From 759c955869d9d8932c4ce60231283380b3f440b2 Mon Sep 17 00:00:00 2001
From: Zach Dunton <zach.dunton@smartfrog.com>
Date: Thu, 14 Nov 2019 15:19:16 +0100
Subject: [PATCH 1/2] Add AWS pod identity support

---
 .../keda/v1alpha1/triggerauthentication_types.go   |  7 +++++++
 pkg/handler/scale_handler.go                       | 14 ++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/pkg/apis/keda/v1alpha1/triggerauthentication_types.go b/pkg/apis/keda/v1alpha1/triggerauthentication_types.go
index 162ae05a538..c68488f1736 100644
--- a/pkg/apis/keda/v1alpha1/triggerauthentication_types.go
+++ b/pkg/apis/keda/v1alpha1/triggerauthentication_types.go
@@ -48,6 +48,13 @@ const (
 	PodIdentityProviderAzure                      = "azure"
 	PodIdentityProviderGCP                        = "gcp"
 	PodIdentityProviderSpiffe                     = "spiffe"
+	PodIdentityProviderEKS                        = "eks"
+	PodIdentityProviderKIAM                       = "kiam"
+)
+
+const (
+	PodIdentityAnnotationEKS  = "eks.amazonaws.com/role-arn"
+	PodIdentityAnnotationKiam = "iam.amazonaws.com/role"
 )
 
 // AuthPodIdentity allows users to select the platform native identity
diff --git a/pkg/handler/scale_handler.go b/pkg/handler/scale_handler.go
index 66715dc37ed..40a4c10ec32 100644
--- a/pkg/handler/scale_handler.go
+++ b/pkg/handler/scale_handler.go
@@ -10,6 +10,7 @@ import (
 	"github.com/go-logr/logr"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -182,6 +183,19 @@ func (h *ScaleHandler) GetDeploymentScalers(scaledObject *kedav1alpha1.ScaledObj
 
 	for i, trigger := range scaledObject.Spec.Triggers {
 		authParams, podIdentity := h.parseDeploymentAuthRef(trigger.AuthenticationRef, scaledObject, deployment)
+
+		if podIdentity == "eks" {
+			serviceAccountName := deployment.Spec.Template.Spec.ServiceAccountName
+			serviceAccount := &v1.ServiceAccount{}
+			err = h.client.Get(context.TODO(), types.NamespacedName{Name: serviceAccountName, Namespace: scaledObject.GetNamespace()}, serviceAccount)
+			if err != nil {
+				return scalers, nil, fmt.Errorf("error getting deployment: %s", err)
+			}
+			authParams["awsRoleArn"] = serviceAccount.Annotations[kedav1alpha1.PodIdentityAnnotationEKS]
+		} else if podIdentity == "kiam" {
+			authParams["awsRoleArn"] = deployment.Spec.Template.ObjectMeta.Annotations[kedav1alpha1.PodIdentityAnnotationKiam]
+		}
+
 		scaler, err := h.getScaler(scaledObject.Name, scaledObject.Namespace, trigger.Type, resolvedEnv, trigger.Metadata, authParams, podIdentity)
 		if err != nil {
 			return scalers, nil, fmt.Errorf("error getting scaler for trigger #%d: %s", i, err)

From 14bc06f0a9fbc5b69a3290dcf6605c0300a11508 Mon Sep 17 00:00:00 2001
From: Zach Dunton <zach.dunton@smartfrog.com>
Date: Mon, 9 Dec 2019 11:02:41 -0500
Subject: [PATCH 2/2] Rename pod identity providers 'kiam' -> 'aws-kiam' 'eks' 
 -> 'aws-eks'

---
 .../keda/v1alpha1/triggerauthentication_types.go     | 12 ++++++------
 pkg/handler/scale_handler.go                         |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/pkg/apis/keda/v1alpha1/triggerauthentication_types.go b/pkg/apis/keda/v1alpha1/triggerauthentication_types.go
index c68488f1736..1c251c5b544 100644
--- a/pkg/apis/keda/v1alpha1/triggerauthentication_types.go
+++ b/pkg/apis/keda/v1alpha1/triggerauthentication_types.go
@@ -44,12 +44,12 @@ type TriggerAuthenticationList struct {
 type PodIdentityProvider string
 
 const (
-	PodIdentityProviderNone   PodIdentityProvider = "none"
-	PodIdentityProviderAzure                      = "azure"
-	PodIdentityProviderGCP                        = "gcp"
-	PodIdentityProviderSpiffe                     = "spiffe"
-	PodIdentityProviderEKS                        = "eks"
-	PodIdentityProviderKIAM                       = "kiam"
+	PodIdentityProviderNone    PodIdentityProvider = "none"
+	PodIdentityProviderAzure                       = "azure"
+	PodIdentityProviderGCP                         = "gcp"
+	PodIdentityProviderSpiffe                      = "spiffe"
+	PodIdentityProviderAwsEKS                      = "aws-eks"
+	PodIdentityProviderAwsKiam                     = "aws-kiam"
 )
 
 const (
diff --git a/pkg/handler/scale_handler.go b/pkg/handler/scale_handler.go
index 40a4c10ec32..3f79483c08c 100644
--- a/pkg/handler/scale_handler.go
+++ b/pkg/handler/scale_handler.go
@@ -184,7 +184,7 @@ func (h *ScaleHandler) GetDeploymentScalers(scaledObject *kedav1alpha1.ScaledObj
 	for i, trigger := range scaledObject.Spec.Triggers {
 		authParams, podIdentity := h.parseDeploymentAuthRef(trigger.AuthenticationRef, scaledObject, deployment)
 
-		if podIdentity == "eks" {
+		if podIdentity == kedav1alpha1.PodIdentityProviderAwsEKS {
 			serviceAccountName := deployment.Spec.Template.Spec.ServiceAccountName
 			serviceAccount := &v1.ServiceAccount{}
 			err = h.client.Get(context.TODO(), types.NamespacedName{Name: serviceAccountName, Namespace: scaledObject.GetNamespace()}, serviceAccount)
@@ -192,7 +192,7 @@ func (h *ScaleHandler) GetDeploymentScalers(scaledObject *kedav1alpha1.ScaledObj
 				return scalers, nil, fmt.Errorf("error getting deployment: %s", err)
 			}
 			authParams["awsRoleArn"] = serviceAccount.Annotations[kedav1alpha1.PodIdentityAnnotationEKS]
-		} else if podIdentity == "kiam" {
+		} else if podIdentity == kedav1alpha1.PodIdentityProviderAwsKiam {
 			authParams["awsRoleArn"] = deployment.Spec.Template.ObjectMeta.Annotations[kedav1alpha1.PodIdentityAnnotationKiam]
 		}