Bringing this back up, sorry I was busy and could not follow up last time on getting the PR #425 merged (Closed due to inactivity). I see that there have been a few changes to the YAML plugin. I will submit a new PR for review.

We added functionality to the sshpiper yaml plugin so that there is also an option to route users based on group membership.

This PR lets us define a groupname in place of a username in the config file (sshpiperd.yaml) for the yaml plugin to route users based on a Unix group membership

If the username is not defined in the config file, it checks for groupname and decides their target host upstream.
If the username is defined it goes with the target host upstream, defined for the user. So the original functionality is still intact and we have an additional feature to add groupname in place of username to the config file, if we are dealing with large number of users.

Example sshpiperd.yaml

version: "1.0"
pipes:
# username-based routing 
- from:
    - username: "alice"
      authorized_keys: /home/alice/.ssh/authorized_keys
  to:
    host: login002
    username: "alice"
    private_key: /home/alice/.ssh/id_ecdsa
    ignore_hostkey: true

# groupname-based routing
# key auth
- from:
    - groupname: "group_A" # catch all
      authorized_keys: /home/$DOWNSTREAM_USER/.ssh/authorized_keys
  to:
    host: login001
    ignore_hostkey: true
    private_key: /home/$DOWNSTREAM_USER/.ssh/id_ecdsa
- from:
    - groupname: "group_B" # catch all
      authorized_keys: /home/$DOWNSTREAM_USER/.ssh/authorized_keys
  to:
    host: login002
    ignore_hostkey: true
    private_key: /home/$DOWNSTREAM_USER/.ssh/id_ecdsa

# Password auth when no key is defined.
- from:
    - groupname: "group_A"
  to:
    host: login001
    ignore_hostkey: true
- from:
    - groupname: "group_B"
  to:
    host: login002
    ignore_hostkey: true

Edited: Removed text for clarity and improved the issue name.