1. Add parity check for Openshift authz and Kube RBAC (commit: b95d4a0) (details)
  2. Generate: oadm migrate authorization (commit: 684d4b4) (details)
  3. Collapse code between authorizationsync and migrate (commit: 46af0f1) (details)
Commit b95d4a0bd44a358fe57fe1776865b653c27c1455 by Mo Khan
Add parity check for Openshift authz and Kube RBAC
This change adds the `oadm migrate authorization` command:
A controller is used to keep Openshift authorization objects and
Kubernetes RBAC in sync.  This command checks for parity between those
objects across all namespaces and reports all objects that are out of
sync.  These objects require manual intervention to sync as the
controller handles all cases where automatic sync is possible.
The following resource types are checked by this command:
* clusterrole
* role
* clusterrolebinding
* rolebinding
No resources are mutated.
Signed-off-by: Monis Khan <>
(commit: b95d4a0)
The file was addedpkg/cmd/admin/migrate/authorization/authorization.go
The file was modifiedpkg/cmd/admin/admin.go (diff)
The file was modifiedpkg/cmd/admin/migrate/migrator.go (diff)
Commit 684d4b4b5dc8d198c9f40a0bc140d1cf2dd0edc8 by Mo Khan
Generate: oadm migrate authorization
Signed-off-by: Monis Khan <>
(commit: 684d4b4)
The file was modifieddocs/man/man1/.files_generated_oadm (diff)
The file was modifiedcontrib/completions/bash/openshift (diff)
The file was modifiedcontrib/completions/zsh/oadm (diff)
The file was addeddocs/man/man1/oadm-migrate-authorization.1
The file was modifieddocs/man/man1/.files_generated_oc (diff)
The file was addeddocs/man/man1/oc-adm-migrate-authorization.1
The file was modifiedcontrib/completions/bash/oadm (diff)
The file was addeddocs/man/man1/openshift-admin-migrate-authorization.1
The file was modifiedcontrib/completions/zsh/openshift (diff)
The file was addeddocs/man/man1/openshift-cli-adm-migrate-authorization.1
The file was modifiedcontrib/completions/zsh/oc (diff)
The file was modifiedcontrib/completions/bash/oc (diff)
The file was modifieddocs/man/man1/.files_generated_openshift (diff)
Commit 46af0f1a3cb2914440931807439c6a9c18df9c6d by Mo Khan
Collapse code between authorizationsync and migrate
This change adds functions that handle all normalization, conversion and
comparison for the authorization objects.  These are now shared between
authorizationsync and `oadm migrate authorization` to prevent any logic
Signed-off-by: Monis Khan <>
(commit: 46af0f1)
The file was modifiedpkg/authorization/controller/authorizationsync/origin_to_rbac_role_controller.go (diff)
The file was modifiedpkg/authorization/controller/authorizationsync/normalize.go (diff)
The file was modifiedpkg/cmd/admin/migrate/authorization/authorization.go (diff)
The file was modifiedpkg/authorization/controller/authorizationsync/origin_to_rbac_clusterrolebinding_controller.go (diff)
The file was modifiedpkg/authorization/controller/authorizationsync/origin_to_rbac_rolebinding_controller.go (diff)
The file was modifiedpkg/authorization/controller/authorizationsync/origin_to_rbac_clusterrole_controller.go (diff)