[bug] Spark Operator stack fails to create if spark-operator-doeks-spark-irsa already exists

[alanty]

Description

When creating a duplicate Spark operator stack the creation fails with an error on the IAM policy for Spark:

│ Error: creating IAM Policy (spark-operator-doeks-spark-irsa): operation error IAM: CreatePolicy, https response error StatusCode: 409, ..., EntityAlreadyExists: A policy called spark-operator-doeks-spark-irsa already exists. Duplicate names are not allowed.
│
│   with aws_iam_policy.spark,
│   on spark-team.tf line 66, in resource "aws_iam_policy" "spark":
│   66: resource "aws_iam_policy" "spark" {
│

• [x] ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: v1.0.3 (latest)

• Terraform version: v1.9.5

• Provider version(s):

• provider registry.terraform.io/gavinbunney/kubectl v1.14.0

• provider registry.terraform.io/hashicorp/aws v5.70.0

• provider registry.terraform.io/hashicorp/cloudinit v2.3.5

• provider registry.terraform.io/hashicorp/helm v2.15.0

• provider registry.terraform.io/hashicorp/kubernetes v2.32.0

• provider registry.terraform.io/hashicorp/random v3.3.2

• provider registry.terraform.io/hashicorp/time v0.12.1

• provider registry.terraform.io/hashicorp/tls v4.0.6

  Reproduction Code [Required]

Steps to reproduce the behavior:

create two copies of the Spark operator (v4) stack in the same account (i was using a different region)

Expected behavior

we should use a unique name for that policy to avoid conflicts

[alanty]

i think it's this resource giving me a headache: https://github.com/awslabs/data-on-eks/blob/473189d7e7330fc428cabcf72935ad52f7974a2c/analytics/terraform/spark-k8s-operator/spark-team.tf#L66

We can probably use name_prefix instead of name to ensure uniqueness on the policy, even when someone uses the same name for the stack. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy#argument-reference