eksctl-io · cheeseandcereal · Apr 17, 2025 · Apr 8, 2025 · Apr 8, 2025 · Apr 9, 2025
diff --git a/go.mod b/go.mod
@@ -11,19 +11,19 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.36.3
 	github.com/aws/aws-sdk-go-v2/config v1.29.12
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.65
-	github.com/aws/aws-sdk-go-v2/service/autoscaling v1.52.2
-	github.com/aws/aws-sdk-go-v2/service/cloudformation v1.59.1
-	github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.3
-	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.47.2
+	github.com/aws/aws-sdk-go-v2/service/autoscaling v1.52.3
+	github.com/aws/aws-sdk-go-v2/service/cloudformation v1.59.2
+	github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.4
+	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.47.3
 	github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.51.3
 	github.com/aws/aws-sdk-go-v2/service/ec2 v1.210.1
-	github.com/aws/aws-sdk-go-v2/service/eks v1.63.1
-	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.29.2
-	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.1
+	github.com/aws/aws-sdk-go-v2/service/eks v1.63.2
+	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.29.3
+	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.2
 	github.com/aws/aws-sdk-go-v2/service/iam v1.41.1
 	github.com/aws/aws-sdk-go-v2/service/kms v1.38.1
 	github.com/aws/aws-sdk-go-v2/service/outposts v1.50.1
-	github.com/aws/aws-sdk-go-v2/service/ssm v1.58.1
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.58.2
 	github.com/aws/aws-sdk-go-v2/service/sts v1.33.17
 	github.com/aws/smithy-go v1.22.3
 	github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20250219002025-c3b5cd3d2fd9

diff --git a/go.sum b/go.sum
@@ -126,22 +126,36 @@ github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.33 h1:/frG8aV09yhCVSOEC2pzktflJJO
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.33/go.mod h1:8vwASlAcV366M+qxZnjNzCjeastk1Rt1bpSRaGZanGU=
 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.52.2 h1:OA5uEC/SrjRLhNGHgF/iS6YQz1bjlrCje9sERyLlGro=
 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.52.2/go.mod h1:CDqMoc3KRdZJ8qziW96J35lKH01Wq3B2aihtHj2JbRs=
+github.com/aws/aws-sdk-go-v2/service/autoscaling v1.52.3 h1:QsKdBxtC8csnKt5BbV7D1op4Nf13p2YkTJIkppaCakw=
+github.com/aws/aws-sdk-go-v2/service/autoscaling v1.52.3/go.mod h1:CDqMoc3KRdZJ8qziW96J35lKH01Wq3B2aihtHj2JbRs=
 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.59.1 h1:VaXjN6szl50hbLMfSOKBKl3bEOb805aHe8j1yv0fKhU=
 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.59.1/go.mod h1:penaZKzGmqHGZId4EUCBIW/f9l4Y7hQ5NKd45yoCYuI=
+github.com/aws/aws-sdk-go-v2/service/cloudformation v1.59.2 h1:o9cuZdZlI9VWMqsNa2mnf2IRsFAROHnaYA1BW3lHGuY=
+github.com/aws/aws-sdk-go-v2/service/cloudformation v1.59.2/go.mod h1:penaZKzGmqHGZId4EUCBIW/f9l4Y7hQ5NKd45yoCYuI=
 github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.3 h1:nTKHvvDTsS6SqAqu/fDhpmbNmDz+0ONh8niPoCkhPtM=
 github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.3/go.mod h1:/BibEr5ksr34abqBTQN213GrNG6GCKCB6WG7CH4zH2w=
+github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.4 h1:pQpinmWv9jEisDR6/DccOf2cXdAf/CAwQ39nfJfJDlE=
+github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.48.4/go.mod h1:/BibEr5ksr34abqBTQN213GrNG6GCKCB6WG7CH4zH2w=
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.47.2 h1:caIDFGKezQQA/kali05x3NF2DVwzjtOFjvNvFnEeCm4=
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.47.2/go.mod h1:uo14VBn5cNk/BPGTPz3kyLBxgpgOObgO8lmz+H7Z4Ck=
+github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.47.3 h1:3y0jkGtsaZLCg+n73BoSXOAkLFtgmD/+4prXW1pzovc=
+github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.47.3/go.mod h1:uo14VBn5cNk/BPGTPz3kyLBxgpgOObgO8lmz+H7Z4Ck=
 github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.51.3 h1:4U9dpQZTvJ0Mi1qn8L1hRJ4igFCQYEjwUuOmYkWM5tE=
 github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.51.3/go.mod h1:ygltZT++6Wn2uG4+tqE0NW1MkdEtb5W2O/CFc0xJX/g=
 github.com/aws/aws-sdk-go-v2/service/ec2 v1.210.1 h1:+4A9SDduLZFlDeXWRmfQ6r8kyEJZQfK6lcg+KwdvWrI=
 github.com/aws/aws-sdk-go-v2/service/ec2 v1.210.1/go.mod h1:ouvGEfHbLaIlWwpDpOVWPWR+YwO0HDv3vm5tYLq8ImY=
 github.com/aws/aws-sdk-go-v2/service/eks v1.63.1 h1:oI4AHf3K7cA+ukczcNwYsE8A7trMQiTRZTsgfkSS9BE=
 github.com/aws/aws-sdk-go-v2/service/eks v1.63.1/go.mod h1:v1xXy6ea0PHtWkjFUvAUh6B/5wv7UF909Nru0dOIJDk=
+github.com/aws/aws-sdk-go-v2/service/eks v1.63.2 h1:ymoK/RrNf6SAzWCPUk9EdyUAshlmBeF6ZWe6GcS8XBg=
+github.com/aws/aws-sdk-go-v2/service/eks v1.63.2/go.mod h1:v1xXy6ea0PHtWkjFUvAUh6B/5wv7UF909Nru0dOIJDk=
 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.29.2 h1:Zlfmpg4QsduBeiK0vTc8WjnHZoYVGe64FcwuCsipjWE=
 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.29.2/go.mod h1:H232HdqVlSUoqy0cMJYW1TKjcxvGFGFZ20xQG8fOAPw=
+github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.29.3 h1:DpyV8LeDf0y7iDaGZ3h1Y+Nh5IaBOR+xj44vVgEEegY=
+github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.29.3/go.mod h1:H232HdqVlSUoqy0cMJYW1TKjcxvGFGFZ20xQG8fOAPw=
 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.1 h1:USXR7nfl+bu7HnR/M3KtnPD3wjlCXM72kYX+2PaIgEI=
 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.1/go.mod h1:xnCC3vFBfOKpU6PcsCKL2ktgBTZfOwTGxj6V8/X3IS4=
+github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.2 h1:vX70Z4lNSr7XsioU0uJq5yvxgI50sB66MvD+V/3buS4=
+github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.2/go.mod h1:xnCC3vFBfOKpU6PcsCKL2ktgBTZfOwTGxj6V8/X3IS4=
 github.com/aws/aws-sdk-go-v2/service/eventbridge v1.36.12 h1:uH6GOnGSvVN9MCk6o3+HvZFpdqL7AzJKNOTM/6l+3/s=
 github.com/aws/aws-sdk-go-v2/service/eventbridge v1.36.12/go.mod h1:6qtp53AQg7KEeYrsp430PNlmVVO9qK0Xw8nddE1y+ow=
 github.com/aws/aws-sdk-go-v2/service/iam v1.41.1 h1:Kq3R+K49y23CGC5UQF3Vpw5oZEQk5gF/nn+MekPD0ZY=
@@ -168,6 +182,8 @@ github.com/aws/aws-sdk-go-v2/service/sqs v1.37.15 h1:KRXf9/NWjoRgj2WJbX13GNjBPQ1
 github.com/aws/aws-sdk-go-v2/service/sqs v1.37.15/go.mod h1:1CY54O4jz8BzgH2d6KyrzKWr2bAoqKsqUv2YZUGwMLE=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.58.1 h1:GLyAQEth2SljkC2DP5iK2GMkzgrGvURD+NEBVgQer3I=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.58.1/go.mod h1:PUWUl5MDiYNQkUHN9Pyd9kgtA/YhbxnSnHP+yQqzrM8=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.58.2 h1:uXy3QGAw3xv0RS+OlbeMEAnOA3vFFsf7yvjUswV6N/k=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.58.2/go.mod h1:PUWUl5MDiYNQkUHN9Pyd9kgtA/YhbxnSnHP+yQqzrM8=
 github.com/aws/aws-sdk-go-v2/service/sso v1.25.2 h1:pdgODsAhGo4dvzC3JAG5Ce0PX8kWXrTZGx+jxADD+5E=
 github.com/aws/aws-sdk-go-v2/service/sso v1.25.2/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.0 h1:90uX0veLKcdHVfvxhkWUQSCi5VabtwMLFutYiRke4oo=

diff --git a/pkg/actions/irsa/get.go b/pkg/actions/irsa/get.go
@@ -14,38 +14,9 @@ type GetOptions struct {
 }
 
 func (m *Manager) Get(ctx context.Context, options GetOptions) ([]*api.ClusterIAMServiceAccount, error) {
-	remoteServiceAccounts, err := m.stackManager.GetIAMServiceAccounts(ctx)
+	remoteServiceAccounts, err := m.stackManager.GetIAMServiceAccounts(ctx, options.Name, options.Namespace)
 	if err != nil {
 		return nil, fmt.Errorf("getting iamserviceaccounts: %w", err)
 	}
-
-	if options.Namespace != "" {
-		remoteServiceAccounts = filterByNamespace(remoteServiceAccounts, options.Namespace)
-	}
-
-	if options.Name != "" {
-		remoteServiceAccounts = filterByName(remoteServiceAccounts, options.Name)
-	}
-
 	return remoteServiceAccounts, nil
 }
-
-func filterByNamespace(serviceAccounts []*api.ClusterIAMServiceAccount, namespace string) []*api.ClusterIAMServiceAccount {
-	var serviceAccountsMatching []*api.ClusterIAMServiceAccount
-	for _, sa := range serviceAccounts {
-		if sa.Namespace == namespace {
-			serviceAccountsMatching = append(serviceAccountsMatching, sa)
-		}
-	}
-	return serviceAccountsMatching
-}
-
-func filterByName(serviceAccounts []*api.ClusterIAMServiceAccount, name string) []*api.ClusterIAMServiceAccount {
-	var serviceAccountsMatching []*api.ClusterIAMServiceAccount
-	for _, sa := range serviceAccounts {
-		if sa.Name == name {
-			serviceAccountsMatching = append(serviceAccountsMatching, sa)
-		}
-	}
-	return serviceAccountsMatching
-}
diff --git a/pkg/actions/irsa/get_test.go b/pkg/actions/irsa/get_test.go
@@ -24,8 +24,8 @@ var _ = Describe("Get", func() {
 		irsaManager = irsa.New("my-cluster", fakeStackManager, nil, nil)
 	})
 
-	When("no options are specified", func() {
-		It("returns all service accounts", func() {
+	When("no error occurs", func() {
+		It("returns service accounts from GetIAMServiceAccounts", func() {
 			fakeStackManager.GetIAMServiceAccountsReturns([]*api.ClusterIAMServiceAccount{
 				{
 					ClusterIAMMeta: api.ClusterIAMMeta{
@@ -65,109 +65,4 @@ var _ = Describe("Get", func() {
 			}))
 		})
 	})
-
-	When("name option is specified", func() {
-		It("returns only the service account matching the name", func() {
-			fakeStackManager.GetIAMServiceAccountsReturns([]*api.ClusterIAMServiceAccount{
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "test-sa",
-						Namespace: "default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "test-sa-2",
-						Namespace: "not-default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-			}, nil)
-
-			serviceAccounts, err := irsaManager.Get(context.Background(), irsa.GetOptions{Name: "test-sa"})
-			Expect(err).NotTo(HaveOccurred())
-
-			Expect(fakeStackManager.GetIAMServiceAccountsCallCount()).To(Equal(1))
-			Expect(serviceAccounts).To(Equal([]*api.ClusterIAMServiceAccount{
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "test-sa",
-						Namespace: "default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-			}))
-		})
-	})
-
-	When("namespace option is specified", func() {
-		It("returns only the service account matching the name", func() {
-			fakeStackManager.GetIAMServiceAccountsReturns([]*api.ClusterIAMServiceAccount{
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "test-sa",
-						Namespace: "default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "test-sa-2",
-						Namespace: "not-default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-			}, nil)
-
-			serviceAccounts, err := irsaManager.Get(context.Background(), irsa.GetOptions{Namespace: "not-default"})
-			Expect(err).NotTo(HaveOccurred())
-
-			Expect(fakeStackManager.GetIAMServiceAccountsCallCount()).To(Equal(1))
-			Expect(serviceAccounts).To(Equal([]*api.ClusterIAMServiceAccount{
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "test-sa-2",
-						Namespace: "not-default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-			}))
-		})
-	})
-
-	When("name and namespace option is specified", func() {
-		It("returns only the service account matching the name", func() {
-			fakeStackManager.GetIAMServiceAccountsReturns([]*api.ClusterIAMServiceAccount{
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "test-sa",
-						Namespace: "default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "some-other-sa",
-						Namespace: "default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-			}, nil)
-
-			serviceAccounts, err := irsaManager.Get(context.Background(), irsa.GetOptions{Namespace: "default", Name: "test-sa"})
-			Expect(err).NotTo(HaveOccurred())
-
-			Expect(fakeStackManager.GetIAMServiceAccountsCallCount()).To(Equal(1))
-			Expect(serviceAccounts).To(Equal([]*api.ClusterIAMServiceAccount{
-				{
-					ClusterIAMMeta: api.ClusterIAMMeta{
-						Name:      "test-sa",
-						Namespace: "default",
-					},
-					AttachPolicyARNs: []string{"arn-123"},
-				},
-			}))
-		})
-	})
 })
diff --git a/pkg/actions/podidentityassociation/deleter.go b/pkg/actions/podidentityassociation/deleter.go
@@ -25,7 +25,7 @@ type StackLister interface {
 	ListPodIdentityStackNames(ctx context.Context) ([]string, error)
 	DescribeStack(ctx context.Context, stack *manager.Stack) (*manager.Stack, error)
 	GetStackTemplate(ctx context.Context, stackName string) (string, error)
-	GetIAMServiceAccounts(ctx context.Context) ([]*api.ClusterIAMServiceAccount, error)
+	GetIAMServiceAccounts(ctx context.Context, name string, namespace string) ([]*api.ClusterIAMServiceAccount, error)
 }
 
 // A StackDeleter lists and deletes CloudFormation stacks.

diff --git a/pkg/actions/podidentityassociation/fakes/fake_stack_updater.go b/pkg/actions/podidentityassociation/fakes/fake_stack_updater.go
diff --git a/pkg/actions/podidentityassociation/migrator.go b/pkg/actions/podidentityassociation/migrator.go
@@ -86,7 +86,7 @@ func (m *Migrator) MigrateToPodIdentity(ctx context.Context, options PodIdentity
 	*/
 	resolver := IRSAv1StackNameResolver{}
 	if err := resolver.Populate(func() ([]*api.ClusterIAMServiceAccount, error) {
-		return m.stackUpdater.GetIAMServiceAccounts(ctx)
+		return m.stackUpdater.GetIAMServiceAccounts(ctx, "", "")
 	}); err != nil {
 		return err
 	}

diff --git a/pkg/actions/podidentityassociation/mocks/StackDeleter.go b/pkg/actions/podidentityassociation/mocks/StackDeleter.go