There are two types of variables encountered in Teleport documentation:
{{internal.logins}} and {{external.groups}}
Is there a list of variables that is supported and what is the difference?
There are two {{internal}} variables supported:
{{internal.logins}} and {{internal.kubernetes_groups}}. Those are the variables referencing parameters of the locally created users.
On the other side, {{external.<variable>}} name are the variables referencing traits received from the SAML or OIDC provider and are user-defined.
For example, if the user has logged in using SAML SSO, Identity provider could send the following attribute statements:
groups: ["admin", "dev"]
logins: ["alice"]
Later on these variables could be used in RBAC templates:
allow:
logins: ['{{external.logins}}']
kubernetes_groups: ["{{external.groups}}"]]