From fa8d6ad2c177ccb9abd54ba920d6c3fdb075e54f Mon Sep 17 00:00:00 2001 From: Paul Gottschling Date: Mon, 9 Sep 2024 15:50:38 -0400 Subject: [PATCH] Add more context around `_labels` role fields Closes #10463 We already mention the `cluster_labels` role field in the role reference, but it could be more explicit that this field deals with Trusted Clusters. This change adds a short table to the role reference to indicate the Teleport resources that correspond to different label fields. --- docs/pages/reference/access-controls/roles.mdx | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/pages/reference/access-controls/roles.mdx b/docs/pages/reference/access-controls/roles.mdx index 8d5976737e00..267c8c03057b 100644 --- a/docs/pages/reference/access-controls/roles.mdx +++ b/docs/pages/reference/access-controls/roles.mdx @@ -433,13 +433,16 @@ All of these are fields within the `allow` and `deny` sections of a Teleport role resource. Labels for resources enrolled with Teleport: -- `app_labels` -- `cluster_labels` -- `db_labels` -- `db_service_labels` -- `kubernetes_labels` -- `node_labels` -- `windows_desktop_labels` + +|Role Field|Teleport Resource| +|---|---| +|`app_labels`|[Applications](../../enroll-resources/application-access/controls.mdx)| +|`cluster_labels`|[Trusted Clusters](../../admin-guides/management/admin/trustedclusters.mdx)| +|`db_labels`|[Databases](../../enroll-resources/database-access/rbac.mdx)| +|`db_service_labels`|[Database Service](../../enroll-resources/database-access/database-access.mdx) instances| +|`kubernetes_labels`|[Kubernetes clusters](../../enroll-resources/kubernetes-access/controls.mdx)| +|`node_labels`|[SSH Servers](../../enroll-resources/server-access/server-access.mdx)| +|`windows_desktop_labels`|[Windows desktops](../../enroll-resources/server-access/server-access.mdx)| Principals a user can assume on infrastructure resources: - `aws_role_arns`