parent
be030309a4
commit
b0fdd0b2be
2 changed files with 12 additions and 1 deletions
|
@ -177,7 +177,17 @@ func (a *Authority) GetSSHBastion(ctx context.Context, user string, hostname str
|
||||||
}
|
}
|
||||||
if a.config.SSH != nil {
|
if a.config.SSH != nil {
|
||||||
if a.config.SSH.Bastion != nil && a.config.SSH.Bastion.Hostname != "" {
|
if a.config.SSH.Bastion != nil && a.config.SSH.Bastion.Hostname != "" {
|
||||||
return a.config.SSH.Bastion, nil
|
// Do not return a bastion for a bastion host.
|
||||||
|
//
|
||||||
|
// This condition might fail if a different name or IP is used.
|
||||||
|
// Trying to resolve hostnames to IPs and compare them won't be a
|
||||||
|
// complete solution because it depends on the network
|
||||||
|
// configuration, of the CA and clients and can also return false
|
||||||
|
// positives. Although not perfect, this simple solution will work
|
||||||
|
// in most cases.
|
||||||
|
if !strings.EqualFold(hostname, a.config.SSH.Bastion.Hostname) {
|
||||||
|
return a.config.SSH.Bastion, nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -629,6 +629,7 @@ func TestAuthority_GetSSHBastion(t *testing.T) {
|
||||||
wantErr bool
|
wantErr bool
|
||||||
}{
|
}{
|
||||||
{"config", fields{&Config{SSH: &SSHConfig{Bastion: bastion}}, nil}, args{"user", "host.local"}, bastion, false},
|
{"config", fields{&Config{SSH: &SSHConfig{Bastion: bastion}}, nil}, args{"user", "host.local"}, bastion, false},
|
||||||
|
{"bastion", fields{&Config{SSH: &SSHConfig{Bastion: bastion}}, nil}, args{"user", "bastion.local"}, nil, false},
|
||||||
{"nil", fields{&Config{SSH: &SSHConfig{Bastion: nil}}, nil}, args{"user", "host.local"}, nil, false},
|
{"nil", fields{&Config{SSH: &SSHConfig{Bastion: nil}}, nil}, args{"user", "host.local"}, nil, false},
|
||||||
{"empty", fields{&Config{SSH: &SSHConfig{Bastion: &Bastion{}}}, nil}, args{"user", "host.local"}, nil, false},
|
{"empty", fields{&Config{SSH: &SSHConfig{Bastion: &Bastion{}}}, nil}, args{"user", "host.local"}, nil, false},
|
||||||
{"func", fields{&Config{}, func(_ context.Context, _, _ string) (*Bastion, error) { return bastion, nil }}, args{"user", "host.local"}, bastion, false},
|
{"func", fields{&Config{}, func(_ context.Context, _, _ string) (*Bastion, error) { return bastion, nil }}, args{"user", "host.local"}, bastion, false},
|
||||||
|
|
Loading…
Reference in a new issue