chore: allow PIA adoption by clusterName, namespace, and ServiceAccount

[michaelhtm]

Issue #2684

Description of changes:
With these changes, we allow users to use ClusterName, Namespace, and
ServiceAccount to adopt a PodIdentityAssociation resource when using
adopt-or-create if AssociationID is not provided.

Note: this will not work when using adopt adoption policy

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[knottnt]

Q: What is the behavior when using the adopt policy?

[a-hilaly]

How about a terminal condition? if we are in adoption mode

[michaelhtm]

This will just be marked as not found, instead of terminal in sdkFind. This way we can trigger a creation during adopt-or-create

[michaelhtm]

/test eks-kind-e2e

[ack-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: knottnt, michaelhtm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [knottnt,michaelhtm]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ack-prow]

@michaelhtm: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
eks-verify-code-gen	a7a3587	link	false	/test eks-verify-code-gen
eks-crd-compat-check	a7a3587	link	true	/test eks-crd-compat-check

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.