very bad demo code

config/options.go

@@ -230,6 +230,11 @@ type Options struct {
 
 	GRPCClientTimeout time.Duration `mapstructure:"grpc_client_timeout" yaml:"grpc_client_timeout,omitempty"`
 
+	SSHAddr      string       `mapstructure:"ssh_address" yaml:"ssh_address,omitempty"`
+	SSHHostname  string       `mapstructure:"ssh_hostname" yaml:"ssh_hostname,omitempty"`
+	SSHHostKeys  []SSHKeyPair `mapstructure:"ssh_host_keys" yaml:"ssh_host_keys,omitempty"`
+	SSHUserCAKey SSHKeyPair   `mapstructure:"ssh_user_ca_key" yaml:"ssh_user_ca_key,omitempty"`
+
 	// DataBrokerURLString is the routable destination of the databroker service's gRPC endpoint.
 	DataBrokerURLString         string   `mapstructure:"databroker_service_url" yaml:"databroker_service_url,omitempty"`
 	DataBrokerURLStrings        []string `mapstructure:"databroker_service_urls" yaml:"databroker_service_urls,omitempty"`
@@ -290,6 +295,11 @@ type certificateFilePair struct {
 	KeyFile  string `mapstructure:"key" yaml:"key,omitempty"`
 }
 
+type SSHKeyPair struct {
+	PublicKeyFile  string `mapstructure:"public_key_file" yaml:"public_key_file,omitempty"`
+	PrivateKeyFile string `mapstructure:"private_key_file" yaml:"private_key_file,omitempty"`
+}
+
 // DefaultOptions are the default configuration options for pomerium
 var defaultOptions = Options{
 	LogLevel:                 LogLevelInfo,
@@ -1298,6 +1308,11 @@ func (o *Options) GetAllRouteableHTTPHosts() ([]string, error) {
 				return nil, err
 			}
 
+			// TODO
+			if fromURL.Scheme == "ssh" {
+				continue
+			}
+
 			hosts.InsertSlice(urlutil.GetDomainsForURL(fromURL, !o.IsRuntimeFlagSet(RuntimeFlagMatchAnyIncomingPort)))
 			if policy.TLSDownstreamServerName != "" {
 				tlsURL := fromURL.ResolveReference(&url.URL{Host: policy.TLSDownstreamServerName})