forked from TrueCloudLab/certificates
Merge pull request #989 from smallstep/max/disable-ssh-hosts
Add attribute to disable SSH Hosts list API
This commit is contained in:
commit
3e2729e391
2 changed files with 4 additions and 0 deletions
|
@ -102,6 +102,7 @@ type AuthConfig struct {
|
||||||
DisableIssuedAtCheck bool `json:"disableIssuedAtCheck,omitempty"`
|
DisableIssuedAtCheck bool `json:"disableIssuedAtCheck,omitempty"`
|
||||||
Backdate *provisioner.Duration `json:"backdate,omitempty"`
|
Backdate *provisioner.Duration `json:"backdate,omitempty"`
|
||||||
EnableAdmin bool `json:"enableAdmin,omitempty"`
|
EnableAdmin bool `json:"enableAdmin,omitempty"`
|
||||||
|
DisableGetSSHHosts bool `json:"disableGetSSHHosts,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// init initializes the required fields in the AuthConfig if they are not
|
// init initializes the required fields in the AuthConfig if they are not
|
||||||
|
|
|
@ -602,6 +602,9 @@ func (a *Authority) CheckSSHHost(ctx context.Context, principal, token string) (
|
||||||
|
|
||||||
// GetSSHHosts returns a list of valid host principals.
|
// GetSSHHosts returns a list of valid host principals.
|
||||||
func (a *Authority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]config.Host, error) {
|
func (a *Authority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]config.Host, error) {
|
||||||
|
if a.GetConfig().AuthorityConfig.DisableGetSSHHosts {
|
||||||
|
return nil, errs.New(http.StatusNotFound, "ssh hosts list api disabled")
|
||||||
|
}
|
||||||
if a.sshGetHostsFunc != nil {
|
if a.sshGetHostsFunc != nil {
|
||||||
hosts, err := a.sshGetHostsFunc(ctx, cert)
|
hosts, err := a.sshGetHostsFunc(ctx, cert)
|
||||||
return hosts, errs.Wrap(http.StatusInternalServerError, err, "getSSHHosts")
|
return hosts, errs.Wrap(http.StatusInternalServerError, err, "getSSHHosts")
|
||||||
|
|
Loading…
Reference in a new issue