Fix EKS Discover flow fields (#48691)

At a previous PR we added two new fields in the UI and backend, but
failed to add them to the layers in between (grpc service).

This PR adds them and also fixes a typo on the EndpointPublicAccess
field name.

api/proto/teleport/integration/v1/awsoidc_service.proto

@@ -515,6 +515,13 @@ message EKSCluster {
   // Known values are:
   // CREATING | ACTIVE | DELETING | FAILED | UPDATING | PENDING
   string status = 6;
+  // EndpointPublicAccess indicates whether this EKS Cluster is accessible publicly.
+  // If only private access is available, then the EKS Cluster can't be enrolled from Teleport Cloud.
+  bool endpoint_public_access = 7;
+  // AuthenticationMode is the allowed authentication mode for the cluster.
+  // Known values are:
+  // API | API_AND_CONFIG_MAP | CONFIG_MAP
+  string authentication_mode = 8;
 }
 
 // ListEKSClustersResponse contains a page of AWS EKS Clusters.

lib/auth/integration/integrationv1/awsoidc.go

@@ -687,15 +687,7 @@ func (s *AWSOIDCService) ListEKSClusters(ctx context.Context, req *integrationpb
 
 	clustersList := make([]*integrationpb.EKSCluster, 0, len(listEKSClustersResp.Clusters))
 	for _, cluster := range listEKSClustersResp.Clusters {
-		clusterPb := &integrationpb.EKSCluster{
-			Name:       cluster.Name,
-			Region:     cluster.Region,
-			Arn:        cluster.Arn,
-			Labels:     cluster.Labels,
-			JoinLabels: cluster.JoinLabels,
-			Status:     cluster.Status,
-		}
-		clustersList = append(clustersList, clusterPb)
+		clustersList = append(clustersList, convertEKSCluster(cluster))
 	}
 
 	return &integrationpb.ListEKSClustersResponse{
@@ -704,6 +696,19 @@ func (s *AWSOIDCService) ListEKSClusters(ctx context.Context, req *integrationpb
 	}, nil
 }
 
+func convertEKSCluster(clusterService awsoidc.EKSCluster) *integrationpb.EKSCluster {
+	return &integrationpb.EKSCluster{
+		Name:                 clusterService.Name,
+		Region:               clusterService.Region,
+		Arn:                  clusterService.Arn,
+		Labels:               clusterService.Labels,
+		JoinLabels:           clusterService.JoinLabels,
+		Status:               clusterService.Status,
+		EndpointPublicAccess: clusterService.EndpointPublicAccess,
+		AuthenticationMode:   clusterService.AuthenticationMode,
+	}
+}
+
 // ListSubnets returns a list of AWS VPC subnets.
 func (s *AWSOIDCService) ListSubnets(ctx context.Context, req *integrationpb.ListSubnetsRequest) (*integrationpb.ListSubnetsResponse, error) {
 	authCtx, err := s.authorizer.Authorize(ctx)

lib/auth/integration/integrationv1/awsoidc_test.go

@@ -431,3 +431,39 @@ func TestRBAC(t *testing.T) {
 		}
 	})
 }
+
+func TestConvertEKSCluster(t *testing.T) {
+	for _, tt := range []struct {
+		name     string
+		input    awsoidc.EKSCluster
+		expected *integrationv1.EKSCluster
+	}{
+		{
+			name: "valid",
+			input: awsoidc.EKSCluster{
+				Name:                 "my-cluster",
+				Region:               "us-east-1",
+				Arn:                  "my-arn",
+				Labels:               map[string]string{},
+				JoinLabels:           map[string]string{},
+				Status:               "ACTIVE",
+				AuthenticationMode:   "API",
+				EndpointPublicAccess: true,
+			},
+			expected: &integrationv1.EKSCluster{
+				Name:                 "my-cluster",
+				Region:               "us-east-1",
+				Arn:                  "my-arn",
+				Labels:               map[string]string{},
+				JoinLabels:           map[string]string{},
+				Status:               "ACTIVE",
+				AuthenticationMode:   "API",
+				EndpointPublicAccess: true,
+			},
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			require.Equal(t, tt.expected, convertEKSCluster(tt.input))
+		})
+	}
+}

lib/integrations/awsoidc/eks_list_clusters.go

@@ -79,9 +79,9 @@ type EKSCluster struct {
 	// https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/
 	AuthenticationMode string
 
-	// EndpointPublicAddress indicates whether the Cluster's VPC Config has its endpoint as a public address.
+	// EndpointPublicAccess indicates whether the Cluster's VPC Config has its endpoint as a public address.
 	// For Teleport Cloud, this is required to access the cluster and proceed with the installation.
-	EndpointPublicAddress bool
+	EndpointPublicAccess bool
 }
 
 // ListEKSClustersResponse contains a page of AWS EKS Clusters.
@@ -171,14 +171,14 @@ func ListEKSClusters(ctx context.Context, clt ListEKSClustersClient, req ListEKS
 			}
 
 			ret.Clusters = append(ret.Clusters, EKSCluster{
-				Name:                  aws.ToString(cluster.Name),
-				Region:                req.Region,
-				Arn:                   aws.ToString(cluster.Arn),
-				Labels:                cluster.Tags,
-				JoinLabels:            extraLabels,
-				Status:                strings.ToLower(string(cluster.Status)),
-				AuthenticationMode:    string(cluster.AccessConfig.AuthenticationMode),
-				EndpointPublicAddress: cluster.ResourcesVpcConfig.EndpointPublicAccess,
+				Name:                 aws.ToString(cluster.Name),
+				Region:               req.Region,
+				Arn:                  aws.ToString(cluster.Arn),
+				Labels:               cluster.Tags,
+				JoinLabels:           extraLabels,
+				Status:               strings.ToLower(string(cluster.Status)),
+				AuthenticationMode:   string(cluster.AccessConfig.AuthenticationMode),
+				EndpointPublicAccess: cluster.ResourcesVpcConfig.EndpointPublicAccess,
 			})
 			return nil
 		})

lib/integrations/awsoidc/eks_list_clusters_test.go

@@ -178,9 +178,9 @@ func TestListEKSClusters(t *testing.T) {
 						"region":             "us-east-1",
 						"teleport.dev/cloud": "AWS",
 					},
-					Status:                "active",
-					AuthenticationMode:    "API",
-					EndpointPublicAddress: true,
+					Status:               "active",
+					AuthenticationMode:   "API",
+					EndpointPublicAccess: true,
 				},
 			},
 			expectedFetchingErrors: map[string]error{},
@@ -224,9 +224,9 @@ func TestListEKSClusters(t *testing.T) {
 						"region":             "us-east-1",
 						"teleport.dev/cloud": "AWS",
 					},
-					Status:                "active",
-					AuthenticationMode:    "API",
-					EndpointPublicAddress: true,
+					Status:               "active",
+					AuthenticationMode:   "API",
+					EndpointPublicAccess: true,
 				},
 				{
 					Name:   "EKS2",
@@ -238,9 +238,9 @@ func TestListEKSClusters(t *testing.T) {
 						"region":             "us-east-1",
 						"teleport.dev/cloud": "AWS",
 					},
-					Status:                "active",
-					AuthenticationMode:    "API",
-					EndpointPublicAddress: true,
+					Status:               "active",
+					AuthenticationMode:   "API",
+					EndpointPublicAccess: true,
 				},
 			},
 			expectedFetchingErrors: map[string]error{},
@@ -296,9 +296,9 @@ func TestListEKSClusters(t *testing.T) {
 						"region":             "us-east-1",
 						"teleport.dev/cloud": "AWS",
 					},
-					Status:                "active",
-					AuthenticationMode:    "API",
-					EndpointPublicAddress: true,
+					Status:               "active",
+					AuthenticationMode:   "API",
+					EndpointPublicAccess: true,
 				},
 			},
 			expectedFetchingErrors: map[string]error{"erroredCluster": errors.New("erroredCluster")},

lib/web/ui/server.go

@@ -103,12 +103,14 @@ func MakeServer(clusterName string, server types.Server, logins []string, requir
 
 // EKSCluster represents and EKS cluster, analog of awsoidc.EKSCluster, but used by web ui.
 type EKSCluster struct {
-	Name       string     `json:"name"`
-	Region     string     `json:"region"`
-	Arn        string     `json:"arn"`
-	Labels     []ui.Label `json:"labels"`
-	JoinLabels []ui.Label `json:"joinLabels"`
-	Status     string     `json:"status"`
+	Name                 string     `json:"name"`
+	Region               string     `json:"region"`
+	Arn                  string     `json:"arn"`
+	Labels               []ui.Label `json:"labels"`
+	JoinLabels           []ui.Label `json:"joinLabels"`
+	Status               string     `json:"status"`
+	EndpointPublicAccess bool       `json:"endpointPublicAccess"`
+	AuthenticationMode   string     `json:"authenticationMode"`
 }
 
 // KubeCluster describes a kube cluster.
@@ -149,12 +151,14 @@ func MakeEKSClusters(clusters []*integrationv1.EKSCluster) []EKSCluster {
 
 	for _, cluster := range clusters {
 		uiEKSClusters = append(uiEKSClusters, EKSCluster{
-			Name:       cluster.Name,
-			Region:     cluster.Region,
-			Arn:        cluster.Arn,
-			Labels:     ui.MakeLabelsWithoutInternalPrefixes(cluster.Labels),
-			JoinLabels: ui.MakeLabelsWithoutInternalPrefixes(cluster.JoinLabels),
-			Status:     cluster.Status,
+			Name:                 cluster.Name,
+			Region:               cluster.Region,
+			Arn:                  cluster.Arn,
+			Labels:               ui.MakeLabelsWithoutInternalPrefixes(cluster.Labels),
+			JoinLabels:           ui.MakeLabelsWithoutInternalPrefixes(cluster.JoinLabels),
+			Status:               cluster.Status,
+			EndpointPublicAccess: cluster.EndpointPublicAccess,
+			AuthenticationMode:   cluster.AuthenticationMode,
 		})
 	}
 	return uiEKSClusters

web/packages/teleport/src/Discover/Kubernetes/EnrollEKSCluster/EksClustersList.tsx

@@ -142,7 +142,7 @@ function disabledStates(
     };
   }
 
-  if (cfg.isCloud && !item.endpointPublicAddress) {
+  if (cfg.isCloud && !item.endpointPublicAccess) {
     return {
       disabled: true,
       disabledText:

web/packages/teleport/src/Discover/Kubernetes/EnrollEKSCluster/EnrollEKSCluster.test.tsx

@@ -215,7 +215,7 @@ const mockEKSClusters: AwsEksCluster[] = [
     labels: [],
     joinLabels: [],
     authenticationMode: 'API',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
 ];
 

web/packages/teleport/src/Discover/Kubernetes/EnrollEKSCluster/EnrollEksCluster.story.tsx

@@ -304,7 +304,7 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'API',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
   {
     name: 'EKS2',
@@ -318,7 +318,7 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'API',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
   {
     name: 'EKS3',
@@ -332,7 +332,7 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'API',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
   {
     name: 'EKS4',
@@ -346,7 +346,7 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'CONFIG_MAP',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
   {
     name: 'EKS5',
@@ -360,6 +360,6 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'API_AND_CONFIG_MAP',
-    endpointPublicAddress: false,
+    endpointPublicAccess: false,
   },
 ];

web/packages/teleport/src/services/integrations/types.ts

@@ -475,11 +475,11 @@ export type AwsEksCluster = {
   authenticationMode: 'API' | 'API_AND_CONFIG_MAP' | 'CONFIG_MAP';
 
   /**
-   * EndpointPublicAddress indicates whether this cluster is publicly accessible.
+   * EndpointPublicAccess indicates whether this cluster is publicly accessible.
    * This is a requirement for Teleport Cloud tenants because the control plane must be able to access the EKS Cluster
    * in order to deploy the helm chart.
    */
-  endpointPublicAddress: boolean;
+  endpointPublicAccess: boolean;
 };
 
 export type EnrollEksClustersRequest = {