Use an actual Hosts type when returning ssh hosts

api/ssh.go

@@ -10,6 +10,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/authority"
 	"github.com/smallstep/certificates/authority/provisioner"
+	"github.com/smallstep/certificates/sshutil"
 	"github.com/smallstep/certificates/templates"
 	"golang.org/x/crypto/ssh"
 )
@@ -24,7 +25,7 @@ type SSHAuthority interface {
 	GetSSHFederation() (*authority.SSHKeys, error)
 	GetSSHConfig(typ string, data map[string]string) ([]templates.Output, error)
 	CheckSSHHost(principal string) (bool, error)
-	GetSSHHosts(cert *x509.Certificate) ([]string, error)
+	GetSSHHosts(cert *x509.Certificate) ([]sshutil.Host, error)
 	GetSSHBastion(user string, hostname string) (*authority.Bastion, error)
 }
 
@@ -83,7 +84,7 @@ type SSHCertificate struct {
 // SSHGetHostsResponse is the response object that returns the list of valid
 // hosts for SSH.
 type SSHGetHostsResponse struct {
-	Hosts []string `json:"hosts"`
+	Hosts []sshutil.Host `json:"hosts"`
 }
 
 // MarshalJSON implements the json.Marshaler interface. Returns a quoted,

authority/authority.go

@@ -11,6 +11,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/db"
+	"github.com/smallstep/certificates/sshutil"
 	"github.com/smallstep/certificates/templates"
 	"github.com/smallstep/cli/crypto/pemutil"
 	"github.com/smallstep/cli/crypto/x509util"
@@ -40,7 +41,7 @@ type Authority struct {
 	initOnce bool
 	// Custom functions
 	sshBastionFunc  func(user, hostname string) (*Bastion, error)
-	sshGetHostsFunc func(cert *x509.Certificate) ([]string, error)
+	sshGetHostsFunc func(cert *x509.Certificate) ([]sshutil.Host, error)
 	getIdentityFunc provisioner.GetIdentityFunc
 }
 

authority/options.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/db"
+	"github.com/smallstep/certificates/sshutil"
 )
 
 // Option sets options to the Authority.
@@ -36,7 +37,7 @@ func WithSSHBastionFunc(fn func(user, host string) (*Bastion, error)) Option {
 
 // WithSSHGetHosts sets a custom function to get the bastion for a
 // given user-host pair.
-func WithSSHGetHosts(fn func(cert *x509.Certificate) ([]string, error)) Option {
+func WithSSHGetHosts(fn func(cert *x509.Certificate) ([]sshutil.Host, error)) Option {
 	return func(a *Authority) {
 		a.sshGetHostsFunc = fn
 	}

authority/ssh.go

@@ -12,6 +12,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/db"
+	"github.com/smallstep/certificates/sshutil"
 	"github.com/smallstep/certificates/templates"
 	"github.com/smallstep/cli/crypto/randutil"
 	"github.com/smallstep/cli/jose"
@@ -674,17 +675,22 @@ func (a *Authority) CheckSSHHost(principal string) (bool, error) {
 }
 
 // GetSSHHosts returns a list of valid host principals.
-func (a *Authority) GetSSHHosts(cert *x509.Certificate) ([]string, error) {
+func (a *Authority) GetSSHHosts(cert *x509.Certificate) ([]sshutil.Host, error) {
 	if a.sshGetHostsFunc != nil {
 		return a.sshGetHostsFunc(cert)
 	}
-	hosts, err := a.db.GetSSHHostPrincipals()
+	hostnames, err := a.db.GetSSHHostPrincipals()
 	if err != nil {
 		return nil, &apiError{
 			err:  errors.Wrap(err, "getSSHHosts"),
 			code: http.StatusInternalServerError,
 		}
 	}
+
+	hosts := make([]sshutil.Host, len(hostnames))
+	for i, hn := range hostnames {
+		hosts[i] = sshutil.Host{Hostname: hn}
+	}
 	return hosts, nil
 }
 

sshutil/types.go

@@ -0,0 +1,14 @@
+package sshutil
+
+// HostGroup defines expected attributes for a host group that a host might belong to.
+type HostGroup struct {
+	ID   string
+	Name string
+}
+
+// Host defines expected attributes for an ssh host.
+type Host struct {
+	HostID     string      `json:"hid"`
+	HostGroups []HostGroup `json:"host_groups"`
+	Hostname   string      `json:"hostname"`
+}