diff --git a/authority/authority.go b/authority/authority.go index 091b84b9..77c887a2 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -40,7 +40,8 @@ type Authority struct { // Do not re-initialize initOnce bool // Custom functions - sshBastionFunc func(user, hostname string) (*Bastion, error) + sshBastionFunc func(user, hostname string) (*Bastion, error) + getIdentityFunc func(p provisioner.Interface, email string) (*provisioner.Identity, error) } // New creates and initiates a new Authority type. diff --git a/authority/options.go b/authority/options.go index 3d602255..409e8c2d 100644 --- a/authority/options.go +++ b/authority/options.go @@ -1,6 +1,7 @@ package authority import ( + "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" ) @@ -15,10 +16,18 @@ func WithDatabase(db db.AuthDB) Option { } } -// WithSSHBastionFunc defines sets a custom function to get the bastion for a +// WithSSHBastionFunc sets a custom function to get the bastion for a // given user-host pair. func WithSSHBastionFunc(fn func(user, host string) (*Bastion, error)) Option { return func(a *Authority) { a.sshBastionFunc = fn } } + +// WithGetIdentityFunc sets a custom function to retrieve the identity from +// an external resource. +func WithGetIdentityFunc(fn func(p provisioner.Interface, email string) (*provisioner.Identity, error)) Option { + return func(a *Authority) { + a.getIdentityFunc = fn + } +} diff --git a/authority/provisioner/provisioner.go b/authority/provisioner/provisioner.go index 4a17626c..8d0673a3 100644 --- a/authority/provisioner/provisioner.go +++ b/authority/provisioner/provisioner.go @@ -319,6 +319,12 @@ func (b *base) AuthorizeSSHRekey(ctx context.Context, token string) (*ssh.Certif return nil, nil, errors.New("not implemented; provisioner does not implement AuthorizeSSHRekey") } +// Identity is the type representing an externally supplied identity that is used +// by provisioners to populate certificate fields. +type Identity struct { + Usernames []string `json:"usernames"` +} + // MockProvisioner for testing type MockProvisioner struct { Mret1, Mret2, Mret3 interface{}