Merge pull request #15270 from cdapio/CDAP-20742

[CDAP-20742] Delete namespace identity when namespace is deleted.

cdap-app-fabric/src/main/java/io/cdap/cdap/internal/app/namespace/DefaultNamespaceAdmin.java

@@ -343,10 +343,13 @@ public synchronized void delete(@Name("namespaceId") final NamespaceId namespace
     try {
       // if needed, run master environment specific logic if it is a non-default namespace (see below for more info)
       MasterEnvironment masterEnv = MasterEnvironments.getMasterEnvironment();
-      if (cConf.getBoolean(Constants.Namespace.NAMESPACE_CREATION_HOOK_ENABLED)
-          && masterEnv != null && !NamespaceId.DEFAULT.equals(namespaceId)) {
-        masterEnv.onNamespaceDeletion(namespaceId.getNamespace(),
-            namespaceMeta.getConfig().getConfigs());
+      if (masterEnv != null && !NamespaceId.DEFAULT.equals(namespaceId)) {
+        if (cConf.getBoolean(Constants.Namespace.NAMESPACE_CREATION_HOOK_ENABLED)) {
+          masterEnv.onNamespaceDeletion(namespaceId.getNamespace(),
+              namespaceMeta.getConfig().getConfigs());
+        } else {
+          masterEnv.deleteIdentity(NamespaceId.DEFAULT.getNamespace(), namespaceMeta.getIdentity());
+        }
       }
 
       resourceDeleter.get().deleteResources(namespaceMeta);

cdap-kubernetes/src/main/java/io/cdap/cdap/master/environment/k8s/KubeMasterEnvironment.java

@@ -88,6 +88,7 @@
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.zip.GZIPOutputStream;
+import javax.annotation.Nullable;
 import org.apache.twill.api.TwillRunnerService;
 import org.apache.twill.discovery.DiscoveryService;
 import org.apache.twill.discovery.DiscoveryServiceClient;
@@ -539,6 +540,28 @@ public void createIdentity(String k8sNamespace, String identity) throws ApiExcep
     }
   }
 
+  @Override
+  public void deleteIdentity(String k8sNamespace, @Nullable String identity) throws ApiException {
+    if (identity == null || identity.equals("default")) {
+      // skip deleting default service account.
+      return;
+    }
+    LOG.info("Creating credential identity: {}", identity);
+    try {
+      coreV1Api.deleteNamespacedServiceAccount(identity, k8sNamespace,
+          null, null, null, null, null, null);
+    } catch (ApiException e) {
+      if (e.getCode() == 404) {
+        // return if not found as it means that service account does not exist.
+        return;
+      }
+      LOG.error(
+          String.format("Unable to delete the service account %s with status %s and body: %s",
+              identity, e.getCode(), e.getResponseBody()), e);
+      throw e;
+    }
+  }
+
   @Override
   public void onNamespaceDeletion(String cdapNamespace, Map<String, String> properties)
       throws Exception {

cdap-master-spi/src/main/java/io/cdap/cdap/master/spi/environment/MasterEnvironment.java

@@ -117,12 +117,19 @@ default void onNamespaceCreation(String namespace, Map<String, String> propertie
   }
 
   /**
-   * Used to create a credential identity associated with a namespace.
+   * Used to create the credential identity associated with the namespace.
    */
   default void createIdentity(String namespace, String identity) throws Exception {
     // no-op by default
   }
 
+  /**
+   * Used to delete the credential identity associated with the namespace.
+   */
+  default void deleteIdentity(String namespace, String identity) throws Exception {
+    // no-op by default
+  }
+
   /**
    * Called during namespace deletion. Namespace deletion is rolled back if this method throws an
    * exception.

cdap-proto/src/main/java/io/cdap/cdap/proto/NamespaceMeta.java

@@ -276,6 +276,7 @@ public String toString() {
     return "NamespaceMeta{"
         + "name='" + name + '\''
         + ", description='" + description + '\''
+        + ", identity=" + identity
         + ", generation=" + generation
         + ", config=" + config
         + '}';