Skip to main content

TeleportAccessMonitoringRuleV1

Report an Issue

This guide is a comprehensive reference to the fields in the TeleportAccessMonitoringRuleV1 resource, which you can apply after installing the Teleport Kubernetes operator.

resources.teleport.dev/v1

apiVersion: resources.teleport.dev/v1

FieldTypeDescription
apiVersionstringAPIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kindstringKind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadataobject
specobjectAccessMonitoringRule resource definition v1 from Teleport

spec

FieldTypeDescription
automatic_reviewobjectautomatic_review defines automatic review configurations for Access Requests. Both notification and automatic_review may be set within the same access_monitoring_rule. If both fields are set, the rule will trigger both notifications and automatic reviews for the same set of access events. Separate plugins may be used if both notifications and automatic_reviews is set.
conditionstringcondition is a predicate expression that operates on the specified subject resources, and determines whether the subject will be moved into desired state.
desired_statestringdesired_state defines the desired state of the subject. For Access Request subjects, the desired_state may be set to reviewed to indicate that the Access Request should be automatically reviewed.
notificationobjectnotification defines the plugin configuration for notifications if rule is triggered. Both notification and automatic_review may be set within the same access_monitoring_rule. If both fields are set, the rule will trigger both notifications and automatic reviews for the same set of access events. Separate plugins may be used if both notifications and automatic_reviews is set.
schedulesobjectschedules specifies a map of schedules that can be used to configure the access monitoring rule conditions.
states[]stringstates are the desired state which the monitoring rule is attempting to bring the subjects matching the condition to.
subjects[]stringsubjects the rule operates on, can be a resource kind or a particular resource property.

spec.automatic_review

FieldTypeDescription
decisionstringdecision specifies the proposed state of the access review. This can be either 'APPROVED' or 'DENIED'.
integrationstringintegration is the name of the integration that is responsible for monitoring the rule. Set this value to builtin to monitor the rule with Teleport.

spec.notification

FieldTypeDescription
namestringname is the name of the plugin to which this configuration should apply.
recipients[]stringrecipients is the list of recipients the plugin should notify.

spec.schedules

FieldTypeDescription
keystring
valueobject

spec.schedules.value

FieldTypeDescription
timeobjectTimeSchedule specifies an in-line schedule.

spec.schedules.value.time

FieldTypeDescription
shifts[]objectShifts contains a set of shifts that make up the schedule.
timezonestringTimezone specifies the schedule timezone. This field is optional and defaults to "UTC". Accepted values use timezone locations as defined in the IANA Time Zone Database, such as "America/Los_Angeles", "Europe/Lisbon", or "Asia/Singapore". See https://data.iana.org/time-zones/tzdb/zone1970.tab for a list of supported values.

spec.schedules.value.time.shifts items

FieldTypeDescription
endstring
startstring
weekdaystring