remove service account check in vap

Author: yoobinshin

charts/member-agent-arc/templates/serviceaccount.yaml

@@ -1,8 +1,6 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  # the name is also used in the managed resource validating admission webhook.
-  # please make the change accordingly when you change the name.
   name: fleet-member-agent-sa
   namespace: fleet-system
   labels:

pkg/webhook/managedresource/validatingadmissionpolicy.go

@@ -54,23 +54,9 @@ func mutateValidatingAdmissionPolicy(vap *admv1.ValidatingAdmissionPolicy) {
 		Validations: []admv1.Validation{
 			{
 				Expression: `
-				(
-					(
-						request.userInfo.username == "aksService" ||
-						request.userInfo.username == "acsService" ||
-						request.userInfo.username == "fleet-member-agent-sa"
-					)
-				    &&
-					(
-						"system:masters" in request.userInfo.groups ||
-						"system:serviceaccounts:kube-system" in request.userInfo.groups ||
-						"system:serviceaccounts:fleet-system" in request.userInfo.groups
-					)
-				)
-				  ||
-				(
-					"system:serviceaccounts:openshift-infra" in request.userInfo.groups
-				)`,
+				"system:masters" in request.userInfo.groups || "system:serviceaccounts:kube-system" in request.userInfo.groups || 
+				"system:serviceaccounts:fleet-system" in request.userInfo.groups || 
+				"system:serviceaccounts:openshift-infra" in request.userInfo.groups`,
 				Message: "Create, Update, or Delete operations on ARM managed resources is forbidden",
 				Reason:  &forbidden,
 			},