Remove role bindings during service catalog un-install

4 files changed, 26 insertions, 13 deletions

diff --git a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml
index 56b2d1463..f449fba2b 100644
--- a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml
+++ b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Template
 metadata:
-  name: service-catalog
+  name: service-catalog-role-bindings
 objects:
 
 - apiVersion: authorization.openshift.io/v1
diff --git a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml
index e1af51ce6..f563ae42e 100644
--- a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml
+++ b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Template
 metadata:
-  name: kube-system-service-catalog
+  name: kube-system-service-catalog-role-bindings
 objects:
 
 - apiVersion: authorization.openshift.io/v1
diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml
index 1e94c8c5d..aa3ec5724 100644
--- a/roles/openshift_service_catalog/tasks/install.yml
+++ b/roles/openshift_service_catalog/tasks/install.yml
@@ -47,16 +47,15 @@
     dest: "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml"
 
 - oc_obj:
-    name: service-catalog
+    name: service-catalog-role-bindings
     kind: template
     namespace: "kube-service-catalog"
     files:
       - "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml"
-    delete_after: yes
 
 - oc_process:
     create: True
-    template_name: service-catalog
+    template_name: service-catalog-role-bindings
     namespace: "kube-service-catalog"
 
 - copy:
@@ -64,16 +63,15 @@
     dest: "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml"
 
 - oc_obj:
-    name: kube-system-service-catalog
+    name: kube-system-service-catalog-role-bindings
     kind: template
     namespace: kube-system
     files:
       - "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml"
-    delete_after: yes
 
 - oc_process:
     create: True
-    template_name: kube-system-service-catalog
+    template_name: kube-system-service-catalog-role-bindings
     namespace: kube-system
 
 - oc_obj:
diff --git a/roles/openshift_service_catalog/tasks/remove.yml b/roles/openshift_service_catalog/tasks/remove.yml
index e473313b9..224665655 100644
--- a/roles/openshift_service_catalog/tasks/remove.yml
+++ b/roles/openshift_service_catalog/tasks/remove.yml
@@ -3,11 +3,6 @@
   command: >
     oc delete apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io --ignore-not-found -n kube-service-catalog
 
-# TODO: policybinding is not a resource type. what was the original intention of this?
-#- name: Remove Policy Binding
-#  command: >
-#    oc delete policybindings/kube-system:default -n kube-system --ignore-not-found
-
 # TODO: this module doesn't currently remove this
 #- name: Remove service catalog api service
 #  oc_obj:
@@ -51,6 +46,26 @@
     kind: deployment
     name: controller-manager
 
+- name: Remove Service Catalog kube-system Role Bindinds
+  shell: >
+    oc process kube-system-service-catalog-role-bindings -n kube-system | oc delete --ignore-not-found -f - 
+
+- oc_obj:
+    kind: template
+    name: "kube-system-service-catalog-role-bindings"
+    namespace: kube-system
+    state: absent
+
+- name: Remove Service Catalog kube-service-catalog Role Bindinds
+  shell: >
+    oc process service-catalog-role-bindings -n kube-service-catalog | oc delete --ignore-not-found -f - 
+
+- oc_obj:
+    kind: template
+    name: "service-catalog-role-bindings"
+    namespace: kube-service-catalog
+    state: absent
+    
 - name: Remove Service Catalog namespace
   oc_project:
     state: absent