StackVista · aacevedoosorio · Jun 19, 2025 · Jun 11, 2025 · Jun 13, 2025 · Jun 18, 2025
diff --git a/cmd/rbac/flags.go b/cmd/rbac/flags.go
@@ -4,20 +4,14 @@ const (
 	Subject    = "subject"
 	Permission = "permission"
 	Resource   = "resource"
-	Scope      = "scope"
 
 	SubjectUsage            = "The handle of the subject of the permissions. If you're using LDAP, please use the usernameKey configured in StackState"
 	PermissionRevokeUsage   = "The permission to revoke"
 	PermissionGrantUsage    = "The permission to grant"
 	PermissionDescribeUsage = "Filter the permissions by permission name"
-	ResourceDescribeUsage   = "Filter the permissions by a resource identifier (e.g. system or a view name)"
-	ResourceGrantUsage      = "The resource to grant the permission to (e.g. \"system\" or a view name)"
-	ResourceRevokeUsage     = "The resource to revoke the permission to (e.g. \"system\" or a view name)"
-	ScopeUsage              = "The query in STQL that will be prepended to every topology element retrieved in StackState. " +
-		"For example, if your scope is \"label = 'A'\", then all STQL executed in StackState" +
-		" (e.g. Retrieving topology) will only return elements that have the label A"
+	ResourceDescribeUsage   = "Filter the permissions by a resource identifier (e.g. system, a resource name or tag)"
+	ResourceGrantUsage      = "The resource to grant the permission to (e.g. \"system\" or a resource name or tag)"
+	ResourceRevokeUsage     = "The resource to revoke the permission to (e.g. \"system\" or a resource name or tag)"
 
-	DefaultResource    = "system"
-	DefaultScope       = "id = '-1'"
-	DefaultSTQLVersion = "0.0.1"
+	DefaultResource = "system"
 )
diff --git a/cmd/rbac/rbac_create_subject.go b/cmd/rbac/rbac_create_subject.go
@@ -1,3 +1,4 @@
+//nolint:dupl
 package rbac
 
 import (
@@ -9,7 +10,6 @@ import (
 
 type CreateSubjectArgs struct {
 	Subject string
-	Scope   string
 }
 
 func CreateSubjectCommand(deps *di.Deps) *cobra.Command {
@@ -24,8 +24,6 @@ func CreateSubjectCommand(deps *di.Deps) *cobra.Command {
 	cmd.Flags().StringVar(&args.Subject, Subject, "", SubjectUsage)
 	cmd.MarkFlagRequired(Subject) //nolint:errcheck
 
-	cmd.Flags().StringVar(&args.Scope, Scope, DefaultScope, ScopeUsage)
-
 	return cmd
 }
 
@@ -36,9 +34,7 @@ func RunCreateSubjectCommand(args *CreateSubjectArgs) di.CmdWithApiFn {
 		api *stackstate_api.APIClient,
 		serverInfo *stackstate_api.ServerInfo,
 	) common.CLIError {
-		subject := stackstate_api.NewCreateSubject(args.Scope, DefaultSTQLVersion)
 		resp, err := api.SubjectApi.CreateSubject(cli.Context, args.Subject).
-			CreateSubject(*subject).
 			Execute()
 
 		if err != nil {

diff --git a/cmd/rbac/rbac_create_subject_test.go b/cmd/rbac/rbac_create_subject_test.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/stackvista/stackstate-cli/generated/stackstate_api"
 	"github.com/stackvista/stackstate-cli/internal/di"
 	"github.com/stretchr/testify/assert"
 )
@@ -24,10 +23,6 @@ func TestCreateSubjectJson(t *testing.T) {
 	assert.Len(t, calls, 1)
 	assert.Equal(t, SomeSubject, calls[0].Psubject)
 
-	expectedSubject := stackstate_api.NewCreateSubject(DefaultScope, DefaultSTQLVersion)
-
-	assert.Equal(t, expectedSubject, calls[0].PcreateSubject)
-
 	expectedJson := []map[string]interface{}{
 		{
 			"created-subject": SomeSubject,
@@ -41,16 +36,12 @@ func TestCreateSubject(t *testing.T) {
 	cli := di.NewMockDeps(t)
 	cmd := CreateSubjectCommand(&cli.Deps)
 
-	di.ExecuteCommandWithContextUnsafe(&cli.Deps, cmd, "--subject", SomeOtherSubject, "--scope", SomeScope)
+	di.ExecuteCommandWithContextUnsafe(&cli.Deps, cmd, "--subject", SomeOtherSubject)
 
 	calls := *cli.MockClient.ApiMocks.SubjectApi.CreateSubjectCalls
 	assert.Len(t, calls, 1)
 	assert.Equal(t, SomeOtherSubject, calls[0].Psubject)
 
-	otherExpectedSubject := stackstate_api.NewCreateSubject(SomeScope, DefaultSTQLVersion)
-
-	assert.Equal(t, otherExpectedSubject, calls[0].PcreateSubject)
-
 	expectedStrings := []string{
 		fmt.Sprintf("Created subject '%s'", SomeOtherSubject),
 	}

diff --git a/cmd/rbac/rbac_delete_subject.go b/cmd/rbac/rbac_delete_subject.go
@@ -1,3 +1,4 @@
+//nolint:dupl
 package rbac
 
 import (

diff --git a/cmd/rbac/rbac_describe_subjects.go b/cmd/rbac/rbac_describe_subjects.go
@@ -42,16 +42,14 @@ func RunDescribeSubjectsCommand(args *DescribeSubjectsArgs) di.CmdWithApiFn {
 
 			if cli.IsJson() {
 				cli.Printer.PrintJson(map[string]interface{}{
-					"handle":     subject.Handle,
-					"scopeQuery": safeDeref(subject.ScopeQuery),
+					"handle": subject.Handle,
 				})
 			} else {
 				cli.Printer.Table(printer.TableData{
-					Header: []string{"Subject", "Scope Query"},
+					Header: []string{"Subject"},
 					Data: [][]interface{}{
 						{
 							subject.Handle,
-							safeDeref(subject.ScopeQuery),
 						},
 					},
 					MissingTableDataMsg: printer.NotFoundMsg{Types: "matching subjects"},
@@ -72,11 +70,11 @@ func RunDescribeSubjectsCommand(args *DescribeSubjectsArgs) di.CmdWithApiFn {
 				data := make([][]interface{}, 0)
 
 				for _, subject := range subjects {
-					data = append(data, []interface{}{subject.Handle, safeDeref(subject.ScopeQuery)})
+					data = append(data, []interface{}{subject.Handle})
 				}
 
 				cli.Printer.Table(printer.TableData{
-					Header:              []string{"Subject", "Scope Query"},
+					Header:              []string{"Subject"},
 					Data:                data,
 					MissingTableDataMsg: printer.NotFoundMsg{Types: "subjects"},
 				})
@@ -85,10 +83,3 @@ func RunDescribeSubjectsCommand(args *DescribeSubjectsArgs) di.CmdWithApiFn {
 		return nil
 	}
 }
-
-func safeDeref(text *string) string {
-	if text == nil {
-		return ""
-	}
-	return *text
-}
diff --git a/cmd/rbac/rbac_describe_subjects_test.go b/cmd/rbac/rbac_describe_subjects_test.go
@@ -12,21 +12,17 @@ import (
 var (
 	SomeScopeVar   = SomeScope
 	SubjectConfig1 = stackstate_api.SubjectConfig{
-		Handle:     SomeSubject,
-		ScopeQuery: &SomeScopeVar,
+		Handle: SomeSubject,
 	}
 
 	SomeOtherSubject = "handle"
-	SomeOtherScope   = "meaningOfLife = 23"
 
 	SubjectConfig2 = stackstate_api.SubjectConfig{
-		Handle:     SomeOtherSubject,
-		ScopeQuery: &SomeOtherScope,
+		Handle: SomeOtherSubject,
 	}
 
 	SubjectConfig3 = stackstate_api.SubjectConfig{
-		Handle:     SubjectHandle,
-		ScopeQuery: nil,
+		Handle: SubjectHandle,
 	}
 )
 
@@ -47,11 +43,11 @@ func TestDescribeSubjectsTable(t *testing.T) {
 
 	expected := []printer.TableData{
 		{
-			Header: []string{"Subject", "Scope Query"},
+			Header: []string{"Subject"},
 			Data: [][]interface{}{
-				{SubjectConfig1.Handle, *SubjectConfig1.ScopeQuery},
-				{SubjectConfig2.Handle, *SubjectConfig2.ScopeQuery},
-				{SubjectConfig3.Handle, ""},
+				{SubjectConfig1.Handle},
+				{SubjectConfig2.Handle},
+				{SubjectConfig3.Handle},
 			},
 			MissingTableDataMsg: printer.NotFoundMsg{Types: "subjects"},
 		},
@@ -100,9 +96,9 @@ func TestDescribeSubjectsTableWithFilter(t *testing.T) {
 
 	expected := []printer.TableData{
 		{
-			Header: []string{"Subject", "Scope Query"},
+			Header: []string{"Subject"},
 			Data: [][]interface{}{
-				{SubjectConfig1.Handle, *SubjectConfig1.ScopeQuery},
+				{SubjectConfig1.Handle},
 			},
 			MissingTableDataMsg: printer.NotFoundMsg{Types: "matching subjects"},
 		},
@@ -130,12 +126,10 @@ func TestDescribeSubjectsJsonWithFilter(t *testing.T) {
 
 	expectedJson := []map[string]interface{}{
 		{
-			"handle":     SubjectConfig1.Handle,
-			"scopeQuery": *SubjectConfig1.ScopeQuery,
+			"handle": SubjectConfig1.Handle,
 		},
 		{
-			"handle":     SubjectConfig3.Handle,
-			"scopeQuery": "",
+			"handle": SubjectConfig3.Handle,
 		},
 	}
 

diff --git a/cmd/rbac/rbac_revoke.go b/cmd/rbac/rbac_revoke.go
@@ -49,7 +49,7 @@ func RunRevokePermissionsCommand(args *RevokePermissionsArgs) di.CmdWithApiFn {
 			return common.NewResponseError(revokeErr, revokeResp)
 		}
 
-		description, descrResp, descrErr := describePermissions(cli, api, args.Subject, args.Permission, args.Resource).Execute()
+		description, descrResp, descrErr := describePermissions(cli, api, args.Subject, args.Permission, "").Execute()
 
 		if descrErr != nil {
 			return common.NewResponseError(descrErr, descrResp)

diff --git a/cmd/rbac/rbac_revoke_test.go b/cmd/rbac/rbac_revoke_test.go
@@ -26,7 +26,6 @@ func TestRevokePermissions(t *testing.T) {
 	assert.Len(t, describeCalls, 1)
 	assert.Equal(t, SomeSubject, describeCalls[0].Psubject)
 	assert.Equal(t, SomePermission, *describeCalls[0].Ppermission)
-	assert.Equal(t, "system", *describeCalls[0].Presource)
 
 	di.ExecuteCommandWithContextUnsafe(&cli.Deps, cmd, "--subject", SomeSubject, "--permission", SomePermission, "--resource", SomeResource)
 
@@ -40,7 +39,6 @@ func TestRevokePermissions(t *testing.T) {
 	assert.Len(t, describeCalls, 2)
 	assert.Equal(t, SomeSubject, describeCalls[1].Psubject)
 	assert.Equal(t, SomePermission, *describeCalls[1].Ppermission)
-	assert.Equal(t, SomeResource, *describeCalls[1].Presource)
 
 	expectedResult := []printer.TableData{
 		ExpectedTable,