Define a role for unregister-member command and delete the referenced…

… secret when unregistering the member

pkg/cmd/adm/unregister_member.go

@@ -9,6 +9,7 @@ import (
 	"github.com/kubesaw/ksctl/pkg/configuration"
 	clicontext "github.com/kubesaw/ksctl/pkg/context"
 	"github.com/kubesaw/ksctl/pkg/ioutils"
+	corev1 "k8s.io/api/core/v1"
 
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
@@ -53,6 +54,10 @@ func UnregisterMemberCluster(ctx *clicontext.CommandContext, clusterName string,
 	if err := ctx.PrintObject(toolchainCluster, "Toolchain Member cluster"); err != nil {
 		return err
 	}
+	secret := &corev1.Secret{}
+	if err := hostClusterClient.Get(context.TODO(), types.NamespacedName{Namespace: toolchainCluster.Namespace, Name: toolchainCluster.Spec.SecretRef.Name}, secret); err != nil {
+		return err
+	}
 	confirmation := ctx.AskForConfirmation(ioutils.WithDangerZoneMessagef("unregistering member cluster form host cluster. Make sure there is no users left in the member cluster before unregistering it.",
 		"Delete Member cluster stated above from the Host cluster?"))
 	if !confirmation {
@@ -62,6 +67,9 @@ func UnregisterMemberCluster(ctx *clicontext.CommandContext, clusterName string,
 	if err := hostClusterClient.Delete(context.TODO(), toolchainCluster); err != nil {
 		return err
 	}
+	if err := hostClusterClient.Delete(context.TODO(), secret); err != nil {
+		return err
+	}
 	ctx.Printlnf("\nThe deletion of the Toolchain member cluster from the Host cluster has been triggered")
 
 	return restart(ctx, "host")

resources/roles/host.yaml

@@ -262,4 +262,24 @@ objects:
     - "get"
     - "list"
     - "patch"
-    - "update"
+- kind: Role
+  apiVersion: rbac.authorization.k8s.io/v1
+  metadata:
+    name: unregister-member
+    labels:
+      provider: ksctl
+  rules:
+  - apiGroups:
+    - ""
+    resources:
+    - "secrets"
+    verbs:
+    - "get"
+    - "delete"
+  - apiGroups:
+    - toolchain.dev.openshift.com
+    resources:
+    - "toolchainclusters"
+    verbs:
+    - "get"
+    - "delete"