From f35957ab368af3bce1d14621c61a951c24634a01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=9B=84=E5=A5=87?= <zhixiong.pzx@alibaba-inc.com>
Date: Fri, 8 Sep 2023 23:25:35 +0800
Subject: [PATCH] fix pod kube-api-access service-account not found

---
 .../resources/pod/mutatorplugin/podkubeapiaccessmutator.go  | 2 +-
 .../pod/mutatorplugin/podkubeapiaccessmutator_test.go       | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podkubeapiaccessmutator.go b/virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podkubeapiaccessmutator.go
index 9fef3546..f174dfed 100644
--- a/virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podkubeapiaccessmutator.go
+++ b/virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podkubeapiaccessmutator.go
@@ -86,7 +86,7 @@ func (pl *PodKubeAPIAccessMutatorPlugin) Mutator() conversion.PodMutator {
 			p.PPod.Spec.ServiceAccountName = DefaultServiceAccountName
 		}
 
-		targetNamespace := conversion.ToSuperClusterNamespace(p.ClusterName, p.PPod.Namespace)
+		targetNamespace := conversion.ToSuperClusterNamespace(p.ClusterName, p.VPod.Namespace)
 		serviceAccount, err := pl.client.CoreV1().ServiceAccounts(targetNamespace).Get(context.TODO(), p.PPod.Spec.ServiceAccountName, metav1.GetOptions{})
 		if err != nil {
 			return fmt.Errorf("error looking up serviceAccount %s/%s: %v", targetNamespace, p.PPod.Spec.ServiceAccountName, err)
diff --git a/virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podkubeapiaccessmutator_test.go b/virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podkubeapiaccessmutator_test.go
index 94a05a07..09624763 100644
--- a/virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podkubeapiaccessmutator_test.go
+++ b/virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podkubeapiaccessmutator_test.go
@@ -114,11 +114,13 @@ func TestPodKubeAPIAccessMutatorPlugin_Mutator(t *testing.T) {
 	tests := []struct {
 		name                  string
 		pPod                  *corev1.Pod
+		vPod                  *corev1.Pod
 		existingObjectInSuper []runtime.Object
 	}{
 		{
 			"Test RootCACert Mutator",
-			tenantKubeAPIAccessPod("test", "default", "123-456-789"),
+			tenantKubeAPIAccessPod("test", "cluster1-default", "123-456-789"),
+			tenantKubeAPIAccessPod("test", "default", "000-456-789"),
 			[]runtime.Object{
 				&corev1.Secret{
 					ObjectMeta: metav1.ObjectMeta{
@@ -161,7 +163,7 @@ func TestPodKubeAPIAccessMutatorPlugin_Mutator(t *testing.T) {
 			}
 			mutator := pl.Mutator()
 
-			if err := mutator(&conversion.PodMutateCtx{ClusterName: "cluster1", PPod: tt.pPod}); err != nil {
+			if err := mutator(&conversion.PodMutateCtx{ClusterName: "cluster1", PPod: tt.pPod, VPod: tt.vPod}); err != nil {
 				t.Errorf("mutator failed processing the pod, %v", err)
 			}