feat(dir): add ownership claim referrer, search, and CLI (v1)#1478
Open
vivekkrishna wants to merge 1 commit into
Open
feat(dir): add ownership claim referrer, search, and CLI (v1)#1478vivekkrishna wants to merge 1 commit into
vivekkrishna wants to merge 1 commit into
Conversation
vivekkrishna
force-pushed
the
feat/ownership-v1
branch
from
9cca9e0 to
21fdd72
Compare
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
vivekkrishna
force-pushed
the
feat/ownership-v1
branch
from
21fdd72 to
330f7ad
Compare
vivekkrishna
force-pushed
the
feat/ownership-v1
branch
2 times, most recently
from
bf6cb52 to
516e1e8
Compare
Introduces a single-source-of-truth ownership model using OCI referrers: - api: add OwnershipClaim proto + MarshalReferrer/UnmarshalReferrer - api/core: add OwnershipClaimReferrerType constant and CEL whitelist entry - server/store/oci: add OwnershipClaimArtifactMediaType mapping - server/database: add owners table (Owner model, AddOwner, RemoveOwners, WithOwners filter) - server/controller: enforce caller SPIFFE ID == owner_id; index claim on push - reconciler: add ownership task to walk referrers and sync owners table - cli: add dirctl ownership claim command and --owner search filter - cli/daemon: register ownership reconciler defaults - tests/e2e: add ownership-based search test suite (7 cases, all passing) Signed-off-by: Vivek Krishna Choppa <vivekkrishnachoppa@gmail.com>
vivekkrishna
force-pushed
the
feat/ownership-v1
branch
from
516e1e8 to
f01858e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
agntcy.dir.ownership.v1.Claim)ownersDB table as a derived search index synced from OCI referrersdirctl ownership claimcommand and--ownersearch filterChanges
Proto / API
proto/agntcy/dir/ownership/v1/claim.proto: newClaimmessage (owner_id,claimed_at)api/ownership/v1/claim.go:MarshalReferrer/UnmarshalReferrer+ReferrerType()api/core/v1/referrer_types.go:OwnershipClaimReferrerType = "agntcy.dir.ownership.v1.Claim"proto/agntcy/dir/core/v1/rules.proto: CEL whitelist extended with ownership typeproto/agntcy/dir/search/v1/record_query.proto:RECORD_QUERY_TYPE_OWNER = 17Server
server/store/oci/types.go:OwnershipClaimArtifactMediaType+ OCI type mappingserver/database/gorm/record.go:Ownermodel,AddOwner,RemoveOwners, ownership JOIN filterserver/database/gorm/gorm.go:Ownertable migrationserver/types/database.go:OwnershipDatabaseAPIinterfaceserver/types/search.go:Owners []stringfield +WithOwners()filter optionserver/database/utils/utils.go:RECORD_QUERY_TYPE_OWNER→WithOwners()server/controller/store.go: ownership claim enforcement + immediate DB indexing on pushReconciler
reconciler/tasks/ownership/: new task that walks OCI referrers and syncs owners tablereconciler/config/config.go:Ownershipconfig field + env var bindingsreconciler/service/service.go: ownership task registrationCLI
cli/cmd/ownership/ownership.go:dirctl ownership claim --record <CID> --owner <id>cli/cmd/root.go: ownership command registeredcli/cmd/search/filters.go:--ownerflag +RECORD_QUERY_TYPE_OWNERquerycli/cmd/daemon/config.go: ownership reconciler defaults (enabled=true,interval=5m)Tests
tests/e2e/local/13_ownership_search_test.go: 7 e2e tests (all passing) covering exact match, wildcards, combined filters, and negative casesTest plan
go test ./...in server, reconciler, api, cli modules)task lint)🤖 Generated with Claude Code