Hi folks, Just pointing out that we are also working on a PR aiming to
extend the API Key pair functionality
(https://github.com/apache/cloudstack/pull/9504
<https://github.com/apache/cloudstack/pull/9504>), including API Key
deletion. It addresses the user leaving an org problem by invalidating
the key altogether, which may be a little safer than letting it be able
to be restored. It could still be interesting to have this system for
enabling and disabling API keys non-destructively, although similar
things can be achieved disabling users/accounts/domains.Although I don't
believe there will be many conflicts between the implementations, it
could be interesting taking a look on the mentioned PR.
On 2024/09/24 08:03:00 Abhisar Sinha wrote:
> Hi All,
>
> I am working on this feature where Root Admin will get the option to
disable Api key/ Secret key based access for a User, Account, or a Domain.
> Api keys are primarily used for automation. It is the primary
authorization mechanism used by automation when password-based access is
not used.
> This feature will be useful for Root Admins who may want to block
certain users/accounts from using them. Or the Admin may want to disable
Api key access for the whole domain and allow only for certain users.
>
> I've created a spec here :
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=323488155
> Your comments and suggestions are greatly appreciated.
>
> Thanks,
> Abhisar
>
>
>
>