From bb19dd8d4d2827f3d9e93d01af058614504fe338 Mon Sep 17 00:00:00 2001
From: Spiros Economakis <spiros.oikonomakis@gmail.com>
Date: Wed, 8 Jun 2022 10:41:20 +0300
Subject: [PATCH] [fix] Detach velero node policy on cluster deletion (#664)

* [fix] Detach velero node policy on cluster deletion

If we won't detach the IAM policy then it's not possible to delete the cluster.

Ticket: https://mattermost.atlassian.net/browse/CLD-2450

* Update internal/provisioner/kops_provisioner_cluster.go

Co-authored-by: Gabe Jackson <gabe@coffeepowered.co>

Co-authored-by: Gabe Jackson <gabe@coffeepowered.co>
---
 internal/provisioner/kops_provisioner_cluster.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/provisioner/kops_provisioner_cluster.go b/internal/provisioner/kops_provisioner_cluster.go
index 576260bfa..4905e88ae 100644
--- a/internal/provisioner/kops_provisioner_cluster.go
+++ b/internal/provisioner/kops_provisioner_cluster.go
@@ -954,6 +954,10 @@ func (provisioner *KopsProvisioner) cleanupKopsCluster(cluster *model.Cluster, a
 	if err != nil {
 		return errors.Wrap(err, "unable to detach custom node policy")
 	}
+	err = awsClient.DetachPolicyFromRole(iamRole, aws.VeleroNodePolicyName, logger)
+	if err != nil {
+		return errors.Wrap(err, "unable to detach velero node policy")
+	}
 
 	_, err = kopsClient.GetCluster(kopsMetadata.Name)
 	if err != nil {