From 0e554dda373370c434f508d1c36e840f3d93635b Mon Sep 17 00:00:00 2001
From: John Bolliger <johnbolliger@gmail.com>
Date: Tue, 28 Feb 2023 00:29:02 -0700
Subject: [PATCH] pod is being targeted by service if using serviceAccountName

---
 score/probe_test.go                                 |  7 +++++++
 score/probes/probes.go                              |  4 ++++
 score/testdata/pod-probes-service-account-name.yaml | 11 +++++++++++
 3 files changed, 22 insertions(+)
 create mode 100644 score/testdata/pod-probes-service-account-name.yaml

diff --git a/score/probe_test.go b/score/probe_test.go
index 9d835ef6..267bf8c3 100644
--- a/score/probe_test.go
+++ b/score/probe_test.go
@@ -15,6 +15,13 @@ func TestProbesPodAllMissing(t *testing.T) {
 	assert.Equal(t, "Container is missing a readinessProbe", comments[0].Summary)
 }
 
+func TestProbesServiceAccountName(t *testing.T) {
+	t.Parallel()
+	comments := testExpectedScore(t, "pod-probes-service-account-name.yaml", "Pod Probes", scorecard.GradeCritical)
+	assert.Len(t, comments, 1)
+	assert.Equal(t, "Container is missing a readinessProbe", comments[0].Summary)
+}
+
 func TestProbesPodMissingReady(t *testing.T) {
 	t.Parallel()
 	comments := testExpectedScore(t, "pod-probes-missing-ready.yaml", "Pod Probes", scorecard.GradeCritical)
diff --git a/score/probes/probes.go b/score/probes/probes.go
index f5ede4c2..9ce31418 100644
--- a/score/probes/probes.go
+++ b/score/probes/probes.go
@@ -41,6 +41,10 @@ func containerProbes(allServices []ks.Service) func(ks.PodSpecer) (scorecard.Tes
 			}
 		}
 
+		if podTemplate.Spec.ServiceAccountName != "" {
+			isTargetedByService = true
+		}
+
 		for _, container := range allContainers {
 			if container.ReadinessProbe != nil {
 				hasReadinessProbe = true
diff --git a/score/testdata/pod-probes-service-account-name.yaml b/score/testdata/pod-probes-service-account-name.yaml
new file mode 100644
index 00000000..3c449b07
--- /dev/null
+++ b/score/testdata/pod-probes-service-account-name.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-test-1
+  labels:
+    app: test
+spec:
+  serviceAccountName: foobar
+  containers:
+  - name: foobar
+    image: foo/bar:latest