Remove EICE dead code

api/proto/teleport/integration/v1/awsoidc_service.proto

@@ -26,12 +26,18 @@ service AWSOIDCService {
   // An optional NextToken that can be used to fetch the next page.
   // It uses the following API:
   // https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceConnectEndpoints.html
-  rpc ListEICE(ListEICERequest) returns (ListEICEResponse);
+  rpc ListEICE(ListEICERequest) returns (ListEICEResponse) {
+    // TODO(marco): DELETE IN v19.0.0
+    option deprecated = true;
+  }
 
   // CreateEICE creates multiple EC2 Instance Connect Endpoint using the provided Subnets and Security Group IDs.
   // It uses the following API:
   // https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceConnectEndpoint.html
-  rpc CreateEICE(CreateEICERequest) returns (CreateEICEResponse);
+  rpc CreateEICE(CreateEICERequest) returns (CreateEICEResponse) {
+    // TODO(marco): DELETE IN v19.0.0
+    option deprecated = true;
+  }
 
   // ListDatabases calls the following AWS API:
   // https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html
@@ -69,7 +75,10 @@ service AWSOIDCService {
   // ListEC2 lists the EC2 instances of the AWS account per region.
   // It uses the following API:
   // https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
-  rpc ListEC2(ListEC2Request) returns (ListEC2Response);
+  rpc ListEC2(ListEC2Request) returns (ListEC2Response) {
+    // TODO(marco): DELETE IN v19.0.0
+    option deprecated = true;
+  }
 
   // ListEKSClusters retrieves a paginated list of EKS clusters in the specified AWS region for a specific account.
   // It uses the following APIs:
@@ -86,6 +95,7 @@ service AWSOIDCService {
 
 // ListEICERequest is a request for a paginated list of AWS EC2 Instance Connect Endpoints.
 message ListEICERequest {
+  option deprecated = true;
   // Integration is the AWS OIDC Integration name.
   // Required.
   string integration = 1;
@@ -102,6 +112,7 @@ message ListEICERequest {
 
 // EC2InstanceConnectEndpoint is a representation of a Amazon VPC EC2 Instance Connect Endpoint.
 message EC2InstanceConnectEndpoint {
+  option deprecated = true;
   // Name is the endpoint name.
   string name = 1;
   // State is the endpoint state.
@@ -120,6 +131,7 @@ message EC2InstanceConnectEndpoint {
 
 // ListEICEResponse contains a page of AWS EC2 Instance Connect Endpoints.
 message ListEICEResponse {
+  option deprecated = true;
   // EC2ICEs contains the page of EC2 Instance Connect Endpoints.
   repeated EC2InstanceConnectEndpoint ec2ices = 1;
   // DashboardLink is the URL for AWS Web Console that lists all the Endpoints for the queries VPCs.
@@ -131,6 +143,7 @@ message ListEICEResponse {
 
 // CreateEICERequest contains the required fields to create an AWS EC2 Instance Connect Endpoint.
 message CreateEICERequest {
+  option deprecated = true;
   // Integration is the AWS OIDC Integration name.
   // Required.
   string integration = 1;
@@ -144,6 +157,7 @@ message CreateEICERequest {
 
 // EC2ICEndpoint contains the information for a single Endpoint to be created.
 message EC2ICEndpoint {
+  option deprecated = true;
   // Name is the endpoint name.
   string name = 1;
   // SubnetID is the Subnet where the Endpoint will be created.
@@ -155,6 +169,7 @@ message EC2ICEndpoint {
 
 // CreateEICEResponse is a request to create a VPC Endpoint of EC2 Instance Connect Endpoint type.
 message CreateEICEResponse {
+  option deprecated = true;
   // Name is the Endpoint ID.
   string name = 1;
   // CreatedEndpoints contains the name of created endpoints and their Subnet.
@@ -514,6 +529,7 @@ message EnrollEKSClustersResponse {
 
 // ListEC2Request is a request for a paginated list of AWS EC2 instances.
 message ListEC2Request {
+  option deprecated = true;
   // Integration is the AWS OIDC Integration name.
   // Required.
   string integration = 1;
@@ -527,6 +543,7 @@ message ListEC2Request {
 
 // ListEC2Response contains a page of AWS EC2 instances represented as Nodes.
 message ListEC2Response {
+  option deprecated = true;
   // Servers contains the page of EC2.
   repeated types.ServerV2 servers = 1;
   // NextToken is used for pagination.

lib/auth/integration/integrationv1/awsoidc.go

@@ -200,6 +200,8 @@ func (s *AWSOIDCService) awsClientReq(ctx context.Context, integrationName, regi
 }
 
 // ListEICE returns a paginated list of EC2 Instance Connect Endpoints.
+//
+// Deprecated: Marked as deprecated in teleport/integration/v1/awsoidc_service.proto.
 func (s *AWSOIDCService) ListEICE(ctx context.Context, req *integrationpb.ListEICERequest) (*integrationpb.ListEICEResponse, error) {
 	authCtx, err := s.authorizer.Authorize(ctx)
 	if err != nil {
@@ -249,6 +251,8 @@ func (s *AWSOIDCService) ListEICE(ctx context.Context, req *integrationpb.ListEI
 }
 
 // CreateEICE creates multiple EC2 Instance Connect Endpoint using the provided Subnets and Security Group IDs.
+//
+// Deprecated: Marked as deprecated in teleport/integration/v1/awsoidc_service.proto.
 func (s *AWSOIDCService) CreateEICE(ctx context.Context, req *integrationpb.CreateEICERequest) (*integrationpb.CreateEICEResponse, error) {
 	authCtx, err := s.authorizer.Authorize(ctx)
 	if err != nil {
@@ -661,6 +665,8 @@ func (s *AWSOIDCService) DeployService(ctx context.Context, req *integrationpb.D
 }
 
 // ListEC2 returns a paginated list of AWS EC2 instances.
+//
+// Deprecated: Marked as deprecated in teleport/integration/v1/awsoidc_service.proto.
 func (s *AWSOIDCService) ListEC2(ctx context.Context, req *integrationpb.ListEC2Request) (*integrationpb.ListEC2Response, error) {
 	authCtx, err := s.authorizer.Authorize(ctx)
 	if err != nil {

lib/auth/integration/integrationv1/awsoidc_test.go

@@ -240,18 +240,6 @@ func TestRBAC(t *testing.T) {
 		userCtx := authorizerForDummyUser(t, ctx, role, localClient)
 
 		for _, tt := range []endpointSubtest{
-			{
-				name: "ListEICE",
-				fn: func() error {
-					_, err := awsoidService.ListEICE(userCtx, &integrationv1.ListEICERequest{
-						Integration: integrationName,
-						Region:      "my-region",
-						VpcIds:      []string{"vpc-123"},
-						NextToken:   "",
-					})
-					return err
-				},
-			},
 			{
 				name: "ListDatabases",
 				fn: func() error {
@@ -347,18 +335,6 @@ func TestRBAC(t *testing.T) {
 		userCtx := authorizerForDummyUser(t, ctx, role, localClient)
 
 		for _, tt := range []endpointSubtest{
-			{
-				name: "ListEICE",
-				fn: func() error {
-					_, err := awsoidService.ListEICE(userCtx, &integrationv1.ListEICERequest{
-						Integration: integrationName,
-						Region:      "my-region",
-						VpcIds:      []string{"vpc-123"},
-						NextToken:   "",
-					})
-					return err
-				},
-			},
 			{
 				name: "ListDatabases",
 				fn: func() error {

lib/config/configuration.go

@@ -210,10 +210,6 @@ type CommandLineFlags struct {
 	// `teleport integration configure deployservice-iam` command
 	IntegrationConfDeployServiceIAMArguments IntegrationConfDeployServiceIAM
 
-	// IntegrationConfEICEIAMArguments contains the arguments of
-	// `teleport integration configure eice-iam` command
-	IntegrationConfEICEIAMArguments IntegrationConfEICEIAM
-
 	// IntegrationConfAWSAppAccessIAMArguments contains the arguments of
 	// `teleport integration configure aws-app-access-iam` command
 	IntegrationConfAWSAppAccessIAMArguments IntegrationConfAWSAppAccessIAM
@@ -329,19 +325,6 @@ type IntegrationConfDeployServiceIAM struct {
 	AutoConfirm bool
 }
 
-// IntegrationConfEICEIAM contains the arguments of
-// `teleport integration configure eice-iam` command
-type IntegrationConfEICEIAM struct {
-	// Region is the AWS Region used to set up the client.
-	Region string
-	// Role is the AWS Role associated with the Integration
-	Role string
-	// AccountID is the AWS account ID.
-	AccountID string
-	// AutoConfirm skips user confirmation of the operation plan if true.
-	AutoConfirm bool
-}
-
 // IntegrationConfAWSAppAccessIAM contains the arguments of
 // `teleport integration configure aws-app-access-iam` command
 type IntegrationConfAWSAppAccessIAM struct {