[Feature] Add option to associate an api key to a specific user

Use case

I want to grant other persons using my hosted server the ability to manage their own user and the connected devices but currently i can only give them full admin privileges, which i do not want for security reasons.

Description

Add an optional parameter to the cli for example headscale apikeys create --user testUser which only grants admin rights to the user testUser and the associated devices.

Contribution

• [X] I can write the design doc for this feature
• [X] I can contribute this feature

How can it be implemented?

• Add the optional parameter --user to theheadscale apikeys create cli
• update the api endpoints to only accept get and post request to users associated to the apikey (if no user is assigned, grant all privileges)

Hi, I found this idea to be interesting too. As a further improvement, can you also allow for view-only/read-write keys? This may be an optional --view-only flag that only allow GET requests to the Headscale server. I have a use case where I want to monitor online nodes but not control them, so all of this would be a great addition. Thanks!

Hi, I found this idea to be interesting too. As a further improvement, can you also allow for view-only/read-write keys? This may be an optional --view-only flag that only allow GET requests to the Headscale server. I have a use case where I want to monitor online nodes but not control them, so all of this would be a great addition. Thanks!

I definitely see how this would be useful. If this feature request is being approved, I can probably implement this without much extra effort

This issue is stale because it has been open for 90 days with no activity.

not stale

This issue is stale because it has been open for 90 days with no activity.

no

This issue is stale because it has been open for 90 days with no activity.

This issue was closed because it has been inactive for 14 days since being marked as stale.