[v12] update discovery labels

api/types/constants.go

@@ -462,6 +462,32 @@ const (
 	// CloudLabel is used to identify the cloud where the resource was discovered.
 	CloudLabel = TeleportNamespace + "/cloud"
 
+	// cloudKubeClusterNameOverrideLabel is a cloud agnostic label key for
+	// overriding kubernetes cluster name in discovered cloud kube clusters.
+	// It's used for AWS, GCP, and Azure, but not exported to decouple the
+	// cloud-specific labels from eachother.
+	cloudKubeClusterNameOverrideLabel = "TeleportKubernetesName"
+
+	// cloudDatabaseNameOverrideLabel is a cloud agnostic label key for
+	// overriding the database name in discovered cloud databases.
+	// It's used for AWS, GCP, and Azure, but not exported to decouple the
+	// cloud-specific labels from eachother.
+	cloudDatabaseNameOverrideLabel = "TeleportDatabaseName"
+
+	// AzureDatabaseNameOverrideLabel is the label key containing the database
+	// name override for discovered Azure databases.
+	// Azure tags cannot contain these characters: "<>%&\?/", so it doesn't
+	// start with the namespace prefix.
+	AzureDatabaseNameOverrideLabel = cloudDatabaseNameOverrideLabel
+
+	// AzureKubeClusterNameOverrideLabel is the label key containing the
+	// kubernetes cluster name override for discovered Azure kube clusters.
+	AzureKubeClusterNameOverrideLabel = cloudKubeClusterNameOverrideLabel
+
+	// GCPKubeClusterNameOverrideLabel is the label key containing the
+	// kubernetes cluster name override for discovered GCP kube clusters.
+	GCPKubeClusterNameOverrideLabel = cloudKubeClusterNameOverrideLabel
+
 	// CloudAWS identifies that a resource was discovered in AWS.
 	CloudAWS = "AWS"
 	// CloudAzure identifies that a resource was discovered in Azure.
@@ -473,6 +499,97 @@ const (
 	TeleportAzureMSIEndpoint = "azure-msi." + TeleportNamespace
 )
 
+var (
+	// AWSKubeClusterNameOverrideLabels are the label keys that Teleport
+	// supports to override the kubernetes cluster name of discovered AWS kube
+	// clusters.
+	// Originally Teleport supported just the namespaced label
+	// "teleport.dev/kubernetes-name", but this was an invalid label key in
+	// other clouds.
+	// For consistency and backwards compatibility, Teleport now supports both
+	// the generic cloud kube cluster name override label and the original
+	// namespaced label.
+	AWSKubeClusterNameOverrideLabels = []string{
+		cloudKubeClusterNameOverrideLabel,
+		// This is a legacy label that should continue to be supported, but
+		// don't reference it in documentation or error messages anymore.
+		// The generic label takes precedence.
+		TeleportNamespace + "/kubernetes-name",
+	}
+	// AWSDatabaseNameOverrideLabels are the label keys that Teleport
+	// supports to override the database name of discovered AWS databases.
+	// Originally Teleport supported just the namespaced label
+	// "teleport.dev/database_name", but this was an invalid label key in
+	// other clouds.
+	// For consistency and backwards compatibility, Teleport now supports both
+	// the generic cloud database name override label and the original
+	// namespaced label.
+	AWSDatabaseNameOverrideLabels = []string{
+		cloudDatabaseNameOverrideLabel,
+		// This is a legacy label that should continue to be supported, but
+		// don't reference it in documentation or error messages anymore.
+		// The generic label takes precedence.
+		TeleportNamespace + "/database_name",
+	}
+)
+
+// Labels added by the discovery service to discovered databases,
+// Kubernetes clusters, and Windows desktops.
+const (
+	// DiscoveryLabelRegion identifies a discovered cloud resource's region.
+	DiscoveryLabelRegion = "region"
+	// DiscoveryLabelAccountID is the label key containing AWS account ID.
+	DiscoveryLabelAccountID = "account-id"
+	// DiscoveryLabelEngine is the label key containing database engine name.
+	DiscoveryLabelEngine = "engine"
+	// DiscoveryLabelEngineVersion is the label key containing database engine version.
+	DiscoveryLabelEngineVersion = "engine-version"
+	// DiscoveryLabelEndpointType is the label key containing the endpoint type.
+	DiscoveryLabelEndpointType = "endpoint-type"
+	// DiscoveryLabelVPCID is the label key containing the VPC ID.
+	DiscoveryLabelVPCID = "vpc-id"
+	// DiscoveryLabelNamespace is the label key for namespace name.
+	DiscoveryLabelNamespace = "namespace"
+	// DiscoveryLabelWorkgroup is the label key for workgroup name.
+	DiscoveryLabelWorkgroup = "workgroup"
+	// DiscoveryLabelStatus is the label key containing the database status, e.g. "available"
+	DiscoveryLabelStatus = "status"
+
+	// DiscoveryLabelAzureSubscriptionID is the label key for Azure subscription ID.
+	DiscoveryLabelAzureSubscriptionID = "subscription-id"
+	// DiscoveryLabelAzureResourceGroup is the label key for the Azure resource group name.
+	DiscoveryLabelAzureResourceGroup = "resource-group"
+	// DiscoveryLabelAzureReplicationRole is the replication role of an Azure DB Flexible server, e.g. "Source" or "Replica".
+	DiscoveryLabelAzureReplicationRole = "replication-role"
+	// DiscoveryLabelAzureSourceServer is the source server for replica Azure DB Flexible servers.
+	// This is the source (primary) database resource name.
+	DiscoveryLabelAzureSourceServer = "source-server"
+
+	// DiscoveryLabelGCPProjectID is the label key for GCP project ID.
+	DiscoveryLabelGCPProjectID = "project-id"
+	// DiscoveryLabelGCPLocation is the label key for GCP location.
+	DiscoveryLabelGCPLocation = "location"
+
+	// DiscoveryLabelWindowsDNSHostName is the DNS hostname of an LDAP object.
+	DiscoveryLabelWindowsDNSHostName = TeleportNamespace + "/dns_host_name"
+	//DiscoveryLabelWindowsComputerName is the name of an LDAP object.
+	DiscoveryLabelWindowsComputerName = TeleportNamespace + "/computer_name"
+	//DiscoveryLabelWindowsOS is the operating system of an LDAP object.
+	DiscoveryLabelWindowsOS = TeleportNamespace + "/os"
+	//DiscoveryLabelWindowsOSVersion operating system version of an LDAP object.
+	DiscoveryLabelWindowsOSVersion = TeleportNamespace + "/os_version"
+	//DiscoveryLabelWindowsOU is an LDAP objects's OU.
+	DiscoveryLabelWindowsOU = TeleportNamespace + "/ou"
+	//DiscoveryLabelWindowsIsDomainController is whether an LDAP object is a
+	// domain controller.
+	DiscoveryLabelWindowsIsDomainController = TeleportNamespace + "/is_domain_controller"
+	//DiscoveryLabelWindowsDomain is an Active Directory domain name.
+	DiscoveryLabelWindowsDomain = TeleportNamespace + "/windows_domain"
+	// DiscoveryLabelLDAPPrefix is the prefix used when applying any custom
+	// labels per the discovery LDAP attribute labels configuration.
+	DiscoveryLabelLDAPPrefix = "ldap/"
+)
+
 const (
 	// TeleportInternalLabelPrefix is the prefix used by all Teleport internal labels. Those labels
 	// are automatically populated by Teleport and are expected to be used by Teleport internal

docs/pages/database-access/guides/postgres-redshift.mdx

@@ -128,7 +128,7 @@ $ tsh db ls
 </ScopedBlock>
 
 <Admonition type="note" title="Note">
-  You can override the database name by applying the `teleport.dev/database_name` AWS tag to the resource. The value of the tag will be used as the database name.
+  You can override the database name by applying the `TeleportDatabaseName` AWS tag to the resource. The value of the tag will be used as the database name.
 </Admonition>
 
 To retrieve credentials for a database and connect to it:

docs/pages/database-access/guides/rds.mdx

@@ -179,7 +179,7 @@ $ tsh db ls
   `<cluster-id>`, `<cluster-id>-reader`, and
   `<cluster-id>-custom-<endpoint-name>` respectively.
 
-  You can override the `<cluster-id>` part of the name with `teleport.dev/database_name` AWS tag.
+  You can override the `<cluster-id>` part of the name with `TeleportDatabaseName` AWS tag.
 </Admonition>
 
 To retrieve credentials for a database and connect to it:

docs/pages/database-access/guides/redis-aws.mdx

@@ -177,7 +177,7 @@ $ tsh db ls
 </ScopedBlock>
 
 <Admonition type="note" title="Note">
-  You can override the database name by applying the `teleport.dev/database_name` AWS tag to the resource. The value of the tag will be used as the database name.
+  You can override the database name by applying the `TeleportDatabaseName` AWS tag to the resource. The value of the tag will be used as the database name.
 </Admonition>
 
 To retrieve credentials for a database and connect to it:

docs/pages/database-access/guides/redshift-serverless.mdx

@@ -300,7 +300,7 @@ my-redshift Redshift cluster in us-east-1  ...
 
 <Admonition type="note" title="Note">
 
-You can override the database name by applying the `teleport.dev/database_name`
+You can override the database name by applying the `TeleportDatabaseName`
 AWS tag to the resource. The value of the tag will be used as the database name.
 
 </Admonition>

docs/pages/kubernetes-access/discovery.mdx

@@ -38,8 +38,8 @@ cloud provider such as:
 
 <Notice type="tip">
 You can import the cluster under a different name into Teleport's registry.
-To achieve this, you must attach the following tag to the resources — EKS and AKS — in your cloud provider:
- - ***key***: `teleport.dev/kubernetes-name`
+To achieve this, you must attach the following tag to the resources — EKS, AKS, GKE — in your cloud provider:
+ - ***key***: `TeleportKubernetesName`
  - ***value***: desired name
 
 The Discovery Service will check if the cluster includes the tag and use its value