From 0c60d5c47b821b7162ff8a3784812134edc20fb1 Mon Sep 17 00:00:00 2001
From: Benjamin Collet <benjamin@collet.eu>
Date: Sat, 10 May 2025 20:52:06 +0200
Subject: [PATCH] Add support for basic filtering of SSH certificates

---
 setup.py                        |  2 +-
 step_ca_inspector_client/cli.py | 40 ++++++++++++++++++++++++++++++++-
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index 7fb8e6c..732a9ad 100644
--- a/setup.py
+++ b/setup.py
@@ -10,7 +10,7 @@ setup(
     #long_description_content_type="text/markdown",
     install_requires=["requests>=2.20.0,<3.0", "PyYAML", "tabulate"],
     keywords=["step-ca-inspector"],
-    version="0.0.1",
+    version="0.0.2",
     classifiers=[
         "Intended Audience :: Developers",
         "Development Status :: 3 - Alpha",
diff --git a/step_ca_inspector_client/cli.py b/step_ca_inspector_client/cli.py
index 700c753..86cdd9b 100644
--- a/step_ca_inspector_client/cli.py
+++ b/step_ca_inspector_client/cli.py
@@ -9,6 +9,8 @@ from step_ca_inspector_client.config import config
 
 config()
 
+SSH_CERT_TYPES = ["Host", "User"]
+
 
 def delta_text(delta):
     s = "s"[: abs(delta.days) ^ 1]
@@ -36,11 +38,21 @@ def fetch_api(endpoint, params={}):
     return results.json()
 
 
-def list_ssh_certs(sort_key, revoked=False, expired=False):
+def list_ssh_certs(
+    sort_key,
+    revoked=False,
+    expired=False,
+    cert_type=SSH_CERT_TYPES,
+    key=None,
+    principal=None,
+):
     params = {
         "sort_key": sort_key,
         "revoked": revoked,
         "expired": expired,
+        "cert_type": cert_type,
+        "key": key,
+        "principal": principal,
     }
     cert_list = fetch_api("ssh/certs", params=params)
 
@@ -358,6 +370,29 @@ def main():
         default="not_after",
         help="Sort certificates (default: not_after)",
     )
+    ssh_list_parser.add_argument(
+        "--type",
+        "-t",
+        type=str,
+        choices=SSH_CERT_TYPES,
+        default=SSH_CERT_TYPES,
+        nargs="+",
+        help="Filter by SSH certificate type",
+    )
+    ssh_list_parser.add_argument(
+        "--key",
+        "-k",
+        type=str,
+        default=None,
+        help="Search for key ID",
+    )
+    ssh_list_parser.add_argument(
+        "--principal",
+        "-p",
+        type=str,
+        default=None,
+        help="Search for principal",
+    )
     ssh_details_parser = ssh_subparsers.add_parser(
         "details", help="Show an ssh certificate details"
     )
@@ -391,6 +426,9 @@ def main():
                 revoked=args.show_revoked,
                 expired=args.show_expired,
                 sort_key=args.sort_by,
+                cert_type=args.type,
+                key=args.key,
+                principal=args.principal,
             )
         elif args.action == "details":
             get_ssh_cert(serial=args.serial)