feat(control-room): add EKS access entries support

lib/helpers/helpers_test.go

@@ -91,9 +91,10 @@ func TestGenerateRandomString(t *testing.T) {
 			assert.Equal(t, tt.length, len(result))
 
 			// Generate another string of same length and verify they're different
-			// This is a probabilistic test, but the chance of two random strings being
-			// identical is extremely low for any reasonable length
-			if tt.length > 0 {
+			// Only check randomness for lengths >= 4 where collision probability
+			// is negligible (1/62^4 ≈ 0.00007%). For shorter lengths, the collision
+			// probability is too high for a reliable test (1/62 ≈ 1.6% for length 1).
+			if tt.length >= 4 {
 				anotherResult := GenerateRandomString(tt.length)
 				assert.NotEqual(t, result, anotherResult, "Generated strings should be random")
 			}

lib/types/controlroom.go

@@ -1,5 +1,12 @@
 package types
 
+// EKSAccessEntriesConfig holds configuration for EKS Access Entries
+type EKSAccessEntriesConfig struct {
+	Enabled                    bool                     `json:"enabled" yaml:"enabled"`
+	AdditionalEntries          []map[string]interface{} `json:"additional_entries" yaml:"additional_entries"`
+	IncludeSameAccountPoweruser bool                     `json:"include_same_account_poweruser" yaml:"include_same_account_poweruser"`
+}
+
 // TrustedUserIpAddress represents an IP address for a trusted user
 type TrustedUserIpAddress struct {
 	Ip      string `json:"ip" yaml:"ip"`
@@ -15,12 +22,13 @@ type TrustedUser struct {
 }
 
 type AWSControlRoomConfig struct {
-	AccountID                        string            `json:"account_id" yaml:"account_id"`
-	PowerUserARN                     string            `json:"power_user_arn" yaml:"power_user_arn"`
-	Domain                           string            `json:"domain" yaml:"domain"`
-	Environment                      string            `json:"environment" yaml:"environment"`
-	TrueName                         string            `json:"true_name" yaml:"true_name"`
-	DBAllocatedStorage               int               `json:"db_allocated_storage" yaml:"db_allocated_storage"`
+	AccountID                        string                  `json:"account_id" yaml:"account_id"`
+	PowerUserARN                     string                  `json:"power_user_arn" yaml:"power_user_arn"`
+	Domain                           string                  `json:"domain" yaml:"domain"`
+	Environment                      string                  `json:"environment" yaml:"environment"`
+	TrueName                         string                  `json:"true_name" yaml:"true_name"`
+	EksAccessEntries                 *EKSAccessEntriesConfig `json:"eks_access_entries" yaml:"eks_access_entries"`
+	DBAllocatedStorage               int                     `json:"db_allocated_storage" yaml:"db_allocated_storage"`
 	DBEngineVersion                  string            `json:"db_engine_version" yaml:"db_engine_version"`
 	DBInstanceClass                  string            `json:"db_instance_class" yaml:"db_instance_class"`
 	EksK8sVersion                    *string           `json:"eks_k8s_version" yaml:"eks_k8s_version"`

python-pulumi/src/ptd/aws_control_room.py

@@ -41,6 +41,7 @@ class AWSControlRoomConfig:
     true_name: str
 
     power_user_arn: str | None = None
+    eks_access_entries: ptd.EKSAccessEntriesConfig = dataclasses.field(default_factory=ptd.EKSAccessEntriesConfig)
     db_allocated_storage: int = 100
     db_engine_version: str = "16.4"
     db_instance_class: str = "db.t3.small"
@@ -185,6 +186,12 @@ def load(self) -> None:
             for h in trusted_users_raw
         ]
 
+        # Parse eks_access_entries field
+        if "eks_access_entries" in spec:
+            eks_access_entries_dict = spec.pop("eks_access_entries")
+            if isinstance(eks_access_entries_dict, dict):
+                spec["eks_access_entries"] = ptd.EKSAccessEntriesConfig(**eks_access_entries_dict)
+
         self.cfg = AWSControlRoomConfig(**spec)
 
     @property

python-pulumi/src/ptd/pulumi_resources/aws_control_room_cluster.py

@@ -133,7 +133,11 @@ def _define_eks(self) -> None:
             ami_type="AL2023_x86_64_STANDARD",
         )
 
-        self.eks.with_aws_auth()
+        self.eks.with_aws_auth(
+            use_eks_access_entries=self.control_room.cfg.eks_access_entries.enabled,
+            additional_access_entries=self.control_room.cfg.eks_access_entries.additional_entries,
+            include_poweruser=self.control_room.cfg.eks_access_entries.include_same_account_poweruser,
+        )
 
         self.eks.with_gp3()