Skip to content

Commit

Permalink
Fix roleToRecipients descriptions
Browse files Browse the repository at this point in the history
Closes #45287

Access Request plugin guides describe the value of the
`roleToRecipients` field in Access Request plugin Helm charts as taking
either a single string or an array of strings as the value of each
mapping. This change fixes the error in all Access Request plugin guides
that include this Helm chart value.
  • Loading branch information
ptgott committed Sep 18, 2024
1 parent c86f46d commit 9674360
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 30 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -208,8 +208,7 @@ To determine the numeric ID of a channel for the bot to notify, follow the instr
</Tabs>

In the `role_to_recipients` map, each key is the name of a Teleport role. Each
value configures the Discord channel (or channels) to notify. The value can be a
single string or an array of strings.
value configures the Discord channel (or channels) to notify.

The `role_to_recipients` map must also include an entry for `"*"`, which the
plugin looks up if no other entry matches a given role name. In the example
Expand All @@ -222,17 +221,26 @@ by adding the following to your `role_to_recipients` config (replace

<Tabs>
<TabItem label="Executable or Docker">

Here is an example of a `role_to_recipients` map. Each value can be a single
string or an array of strings:

```toml
[role_to_recipients]
"*" = "YOUR-CHANNEL-ID"
"editor" = "YOUR-CHANNEL-ID"
```
</TabItem>
<TabItem label="Helm Chart">

In the Helm chart, the `role_to_recipients` field is called `roleToRecipients`
and uses the following format, where keys are strings and values are arrays of
strings:

```yaml
roleToRecipients:
"*": "YOUR-CHANNEL-ID"
"editor": "YOUR-CHANNEL-ID"
"*": ["YOUR-CHANNEL-ID"]
"editor": ["YOUR-CHANNEL-ID"]
```
</TabItem>
</Tabs>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -202,11 +202,12 @@ recipients that the email plugin will notify when a user requests access to a
specific role. When the plugin receives an Access Request from the Auth Service,
it will look up the role being requested and identify the recipients to notify.

Here is an example of a `role_to_recipients` map:

<Tabs>
<TabItem label="Executable or Docker">

Here is an example of a `role_to_recipients` map. Each value can be a single
string or an array of strings:

```toml
[role_to_recipients]
"*" = ["security@example.com", "executive-team@example.com"]
Expand All @@ -217,20 +218,23 @@ Here is an example of a `role_to_recipients` map:
</TabItem>
<TabItem label="Helm Chart">

In the Helm chart, the `role_to_recipients` field is called `roleToRecipients`
and uses the following format, where keys are strings and values are arrays of
strings:

```yaml
roleToRecipients:
"*": ["security@example.com", "executive-team@example.com"]
"dev": "eng@example.com"
"dba": "mallory@example.com"
"dev": ["eng@example.com"]
"dba": ["mallory@example.com"]
```
</TabItem>
</Tabs>
In the `role_to_recipients` map, each key is the name of a Teleport role. Each
value configures the recipients the plugin will email when it receives an Access
Request for that role. The value can be a single string or an array of strings.
Each string must be an email address.
Request for that role. Each string must be an email address.

The `role_to_recipients` map must also include an entry for `"*"`, which the
plugin looks up if no other entry matches a given role name. In the example
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -256,16 +256,17 @@ the correct information, which you obtained earlier in this guide.

#### `[role_to_recipients]`

The `role_to_recipients` map (`roleToRecipients` for Helm users) configure the users and channels that the
Microsoft Teams plugin will notify when a user requests access to a specific role. When
the Microsoft Teams plugin receives an Access Request from the Auth Service, it will
look up the role being requested and identify the Microsoft Teams users and channels to
notify.
The `role_to_recipients` map (`roleToRecipients` for Helm users) configures the
users and channels that the Microsoft Teams plugin will notify when a user
requests access to a specific role. When the Microsoft Teams plugin receives an
Access Request from the Auth Service, it will look up the role being requested
and identify the Microsoft Teams users and channels to notify.

<Tabs>
<TabItem label="Executable or Docker">

Here is an example of a `role_to_recipients` map:
Here is an example of a `role_to_recipients` map. Each value can be a single
string or an array of strings:

```toml
[role_to_recipients]
Expand All @@ -276,7 +277,9 @@ Here is an example of a `role_to_recipients` map:
</TabItem>
<TabItem label="Helm Chart">

Here is an example of a `role_to_recipients` map:
In the Helm chart, the `role_to_recipients` field is called `roleToRecipients`
and uses the following format, where keys are strings and values are arrays of
strings:

```toml
roleToRecipients:
Expand All @@ -288,9 +291,8 @@ roleToRecipients:
</Tabs>

In the `role_to_recipients` map, each key is the name of a Teleport role. Each
value configures the Teams user (or users) to notify. The value can be a single
string or an array of strings. Each string must be either the email address of
a Microsoft Teams user or a channel URL.
value configures the Teams user (or users) to notify. Each string must be either
the email address of a Microsoft Teams user or a channel URL.

You can find the URL of a channel by opening the channel and clicking the button
"Get link to channel":
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,8 @@ requested and identify the Slack channels to notify.

<Tabs>
<TabItem label="Executable or Docker">
Here is an example of a `role_to_recipients` map:
Here is an example of a `role_to_recipients` map. Each value can be a
single string or an array of strings:

```toml
[role_to_recipients]
Expand All @@ -216,26 +217,26 @@ Here is an example of a `role_to_recipients` map:
```
</TabItem>
<TabItem label="Helm Chart">
In our Helm chart, the `role_to_recipients` field is called `roleToRecipients`
and uses the following format:
In the Helm chart, the `role_to_recipients` field is called `roleToRecipients`
and uses the following format, where keys are strings and values are arrays of
strings:

```yaml
roleToRecipients:
"*": "admin-slack-channel"
"*": ["admin-slack-channel"]
"dev":
- "dev-slack-channel"
- "admin-slack-channel"
"dba": "alex@gmail.com"
"dba": ["alex@gmail.com"]
```
</TabItem>
</Tabs>
In the `role_to_recipients` map, each key is the name of a Teleport role. Each
value configures the Slack channel (or channels) to notify. The value can be a
single string or an array of strings. Each string must be either the name of a
Slack channel (including a user's direct message channel) or the email address
of a Slack user. If the recipient is an email address, the Slack plugin will
use that email address to look up a direct message channel.
value configures the Slack channel (or channels) to notify. Each string must be
either the name of a Slack channel (including a user's direct message channel)
or the email address of a Slack user. If the recipient is an email address, the
Slack plugin will use that email address to look up a direct message channel.

The `role_to_recipients` map must also include an entry for `"*"`, which the
plugin looks up if no other entry matches a given role name. In the example
Expand Down

0 comments on commit 9674360

Please sign in to comment.