Closed shreddedbacon closed 3 months ago
ssh-portal-api will either need to use the API, or be updated to include the function to update the last used timestamp when an ssh key is used
Should the SSH key last used also include the last time it was used to generate a token? From what I can tell this PR doesn't do that but I could be wrong.
Should the SSH key last used also include the last time it was used to generate a token? From what I can tell this PR doesn't do that but I could be wrong.
In the legacy SSH service, it is called whenever the authorize.sh script is called and hits the /keys endpoint in the API. So whenever a key is used and matches, it will get updated. Token, SSH, whatever.
General Checklist
Database Migrations
Whenever a user accesses the API update the last_accessed attribute on the user.
Alternative approach could be to store this in the API DB to reduce calls to keycloak though.
Also when the
api/keys
endpoint is hit, and a valid sshkey is detected, a newlast_used
field is updated to indicate when the key was last used.