Skip to main content
Version: 19.x (unreleased)

Reference for the teleport_scoped_role_assignment Terraform resource

Report an IssueView as Markdown

This page describes the supported values of the teleport_scoped_role_assignment resource of the Teleport Terraform provider.

Example Usage

# Teleport Scoped Role Assignment resource
#
# Assigns an existing scoped role to a user at a specific scope.
# The referenced scoped role must already exist.

# resource "teleport_scoped_role" "example" {
#   version = "v1"
#   metadata = {
#     name = "example-scoped-role"
#   }

#   scope = "/staging"

#   spec = {
#     assignable_scopes = ["/staging/aa"]
#     rules = [{
#       resources = ["scoped_token"]
#       verbs     = ["read", "list"]
#     }]
#   }
# }

resource "teleport_scoped_role_assignment" "example" {
  version = "v1"
  # sub_kind must be dynamic when creating scoped role assignments.
  sub_kind = "dynamic"
  metadata = {
    name = "test-scoped-role-assignment"
  }

  scope = "/staging"

  spec = {
    user = "will"
    assignments = [{
      role  = "example-scoped-role"
      scope = "/staging/aa"
    }]
  }
}

Schema

Required

  • metadata (Attributes) Metadata contains the resource metadata. (see below for nested schema)
  • scope (String) Scope is the scope of the role assignment resource.
  • spec (Attributes) Spec is the role assignment specification. (see below for nested schema)
  • sub_kind (String) SubKind is the resource sub-kind.
  • version (String) Version is the resource version.

Nested Schema for metadata

Required:

  • name (String) name is an object name.

Optional:

  • description (String) description is object description.
  • expires (String) expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) labels is a set of labels.

Nested Schema for spec

Required:

  • assignments (Attributes List) Assignments is a list of individual role @ scope assignments. (see below for nested schema)

Optional:

  • bot_name (String) Name of the Bot to whom all contained assignments apply. Mutually exclusive with user.
  • bot_scope (String) Scope of the Bot to whom all contained assignments apply. Required if bot_name is set. If specified, assignment scopes must be equal or descendent of this scope.
  • user (String) User is the user to whom all contained assignments apply. Mutually exclusive with bot_name.

Nested Schema for spec.assignments

Optional:

  • role (String) Roles is the name of the role that is assigned by this assignment.
  • scope (String) Scope is the scope to which the role is assigned. This must be a member/child of the scope of the [ScopedRoleAssignment] in which this assignment is contained.