Merge pull request #989 from smallstep/max/disable-ssh-hosts

Add attribute to disable SSH Hosts list API
This commit is contained in:
Max 2022-08-08 14:15:35 -07:00 committed by GitHub
commit 3e2729e391
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions

View file

@ -102,6 +102,7 @@ type AuthConfig struct {
DisableIssuedAtCheck bool `json:"disableIssuedAtCheck,omitempty"` DisableIssuedAtCheck bool `json:"disableIssuedAtCheck,omitempty"`
Backdate *provisioner.Duration `json:"backdate,omitempty"` Backdate *provisioner.Duration `json:"backdate,omitempty"`
EnableAdmin bool `json:"enableAdmin,omitempty"` EnableAdmin bool `json:"enableAdmin,omitempty"`
DisableGetSSHHosts bool `json:"disableGetSSHHosts,omitempty"`
} }
// init initializes the required fields in the AuthConfig if they are not // init initializes the required fields in the AuthConfig if they are not

View file

@ -602,6 +602,9 @@ func (a *Authority) CheckSSHHost(ctx context.Context, principal, token string) (
// GetSSHHosts returns a list of valid host principals. // GetSSHHosts returns a list of valid host principals.
func (a *Authority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]config.Host, error) { func (a *Authority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]config.Host, error) {
if a.GetConfig().AuthorityConfig.DisableGetSSHHosts {
return nil, errs.New(http.StatusNotFound, "ssh hosts list api disabled")
}
if a.sshGetHostsFunc != nil { if a.sshGetHostsFunc != nil {
hosts, err := a.sshGetHostsFunc(ctx, cert) hosts, err := a.sshGetHostsFunc(ctx, cert)
return hosts, errs.Wrap(http.StatusInternalServerError, err, "getSSHHosts") return hosts, errs.Wrap(http.StatusInternalServerError, err, "getSSHHosts")