Securing Infrastructure Access at Scale in Large Enterprises
Dec 12
Virtual
Register Now
Teleport logoTry For Free
Fork me on GitHub

Teleport

TeleportAccessList

This guide is a comprehensive reference to the fields in the TeleportAccessList resource, which you can apply after installing the Teleport Kubernetes operator.

resources.teleport.dev/v1

apiVersion: resources.teleport.dev/v1

FieldTypeDescription
apiVersionstringAPIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kindstringKind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadataobject
specobjectAccessList resource definition v1 from Teleport

spec

FieldTypeDescription
auditobjectaudit describes the frequency that this Access List must be audited.
descriptionstringdescription is an optional plaintext description of the Access List.
grantsobjectgrants describes the access granted by membership to this Access List.
membership_requiresobjectmembership_requires describes the requirements for a user to be a member of the Access List. For a membership to an Access List to be effective, the user must meet the requirements of Membership_requires and must be in the members list.
owner_grantsobjectowner_grants describes the access granted by owners to this Access List.
owners[]objectowners is a list of owners of the Access List.
ownership_requiresobjectownership_requires describes the requirements for a user to be an owner of the Access List. For ownership of an Access List to be effective, the user must meet the requirements of ownership_requires and must be in the owners list.
titlestringtitle is a plaintext short description of the Access List.

spec.audit

FieldTypeDescription
next_audit_datestringnext_audit_date is when the next audit date should be done by.
notificationsobjectnotifications is the configuration for notifying users.
recurrenceobjectrecurrence is the recurrence definition

spec.audit.notifications

FieldTypeDescription
startstringstart specifies when to start notifying users that the next audit date is coming up.

spec.audit.recurrence

FieldTypeDescription
day_of_monthstring or integerday_of_month is the day of month that reviews will be scheduled on. Supported values are 0, 1, 15, and 31. Can be either the string or the integer representation of each option.
frequencystring or integerfrequency is the frequency of reviews. This represents the period in months between two reviews. Supported values are 0, 1, 3, 6, and 12. Can be either the string or the integer representation of each option.

spec.grants

FieldTypeDescription
roles[]stringroles are the roles that are granted to users who are members of the Access List.
traitsobjecttraits are the traits that are granted to users who are members of the Access List.

spec.membership_requires

FieldTypeDescription
roles[]stringroles are the user roles that must be present for the user to obtain access.
traitsobjecttraits are the traits that must be present for the user to obtain access.

spec.owner_grants

FieldTypeDescription
roles[]stringroles are the roles that are granted to users who are members of the Access List.
traitsobjecttraits are the traits that are granted to users who are members of the Access List.

spec.owners items

FieldTypeDescription
descriptionstringdescription is the plaintext description of the owner and why they are an owner.
ineligible_statusstring or integerineligible_status describes if this owner is eligible or not and if not, describes how they're lacking eligibility. Can be either the string or the integer representation of each option.
membership_kindstring or integermembership_kind describes the type of membership, either MEMBERSHIP_KIND_USER or MEMBERSHIP_KIND_LIST. Can be either the string or the integer representation of each option.
namestringname is the username of the owner.

spec.ownership_requires

FieldTypeDescription
roles[]stringroles are the user roles that must be present for the user to obtain access.
traitsobjecttraits are the traits that must be present for the user to obtain access.