---

- name: "Remove user {{ ocp_username }} from groups {{ ocp_user_groups }} to disable creating projects"
  command: "oc adm groups remove-users {{ item }} {{ ocp_username }}"
  loop: "{{ ocp_user_groups }}"
  when:
  - ocp_username is defined
  - ocp_user_groups | default([]) | length > 0

- name: "Remove user {{ ocp_username }}'s Quotas"
  k8s:
    state: absent
    api_version: quota.openshift.io/v1
    kind: ClusterResourceQuota
    name: "{{ item }}"
  loop:
  - "clusterquota-{{ ocp_username }}-{{ guid }}"
  - "clusterquota-{{ ocp_username }}"

- name: "Remove user {{ ocp_username }} from Grading Jenkins"
  k8s:
    state: absent
    definition: "{{ lookup('template', item ) | from_yaml }}"
  loop:
  - ./templates/jenkins_role_binding.j2

- name: "Find all projects for user {{ ocp_username }}"
  k8s_facts:
    api_version: project.openshift.io/v1
    kind: Project
  register: r_projects

- name: "Remove user {{ ocp_username }}'s Projects"
  k8s:
    state: absent
    api_version: project.openshift.io/v1
    kind: Project
    name: "{{ item.metadata.name }}"
  when:
  - item.metadata.annotations['openshift.io/requester'] is defined
  - item.metadata.annotations['openshift.io/requester'] == ocp_username
  - item.status.phase is defined
  - item.status.phase != "Terminating"
  loop: "{{ r_projects.resources }}"

# Leave this as the last task in the playbook.
- name: remove_workload tasks complete
  debug:
    msg: "Remove Workload tasks completed successfully."
  when: not silent|bool