Reference for the teleport_user Terraform resource

Example Usage

# Teleport User resource

resource "teleport_user" "example" {
  # Tells Terraform that the role could not be destroyed while this user exists
  depends_on = [
    teleport_role.example
  ]

  metadata = {
    name        = "example"
    description = "Example Teleport User"

    expires = "2022-10-12T07:20:50Z"

    labels = {
      example = "yes"
    }
  }

  spec = {
    roles = ["example"]

    oidc_identities = [{
      connector_id = "oidc1"
      username     = "example"
    }]

    traits = {
      "logins1" = ["example"]
      "logins2" = ["example"]
    }

    github_identities = [{
      connector_id = "github"
      username     = "example"
    }]

    saml_identities = [{
      connector_id = "example-saml"
      username     = "example"
    }]
  }
}

Schema

Required

• version (String) Version is the resource version. It must be specified. Supported values are: v2.

Optional

• metadata (Attributes) Metadata is resource metadata (see below for nested schema)
• spec (Attributes) Spec is a user specification (see below for nested schema)
• status (Attributes) (see below for nested schema)
• sub_kind (String) SubKind is an optional resource sub kind, used in some resources

Nested Schema for metadata

Required:

• name (String) Name is an object name

Optional:

• description (String) Description is object description
• expires (String) Expires is a global expiry time header can be set on any resource in the system.
• labels (Map of String) Labels is a set of labels

Nested Schema for spec

Optional:

• github_identities (Attributes List) GithubIdentities list associated Github OAuth2 identities that let user log in using externally verified identity (see below for nested schema)
• oidc_identities (Attributes List) OIDCIdentities lists associated OpenID Connect identities that let user log in using externally verified identity (see below for nested schema)
• roles (List of String) Roles is a list of roles assigned to user
• saml_identities (Attributes List) SAMLIdentities lists associated SAML identities that let user log in using externally verified identity (see below for nested schema)
• traits (Map of List of String)
• trusted_device_ids (List of String) TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user. Managed by the Device Trust subsystem, avoid manual edits.

Nested Schema for spec.github_identities

Optional:

• connector_id (String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
• samlSingleLogoutUrl (String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
• username (String) Username is username supplied by external identity provider

Nested Schema for spec.oidc_identities

Optional:

• connector_id (String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
• samlSingleLogoutUrl (String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
• username (String) Username is username supplied by external identity provider

Nested Schema for spec.saml_identities

Optional:

• connector_id (String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
• samlSingleLogoutUrl (String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
• username (String) Username is username supplied by external identity provider

Nested Schema for status

Optional:

• password_state (Number) password_state reflects what the system knows about the user's password. Note that this is a "best effort" property, in that it can be UNSPECIFIED for users who were created before this property was introduced and didn't perform any password-related activity since then. See RFD 0159 for details. Do NOT use this value for authentication purposes!