fix(eks-v2-alpha): ensure kubectl provider access entry is depended upon by downstream resources (#36734)

_Note: Copied from #34898 with updated snapshots, credit to @msessa._ 

Closes #34897

### Reason for this change

The `AccessEntry` for kubectl provider should be included as a dependency of the kubectl ready barrier.

### Description of changes

Add the kubectl `AccessEntry` to the explicit dependencies for the ready barrier resource

### Description of how you validated changes

- Updated unit test
- Updated integration tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: Abogical

packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts

@@ -1296,6 +1296,9 @@ export class Cluster extends ClusterBase {
       // give the handler role admin access to the cluster
       // so it can deploy/query any resource.
       this._clusterAdminAccess = this.grantClusterAdmin('ClusterAdminRoleAccess', this._kubectlProvider?.role!.roleArn);
+
+      // Ensure kubectl is marked as ready only after admin access has been granted
+      this._kubectlReadyBarrier.node.addDependency(this._clusterAdminAccess);
     }
 
     // do not create a masters role if one is not provided. Trusting the accountRootPrincipal() is too permissive.

packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts

@@ -1552,25 +1552,43 @@ describe('cluster', () => {
       // THEN
       const template = app.synth().getStackArtifact(stack.artifactId).template;
 
-      const barrier = template.Resources.ClusterKubectlReadyBarrier200052AF;
-
-      expect(barrier.DependsOn).toEqual([
-        'Clusterfargateprofileprofile1PodExecutionRoleE85F87B5',
-        'Clusterfargateprofileprofile129AEA3C6',
-        'Clusterfargateprofileprofile2PodExecutionRole22670AF8',
-        'Clusterfargateprofileprofile233B9A117',
-        'Clusterfargateprofileprofile3PodExecutionRole475C0D8F',
-        'Clusterfargateprofileprofile3D06F3076',
-        'Clusterfargateprofileprofile4PodExecutionRole086057FB',
-        'Clusterfargateprofileprofile4A0E3BBE8',
-        'ClusterEB0386A7',
-      ]);
-
-      const kubectlResources = ['chartF2447AFC', 'patch1B964AC93', 'Clustermanifestresource10B1C9505'];
+      const kubectlReadyBarrier = 'ClusterKubectlReadyBarrier200052AF';
+      const barrier = template.Resources[kubectlReadyBarrier];
+
+      const adminRoleAccess = 'ClusterClusterAdminRoleAccessF2BFF759';
+      const profile1PodExecutionRole = 'Clusterfargateprofileprofile1PodExecutionRoleE85F87B5';
+      const profile1 = 'Clusterfargateprofileprofile129AEA3C6';
+      const profile2PodExecutionRole = 'Clusterfargateprofileprofile2PodExecutionRole22670AF8';
+      const profile2 = 'Clusterfargateprofileprofile233B9A117';
+      const profile3PodExecutionRole = 'Clusterfargateprofileprofile3PodExecutionRole475C0D8F';
+      const profile3 = 'Clusterfargateprofileprofile3D06F3076';
+      const profile4PodExecutionRole = 'Clusterfargateprofileprofile4PodExecutionRole086057FB';
+      const profile4 = 'Clusterfargateprofileprofile4A0E3BBE8';
+      const clusterResource = 'ClusterEB0386A7';
+
+      const expectedBarrierDependencies = [
+        adminRoleAccess,
+        profile1PodExecutionRole,
+        profile1,
+        profile2PodExecutionRole,
+        profile2,
+        profile3PodExecutionRole,
+        profile3,
+        profile4PodExecutionRole,
+        profile4,
+        clusterResource,
+      ];
+
+      expect(barrier.DependsOn).toEqual(expectedBarrierDependencies);
+
+      const helmChart = 'chartF2447AFC';
+      const kubernetesPatch = 'patch1B964AC93';
+      const kubernetesManifest = 'Clustermanifestresource10B1C9505';
+      const kubectlResources = [helmChart, kubernetesPatch, kubernetesManifest];
 
       // check that all kubectl resources depend on the barrier
-      for (const r of kubectlResources) {
-        expect(template.Resources[r].DependsOn).toEqual(['ClusterKubectlReadyBarrier200052AF']);
+      for (const resource of kubectlResources) {
+        expect(template.Resources[resource].DependsOn).toEqual([kubectlReadyBarrier]);
       }
     });