Skip to content

Commit

Permalink
fix(eks): unable to add multiple service accounts (#8122)
Browse files Browse the repository at this point in the history
When two services accounts are added to a single cluster it will throw an error on the resource name. This is because the service account resource name is not unique to the cluster regardless the unique service account name.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
vlesierse authored May 26, 2020
1 parent f26063f commit 524440c
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 2 deletions.
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-eks/lib/service-account.ts
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ export class ServiceAccount extends Construct implements IPrincipal {
this.grantPrincipal = this.role.grantPrincipal;
this.policyFragment = this.role.policyFragment;

cluster.addResource('ServiceAccount', {
cluster.addResource(`${id}ServiceAccountResource`, {
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2298,7 +2298,7 @@
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"ClustermanifestServiceAccountD03C306D": {
"ClustermanifestMyServiceAccountServiceAccountResource0EC03615": {
"Type": "Custom::AWSCDK-EKS-KubernetesResource",
"Properties": {
"ServiceToken": {
Expand Down
45 changes: 45 additions & 0 deletions packages/@aws-cdk/aws-eks/test/test.service-account.ts
Original file line number Diff line number Diff line change
Expand Up @@ -65,5 +65,50 @@ export = {
}));
test.done();
},
'should have allow multiple services accounts'(test: Test) {
// GIVEN
const { stack, cluster } = testFixtureCluster();

// WHEN
cluster.addServiceAccount('MyServiceAccount');
cluster.addServiceAccount('MyOtherServiceAccount');

// THEN
expect(stack).to(haveResource(eks.KubernetesResource.RESOURCE_TYPE, {
ServiceToken: {
'Fn::GetAtt': [
'awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B',
'Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn',
],
},
Manifest: {
'Fn::Join': [
'',
[
'[{\"apiVersion\":\"v1\",\"kind\":\"ServiceAccount\",\"metadata\":{\"name\":\"stackclustermyotherserviceaccounta472761a\",\"namespace\":\"default\",\"labels\":{\"app.kubernetes.io/name\":\"stackclustermyotherserviceaccounta472761a\"},\"annotations\":{\"eks.amazonaws.com/role-arn\":\"',
{
'Fn::GetAtt': [
'ClusterMyOtherServiceAccountRole764583C5',
'Arn',
],
},
'\"}}}]',
],
],
},
}));
test.done();
},
'should have unique resource name'(test: Test) {
// GIVEN
const { cluster } = testFixtureCluster();

// WHEN
cluster.addServiceAccount('MyServiceAccount');

// THEN
test.throws(() => cluster.addServiceAccount('MyServiceAccount'));
test.done();
},
},
};

0 comments on commit 524440c

Please sign in to comment.