From 00bf7174f3eaf68ecbb90ef4671e46d95a8f1c10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20Ma=C5=82ek?= <patryk.malek@konghq.com>
Date: Tue, 12 Nov 2024 11:30:44 +0100
Subject: [PATCH] fix(dataplane): properly default deprecated service account
 name

---
 CHANGELOG.md                                  |  7 ++++
 .../kubernetes/resources/strategicmerge.go    |  4 ++
 .../resources/strategicmerge_test.go          | 37 +++++++++++++++++++
 3 files changed, 48 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 809b2a755..00613b367 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,13 @@
 - [v0.1.1](#v011)
 - [v0.1.0](#v010)
 
+## Unreleased
+
+### Fixes
+
+- Fix setting the `ServiceAccountName` for `DataPlane`'s `Deployment`.
+  [#856](https://github.com/Kong/gateway-operator/pull/856)
+
 ## [v1.4.0]
 
 > Release date: 2024-10-31
diff --git a/pkg/utils/kubernetes/resources/strategicmerge.go b/pkg/utils/kubernetes/resources/strategicmerge.go
index dab108843..1caabb533 100644
--- a/pkg/utils/kubernetes/resources/strategicmerge.go
+++ b/pkg/utils/kubernetes/resources/strategicmerge.go
@@ -58,6 +58,10 @@ func SetDefaultsPodTemplateSpec(pts *corev1.PodTemplateSpec) {
 		return
 	}
 
+	// NOTE: copy the service account name to the deprecated field as the
+	// API server does that itself.
+	pts.Spec.DeprecatedServiceAccount = pts.Spec.ServiceAccountName
+
 	pkgapiscorev1.SetDefaults_PodSpec(&pts.Spec)
 	for i := range pts.Spec.Volumes {
 		SetDefaultsVolume(&pts.Spec.Volumes[i])
diff --git a/pkg/utils/kubernetes/resources/strategicmerge_test.go b/pkg/utils/kubernetes/resources/strategicmerge_test.go
index e5eba29d5..53acd0076 100644
--- a/pkg/utils/kubernetes/resources/strategicmerge_test.go
+++ b/pkg/utils/kubernetes/resources/strategicmerge_test.go
@@ -890,3 +890,40 @@ func TestStrategicMergePatchPodTemplateSpec(t *testing.T) {
 		})
 	}
 }
+
+func TestSetDefaultsPodTemplateSpec(t *testing.T) {
+	testcases := []struct {
+		Name     string
+		Patch    *corev1.PodTemplateSpec
+		Expected corev1.PodTemplateSpec
+	}{
+		{
+			Name: "serivce account name is copied to deprecated field",
+			Patch: &corev1.PodTemplateSpec{
+				Spec: corev1.PodSpec{
+					ServiceAccountName: "account",
+				},
+			},
+			Expected: corev1.PodTemplateSpec{
+				Spec: corev1.PodSpec{
+					ServiceAccountName:       "account",
+					DeprecatedServiceAccount: "account",
+					// NOTE: below set fields are irrelevant for the test
+					// but are set by SetDefaultsPodTemplateSpec regardless.
+					RestartPolicy:                 corev1.RestartPolicyAlways,
+					DNSPolicy:                     corev1.DNSClusterFirst,
+					SchedulerName:                 corev1.DefaultSchedulerName,
+					TerminationGracePeriodSeconds: lo.ToPtr(int64(30)),
+					SecurityContext:               &corev1.PodSecurityContext{},
+				},
+			},
+		},
+	}
+
+	for _, tc := range testcases {
+		t.Run(tc.Name, func(t *testing.T) {
+			SetDefaultsPodTemplateSpec(tc.Patch)
+			assert.Equal(t, tc.Expected, *tc.Patch)
+		})
+	}
+}