From e6cc6268bad4b6922bcc3a467e5cbc835e6e7db1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6nke=20Liebau?= <soenke.liebau@stackable.tech>
Date: Fri, 22 Nov 2024 13:24:54 +0100
Subject: [PATCH 1/2] Patch op-rs version to use one that fixes SUP-148. Some
 minor changes needed to remove dependency on now private fn in op-rs.

---
 Cargo.lock                                   |  8 ++++----
 Cargo.toml                                   |  3 +++
 rust/operator-binary/src/druid_controller.rs | 11 ++++++++---
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 494a86cc..84e30574 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2269,8 +2269,8 @@ dependencies = [
 
 [[package]]
 name = "stackable-operator"
-version = "0.80.0"
-source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c"
+version = "0.81.0"
+source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2"
 dependencies = [
  "chrono",
  "clap",
@@ -2308,7 +2308,7 @@ dependencies = [
 [[package]]
 name = "stackable-operator-derive"
 version = "0.3.1"
-source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c"
+source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2"
 dependencies = [
  "darling",
  "proc-macro2",
@@ -2319,7 +2319,7 @@ dependencies = [
 [[package]]
 name = "stackable-shared"
 version = "0.0.1"
-source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c"
+source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2"
 dependencies = [
  "kube",
  "semver",
diff --git a/Cargo.toml b/Cargo.toml
index ce25b447..923a1fe3 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -30,5 +30,8 @@ strum = { version = "0.26", features = ["derive"] }
 tokio = { version = "1.40", features = ["full"] }
 tracing = "0.1"
 
+[patch."https://github.com/stackabletech/operator-rs.git"]
+stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "fix/SUP-148" }
+
 # [patch."https://github.com/stackabletech/operator-rs.git"]
 # stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" }
diff --git a/rust/operator-binary/src/druid_controller.rs b/rust/operator-binary/src/druid_controller.rs
index a9c5310a..7140cb0f 100644
--- a/rust/operator-binary/src/druid_controller.rs
+++ b/rust/operator-binary/src/druid_controller.rs
@@ -35,7 +35,7 @@ use stackable_operator::{
     commons::{
         opa::OpaApiVersion,
         product_image_selection::ResolvedProductImage,
-        rbac::{build_rbac_resources, service_account_name},
+        rbac::build_rbac_resources,
         s3::{S3AccessStyle, S3ConnectionSpec, S3Error},
         tls_verification::TlsClientDetailsError,
     },
@@ -70,6 +70,8 @@ use stackable_operator::{
     },
     time::Duration,
 };
+use stackable_operator::k8s_openapi::api::core::v1::ServiceAccount;
+use stackable_operator::kube::ResourceExt;
 use strum::{EnumDiscriminants, IntoStaticStr};
 
 use crate::{
@@ -488,7 +490,8 @@ pub async fn reconcile_druid(
     )
     .context(BuildRbacResourcesSnafu)?;
     cluster_resources
-        .add(client, rbac_sa)
+        // We clone rbac_sa because we need to reuse it below
+        .add(client, rbac_sa.clone())
         .await
         .context(ApplyServiceAccountSnafu)?;
     cluster_resources
@@ -559,6 +562,7 @@ pub async fn reconcile_druid(
                 s3_conn.as_ref(),
                 &druid_tls_security,
                 &druid_auth_config,
+                &rbac_sa,
             )?;
             cluster_resources
                 .add(client, rg_service)
@@ -916,6 +920,7 @@ fn build_rolegroup_statefulset(
     s3_conn: Option<&S3ConnectionSpec>,
     druid_tls_security: &DruidTlsSecurity,
     druid_auth_config: &Option<DruidAuthenticationConfig>,
+    service_account: &ServiceAccount,
 ) -> Result<StatefulSet> {
     // prepare container builder
     let prepare_container_name = Container::Prepare.to_string();
@@ -1119,7 +1124,7 @@ fn build_rolegroup_statefulset(
         .add_init_container(cb_prepare.build())
         .add_container(cb_druid.build())
         .metadata(metadata)
-        .service_account_name(service_account_name(APP_NAME))
+        .service_account_name(service_account.name_any())
         .security_context(
             PodSecurityContextBuilder::new()
                 .run_as_user(DRUID_UID)

From 0187a7331cabc3fcff440d8791523d54f0c2c8e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6nke=20Liebau?= <soenke.liebau@stackable.tech>
Date: Fri, 22 Nov 2024 16:11:32 +0100
Subject: [PATCH 2/2] ran rustfmt

---
 rust/operator-binary/src/druid_controller.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rust/operator-binary/src/druid_controller.rs b/rust/operator-binary/src/druid_controller.rs
index 7140cb0f..634b2237 100644
--- a/rust/operator-binary/src/druid_controller.rs
+++ b/rust/operator-binary/src/druid_controller.rs
@@ -21,6 +21,8 @@ use stackable_druid_crd::{
     RUNTIME_PROPS, RW_CONFIG_DIRECTORY, S3_ACCESS_KEY, S3_ENDPOINT_URL, S3_PATH_STYLE_ACCESS,
     S3_SECRET_KEY, ZOOKEEPER_CONNECTION_STRING,
 };
+use stackable_operator::k8s_openapi::api::core::v1::ServiceAccount;
+use stackable_operator::kube::ResourceExt;
 use stackable_operator::{
     builder::{
         self,
@@ -70,8 +72,6 @@ use stackable_operator::{
     },
     time::Duration,
 };
-use stackable_operator::k8s_openapi::api::core::v1::ServiceAccount;
-use stackable_operator::kube::ResourceExt;
 use strum::{EnumDiscriminants, IntoStaticStr};
 
 use crate::{