API endpoints for bulk-suspend/reinstate licenses or ban/unban group

[grschafer]

Apologies if I'm missing something in the API, but I'm not seeing a clear way to achieve the following scenario:

I have a desktop app product with a customer that I'll call Company C with employees E0001 through E1000. I currently represent this in keygen as a Group with name C and Users (and a license) for each employee. If Company C pauses their subscription or is overdue on payment, I'd like to suspend all the licenses. It seems like this would involve 1000 API calls to keygen to suspend each license or to ban each user.

I'd ideally want to do something like:

• 1 API request to a bulk suspend-license endpoint
• or 1 API request to ban the keygen Group representing the company (which would effectively ban all the Users of the Group)

A potential workaround might be to represent the customer company as a keygen User instead of a Group, so a single User "ban" API request would block all of the licenses. But, employees wouldn't be able to manage their own licenses/machines because they couldn't correspond to a keygen User.

Thanks in advance for any suggestions/help!

[ezekg]

The concept of banning a group, although it seems like it makes sense, upon further thought, it doesn't. What happens if a group consists of only machines? Machines can't be banned, so what happens to the machines of the banned group? Does banning a group retroactively ban/suspend all resources in that group, and their ancestors? E.g. if a machine is a part of a banned group, but its license isn't, is the license banned by association? That sounds overly complex and confusing, and requires the system to peek into all groups of all children to determine whether or not a given resource is in a banned group.

Really, I think this is a symptom of both not supporting bulk operations (#231), as well as only allowing a single user per-license (#534). I'm wary of introducing bulk operations, because of the authz implications, but also in regards to performance and code complexity. I'd rather avoid bulk operations altogether because of this.

So a better solution here, I think, would be to move forward with supporting multiple users per-license (#534). That way, a single license can be shared across a company, allowing you to suspend the license for everybody (e.g. non-payment), but also ban individual users if needed (e.g. employee off-boarding).

As it currently stands, the only solution would be to suspend each license or ban each user individually.

[ezekg]

Closing this since it'd be solved with #534, and as such, it's a duplicate.