Skip to main content

Reference for the teleport_workload_identity Terraform data-source

Schema

Optional

  • metadata (Attributes) Common metadata that all resources share. (see below for nested schema)
  • spec (Attributes) The configured properties of the WorkloadIdentity (see below for nested schema)
  • sub_kind (String) Differentiates variations of the same kind. All resources should contain one, even if it is never populated.
  • version (String) The version of the resource being represented.

Nested Schema for metadata

Optional:

  • description (String) description is object description.
  • expires (String) expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) labels is a set of labels.
  • name (String) name is an object name.

Nested Schema for spec

Optional:

  • rules (Attributes) The rules which are evaluated before the WorkloadIdentity can be issued. (see below for nested schema)
  • spiffe (Attributes) Configuration pertaining to the issuance of SPIFFE-compatible workload identity credentials. (see below for nested schema)

Nested Schema for spec.rules

Optional:

  • allow (Attributes List) A list of rules used to determine if a WorkloadIdentity can be issued. If none are provided, it will be considered a pass. If any are provided, then at least one must pass for the rules to be considered passed. (see below for nested schema)

Nested Schema for spec.rules.allow

Optional:

  • conditions (Attributes List) The conditions that must be met for this rule to be considered passed. (see below for nested schema)

Nested Schema for spec.rules.allow.conditions

Optional:

  • attribute (String) The name of the attribute to evaluate the condition against.
  • eq (Attributes) The attribute casted to a string must be equal to the value. (see below for nested schema)
  • in (Attributes) The attribute casted to a string must be in the list of values. (see below for nested schema)
  • not_eq (Attributes) The attribute casted to a string must not be equal to the value. (see below for nested schema)
  • not_in (Attributes) The attribute casted to a string must not be in the list of values. (see below for nested schema)

Nested Schema for spec.rules.allow.conditions.eq

Optional:

  • value (String) The value to compare the attribute against.

Nested Schema for spec.rules.allow.conditions.in

Optional:

  • values (List of String) The list of values to compare the attribute against.

Nested Schema for spec.rules.allow.conditions.not_eq

Optional:

  • value (String) The value to compare the attribute against.

Nested Schema for spec.rules.allow.conditions.not_in

Optional:

  • values (List of String) The list of values to compare the attribute against.

Nested Schema for spec.spiffe

Optional:

  • hint (String) A freeform text field which is provided to workloads along with a credential produced by this WorkloadIdentity. This can be used to provide additional context that can be used to select between multiple credentials.
  • id (String) The path of the SPIFFE ID that will be issued to the workload. This should be prefixed with a forward-slash ("/"). This field supports templating using attributes.
  • x509 (Attributes) Configuration specific to X509-SVIDs. (see below for nested schema)

Nested Schema for spec.spiffe.x509

Optional:

  • dns_sans (List of String) The DNS Subject Alternative Names (SANs) that should be included in an X509-SVID issued using this WorkloadIdentity. Each entry in this list supports templating using attributes.