Williamo/v18 fix operator map generation

[williamong-tel]

backport of #64459

Had conflicts in the docs and the go.mod and go.sum.

Ran go mod tidy and make crd

Changelog: fix map generation for teleport resources to k8s

Manual Test Plan

Test Environment

Local k3s environment

Test Cases

• Applied some resources with the new map format and verified that teleport didn't complain

# Generated by our friend Claude
apiVersion: resources.teleport.dev/v1
kind: TeleportAccessMonitoringRuleV1
metadata:
  name: test-map-amr
  namespace: test
spec:
  subjects:
    - "access_request"
  condition: "access_request.spec.roles.contains(\"admin\")"
  notification:
    name: "slack"
    recipients:
      - "channel-id"
  schedules:
    on_call:
      time:
        timezone: "America/New_York"
        shifts:
          - weekday: "monday"
            start: "09:00"
            end: "17:00"
    after_hours:
      time:
        timezone: "America/New_York"
        shifts:
          - weekday: "saturday"
            start: "00:00"
            end: "23:59"

---
# 2. LoginRule - traits_map: map<string, StringValues>
apiVersion: resources.teleport.dev/v1
kind: TeleportLoginRule
metadata:
  name: test-map-loginrule
  namespace: test
spec:
  priority: 1
  traits_map:
    groups:
      - "external.groups"
    logins:
      - "external.username"

---
# 3. OktaImportRule - add_labels: map<string, string>
apiVersion: resources.teleport.dev/v1
kind: TeleportOktaImportRule
metadata:
  name: test-map-oktarule
  namespace: test
spec:
  priority: 1
  mappings:
    - match:
        - app_ids:
            - "app-123"
      add_labels:
        env: "production"
        team: "platform"

---
# 4. OpenSSHServerV2 - immutable_labels: map<string, string>
apiVersion: resources.teleport.dev/v1
kind: TeleportOpenSSHServerV2
metadata:
  name: test-map-openssh
  namespace: test
spec:
  hostname: "test-server"
  addr: "10.0.0.1:22"
  immutable_labels:
    env: "prod"
    region: "us-east-1"
    ```

[github-actions]

Amplify deployment status

Branch	Commit	Job ID	Status	Preview	Updated (UTC)
williamo/v18-fix-operator-map-generation	HEAD	1	✅SUCCEED	williamo-v18-fix-operator-map-generation	2026-03-13 03:14:16

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dc28ecda39

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Build validators for every CRD version

buildValidators only registers crd.Spec.Versions[0], but this repo contains multi-version CRDs (for example resources.teleport.dev_roles.yaml has several entries under spec.versions), so fixtures targeting any non-first version will not be validated at all (require.NotNil fails) or can be checked against the wrong schema if version ordering changes. This makes the new test miss real schema regressions for versioned resources even though it claims to validate fixtures against CRDs.

Useful? React with 👍 / 👎.