Support Wildcard Matching for caller_id and space_id in Spacelift Token Join Method

[pnrao1983]

What would you like Teleport to do?
Support wildcard values in the caller_id and space_id fields for the Spacelift token join method. This would allow for more flexible and scalable permissions management.

What problem does this solve?
Currently, the allow rules in the Spacelift token object require an exact match on caller_id (stack) or space_id, which does not allow for dynamic or grouped permissions. This limitation makes it difficult for users to manage permissions across multiple stacks or environments without extensive manual configuration.

For example, with wildcard support, we could define:

join_method: spacelift
spacelift:
  hostname: <instance>.app.spacelift.io
  allow:
    - caller_type: stack
      caller_id: "payroll-dev-*"

This would enable permissions to be granted across multiple stacks matching the pattern, such as different regions or environments, improving automation and usability.

If a workaround exists, please include it.
A possible workaround is to use space_id instead of caller_id, but this is not a viable option in cases where Spacelift requires a one-to-one mapping of spaces to stacks. Users would need to manually create and maintain a separate space per stack, which adds unnecessary complexity. Another alternative is to explicitly list all stack names, but this is not scalable for dynamic or frequently changing environments.

Adding wildcard support in caller_id and space_id would significantly improve flexibility and usability for managing Spacelift-integrated resources.

Related Code & Documentation:

Teleport Spacelift Integration Docs

Relevant PR