(eks): Why is creating managed node groups for imported clusters allowed, but not for clusters crossing the stackborder

❓ General Issue

Creating managed nodegroups is somehow strange:

1. Creating a managed nodegroup with the cluster in the same stack works like a charm …
2. Creating a managed nodegroup in another stack with passing the cluster doesn’t work … (https://github.com/markus7811/aws-cdk/blob/48e0d950ef0d52117608c5ca37fcb5a57e9324df/packages/%40aws-cdk/aws-eks/lib/managed-nodegroup.ts#L315)
3. Creating a managed nodegroup in another stack with using the ICluster interface … no problem

export class EksClusterStack extends cdk.Stack {
  readonly cluster: eks.Cluster;
  readonly nodegroup: eks.Nodegroup;

  constructor() {
    this.cluster = new eks.Cluster() ...

    /* Works! */
    this.nodegroup = new eks.nodegroup(... {
      cluster: this.cluster,
      ... 
   }
  }
}

/* wont work */

export class NodegroupWontWork extends cdk.Stack {
  
  constructor( ... props) {
      new eks.nodegroup(... {
        cluster: props.cluster,
        /* in this case cluster from EksClusterStack is passed as "real" eks.Cluster */
      ... 
   }
  }
}

/* works */

export class NodegroupWorks extends cdk.Stack {
  
  constructor( ... props) {
      new eks.nodegroup(... {
        cluster: eks.fromClusterAttributes(  /* in this case I reconstruct the cluster form stack 1 */),
        ... 
   }
  }
}

The Question

Why do you prohibit 2 and allow 3. For sure, it has something to do with the auth configmap?! I have to say, that i didn’t run deep tests on what would happen if I rewrite the configmap with cdk after the nodegroup was added … that’s the only thing, I could imagine that can go wrong…

So is it a real problem (cdk will edit the configmap after nodegroup was attached)?

Shouldn’t it be forbidden or allowed for “both” cluster and icluster?

Environment

not relevant…