fix(eks-v2-alpha): prevent IAM role creation when node pools are empty

[pahud]

When node pools are disabled (by setting an empty array in nodePools), the IAM role will not be created, preventing deployment failures with the error 'When Compute Config nodeRoleArn is not null or empty, nodePool value(s) must be provided.

Issue # (if applicable)

Fixes #33771

Reason for this change

When using EKS Auto Mode with empty node pools (by setting nodePools: []), the IAM role was still being created by the L2 construct, causing stack deployment failures. The AWS service returns an error stating that when nodeRoleArn is provided, node pool values must also be provided.

Description of changes

Modified the computeConfig section in the CfnCluster resource to check if nodePools is empty before assigning nodeRoleArn. If nodePools is empty, nodeRoleArn will be set to undefined to prevent the unnecessary creation of the IAM role.

The change ensures that when users explicitly disable node pools by providing an empty array, the IAM role won't be created, allowing the cluster to be provisioned successfully.

Added a test case to verify that when node pools are empty:

1. The nodeRoleArn is not included in the CloudFormation template
2. No IAM role resource is created for node pools

Describe any new or updated permissions being added

No new or updated IAM permissions are being added. This change actually prevents the creation of an IAM role when it's not needed.

Description of how you validated changes

Added a new test case in automode.test.ts that verifies:

• The nodeRoleArn property is not included in the CloudFormation template when node pools are empty
• No IAM role resource is created for node pools when they are disabled

The test passes, confirming that our fix works as expected.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.35%. Comparing base (0787840) to head (0db1b32).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #33894   +/-   ##
=======================================
  Coverage   82.35%   82.35%           
=======================================
  Files         120      120           
  Lines        6941     6941           
  Branches     1172     1172           
=======================================
  Hits         5716     5716           
  Misses       1120     1120           
  Partials      105      105           

Flag	Coverage Δ
suite.unit	82.35% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	∅ <ø> (∅)
packages/aws-cdk-lib/core	82.35% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[shikha372]

LGTM, Thanks @pahud for adding integration test

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 0db1b32
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.