From 17481d2204af55360616b531a2c0479d9d2f3639 Mon Sep 17 00:00:00 2001
From: Christian Bianchi <christian@giantswarm.io>
Date: Wed, 28 Feb 2024 12:50:35 +0100
Subject: [PATCH] =?UTF-8?q?Use=20`cert-manager-app`=20as=20service=20accou?=
 =?UTF-8?q?nt=20name=20for=20Cert=20Manager=20(chan=E2=80=A6=20(#269)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Use `cert-manager-app` as service account name for Cert Manager (changed in recent version of cert-manager app).

* Use `cert-manager-app` as service account name for Cert Manager (changed in recent version of cert-manager app).

* bogus change to try and re-do the docker build
---
 CHANGELOG.md               | 4 ++++
 controllers/common_test.go | 2 +-
 pkg/iam/iam.go             | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3addb9d5..2360489a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Use `cert-manager-app` as service account name for Cert Manager (changed in recent version of cert-manager-app).
+
 ## [0.15.0] - 2024-01-10
 
 ### Changed
diff --git a/controllers/common_test.go b/controllers/common_test.go
index 9af425a5..71440e09 100644
--- a/controllers/common_test.go
+++ b/controllers/common_test.go
@@ -22,7 +22,7 @@ var certManagerRoleInfo = RoleInfo{
       "Action": "sts:AssumeRoleWithWebIdentity",
       "Condition": {
         "StringEquals": {
-          "irsa.test.gaws.gigantic.io:sub": "system:serviceaccount:kube-system:cert-manager-controller"
+          "irsa.test.gaws.gigantic.io:sub": "system:serviceaccount:kube-system:cert-manager-app"
         }
       }
     }
diff --git a/pkg/iam/iam.go b/pkg/iam/iam.go
index 88684cc9..badec1b3 100644
--- a/pkg/iam/iam.go
+++ b/pkg/iam/iam.go
@@ -656,7 +656,7 @@ func policyName(role string, clusterID string) string {
 
 func getServiceAccount(role string) (string, error) {
 	if role == CertManagerRole {
-		return "cert-manager-controller", nil
+		return "cert-manager-app", nil
 	} else if role == IRSARole {
 		return "external-dns", nil
 	} else if role == Route53Role {