Skip to main content
Version: 18.x

TeleportScopedRoleV1

Report an IssueView as Markdown

This guide is a comprehensive reference to the fields in the TeleportScopedRoleV1 resource, which you can apply after installing the Teleport Kubernetes operator.

resources.teleport.dev/v1

apiVersion: resources.teleport.dev/v1

FieldTypeDescription
apiVersionstringAPIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kindstringKind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadataobject
scopestringScope is the scope of the role resource.
specobjectScopedRole resource definition v1 from Teleport

spec

FieldTypeDescription
assignable_scopes[]stringAssignableScopes is a list of scopes to which this role can be assigned.
defaultsobjectDefaults specifies default values for controls common across multiple protocols. If the same control specified in defaults is also specified in a protocol block, the value in the protocol block takes precedence.
rules[]objectRules describes basic resource:verb permissions (e.g. scoped_role:read).
sshobjectSsh specifies controls that govern SSH access.

spec.defaults

FieldTypeDescription
client_idle_timeoutstringClientIdleTimeout sets the default idle timeout for access sessions across all protocols that do not specify their own value. Must be a valid Go duration string (e.g. "30m", "1h").

spec.rules items

FieldTypeDescription
resources[]stringResources is a list of resource kinds (e.g. 'scoped_token') that the below verbs apply to.
verbs[]stringVerbs is the list of action verbs (e.g. 'read') that apply to the above resources.

spec.ssh

FieldTypeDescription
client_idle_timeoutstringClientIdleTimeout overrides the defaults block idle timeout specifically for SSH sessions. Must be a valid Go duration string (e.g. "30m", "1h"). If empty, the defaults block value (or global default) applies.
file_copybooleanFileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults to allowing the user to download and upload files by default.
forward_agentbooleanForwardAgent enables SSH agent forwarding.
host_sudoers[]stringSudoers is a list of entries to include in a users sudoer file
host_user_creationobjectHostUserCreation configures the creation of host users.
labels[]objectLabels is the set of node labels used to dynamically select which nodes this role applies to.
logins[]stringLogins is the list of OS logins this role permits on matching nodes.
max_sessionsintegerMaxSessions defines the maximum number of concurrent sessions per connection.
permit_x11_forwardingbooleanPermitX11Forwarding, when true, authorizes use of X11 forwarding over SSH sessions. If not set, X11 forwarding is not permitted.
port_forwardingobjectSSHPortForwarding configures what types of SSH port forwarding are allowed by a role.

spec.ssh.host_user_creation

FieldTypeDescription
groups[]stringGroups is a list of host groups to add the user to.
modestringMode specifies how the host user should be created.
shellstringShell is the shell to set for the user.

spec.ssh.labels items

FieldTypeDescription
namestringThe name of the label.
values[]stringThe values associated with the label.

spec.ssh.port_forwarding

FieldTypeDescription
localobjectAllow for local port forwarding.
remoteobjectAllow for remote port forwarding.

spec.ssh.port_forwarding.local

FieldTypeDescription
enabledboolean

spec.ssh.port_forwarding.remote

FieldTypeDescription
enabledboolean