From 3f9b6075aaa1ca3e4c4065b0a460c3bd80b1afd9 Mon Sep 17 00:00:00 2001
From: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
Date: Fri, 15 Sep 2023 16:35:02 -0500
Subject: [PATCH] UI: add SSH role attribute `allowed_domains_template`
 (#23119)

---
 changelog/23119.txt       | 3 +++
 ui/app/models/role-ssh.js | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 changelog/23119.txt

diff --git a/changelog/23119.txt b/changelog/23119.txt
new file mode 100644
index 0000000000..fd5f694db3
--- /dev/null
+++ b/changelog/23119.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: Added allowed_domains_template field for CA type role in SSH engine
+```
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 34ea14b48f..e8f2293ad7 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -31,6 +31,7 @@ const CA_FIELDS = [
   'allowedUsers',
   'allowedUsersTemplate',
   'allowedDomains',
+  'allowedDomainsTemplate',
   'ttl',
   'maxTtl',
   'allowedCriticalOptions',
@@ -76,12 +77,16 @@ export default Model.extend({
   }),
   allowedUsersTemplate: attr('boolean', {
     helpText:
-      'Specifies that Allowed users can be templated e.g. {{identity.entity.aliases.mount_accessor_xyz.name}}',
+      'Specifies that Allowed Users can be templated e.g. {{identity.entity.aliases.mount_accessor_xyz.name}}',
   }),
   allowedDomains: attr('string', {
     helpText:
       'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
   }),
+  allowedDomainsTemplate: attr('boolean', {
+    helpText:
+      'Specifies that Allowed Domains can be set using identity template policies. Non-templated domains are also permitted.',
+  }),
   cidrList: attr('string', {
     helpText: 'List of CIDR blocks for which this role is applicable',
   }),