diff --git a/api/ssh.go b/api/ssh.go index cec2dcb7..0bc2c35a 100644 --- a/api/ssh.go +++ b/api/ssh.go @@ -10,6 +10,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" + "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" "golang.org/x/crypto/ssh" ) @@ -24,7 +25,7 @@ type SSHAuthority interface { GetSSHFederation() (*authority.SSHKeys, error) GetSSHConfig(typ string, data map[string]string) ([]templates.Output, error) CheckSSHHost(principal string) (bool, error) - GetSSHHosts(cert *x509.Certificate) ([]string, error) + GetSSHHosts(cert *x509.Certificate) ([]sshutil.Host, error) GetSSHBastion(user string, hostname string) (*authority.Bastion, error) } @@ -83,7 +84,7 @@ type SSHCertificate struct { // SSHGetHostsResponse is the response object that returns the list of valid // hosts for SSH. type SSHGetHostsResponse struct { - Hosts []string `json:"hosts"` + Hosts []sshutil.Host `json:"hosts"` } // MarshalJSON implements the json.Marshaler interface. Returns a quoted, diff --git a/authority/authority.go b/authority/authority.go index 9faf3348..9d04f339 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -11,6 +11,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" + "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/crypto/x509util" @@ -40,7 +41,7 @@ type Authority struct { initOnce bool // Custom functions sshBastionFunc func(user, hostname string) (*Bastion, error) - sshGetHostsFunc func(cert *x509.Certificate) ([]string, error) + sshGetHostsFunc func(cert *x509.Certificate) ([]sshutil.Host, error) getIdentityFunc provisioner.GetIdentityFunc } diff --git a/authority/options.go b/authority/options.go index f1738e68..a2e19edb 100644 --- a/authority/options.go +++ b/authority/options.go @@ -5,6 +5,7 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" + "github.com/smallstep/certificates/sshutil" ) // Option sets options to the Authority. @@ -36,7 +37,7 @@ func WithSSHBastionFunc(fn func(user, host string) (*Bastion, error)) Option { // WithSSHGetHosts sets a custom function to get the bastion for a // given user-host pair. -func WithSSHGetHosts(fn func(cert *x509.Certificate) ([]string, error)) Option { +func WithSSHGetHosts(fn func(cert *x509.Certificate) ([]sshutil.Host, error)) Option { return func(a *Authority) { a.sshGetHostsFunc = fn } diff --git a/authority/ssh.go b/authority/ssh.go index 779a6da9..232527a8 100644 --- a/authority/ssh.go +++ b/authority/ssh.go @@ -12,6 +12,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" + "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/jose" @@ -674,17 +675,22 @@ func (a *Authority) CheckSSHHost(principal string) (bool, error) { } // GetSSHHosts returns a list of valid host principals. -func (a *Authority) GetSSHHosts(cert *x509.Certificate) ([]string, error) { +func (a *Authority) GetSSHHosts(cert *x509.Certificate) ([]sshutil.Host, error) { if a.sshGetHostsFunc != nil { return a.sshGetHostsFunc(cert) } - hosts, err := a.db.GetSSHHostPrincipals() + hostnames, err := a.db.GetSSHHostPrincipals() if err != nil { return nil, &apiError{ err: errors.Wrap(err, "getSSHHosts"), code: http.StatusInternalServerError, } } + + hosts := make([]sshutil.Host, len(hostnames)) + for i, hn := range hostnames { + hosts[i] = sshutil.Host{Hostname: hn} + } return hosts, nil } diff --git a/sshutil/types.go b/sshutil/types.go new file mode 100644 index 00000000..322b9fb5 --- /dev/null +++ b/sshutil/types.go @@ -0,0 +1,14 @@ +package sshutil + +// HostGroup defines expected attributes for a host group that a host might belong to. +type HostGroup struct { + ID string + Name string +} + +// Host defines expected attributes for an ssh host. +type Host struct { + HostID string `json:"hid"` + HostGroups []HostGroup `json:"host_groups"` + Hostname string `json:"hostname"` +}