Reference for the teleport_scoped_role Terraform data-source

Report an IssueView as Markdown

Is this page helpful?

How can we improve this page?

This page describes the supported values of the teleport_scoped_role data source of the Teleport Terraform provider.

Schema

Required

• metadata (Attributes) Metadata contains the resource metadata. (see below for nested schema)
• scope (String) Scope is the scope of the role resource.
• spec (Attributes) Spec is the role specification. (see below for nested schema)
• version (String) Version is the resource version.

Optional

• sub_kind (String) SubKind is the resource sub-kind.

Nested Schema for metadata

Required:

• name (String) name is an object name.

Optional:

• description (String) description is object description.
• expires (String) expires is a global expiry time header can be set on any resource in the system.
• labels (Map of String) labels is a set of labels.

Nested Schema for spec

Required:

• assignable_scopes (List of String) AssignableScopes is a list of scopes to which this role can be assigned.

Optional:

• defaults (Attributes) Defaults specifies default values for controls common across multiple protocols. If the same control specified in defaults is also specified in a protocol block, the value in the protocol block takes precedence. (see below for nested schema)
• kube (Attributes) The kubernetes specific configuration for a scoped role. (see below for nested schema)
• rules (Attributes List) Rules describes basic resource:verb permissions (e.g. scoped_role:read). (see below for nested schema)
• ssh (Attributes) Ssh specifies controls that govern SSH access. (see below for nested schema)

Nested Schema for spec.defaults

Optional:

• client_idle_timeout (String) ClientIdleTimeout sets the default idle timeout for access sessions across all protocols that do not specify their own value. Must be a valid Go duration string (e.g. "30m", "1h").

Nested Schema for spec.kube

Optional:

• client_idle_timeout (String) Overrides the defaults block idle timeout specifically for kube sessions. Must be a valid Go duration string (e.g. "30m", "1h"). If empty, the defaults block value (or global default) applies.
• groups (List of String) The list of kubernetes groups this role allows.
• labels (Attributes List) The map of kubernetes cluster labels used for RBAC. (see below for nested schema)
• users (List of String) An optional list of impersonatable kubernetes users this role allows.

Nested Schema for spec.kube.labels

Optional:

• name (String) The name of the label.
• values (List of String) The values associated with the label.

Nested Schema for spec.rules

Optional:

• resources (List of String) Resources is a list of resource kinds (e.g. 'scoped_token') that the below verbs apply to.
• verbs (List of String) Verbs is the list of action verbs (e.g. 'read') that apply to the above resources.

Nested Schema for spec.ssh

Optional:

• client_idle_timeout (String) ClientIdleTimeout overrides the defaults block idle timeout specifically for SSH sessions. Must be a valid Go duration string (e.g. "30m", "1h"). If empty, the defaults block value (or global default) applies.
• file_copy (Boolean) FileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults to allowing the user to download and upload files by default.
• forward_agent (Boolean) ForwardAgent enables SSH agent forwarding.
• host_sudoers (List of String) Sudoers is a list of entries to include in a users sudoer file
• host_user_creation (Attributes) HostUserCreation configures the creation of host users. (see below for nested schema)
• labels (Attributes List) Labels is the set of node labels used to dynamically select which nodes this role applies to. (see below for nested schema)
• logins (List of String) Logins is the list of OS logins this role permits on matching nodes.
• max_sessions (Number) MaxSessions defines the maximum number of concurrent sessions per connection.
• permit_x11_forwarding (Boolean) PermitX11Forwarding, when true, authorizes use of X11 forwarding over SSH sessions. If not set, X11 forwarding is not permitted.
• port_forwarding (Attributes) SSHPortForwarding configures what types of SSH port forwarding are allowed by a role. (see below for nested schema)

Nested Schema for spec.ssh.host_user_creation

Optional:

• groups (List of String) Groups is a list of host groups to add the user to.
• mode (String) Mode specifies how the host user should be created.
• shell (String) Shell is the shell to set for the user.

Nested Schema for spec.ssh.labels

Optional:

• name (String) The name of the label.
• values (List of String) The values associated with the label.

Nested Schema for spec.ssh.port_forwarding

Optional:

• local (Attributes) Allow for local port forwarding. (see below for nested schema)
• remote (Attributes) Allow for remote port forwarding. (see below for nested schema)

Nested Schema for spec.ssh.port_forwarding.local

Optional:

• enabled (Boolean)

Nested Schema for spec.ssh.port_forwarding.remote

Optional:

• enabled (Boolean)

Was this page helpful?

How can we improve this page?