enhance the delete logic (#48)

Author: horis233

controllers/namespacescope_controller.go

@@ -64,11 +64,13 @@ func (r *NamespaceScopeReconciler) Reconcile(req ctrl.Request) (ctrl.Result, err
 	// indicated by the deletion timestamp being set.
 	if !instance.GetDeletionTimestamp().IsZero() {
 		if util.Contains(instance.GetFinalizers(), constant.NamespaceScopeFinalizer) {
-			if err := r.DeleteAllRbac(instance); err != nil {
+			instance = r.setDefaults(instance)
+
+			if err := r.UpdateConfigMap(instance); err != nil {
 				return ctrl.Result{}, err
 			}
 
-			if err := r.UpdateConfigMap(instance); err != nil {
+			if err := r.DeleteAllRbac(instance); err != nil {
 				return ctrl.Result{}, err
 			}
 
@@ -698,14 +700,14 @@ func (r *NamespaceScopeReconciler) getValidatedNamespaces(instance *operatorv1.N
 					}
 				}
 				if ns.Status.Phase == corev1.NamespaceTerminating {
-					klog.Infof("Namespace %s is terminating. Ignore this namespace ", nsMem)
+					klog.Infof("Namespace %s is terminating. Ignore this namespace", nsMem)
 					continue
 				}
 			}
 			validatedNs = append(validatedNs, nsMem)
 		} else {
-			klog.Infof("ibm-namespace-scope-operator has not admin permission in namespace %s", nsMem)
-			r.Recorder.Eventf(instance, corev1.EventTypeWarning, "Forbidden", "ibm-namespace-scope-operator has not admin permission in namespace %s", nsMem)
+			klog.Infof("ibm-namespace-scope-operator doesn't have admin permission in namespace %s", nsMem)
+			r.Recorder.Eventf(instance, corev1.EventTypeWarning, "Forbidden", "ibm-namespace-scope-operator doesn't have admin permission in namespace %s", nsMem)
 		}
 	}
 	return validatedNs, nil

scripts/authorize-namespace.sh

@@ -26,7 +26,7 @@ function help() {
     echo "WHERE:"
     echo "  namespace: It is the name of the namespace you wish to authorize.  This namespace MUST exist. "
     echo "             By default, the current namespace is assumed"
-    echo "  -to namespace: It is the name of the namespace of the NamespaceScope operator that you want to authorize."
+    echo "  -to namespace: It is the name of the namespace of the NamespaceScope operator."
     echo "                 This namespace MUST exist.  The default is ibm-common-services."
     echo "  -delete: It removes the ability for the NamespaceScope operator in tonamespace to manage artifacts in the namespace."    
     echo ""
@@ -130,11 +130,11 @@ fi
 #
 # Define a role for service accounts
 #
-cat <<EOF | oc apply -n $TONS -f -
+cat <<EOF | oc apply -n $TARGETNS -f -
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: nss-managed-role-from-$TARGETNS
+  name: nss-managed-role-from-$TONS
 rules:
 - apiGroups:
   - "*"
@@ -147,17 +147,17 @@ EOF
 #
 # Bind the service account in the TO namespace to the Role in the target namespace
 #
-cat <<EOF | oc apply -n $TONS -f -
+cat <<EOF | oc apply -n $TARGETNS -f -
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: nss-managed-rolebinding-from-$TARGETNS
+  name: nss-managed-role-from-$TONS
 subjects:
 - kind: ServiceAccount
   name: ibm-namespace-scope-operator
-  namespace: $TARGETNS
+  namespace: $TONS
 roleRef:
   kind: Role
-  name: nss-managed-role-from-$TARGETNS
+  name: nss-managed-role-from-$TONS
   apiGroup: rbac.authorization.k8s.io
 EOF