StackVista · aacevedoosorio · Jun 24, 2025 · Jun 20, 2025
diff --git a/cmd/servicetoken/servicetoken_create.go b/cmd/servicetoken/servicetoken_create.go
@@ -16,9 +16,10 @@ const (
 )
 
 type CreateArgs struct {
-	Name       string
-	Expiration time.Time
-	Roles      []string
+	Name             string
+	Expiration       time.Time
+	Roles            []string
+	DedicatedSubject string
 }
 
 func CreateCommand(deps *di.Deps) *cobra.Command {
@@ -33,15 +34,17 @@ func CreateCommand(deps *di.Deps) *cobra.Command {
 	common.AddRequiredNameFlagVar(cmd, &args.Name, "Name of the service token")
 	cmd.Flags().TimeVar(&args.Expiration, "expiration", time.Time{}, []string{DateFormat}, "Expiration date of the service token")
 	cmd.Flags().StringSliceVar(&args.Roles, "roles", []string{}, "Roles assigned to the service token")
+	cmd.Flags().StringVar(&args.DedicatedSubject, "dedicatedSubject", "", "Subject solely created for usage with this token. The dedicated subject is cleaned after the token is deleted")
 	cmd.MarkFlagRequired("roles") //nolint:errcheck
 	return cmd
 }
 
 func RunServiceTokenCreateCommand(args *CreateArgs) di.CmdWithApiFn {
 	return func(cmd *cobra.Command, cli *di.Deps, api *stackstate_api.APIClient, serverInfo *stackstate_api.ServerInfo) common.CLIError {
 		req := stackstate_api.NewServiceTokenRequest{
-			Name:  args.Name,
-			Roles: args.Roles,
+			Name:             args.Name,
+			Roles:            args.Roles,
+			DedicatedSubject: &args.DedicatedSubject,
 		}
 
 		if !args.Expiration.IsZero() {

diff --git a/cmd/servicetoken/servicetoken_list.go b/cmd/servicetoken/servicetoken_list.go
@@ -44,11 +44,11 @@ func RunServiceTokenListCommand(cmd *cobra.Command, cli *di.Deps, api *stackstat
 			if serviceToken.Expiration != nil {
 				exp = time.UnixMilli(*serviceToken.Expiration).Format(DateFormat)
 			}
-			data = append(data, []interface{}{sid, serviceToken.Name, exp, serviceToken.Roles})
+			data = append(data, []interface{}{sid, serviceToken.Name, exp, serviceToken.Roles, serviceToken.DedicatedSubject})
 		}
 
 		cli.Printer.Table(printer.TableData{
-			Header:              []string{"id", "name", "expiration", "roles"},
+			Header:              []string{"id", "name", "expiration", "roles", "dedicated_Subject"},
 			Data:                data,
 			MissingTableDataMsg: printer.NotFoundMsg{Types: "service tokens"},
 		})

diff --git a/cmd/servicetoken/servicetoken_list_test.go b/cmd/servicetoken/servicetoken_list_test.go
@@ -37,10 +37,10 @@ func TestServiceTokenList(t *testing.T) {
 
 	tableData := []printer.TableData{
 		{
-			Header: []string{"id", "name", "expiration", "roles"},
+			Header: []string{"id", "name", "expiration", "roles", "dedicated_Subject"},
 			Data: [][]interface{}{
-				{int64(1), "test", "2020-05-22", []string{"test-role", "another-role"}},
-				{int64(2), "test2", "", []string{"test-role"}},
+				{int64(1), "test", "2020-05-22", []string{"test-role", "another-role"}, (*string)(nil)},
+				{int64(2), "test2", "", []string{"test-role"}, (*string)(nil)},
 			},
 			MissingTableDataMsg: printer.NotFoundMsg{Types: "service tokens"},
 		},

diff --git a/generated/stackstate_api/README.md b/generated/stackstate_api/README.md
@@ -232,7 +232,7 @@ Class | Method | HTTP request | Description
 *TracesApi* | [**SuggestionsAttributeName**](docs/TracesApi.md#suggestionsattributename) | **Get** /traces/spans/fields/attributes | Suggestions for attribute names
 *TracesApi* | [**SuggestionsAttributeValue**](docs/TracesApi.md#suggestionsattributevalue) | **Get** /traces/spans/fields/attributes/{attributeName}/values | Suggestions for attribute values
 *TracesApi* | [**SuggestionsFieldValues**](docs/TracesApi.md#suggestionsfieldvalues) | **Get** /traces/spans/fields/{field}/values | Suggestions for span fields
-*UserAuthorizationApi* | [**GetUserAuthorizationFor**](docs/UserAuthorizationApi.md#getuserauthorizationfor) | **Get** /user/authorization/for | Is the current user authorized for the provided permission
+*UserAuthorizationApi* | [**GetUserAuthorizationFor**](docs/UserAuthorizationApi.md#getuserauthorizationfor) | **Get** /user/authorization/for | Is the current user authorized for the provided permission and resource
 *UserProfileApi* | [**GetCurrentUserProfile**](docs/UserProfileApi.md#getcurrentuserprofile) | **Get** /user/profile | Get current user profile
 *UserProfileApi* | [**SaveCurrentUserProfile**](docs/UserProfileApi.md#savecurrentuserprofile) | **Put** /user/profile | Save current user profile
 *UserSessionApi* | [**GetUserSessionAssumedRole**](docs/UserSessionApi.md#getusersessionassumedrole) | **Get** /user/session/assumedRole | Get the assumed a role for the current session

diff --git a/generated/stackstate_api/api/openapi.yaml b/generated/stackstate_api/api/openapi.yaml
@@ -2596,14 +2596,20 @@ paths:
       - userSession
   /user/authorization/for:
     get:
-      description: Is the current user authorized for the provided permission
+      description: Is the current user authorized for the provided permission and
+        resource
       operationId: getUserAuthorizationFor
       parameters:
       - in: query
         name: permission
         required: true
         schema:
           type: string
+      - in: query
+        name: resourceName
+        required: false
+        schema:
+          type: string
       responses:
         "204":
           description: User is authorized
@@ -2619,7 +2625,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericErrorsResponse'
           description: Error when handling the request on the server side.
-      summary: Is the current user authorized for the provided permission
+      summary: Is the current user authorized for the provided permission and resource
       tags:
       - userAuthorization
   /events:
@@ -10685,6 +10691,7 @@ components:
         - roles
         - roles
         name: name
+        dedicatedSubject: dedicatedSubject
       properties:
         name:
           type: string
@@ -10695,6 +10702,8 @@ components:
           items:
             type: string
           type: array
+        dedicatedSubject:
+          type: string
       required:
       - name
       - roles
@@ -10709,6 +10718,7 @@ components:
         description: description
         expiration: 1
         id: 0
+        dedicatedSubject: dedicatedSubject
       properties:
         id:
           format: int64
@@ -10729,6 +10739,8 @@ components:
           items:
             type: string
           type: array
+        dedicatedSubject:
+          type: string
       required:
       - name
       - roles

diff --git a/generated/stackstate_api/api_user_authorization.go b/generated/stackstate_api/api_user_authorization.go
diff --git a/generated/stackstate_api/docs/NewServiceTokenRequest.md b/generated/stackstate_api/docs/NewServiceTokenRequest.md
@@ -7,6 +7,7 @@ Name | Type | Description | Notes
 **Name** | **string** |  | 
 **ExpiryDate** | Pointer to **int64** |  | [optional] 
 **Roles** | **[]string** |  | 
+**DedicatedSubject** | Pointer to **string** |  | [optional] 
 
 ## Methods
 
@@ -92,6 +93,31 @@ and a boolean to check if the value has been set.
 SetRoles sets Roles field to given value.
 
 
+### GetDedicatedSubject
+
+`func (o *NewServiceTokenRequest) GetDedicatedSubject() string`
+
+GetDedicatedSubject returns the DedicatedSubject field if non-nil, zero value otherwise.
+
+### GetDedicatedSubjectOk
+
+`func (o *NewServiceTokenRequest) GetDedicatedSubjectOk() (*string, bool)`
+
+GetDedicatedSubjectOk returns a tuple with the DedicatedSubject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDedicatedSubject
+
+`func (o *NewServiceTokenRequest) SetDedicatedSubject(v string)`
+
+SetDedicatedSubject sets DedicatedSubject field to given value.
+
+### HasDedicatedSubject
+
+`func (o *NewServiceTokenRequest) HasDedicatedSubject() bool`
+
+HasDedicatedSubject returns a boolean if a field has been set.
+
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 

diff --git a/generated/stackstate_api/docs/ServiceToken.md b/generated/stackstate_api/docs/ServiceToken.md
@@ -10,6 +10,7 @@ Name | Type | Description | Notes
 **Description** | Pointer to **string** |  | [optional] 
 **Expiration** | Pointer to **int64** |  | [optional] 
 **Roles** | **[]string** |  | 
+**DedicatedSubject** | Pointer to **string** |  | [optional] 
 
 ## Methods
 
@@ -170,6 +171,31 @@ and a boolean to check if the value has been set.
 SetRoles sets Roles field to given value.
 
 
+### GetDedicatedSubject
+
+`func (o *ServiceToken) GetDedicatedSubject() string`
+
+GetDedicatedSubject returns the DedicatedSubject field if non-nil, zero value otherwise.
+
+### GetDedicatedSubjectOk
+
+`func (o *ServiceToken) GetDedicatedSubjectOk() (*string, bool)`
+
+GetDedicatedSubjectOk returns a tuple with the DedicatedSubject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDedicatedSubject
+
+`func (o *ServiceToken) SetDedicatedSubject(v string)`
+
+SetDedicatedSubject sets DedicatedSubject field to given value.
+
+### HasDedicatedSubject
+
+`func (o *ServiceToken) HasDedicatedSubject() bool`
+
+HasDedicatedSubject returns a boolean if a field has been set.
+
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 

diff --git a/generated/stackstate_api/docs/UserAuthorizationApi.md b/generated/stackstate_api/docs/UserAuthorizationApi.md
@@ -4,15 +4,15 @@ All URIs are relative to *http://localhost*
 
 Method | HTTP request | Description
 ------------- | ------------- | -------------
-[**GetUserAuthorizationFor**](UserAuthorizationApi.md#GetUserAuthorizationFor) | **Get** /user/authorization/for | Is the current user authorized for the provided permission
+[**GetUserAuthorizationFor**](UserAuthorizationApi.md#GetUserAuthorizationFor) | **Get** /user/authorization/for | Is the current user authorized for the provided permission and resource
 
 
 
 ## GetUserAuthorizationFor
 
-> GetUserAuthorizationFor(ctx).Permission(permission).Execute()
+> GetUserAuthorizationFor(ctx).Permission(permission).ResourceName(resourceName).Execute()
 
-Is the current user authorized for the provided permission
+Is the current user authorized for the provided permission and resource
 
 
 
@@ -30,10 +30,11 @@ import (
 
 func main() {
     permission := "permission_example" // string | 
+    resourceName := "resourceName_example" // string |  (optional)
 
     configuration := openapiclient.NewConfiguration()
     apiClient := openapiclient.NewAPIClient(configuration)
-    resp, r, err := apiClient.UserAuthorizationApi.GetUserAuthorizationFor(context.Background()).Permission(permission).Execute()
+    resp, r, err := apiClient.UserAuthorizationApi.GetUserAuthorizationFor(context.Background()).Permission(permission).ResourceName(resourceName).Execute()
     if err != nil {
         fmt.Fprintf(os.Stderr, "Error when calling `UserAuthorizationApi.GetUserAuthorizationFor``: %v\n", err)
         fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -53,6 +54,7 @@ Other parameters are passed through a pointer to a apiGetUserAuthorizationForReq
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
  **permission** | **string** |  | 
+ **resourceName** | **string** |  | 
 
 ### Return type
 

diff --git a/generated/stackstate_api/model_new_service_token_request.go b/generated/stackstate_api/model_new_service_token_request.go