Remove datastreams iam sa key (#242)

ydb-platform · Aug 22, 2024 · e0387f4 · e0387f4
1 parent e600025
commit e0387f4
Show file tree

Hide file tree

Showing 5 changed files with 3 additions and 38 deletions.
diff --git a/api/v1alpha1/const.go b/api/v1alpha1/const.go
@@ -34,9 +34,6 @@ const (
 	DatabaseEncryptionKeySecretFile = "key.pem"
 	DatabaseEncryptionKeyConfigFile = "key.txt"
 
-	DatastreamsIAMServiceAccountKeyDir  = "datastreams"
-	DatastreamsIAMServiceAccountKeyFile = "sa_key.json"
-
 	BinariesDir      = "/opt/ydb/bin"
 	DaemonBinaryName = "ydbd"
 

diff --git a/api/v1alpha1/database_types.go b/api/v1alpha1/database_types.go
@@ -249,9 +249,6 @@ type EncryptionConfig struct {
 type DatastreamsConfig struct {
 	// +required
 	Enabled bool `json:"enabled"`
-
-	// +required
-	IAMServiceAccountKey *corev1.SecretKeySelector `json:"iam_service_account_key,omitempty"`
 }
 
 type DatabaseServices struct {

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/internal/resources/database_statefulset.go b/internal/resources/database_statefulset.go
@@ -183,7 +183,6 @@ func (b *DatabaseStatefulSetBuilder) buildVolumes() []corev1.Volume {
 	}
 
 	if b.Spec.Datastreams != nil && b.Spec.Datastreams.Enabled {
-		volumes = append(volumes, b.buildDatastreamsIAMServiceAccountKeyVolume())
 		if b.Spec.Service.Datastreams.TLSConfiguration.Enabled {
 			volumes = append(volumes, buildTLSVolume(datastreamsTLSVolumeName, b.Spec.Service.Datastreams.TLSConfiguration))
 		}
@@ -385,23 +384,6 @@ func (b *DatabaseStatefulSetBuilder) buildEncryptionVolumes() []corev1.Volume {
 	return []corev1.Volume{encryptionKeySecret, encryptionKeyConfig}
 }
 
-func (b *DatabaseStatefulSetBuilder) buildDatastreamsIAMServiceAccountKeyVolume() corev1.Volume {
-	return corev1.Volume{
-		Name: datastreamsIAMServiceAccountKeyVolumeName,
-		VolumeSource: corev1.VolumeSource{
-			Secret: &corev1.SecretVolumeSource{
-				SecretName: b.Spec.Datastreams.IAMServiceAccountKey.Name,
-				Items: []corev1.KeyToPath{
-					{
-						Key:  b.Spec.Datastreams.IAMServiceAccountKey.Key,
-						Path: api.DatastreamsIAMServiceAccountKeyFile,
-					},
-				},
-			},
-		},
-	}
-}
-
 func (b *DatabaseStatefulSetBuilder) buildContainer() corev1.Container {
 	command, args := b.buildContainerArgs()
 	imagePullPolicy := corev1.PullIfNotPresent
@@ -509,11 +491,6 @@ func (b *DatabaseStatefulSetBuilder) buildVolumeMounts() []corev1.VolumeMount {
 	}
 
 	if b.Spec.Datastreams != nil && b.Spec.Datastreams.Enabled {
-		volumeMounts = append(volumeMounts, corev1.VolumeMount{
-			Name:      datastreamsIAMServiceAccountKeyVolumeName,
-			ReadOnly:  true,
-			MountPath: api.DatastreamsIAMServiceAccountKeyDir,
-		})
 		if b.Spec.Service.Datastreams.TLSConfiguration.Enabled {
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
 				Name:      datastreamsTLSVolumeName,

diff --git a/internal/resources/resource.go b/internal/resources/resource.go
@@ -72,9 +72,8 @@ const (
 	localCertsDir  = "/usr/local/share/ca-certificates"
 	systemCertsDir = "/etc/ssl/certs"
 
-	encryptionKeyConfigVolumeName             = "encryption-config"
-	encryptionKeySecretVolumeName             = "encryption-key"
-	datastreamsIAMServiceAccountKeyVolumeName = "datastreams-iam-sa-key"
+	encryptionKeyConfigVolumeName = "encryption-config"
+	encryptionKeySecretVolumeName = "encryption-key"
 )
 
 type ResourceBuilder interface {