Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mention allowed_users and allowed_domains are comma separated lists #16877

Merged
merged 1 commit into from
Aug 24, 2022
Merged

Mention allowed_users and allowed_domains are comma separated lists #16877

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions website/content/api-docs/secret/ssh.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,11 +136,11 @@ This endpoint creates or updates a named role.

- `allowed_users` `(string: "")` – If this option is not specified, or if it is
`*`, the client can request a credential for any valid user at the remote
host, including the admin user. If only certain usernames are to be allowed,
then this list enforces it. If this field is set, then credentials can only
be created for `default_user` and usernames present in this list. Setting
this option will enable all the users with access this role to fetch
credentials for all other usernames in this list.
host, including the admin user. To only allow an explicit list of users, set
this parameter using a comma-separated username list to enforce it. When this
parameter is set, the credentials are created only for `default_user` and
usernames listed. Setting this option will enable all the users with access
this role to fetch credentials for all other usernames in this list.
When `allowed_users_template` is set to `true`, this field can contain an identity
template with any prefix or suffix, like `ssh-{{identity.entity.id}}-user`.
Use with caution. N.B.: if the type is `ca`, an empty list does not allow any user;
Expand All @@ -149,10 +149,10 @@ This endpoint creates or updates a named role.
- `allowed_users_template` `(bool: false)` - If set, `allowed_users` can be specified
using identity template policies. Non-templated users are also permitted.

- `allowed_domains` `(string: "")` – The list of domains for which a client can
request a host certificate. If this option is explicitly set to `"*"`, then
credentials can be created for any domain. See also `allow_bare_domains` and
`allow_subdomains`.
- `allowed_domains` `(string: "")` – A comma-separated list of domains for which
a client can request a host certificate. If this option is explicitly set to
`"*"`, then credentials can be created for any domain. See also
`allow_bare_domains` and `allow_subdomains`.

- `allowed_domains_template` `(bool: false)` - If set, `allowed_domains` can be
specified using identity template policies. Non-templated domains are also
Expand Down