Skip to content

Add GetEntryClaims admin endpoint #761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rdimitrov wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Add GetEntryClaims admin endpoint #761

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
a3e3358
Add `GetEntryClaims` admin endpoint
rdimitrov Apr 27, 2026
1f74302
Gate `GetEntryClaims` by JWT claim subset
rdimitrov Apr 28, 2026
3bb2cee
Lock JWT-claims call shape and document `GetEntryClaims` posture
rdimitrov Apr 28, 2026
6c9fabd
Tighten `getEntryClaims` godoc and cover super-admin bypass
rdimitrov Apr 28, 2026
a0b65fa
Document why `GetEntryClaims` is managed-source-only
rdimitrov Apr 29, 2026
a883c66
Merge branch 'main' into rdimitrov/get-entry-claims
rdimitrov May 5, 2026
64b5135
Quiet `goconst` on `team=data` test fixture
rdimitrov May 6, 2026
3ba41b8
Merge branch 'main' into rdimitrov/get-entry-claims
rdimitrov May 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 113 additions & 0 deletions docs/thv-registry-api/docs.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

113 changes: 113 additions & 0 deletions docs/thv-registry-api/swagger.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -424,6 +424,15 @@
},
"type": "object"
},
"internal_api_v1.entryClaimsResponse": {
"properties": {
"claims": {
"additionalProperties": {},
"type": "object"
}
},
"type": "object"
},
"internal_api_v1.meResponse": {
"properties": {
"roles": {
Expand Down Expand Up @@ -1984,6 +1993,110 @@
}
},
"/v1/entries/{type}/{name}/claims": {
"get": {
"description": "Get the claims for an API-published entry name within the managed source.\nClaims are stored at the entry-name level and are shared by every version of that name.\nSynced-source entries (git/api/file/kubernetes) are out of scope: their claims come from\nupstream (the source manifest or the `toolhive.stacklok.dev/authz-claims` annotation) and\nare surfaced through the `/v1/sources/{name}/entries` and `/v1/registries/{name}/entries` lists.",
"parameters": [
{
"description": "Entry Type (server or skill)",
"in": "path",
"name": "type",
"required": true,
"schema": {
"type": "string"
}
},
{
"description": "Entry Name",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/internal_api_v1.entryClaimsResponse"
}
}
},
"description": "Entry claims"
},
"400": {
"content": {
"application/json": {
"schema": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
}
},
"description": "Bad request"
},
"403": {
"content": {
"application/json": {
"schema": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
}
},
"description": "Forbidden"
},
"404": {
"content": {
"application/json": {
"schema": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
}
},
"description": "Not found"
},
"500": {
"content": {
"application/json": {
"schema": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
}
},
"description": "Internal server error"
},
"503": {
"content": {
"application/json": {
"schema": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
}
},
"description": "No managed source available"
}
},
"summary": "Get entry claims",
"tags": [
"v1"
]
},
"put": {
"description": "Update claims for a published entry name",
"parameters": [
Expand Down
76 changes: 76 additions & 0 deletions docs/thv-registry-api/swagger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,12 @@ components:
description: Number of skills in registry
type: integer
type: object
internal_api_v1.entryClaimsResponse:
properties:
claims:
additionalProperties: {}
type: object
type: object
internal_api_v1.meResponse:
properties:
roles:
Expand Down Expand Up @@ -1356,6 +1362,76 @@ paths:
tags:
- v1
/v1/entries/{type}/{name}/claims:
get:
description: |-
Get the claims for an API-published entry name within the managed source.
Claims are stored at the entry-name level and are shared by every version of that name.
Synced-source entries (git/api/file/kubernetes) are out of scope: their claims come from
upstream (the source manifest or the `toolhive.stacklok.dev/authz-claims` annotation) and
are surfaced through the `/v1/sources/{name}/entries` and `/v1/registries/{name}/entries` lists.
parameters:
- description: Entry Type (server or skill)
in: path
name: type
required: true
schema:
type: string
- description: Entry Name
in: path
name: name
required: true
schema:
type: string
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/internal_api_v1.entryClaimsResponse'
description: Entry claims
"400":
content:
application/json:
schema:
additionalProperties:
type: string
type: object
description: Bad request
"403":
content:
application/json:
schema:
additionalProperties:
type: string
type: object
description: Forbidden
"404":
content:
application/json:
schema:
additionalProperties:
type: string
type: object
description: Not found
"500":
content:
application/json:
schema:
additionalProperties:
type: string
type: object
description: Internal server error
"503":
content:
application/json:
schema:
additionalProperties:
type: string
type: object
description: No managed source available
summary: Get entry claims
tags:
- v1
put:
description: Update claims for a published entry name
parameters:
Expand Down
Loading
Loading