From e000b7362e47b2015420932ca6935b08bd794be1 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Thu, 19 Jun 2025 17:56:37 +0200
Subject: [PATCH 1/3] remove legacy service account binding

---
 ...dfs_clusterrolebinding_nodes_controller.rs | 26 +++++--------------
 1 file changed, 6 insertions(+), 20 deletions(-)

diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
index c963ea17..f1d339c8 100644
--- a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
+++ b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
@@ -73,26 +73,12 @@ pub async fn reconcile(
             }
         })
         .flat_map(|(meta, sa_name)| {
-            let mut result = vec![
-                Subject {
-                    kind: "ServiceAccount".to_string(),
-                    name: sa_name,
-                    namespace: meta.namespace.clone(),
-                    ..Subject::default()
-                },
-                // This extra Serviceaccount is being written for legacy/compatibility purposes
-                // to ensure that running clusters don't lose access to anything during an upgrade
-                // of the Stackable operators, this code can be removed in later releases
-                // The value is hardcoded here, as we have removed access to the private fns that
-                // would have built it, since this is a known target though, and will be removed soon
-                // this should not be an issue.
-                Subject {
-                    kind: "ServiceAccount".to_string(),
-                    name: "hdfs-serviceaccount".to_string(),
-                    namespace: meta.namespace.clone(),
-                    ..Subject::default()
-                },
-            ];
+            let mut result = vec![Subject {
+                kind: "ServiceAccount".to_string(),
+                name: sa_name,
+                namespace: meta.namespace.clone(),
+                ..Subject::default()
+            }];
             // If a cluster is called hdfs this would result in the same subject
             // being written twicex.
             // Since we know this vec only contains two elements we can use dedup for

From 3314cff1449e5425b240b33a8a81279923a48d47 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Thu, 19 Jun 2025 18:02:24 +0200
Subject: [PATCH 2/3] update changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6d3d3839..18cdb700 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ All notable changes to this project will be documented in this file.
   - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
   - This is marked as breaking because tools and policies might exist, which require these fields to be set
 - Use versioned common structs ([#684]).
+- BREAKING: remove legacy service account binding for cluster role nodes ([#697]).
 
 ### Fixed
 
@@ -50,6 +51,7 @@ All notable changes to this project will be documented in this file.
 [#684]: https://github.com/stackabletech/hdfs-operator/pull/684
 [#693]: https://github.com/stackabletech/hdfs-operator/pull/693
 [#695]: https://github.com/stackabletech/hdfs-operator/pull/695
+[#697]: https://github.com/stackabletech/hdfs-operator/pull/697
 
 ## [25.3.0] - 2025-03-21
 

From 2ad77ffcc392f52603e3301c6045557a612b5210 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Tue, 1 Jul 2025 11:47:31 +0200
Subject: [PATCH 3/3] remove sa dedup

---
 ...hdfs_clusterrolebinding_nodes_controller.rs | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
index f1d339c8..987e5454 100644
--- a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
+++ b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
@@ -72,19 +72,11 @@ pub async fn reconcile(
                 }
             }
         })
-        .flat_map(|(meta, sa_name)| {
-            let mut result = vec![Subject {
-                kind: "ServiceAccount".to_string(),
-                name: sa_name,
-                namespace: meta.namespace.clone(),
-                ..Subject::default()
-            }];
-            // If a cluster is called hdfs this would result in the same subject
-            // being written twicex.
-            // Since we know this vec only contains two elements we can use dedup for
-            // simply removing this duplicate.
-            result.dedup();
-            result
+        .map(|(meta, sa_name)| Subject {
+            kind: "ServiceAccount".to_string(),
+            name: sa_name,
+            namespace: meta.namespace.clone(),
+            ..Subject::default()
         })
         .collect();