From a3cd326784feecd89f8c79b87d85052847dc1b57 Mon Sep 17 00:00:00 2001
From: Ross Bryan <robryan@redhat.com>
Date: Thu, 10 Jun 2021 10:50:57 -0400
Subject: [PATCH] Now check that CRG managedBy == openshiftcluster.id, if not,
 we do not run full delete

always delete role assignments/definitions

dont return err if we fail to get the resource group, continue with delete logic

fix warnf fmt
---
 pkg/cluster/delete.go | 50 +++++++++++++++++++++++++++----------------
 1 file changed, 32 insertions(+), 18 deletions(-)

diff --git a/pkg/cluster/delete.go b/pkg/cluster/delete.go
index b73fed41e..d727e6c91 100644
--- a/pkg/cluster/delete.go
+++ b/pkg/cluster/delete.go
@@ -259,9 +259,21 @@ func (m *manager) deleteRoleDefinition(ctx context.Context) error {
 
 func (m *manager) Delete(ctx context.Context) error {
 	resourceGroup := stringutils.LastTokenByte(m.doc.OpenShiftCluster.Properties.ClusterProfile.ResourceGroupID, '/')
+	//In edge case of CRG not being managedBy ARO, we have a different delete path
+	//we will assume normal case and set rgManagedByARO to true CRG is managedby ARO
+	rgManagedByARO := true
+	rg, err := m.resourceGroups.Get(ctx, resourceGroup)
+	if err != nil {
+		m.log.Warnf("failed to get resourceGroup %s", err)
+	} else {
+		if rg.ManagedBy == nil || *rg.ManagedBy == "" || !strings.EqualFold(*rg.ManagedBy, m.doc.OpenShiftCluster.ID) {
+			rgManagedByARO = false
+			m.log.Infof("cluster resource group not managed by aro %s", *rg.Name)
+		}
+	}
 
 	m.log.Printf("deleting dns")
-	err := m.dns.Delete(ctx, m.doc.OpenShiftCluster)
+	err = m.dns.Delete(ctx, m.doc.OpenShiftCluster)
 	if err != nil {
 		return err
 	}
@@ -284,25 +296,27 @@ func (m *manager) Delete(ctx context.Context) error {
 		return err
 	}
 
-	m.log.Printf("deleting resources")
-	err = m.deleteResources(ctx)
-	if err != nil {
-		return err
-	}
+	// only delete if managedByARO
+	if rgManagedByARO {
+		m.log.Printf("deleting resources")
+		err = m.deleteResources(ctx)
+		if err != nil {
+			return err
+		}
 
-	m.log.Printf("deleting resource group %s", resourceGroup)
-	err = m.resourceGroups.DeleteAndWait(ctx, resourceGroup)
-	if detailedErr, ok := err.(autorest.DetailedError); ok &&
-		(detailedErr.StatusCode == http.StatusForbidden || detailedErr.StatusCode == http.StatusNotFound) {
-		err = nil
+		m.log.Printf("deleting resource group %s", resourceGroup)
+		err = m.resourceGroups.DeleteAndWait(ctx, resourceGroup)
+		if detailedErr, ok := err.(autorest.DetailedError); ok &&
+			(detailedErr.StatusCode == http.StatusForbidden || detailedErr.StatusCode == http.StatusNotFound) {
+			err = nil
+		}
+		if azureerrors.HasAuthorizationFailedError(err) {
+			err = nil
+		}
+		if err != nil {
+			return err
+		}
 	}
-	if azureerrors.HasAuthorizationFailedError(err) {
-		err = nil
-	}
-	if err != nil {
-		return err
-	}
-
 	if !m.env.FeatureIsSet(env.FeatureDisableSignedCertificates) {
 		managedDomain, err := dns.ManagedDomain(m.env, m.doc.OpenShiftCluster.Properties.ClusterProfile.Domain)
 		if err != nil {