Combine the cluster / machine permissions per review

internal/controller/managedcluster_controller_test.go

@@ -180,10 +180,12 @@ var _ = Describe("ManagedCluster Controller", func() {
 					Spec: hmc.ManagedClusterSpec{
 						Template:   templateName,
 						Credential: credentialName,
-						Services: []hmc.ServiceSpec{
-							{
-								Template: svcTemplateName,
-								Name:     "test-svc-name",
+						ServicesType: hmc.ServicesType{
+							Services: []hmc.ServiceSpec{
+								{
+									Template: svcTemplateName,
+									Name:     "test-svc-name",
+								},
 							},
 						},
 					},

internal/controller/multiclusterservice_controller_test.go

@@ -176,10 +176,12 @@ var _ = Describe("MultiClusterService Controller", func() {
 						},
 					},
 					Spec: hmc.MultiClusterServiceSpec{
-						Services: []hmc.ServiceSpec{
-							{
-								Template: serviceTemplateName,
-								Name:     helmChartReleaseName,
+						ServicesType: hmc.ServicesType{
+							Services: []hmc.ServiceSpec{
+								{
+									Template: serviceTemplateName,
+									Name:     helmChartReleaseName,
+								},
 							},
 						},
 					},

internal/controller/unmanagedcluster_controller.go

@@ -33,7 +33,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/util/kubeconfig"
-	"sigs.k8s.io/cluster-api/util/secret"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -311,18 +310,6 @@ func (r *UnmanagedClusterReconciler) reconcileDeletion(ctx context.Context, unma
 		return ctrl.Result{Requeue: true}, fmt.Errorf("failed to delete unmanaged machines: %w", err)
 	}
 
-	if err := r.Delete(ctx, &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Namespace: unmanagedCluster.Namespace,
-			Name:      secret.Name(unmanagedCluster.Name, secret.Kubeconfig),
-			Labels: map[string]string{
-				v1beta1.ClusterNameLabel: unmanagedCluster.Name,
-			},
-		},
-	}); err != nil && !apierrors.IsNotFound(err) {
-		return ctrl.Result{Requeue: true}, fmt.Errorf("failed to delete cluster secret: %w", err)
-	}
-
 	if err := r.Delete(ctx, &v1beta1.Cluster{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: unmanagedCluster.Namespace,

internal/controller/unmanagedcluster_controller_test.go

@@ -76,11 +76,7 @@ var _ = Describe("UnmanagedCluster Controller", func() {
 						Name:      unmanagedClusterName,
 						Namespace: unmanagedClusterNamespace,
 					},
-					Spec: hmc.UnmanagedClusterSpec{
-						Services:         nil,
-						ServicesPriority: 1,
-						StopOnConflict:   true,
-					},
+					Spec: hmc.UnmanagedClusterSpec{},
 				}
 				Expect(k8sClient.Create(ctx, resource)).To(Succeed())
 			}

templates/provider/hmc/templates/rbac/controller/roles.yaml

@@ -19,7 +19,8 @@ rules:
   - cluster.x-k8s.io
   resources:
   - clusters
-  verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }}
+  verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
+    - delete
 - apiGroups:
   - helm.toolkit.fluxcd.io
   resources:
@@ -145,7 +146,8 @@ rules:
   - cluster.x-k8s.io
   resources:
   - machines
-  verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }}
+  verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
+    - delete
 - apiGroups:
   - ""
   resources:
@@ -250,13 +252,6 @@ rules:
     - get
     - patch
     - update
-- apiGroups:
-    - cluster.x-k8s.io
-  resources:
-    - clusters
-    - machines
-  verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
-    - delete
 - apiGroups:
     - config.projectsveltos.io
   resources: