From bffcb32b19d69616a9eaeb1e9d24b8805c40b868 Mon Sep 17 00:00:00 2001
From: Nikola Jokic <jokicnikola07@gmail.com>
Date: Mon, 16 Oct 2023 12:40:38 +0200
Subject: [PATCH] Fix role and rolebinding cleanup for the listener controller
 (#2970)

---
 .../autoscalinglistener_controller.go         | 32 +++++++++++++++++++
 .../autoscalinglistener_controller_test.go    | 28 ++++++++++++++--
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/controllers/actions.github.com/autoscalinglistener_controller.go b/controllers/actions.github.com/autoscalinglistener_controller.go
index a2454c29..d3caecfd 100644
--- a/controllers/actions.github.com/autoscalinglistener_controller.go
+++ b/controllers/actions.github.com/autoscalinglistener_controller.go
@@ -306,6 +306,38 @@ func (r *AutoscalingListenerReconciler) cleanupResources(ctx context.Context, au
 		logger.Info("Listener proxy secret is deleted")
 	}
 
+	listenerRoleBinding := new(rbacv1.RoleBinding)
+	err = r.Get(ctx, types.NamespacedName{Namespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace, Name: scaleSetListenerRoleName(autoscalingListener)}, listenerRoleBinding)
+	switch {
+	case err == nil:
+		if listenerRoleBinding.ObjectMeta.DeletionTimestamp.IsZero() {
+			logger.Info("Deleting the listener role binding")
+			if err := r.Delete(ctx, listenerRoleBinding); err != nil {
+				return false, fmt.Errorf("failed to delete listener role binding: %v", err)
+			}
+		}
+		return false, nil
+	case err != nil && !kerrors.IsNotFound(err):
+		return false, fmt.Errorf("failed to get listener role binding: %v", err)
+	}
+	logger.Info("Listener role binding is deleted")
+
+	listenerRole := new(rbacv1.Role)
+	err = r.Get(ctx, types.NamespacedName{Namespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace, Name: scaleSetListenerRoleName(autoscalingListener)}, listenerRole)
+	switch {
+	case err == nil:
+		if listenerRole.ObjectMeta.DeletionTimestamp.IsZero() {
+			logger.Info("Deleting the listener role")
+			if err := r.Delete(ctx, listenerRole); err != nil {
+				return false, fmt.Errorf("failed to delete listener role: %v", err)
+			}
+		}
+		return false, nil
+	case err != nil && !kerrors.IsNotFound(err):
+		return false, fmt.Errorf("failed to get listener role: %v", err)
+	}
+	logger.Info("Listener role is deleted")
+
 	logger.Info("Cleaning up the listener service account")
 	listenerSa := new(corev1.ServiceAccount)
 	err = r.Get(ctx, types.NamespacedName{Name: scaleSetListenerServiceAccountName(autoscalingListener), Namespace: autoscalingListener.Namespace}, listenerSa)
diff --git a/controllers/actions.github.com/autoscalinglistener_controller_test.go b/controllers/actions.github.com/autoscalinglistener_controller_test.go
index 735ae1c3..97603529 100644
--- a/controllers/actions.github.com/autoscalinglistener_controller_test.go
+++ b/controllers/actions.github.com/autoscalinglistener_controller_test.go
@@ -203,7 +203,8 @@ var _ = Describe("Test AutoScalingListener controller", func() {
 					return pod.Name, nil
 				},
 				autoscalingListenerTestTimeout,
-				autoscalingListenerTestInterval).Should(BeEquivalentTo(autoscalingListener.Name), "Pod should be created")
+				autoscalingListenerTestInterval,
+			).Should(BeEquivalentTo(autoscalingListener.Name), "Pod should be created")
 
 			// Delete the AutoScalingListener
 			err := k8sClient.Delete(ctx, autoscalingListener)
@@ -225,7 +226,30 @@ var _ = Describe("Test AutoScalingListener controller", func() {
 					return nil
 				},
 				autoscalingListenerTestTimeout,
-				autoscalingListenerTestInterval).ShouldNot(Succeed(), "failed to delete pod")
+				autoscalingListenerTestInterval,
+			).ShouldNot(Succeed(), "failed to delete pod")
+
+			// Cleanup the listener role binding
+			Eventually(
+				func() bool {
+					roleBinding := new(rbacv1.RoleBinding)
+					err := k8sClient.Get(ctx, client.ObjectKey{Name: scaleSetListenerRoleName(autoscalingListener), Namespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace}, roleBinding)
+					return kerrors.IsNotFound(err)
+				},
+				autoscalingListenerTestTimeout,
+				autoscalingListenerTestInterval,
+			).Should(BeTrue(), "failed to delete role binding")
+
+			// Cleanup the listener role
+			Eventually(
+				func() bool {
+					role := new(rbacv1.Role)
+					err := k8sClient.Get(ctx, client.ObjectKey{Name: scaleSetListenerRoleName(autoscalingListener), Namespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace}, role)
+					return kerrors.IsNotFound(err)
+				},
+				autoscalingListenerTestTimeout,
+				autoscalingListenerTestInterval,
+			).Should(BeTrue(), "failed to delete role")
 
 			// Cleanup the listener service account
 			Eventually(