gravitational · strideynet · Oct 17, 2024 · Oct 17, 2024 · Oct 17, 2024 · Oct 18, 2024
diff --git a/web/packages/teleport/src/Bots/Add/GitHubActions/ConfigureBot.test.tsx b/web/packages/teleport/src/Bots/Add/GitHubActions/ConfigureBot.test.tsx
@@ -118,6 +118,8 @@ describe('configureBot Component', () => {
 
  const botNameInput = screen.getByPlaceholderText('github-actions-cd');
  await userEvent.type(botNameInput, 'bot-name');
+ const sshUserInput = screen.getByPlaceholderText('ubuntu');
+ await userEvent.type(sshUserInput, 'ssh-user');
  await userEvent.click(screen.getByTestId('button-next'));
  expect(
  screen.getByText(

diff --git a/web/packages/teleport/src/Bots/Add/GitHubActions/ConfigureBot.tsx b/web/packages/teleport/src/Bots/Add/GitHubActions/ConfigureBot.tsx
@@ -26,6 +26,7 @@ import Validation, { Validator } from 'shared/components/Validation';
 import Text from 'design/Text';
 
 import FieldInput from 'shared/components/FieldInput';
+import { requiredField } from 'shared/components/Validation/rules';
 
 import Alert from 'design/Alert';
 
@@ -162,7 +163,7 @@ export function ConfigureBot({ nextStep, prevStep }: FlowStepProps) {
  fontWeight="lighter"
  fontSize="1"
  >
- (optional)
+ (required field)
  </Text>
  </Text>
  <FieldInput
@@ -175,6 +176,7 @@ export function ConfigureBot({ nextStep, prevStep }: FlowStepProps) {
  login: e.target.value,
  })
  }
+ rule={requiredField('SSH user is required')}
  />
  </FormItem>
 

diff --git a/web/packages/teleport/src/Bots/Add/GitHubActions/GitHubActions.test.tsx b/web/packages/teleport/src/Bots/Add/GitHubActions/GitHubActions.test.tsx
@@ -113,6 +113,8 @@ describe('gitHub component', () => {
  // step 1: Configure Bot Access
  const botNameInput = screen.getByPlaceholderText('github-actions-cd');
  await userEvent.type(botNameInput, 'bot-name');
+ const sshUserInput = screen.getByPlaceholderText('ubuntu');
+ await userEvent.type(sshUserInput, 'ssh-user');
  await userEvent.click(screen.getByTestId('button-next'));
  // step 2: Connect GitHub
  expect(

diff --git a/web/packages/teleport/src/Bots/Add/GitHubActions/useGitHubFlow.tsx b/web/packages/teleport/src/Bots/Add/GitHubActions/useGitHubFlow.tsx
@@ -229,9 +229,9 @@ function getRoleYaml(
  labels: ResourceLabel[],
  login: string
 ): string {
- const nodeLabelsStanza = labels.map(
- label => `'${label.name}': '${label.value}'\n`
- );
+ const nodeLabels = labels
+ .map(label => `'${label.name}': '${label.value}'`)
+  .join('\n ');
 
  return `kind: role
 metadata:
@@ -240,38 +240,12 @@ metadata:
  ${GITHUB_ACTIONS_LABEL_KEY}: ${GITHUB_ACTIONS_LABEL_VAL}
 spec:
  allow:
- # List of Kubernetes cluster users can access the k8s API
- kubernetes_labels:
- ${nodeLabelsStanza}
- kubernetes_groups:
- - '{{internal.kubernetes_groups}}'
- kubernetes_users:
- - '{{internal.kubernetes_users}}'
-
- kubernetes_resources:
- - kind: '*'
- namespace: '*'
- name: '*'
- verbs: ['*']
-
  # List of allowed SSH logins
  logins: [${login}]
 
  # List of node labels that users can SSH into
  node_labels:
- ${nodeLabelsStanza}
- rules:
- - resources:
- - event
- verbs:
- - list
- - read
- - resources:
- - session
- verbs:
- - read
- - list
- where: contains(session.participants, user.metadata.name)
+ ${nodeLabels}
  options:
  max_session_ttl: 8h0m0s
 version: v7