Add WithGetIdentityFunc option and attr to authority

* Add Identity type to provisioner

authority/authority.go

@@ -40,7 +40,8 @@ type Authority struct {
 	// Do not re-initialize
 	initOnce bool
 	// Custom functions
-	sshBastionFunc func(user, hostname string) (*Bastion, error)
+	sshBastionFunc  func(user, hostname string) (*Bastion, error)
+	getIdentityFunc func(p provisioner.Interface, email string) (*provisioner.Identity, error)
 }
 
 // New creates and initiates a new Authority type.

authority/options.go

@@ -1,6 +1,7 @@
 package authority
 
 import (
+	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/db"
 )
 
@@ -15,10 +16,18 @@ func WithDatabase(db db.AuthDB) Option {
 	}
 }
 
-// WithSSHBastionFunc defines sets a custom function to get the bastion for a
+// WithSSHBastionFunc sets a custom function to get the bastion for a
 // given user-host pair.
 func WithSSHBastionFunc(fn func(user, host string) (*Bastion, error)) Option {
 	return func(a *Authority) {
 		a.sshBastionFunc = fn
 	}
 }
+
+// WithGetIdentityFunc sets a custom function to retrieve the identity from
+// an external resource.
+func WithGetIdentityFunc(fn func(p provisioner.Interface, email string) (*provisioner.Identity, error)) Option {
+	return func(a *Authority) {
+		a.getIdentityFunc = fn
+	}
+}

authority/provisioner/provisioner.go

@@ -319,6 +319,12 @@ func (b *base) AuthorizeSSHRekey(ctx context.Context, token string) (*ssh.Certif
 	return nil, nil, errors.New("not implemented; provisioner does not implement AuthorizeSSHRekey")
 }
 
+// Identity is the type representing an externally supplied identity that is used
+// by provisioners to populate certificate fields.
+type Identity struct {
+	Usernames []string `json:"usernames"`
+}
+
 // MockProvisioner for testing
 type MockProvisioner struct {
 	Mret1, Mret2, Mret3 interface{}