Importing existing EKS cluster with OIDC provider fails to import existing provider

[MinhNguyen-at]

/kind bug

1. Have an existing EKS cluster with OIDC provider OIDC-A. The thumbprint is abcdefg for the cert presented by provider at the time.
2. Later in the future, decide to managed cluster with cluster api aws AwsManagedControlPlane. Or move the management cluster to be a different cluster.
3. Thumbprint for OIDC-A no longer matches because the cert presented by the provider is now different.

AwsManagedControlPlane reconcile fails with:

E0626 00:25:05.645867       1 controller.go:316] "Reconciler error" err=<
	failed to reconcile control plane for AWSManagedControlPlane $NS/$CLUSTER: failed reconciling OIDC provider for cluster: failed to create OIDC provider: error creating provider: EntityAlreadyExists: Provider with url https://oidc.eks.${REGION}.amazonaws.com/id/${ID} already exists.
		status code: 409, request id: UUID
 > controller="awsmanagedcontrolplane" controllerGroup="controlplane.cluster.x-k8s.io" controllerKind="AWSManagedControlPlane" AWSManagedControlPlane="$NS/$CLUSTER" namespace="$NS" name="$NAME" reconcileID="UUID"

What did you expect to happen:
Cluster successfully imported.

Maybe thumbprint is updated or at least error message is clearer.

Anything else you would like to add:
n/a

Environment:

• Cluster-api-provider-aws version: v2.8.3
• Kubernetes version: (use kubectl version): not relevant
• OS (e.g. from /etc/os-release): not relevant

[k8s-ci-robot]

This issue is currently awaiting triage.

If CAPA/CAPI contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.