remove unnecessary duplicate clusterrole

openshift · Jul 20, 2017 · 181f498 · 181f498
1 parent b4eb3b9
commit 181f498
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 29 deletions.
diff --git a/pkg/cmd/server/bootstrappolicy/dead.go b/pkg/cmd/server/bootstrappolicy/dead.go
@@ -56,5 +56,4 @@ func init() {
 	addDeadClusterRole("system:build-controller")
 	addDeadClusterRole("system:deploymentconfig-controller")
 	addDeadClusterRole("system:deployment-controller")
-
 }
diff --git a/pkg/cmd/server/bootstrappolicy/infra_sa_policy.go b/pkg/cmd/server/bootstrappolicy/infra_sa_policy.go
@@ -7,7 +7,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	kapi "k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/authorization"
-	"k8s.io/kubernetes/pkg/apis/certificates"
 
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
 	authorizationapiv1 "github.com/openshift/origin/pkg/authorization/apis/authorization/v1"
@@ -40,9 +39,6 @@ const (
 	InfraPersistentVolumeRecyclerControllerServiceAccountName   = "pv-recycler-controller"
 	InfraResourceQuotaControllerServiceAccountName              = "resourcequota-controller"
 
-	InfraNodeBootstrapServiceAccountName = "node-bootstrapper"
-	NodeBootstrapRoleName                = "system:node-bootstrapper"
-
 	// template instance controller watches for TemplateInstance object creation
 	// and instantiates templates as a result.
 	InfraTemplateInstanceControllerServiceAccountName = "template-instance-controller"
@@ -130,27 +126,6 @@ func init() {
 	InfraSAs.serviceAccounts = sets.String{}
 	InfraSAs.saToRole = map[string]authorizationapi.ClusterRole{}
 
-	err = InfraSAs.addServiceAccount(
-		InfraNodeBootstrapServiceAccountName,
-		authorizationapi.ClusterRole{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: NodeBootstrapRoleName,
-			},
-			Rules: []authorizationapi.PolicyRule{
-				{
-					APIGroups: []string{certificates.GroupName},
-					// match the upstream role for now
-					// TODO sort out how to deconflict this with upstream
-					Verbs:     sets.NewString("create", "get", "list", "watch"),
-					Resources: sets.NewString("certificatesigningrequests"),
-				},
-			},
-		},
-	)
-	if err != nil {
-		panic(err)
-	}
-
 	err = InfraSAs.addServiceAccount(
 		InfraTemplateServiceBrokerServiceAccountName,
 		authorizationapi.ClusterRole{

diff --git a/pkg/cmd/server/bootstrappolicy/policy.go b/pkg/cmd/server/bootstrappolicy/policy.go
@@ -1264,9 +1264,6 @@ var clusterRoleConflicts = sets.NewString(
 	// TODO this should probably be re-swizzled to be the delta on top of the kube role
 	"system:discovery",
 
-	// TODO deconflict this
-	"system:node-bootstrapper",
-
 	// TODO these should be reconsidered
 	"cluster-admin",
 	"system:node",