From 7fd02b0c35710b70c3caa56588c87ef0c3c24eb9 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Fri, 10 Jan 2025 17:15:28 +0100 Subject: [PATCH] Define a role for unregister-member command and delete the referenced secret when unregistering the member --- pkg/cmd/adm/unregister_member.go | 8 ++++++++ resources/roles/host.yaml | 22 +++++++++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/pkg/cmd/adm/unregister_member.go b/pkg/cmd/adm/unregister_member.go index c082321..127e3b5 100644 --- a/pkg/cmd/adm/unregister_member.go +++ b/pkg/cmd/adm/unregister_member.go @@ -9,6 +9,7 @@ import ( "github.com/kubesaw/ksctl/pkg/configuration" clicontext "github.com/kubesaw/ksctl/pkg/context" "github.com/kubesaw/ksctl/pkg/ioutils" + corev1 "k8s.io/api/core/v1" "github.com/spf13/cobra" "k8s.io/apimachinery/pkg/types" @@ -53,6 +54,10 @@ func UnregisterMemberCluster(ctx *clicontext.CommandContext, clusterName string, if err := ctx.PrintObject(toolchainCluster, "Toolchain Member cluster"); err != nil { return err } + secret := &corev1.Secret{} + if err := hostClusterClient.Get(context.TODO(), types.NamespacedName{Namespace: toolchainCluster.Namespace, Name: toolchainCluster.Spec.SecretRef.Name}, secret); err != nil { + return err + } confirmation := ctx.AskForConfirmation(ioutils.WithDangerZoneMessagef("unregistering member cluster form host cluster. Make sure there is no users left in the member cluster before unregistering it.", "Delete Member cluster stated above from the Host cluster?")) if !confirmation { @@ -62,6 +67,9 @@ func UnregisterMemberCluster(ctx *clicontext.CommandContext, clusterName string, if err := hostClusterClient.Delete(context.TODO(), toolchainCluster); err != nil { return err } + if err := hostClusterClient.Delete(context.TODO(), secret); err != nil { + return err + } ctx.Printlnf("\nThe deletion of the Toolchain member cluster from the Host cluster has been triggered") return restart(ctx, "host") diff --git a/resources/roles/host.yaml b/resources/roles/host.yaml index 4eadb41..79cbe53 100644 --- a/resources/roles/host.yaml +++ b/resources/roles/host.yaml @@ -262,4 +262,24 @@ objects: - "get" - "list" - "patch" - - "update" +- kind: Role + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: unregister-member + labels: + provider: ksctl + rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "delete" + - apiGroups: + - toolchain.dev.openshift.com + resources: + - "toolchainclusters" + verbs: + - "get" + - "delete"