# TeleportLockV2

This guide is a comprehensive reference to the fields in the `TeleportLockV2` resource, which you can apply after installing the Teleport Kubernetes operator.

## resources.teleport.dev/v1

**apiVersion:** resources.teleport.dev/v1

| Field      | Type            | Description                                                                                                                                                                                                                                                                                          |
| ---------- | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| apiVersion | string          | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: <https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources>  |
| kind       | string          | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: <https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds> |
| metadata   | object          |                                                                                                                                                                                                                                                                                                      |
| spec       | [object](#spec) | Lock resource definition v2 from Teleport                                                                                                                                                                                                                                                            |

### spec

| Field       | Type                  | Description                                                        |
| ----------- | --------------------- | ------------------------------------------------------------------ |
| created\_at | string                | CreatedAt is the date time that the lock was created.              |
| created\_by | string                | CreatedBy is the username of the author of the lock.               |
| expires     | string                | Expires if set specifies when the lock ceases to be in force.      |
| message     | string                | Message is the message displayed to locked-out users.              |
| target      | [object](#spectarget) | Target describes the set of interactions that the lock applies to. |

### spec.target

| Field             | Type   | Description                                                                                                                                                                 |
| ----------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| access\_request   | string | AccessRequest specifies the UUID of an Access Request.                                                                                                                      |
| bot\_instance\_id | string | BotInstanceID is the bot instance ID if this is a bot identity and is ignored otherwise.                                                                                    |
| device            | string | Device is the device ID of a trusted device. Requires Teleport Enterprise.                                                                                                  |
| join\_token       | string | JoinToken is the name of the join token used when this identity originally joined. This is only valid for bot identities, and cannot be used to target `token`-joined bots. |
| login             | string | Login specifies the name of a local UNIX user.                                                                                                                              |
| mfa\_device       | string | MFADevice specifies the UUID of a user MFA device.                                                                                                                          |
| role              | string | Role specifies the name of an RBAC role known to the root cluster. In remote clusters, this constraint is evaluated before translating to local roles.                      |
| server\_id        | string | ServerID is the host id of the Teleport instance.                                                                                                                           |
| user              | string | User specifies the name of a Teleport user.                                                                                                                                 |
| windows\_desktop  | string | WindowsDesktop specifies the name of a Windows desktop.                                                                                                                     |