Add parity check for Openshift policy and Kube RBAC #14429
Merged
Commits on Jun 10, 2017
-
Add parity check for Openshift authz and Kube RBAC
This change adds the `oadm migrate authorization` command: A controller is used to keep Openshift authorization objects and Kubernetes RBAC in sync. This command checks for parity between those objects across all namespaces and reports all objects that are out of sync. These objects require manual intervention to sync as the controller handles all cases where automatic sync is possible. The following resource types are checked by this command: * clusterrole * role * clusterrolebinding * rolebinding No resources are mutated. Signed-off-by: Monis Khan <[email protected]>
-
Generate: oadm migrate authorization
Signed-off-by: Monis Khan <[email protected]>
-
Collapse code between authorizationsync and migrate
This change adds functions that handle all normalization, conversion and comparison for the authorization objects. These are now shared between authorizationsync and `oadm migrate authorization` to prevent any logic drift. Signed-off-by: Monis Khan <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.