From 23689eeb86685d126043324711416d62f71bd262 Mon Sep 17 00:00:00 2001
From: Erik Tate <erik.tate@goteleport.com>
Date: Thu, 29 Aug 2024 10:02:22 -0400
Subject: [PATCH] adding example usage of `host_groups` to role reference
 (#45871)

---
 docs/pages/enroll-resources/server-access/rbac.mdx | 4 +++-
 docs/pages/includes/role-spec.mdx                  | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/pages/enroll-resources/server-access/rbac.mdx b/docs/pages/enroll-resources/server-access/rbac.mdx
index 3c3506a63746..887907ba6abe 100644
--- a/docs/pages/enroll-resources/server-access/rbac.mdx
+++ b/docs/pages/enroll-resources/server-access/rbac.mdx
@@ -44,7 +44,9 @@ spec:
       # the list example above can be expressed as:
       'reg': '^us-west-1|eu-central-1$'
 
-    # List of host groups the created user will be added to. Any that don't already exist are created.
+    # List of host groups the created user will be added to. Any that don't
+    # already exist are created. Only applies when create_host_user_mode
+    # is not 'off'.
     host_groups: [ubuntu, nginx, other]
 
     # Assign the user to the sudoers group
diff --git a/docs/pages/includes/role-spec.mdx b/docs/pages/includes/role-spec.mdx
index 3ad78088891f..8968e8e96c0b 100644
--- a/docs/pages/includes/role-spec.mdx
+++ b/docs/pages/includes/role-spec.mdx
@@ -141,6 +141,11 @@ spec:
       # 'region': '^us-west-1|eu-central-1$'
       'reg': '^us-west-1|eu-central-1$'
 
+    # List of host groups the created user will be added to. Any that don't
+    # already exist are created. Only applies when create_host_user_mode
+    # is not 'off'.
+    host_groups: [ubuntu, nginx, other]
+
     # kubernetes_groups specifies Kubernetes groups a user with this role will assume.
     # You can refer to a SAML/OIDC trait via the 'external' property bag.
     # This allows you to specify Kubernetes group membership in an identity manager: