Manage API tokens with debusine-admin

debusine-admin is a CLI that can be run by the debusine dedicated user to perform some server-side administration tasks. Here we cover basic management of API authentication tokens that will be required to be able to queue tasks in debusine over its REST API.

Create an API token

debusine-admin create-token <owner> [<comment>] would create new unique random token associated to a given owner (the "owner" is just a plain string used for traceability) and associates a comment to the generated key so that we can record details about the reason why the token was created. The generated token is output on standard output.

The database also stores the timestamp when the token was created.

List API tokens

debusine-admin list-tokens [--token <token>] [--owner <owner>] would return a list of available tokens with their associated details. The --owner parameter would restrict the list to the tokens that have this specific owner. The --token parameter would restrict the output to the listed token. If both are specified, then the restrictions are combined, the specified token is only listed if its owner and the token value match the values of the parameters.

If the default output is not machine-parseable, then there should be some option to make it machine friendly (e.g. --json to output the result as a json structure).

Remove an API token

debusine-admin remove-tokens [--force] [--token <token>] [--owner <owner>] would remove the tokens matched by the various parameters (same matching logic as in list-tokens) after having asked a confirmation to the user (the confirmation is skipped if --force is passed). The confirmation message should show the list of tokens that would be removed.