fix: remove legacy service account binding (#697)

razvan · web-flow · commit fcdbca8caca8 · 2025-07-01T11:36:48.000Z
* remove legacy service account binding

* update changelog

* remove sa dedup
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -30,6 +30,7 @@ All notable changes to this project will be documented in this file.
   - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
   - This is marked as breaking because tools and policies might exist, which require these fields to be set
 - Use versioned common structs ([#684]).
+- BREAKING: remove legacy service account binding for cluster role nodes ([#697]).
 
 ### Fixed
 
@@ -52,6 +53,7 @@ All notable changes to this project will be documented in this file.
 [#693]: https://github.com/stackabletech/hdfs-operator/pull/693
 [#695]: https://github.com/stackabletech/hdfs-operator/pull/695
 [#696]: https://github.com/stackabletech/hdfs-operator/pull/696
+[#697]: https://github.com/stackabletech/hdfs-operator/pull/697
 
 ## [25.3.0] - 2025-03-21
 
diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
@@ -72,33 +72,11 @@ pub async fn reconcile(
                 }
             }
         })
-        .flat_map(|(meta, sa_name)| {
-            let mut result = vec![
-                Subject {
-                    kind: "ServiceAccount".to_string(),
-                    name: sa_name,
-                    namespace: meta.namespace.clone(),
-                    ..Subject::default()
-                },
-                // This extra Serviceaccount is being written for legacy/compatibility purposes
-                // to ensure that running clusters don't lose access to anything during an upgrade
-                // of the Stackable operators, this code can be removed in later releases
-                // The value is hardcoded here, as we have removed access to the private fns that
-                // would have built it, since this is a known target though, and will be removed soon
-                // this should not be an issue.
-                Subject {
-                    kind: "ServiceAccount".to_string(),
-                    name: "hdfs-serviceaccount".to_string(),
-                    namespace: meta.namespace.clone(),
-                    ..Subject::default()
-                },
-            ];
-            // If a cluster is called hdfs this would result in the same subject
-            // being written twicex.
-            // Since we know this vec only contains two elements we can use dedup for
-            // simply removing this duplicate.
-            result.dedup();
-            result
+        .map(|(meta, sa_name)| Subject {
+            kind: "ServiceAccount".to_string(),
+            name: sa_name,
+            namespace: meta.namespace.clone(),
+            ..Subject::default()
         })
         .collect();
 
