Merge pull request #19756 from mrogers950/bootstrap-file-enc

Update bootstrap policy file encoding

pkg/cmd/server/admin/create_bootstrappolicy_file.go

@@ -10,14 +10,13 @@ import (
 
 	"github.com/spf13/cobra"
 
+	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
-	"k8s.io/kubernetes/pkg/apis/rbac"
 	kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
 	kprinters "k8s.io/kubernetes/pkg/printers"
 
 	"github.com/openshift/origin/pkg/api/latest"
-	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
 )
@@ -30,8 +29,6 @@ const (
 
 type CreateBootstrapPolicyFileOptions struct {
 	File string
-
-	OpenShiftSharedResourcesNamespace string
 }
 
 func NewCommandCreateBootstrapPolicyFile(commandName string, fullName string, out io.Writer) *cobra.Command {
@@ -54,8 +51,6 @@ func NewCommandCreateBootstrapPolicyFile(commandName string, fullName string, ou
 	flags := cmd.Flags()
 
 	flags.StringVar(&options.File, "filename", DefaultPolicyFile, "The policy template file that will be written with roles and bindings.")
-	flags.StringVar(&options.OpenShiftSharedResourcesNamespace, "openshift-namespace", "openshift", "Namespace for shared resources.")
-	flags.MarkDeprecated("openshift-namespace", "this field is no longer supported and using it can lead to undefined behavior")
 
 	// autocompletion hints
 	cmd.MarkFlagFilename("filename")
@@ -70,9 +65,6 @@ func (o CreateBootstrapPolicyFileOptions) Validate(args []string) error {
 	if len(o.File) == 0 {
 		return errors.New("filename must be provided")
 	}
-	if len(o.OpenShiftSharedResourcesNamespace) == 0 {
-		return errors.New("openshift-namespace must be provided")
-	}
 
 	return nil
 }
@@ -86,82 +78,38 @@ func (o CreateBootstrapPolicyFileOptions) CreateBootstrapPolicyFile() error {
 	policy := bootstrappolicy.Policy()
 
 	for i := range policy.ClusterRoles {
-		originObject := &authorizationapi.ClusterRole{}
-		if err := legacyscheme.Scheme.Convert(&policy.ClusterRoles[i], originObject, nil); err != nil {
-			return err
-		}
-		versionedObject, err := legacyscheme.Scheme.ConvertToVersion(originObject, latest.Version)
+		versionedObject, err := legacyscheme.Scheme.ConvertToVersion(&policy.ClusterRoles[i], rbacv1.SchemeGroupVersion)
 		if err != nil {
 			return err
 		}
 		policyTemplate.Objects = append(policyTemplate.Objects, versionedObject)
 	}
 
 	for i := range policy.ClusterRoleBindings {
-		originObject := &authorizationapi.ClusterRoleBinding{}
-		if err := legacyscheme.Scheme.Convert(&policy.ClusterRoleBindings[i], originObject, nil); err != nil {
-			return err
-		}
-		versionedObject, err := legacyscheme.Scheme.ConvertToVersion(originObject, latest.Version)
+		versionedObject, err := legacyscheme.Scheme.ConvertToVersion(&policy.ClusterRoleBindings[i], rbacv1.SchemeGroupVersion)
 		if err != nil {
 			return err
 		}
 		policyTemplate.Objects = append(policyTemplate.Objects, versionedObject)
 	}
 
-	openshiftRoles := map[string][]rbac.Role{}
-	for namespace, roles := range policy.Roles {
-		if namespace == bootstrappolicy.DefaultOpenShiftSharedResourcesNamespace {
-			r := make([]rbac.Role, len(roles))
-			for i := range roles {
-				r[i] = roles[i]
-				r[i].Namespace = o.OpenShiftSharedResourcesNamespace
-			}
-			openshiftRoles[o.OpenShiftSharedResourcesNamespace] = r
-		} else {
-			openshiftRoles[namespace] = roles
-		}
-	}
-
 	// iterate in a defined order
-	for _, namespace := range sets.StringKeySet(openshiftRoles).List() {
-		roles := openshiftRoles[namespace]
+	for _, namespace := range sets.StringKeySet(policy.Roles).List() {
+		roles := policy.Roles[namespace]
 		for i := range roles {
-			originObject := &authorizationapi.Role{}
-			if err := legacyscheme.Scheme.Convert(&roles[i], originObject, nil); err != nil {
-				return err
-			}
-			versionedObject, err := legacyscheme.Scheme.ConvertToVersion(originObject, latest.Version)
+			versionedObject, err := legacyscheme.Scheme.ConvertToVersion(&roles[i], rbacv1.SchemeGroupVersion)
 			if err != nil {
 				return err
 			}
 			policyTemplate.Objects = append(policyTemplate.Objects, versionedObject)
 		}
 	}
 
-	openshiftRoleBindings := map[string][]rbac.RoleBinding{}
-	for namespace, roleBindings := range policy.RoleBindings {
-		if namespace == bootstrappolicy.DefaultOpenShiftSharedResourcesNamespace {
-			rb := make([]rbac.RoleBinding, len(roleBindings))
-			for i := range roleBindings {
-				rb[i] = roleBindings[i]
-				rb[i].Namespace = o.OpenShiftSharedResourcesNamespace
-			}
-			openshiftRoleBindings[o.OpenShiftSharedResourcesNamespace] = rb
-		} else {
-			openshiftRoleBindings[namespace] = roleBindings
-		}
-	}
-
 	// iterate in a defined order
-	for _, namespace := range sets.StringKeySet(openshiftRoleBindings).List() {
-		roleBindings := openshiftRoleBindings[namespace]
+	for _, namespace := range sets.StringKeySet(policy.RoleBindings).List() {
+		roleBindings := policy.RoleBindings[namespace]
 		for i := range roleBindings {
-			originObject := &authorizationapi.RoleBinding{}
-			if err := legacyscheme.Scheme.Convert(&roleBindings[i], originObject, nil); err != nil {
-				return err
-			}
-			versionedObject, err := legacyscheme.Scheme.ConvertToVersion(originObject, latest.Version)
+			versionedObject, err := legacyscheme.Scheme.ConvertToVersion(&roleBindings[i], rbacv1.SchemeGroupVersion)
 			if err != nil {
 				return err
 			}

pkg/cmd/server/bootstrappolicy/policy_test.go

@@ -35,7 +35,6 @@ func TestCreateBootstrapPolicyFile(t *testing.T) {
 	defer os.Remove(f.Name())
 	cmd := admin.NewCommandCreateBootstrapPolicyFile("", "", nil)
 	cmd.Flag("filename").Value.Set(f.Name())
-	cmd.Flag("openshift-namespace").Value.Set("openshift-custom-ns")
 	cmd.Run(cmd, nil)
 	data, err := ioutil.ReadFile(f.Name())
 	if err != nil {