[Feature] Add option to associate an api key to a specific user

[danitherex]

Use case

I want to grant other persons using my hosted server the ability to manage their own user and the connected devices but currently i can only give them full admin privileges, which i do not want for security reasons.

Description

Add an optional parameter to the cli for example headscale apikeys create --user testUser which only grants admin rights to the user testUser and the associated devices.

Contribution

• [X] I can write the design doc for this feature
• [X] I can contribute this feature

How can it be implemented?

• Add the optional parameter --user to theheadscale apikeys create cli
• update the api endpoints to only accept get and post request to users associated to the apikey (if no user is assigned, grant all privileges)

[skedastically]

Hi, I found this idea to be interesting too. As a further improvement, can you also allow for view-only/read-write keys? This may be an optional --view-only flag that only allow GET requests to the Headscale server. I have a use case where I want to monitor online nodes but not control them, so all of this would be a great addition. Thanks!

[danitherex]

Hi, I found this idea to be interesting too. As a further improvement, can you also allow for view-only/read-write keys? This may be an optional --view-only flag that only allow GET requests to the Headscale server. I have a use case where I want to monitor online nodes but not control them, so all of this would be a great addition. Thanks!

I definitely see how this would be useful. If this feature request is being approved, I can probably implement this without much extra effort

[github-actions[bot]]

This issue is stale because it has been open for 90 days with no activity.

[skedastically]

not stale