# Reference for the teleport\_scoped\_role Terraform data-source This page describes the supported values of the `teleport_scoped_role` data source of the Teleport Terraform provider. ## Schema ### Required - `metadata` (Attributes) Metadata contains the resource metadata. (see [below for nested schema](#nested-schema-for-metadata)) - `scope` (String) Scope is the scope of the role resource. - `spec` (Attributes) Spec is the role specification. (see [below for nested schema](#nested-schema-for-spec)) - `version` (String) Version is the resource version. ### Optional - `sub_kind` (String) SubKind is the resource sub-kind. ### Nested Schema for `metadata` Required: - `name` (String) name is an object name. Optional: - `description` (String) description is object description. - `expires` (String) expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) labels is a set of labels. ### Nested Schema for `spec` Required: - `assignable_scopes` (List of String) AssignableScopes is a list of scopes to which this role can be assigned. Optional: - `defaults` (Attributes) Defaults specifies default values for controls common across multiple protocols. If the same control specified in defaults is also specified in a protocol block, the value in the protocol block takes precedence. (see [below for nested schema](#nested-schema-for-specdefaults)) - `kube` (Attributes) The kubernetes specific configuration for a scoped role. (see [below for nested schema](#nested-schema-for-speckube)) - `rules` (Attributes List) Rules describes basic resource:verb permissions (e.g. scoped\_role:read). (see [below for nested schema](#nested-schema-for-specrules)) - `ssh` (Attributes) Ssh specifies controls that govern SSH access. (see [below for nested schema](#nested-schema-for-specssh)) ### Nested Schema for `spec.defaults` Optional: - `client_idle_timeout` (String) ClientIdleTimeout sets the default idle timeout for access sessions across all protocols that do not specify their own value. Must be a valid Go duration string (e.g. "30m", "1h"). ### Nested Schema for `spec.kube` Optional: - `client_idle_timeout` (String) Overrides the defaults block idle timeout specifically for kube sessions. Must be a valid Go duration string (e.g. "30m", "1h"). If empty, the defaults block value (or global default) applies. - `groups` (List of String) The list of kubernetes groups this role allows. - `labels` (Attributes List) The map of kubernetes cluster labels used for RBAC. (see [below for nested schema](#nested-schema-for-speckubelabels)) - `users` (List of String) An optional list of impersonatable kubernetes users this role allows. ### Nested Schema for `spec.kube.labels` Optional: - `name` (String) The name of the label. - `values` (List of String) The values associated with the label. ### Nested Schema for `spec.rules` Optional: - `resources` (List of String) Resources is a list of resource kinds (e.g. 'scoped\_token') that the below verbs apply to. - `verbs` (List of String) Verbs is the list of action verbs (e.g. 'read') that apply to the above resources. ### Nested Schema for `spec.ssh` Optional: - `client_idle_timeout` (String) ClientIdleTimeout overrides the defaults block idle timeout specifically for SSH sessions. Must be a valid Go duration string (e.g. "30m", "1h"). If empty, the defaults block value (or global default) applies. - `file_copy` (Boolean) FileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults to allowing the user to download and upload files by default. - `forward_agent` (Boolean) ForwardAgent enables SSH agent forwarding. - `host_sudoers` (List of String) Sudoers is a list of entries to include in a users sudoer file - `host_user_creation` (Attributes) HostUserCreation configures the creation of host users. (see [below for nested schema](#nested-schema-for-specsshhost_user_creation)) - `labels` (Attributes List) Labels is the set of node labels used to dynamically select which nodes this role applies to. (see [below for nested schema](#nested-schema-for-specsshlabels)) - `logins` (List of String) Logins is the list of OS logins this role permits on matching nodes. - `max_sessions` (Number) MaxSessions defines the maximum number of concurrent sessions per connection. - `permit_x11_forwarding` (Boolean) PermitX11Forwarding, when true, authorizes use of X11 forwarding over SSH sessions. If not set, X11 forwarding is not permitted. - `port_forwarding` (Attributes) SSHPortForwarding configures what types of SSH port forwarding are allowed by a role. (see [below for nested schema](#nested-schema-for-specsshport_forwarding)) ### Nested Schema for `spec.ssh.host_user_creation` Optional: - `groups` (List of String) Groups is a list of host groups to add the user to. - `mode` (String) Mode specifies how the host user should be created. - `shell` (String) Shell is the shell to set for the user. ### Nested Schema for `spec.ssh.labels` Optional: - `name` (String) The name of the label. - `values` (List of String) The values associated with the label. ### Nested Schema for `spec.ssh.port_forwarding` Optional: - `local` (Attributes) Allow for local port forwarding. (see [below for nested schema](#nested-schema-for-specsshport_forwardinglocal)) - `remote` (Attributes) Allow for remote port forwarding. (see [below for nested schema](#nested-schema-for-specsshport_forwardingremote)) ### Nested Schema for `spec.ssh.port_forwarding.local` Optional: - `enabled` (Boolean) ### Nested Schema for `spec.ssh.port_forwarding.remote` Optional: - `enabled` (Boolean)