diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation.yaml deleted file mode 100644 index 64bbf28fa..000000000 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.enableSecretRotation }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: secretproviderrotation-role - labels: -{{ include "sscd.labels" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -{{ end }} diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml deleted file mode 100644 index ae7908e16..000000000 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.enableSecretRotation }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: secretproviderrotation-rolebinding - labels: -{{ include "sscd.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: secretproviderrotation-role -subjects: -- kind: ServiceAccount - name: secrets-store-csi-driver - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest.yaml deleted file mode 100644 index f81594ea0..000000000 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.tokenRequests }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: secretprovidertokenrequest-role - labels: -{{ include "sscd.labels" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{ end }} diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest_binding.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest_binding.yaml deleted file mode 100644 index 76abcb28b..000000000 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest_binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.tokenRequests }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: secretprovidertokenrequest-rolebinding - labels: -{{ include "sscd.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: secretprovidertokenrequest-role -subjects: -- kind: ServiceAccount - name: secrets-store-csi-driver - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/test/bats/e2e-provider.bats b/test/bats/e2e-provider.bats index 5e21909ed..dfb942753 100644 --- a/test/bats/e2e-provider.bats +++ b/test/bats/e2e-provider.bats @@ -83,8 +83,6 @@ export VALIDATE_TOKENS_AUDIENCE=$(get_token_requests_audience) run kubectl get clusterrole/secretproviderclasspodstatuses-viewer-role assert_success - run kubectl get clusterrole/secretproviderrotation-role - assert_success run kubectl get clusterrole/secretprovidersyncing-role assert_success @@ -92,20 +90,8 @@ export VALIDATE_TOKENS_AUDIENCE=$(get_token_requests_audience) run kubectl get clusterrolebinding/secretproviderclasses-rolebinding assert_success - run kubectl get clusterrolebinding/secretproviderrotation-rolebinding - assert_success - run kubectl get clusterrolebinding/secretprovidersyncing-rolebinding assert_success - - # validate token request role and rolebinding only when token requests are set - if [[ -n "${VALIDATE_TOKENS_AUDIENCE}" ]]; then - run kubectl get clusterrole/secretprovidertokenrequest-role - assert_success - - run kubectl get clusterrolebinding/secretprovidertokenrequest-rolebinding - assert_success - fi } @test "[v1alpha1] deploy e2e-provider secretproviderclass crd" {