Merge pull request #43987 from myerscf/fix/update-eks-tests-with-spn-data-souce

ewbankkit · web-flow · commit 4dbb03ace489 · 2025-08-21T17:03:11.000-04:00
Fix/update eks tests with spn data souce
diff --git a/internal/service/eks/access_entry_test.go b/internal/service/eks/access_entry_test.go
@@ -349,6 +349,10 @@ func testAccAccessEntryConfig_base(rName string) string {
 	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
 data "aws_partition" "current" {}
 
+data "aws_service_principal" "eks" {
+  service_name = "eks"
+}
+
 resource "aws_iam_role" "test" {
   name = %[1]q
 
@@ -359,7 +363,7 @@ resource "aws_iam_role" "test" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "eks.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.eks.name}"
       },
       "Action": "sts:AssumeRole"
     }
@@ -472,7 +476,7 @@ resource "aws_iam_role" "test2" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "eks.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.eks.name}"
       },
       "Action": "sts:AssumeRole"
     }
@@ -502,7 +506,7 @@ resource "aws_iam_role" "test2" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "eks.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.eks.name}"
       },
       "Action": "sts:AssumeRole"
     }
diff --git a/internal/service/eks/access_policy_association_test.go b/internal/service/eks/access_policy_association_test.go
@@ -172,6 +172,10 @@ func testAccAccessPolicyAssociationConfig_base(rName string) string {
 	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
 data "aws_partition" "current" {}
 
+data "aws_service_principal" "eks" {
+  service_name = "eks"
+}
+
 resource "aws_iam_role" "test" {
   name = %[1]q
 
@@ -182,7 +186,7 @@ resource "aws_iam_role" "test" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "eks.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.eks.name}"
       },
       "Action": "sts:AssumeRole"
     }
diff --git a/internal/service/eks/addon_data_source_test.go b/internal/service/eks/addon_data_source_test.go
@@ -97,11 +97,11 @@ data "aws_eks_addon" "test" {
 func testAccAddonDataSourceConfig_configurationValues(rName, addonName, addonVersion, configurationValues, resolveConflicts string) string {
 	return acctest.ConfigCompose(testAccAddonConfig_base(rName), fmt.Sprintf(`
 resource "aws_eks_addon" "test" {
-  cluster_name         = aws_eks_cluster.test.name
-  addon_name           = %[2]q
-  addon_version        = %[3]q
-  configuration_values = %[4]q
-  resolve_conflicts    = %[5]q
+  cluster_name                = aws_eks_cluster.test.name
+  addon_name                  = %[2]q
+  addon_version               = %[3]q
+  configuration_values        = %[4]q
+  resolve_conflicts_on_create = %[5]q
 }
 
 data "aws_eks_addon" "test" {
diff --git a/internal/service/eks/addon_test.go b/internal/service/eks/addon_test.go
@@ -480,6 +480,10 @@ func testAccAddonConfig_base(rName string) string {
 	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
 data "aws_partition" "current" {}
 
+data "aws_service_principal" "eks" {
+  service_name = "eks"
+}
+
 resource "aws_iam_role" "test" {
   name = %[1]q
 
@@ -490,7 +494,7 @@ resource "aws_iam_role" "test" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "eks.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.eks.name}"
       },
       "Action": "sts:AssumeRole"
     }
diff --git a/internal/service/eks/addon_version_data_source_test.go b/internal/service/eks/addon_version_data_source_test.go
@@ -54,11 +54,10 @@ data "aws_eks_addon_version" "test" {
 }
 
 resource "aws_eks_addon" "test" {
-  addon_name    = %[2]q
-  cluster_name  = aws_eks_cluster.test.name
-  addon_version = data.aws_eks_addon_version.test.version
-
-  resolve_conflicts = "OVERWRITE"
+  addon_name                  = %[2]q
+  cluster_name                = aws_eks_cluster.test.name
+  addon_version               = data.aws_eks_addon_version.test.version
+  resolve_conflicts_on_create = "OVERWRITE"
 }
 
 data "aws_eks_addon" "test" {
diff --git a/internal/service/eks/cluster_test.go b/internal/service/eks/cluster_test.go
@@ -29,11 +29,17 @@ import (
 )
 
 const (
-	clusterVersionUpgradeInitial = "1.27"
-	clusterVersionUpgradeUpdated = "1.28"
+	clusterVersion130 = "1.30"
+	clusterVersion131 = "1.31"
+	clusterVersion132 = "1.32"
 
-	clusterVersionUpgradeForceInitial = "1.30"
-	clusterVersionUpgradeForceUpdated = "1.31"
+	clusterDefaultVersion = clusterVersion132
+
+	clusterVersionUpgradeInitial = clusterVersion130
+	clusterVersionUpgradeUpdated = clusterVersion131
+
+	clusterVersionUpgradeForceInitial = clusterVersion130
+	clusterVersionUpgradeForceUpdated = clusterVersion131
 )
 
 func TestAccEKSCluster_basic(t *testing.T) {
@@ -275,13 +281,13 @@ func TestAccEKSCluster_BootstrapSelfManagedAddons_migrate(t *testing.T) {
 				ExternalProviders: map[string]resource.ExternalProvider{
 					"aws": {
 						Source:            "hashicorp/aws",
-						VersionConstraint: "5.56.1",
+						VersionConstraint: "6.9.0",
 					},
 				},
 				Config: testAccClusterConfig_basic(rName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckClusterExists(ctx, resourceName, &cluster1),
-					resource.TestCheckNoResourceAttr(resourceName, "bootstrap_self_managed_addons"),
+					resource.TestCheckResourceAttr(resourceName, "bootstrap_self_managed_addons", acctest.CtTrue),
 				),
 			},
 			{
@@ -1362,11 +1368,11 @@ func TestAccEKSCluster_upgradePolicy(t *testing.T) {
 		CheckDestroy:             testAccCheckClusterDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccClusterConfig_upgradePolicy(rName, "STANDARD"),
+				Config: testAccClusterConfig_upgradePolicy(rName, "EXTENDED"),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckClusterExists(ctx, resourceName, &cluster),
 					resource.TestCheckResourceAttr(resourceName, "upgrade_policy.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "upgrade_policy.0.support_type", "STANDARD"),
+					resource.TestCheckResourceAttr(resourceName, "upgrade_policy.0.support_type", "EXTENDED"),
 				),
 			},
 			{
@@ -1376,11 +1382,11 @@ func TestAccEKSCluster_upgradePolicy(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"bootstrap_self_managed_addons"},
 			},
 			{
-				Config: testAccClusterConfig_upgradePolicy(rName, "EXTENDED"),
+				Config: testAccClusterConfig_upgradePolicy(rName, "STANDARD"),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckClusterExists(ctx, resourceName, &cluster),
 					resource.TestCheckResourceAttr(resourceName, "upgrade_policy.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "upgrade_policy.0.support_type", "EXTENDED"),
+					resource.TestCheckResourceAttr(resourceName, "upgrade_policy.0.support_type", "STANDARD"),
 				),
 			},
 			{
@@ -1558,6 +1564,10 @@ func testAccClusterConfig_base(rName string) string {
 	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
 data "aws_partition" "current" {}
 
+data "aws_service_principal" "eks" {
+  service_name = "eks"
+}
+
 resource "aws_iam_role" "cluster" {
   name = %[1]q
 
@@ -1568,7 +1578,7 @@ resource "aws_iam_role" "cluster" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "eks.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.eks.name}"
       },
       "Action": "sts:AssumeRole"
     }
@@ -1666,6 +1676,10 @@ func testAccClusterConfig_computeConfigBase(rName string) string {
 	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
 data "aws_partition" "current" {}
 
+data "aws_service_principal" "eks" {
+  service_name = "eks"
+}
+
 resource "aws_iam_role" "cluster" {
   name = %[1]q
 
@@ -1676,7 +1690,7 @@ resource "aws_iam_role" "cluster" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "eks.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.eks.name}"
       },
       "Action": [
         "sts:AssumeRole",
@@ -1713,6 +1727,10 @@ resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSNetworkingPolicy" {
   role       = aws_iam_role.cluster.name
 }
 
+data "aws_service_principal" "ec2" {
+  service_name = "ec2"
+}
+
 resource "aws_iam_role" "node" {
   name = "%[1]s-node"
 
@@ -1723,7 +1741,7 @@ resource "aws_iam_role" "node" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "ec2.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.ec2.name}"
       },
       "Action": ["sts:AssumeRole"]
     }
@@ -1752,7 +1770,7 @@ resource "aws_iam_role" "node2" {
     {
       "Effect": "Allow",
       "Principal": {
-        "Service": "ec2.${data.aws_partition.current.dns_suffix}"
+        "Service": "${data.aws_service_principal.ec2.name}"
       },
       "Action": ["sts:AssumeRole"]
     }
diff --git a/internal/service/eks/fargate_profile_test.go b/internal/service/eks/fargate_profile_test.go
@@ -273,6 +273,10 @@ data "aws_availability_zones" "available" {
 
 data "aws_partition" "current" {}
 
+data "aws_service_principal" "eks" {
+  service_name = "eks"
+}
+
 resource "aws_iam_role" "cluster" {
   name = "%[1]s-cluster"
 
@@ -281,7 +285,7 @@ resource "aws_iam_role" "cluster" {
       Action = "sts:AssumeRole"
       Effect = "Allow"
       Principal = {
-        Service = "eks.${data.aws_partition.current.dns_suffix}"
+        Service = data.aws_service_principal.eks.name
       }
     }]
     Version = "2012-10-17"
@@ -293,6 +297,10 @@ resource "aws_iam_role_policy_attachment" "cluster-AmazonEKSClusterPolicy" {
   role       = aws_iam_role.cluster.name
 }
 
+data "aws_service_principal" "eks_fargate_pods" {
+  service_name = "eks-fargate-pods"
+}
+
 resource "aws_iam_role" "pod" {
   name = "%[1]s-pod"
 
@@ -301,7 +309,7 @@ resource "aws_iam_role" "pod" {
       Action = "sts:AssumeRole"
       Effect = "Allow"
       Principal = {
-        Service = "eks-fargate-pods.${data.aws_partition.current.dns_suffix}"
+        Service = data.aws_service_principal.eks_fargate_pods.name
       }
     }]
     Version = "2012-10-17"
diff --git a/internal/service/eks/identity_provider_config_test.go b/internal/service/eks/identity_provider_config_test.go
@@ -233,6 +233,10 @@ func testAccIdentityProviderBaseConfig(rName string) string {
 	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
 data "aws_partition" "current" {}
 
+data "aws_service_principal" "eks" {
+  service_name = "eks"
+}
+
 resource "aws_iam_role" "test" {
   name = %[1]q
 
@@ -241,7 +245,7 @@ resource "aws_iam_role" "test" {
       Action = "sts:AssumeRole"
       Effect = "Allow"
       Principal = {
-        Service = "eks.${data.aws_partition.current.dns_suffix}"
+        Service = data.aws_service_principal.eks.name
       }
     }]
     Version = "2012-10-17"
diff --git a/internal/service/eks/node_group_test.go b/internal/service/eks/node_group_test.go

Original file line number	Diff line number	Diff line change
`@@ -349,6 +349,10 @@ func testAccAccessEntryConfig_base(rName string) string {`
`349`	`349`	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
`350`	`350`	`data "aws_partition" "current" {}`
`351`	`351`
	`352`	`+data "aws_service_principal" "eks" {`
	`353`	`+ service_name = "eks"`
	`354`	`+}`
	`355`	`+`
`352`	`356`	`resource "aws_iam_role" "test" {`
`353`	`357`	`name = %[1]q`
`354`	`358`
`@@ -359,7 +363,7 @@ resource "aws_iam_role" "test" {`
`359`	`363`	`{`
`360`	`364`	`"Effect": "Allow",`
`361`	`365`	`"Principal": {`
`362`		`- "Service": "eks.${data.aws_partition.current.dns_suffix}"`
	`366`	`+ "Service": "${data.aws_service_principal.eks.name}"`
`363`	`367`	`},`
`364`	`368`	`"Action": "sts:AssumeRole"`
`365`	`369`	`}`
`@@ -472,7 +476,7 @@ resource "aws_iam_role" "test2" {`
`472`	`476`	`{`
`473`	`477`	`"Effect": "Allow",`
`474`	`478`	`"Principal": {`
`475`		`- "Service": "eks.${data.aws_partition.current.dns_suffix}"`
	`479`	`+ "Service": "${data.aws_service_principal.eks.name}"`
`476`	`480`	`},`
`477`	`481`	`"Action": "sts:AssumeRole"`
`478`	`482`	`}`
`@@ -502,7 +506,7 @@ resource "aws_iam_role" "test2" {`
`502`	`506`	`{`
`503`	`507`	`"Effect": "Allow",`
`504`	`508`	`"Principal": {`
`505`		`- "Service": "eks.${data.aws_partition.current.dns_suffix}"`
	`509`	`+ "Service": "${data.aws_service_principal.eks.name}"`
`506`	`510`	`},`
`507`	`511`	`"Action": "sts:AssumeRole"`
`508`	`512`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,11 +54,10 @@ data "aws_eks_addon_version" "test" {`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`resource "aws_eks_addon" "test" {`
`57`		`- addon_name = %[2]q`
`58`		`- cluster_name = aws_eks_cluster.test.name`
`59`		`- addon_version = data.aws_eks_addon_version.test.version`
`60`		`-`
`61`		`- resolve_conflicts = "OVERWRITE"`
	`57`	`+ addon_name = %[2]q`
	`58`	`+ cluster_name = aws_eks_cluster.test.name`
	`59`	`+ addon_version = data.aws_eks_addon_version.test.version`
	`60`	`+ resolve_conflicts_on_create = "OVERWRITE"`
`62`	`61`	`}`
`63`	`62`
`64`	`63`	`data "aws_eks_addon" "test" {`