From 1398d01bd8ba445fc2a74c1a9fdb5eff04977087 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Wed, 7 Jan 2026 13:35:34 +0100 Subject: [PATCH] proto: change preauthkey API to ID-based operations Remove user parameter from ListPreAuthKeys. Change ExpirePreAuthKey and DeletePreAuthKey to use key ID. --- CHANGELOG.md | 25 +++++++++++++++++++++++++ proto/headscale/v1/preauthkey.proto | 19 +++++++++++-------- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6cb76f0d..822964e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -42,6 +42,31 @@ sequentially through each stable release, selecting the latest patch version ava - **API**: The Node message in the gRPC/REST API has been simplified - the `ForcedTags`, `InvalidTags`, and `ValidTags` fields have been removed and replaced with a single `Tags` field that contains the node's applied tags [#2993](https://github.com/juanfont/headscale/pull/2993) - API clients should use the `Tags` field instead of `ValidTags` - The `headscale nodes list` CLI command now always shows a Tags column and the `--tags` flag has been removed +- **PreAuthKey CLI**: Commands now use ID-based operations instead of user+key combinations [#2992](https://github.com/juanfont/headscale/pull/2992) + - `headscale preauthkeys create` no longer requires `--user` flag (optional for tracking creation) + - `headscale preauthkeys list` lists all keys (no longer filtered by user) + - `headscale preauthkeys expire --id ` replaces `--user ` + - `headscale preauthkeys delete --id ` replaces `--user ` + + **Before:** + + ```bash + headscale preauthkeys create --user 1 --reusable --tags tag:server + headscale preauthkeys list --user 1 + headscale preauthkeys expire --user 1 + headscale preauthkeys delete --user 1 + ``` + + **After:** + + ```bash + headscale preauthkeys create --reusable --tags tag:server + headscale preauthkeys create --user 1 --reusable --tags tag:server # optional user tracking + headscale preauthkeys list + headscale preauthkeys expire --id 123 + headscale preauthkeys delete --id 123 + ``` + - **Tags**: The gRPC `SetTags` endpoint now allows converting user-owned nodes to tagged nodes by setting tags. [#2885](https://github.com/juanfont/headscale/pull/2885) - **Tags**: Tags are now resolved from the node's stored Tags field only [#2931](https://github.com/juanfont/headscale/pull/2931) - `--advertise-tags` is processed during registration, not on every policy evaluation diff --git a/proto/headscale/v1/preauthkey.proto b/proto/headscale/v1/preauthkey.proto index fa2c5188..04e88821 100644 --- a/proto/headscale/v1/preauthkey.proto +++ b/proto/headscale/v1/preauthkey.proto @@ -1,10 +1,11 @@ syntax = "proto3"; package headscale.v1; -option go_package = "github.com/juanfont/headscale/gen/go/v1"; import "google/protobuf/timestamp.proto"; import "headscale/v1/user.proto"; +option go_package = "github.com/juanfont/headscale/gen/go/v1"; + message PreAuthKey { User user = 1; uint64 id = 2; @@ -25,22 +26,24 @@ message CreatePreAuthKeyRequest { repeated string acl_tags = 5; } -message CreatePreAuthKeyResponse { PreAuthKey pre_auth_key = 1; } +message CreatePreAuthKeyResponse { + PreAuthKey pre_auth_key = 1; +} message ExpirePreAuthKeyRequest { - uint64 user = 1; - string key = 2; + uint64 id = 1; } message ExpirePreAuthKeyResponse {} message DeletePreAuthKeyRequest { - uint64 user = 1; - string key = 2; + uint64 id = 1; } message DeletePreAuthKeyResponse {} -message ListPreAuthKeysRequest { uint64 user = 1; } +message ListPreAuthKeysRequest {} -message ListPreAuthKeysResponse { repeated PreAuthKey pre_auth_keys = 1; } +message ListPreAuthKeysResponse { + repeated PreAuthKey pre_auth_keys = 1; +}