From 6acb65ca712ded4f080579387e2b67bb201ca830 Mon Sep 17 00:00:00 2001
From: Sharif Elgamal <selgamal@google.com>
Date: Tue, 14 Sep 2021 13:12:07 -0700
Subject: [PATCH] make sure to delete image pull secrets on gcp auth addon
 disable

---
 pkg/addons/addons_gcpauth.go | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/pkg/addons/addons_gcpauth.go b/pkg/addons/addons_gcpauth.go
index 4228918fc8..4f8101f122 100644
--- a/pkg/addons/addons_gcpauth.go
+++ b/pkg/addons/addons_gcpauth.go
@@ -99,7 +99,7 @@ func enableAddonGCPAuth(cfg *config.ClusterConfig) error {
 	}
 
 	if creds.JSON == nil {
-		out.WarningT("You have authenicated with a service account that does not have an associated JSON. The GCP Auth requires credentials with a JSON file to in order to continue. The image pull secret has been imported.")
+		out.WarningT("You have authenticated with a service account that does not have an associated JSON. The GCP Auth requires credentials with a JSON file to in order to continue. The image pull secret has been imported.")
 		return nil
 	}
 
@@ -333,6 +333,25 @@ func disableAddonGCPAuth(cfg *config.ClusterConfig) error {
 		if err != nil {
 			klog.Infof("error deleting secret: %v", err)
 		}
+
+		serviceaccounts := client.ServiceAccounts(n.Name)
+		salist, err := serviceaccounts.List(context.TODO(), metav1.ListOptions{})
+		if err != nil {
+			klog.Infof("error getting service accounts: %v", err)
+			return err
+		}
+		for _, sa := range salist.Items {
+			for i, ps := range sa.ImagePullSecrets {
+				if ps.Name == secretName {
+					sa.ImagePullSecrets = append(sa.ImagePullSecrets[:i], sa.ImagePullSecrets[i+1:]...)
+					_, err := serviceaccounts.Update(context.TODO(), &sa, metav1.UpdateOptions{})
+					if err != nil {
+						return err
+					}
+					break
+				}
+			}
+		}
 	}
 
 	return nil