Fix EKS Discover flow fields

api/proto/teleport/integration/v1/awsoidc_service.proto

@@ -515,6 +515,13 @@ message EKSCluster {
   // Known values are:
   // CREATING | ACTIVE | DELETING | FAILED | UPDATING | PENDING
   string status = 6;
+  // EndpointPublicAccess indicates whether this EKS Cluster is accessible publicly.
+  // If only private access is available, then the EKS Cluster can't be enrolled from Teleport Cloud.
+  bool endpoint_public_access = 7;
+  // AuthenticationMode is the allowed authentication mode for the cluster.
+  // Known values are:
+  // API | API_AND_CONFIG_MAP | CONFIG_MAP
+  string authentication_mode = 8;
 }
 
 // ListEKSClustersResponse contains a page of AWS EKS Clusters.

lib/auth/integration/integrationv1/awsoidc.go

@@ -687,15 +687,7 @@ func (s *AWSOIDCService) ListEKSClusters(ctx context.Context, req *integrationpb
 
 	clustersList := make([]*integrationpb.EKSCluster, 0, len(listEKSClustersResp.Clusters))
 	for _, cluster := range listEKSClustersResp.Clusters {
-		clusterPb := &integrationpb.EKSCluster{
-			Name:       cluster.Name,
-			Region:     cluster.Region,
-			Arn:        cluster.Arn,
-			Labels:     cluster.Labels,
-			JoinLabels: cluster.JoinLabels,
-			Status:     cluster.Status,
-		}
-		clustersList = append(clustersList, clusterPb)
+		clustersList = append(clustersList, convertEKSCluster(cluster))
 	}
 
 	return &integrationpb.ListEKSClustersResponse{
@@ -704,6 +696,19 @@ func (s *AWSOIDCService) ListEKSClusters(ctx context.Context, req *integrationpb
 	}, nil
 }
 
+func convertEKSCluster(clusterService awsoidc.EKSCluster) *integrationpb.EKSCluster {
+	return &integrationpb.EKSCluster{
+		Name:                 clusterService.Name,
+		Region:               clusterService.Region,
+		Arn:                  clusterService.Arn,
+		Labels:               clusterService.Labels,
+		JoinLabels:           clusterService.JoinLabels,
+		Status:               clusterService.Status,
+		EndpointPublicAccess: clusterService.EndpointPublicAccess,
+		AuthenticationMode:   clusterService.AuthenticationMode,
+	}
+}
+
 // ListSubnets returns a list of AWS VPC subnets.
 func (s *AWSOIDCService) ListSubnets(ctx context.Context, req *integrationpb.ListSubnetsRequest) (*integrationpb.ListSubnetsResponse, error) {
 	authCtx, err := s.authorizer.Authorize(ctx)

lib/auth/integration/integrationv1/awsoidc_test.go

@@ -431,3 +431,39 @@ func TestRBAC(t *testing.T) {
 		}
 	})
 }
+
+func TestConvertEKSCluster(t *testing.T) {
+	for _, tt := range []struct {
+		name     string
+		input    awsoidc.EKSCluster
+		expected *integrationv1.EKSCluster
+	}{
+		{
+			name: "valid",
+			input: awsoidc.EKSCluster{
+				Name:                 "my-cluster",
+				Region:               "us-east-1",
+				Arn:                  "my-arn",
+				Labels:               map[string]string{},
+				JoinLabels:           map[string]string{},
+				Status:               "ACTIVE",
+				AuthenticationMode:   "API",
+				EndpointPublicAccess: true,
+			},
+			expected: &integrationv1.EKSCluster{
+				Name:                 "my-cluster",
+				Region:               "us-east-1",
+				Arn:                  "my-arn",
+				Labels:               map[string]string{},
+				JoinLabels:           map[string]string{},
+				Status:               "ACTIVE",
+				AuthenticationMode:   "API",
+				EndpointPublicAccess: true,
+			},
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			require.Equal(t, tt.expected, convertEKSCluster(tt.input))
+		})
+	}
+}

lib/integrations/awsoidc/eks_list_clusters.go

@@ -79,9 +79,9 @@ type EKSCluster struct {
 	// https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/
 	AuthenticationMode string
 
-	// EndpointPublicAddress indicates whether the Cluster's VPC Config has its endpoint as a public address.
+	// EndpointPublicAccess indicates whether the Cluster's VPC Config has its endpoint as a public address.
 	// For Teleport Cloud, this is required to access the cluster and proceed with the installation.
-	EndpointPublicAddress bool
+	EndpointPublicAccess bool
 }
 
 // ListEKSClustersResponse contains a page of AWS EKS Clusters.
@@ -171,14 +171,14 @@ func ListEKSClusters(ctx context.Context, clt ListEKSClustersClient, req ListEKS
 			}
 
 			ret.Clusters = append(ret.Clusters, EKSCluster{
-				Name:                  aws.ToString(cluster.Name),
-				Region:                req.Region,
-				Arn:                   aws.ToString(cluster.Arn),
-				Labels:                cluster.Tags,
-				JoinLabels:            extraLabels,
-				Status:                strings.ToLower(string(cluster.Status)),
-				AuthenticationMode:    string(cluster.AccessConfig.AuthenticationMode),
-				EndpointPublicAddress: cluster.ResourcesVpcConfig.EndpointPublicAccess,
+				Name:                 aws.ToString(cluster.Name),
+				Region:               req.Region,
+				Arn:                  aws.ToString(cluster.Arn),
+				Labels:               cluster.Tags,
+				JoinLabels:           extraLabels,
+				Status:               strings.ToLower(string(cluster.Status)),
+				AuthenticationMode:   string(cluster.AccessConfig.AuthenticationMode),
+				EndpointPublicAccess: cluster.ResourcesVpcConfig.EndpointPublicAccess,
 			})
 			return nil
 		})

lib/integrations/awsoidc/eks_list_clusters_test.go

@@ -178,9 +178,9 @@ func TestListEKSClusters(t *testing.T) {
 						"region":             "us-east-1",
 						"teleport.dev/cloud": "AWS",
 					},
-					Status:                "active",
-					AuthenticationMode:    "API",
-					EndpointPublicAddress: true,
+					Status:               "active",
+					AuthenticationMode:   "API",
+					EndpointPublicAccess: true,
 				},
 			},
 			expectedFetchingErrors: map[string]error{},
@@ -224,9 +224,9 @@ func TestListEKSClusters(t *testing.T) {
 						"region":             "us-east-1",
 						"teleport.dev/cloud": "AWS",
 					},
-					Status:                "active",
-					AuthenticationMode:    "API",
-					EndpointPublicAddress: true,
+					Status:               "active",
+					AuthenticationMode:   "API",
+					EndpointPublicAccess: true,
 				},
 				{
 					Name:   "EKS2",
@@ -238,9 +238,9 @@ func TestListEKSClusters(t *testing.T) {
 						"region":             "us-east-1",
 						"teleport.dev/cloud": "AWS",
 					},
-					Status:                "active",
-					AuthenticationMode:    "API",
-					EndpointPublicAddress: true,
+					Status:               "active",
+					AuthenticationMode:   "API",
+					EndpointPublicAccess: true,
 				},
 			},
 			expectedFetchingErrors: map[string]error{},
@@ -296,9 +296,9 @@ func TestListEKSClusters(t *testing.T) {
 						"region":             "us-east-1",
 						"teleport.dev/cloud": "AWS",
 					},
-					Status:                "active",
-					AuthenticationMode:    "API",
-					EndpointPublicAddress: true,
+					Status:               "active",
+					AuthenticationMode:   "API",
+					EndpointPublicAccess: true,
 				},
 			},
 			expectedFetchingErrors: map[string]error{"erroredCluster": errors.New("erroredCluster")},

lib/web/ui/server.go

@@ -103,12 +103,14 @@ func MakeServer(clusterName string, server types.Server, logins []string, requir
 
 // EKSCluster represents and EKS cluster, analog of awsoidc.EKSCluster, but used by web ui.
 type EKSCluster struct {
-	Name       string     `json:"name"`
-	Region     string     `json:"region"`
-	Arn        string     `json:"arn"`
-	Labels     []ui.Label `json:"labels"`
-	JoinLabels []ui.Label `json:"joinLabels"`
-	Status     string     `json:"status"`
+	Name                 string     `json:"name"`
+	Region               string     `json:"region"`
+	Arn                  string     `json:"arn"`
+	Labels               []ui.Label `json:"labels"`
+	JoinLabels           []ui.Label `json:"joinLabels"`
+	Status               string     `json:"status"`
+	EndpointPublicAccess bool       `json:"endpointPublicAccess"`
+	AuthenticationMode   string     `json:"authenticationMode"`
 }
 
 // KubeCluster describes a kube cluster.
@@ -149,12 +151,14 @@ func MakeEKSClusters(clusters []*integrationv1.EKSCluster) []EKSCluster {
 
 	for _, cluster := range clusters {
 		uiEKSClusters = append(uiEKSClusters, EKSCluster{
-			Name:       cluster.Name,
-			Region:     cluster.Region,
-			Arn:        cluster.Arn,
-			Labels:     ui.MakeLabelsWithoutInternalPrefixes(cluster.Labels),
-			JoinLabels: ui.MakeLabelsWithoutInternalPrefixes(cluster.JoinLabels),
-			Status:     cluster.Status,
+			Name:                 cluster.Name,
+			Region:               cluster.Region,
+			Arn:                  cluster.Arn,
+			Labels:               ui.MakeLabelsWithoutInternalPrefixes(cluster.Labels),
+			JoinLabels:           ui.MakeLabelsWithoutInternalPrefixes(cluster.JoinLabels),
+			Status:               cluster.Status,
+			EndpointPublicAccess: cluster.EndpointPublicAccess,
+			AuthenticationMode:   cluster.AuthenticationMode,
 		})
 	}
 	return uiEKSClusters

web/packages/teleport/src/Discover/Kubernetes/EnrollEKSCluster/EksClustersList.tsx

@@ -142,7 +142,7 @@ function disabledStates(
     };
   }
 
-  if (cfg.isCloud && !item.endpointPublicAddress) {
+  if (cfg.isCloud && !item.endpointPublicAccess) {
     return {
       disabled: true,
       disabledText:

web/packages/teleport/src/Discover/Kubernetes/EnrollEKSCluster/EnrollEKSCluster.test.tsx

@@ -215,7 +215,7 @@ const mockEKSClusters: AwsEksCluster[] = [
     labels: [],
     joinLabels: [],
     authenticationMode: 'API',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
 ];
 

web/packages/teleport/src/Discover/Kubernetes/EnrollEKSCluster/EnrollEksCluster.story.tsx

@@ -304,7 +304,7 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'API',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
   {
     name: 'EKS2',
@@ -318,7 +318,7 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'API',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
   {
     name: 'EKS3',
@@ -332,7 +332,7 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'API',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
   {
     name: 'EKS4',
@@ -346,7 +346,7 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'CONFIG_MAP',
-    endpointPublicAddress: true,
+    endpointPublicAccess: true,
   },
   {
     name: 'EKS5',
@@ -360,6 +360,6 @@ const eksClusters: AwsEksCluster[] = [
       { name: 'account-id', value: '1234567789012' },
     ],
     authenticationMode: 'API_AND_CONFIG_MAP',
-    endpointPublicAddress: false,
+    endpointPublicAccess: false,
   },
 ];

web/packages/teleport/src/services/integrations/types.ts

@@ -475,11 +475,11 @@ export type AwsEksCluster = {
   authenticationMode: 'API' | 'API_AND_CONFIG_MAP' | 'CONFIG_MAP';
 
   /**
-   * EndpointPublicAddress indicates whether this cluster is publicly accessible.
+   * EndpointPublicAccess indicates whether this cluster is publicly accessible.
    * This is a requirement for Teleport Cloud tenants because the control plane must be able to access the EKS Cluster
    * in order to deploy the helm chart.
    */
-  endpointPublicAddress: boolean;
+  endpointPublicAccess: boolean;
 };
 
 export type EnrollEksClustersRequest = {