From 9362d6b17ebdba43ee0ca4fe1a13bde2bb4392e5 Mon Sep 17 00:00:00 2001
From: Drew Sessler <drew.sessler@crunchydata.com>
Date: Mon, 28 Apr 2025 14:43:00 -0700
Subject: [PATCH] Remove obsolete pgbackrest SSH code and recovery.signal
 removal code.

---
 .../controller/postgrescluster/pgbackrest.go  | 14 +++-----
 internal/naming/names.go                      | 34 -------------------
 internal/naming/names_test.go                 |  2 --
 internal/postgres/config.go                   |  9 -----
 internal/postgres/reconcile_test.go           |  1 -
 5 files changed, 4 insertions(+), 56 deletions(-)

diff --git a/internal/controller/postgrescluster/pgbackrest.go b/internal/controller/postgrescluster/pgbackrest.go
index 0bb6ff887d..667463edf2 100644
--- a/internal/controller/postgrescluster/pgbackrest.go
+++ b/internal/controller/postgrescluster/pgbackrest.go
@@ -318,16 +318,10 @@ func (r *Reconciler) cleanupRepoResources(ctx context.Context,
 			if !backupsSpecFound {
 				break
 			}
-			// Any resources from before 5.1 that relate to the previously required
-			// SSH configuration should be deleted.
-			// TODO(tjmoore4): This can be removed once 5.0 is EOL.
-			if owned.GetName() != naming.PGBackRestSSHConfig(postgresCluster).Name &&
-				owned.GetName() != naming.PGBackRestSSHSecret(postgresCluster).Name {
-				// If a dedicated repo host resource and a dedicated repo host is enabled, then
-				// add to the slice and do not delete.
-				ownedNoDelete = append(ownedNoDelete, owned)
-				delete = false
-			}
+			// If a dedicated repo host resource and a dedicated repo host is enabled, then
+			// add to the slice and do not delete.
+			ownedNoDelete = append(ownedNoDelete, owned)
+			delete = false
 		case hasLabel(naming.LabelPGBackRestRepoVolume):
 			if !backupsSpecFound {
 				break
diff --git a/internal/naming/names.go b/internal/naming/names.go
index 04923730fb..f4ea8d2fd7 100644
--- a/internal/naming/names.go
+++ b/internal/naming/names.go
@@ -166,20 +166,6 @@ const (
 	// configmap will be named 'mycluster-pgbackrest-config'
 	cmNameSuffix = "%s-pgbackrest-config"
 
-	// suffix used with postgrescluster name for associated configmap.
-	// for instance, if the cluster is named 'mycluster', the
-	// configmap will be named 'mycluster-ssh-config'
-	// Deprecated: Repository hosts use mTLS for encryption, authentication, and authorization.
-	// TODO(tjmoore4): Once we no longer need this for cleanup purposes, this should be removed.
-	sshCMNameSuffix = "%s-ssh-config"
-
-	// suffix used with postgrescluster name for associated secret.
-	// for instance, if the cluster is named 'mycluster', the
-	// secret will be named 'mycluster-ssh'
-	// Deprecated: Repository hosts use mTLS for encryption, authentication, and authorization.
-	// TODO(tjmoore4): Once we no longer need this for cleanup purposes, this should be removed.
-	sshSecretNameSuffix = "%s-ssh"
-
 	// RestoreConfigCopySuffix is the suffix used for ConfigMap or Secret configuration
 	// resources needed when restoring from a PostgresCluster data source. If, for
 	// example, a Secret is named 'mysecret' and is the first item in the configuration
@@ -516,26 +502,6 @@ func PGBackRestRepoVolume(cluster *v1beta1.PostgresCluster,
 	}
 }
 
-// PGBackRestSSHConfig returns the ObjectMeta for a pgBackRest SSHD ConfigMap
-// Deprecated: Repository hosts use mTLS for encryption, authentication, and authorization.
-// TODO(tjmoore4): Once we no longer need this for cleanup purposes, this should be removed.
-func PGBackRestSSHConfig(cluster *v1beta1.PostgresCluster) metav1.ObjectMeta {
-	return metav1.ObjectMeta{
-		Name:      fmt.Sprintf(sshCMNameSuffix, cluster.GetName()),
-		Namespace: cluster.GetNamespace(),
-	}
-}
-
-// PGBackRestSSHSecret returns the ObjectMeta for a pgBackRest SSHD Secret
-// Deprecated: Repository hosts use mTLS for encryption, authentication, and authorization.
-// TODO(tjmoore4): Once we no longer need this for cleanup purposes, this should be removed.
-func PGBackRestSSHSecret(cluster *v1beta1.PostgresCluster) metav1.ObjectMeta {
-	return metav1.ObjectMeta{
-		Name:      fmt.Sprintf(sshSecretNameSuffix, cluster.GetName()),
-		Namespace: cluster.GetNamespace(),
-	}
-}
-
 // PGBackRestSecret returns the ObjectMeta for a pgBackRest Secret
 func PGBackRestSecret(cluster *v1beta1.PostgresCluster) metav1.ObjectMeta {
 	return metav1.ObjectMeta{
diff --git a/internal/naming/names_test.go b/internal/naming/names_test.go
index cc8d07d113..16a175a617 100644
--- a/internal/naming/names_test.go
+++ b/internal/naming/names_test.go
@@ -88,7 +88,6 @@ func TestClusterNamesUniqueAndValid(t *testing.T) {
 			{"PatroniLeaderConfigMap", PatroniLeaderConfigMap(cluster)},
 			{"PatroniTrigger", PatroniTrigger(cluster)},
 			{"PGBackRestConfig", PGBackRestConfig(cluster)},
-			{"PGBackRestSSHConfig", PGBackRestSSHConfig(cluster)},
 		})
 	})
 
@@ -141,7 +140,6 @@ func TestClusterNamesUniqueAndValid(t *testing.T) {
 			{"DeprecatedPostgresUserSecret", DeprecatedPostgresUserSecret(cluster)},
 			{"PostgresTLSSecret", PostgresTLSSecret(cluster)},
 			{"ReplicationClientCertSecret", ReplicationClientCertSecret(cluster)},
-			{"PGBackRestSSHSecret", PGBackRestSSHSecret(cluster)},
 			{"MonitoringUserSecret", MonitoringUserSecret(cluster)},
 		})
 
diff --git a/internal/postgres/config.go b/internal/postgres/config.go
index a478c0e72b..2be81694d9 100644
--- a/internal/postgres/config.go
+++ b/internal/postgres/config.go
@@ -425,15 +425,6 @@ chmod +x /tmp/pg_rewind_tde.sh
 		// - https://git.postgresql.org/gitweb/?p=postgresql.git;f=src/bin/pg_basebackup/pg_basebackup.c;hb=REL_13_0#l2621
 		`safelink "${pgwal_directory}" "${postgres_data_directory}/pg_wal"`,
 		`results 'wal directory' "$(realpath "${postgres_data_directory}/pg_wal" ||:)"`,
-
-		// Early versions of PGO create replicas with a recovery signal file.
-		// Patroni also creates a standby signal file before starting Postgres,
-		// causing Postgres to remove only one, the standby. Remove the extra
-		// signal file now, if it exists, and let Patroni manage the standby
-		// signal file instead.
-		// - https://git.postgresql.org/gitweb/?p=postgresql.git;f=src/backend/access/transam/xlog.c;hb=REL_12_0#l5318
-		// TODO(cbandy): Remove this after 5.0 is EOL.
-		`rm -f "${postgres_data_directory}/recovery.signal"`,
 	}, "\n")
 
 	return append([]string{"bash", "-ceu", "--", script, "startup"}, args...)
diff --git a/internal/postgres/reconcile_test.go b/internal/postgres/reconcile_test.go
index 9903afb97c..c1147e1fe0 100644
--- a/internal/postgres/reconcile_test.go
+++ b/internal/postgres/reconcile_test.go
@@ -285,7 +285,6 @@ initContainers:
     touch "${postgres_data_directory}/postgresql.conf"
     safelink "${pgwal_directory}" "${postgres_data_directory}/pg_wal"
     results 'wal directory' "$(realpath "${postgres_data_directory}/pg_wal" ||:)"
-    rm -f "${postgres_data_directory}/recovery.signal"
   - startup
   - "11"
   - /pgdata/pg11_wal