
},
//can be other role
- Role.MAINTAINER));
+ Role.MAINTAINER, Role.CLAUDE_ACCESS));
}
}
diff --git a/src/main/java/com/uid2/admin/vertx/service/KeyAclService.java b/src/main/java/com/uid2/admin/vertx/service/KeyAclService.java
index bc8685942..a7a9b6ccb 100644
--- a/src/main/java/com/uid2/admin/vertx/service/KeyAclService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/KeyAclService.java
@@ -51,7 +51,7 @@ public KeyAclService(AdminAuthMiddleware auth,
@Override
public void setupRoutes(Router router) {
router.get(API_KEYS_ACL_LIST.toString()).handler(
- auth.handle(this::handleKeyAclList, Role.MAINTAINER));
+ auth.handle(this::handleKeyAclList, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.post(API_KEYS_ACL_REWRITE_METADATA.toString()).blockingHandler(auth.handle((ctx) -> {
synchronized (writeLock) {
diff --git a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java
index 542df2b8f..8ef80f8ec 100644
--- a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java
@@ -75,9 +75,9 @@ public OperatorKeyService(JsonObject config,
@Override
public void setupRoutes(Router router) {
router.get(API_OPERATOR_METADATA.toString()).handler(
- auth.handle(this::handleOperatorMetadata, Role.MAINTAINER));
+ auth.handle(this::handleOperatorMetadata, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.get(API_OPERATOR_LIST.toString()).handler(
- auth.handle(this::handleOperatorList, Role.MAINTAINER, Role.METRICS_EXPORT));
+ auth.handle(this::handleOperatorList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.CLAUDE_ACCESS));
router.get(API_OPERATOR_REVEAL.toString()).handler(
auth.handle(this::handleOperatorReveal, new AuditParams(List.of("name"), Collections.emptyList()), Role.MAINTAINER));
@@ -381,7 +381,6 @@ private void handleOperatorUpdate(RoutingContext rc) {
ResponseUtil.error(rc, 404, "operator name not found");
return;
}
-
boolean siteIdChanged = false;
if (!rc.queryParam("site_id").isEmpty()) {
final Site site = RequestUtil.getSiteFromParam(rc, "site_id", this.siteProvider);
diff --git a/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java b/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java
index 019000174..10995efe5 100644
--- a/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java
@@ -46,7 +46,7 @@ public void setupRoutes(Router router) {
router.get(API_PARTNER_CONFIG_LIST.toString()).handler(
auth.handle(this::handlePartnerConfigList, Role.MAINTAINER));
router.get(API_PARTNER_CONFIG_GET.toString()).handler(
- auth.handle(this::handlePartnerConfigGet, Role.MAINTAINER));
+ auth.handle(this::handlePartnerConfigGet, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.post(API_PARTNER_CONFIG_ADD.toString()).blockingHandler(auth.handle((ctx) -> {
synchronized (writeLock) {
diff --git a/src/main/java/com/uid2/admin/vertx/service/SaltService.java b/src/main/java/com/uid2/admin/vertx/service/SaltService.java
index 527f19c04..3aed57a06 100644
--- a/src/main/java/com/uid2/admin/vertx/service/SaltService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/SaltService.java
@@ -65,7 +65,7 @@ public SaltService(AdminAuthMiddleware auth,
@Override
public void setupRoutes(Router router) {
router.get(API_SALT_SNAPSHOTS.toString()).handler(
- auth.handle(this::handleSaltSnapshots, Role.MAINTAINER));
+ auth.handle(this::handleSaltSnapshots, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.post(API_SALT_REBUILD.toString()).blockingHandler(auth.handle(ctx -> {
synchronized (writeLock) {
diff --git a/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java b/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java
index 44dee73a3..68d905b20 100644
--- a/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java
@@ -50,7 +50,7 @@ public ServiceLinkService(AdminAuthMiddleware auth,
@Override
public void setupRoutes(Router router) {
- router.get(API_SERVICE_LINK_LIST.toString()).handler(auth.handle(this::handleServiceLinkList, Role.MAINTAINER, Role.METRICS_EXPORT));
+ router.get(API_SERVICE_LINK_LIST.toString()).handler(auth.handle(this::handleServiceLinkList, Role.MAINTAINER, Role.METRICS_EXPORT, Role.CLAUDE_ACCESS));
router.post(API_SERVICE_LINK_ADD.toString()).blockingHandler(auth.handle((ctx) -> {
synchronized (writeLock) {
this.handleServiceLinkAdd(ctx);
diff --git a/src/main/java/com/uid2/admin/vertx/service/ServiceService.java b/src/main/java/com/uid2/admin/vertx/service/ServiceService.java
index 2f989d09f..e10917188 100644
--- a/src/main/java/com/uid2/admin/vertx/service/ServiceService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/ServiceService.java
@@ -52,8 +52,8 @@ public ServiceService(AdminAuthMiddleware auth,
@Override
public void setupRoutes(Router router) {
- router.get(API_SERVICE_LIST.toString()).handler(auth.handle(this::handleServiceListAll, Role.MAINTAINER, Role.METRICS_EXPORT));
- router.get(API_SERVICE_LIST_SERVICE_ID.toString()).handler(auth.handle(this::handleServiceList, Role.MAINTAINER));
+ router.get(API_SERVICE_LIST.toString()).handler(auth.handle(this::handleServiceListAll, Role.MAINTAINER, Role.METRICS_EXPORT, Role.CLAUDE_ACCESS));
+ router.get(API_SERVICE_LIST_SERVICE_ID.toString()).handler(auth.handle(this::handleServiceList, Role.MAINTAINER, Role.CLAUDE_ACCESS));
router.post(API_SERVICE_ADD.toString()).blockingHandler(auth.handle((ctx) -> {
synchronized (writeLock) {
this.handleServiceAdd(ctx);
diff --git a/src/main/java/com/uid2/admin/vertx/service/SharingService.java b/src/main/java/com/uid2/admin/vertx/service/SharingService.java
index e202c4598..c300c662d 100644
--- a/src/main/java/com/uid2/admin/vertx/service/SharingService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/SharingService.java
@@ -61,26 +61,26 @@ public SharingService(AdminAuthMiddleware auth,
public void setupRoutes(Router router) {
if(!enableKeysets) return;
router.get(API_SHARING_LISTS.toString()).handler(
- auth.handle(this::handleListAllAllowedSites, Role.MAINTAINER, Role.SHARING_PORTAL, Role.METRICS_EXPORT)
+ auth.handle(this::handleListAllAllowedSites, Role.MAINTAINER, Role.SHARING_PORTAL, Role.METRICS_EXPORT, Role.CLAUDE_ACCESS)
);
router.get(API_SHARING_LIST_SITEID.toString()).handler(
- auth.handle(this::handleListAllowedSites, Role.MAINTAINER, Role.SHARING_PORTAL)
+ auth.handle(this::handleListAllowedSites, Role.MAINTAINER, Role.SHARING_PORTAL, Role.CLAUDE_ACCESS)
);
router.post(API_SHARING_LIST_SITEID.toString()).handler(
auth.handle(this::handleSetAllowedSites, new AuditParams(Collections.emptyList(), List.of("hash", "allowed_sites", "allowed_types")), Role.MAINTAINER, Role.SHARING_PORTAL)
);
router.get(API_SHARING_KEYSETS.toString()).handler(
- auth.handle(this::handleListAllKeysets, Role.MAINTAINER)
+ auth.handle(this::handleListAllKeysets, Role.MAINTAINER, Role.CLAUDE_ACCESS)
);
router.post(API_SHARING_KEYSET.toString()).handler(
auth.handle(this::handleSetKeyset, new AuditParams(Collections.emptyList(), List.of("site_id", "name", "allowed_sites", "allowed_types")), Role.MAINTAINER)
);
router.get(API_SHARING_KEYSET_KEYSETID.toString()).handler(
- auth.handle(this::handleListKeyset, Role.MAINTAINER)
+ auth.handle(this::handleListKeyset, Role.MAINTAINER, Role.CLAUDE_ACCESS)
);
router.get(API_SHARING_KEYSETS_RELATED.toString()).handler(
- auth.handle(this::handleListAllKeysetsRelated, Role.MAINTAINER)
+ auth.handle(this::handleListAllKeysetsRelated, Role.MAINTAINER, Role.CLAUDE_ACCESS)
);
}
diff --git a/src/main/java/com/uid2/admin/vertx/service/SiteService.java b/src/main/java/com/uid2/admin/vertx/service/SiteService.java
index 957380d07..7b67f46ba 100644
--- a/src/main/java/com/uid2/admin/vertx/service/SiteService.java
+++ b/src/main/java/com/uid2/admin/vertx/service/SiteService.java
@@ -62,9 +62,9 @@ public void setupRoutes(Router router) {
}, Role.PRIVILEGED));
router.get(API_SITE_LIST.toString()).handler(
- auth.handle(this::handleSiteList, Role.MAINTAINER, Role.SHARING_PORTAL, Role.METRICS_EXPORT));
+ auth.handle(this::handleSiteList, Role.MAINTAINER, Role.SHARING_PORTAL, Role.METRICS_EXPORT, Role.CLAUDE_ACCESS));
router.get(API_SITE_SITEID.toString()).handler(
- auth.handle(this::handleSiteById, Role.MAINTAINER, Role.SHARING_PORTAL));
+ auth.handle(this::handleSiteById, Role.MAINTAINER, Role.SHARING_PORTAL, Role.CLAUDE_ACCESS));
router.post(API_SITE_ADD.toString()).blockingHandler(auth.handle((ctx) -> {
synchronized (writeLock) {
this.handleSiteAdd(ctx);
diff --git a/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java b/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java
index 9740c328a..55c80a64e 100644
--- a/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java
+++ b/src/test/java/com/uid2/admin/v2Router/RouterConfigurationTest.java
@@ -51,7 +51,7 @@ public void WhenANonBlockingRouteProviderIsUsed_ItIsRegisteredCorrectly() {
router.setupSubRouter(vertxMock, routerMock);
verify(routeMock).handler(handlerMock);
- verify(authMiddlewareMock).handle(any(), eq(Role.MAINTAINER), eq(Role.SHARING_PORTAL));
+ verify(authMiddlewareMock).handle(any(), eq(Role.MAINTAINER), eq(Role.SHARING_PORTAL), eq(Role.CLAUDE_ACCESS));
}
}
}