From 5bfb41e858a0088622fb908dc5545f7e129693cf Mon Sep 17 00:00:00 2001
From: Jon Donovan <jondonovan@google.com>
Date: Thu, 12 Mar 2020 15:06:03 -0700
Subject: [PATCH 1/2] Delete (Cluster)Role(Bindings) as a final cleanup step.

This allows us to take advantage of the permissions granted to cluster admins
when performing cleanup. If the approach in #109
is approved, this will become necessary. Additionally, it makes sense to remove roles as the final
step to allow human Operators to modify any resources they may have permissions on as a result of the Knative installation (that is, we should not remove any access until we are 'almost done' cleaning up).
---
 pkg/reconciler/knativeeventing/knativeeventing.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkg/reconciler/knativeeventing/knativeeventing.go b/pkg/reconciler/knativeeventing/knativeeventing.go
index b5632d2e..7a38e291 100644
--- a/pkg/reconciler/knativeeventing/knativeeventing.go
+++ b/pkg/reconciler/knativeeventing/knativeeventing.go
@@ -71,8 +71,16 @@ func (r *Reconciler) Reconcile(ctx context.Context, key string) error {
 	if apierrs.IsNotFound(err) {
 		// The resource was deleted
 		r.eventings.Delete(key)
+		var RBAC = mf.Any(mf.ByKind("Role"), mf.ByKind("ClusterRole"), mf.ByKind("RoleBinding"), mf.ByKind("ClusterRoleBinding"))
+
 		if r.eventings.Len() == 0 {
-			r.config.Filter(mf.NotCRDs).Delete()
+			if err := r.config.Filter(mf.All(mf.NotCRDs, RBAC)).Delete(); err != nil {
+				return err
+			}
+			// Delete Roles last, as they may be useful for human operators to clean up.
+			if err := r.config.Filter(RBAC).Delete(); err != nil {
+				return err
+			}
 		}
 		return nil
 

From 8a9a2d373d951642b74c2603fcd19a5538eeb223 Mon Sep 17 00:00:00 2001
From: Jon Donovan <jondonovan@google.com>
Date: Fri, 13 Mar 2020 11:33:27 -0700
Subject: [PATCH 2/2] Remove redundant All(), fix conditional.

---
 pkg/reconciler/knativeeventing/knativeeventing.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/reconciler/knativeeventing/knativeeventing.go b/pkg/reconciler/knativeeventing/knativeeventing.go
index 7a38e291..2219d898 100644
--- a/pkg/reconciler/knativeeventing/knativeeventing.go
+++ b/pkg/reconciler/knativeeventing/knativeeventing.go
@@ -74,7 +74,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, key string) error {
 		var RBAC = mf.Any(mf.ByKind("Role"), mf.ByKind("ClusterRole"), mf.ByKind("RoleBinding"), mf.ByKind("ClusterRoleBinding"))
 
 		if r.eventings.Len() == 0 {
-			if err := r.config.Filter(mf.All(mf.NotCRDs, RBAC)).Delete(); err != nil {
+			if err := r.config.Filter(mf.NotCRDs, mf.None(RBAC)).Delete(); err != nil {
 				return err
 			}
 			// Delete Roles last, as they may be useful for human operators to clean up.