[v16] Fix Machine ID GitHub Discover flow

web/packages/teleport/src/Bots/Add/GitHubActions/ConfigureBot.test.tsx

@@ -118,6 +118,8 @@ describe('configureBot Component', () => {
 
     const botNameInput = screen.getByPlaceholderText('github-actions-cd');
     await userEvent.type(botNameInput, 'bot-name');
+    const sshUserInput = screen.getByPlaceholderText('ubuntu');
+    await userEvent.type(sshUserInput, 'ssh-user');
     await userEvent.click(screen.getByTestId('button-next'));
     expect(
       screen.getByText(

web/packages/teleport/src/Bots/Add/GitHubActions/ConfigureBot.tsx

@@ -26,6 +26,7 @@ import Validation, { Validator } from 'shared/components/Validation';
 import Text from 'design/Text';
 
 import FieldInput from 'shared/components/FieldInput';
+import { requiredField } from 'shared/components/Validation/rules';
 
 import Alert from 'design/Alert';
 
@@ -168,7 +169,7 @@ export function ConfigureBot({ nextStep, prevStep }: FlowStepProps) {
                   fontWeight="lighter"
                   fontSize="1"
                 >
-                  (optional)
+                  (required field)
                 </Text>
               </Text>
               <FieldInput
@@ -181,6 +182,7 @@ export function ConfigureBot({ nextStep, prevStep }: FlowStepProps) {
                     login: e.target.value,
                   })
                 }
+                rule={requiredField('SSH user is required')}
               />
             </FormItem>
 

web/packages/teleport/src/Bots/Add/GitHubActions/GitHubActions.test.tsx

@@ -118,6 +118,8 @@ describe('gitHub component', () => {
     // step 1: Configure Bot Access
     const botNameInput = screen.getByPlaceholderText('github-actions-cd');
     await userEvent.type(botNameInput, 'bot-name');
+    const sshUserInput = screen.getByPlaceholderText('ubuntu');
+    await userEvent.type(sshUserInput, 'ssh-user');
     await userEvent.click(screen.getByTestId('button-next'));
     // step 2: Connect GitHub
     expect(

web/packages/teleport/src/Bots/Add/GitHubActions/useGitHubFlow.tsx

@@ -229,9 +229,9 @@ function getRoleYaml(
   labels: ResourceLabel[],
   login: string
 ): string {
-  const nodeLabelsStanza = labels.map(
-    label => `'${label.name}': '${label.value}'\n`
-  );
+  const nodeLabels = labels
+    .map(label => `'${label.name}': '${label.value}'`)
+    .join('\n      ');
 
   return `kind: role
 metadata:
@@ -240,38 +240,12 @@ metadata:
     ${GITHUB_ACTIONS_LABEL_KEY}: ${GITHUB_ACTIONS_LABEL_VAL}
 spec:
   allow:
-    # List of Kubernetes cluster users can access the k8s API
-    kubernetes_labels:
-    ${nodeLabelsStanza}
-    kubernetes_groups:
-    - '{{internal.kubernetes_groups}}'
-    kubernetes_users:
-    - '{{internal.kubernetes_users}}'
-
-    kubernetes_resources:
-    - kind: '*'
-      namespace: '*'
-      name: '*'
-      verbs: ['*']
-
     # List of allowed SSH logins
     logins: [${login}]
 
     # List of node labels that users can SSH into
     node_labels:
-    ${nodeLabelsStanza}
-    rules:
-    - resources:
-      - event
-      verbs:
-      - list
-      - read
-    - resources:
-      - session
-      verbs:
-      - read
-      - list
-      where: contains(session.participants, user.metadata.name)
+      ${nodeLabels}
     options:
       max_session_ttl: 8h0m0s
 version: v7