Migrate: ignore pod identity associations that already exist

Fixes eksctl-io#7753

pkg/actions/podidentityassociation/creator.go

@@ -38,10 +38,10 @@ func NewCreator(clusterName string, stackCreator StackCreator, eksAPI awsapi.EKS
 }
 
 func (c *Creator) CreatePodIdentityAssociations(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation) error {
-	return runAllTasks(c.CreateTasks(ctx, podIdentityAssociations))
+	return runAllTasks(c.CreateTasks(ctx, podIdentityAssociations, false))
 }
 
-func (c *Creator) CreateTasks(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation) *tasks.TaskTree {
+func (c *Creator) CreateTasks(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation, ignorePodIdentityExistsErr bool) *tasks.TaskTree {
 	taskTree := &tasks.TaskTree{
 		Parallel: true,
 	}
@@ -83,11 +83,12 @@ func (c *Creator) CreateTasks(ctx context.Context, podIdentityAssociations []api
 			})
 		}
 		piaCreationTasks.Append(&createPodIdentityAssociationTask{
-			ctx:                    ctx,
-			info:                   fmt.Sprintf("create pod identity association for service account %q", pia.NameString()),
-			clusterName:            c.clusterName,
-			podIdentityAssociation: &pia,
-			eksAPI:                 c.eksAPI,
+			ctx:                        ctx,
+			info:                       fmt.Sprintf("create pod identity association for service account %q", pia.NameString()),
+			clusterName:                c.clusterName,
+			podIdentityAssociation:     &pia,
+			eksAPI:                     c.eksAPI,
+			ignorePodIdentityExistsErr: ignorePodIdentityExistsErr,
 		})
 		taskTree.Append(piaCreationTasks)
 	}

pkg/actions/podidentityassociation/migrator.go

@@ -199,7 +199,7 @@ func (m *Migrator) MigrateToPodIdentity(ctx context.Context, options PodIdentity
 	}
 
 	// add tasks to create pod identity associations
-	createAssociationsTasks := NewCreator(m.clusterName, nil, m.eksAPI, m.clientSet).CreateTasks(ctx, toBeCreated)
+	createAssociationsTasks := NewCreator(m.clusterName, nil, m.eksAPI, m.clientSet).CreateTasks(ctx, toBeCreated, true)
 	if createAssociationsTasks.Len() > 0 {
 		createAssociationsTasks.IsSubTask = true
 		taskTree.Append(createAssociationsTasks)

pkg/actions/podidentityassociation/tasks.go

@@ -12,6 +12,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	cfntypes "github.com/aws/aws-sdk-go-v2/service/cloudformation/types"
 	awseks "github.com/aws/aws-sdk-go-v2/service/eks"
+	ekstypes "github.com/aws/aws-sdk-go-v2/service/eks/types"
 	awsiam "github.com/aws/aws-sdk-go-v2/service/iam"
 	"github.com/kris-nova/logger"
 
@@ -23,11 +24,12 @@ import (
 )
 
 type createPodIdentityAssociationTask struct {
-	ctx                    context.Context
-	info                   string
-	clusterName            string
-	podIdentityAssociation *api.PodIdentityAssociation
-	eksAPI                 awsapi.EKS
+	ctx                        context.Context
+	info                       string
+	clusterName                string
+	podIdentityAssociation     *api.PodIdentityAssociation
+	eksAPI                     awsapi.EKS
+	ignorePodIdentityExistsErr bool
 }
 
 func (t *createPodIdentityAssociationTask) Describe() string {
@@ -44,6 +46,13 @@ func (t *createPodIdentityAssociationTask) Do(errorCh chan error) error {
 		ServiceAccount: &t.podIdentityAssociation.ServiceAccountName,
 		Tags:           t.podIdentityAssociation.Tags,
 	}); err != nil {
+		if t.ignorePodIdentityExistsErr {
+			var inUseErr *ekstypes.ResourceInUseException
+			if errors.As(err, &inUseErr) {
+				logger.Info("pod identity association %s already exists", t.podIdentityAssociation.NameString())
+				return nil
+			}
+		}
 		return fmt.Errorf(
 			"creating pod identity association for service account %q in namespace %q: %w",
 			t.podIdentityAssociation.ServiceAccountName, t.podIdentityAssociation.Namespace, err)