headscale icon indicating copy to clipboard operation
headscale copied to clipboard

[Feature] Add option to associate an api key to a specific user

Open DanielMaurer02 opened this issue 1 year ago • 4 comments

Use case

I want to grant other persons using my hosted server the ability to manage their own user and the connected devices but currently i can only give them full admin privileges, which i do not want for security reasons.

Description

Add an optional parameter to the cli for example headscale apikeys create --user testUser which only grants admin rights to the user testUser and the associated devices.

Contribution

  • [X] I can write the design doc for this feature
  • [X] I can contribute this feature

How can it be implemented?

  • Add the optional parameter --user to theheadscale apikeys create cli
  • update the api endpoints to only accept get and post request to users associated to the apikey (if no user is assigned, grant all privileges)

DanielMaurer02 avatar Jun 23 '24 10:06 DanielMaurer02

Hi, I found this idea to be interesting too. As a further improvement, can you also allow for view-only/read-write keys? This may be an optional --view-only flag that only allow GET requests to the Headscale server. I have a use case where I want to monitor online nodes but not control them, so all of this would be a great addition. Thanks!

stratself avatar Jun 24 '24 20:06 stratself

Hi, I found this idea to be interesting too. As a further improvement, can you also allow for view-only/read-write keys? This may be an optional --view-only flag that only allow GET requests to the Headscale server. I have a use case where I want to monitor online nodes but not control them, so all of this would be a great addition. Thanks!

I definitely see how this would be useful. If this feature request is being approved, I can probably implement this without much extra effort

DanielMaurer02 avatar Jun 25 '24 09:06 DanielMaurer02

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Sep 24 '24 01:09 github-actions[bot]

not stale

stratself avatar Sep 24 '24 02:09 stratself

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Dec 26 '24 01:12 github-actions[bot]

no

stratself avatar Dec 28 '24 19:12 stratself

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Mar 30 '25 02:03 github-actions[bot]

This issue was closed because it has been inactive for 14 days since being marked as stale.

github-actions[bot] avatar Apr 07 '25 02:04 github-actions[bot]