From a1f6192d459a79d1fee16561e2e9c6da059ba68a Mon Sep 17 00:00:00 2001
From: Jonah Back <jonah@jonahback.com>
Date: Mon, 23 May 2022 09:15:45 -0700
Subject: [PATCH 1/3] fix: check for role attached to instance profile and
 create if it does not exist

Signed-off-by: Jonah Back <jonah@jonahback.com>
---
 controllers/providers/aws/iam.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/controllers/providers/aws/iam.go b/controllers/providers/aws/iam.go
index 1cbeebb4..6cc148f4 100644
--- a/controllers/providers/aws/iam.go
+++ b/controllers/providers/aws/iam.go
@@ -214,7 +214,12 @@ func (w *AwsWorker) CreateScalingGroupRole(name string) (*iam.Role, *iam.Instanc
 		createdProfile = out.InstanceProfile
 		time.Sleep(DefaultInstanceProfilePropagationDelay)
 
-		_, err = w.IamClient.AddRoleToInstanceProfile(&iam.AddRoleToInstanceProfileInput{
+	} else {
+		createdProfile = instanceProfile
+	}
+
+	if len(createdProfile.Roles) == 0 {
+		_, err := w.IamClient.AddRoleToInstanceProfile(&iam.AddRoleToInstanceProfileInput{
 			InstanceProfileName: aws.String(name),
 			RoleName:            aws.String(name),
 		})
@@ -224,10 +229,9 @@ func (w *AwsWorker) CreateScalingGroupRole(name string) (*iam.Role, *iam.Instanc
 					return createdRole, createdProfile, errors.Wrap(err, "failed to attach instance-profile")
 				}
 			}
+		} else {
+			createdProfile.Roles = append(createdProfile.Roles, createdRole)
 		}
-
-	} else {
-		createdProfile = instanceProfile
 	}
 
 	return createdRole, createdProfile, nil

From f9946280322539187688ee3f5863e06c4b233c78 Mon Sep 17 00:00:00 2001
From: Jonah Back <jonah@jonahback.com>
Date: Tue, 24 May 2022 08:03:39 -0700
Subject: [PATCH 2/3] Add nil check for profile

Signed-off-by: Jonah Back <jonah@jonahback.com>
---
 controllers/providers/aws/iam.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/providers/aws/iam.go b/controllers/providers/aws/iam.go
index 6cc148f4..c94a490b 100644
--- a/controllers/providers/aws/iam.go
+++ b/controllers/providers/aws/iam.go
@@ -218,7 +218,7 @@ func (w *AwsWorker) CreateScalingGroupRole(name string) (*iam.Role, *iam.Instanc
 		createdProfile = instanceProfile
 	}
 
-	if len(createdProfile.Roles) == 0 {
+	if createdProfile != nil && len(createdProfile.Roles) == 0 {
 		_, err := w.IamClient.AddRoleToInstanceProfile(&iam.AddRoleToInstanceProfileInput{
 			InstanceProfileName: aws.String(name),
 			RoleName:            aws.String(name),

From fccafefcde5c7706ffbf04b8318d0589ff1f3986 Mon Sep 17 00:00:00 2001
From: Jonah Back <jonah@jonahback.com>
Date: Tue, 24 May 2022 08:23:22 -0700
Subject: [PATCH 3/3] Add non-nil instanceprofile when error is not returned
 from test

Signed-off-by: Jonah Back <jonah@jonahback.com>
---
 controllers/provisioners/eks/create_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/controllers/provisioners/eks/create_test.go b/controllers/provisioners/eks/create_test.go
index 56a680e3..9b4d03c0 100644
--- a/controllers/provisioners/eks/create_test.go
+++ b/controllers/provisioners/eks/create_test.go
@@ -264,6 +264,7 @@ func TestCreateManagedRoleNegative(t *testing.T) {
 	g.Expect(ctx.GetState()).To(gomega.Equal(v1alpha1.ReconcileModifying))
 	iamMock.WaitUntilInstanceProfileExistsErr = nil
 	iamMock.CreateInstanceProfileErr = nil
+	iamMock.InstanceProfile = &iam.InstanceProfile{}
 
 	iamMock.AddRoleToInstanceProfileErr = awserr.New(iam.ErrCodeNoSuchEntityException, "", errors.New("some-error"))
 	err = ctx.Create()