Teleport
Reference for the teleport_user Terraform resource
Version preview- Older Versions
Example Usage
# Teleport User resource
resource "teleport_user" "example" {
# Tells Terraform that the role could not be destroyed while this user exists
depends_on = [
teleport_role.example
]
metadata = {
name = "example"
description = "Example Teleport User"
expires = "2022-10-12T07:20:50Z"
labels = {
example = "yes"
}
}
spec = {
roles = ["example"]
oidc_identities = [{
connector_id = "oidc1"
username = "example"
}]
traits = {
"logins1" = ["example"]
"logins2" = ["example"]
}
github_identities = [{
connector_id = "github"
username = "example"
}]
saml_identities = [{
connector_id = "example-saml"
username = "example"
}]
}
}
Schema
Required
version
(String) Version is the resource version. It must be specified. Supported values are:v2
.
Optional
metadata
(Attributes) Metadata is resource metadata (see below for nested schema)spec
(Attributes) Spec is a user specification (see below for nested schema)status
(Attributes) (see below for nested schema)sub_kind
(String) SubKind is an optional resource sub kind, used in some resources
Nested Schema for metadata
Required:
name
(String) Name is an object name
Optional:
description
(String) Description is object descriptionexpires
(String) Expires is a global expiry time header can be set on any resource in the system.labels
(Map of String) Labels is a set of labels
Nested Schema for spec
Optional:
github_identities
(Attributes List) GithubIdentities list associated Github OAuth2 identities that let user log in using externally verified identity (see below for nested schema)oidc_identities
(Attributes List) OIDCIdentities lists associated OpenID Connect identities that let user log in using externally verified identity (see below for nested schema)roles
(List of String) Roles is a list of roles assigned to usersaml_identities
(Attributes List) SAMLIdentities lists associated SAML identities that let user log in using externally verified identity (see below for nested schema)traits
(Map of List of String)trusted_device_ids
(List of String) TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user. Managed by the Device Trust subsystem, avoid manual edits.
Nested Schema for spec.github_identities
Optional:
connector_id
(String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'samlSingleLogoutUrl
(String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.username
(String) Username is username supplied by external identity provider
Nested Schema for spec.oidc_identities
Optional:
connector_id
(String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'samlSingleLogoutUrl
(String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.username
(String) Username is username supplied by external identity provider
Nested Schema for spec.saml_identities
Optional:
connector_id
(String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'samlSingleLogoutUrl
(String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.username
(String) Username is username supplied by external identity provider
Nested Schema for status
Optional:
password_state
(Number) password_state reflects what the system knows about the user's password. Note that this is a "best effort" property, in that it can be UNSPECIFIED for users who were created before this property was introduced and didn't perform any password-related activity since then. See RFD 0159 for details. Do NOT use this value for authentication purposes!