From 352bd754e6e1add4effa0556c61ab69c0282024d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mudrini=C4=87?= <mudrinic.mare@gmail.com>
Date: Mon, 27 Nov 2023 12:58:46 +0100
Subject: [PATCH] Migrate AzureDisk CSI Node CRB if RoleRef is
 csi-azuredisk-node-sa
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
---
 pkg/addons/ensure.go  |  2 +-
 pkg/addons/helpers.go | 27 ++++++++++++++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/pkg/addons/ensure.go b/pkg/addons/ensure.go
index cec28f94a..65205ca6d 100644
--- a/pkg/addons/ensure.go
+++ b/pkg/addons/ensure.go
@@ -354,7 +354,7 @@ func ensureCSIAddons(s *state.State, addonsToDeploy []addonAction) []addonAction
 			addonAction{
 				name: resources.AddonCSIAzureDisk,
 				supportFn: func() error {
-					return migrateAzureDiskCSIDriver(s)
+					return migrateAzureDiskCSI(s)
 				},
 			},
 			addonAction{
diff --git a/pkg/addons/helpers.go b/pkg/addons/helpers.go
index 460ff3d7c..a2b8a97e1 100644
--- a/pkg/addons/helpers.go
+++ b/pkg/addons/helpers.go
@@ -29,6 +29,7 @@ import (
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	storagev1 "k8s.io/api/storage/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -152,10 +153,34 @@ func gceStandardStorageClass() *storagev1.StorageClass {
 	}
 }
 
-func migrateAzureDiskCSIDriver(s *state.State) error {
+func migrateAzureDiskCSI(s *state.State) error {
+	if err := migrateAzureDiskNodeCRBIfLegacy(s); err != nil {
+		return err
+	}
+
 	return clientutil.DeleteIfExists(s.Context, s.DynamicClient, azureDiskCSIDriver())
 }
 
+func migrateAzureDiskNodeCRBIfLegacy(s *state.State) error {
+	crb := &rbacv1.ClusterRoleBinding{}
+	key := client.ObjectKey{
+		Name: "csi-azuredisk-node-secret-binding",
+	}
+	if err := s.DynamicClient.Get(s.Context, key, crb); err != nil {
+		if k8serrors.IsNotFound(err) {
+			return nil
+		}
+
+		return err
+	}
+
+	if crb.RoleRef.Name == "csi-azuredisk-node-secret-role" {
+		return clientutil.DeleteIfExists(s.Context, s.DynamicClient, crb)
+	}
+
+	return nil
+}
+
 func azureDiskCSIDriver() *storagev1.CSIDriver {
 	return &storagev1.CSIDriver{
 		ObjectMeta: metav1.ObjectMeta{