feat: add infrastructureendpoints flag with conditional DB/CH controllers

Add cameleer.server.security.infrastructureendpoints property (default true) and @ConditionalOnProperty to DatabaseAdminController and ClickHouseAdminController so the SaaS provisioner can set CAMELEER_SERVER_SECURITY_INFRASTRUCTUREENDPOINTS=false to suppress these endpoints (404) on tenant server containers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 23:09:28 +02:00
parent ca89a79f8f
commit 293d11e52b
4 changed files with 14 additions and 0 deletions
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ClickHouseAdminController.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ClickHouseAdminController.java
@@ -10,6 +10,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -18,6 +19,11 @@ import org.springframework.web.bind.annotation.RestController;

 import java.util.List;

+@ConditionalOnProperty(
+    name = "cameleer.server.security.infrastructureendpoints",
+    havingValue = "true",
+    matchIfMissing = true
+)
@RestController
@RequestMapping("/api/v1/admin/clickhouse")
@PreAuthorize("hasRole('ADMIN')")
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DatabaseAdminController.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DatabaseAdminController.java
@@ -20,12 +20,18 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ResponseStatusException;

 import javax.sql.DataSource;
 import java.util.List;

+@ConditionalOnProperty(
+    name = "cameleer.server.security.infrastructureendpoints",
+    havingValue = "true",
+    matchIfMissing = true
+)
@RestController
@RequestMapping("/api/v1/admin/database")
@PreAuthorize("hasRole('ADMIN')")
--- a/cameleer3-server-app/src/main/resources/application.yml
+++ b/cameleer3-server-app/src/main/resources/application.yml
@@ -71,6 +71,7 @@ cameleer:
      uiorigin: ${CAMELEER_SERVER_SECURITY_UIORIGIN:http://localhost:5173}
      jwtsecret: ${CAMELEER_SERVER_SECURITY_JWTSECRET:}
      corsallowedorigins: ${CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS:}
+      infrastructureendpoints: ${CAMELEER_SERVER_SECURITY_INFRASTRUCTUREENDPOINTS:true}
      oidc:
        issueruri: ${CAMELEER_SERVER_SECURITY_OIDC_ISSUERURI:}
        jwkseturi: ${CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI:}
--- a/cameleer3-server-app/src/test/resources/application-test.yml
+++ b/cameleer3-server-app/src/test/resources/application-test.yml
@@ -15,3 +15,4 @@ cameleer:
    security:
      bootstraptoken: test-bootstrap-token
      bootstraptokenprevious: old-bootstrap-token
+      infrastructureendpoints: true