diff --git a/pkg/api/legacy/install.go b/pkg/api/legacy/install.go
index 2698b80dbdca..aae59e31de8b 100644
--- a/pkg/api/legacy/install.go
+++ b/pkg/api/legacy/install.go
@@ -6,7 +6,6 @@ import (
 )
 
 var (
-	RESTPrefix           = "/oapi"
 	GroupName            = ""
 	GroupVersion         = schema.GroupVersion{Group: GroupName, Version: "v1"}
 	InternalGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
diff --git a/pkg/build/apiserver/registry/buildconfig/webhook.go b/pkg/build/apiserver/registry/buildconfig/webhook.go
index 90836f033a22..670892e599a8 100644
--- a/pkg/build/apiserver/registry/buildconfig/webhook.go
+++ b/pkg/build/apiserver/registry/buildconfig/webhook.go
@@ -22,7 +22,6 @@ import (
 	"github.com/openshift/api/build"
 	buildv1 "github.com/openshift/api/build/v1"
 	buildclienttyped "github.com/openshift/client-go/build/clientset/versioned/typed/build/v1"
-	"github.com/openshift/origin/pkg/api/legacy"
 	buildapi "github.com/openshift/origin/pkg/build/apis/build"
 	buildv1helpers "github.com/openshift/origin/pkg/build/apis/build/v1"
 	"github.com/openshift/origin/pkg/build/client"
@@ -35,8 +34,6 @@ var (
 )
 
 func init() {
-	// webhooks need to return legacy build serialization when hit via oapi
-	legacy.InstallInternalLegacyBuild(webhookEncodingScheme)
 	// TODO eventually we shouldn't deal in internal versions, but for now decode into one.
 	utilruntime.Must(buildv1helpers.Install(webhookEncodingScheme))
 	webhookEncodingCodecFactory = serializer.NewCodecFactory(webhookEncodingScheme)
diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go
index 36e7e605cc09..9f93e0195e10 100644
--- a/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go
+++ b/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go
@@ -7,7 +7,6 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/emicklei/go-restful-swagger12"
 	"github.com/golang/glog"
 
 	"k8s.io/apiserver/pkg/admission"
@@ -25,7 +24,6 @@ import (
 	openshiftcontrolplanev1 "github.com/openshift/api/openshiftcontrolplane/v1"
 	"github.com/openshift/library-go/pkg/config/helpers"
 	"github.com/openshift/origin/pkg/admission/namespaceconditions"
-	"github.com/openshift/origin/pkg/api/legacy"
 	originadmission "github.com/openshift/origin/pkg/apiserver/admission"
 	"github.com/openshift/origin/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing"
 	configlatest "github.com/openshift/origin/pkg/cmd/server/apis/config/latest"
@@ -101,10 +99,8 @@ func NewOpenshiftAPIConfig(config *openshiftcontrolplanev1.OpenShiftAPIServerCon
 	genericConfig.AuditPolicyChecker = policyChecker
 	genericConfig.ExternalAddress = "apiserver.openshift-apiserver.svc"
 	genericConfig.BuildHandlerChainFunc = OpenshiftHandlerChain
-	genericConfig.LegacyAPIGroupPrefixes = configprocessing.LegacyAPIGroupPrefixes
 	genericConfig.RequestInfoResolver = configprocessing.OpenshiftRequestInfoResolver()
 	genericConfig.OpenAPIConfig = configprocessing.DefaultOpenAPIConfig(nil)
-	genericConfig.SwaggerConfig = defaultSwaggerConfig()
 	genericConfig.RESTOptionsGetter = restOptsGetter
 	// previously overwritten.  I don't know why
 	genericConfig.RequestTimeout = time.Duration(60) * time.Second
@@ -259,54 +255,6 @@ func NewOpenshiftAPIConfig(config *openshiftcontrolplanev1.OpenShiftAPIServerCon
 	return ret, ret.ExtraConfig.Validate()
 }
 
-var apiInfo = map[string]swagger.Info{
-	legacy.RESTPrefix + "/" + legacy.GroupVersion.Version: {
-		Title:       "OpenShift v1 REST API",
-		Description: `The OpenShift API exposes operations for managing an enterprise Kubernetes cluster, including security and user management, application deployments, image and source builds, HTTP(s) routing, and project management.`,
-	},
-}
-
-// customizeSwaggerDefinition applies selective patches to the swagger API docs
-// TODO: move most of these upstream or to go-restful
-func customizeSwaggerDefinition(apiList *swagger.ApiDeclarationList) {
-	for path, info := range apiInfo {
-		if dec, ok := apiList.At(path); ok {
-			if len(info.Title) > 0 {
-				dec.Info.Title = info.Title
-			}
-			if len(info.Description) > 0 {
-				dec.Info.Description = info.Description
-			}
-			apiList.Put(path, dec)
-		} else {
-			glog.Warningf("No API exists for predefined swagger description %s", path)
-		}
-	}
-	for _, version := range []string{legacy.RESTPrefix + "/" + legacy.GroupVersion.Version} {
-		apiDeclaration, _ := apiList.At(version)
-		models := &apiDeclaration.Models
-
-		model, _ := models.At("runtime.RawExtension")
-		model.Required = []string{}
-		model.Properties = swagger.ModelPropertyList{}
-		model.Description = "this may be any JSON object with a 'kind' and 'apiVersion' field; and is preserved unmodified by processing"
-		models.Put("runtime.RawExtension", model)
-
-		model, _ = models.At("patch.Object")
-		model.Description = "represents an object patch, which may be any of: JSON patch (RFC 6902), JSON merge patch (RFC 7396), or the Kubernetes strategic merge patch"
-		models.Put("patch.Object", model)
-
-		apiDeclaration.Models = *models
-		apiList.Put(version, apiDeclaration)
-	}
-}
-
-func defaultSwaggerConfig() *swagger.Config {
-	ret := genericapiserver.DefaultSwaggerConfig()
-	ret.PostBuildHandler = customizeSwaggerDefinition
-	return ret
-}
-
 func OpenshiftHandlerChain(apiHandler http.Handler, genericConfig *genericapiserver.Config) http.Handler {
 	// this is the normal kube handler chain
 	handler := genericapiserver.DefaultBuildHandlerChain(apiHandler, genericConfig)
diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/openapi.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/openapi.go
index c8cb14826cab..7709447be6b6 100644
--- a/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/openapi.go
+++ b/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/openapi.go
@@ -58,12 +58,8 @@ func DefaultOpenAPIConfig(oauthMetadata *oauthutil.OauthAuthorizationServerMetad
 			op := r.Operation
 			path := r.Path
 			// DEPRECATED: These endpoints are going to be removed in 1.8 or 1.9 release.
-			if strings.HasPrefix(path, "/oapi/v1/namespaces/{namespace}/processedtemplates") {
-				op = "createNamespacedProcessedTemplate"
-			} else if strings.HasPrefix(path, "/apis/template.openshift.io/v1/namespaces/{namespace}/processedtemplates") {
+			if strings.HasPrefix(path, "/apis/template.openshift.io/v1/namespaces/{namespace}/processedtemplates") {
 				op = "createNamespacedProcessedTemplateV1"
-			} else if strings.HasPrefix(path, "/oapi/v1/processedtemplates") {
-				op = "createProcessedTemplateForAllNamespacesV1"
 			} else if strings.HasPrefix(path, "/apis/template.openshift.io/v1/processedtemplates") {
 				op = "createProcessedTemplateForAllNamespaces"
 			}
diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/requestinforesolver.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/requestinforesolver.go
index 1340c0ab8b41..d88cb16bd742 100644
--- a/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/requestinforesolver.go
+++ b/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/requestinforesolver.go
@@ -1,20 +1,16 @@
 package configprocessing
 
 import (
-	"github.com/openshift/origin/pkg/api/legacy"
 	oauthorizer "github.com/openshift/origin/pkg/authorization/authorizer"
 	"k8s.io/apimachinery/pkg/util/sets"
 	apirequest "k8s.io/apiserver/pkg/endpoints/request"
-	genericapiserver "k8s.io/apiserver/pkg/server"
 )
 
-var LegacyAPIGroupPrefixes = sets.NewString(genericapiserver.DefaultLegacyAPIPrefix, legacy.RESTPrefix)
-
 func OpenshiftRequestInfoResolver() apirequest.RequestInfoResolver {
 	// Default API request info factory
 	requestInfoFactory := &apirequest.RequestInfoFactory{
-		APIPrefixes:          sets.NewString("api", "osapi", "oapi", "apis"),
-		GrouplessAPIPrefixes: sets.NewString("api", "osapi", "oapi"),
+		APIPrefixes:          sets.NewString("api", "apis"),
+		GrouplessAPIPrefixes: sets.NewString("api"),
 	}
 	personalSARRequestInfoResolver := oauthorizer.NewPersonalSARRequestInfoResolver(requestInfoFactory)
 	projectRequestInfoResolver := oauthorizer.NewProjectRequestInfoResolver(personalSARRequestInfoResolver)
diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/legacy.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/legacy.go
deleted file mode 100644
index 75f8b485da79..000000000000
--- a/pkg/cmd/openshift-apiserver/openshiftapiserver/legacy.go
+++ /dev/null
@@ -1,136 +0,0 @@
-package openshiftapiserver
-
-import (
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/util/sets"
-	"k8s.io/apiserver/pkg/registry/rest"
-
-	"github.com/openshift/origin/pkg/apps/apiserver/registry/deployconfig"
-	deploymentconfigetcd "github.com/openshift/origin/pkg/apps/apiserver/registry/deployconfig/etcd"
-	buildetcd "github.com/openshift/origin/pkg/build/apiserver/registry/build/etcd"
-	buildconfig "github.com/openshift/origin/pkg/build/apiserver/registry/buildconfig"
-	buildconfigetcd "github.com/openshift/origin/pkg/build/apiserver/registry/buildconfig/etcd"
-	imagestreametcd "github.com/openshift/origin/pkg/image/apiserver/registry/imagestream/etcd"
-	routeregistry "github.com/openshift/origin/pkg/route/apiserver/registry/route"
-	routeetcd "github.com/openshift/origin/pkg/route/apiserver/registry/route/etcd"
-)
-
-var (
-	// originLegacyResources lists all Origin resources that are locked for the legacy v1
-	// Origin API. This list should not grow.
-	originLegacyResources = sets.NewString(
-		"appliedClusterResourceQuotas",
-		"buildConfigs",
-		"builds",
-		"clusterNetworks",
-		"clusterResourceQuotas",
-		"clusterRoleBindings",
-		"clusterRoles",
-		"deploymentConfigRollbacks",
-		"deploymentConfigs",
-		"egressNetworkPolicies",
-		"groups",
-		"hostSubnets",
-		"identities",
-		"imageStreamImages",
-		"imageStreamImports",
-		"imageStreamMappings",
-		"imageStreamTags",
-		"imageStreams",
-		"images",
-		"imagesignatures",
-		"localResourceAccessReviews",
-		"localSubjectAccessReviews",
-		"netNamespaces",
-		"oAuthAccessTokens",
-		"oAuthAuthorizeTokens",
-		"oAuthClientAuthorizations",
-		"oAuthClients",
-		"podSecurityPolicyReviews",
-		"podSecurityPolicySelfSubjectReviews",
-		"podSecurityPolicySubjectReviews",
-		"policies",
-		"policyBindings",
-		"processedTemplates",
-		"projectRequests",
-		"projects",
-		"resourceAccessReviews",
-		"roleBindingRestrictions",
-		"roleBindings",
-		"roles",
-		"routes",
-		"selfSubjectRulesReviews",
-		"subjectAccessReviews",
-		"subjectRulesReviews",
-		"templates",
-		"userIdentityMappings",
-		"users",
-	)
-
-	// originLegacySubresources lists all Origin sub-resources that are locked for the
-	// legacy v1 Origin API. This list should not grow.
-	originLegacySubresources = sets.NewString(
-		"clusterResourceQuotas/status",
-		"processedTemplates",
-		"imageStreams/status",
-		"imageStreams/secrets",
-		"generateDeploymentConfigs",
-		"deploymentConfigs/log",
-		"deploymentConfigs/instantiate",
-		"deploymentConfigs/scale",
-		"deploymentConfigs/status",
-		"deploymentConfigs/rollback",
-		"routes/status",
-		"builds/clone",
-		"builds/log",
-		"builds/details",
-		"buildConfigs/webhooks",
-		"buildConfigs/instantiate",
-		"buildConfigs/instantiatebinary",
-	)
-)
-
-// LegacyStorage returns a storage for locked legacy types.
-func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage {
-	legacyStorage := map[string]rest.Storage{}
-	for _, gvStorage := range storage {
-		for resource, s := range gvStorage {
-			if originLegacyResources.Has(resource) || originLegacySubresources.Has(resource) {
-				// We want *some* our legacy resources to orphan by default instead of garbage collecting.
-				// Kube only did this for a select few resources which were controller managed and established links
-				// via a workload controller.  In openshift, these will all conform to registry.Store so we
-				// can actually wrap the "normal" storage here.
-				switch storage := s.(type) {
-				case *buildetcd.REST:
-					legacyStorage[resource] = &buildetcd.LegacyREST{REST: storage}
-
-				case *buildconfigetcd.REST:
-					store := *storage.Store
-					store.DeleteStrategy = buildconfig.LegacyStrategy
-					store.CreateStrategy = buildconfig.LegacyStrategy
-					legacyStorage[resource] = &buildconfigetcd.LegacyREST{REST: &buildconfigetcd.REST{Store: &store}}
-
-				case *deploymentconfigetcd.REST:
-					store := *storage.Store
-					store.CreateStrategy = deployconfig.LegacyStrategy
-					store.DeleteStrategy = deployconfig.LegacyStrategy
-					legacyStorage[resource] = &deploymentconfigetcd.LegacyREST{REST: &deploymentconfigetcd.REST{Store: &store}}
-
-				case *imagestreametcd.REST:
-					legacyStorage[resource] = &imagestreametcd.LegacyREST{REST: storage}
-				case *imagestreametcd.LayersREST:
-					delete(legacyStorage, resource)
-
-				case *routeetcd.REST:
-					store := *storage.Store
-					store.Decorator = routeregistry.DecorateLegacyRouteWithEmptyDestinationCACertificates
-					legacyStorage[resource] = &routeetcd.LegacyREST{REST: &routeetcd.REST{Store: &store}}
-
-				default:
-					legacyStorage[resource] = s
-				}
-			}
-		}
-	}
-	return legacyStorage
-}
diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/openshift_apiserver.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/openshift_apiserver.go
index 0b0ee7b0c064..63768d9cf725 100644
--- a/pkg/cmd/openshift-apiserver/openshiftapiserver/openshift_apiserver.go
+++ b/pkg/cmd/openshift-apiserver/openshiftapiserver/openshift_apiserver.go
@@ -4,20 +4,18 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"strings"
 	"time"
 
+	"github.com/openshift/origin/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing"
+
 	restful "github.com/emicklei/go-restful"
 	"github.com/golang/glog"
 
-	"k8s.io/api/core/v1"
 	kapierror "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"k8s.io/apiserver/pkg/registry/rest"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 	genericmux "k8s.io/apiserver/pkg/server/mux"
 	kubeinformers "k8s.io/client-go/informers"
@@ -31,7 +29,6 @@ import (
 	rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation"
 	rbacauthorizer "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac"
 
-	oappsapiv1 "github.com/openshift/api/apps/v1"
 	openshiftcontrolplanev1 "github.com/openshift/api/openshiftcontrolplane/v1"
 	securityv1informer "github.com/openshift/client-go/security/informers/externalversions"
 	oappsapiserver "github.com/openshift/origin/pkg/apps/apiserver"
@@ -57,22 +54,8 @@ import (
 	userapiserver "github.com/openshift/origin/pkg/user/apiserver"
 	"github.com/openshift/origin/pkg/version"
 
-	authorizationapiv1 "github.com/openshift/api/authorization/v1"
-	buildapiv1 "github.com/openshift/api/build/v1"
-	imageapiv1 "github.com/openshift/api/image/v1"
-	networkapiv1 "github.com/openshift/api/network/v1"
-	oauthapiv1 "github.com/openshift/api/oauth/v1"
-	projectapiv1 "github.com/openshift/api/project/v1"
-	quotaapiv1 "github.com/openshift/api/quota/v1"
-	routeapiv1 "github.com/openshift/api/route/v1"
-	securityapiv1 "github.com/openshift/api/security/v1"
-	templateapiv1 "github.com/openshift/api/template/v1"
-	userapiv1 "github.com/openshift/api/user/v1"
-	"github.com/openshift/origin/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing"
-
 	// register api groups
 	_ "github.com/openshift/origin/pkg/api/install"
-	"github.com/openshift/origin/pkg/api/legacy"
 	"k8s.io/client-go/restmapper"
 )
 
@@ -192,30 +175,7 @@ func (c *OpenshiftAPIConfig) Complete() completedConfig {
 	return cfg
 }
 
-// legacyStorageMutator mutates the arg to modify the RESTStorage map for legacy resources
-type legacyStorageMutator interface {
-	mutate(map[schema.GroupVersion]map[string]rest.Storage)
-}
-
-type legacyStorageMutators []legacyStorageMutator
-
-func (l legacyStorageMutators) mutate(legacyStorage map[schema.GroupVersion]map[string]rest.Storage) {
-	for _, curr := range l {
-		curr.mutate(legacyStorage)
-	}
-}
-
-// this allows the storage for a given apiserver to add itself to the old /oapi endpoint's storage
-type legacyStorageVersionMutator struct {
-	version schema.GroupVersion
-	storage map[string]rest.Storage
-}
-
-func (l *legacyStorageVersionMutator) mutate(legacyStorage map[schema.GroupVersion]map[string]rest.Storage) {
-	legacyStorage[l.version] = l.storage
-}
-
-func (c *completedConfig) withAppsAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withAppsAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &oappsapiserver.AppsServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: oappsapiserver.ExtraConfig{
@@ -227,18 +187,14 @@ func (c *completedConfig) withAppsAPIServer(delegateAPIServer genericapiserver.D
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: oappsapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withAuthorizationAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withAuthorizationAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &authorizationapiserver.AuthorizationAPIServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: authorizationapiserver.ExtraConfig{
@@ -253,18 +209,14 @@ func (c *completedConfig) withAuthorizationAPIServer(delegateAPIServer genericap
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: authorizationapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withBuildAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withBuildAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 
 	cfg := &buildapiserver.BuildServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
@@ -277,18 +229,14 @@ func (c *completedConfig) withBuildAPIServer(delegateAPIServer genericapiserver.
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: buildapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withImageAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withImageAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &imageapiserver.ImageAPIServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: imageapiserver.ExtraConfig{
@@ -305,18 +253,14 @@ func (c *completedConfig) withImageAPIServer(delegateAPIServer genericapiserver.
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: imageapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withNetworkAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withNetworkAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &networkapiserver.NetworkAPIServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: networkapiserver.ExtraConfig{
@@ -327,18 +271,14 @@ func (c *completedConfig) withNetworkAPIServer(delegateAPIServer genericapiserve
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: networkapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withOAuthAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withOAuthAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &oauthapiserver.OAuthAPIServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: oauthapiserver.ExtraConfig{
@@ -351,18 +291,14 @@ func (c *completedConfig) withOAuthAPIServer(delegateAPIServer genericapiserver.
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: oauthapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withProjectAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withProjectAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &projectapiserver.ProjectAPIServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: projectapiserver.ExtraConfig{
@@ -380,18 +316,14 @@ func (c *completedConfig) withProjectAPIServer(delegateAPIServer genericapiserve
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: projectapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withQuotaAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withQuotaAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &quotaapiserver.QuotaAPIServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: quotaapiserver.ExtraConfig{
@@ -405,18 +337,14 @@ func (c *completedConfig) withQuotaAPIServer(delegateAPIServer genericapiserver.
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: quotaapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withRouteAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withRouteAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &routeapiserver.RouteAPIServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: routeapiserver.ExtraConfig{
@@ -429,18 +357,14 @@ func (c *completedConfig) withRouteAPIServer(delegateAPIServer genericapiserver.
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: routeapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withSecurityAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withSecurityAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &securityapiserver.SecurityAPIServerConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: securityapiserver.ExtraConfig{
@@ -455,18 +379,14 @@ func (c *completedConfig) withSecurityAPIServer(delegateAPIServer genericapiserv
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: securityapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withTemplateAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withTemplateAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &templateapiserver.TemplateConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: templateapiserver.ExtraConfig{
@@ -478,18 +398,14 @@ func (c *completedConfig) withTemplateAPIServer(delegateAPIServer genericapiserv
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: templateapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
-func (c *completedConfig) withUserAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error) {
+func (c *completedConfig) withUserAPIServer(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error) {
 	cfg := &userapiserver.UserConfig{
 		GenericConfig: &genericapiserver.RecommendedConfig{Config: *c.GenericConfig.Config},
 		ExtraConfig: userapiserver.ExtraConfig{
@@ -500,15 +416,11 @@ func (c *completedConfig) withUserAPIServer(delegateAPIServer genericapiserver.D
 	config := cfg.Complete()
 	server, err := config.New(delegateAPIServer)
 	if err != nil {
-		return nil, nil, err
-	}
-	storage, err := config.V1RESTStorage()
-	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	server.GenericAPIServer.PrepareRun() // this triggers openapi construction
 
-	return server.GenericAPIServer, &legacyStorageVersionMutator{version: userapiv1.SchemeGroupVersion, storage: storage}, nil
+	return server.GenericAPIServer, nil
 }
 
 func (c *completedConfig) withOpenAPIAggregationController(delegatedAPIServer *genericapiserver.GenericAPIServer) error {
@@ -538,36 +450,34 @@ func (c *completedConfig) withOpenAPIAggregationController(delegatedAPIServer *g
 	return nil
 }
 
-type apiServerAppenderFunc func(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, legacyStorageMutator, error)
+type apiServerAppenderFunc func(delegateAPIServer genericapiserver.DelegationTarget) (genericapiserver.DelegationTarget, error)
 
-func addAPIServerOrDie(delegateAPIServer genericapiserver.DelegationTarget, legacyStorageModifiers legacyStorageMutators, apiServerAppenderFn apiServerAppenderFunc) (genericapiserver.DelegationTarget, legacyStorageMutators) {
-	delegateAPIServer, currLegacyStorageMutator, err := apiServerAppenderFn(delegateAPIServer)
+func addAPIServerOrDie(delegateAPIServer genericapiserver.DelegationTarget, apiServerAppenderFn apiServerAppenderFunc) genericapiserver.DelegationTarget {
+	delegateAPIServer, err := apiServerAppenderFn(delegateAPIServer)
 	if err != nil {
 		glog.Fatal(err)
 	}
-	legacyStorageModifiers = append(legacyStorageModifiers, currLegacyStorageMutator)
 
-	return delegateAPIServer, legacyStorageModifiers
+	return delegateAPIServer
 }
 
 func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget, keepRemovedNetworkingAPIs bool) (*OpenshiftAPIServer, error) {
 	delegateAPIServer := delegationTarget
-	legacyStorageModifier := legacyStorageMutators{}
 
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withAppsAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withAuthorizationAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withBuildAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withImageAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withAppsAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withAuthorizationAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withBuildAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withImageAPIServer)
 	if keepRemovedNetworkingAPIs {
-		delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withNetworkAPIServer)
+		delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withNetworkAPIServer)
 	}
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withOAuthAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withProjectAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withQuotaAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withRouteAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withSecurityAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withTemplateAPIServer)
-	delegateAPIServer, legacyStorageModifier = addAPIServerOrDie(delegateAPIServer, legacyStorageModifier, c.withUserAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withOAuthAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withProjectAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withQuotaAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withRouteAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withSecurityAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withTemplateAPIServer)
+	delegateAPIServer = addAPIServerOrDie(delegateAPIServer, c.withUserAPIServer)
 
 	genericServer, err := c.GenericConfig.New("openshift-apiserver", delegateAPIServer)
 	if err != nil {
@@ -582,23 +492,6 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget,
 		GenericAPIServer: genericServer,
 	}
 
-	legacyStorage := map[schema.GroupVersion]map[string]rest.Storage{
-		v1.SchemeGroupVersion: {},
-	}
-	legacyStorageModifier.mutate(legacyStorage)
-
-	if err := s.GenericAPIServer.InstallLegacyAPIGroup(legacy.RESTPrefix, apiLegacyV1(LegacyStorage(legacyStorage))); err != nil {
-		return nil, fmt.Errorf("Unable to initialize v1 API: %v", err)
-	}
-	glog.Infof("Started Origin API at %s/%s", legacy.RESTPrefix, legacy.GroupVersion.Version)
-
-	// fix API doc string
-	for _, service := range s.GenericAPIServer.Handler.GoRestfulContainer.RegisteredWebServices() {
-		if service.RootPath() == legacy.RESTPrefix+"/"+v1.SchemeGroupVersion.Version {
-			service.Doc("OpenShift REST API, version v1").ApiVersion("v1")
-		}
-	}
-
 	// this remains a non-healthz endpoint so that you can be healthy without being ready.
 	addReadinessCheckRoute(s.GenericAPIServer.Handler.NonGoRestfulMux, "/healthz/ready", c.ExtraConfig.ProjectAuthorizationCache.ReadyForAccess)
 
@@ -640,26 +533,6 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget,
 	return s, nil
 }
 
-// apiLegacyV1 returns the resources and codec for API version v1.
-func apiLegacyV1(all map[string]rest.Storage) *genericapiserver.APIGroupInfo {
-	apiGroupInfo := &genericapiserver.APIGroupInfo{
-		PrioritizedVersions:          []schema.GroupVersion{{Version: "v1"}},
-		VersionedResourcesStorageMap: map[string]map[string]rest.Storage{},
-		Scheme: legacyscheme.Scheme,
-		// version.ParameterCodec = runtime.NewParameterCodec(legacyscheme.Scheme)
-		ParameterCodec:       legacyscheme.ParameterCodec,
-		NegotiatedSerializer: legacyscheme.Codecs,
-	}
-
-	// TODO, just create this with lowercase names
-	storage := make(map[string]rest.Storage)
-	for k, v := range all {
-		storage[strings.ToLower(k)] = v
-	}
-	apiGroupInfo.VersionedResourcesStorageMap["v1"] = storage
-	return apiGroupInfo
-}
-
 // initReadinessCheckRoute initializes an HTTP endpoint for readiness checking
 func addReadinessCheckRoute(mux *genericmux.PathRecorderMux, path string, readyFunc func() bool) {
 	mux.HandleFunc(path, func(w http.ResponseWriter, req *http.Request) {
diff --git a/pkg/cmd/openshift-kube-apiserver/openshiftkubeapiserver/handlers_test.go b/pkg/cmd/openshift-kube-apiserver/openshiftkubeapiserver/handlers_test.go
index c91250bb0384..40b797948811 100644
--- a/pkg/cmd/openshift-kube-apiserver/openshiftkubeapiserver/handlers_test.go
+++ b/pkg/cmd/openshift-kube-apiserver/openshiftkubeapiserver/handlers_test.go
@@ -13,7 +13,6 @@ import (
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
 
 	kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
-	"github.com/openshift/origin/pkg/api/legacy"
 )
 
 var (
@@ -262,7 +261,7 @@ func TestVersionSkewFilterSkippedOnNonAPIRequest(t *testing.T) {
 
 func testHandlerChain(handler http.Handler) http.Handler {
 	kgenericconfig := apiserver.NewConfig(legacyscheme.Codecs)
-	kgenericconfig.LegacyAPIGroupPrefixes = sets.NewString(apiserver.DefaultLegacyAPIPrefix, legacy.RESTPrefix)
+	kgenericconfig.LegacyAPIGroupPrefixes = sets.NewString(apiserver.DefaultLegacyAPIPrefix)
 
 	handler = apifilters.WithRequestInfo(handler, apiserver.NewRequestInfoResolver(kgenericconfig))
 	return handler
diff --git a/pkg/oauth/apis/oauth/validation/validation_test.go b/pkg/oauth/apis/oauth/validation/validation_test.go
index 474575c94622..76db2ebd1ea0 100644
--- a/pkg/oauth/apis/oauth/validation/validation_test.go
+++ b/pkg/oauth/apis/oauth/validation/validation_test.go
@@ -6,7 +6,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
-	oapi "github.com/openshift/origin/pkg/oauth/apis/oauth"
+	oauthapi "github.com/openshift/origin/pkg/oauth/apis/oauth"
 )
 
 func TestValidateRedirectURI(t *testing.T) {
@@ -87,7 +87,7 @@ func TestValidateRedirectURI(t *testing.T) {
 }
 
 func TestValidateClientAuthorization(t *testing.T) {
-	errs := ValidateClientAuthorization(&oapi.OAuthClientAuthorization{
+	errs := ValidateClientAuthorization(&oauthapi.OAuthClientAuthorization{
 		ObjectMeta: metav1.ObjectMeta{Name: "myusername:myclientname"},
 		ClientName: "myclientname",
 		UserName:   "myusername",
@@ -98,12 +98,12 @@ func TestValidateClientAuthorization(t *testing.T) {
 	}
 
 	errorCases := map[string]struct {
-		A oapi.OAuthClientAuthorization
+		A oauthapi.OAuthClientAuthorization
 		T field.ErrorType
 		F string
 	}{
 		"zero-length name": {
-			A: oapi.OAuthClientAuthorization{
+			A: oauthapi.OAuthClientAuthorization{
 				ClientName: "myclientname",
 				UserName:   "myusername",
 				UserUID:    "myuseruid",
@@ -112,7 +112,7 @@ func TestValidateClientAuthorization(t *testing.T) {
 			F: "metadata.name",
 		},
 		"invalid name": {
-			A: oapi.OAuthClientAuthorization{
+			A: oauthapi.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "anotheruser:anotherclient"},
 				ClientName: "myclientname",
 				UserName:   "myusername",
@@ -122,7 +122,7 @@ func TestValidateClientAuthorization(t *testing.T) {
 			F: "metadata.name",
 		},
 		"disallowed namespace": {
-			A: oapi.OAuthClientAuthorization{
+			A: oauthapi.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "myusername:myclientname", Namespace: "foo"},
 				ClientName: "myclientname",
 				UserName:   "myusername",
@@ -132,7 +132,7 @@ func TestValidateClientAuthorization(t *testing.T) {
 			F: "metadata.namespace",
 		},
 		"no scope handler": {
-			A: oapi.OAuthClientAuthorization{
+			A: oauthapi.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "myusername:myclientname"},
 				ClientName: "myclientname",
 				UserName:   "myusername",
@@ -143,7 +143,7 @@ func TestValidateClientAuthorization(t *testing.T) {
 			F: "scopes[0]",
 		},
 		"bad scope": {
-			A: oapi.OAuthClientAuthorization{
+			A: oauthapi.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "myusername:myclientname"},
 				ClientName: "myclientname",
 				UserName:   "myusername",
@@ -172,7 +172,7 @@ func TestValidateClientAuthorization(t *testing.T) {
 }
 
 func TestValidateClient(t *testing.T) {
-	errs := ValidateClient(&oapi.OAuthClient{
+	errs := ValidateClient(&oauthapi.OAuthClient{
 		ObjectMeta: metav1.ObjectMeta{Name: "client-name"},
 	})
 	if len(errs) != 0 {
@@ -183,34 +183,34 @@ func TestValidateClient(t *testing.T) {
 	var negTimeout int32 = -1
 
 	errorCases := map[string]struct {
-		Client oapi.OAuthClient
+		Client oauthapi.OAuthClient
 		T      field.ErrorType
 		F      string
 	}{
 		"zero-length name": {
-			Client: oapi.OAuthClient{},
+			Client: oauthapi.OAuthClient{},
 			T:      field.ErrorTypeRequired,
 			F:      "metadata.name",
 		},
 		"disallowed namespace": {
-			Client: oapi.OAuthClient{ObjectMeta: metav1.ObjectMeta{Name: "name", Namespace: "foo"}},
+			Client: oauthapi.OAuthClient{ObjectMeta: metav1.ObjectMeta{Name: "name", Namespace: "foo"}},
 			T:      field.ErrorTypeForbidden,
 			F:      "metadata.namespace",
 		},
 		"literal must have value": {
-			Client: oapi.OAuthClient{
+			Client: oauthapi.OAuthClient{
 				ObjectMeta:        metav1.ObjectMeta{Name: "client-name"},
-				ScopeRestrictions: []oapi.ScopeRestriction{{ExactValues: []string{""}}},
+				ScopeRestrictions: []oauthapi.ScopeRestriction{{ExactValues: []string{""}}},
 			},
 			T: field.ErrorTypeInvalid,
 			F: "scopeRestrictions[0].literals[0]",
 		},
 		"must have role names": {
-			Client: oapi.OAuthClient{
+			Client: oauthapi.OAuthClient{
 				ObjectMeta: metav1.ObjectMeta{Name: "client-name"},
-				ScopeRestrictions: []oapi.ScopeRestriction{
+				ScopeRestrictions: []oauthapi.ScopeRestriction{
 					{
-						ClusterRole: &oapi.ClusterRoleScopeRestriction{Namespaces: []string{"b"}},
+						ClusterRole: &oauthapi.ClusterRoleScopeRestriction{Namespaces: []string{"b"}},
 					},
 				},
 			},
@@ -218,11 +218,11 @@ func TestValidateClient(t *testing.T) {
 			F: "scopeRestrictions[0].clusterRole.roleNames",
 		},
 		"must have namespaces": {
-			Client: oapi.OAuthClient{
+			Client: oauthapi.OAuthClient{
 				ObjectMeta: metav1.ObjectMeta{Name: "client-name"},
-				ScopeRestrictions: []oapi.ScopeRestriction{
+				ScopeRestrictions: []oauthapi.ScopeRestriction{
 					{
-						ClusterRole: &oapi.ClusterRoleScopeRestriction{RoleNames: []string{"a"}},
+						ClusterRole: &oauthapi.ClusterRoleScopeRestriction{RoleNames: []string{"a"}},
 					},
 				},
 			},
@@ -230,7 +230,7 @@ func TestValidateClient(t *testing.T) {
 			F: "scopeRestrictions[0].clusterRole.namespaces",
 		},
 		"minimum timeout value": {
-			Client: oapi.OAuthClient{
+			Client: oauthapi.OAuthClient{
 				ObjectMeta:                          metav1.ObjectMeta{Name: "client-name"},
 				AccessTokenInactivityTimeoutSeconds: &badTimeout,
 			},
@@ -238,7 +238,7 @@ func TestValidateClient(t *testing.T) {
 			F: "accessTokenInactivityTimeoutSeconds",
 		},
 		"negative timeout value": {
-			Client: oapi.OAuthClient{
+			Client: oauthapi.OAuthClient{
 				ObjectMeta:                          metav1.ObjectMeta{Name: "client-name"},
 				AccessTokenInactivityTimeoutSeconds: &negTimeout,
 			},
@@ -264,7 +264,7 @@ func TestValidateClient(t *testing.T) {
 }
 
 func TestValidateAccessTokens(t *testing.T) {
-	errs := ValidateAccessToken(&oapi.OAuthAccessToken{
+	errs := ValidateAccessToken(&oauthapi.OAuthAccessToken{
 		ObjectMeta: metav1.ObjectMeta{Name: "accessTokenNameWithMinimumLength"},
 		ClientName: "myclient",
 		UserName:   "myusername",
@@ -275,12 +275,12 @@ func TestValidateAccessTokens(t *testing.T) {
 	}
 
 	errorCases := map[string]struct {
-		Token oapi.OAuthAccessToken
+		Token oauthapi.OAuthAccessToken
 		T     field.ErrorType
 		F     string
 	}{
 		"zero-length name": {
-			Token: oapi.OAuthAccessToken{
+			Token: oauthapi.OAuthAccessToken{
 				ClientName: "myclient",
 				UserName:   "myusername",
 				UserUID:    "myuseruid",
@@ -289,7 +289,7 @@ func TestValidateAccessTokens(t *testing.T) {
 			F: "metadata.name",
 		},
 		"disallowed namespace": {
-			Token: oapi.OAuthAccessToken{
+			Token: oauthapi.OAuthAccessToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "accessTokenNameWithMinimumLength", Namespace: "foo"},
 				ClientName: "myclient",
 				UserName:   "myusername",
@@ -299,7 +299,7 @@ func TestValidateAccessTokens(t *testing.T) {
 			F: "metadata.namespace",
 		},
 		"no scope handler": {
-			Token: oapi.OAuthAccessToken{
+			Token: oauthapi.OAuthAccessToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "accessTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				UserName:   "myusername",
@@ -310,7 +310,7 @@ func TestValidateAccessTokens(t *testing.T) {
 			F: "scopes[0]",
 		},
 		"bad scope": {
-			Token: oapi.OAuthAccessToken{
+			Token: oauthapi.OAuthAccessToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "accessTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				UserName:   "myusername",
@@ -321,7 +321,7 @@ func TestValidateAccessTokens(t *testing.T) {
 			F: "scopes[0]",
 		},
 		"negative timeout": {
-			Token: oapi.OAuthAccessToken{
+			Token: oauthapi.OAuthAccessToken{
 				ObjectMeta:               metav1.ObjectMeta{Name: "accessTokenNameWithMinimumLength"},
 				ClientName:               "myclient",
 				UserName:                 "myusername",
@@ -332,7 +332,7 @@ func TestValidateAccessTokens(t *testing.T) {
 			F: "inactivityTimeoutSeconds",
 		},
 		"negative expiresIn": {
-			Token: oapi.OAuthAccessToken{
+			Token: oauthapi.OAuthAccessToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "accessTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				UserName:   "myusername",
@@ -361,7 +361,7 @@ func TestValidateAccessTokens(t *testing.T) {
 }
 
 func TestValidateAuthorizeTokens(t *testing.T) {
-	errs := ValidateAuthorizeToken(&oapi.OAuthAuthorizeToken{
+	errs := ValidateAuthorizeToken(&oauthapi.OAuthAuthorizeToken{
 		ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 		ClientName: "myclient",
 		ExpiresIn:  86400,
@@ -374,12 +374,12 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 	}
 
 	errorCases := map[string]struct {
-		Token oapi.OAuthAuthorizeToken
+		Token oauthapi.OAuthAuthorizeToken
 		T     field.ErrorType
 		F     string
 	}{
 		"zero-length name": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ClientName: "myclient",
 				ExpiresIn:  86400,
 				UserName:   "myusername",
@@ -389,7 +389,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "metadata.name",
 		},
 		"zero-length client name": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 				UserName:   "myusername",
 				ExpiresIn:  86400,
@@ -399,7 +399,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "clientName",
 		},
 		"zero-length user name": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				ExpiresIn:  86400,
@@ -409,7 +409,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "userName",
 		},
 		"zero-length user uid": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				ExpiresIn:  86400,
@@ -419,7 +419,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "userUID",
 		},
 		"disallowed namespace": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength", Namespace: "foo"},
 				ClientName: "myclient",
 				ExpiresIn:  86400,
@@ -430,7 +430,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "metadata.namespace",
 		},
 		"no scope handler": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				ExpiresIn:  86400,
@@ -442,7 +442,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "scopes[0]",
 		},
 		"bad scope": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				ExpiresIn:  86400,
@@ -454,7 +454,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "scopes[0]",
 		},
 		"illegal character": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				ExpiresIn:  86400,
@@ -466,7 +466,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "scopes[0]",
 		},
 		"zero expiresIn": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				UserName:   "myusername",
@@ -476,7 +476,7 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 			F: "expiresIn",
 		},
 		"negative expiresIn": {
-			Token: oapi.OAuthAuthorizeToken{
+			Token: oauthapi.OAuthAuthorizeToken{
 				ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength"},
 				ClientName: "myclient",
 				ExpiresIn:  -1,
@@ -505,14 +505,14 @@ func TestValidateAuthorizeTokens(t *testing.T) {
 }
 
 func TestValidateAccessTokensUpdate(t *testing.T) {
-	valid := &oapi.OAuthAccessToken{
+	valid := &oauthapi.OAuthAccessToken{
 		ObjectMeta:               metav1.ObjectMeta{Name: "accessTokenNameWithMinimumLength", ResourceVersion: "1"},
 		ClientName:               "myclient",
 		UserName:                 "myusername",
 		UserUID:                  "myuseruid",
 		InactivityTimeoutSeconds: 300,
 	}
-	validNoTimeout := &oapi.OAuthAccessToken{
+	validNoTimeout := &oauthapi.OAuthAccessToken{
 		ObjectMeta:               metav1.ObjectMeta{Name: "accessTokenNameWithMinimumLength", ResourceVersion: "1"},
 		ClientName:               "myclient",
 		UserName:                 "myusername",
@@ -529,14 +529,14 @@ func TestValidateAccessTokensUpdate(t *testing.T) {
 	}
 
 	errorCases := map[string]struct {
-		Token  oapi.OAuthAccessToken
-		Change func(*oapi.OAuthAccessToken)
+		Token  oauthapi.OAuthAccessToken
+		Change func(*oauthapi.OAuthAccessToken)
 		T      field.ErrorType
 		F      string
 	}{
 		"change name": {
 			Token: *valid,
-			Change: func(obj *oapi.OAuthAccessToken) {
+			Change: func(obj *oauthapi.OAuthAccessToken) {
 				obj.Name = ""
 			},
 			T: field.ErrorTypeInvalid,
@@ -544,7 +544,7 @@ func TestValidateAccessTokensUpdate(t *testing.T) {
 		},
 		"change userName": {
 			Token: *valid,
-			Change: func(obj *oapi.OAuthAccessToken) {
+			Change: func(obj *oauthapi.OAuthAccessToken) {
 				obj.UserName = ""
 			},
 			T: field.ErrorTypeInvalid,
@@ -552,7 +552,7 @@ func TestValidateAccessTokensUpdate(t *testing.T) {
 		},
 		"change InactivityTimeoutSeconds to smaller value": {
 			Token: *valid,
-			Change: func(obj *oapi.OAuthAccessToken) {
+			Change: func(obj *oauthapi.OAuthAccessToken) {
 				obj.InactivityTimeoutSeconds = 299
 			},
 			T: field.ErrorTypeInvalid,
@@ -560,7 +560,7 @@ func TestValidateAccessTokensUpdate(t *testing.T) {
 		},
 		"change InactivityTimeoutSeconds to negative value": {
 			Token: *valid,
-			Change: func(obj *oapi.OAuthAccessToken) {
+			Change: func(obj *oauthapi.OAuthAccessToken) {
 				obj.InactivityTimeoutSeconds = -1
 			},
 			T: field.ErrorTypeInvalid,
@@ -568,7 +568,7 @@ func TestValidateAccessTokensUpdate(t *testing.T) {
 		},
 		"change InactivityTimeoutSeconds from 0 value": {
 			Token: *validNoTimeout,
-			Change: func(obj *oapi.OAuthAccessToken) {
+			Change: func(obj *oauthapi.OAuthAccessToken) {
 				obj.InactivityTimeoutSeconds = MinimumInactivityTimeoutSeconds
 			},
 			T: field.ErrorTypeInvalid,
@@ -595,7 +595,7 @@ func TestValidateAccessTokensUpdate(t *testing.T) {
 }
 
 func TestValidateAuthorizeTokensUpdate(t *testing.T) {
-	valid := &oapi.OAuthAuthorizeToken{
+	valid := &oauthapi.OAuthAuthorizeToken{
 		ObjectMeta: metav1.ObjectMeta{Name: "authorizeTokenNameWithMinimumLength", ResourceVersion: "1"},
 		ClientName: "myclient",
 		UserName:   "myusername",
@@ -608,14 +608,14 @@ func TestValidateAuthorizeTokensUpdate(t *testing.T) {
 	}
 
 	errorCases := map[string]struct {
-		Token  oapi.OAuthAuthorizeToken
-		Change func(*oapi.OAuthAuthorizeToken)
+		Token  oauthapi.OAuthAuthorizeToken
+		Change func(*oauthapi.OAuthAuthorizeToken)
 		T      field.ErrorType
 		F      string
 	}{
 		"change name": {
 			Token: *valid,
-			Change: func(obj *oapi.OAuthAuthorizeToken) {
+			Change: func(obj *oauthapi.OAuthAuthorizeToken) {
 				obj.Name = ""
 			},
 			T: field.ErrorTypeInvalid,
@@ -623,7 +623,7 @@ func TestValidateAuthorizeTokensUpdate(t *testing.T) {
 		},
 		"change userUID": {
 			Token: *valid,
-			Change: func(obj *oapi.OAuthAuthorizeToken) {
+			Change: func(obj *oauthapi.OAuthAuthorizeToken) {
 				obj.UserUID = ""
 			},
 			T: field.ErrorTypeInvalid,
diff --git a/pkg/oauthserver/oauth/registry/registry_test.go b/pkg/oauthserver/oauth/registry/registry_test.go
index b5d09f4d334c..3e9a73baf812 100644
--- a/pkg/oauthserver/oauth/registry/registry_test.go
+++ b/pkg/oauthserver/oauth/registry/registry_test.go
@@ -12,7 +12,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apiserver/pkg/authentication/user"
 
-	oapi "github.com/openshift/api/oauth/v1"
+	oauthv1 "github.com/openshift/api/oauth/v1"
 	oauthfake "github.com/openshift/client-go/oauth/clientset/versioned/fake"
 	"github.com/openshift/origin/pkg/oauthserver/api"
 	"github.com/openshift/origin/pkg/oauthserver/oauth/handlers"
@@ -87,24 +87,24 @@ func TestRegistryAndServer(t *testing.T) {
 		ch <- req
 	}))
 
-	validClient := &oapi.OAuthClient{
+	validClient := &oauthv1.OAuthClient{
 		ObjectMeta:   metav1.ObjectMeta{Name: "test"},
 		Secret:       "secret",
 		RedirectURIs: []string{assertServer.URL + "/assert"},
 	}
 
-	restrictedClient := &oapi.OAuthClient{
+	restrictedClient := &oauthv1.OAuthClient{
 		ObjectMeta:   metav1.ObjectMeta{Name: "test"},
 		Secret:       "secret",
 		RedirectURIs: []string{assertServer.URL + "/assert"},
-		ScopeRestrictions: []oapi.ScopeRestriction{
+		ScopeRestrictions: []oauthv1.ScopeRestriction{
 			{ExactValues: []string{"user:info"}},
 		},
 	}
 
 	testCases := map[string]struct {
-		Client      *oapi.OAuthClient
-		ClientAuth  *oapi.OAuthClientAuthorization
+		Client      *oauthv1.OAuthClient
+		ClientAuth  *oauthv1.OAuthClientAuthorization
 		AuthSuccess bool
 		AuthUser    user.Info
 		Scope       string
@@ -164,7 +164,7 @@ func TestRegistryAndServer(t *testing.T) {
 				Name: "user",
 				UID:  "1",
 			},
-			ClientAuth: &oapi.OAuthClientAuthorization{
+			ClientAuth: &oauthv1.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "user:test"},
 				UserName:   "user",
 				UserUID:    "1",
@@ -185,7 +185,7 @@ func TestRegistryAndServer(t *testing.T) {
 				Name: "user",
 				UID:  "1",
 			},
-			ClientAuth: &oapi.OAuthClientAuthorization{
+			ClientAuth: &oauthv1.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "user:test"},
 				UserName:   "user",
 				UserUID:    "1",
@@ -206,7 +206,7 @@ func TestRegistryAndServer(t *testing.T) {
 				Name: "user",
 				UID:  "1",
 			},
-			ClientAuth: &oapi.OAuthClientAuthorization{
+			ClientAuth: &oauthv1.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "user:test"},
 				UserName:   "user",
 				UserUID:    "1",
@@ -233,7 +233,7 @@ func TestRegistryAndServer(t *testing.T) {
 			AuthUser: &user.DefaultInfo{
 				Name: "user",
 			},
-			ClientAuth: &oapi.OAuthClientAuthorization{
+			ClientAuth: &oauthv1.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "user:test"},
 				UserName:   "user",
 				UserUID:    "2",
@@ -253,7 +253,7 @@ func TestRegistryAndServer(t *testing.T) {
 				Name: "user",
 				UID:  "1",
 			},
-			ClientAuth: &oapi.OAuthClientAuthorization{
+			ClientAuth: &oauthv1.OAuthClientAuthorization{
 				ObjectMeta: metav1.ObjectMeta{Name: "user:test"},
 				UserName:   "user",
 				UserUID:    "2",
diff --git a/pkg/oauthserver/server/tokenrequest/endpoints.go b/pkg/oauthserver/server/tokenrequest/endpoints.go
index a99e1a527652..86ec37652993 100644
--- a/pkg/oauthserver/server/tokenrequest/endpoints.go
+++ b/pkg/oauthserver/server/tokenrequest/endpoints.go
@@ -187,7 +187,7 @@ var tokenTemplate = template.Must(template.New("tokenTemplate").Parse(`
   <pre>oc login <span class="nowrap">--token={{.AccessToken}}</span> <span class="nowrap">--server={{.PublicMasterURL}}</span></pre>
 
   <h3>Use this token directly against the API</h3>
-  <pre>curl <span class="nowrap">-H "Authorization: Bearer {{.AccessToken}}"</span> <span class="nowrap">"{{.PublicMasterURL}}/oapi/v1/users/~"</span></pre>
+  <pre>curl <span class="nowrap">-H "Authorization: Bearer {{.AccessToken}}"</span> <span class="nowrap">"{{.PublicMasterURL}}/apis/user.openshift.io/v1/users/~"</span></pre>
 {{ end }}
 
 <br><br>
diff --git a/test/cmd/authentication.sh b/test/cmd/authentication.sh
index f03ccc888671..302a7428b935 100755
--- a/test/cmd/authentication.sh
+++ b/test/cmd/authentication.sh
@@ -73,10 +73,8 @@ os::cmd::expect_success_and_text "oc get projects --token='${allescalatingpowers
 os::cmd::expect_success_and_text "oc policy can-i --list --token='${allescalatingpowerstoken}' -n '${project}'" 'get.*pods'
 
 accesstoken="$(oc process -f "${OS_ROOT}/test/testdata/authentication/scoped-token-template.yaml" TOKEN_PREFIX=access SCOPE=user:check-access USER_NAME="${username}" USER_UID="${useruid}" | oc create -f - -o name | awk -F/ '{print $2}')"
-os::cmd::expect_success_and_text "curl -k -XPOST -H 'Content-Type: application/json' -H 'Authorization: Bearer ${accesstoken}' '${API_SCHEME}://${API_HOST}:${API_PORT}/oapi/v1/namespaces/${project}/localsubjectaccessreviews' -d @${OS_ROOT}/test/testdata/authentication/localsubjectaccessreview.json" '"kind": "SubjectAccessReviewResponse"'
 os::cmd::expect_success_and_text "curl -k -XPOST -H 'Content-Type: application/json' -H 'Authorization: Bearer ${accesstoken}' '${API_SCHEME}://${API_HOST}:${API_PORT}/apis/authorization.openshift.io/v1/namespaces/${project}/localsubjectaccessreviews' -d '{\"kind\":\"LocalSubjectAccessReview\",\"apiVersion\":\"authorization.openshift.io/v1\",\"namespace\":\"${project}\",\"verb\":\"create\",\"resource\":\"pods\"}'" '"kind": "SubjectAccessReviewResponse"'
 # verify group and kind defaulting works correctly
-os::cmd::expect_success_and_text "curl -k -XPOST -H 'Content-Type: application/json' -H 'Authorization: Bearer ${accesstoken}' '${API_SCHEME}://${API_HOST}:${API_PORT}/oapi/v1/subjectaccessreviews' -d '{\"namespace\":\"${project}\",\"verb\":\"create\",\"resource\":\"pods\"}'" '"kind": "SubjectAccessReviewResponse"'
 os::cmd::expect_success_and_text "curl -k -XPOST -H 'Content-Type: application/json' -H 'Authorization: Bearer ${accesstoken}' '${API_SCHEME}://${API_HOST}:${API_PORT}/apis/authorization.openshift.io/v1/subjectaccessreviews' -d '{\"namespace\":\"${project}\",\"verb\":\"create\",\"resource\":\"pods\"}'" '"kind": "SubjectAccessReviewResponse"'
 os::cmd::expect_success_and_text "oc policy can-i create pods --token='${accesstoken}' -n '${project}' --ignore-scopes" 'yes'
 os::cmd::expect_success_and_text "oc policy can-i create pods --token='${accesstoken}' -n '${project}'" 'no'
diff --git a/test/cmd/routes.sh b/test/cmd/routes.sh
index 2f4681c2683f..6651c16eafa0 100755
--- a/test/cmd/routes.sh
+++ b/test/cmd/routes.sh
@@ -35,7 +35,6 @@ os::cmd::expect_success_and_text 'oc create route edge --service bar --port=9090
 # verify that reencrypt routes with no destination CA return the stub PEM block on the old API
 project="$(oc project -q)"
 os::cmd::expect_success_and_text     'oc create route reencrypt --service baz --port=9090' 'created'
-os::cmd::expect_success_and_text     'oc get --raw /oapi/v1/namespaces/${project}/routes/baz' 'This is an empty PEM file'
 os::cmd::expect_success_and_not_text 'oc get --raw /apis/route.openshift.io/v1/namespaces/${project}/routes/baz' 'This is an empty PEM file'
 
 os::cmd::expect_success_and_text 'oc set route-backends foo' 'routes/foo'
diff --git a/test/extended/builds/build_pruning.go b/test/extended/builds/build_pruning.go
index 5dc445cbf716..d39009440543 100644
--- a/test/extended/builds/build_pruning.go
+++ b/test/extended/builds/build_pruning.go
@@ -26,7 +26,6 @@ var _ = g.Describe("[Feature:Builds][pruning] prune builds based on settings in
 		successfulBuildConfig = filepath.Join(buildPruningBaseDir, "successful-build-config.yaml")
 		failedBuildConfig     = filepath.Join(buildPruningBaseDir, "failed-build-config.yaml")
 		erroredBuildConfig    = filepath.Join(buildPruningBaseDir, "errored-build-config.yaml")
-		legacyBuildConfig     = filepath.Join(buildPruningBaseDir, "default-legacy-build-config.yaml")
 		groupBuildConfig      = filepath.Join(buildPruningBaseDir, "default-group-build-config.yaml")
 		oc                    = exutil.NewCLI("build-pruning", exutil.KubeConfigPath())
 		pollingInterval       = time.Second
@@ -313,19 +312,5 @@ var _ = g.Describe("[Feature:Builds][pruning] prune builds based on settings in
 			o.Expect(*buildConfig.Spec.FailedBuildsHistoryLimit).To(o.Equal(buildutil.DefaultFailedBuildsHistoryLimit),
 				"the buildconfig should have the default failed history limit set")
 		})
-
-		g.It("[Conformance] buildconfigs should not have a default history limit set when created via the legacy api", func() {
-
-			g.By("creating a build config with the legacy api")
-			err := oc.Run("create").Args("-f", legacyBuildConfig, "--raw=/oapi/v1/namespaces/"+oc.Namespace()+"/buildconfigs").Execute()
-			o.Expect(err).NotTo(o.HaveOccurred())
-
-			buildConfig, err := oc.BuildClient().Build().BuildConfigs(oc.Namespace()).Get("myphp", metav1.GetOptions{})
-			if err != nil {
-				fmt.Fprintf(g.GinkgoWriter, "%v", err)
-			}
-			o.Expect(buildConfig.Spec.SuccessfulBuildsHistoryLimit).To(o.BeNil(), "the buildconfig should not have the default successful history limit set")
-			o.Expect(buildConfig.Spec.FailedBuildsHistoryLimit).To(o.BeNil(), "the buildconfig should not have the default failed history limit set")
-		})
 	})
 })
diff --git a/test/extended/images/signatures.go b/test/extended/images/signatures.go
index 4f4baa3b7e27..9b26d5800c6e 100644
--- a/test/extended/images/signatures.go
+++ b/test/extended/images/signatures.go
@@ -22,6 +22,7 @@ var _ = g.Describe("[registry][Serial][Suite:openshift/registry/serial] Image si
 	)
 
 	g.It("can push a signed image to openshift registry and verify it", func() {
+		g.Skip("disable because containers/image: https://github.com/containers/image/pull/570")
 		g.By("building a signer image that knows how to sign images")
 		output, err := oc.Run("create").Args("-f", signerBuildFixture).Output()
 		if err != nil {
diff --git a/test/integration/authorization_test.go b/test/integration/authorization_test.go
index 9761b3565d89..47846a6fe72f 100644
--- a/test/integration/authorization_test.go
+++ b/test/integration/authorization_test.go
@@ -10,10 +10,7 @@ import (
 	rbacv1 "k8s.io/api/rbac/v1"
 	kapierror "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
-	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
@@ -41,11 +38,10 @@ import (
 	"github.com/openshift/origin/pkg/api/legacy"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
 	authorizationclient "github.com/openshift/origin/pkg/authorization/generated/internalclientset"
-	authorizationclientscheme "github.com/openshift/origin/pkg/authorization/generated/internalclientset/scheme"
 	authorizationtypedclient "github.com/openshift/origin/pkg/authorization/generated/internalclientset/typed/authorization/internalversion"
 	buildapi "github.com/openshift/origin/pkg/build/apis/build"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
-	policy "github.com/openshift/origin/pkg/oc/cli/admin/policy"
+	"github.com/openshift/origin/pkg/oc/cli/admin/policy"
 	projectclient "github.com/openshift/origin/pkg/project/generated/internalclientset"
 	testutil "github.com/openshift/origin/test/util"
 	testserver "github.com/openshift/origin/test/util/server"
@@ -1436,616 +1432,3 @@ func TestBrowserSafeAuthorizer(t *testing.T) {
 		}
 	}
 }
-
-// TestLegacyLocalRoleBindingEndpoint exercises the legacy rolebinding endpoint that is proxied to rbac
-func TestLegacyLocalRoleBindingEndpoint(t *testing.T) {
-	masterConfig, clusterAdminKubeConfig, err := testserver.StartTestMasterAPI()
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	defer testserver.CleanupMasterEtcd(t, masterConfig)
-
-	clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	clusterAdmin := authorizationclient.NewForConfigOrDie(clusterAdminClientConfig)
-
-	namespace := "testproject"
-	_, _, err = testserver.CreateNewProject(clusterAdminClientConfig, namespace, "testuser")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	roleBindingsPath := "/oapi/v1/namespaces/" + namespace + "/rolebindings"
-	testBindingName := "testrole"
-
-	// install the legacy types into the client for decoding
-	legacy.InstallInternalLegacyAuthorization(authorizationclientscheme.Scheme)
-
-	// create rolebinding
-	roleBindingToCreate := &authorizationapi.RoleBinding{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: testBindingName,
-		},
-		Subjects: []kapi.ObjectReference{
-			{
-				Kind: authorizationapi.UserKind,
-				Name: "testuser",
-			},
-		},
-		RoleRef: kapi.ObjectReference{
-			Kind:      "Role",
-			Name:      "edit",
-			Namespace: namespace,
-		},
-	}
-	roleBindingToCreateBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), roleBindingToCreate)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	roleBindingCreated := &authorizationapi.RoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Post().AbsPath(roleBindingsPath).Body(roleBindingToCreateBytes).Do().Into(roleBindingCreated)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if roleBindingCreated.Name != roleBindingToCreate.Name {
-		t.Errorf("expected rolebinding %s, got %s", roleBindingToCreate.Name, roleBindingCreated.Name)
-	}
-
-	// list rolebindings
-	roleBindingList := &authorizationapi.RoleBindingList{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(roleBindingsPath).Do().Into(roleBindingList)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	checkBindings := sets.String{}
-	for _, rb := range roleBindingList.Items {
-		checkBindings.Insert(rb.Name)
-	}
-
-	// check for the created rolebinding in the list
-	if !checkBindings.HasAll(testBindingName) {
-		t.Errorf("rolebinding list does not have the expected bindings")
-	}
-
-	// edit rolebinding
-	roleBindingToEdit := &authorizationapi.RoleBinding{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: testBindingName,
-		},
-		Subjects: []kapi.ObjectReference{
-			{
-				Kind: authorizationapi.UserKind,
-				Name: "testuser",
-			},
-			{
-				Kind: authorizationapi.UserKind,
-				Name: "testuser2",
-			},
-		},
-		RoleRef: kapi.ObjectReference{
-			Kind:      "Role",
-			Name:      "edit",
-			Namespace: namespace,
-		},
-	}
-	roleBindingToEditBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), roleBindingToEdit)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	roleBindingEdited := &authorizationapi.RoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Patch(types.StrategicMergePatchType).AbsPath(roleBindingsPath).Name(roleBindingToEdit.Name).Body(roleBindingToEditBytes).Do().Into(roleBindingEdited)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if roleBindingEdited.Name != roleBindingToEdit.Name {
-		t.Errorf("expected rolebinding %s, got %s", roleBindingToEdit.Name, roleBindingEdited.Name)
-	}
-
-	checkSubjects := sets.String{}
-	for _, subj := range roleBindingEdited.Subjects {
-		checkSubjects.Insert(subj.Name)
-	}
-	if !checkSubjects.HasAll("testuser", "testuser2") {
-		t.Errorf("rolebinding not edited")
-	}
-
-	// get rolebinding by name
-	getRoleBinding := &authorizationapi.RoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(roleBindingsPath).Name(testBindingName).Do().Into(getRoleBinding)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-	if getRoleBinding.Name != testBindingName {
-		t.Errorf("expected rolebinding %s, got %s", testBindingName, getRoleBinding.Name)
-	}
-
-	// delete rolebinding
-	err = clusterAdmin.Authorization().RESTClient().Delete().AbsPath(roleBindingsPath).Name(testBindingName).Do().Error()
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	// confirm deletion
-	getRoleBinding = &authorizationapi.RoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(roleBindingsPath).Name(testBindingName).Do().Into(getRoleBinding)
-	if err == nil {
-		t.Errorf("expected error")
-	} else if !kapierror.IsNotFound(err) {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	// create local rolebinding for cluster role
-	localClusterRoleBindingToCreate := &authorizationapi.RoleBinding{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "test-crb",
-			Namespace: namespace,
-		},
-		Subjects: []kapi.ObjectReference{
-			{
-				Kind: authorizationapi.UserKind,
-				Name: "testuser",
-			},
-		},
-		RoleRef: kapi.ObjectReference{
-			Kind: "ClusterRole",
-			Name: "edit",
-		},
-	}
-	localClusterRoleBindingToCreateBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), localClusterRoleBindingToCreate)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	localClusterRoleBindingCreated := &authorizationapi.RoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Post().AbsPath(roleBindingsPath).Body(localClusterRoleBindingToCreateBytes).Do().Into(localClusterRoleBindingCreated)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if localClusterRoleBindingCreated.Name != localClusterRoleBindingToCreate.Name {
-		t.Errorf("expected clusterrolebinding %s, got %s", localClusterRoleBindingToCreate.Name, localClusterRoleBindingCreated.Name)
-	}
-
-}
-
-// TestLegacyClusterRoleBindingEndpoint exercises the legacy clusterrolebinding endpoint that is proxied to rbac
-func TestLegacyClusterRoleBindingEndpoint(t *testing.T) {
-	masterConfig, clusterAdminKubeConfig, err := testserver.StartTestMasterAPI()
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	defer testserver.CleanupMasterEtcd(t, masterConfig)
-
-	clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	clusterAdmin := authorizationclient.NewForConfigOrDie(clusterAdminClientConfig)
-
-	// install the legacy types into the client for decoding
-	legacy.InstallInternalLegacyAuthorization(authorizationclientscheme.Scheme)
-
-	clusterRoleBindingsPath := "/oapi/v1/clusterrolebindings"
-	testBindingName := "testbinding"
-
-	// list clusterrole bindings
-	clusterRoleBindingList := &authorizationapi.ClusterRoleBindingList{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(clusterRoleBindingsPath).Do().Into(clusterRoleBindingList)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	checkBindings := sets.String{}
-	for _, rb := range clusterRoleBindingList.Items {
-		checkBindings.Insert(rb.Name)
-	}
-
-	// ensure there are at least some of the expected bindings in the list
-	if !checkBindings.HasAll("basic-users", "cluster-admin", "cluster-admins", "cluster-readers") {
-		t.Errorf("clusterrolebinding list does not have the expected bindings")
-	}
-
-	// create clusterrole binding
-	clusterRoleBindingToCreate := &authorizationapi.ClusterRoleBinding{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: testBindingName,
-		},
-		Subjects: []kapi.ObjectReference{
-			{
-				Kind: authorizationapi.UserKind,
-				Name: "testuser",
-			},
-		},
-		RoleRef: kapi.ObjectReference{
-			Kind: "ClusterRole",
-			Name: "edit",
-		},
-	}
-	clusterRoleBindingToCreateBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), clusterRoleBindingToCreate)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	clusterRoleBindingCreated := &authorizationapi.ClusterRoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Post().AbsPath(clusterRoleBindingsPath).Body(clusterRoleBindingToCreateBytes).Do().Into(clusterRoleBindingCreated)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if clusterRoleBindingCreated.Name != clusterRoleBindingToCreate.Name {
-		t.Errorf("expected clusterrolebinding %s, got %s", clusterRoleBindingToCreate.Name, clusterRoleBindingCreated.Name)
-	}
-
-	// edit clusterrole binding
-	clusterRoleBindingToEdit := &authorizationapi.ClusterRoleBinding{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: testBindingName,
-		},
-		Subjects: []kapi.ObjectReference{
-			{
-				Kind: authorizationapi.UserKind,
-				Name: "testuser",
-			},
-			{
-				Kind: authorizationapi.UserKind,
-				Name: "testuser2",
-			},
-		},
-		RoleRef: kapi.ObjectReference{
-			Kind: "ClusterRole",
-			Name: "edit",
-		},
-	}
-	clusterRoleBindingToEditBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), clusterRoleBindingToEdit)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	clusterRoleBindingEdited := &authorizationapi.ClusterRoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Patch(types.StrategicMergePatchType).AbsPath(clusterRoleBindingsPath).Name(clusterRoleBindingToEdit.Name).Body(clusterRoleBindingToEditBytes).Do().Into(clusterRoleBindingEdited)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if clusterRoleBindingEdited.Name != clusterRoleBindingToEdit.Name {
-		t.Errorf("expected clusterrolebinding %s, got %s", clusterRoleBindingToEdit.Name, clusterRoleBindingEdited.Name)
-	}
-
-	checkSubjects := sets.String{}
-	for _, subj := range clusterRoleBindingEdited.Subjects {
-		checkSubjects.Insert(subj.Name)
-	}
-	if !checkSubjects.HasAll("testuser", "testuser2") {
-		t.Errorf("clusterrolebinding not edited")
-	}
-
-	// get clusterrolebinding by name
-	getRoleBinding := &authorizationapi.ClusterRoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(clusterRoleBindingsPath).Name(testBindingName).Do().Into(getRoleBinding)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-	if getRoleBinding.Name != testBindingName {
-		t.Errorf("expected clusterrolebinding %s, got %s", testBindingName, getRoleBinding.Name)
-	}
-
-	// delete clusterrolebinding
-	err = clusterAdmin.Authorization().RESTClient().Delete().AbsPath(clusterRoleBindingsPath).Name(testBindingName).Do().Error()
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	// confirm deletion
-	getRoleBinding = &authorizationapi.ClusterRoleBinding{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(clusterRoleBindingsPath).Name(testBindingName).Do().Into(getRoleBinding)
-	if err == nil {
-		t.Errorf("expected error")
-	} else if !kapierror.IsNotFound(err) {
-		t.Errorf("unexpected error: %v", err)
-	}
-}
-
-// TestLegacyClusterRoleEndpoint exercises the legacy clusterrole endpoint that is proxied to rbac
-func TestLegacyClusterRoleEndpoint(t *testing.T) {
-	masterConfig, clusterAdminKubeConfig, err := testserver.StartTestMasterAPI()
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	defer testserver.CleanupMasterEtcd(t, masterConfig)
-
-	clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	clusterAdmin := authorizationclient.NewForConfigOrDie(clusterAdminClientConfig)
-
-	// install the legacy types into the client for decoding
-	legacy.InstallInternalLegacyAuthorization(authorizationclientscheme.Scheme)
-
-	clusterRolesPath := "/oapi/v1/clusterroles"
-	testRole := "testrole"
-
-	// list clusterroles
-	clusterRoleList := &authorizationapi.ClusterRoleList{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(clusterRolesPath).Do().Into(clusterRoleList)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	checkRoles := sets.String{}
-	for _, role := range clusterRoleList.Items {
-		checkRoles.Insert(role.Name)
-	}
-	// ensure there are at least some of the expected roles in the clusterrole list
-	if !checkRoles.HasAll("admin", "basic-user", "cluster-admin", "edit", "sudoer") {
-		t.Errorf("clusterrole list does not have the expected roles")
-	}
-
-	// create clusterrole
-	clusterRoleToCreate := &authorizationapi.ClusterRole{
-		ObjectMeta: metav1.ObjectMeta{Name: testRole},
-		Rules: []authorizationapi.PolicyRule{
-			authorizationapi.NewRule("get").Groups("").Resources("services").RuleOrDie(),
-		},
-	}
-	clusterRoleToCreateBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), clusterRoleToCreate)
-	if err != nil {
-		t.Fatal(err)
-	}
-	createdClusterRole := &authorizationapi.ClusterRole{}
-	err = clusterAdmin.Authorization().RESTClient().Post().AbsPath(clusterRolesPath).Body(clusterRoleToCreateBytes).Do().Into(createdClusterRole)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if createdClusterRole.Name != clusterRoleToCreate.Name {
-		t.Errorf("expected to create %v, got %v", clusterRoleToCreate.Name, createdClusterRole.Name)
-	}
-
-	if !createdClusterRole.Rules[0].Verbs.Has("get") {
-		t.Errorf("expected clusterrole to have a get rule")
-	}
-
-	// update clusterrole
-	clusterRoleUpdate := &authorizationapi.ClusterRole{
-		ObjectMeta: metav1.ObjectMeta{Name: testRole},
-		Rules: []authorizationapi.PolicyRule{
-			authorizationapi.NewRule("get", "list").Groups("").Resources("services").RuleOrDie(),
-		},
-	}
-
-	clusterRoleUpdateBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), clusterRoleUpdate)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	updatedClusterRole := &authorizationapi.ClusterRole{}
-	err = clusterAdmin.Authorization().RESTClient().Patch(types.StrategicMergePatchType).AbsPath(clusterRolesPath).Name(testRole).Body(clusterRoleUpdateBytes).Do().Into(updatedClusterRole)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if updatedClusterRole.Name != clusterRoleUpdate.Name {
-		t.Errorf("expected to update %s, got %s", clusterRoleUpdate.Name, updatedClusterRole.Name)
-	}
-
-	if !updatedClusterRole.Rules[0].Verbs.HasAll("get", "list") {
-		t.Errorf("expected clusterrole to have a get and list rule")
-	}
-
-	// get clusterrole
-	getRole := &authorizationapi.ClusterRole{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(clusterRolesPath).Name(testRole).Do().Into(getRole)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-	if getRole.Name != testRole {
-		t.Errorf("expected %s role, got %s instead", testRole, getRole.Name)
-	}
-
-	// delete clusterrole
-	err = clusterAdmin.Authorization().RESTClient().Delete().AbsPath(clusterRolesPath).Name(testRole).Do().Error()
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	// confirm deletion
-	getRole = &authorizationapi.ClusterRole{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(clusterRolesPath).Name(testRole).Do().Into(getRole)
-	if err == nil {
-		t.Errorf("expected error")
-	} else if !kapierror.IsNotFound(err) {
-		t.Errorf("unexpected error: %v", err)
-	}
-}
-
-// TestLegacyLocalRoleEndpoint exercises the legacy role endpoint that is proxied to rbac
-func TestLegacyLocalRoleEndpoint(t *testing.T) {
-	masterConfig, clusterAdminKubeConfig, err := testserver.StartTestMasterAPI()
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	defer testserver.CleanupMasterEtcd(t, masterConfig)
-
-	clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	clusterAdmin := authorizationclient.NewForConfigOrDie(clusterAdminClientConfig)
-
-	namespace := "testproject"
-	_, _, err = testserver.CreateNewProject(clusterAdminClientConfig, namespace, "testuser")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	// install the legacy types into the client for decoding
-	legacy.InstallInternalLegacyAuthorization(authorizationclientscheme.Scheme)
-
-	rolesPath := "/oapi/v1/namespaces/" + namespace + "/roles"
-	testRole := "testrole"
-
-	// create role
-	roleToCreate := &authorizationapi.Role{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      testRole,
-			Namespace: namespace,
-		},
-		Rules: []authorizationapi.PolicyRule{
-			authorizationapi.NewRule("get").Groups("").Resources("services").RuleOrDie(),
-		},
-	}
-	roleToCreateBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), roleToCreate)
-	if err != nil {
-		t.Fatal(err)
-	}
-	createdRole := &authorizationapi.Role{}
-	err = clusterAdmin.Authorization().RESTClient().Post().AbsPath(rolesPath).Body(roleToCreateBytes).Do().Into(createdRole)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if createdRole.Name != roleToCreate.Name {
-		t.Errorf("expected to create %v, got %v", roleToCreate.Name, createdRole.Name)
-	}
-
-	if !createdRole.Rules[0].Verbs.Has("get") {
-		t.Errorf("expected clusterRole to have a get rule")
-	}
-
-	// list roles
-	roleList := &authorizationapi.RoleList{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(rolesPath).Do().Into(roleList)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	checkRoles := sets.String{}
-	for _, role := range roleList.Items {
-		checkRoles.Insert(role.Name)
-	}
-	// ensure the role list has the created role
-	if !checkRoles.HasAll(testRole) {
-		t.Errorf("role list does not have the expected roles")
-	}
-
-	// update role
-	roleUpdate := &authorizationapi.Role{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      testRole,
-			Namespace: namespace,
-		},
-		Rules: []authorizationapi.PolicyRule{
-			authorizationapi.NewRule("get", "list").Groups("").Resources("services").RuleOrDie(),
-		},
-	}
-
-	roleUpdateBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), roleUpdate)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	updatedRole := &authorizationapi.Role{}
-	err = clusterAdmin.Authorization().RESTClient().Patch(types.StrategicMergePatchType).AbsPath(rolesPath).Name(testRole).Body(roleUpdateBytes).Do().Into(updatedRole)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	if updatedRole.Name != roleUpdate.Name {
-		t.Errorf("expected to update %s, got %s", roleUpdate.Name, updatedRole.Name)
-	}
-
-	if !updatedRole.Rules[0].Verbs.HasAll("get", "list") {
-		t.Errorf("expected role to have a get and list rule")
-	}
-
-	// get role
-	getRole := &authorizationapi.Role{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(rolesPath).Name(testRole).Do().Into(getRole)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-	if getRole.Name != testRole {
-		t.Errorf("expected %s role, got %s instead", testRole, getRole.Name)
-	}
-
-	// delete role
-	err = clusterAdmin.Authorization().RESTClient().Delete().AbsPath(rolesPath).Name(testRole).Do().Error()
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
-
-	// confirm deletion
-	getRole = &authorizationapi.Role{}
-	err = clusterAdmin.Authorization().RESTClient().Get().AbsPath(rolesPath).Name(testRole).Do().Into(getRole)
-	if err == nil {
-		t.Errorf("expected error")
-	} else if !kapierror.IsNotFound(err) {
-		t.Errorf("unexpected error: %v", err)
-	}
-}
-
-func TestOldLocalAccessReviewEndpoints(t *testing.T) {
-	masterConfig, clusterAdminKubeConfig, err := testserver.StartTestMasterAPI()
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	defer testserver.CleanupMasterEtcd(t, masterConfig)
-
-	clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	clusterAdminAuthorizationClient := authorizationclient.NewForConfigOrDie(clusterAdminClientConfig).Authorization()
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	namespace := "hammer-project"
-	if _, _, err := testserver.CreateNewProject(clusterAdminClientConfig, namespace, "harold"); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	// install the legacy types into the client for decoding
-	legacy.InstallInternalLegacyAuthorization(authorizationclientscheme.Scheme)
-	codecFactory := serializer.NewCodecFactory(authorizationclientscheme.Scheme)
-
-	sar := &authorizationapi.SubjectAccessReview{
-		Action: authorizationapi.Action{
-			Verb:     "get",
-			Resource: "imagestreams/layers",
-		},
-	}
-	sarBytes, err := runtime.Encode(codecFactory.LegacyCodec(schema.GroupVersion{Version: "v1"}), sar)
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = clusterAdminAuthorizationClient.RESTClient().Post().AbsPath("/oapi/v1/namespaces/" + namespace + "/subjectaccessreviews").Body(sarBytes).Do().Into(&authorizationapi.SubjectAccessReviewResponse{})
-	if !kapierror.IsNotFound(err) {
-		t.Fatal(err)
-	}
-
-	rar := &authorizationapi.ResourceAccessReview{
-		Action: authorizationapi.Action{
-			Verb:     "get",
-			Resource: "imagestreams/layers",
-		},
-	}
-	rarBytes, err := runtime.Encode(codecFactory.LegacyCodec(schema.GroupVersion{Version: "v1"}), rar)
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = clusterAdminAuthorizationClient.RESTClient().Post().AbsPath("/oapi/v1/namespaces/" + namespace + "/resourceaccessreviews").Body(rarBytes).Do().Into(&authorizationapi.ResourceAccessReviewResponse{})
-	if !kapierror.IsNotFound(err) {
-		t.Fatal(err)
-	}
-}
diff --git a/test/integration/deploy_defaults_test.go b/test/integration/deploy_defaults_test.go
index bcbbeffe3fc8..747005afecac 100644
--- a/test/integration/deploy_defaults_test.go
+++ b/test/integration/deploy_defaults_test.go
@@ -5,21 +5,15 @@ import (
 	"testing"
 	"time"
 
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/util/diff"
-	"k8s.io/apimachinery/pkg/util/intstr"
-	"k8s.io/kubernetes/pkg/api/legacyscheme"
-
 	appsv1 "github.com/openshift/api/apps/v1"
 	appsclient "github.com/openshift/client-go/apps/clientset/versioned"
-	appsclientscheme "github.com/openshift/client-go/apps/clientset/versioned/scheme"
 	testutil "github.com/openshift/origin/test/util"
 	testserver "github.com/openshift/origin/test/util/server"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/diff"
+	"k8s.io/apimachinery/pkg/util/intstr"
 
-	"github.com/openshift/origin/pkg/api/legacy"
 	_ "github.com/openshift/origin/pkg/apps/apis/apps/install"
 )
 
@@ -119,61 +113,6 @@ func TestDeploymentConfigDefaults(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Failed to create appsClient: %v", err)
 	}
-	// install the legacy types into the client for decoding
-	legacy.InstallInternalLegacyApps(appsclientscheme.Scheme)
-
-	ttLegacy := []struct {
-		obj    *appsv1.DeploymentConfig
-		legacy *appsv1.DeploymentConfig
-	}{
-		{
-			obj: func() *appsv1.DeploymentConfig {
-				dc := minimalDC("test-legacy-01", 0)
-				dc.Spec.RevisionHistoryLimit = nil
-				return dc
-			}(),
-			legacy: func() *appsv1.DeploymentConfig {
-				dc := minimalDC("test-legacy-01", 1)
-				setEssentialDefaults(dc)
-				// Legacy API shall not default RevisionHistoryLimit to maintain backwards compatibility
-				dc.Spec.RevisionHistoryLimit = nil
-				return dc
-			}(),
-		},
-		{
-			obj: func() *appsv1.DeploymentConfig {
-				dc := minimalDC("test-legacy-02", 0)
-				dc.Spec.RevisionHistoryLimit = &nonDefaultRevisionHistoryLimit
-				return dc
-			}(),
-			legacy: func() *appsv1.DeploymentConfig {
-				dc := minimalDC("test-legacy-02", 1)
-				setEssentialDefaults(dc)
-				dc.Spec.RevisionHistoryLimit = &nonDefaultRevisionHistoryLimit
-				return dc
-			}(),
-		},
-	}
-	t.Run("Legacy API", func(t *testing.T) {
-		for _, tc := range ttLegacy {
-			t.Run("", func(t *testing.T) {
-				dcBytes, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(schema.GroupVersion{Version: "v1"}), tc.obj)
-				if err != nil {
-					t.Fatal(err)
-				}
-				legacyObj, err := appsClient.Apps().RESTClient().Post().AbsPath("/oapi/v1/namespaces/" + namespace + "/deploymentconfigs").Body(dcBytes).Do().Get()
-				if err != nil {
-					t.Fatalf("Failed to create DC: %v", err)
-				}
-				legacyDC := legacyObj.(*appsv1.DeploymentConfig)
-
-				clearTransient(legacyDC)
-				if !reflect.DeepEqual(legacyDC, tc.legacy) {
-					t.Errorf("Legacy DC differs from expected output: %s", diff.ObjectReflectDiff(legacyDC, tc.legacy))
-				}
-			})
-		}
-	})
 
 	ttApps := []struct {
 		obj  *appsv1.DeploymentConfig
diff --git a/test/integration/deploy_scale_test.go b/test/integration/deploy_scale_test.go
index 93e59b82ba03..b0b1aac29ea6 100644
--- a/test/integration/deploy_scale_test.go
+++ b/test/integration/deploy_scale_test.go
@@ -56,28 +56,6 @@ func TestDeployScale(t *testing.T) {
 	}
 	generation := dc.Generation
 
-	{
-		// Get scale subresource
-		legacyPath := fmt.Sprintf("/oapi/v1/namespaces/%s/deploymentconfigs/%s/scale", dc.Namespace, dc.Name)
-		legacyScale := &unstructured.Unstructured{}
-		if err := adminAppsClient.RESTClient().Get().AbsPath(legacyPath).Do().Into(legacyScale); err != nil {
-			t.Fatal(err)
-		}
-		// Ensure correct type
-		if legacyScale.GetAPIVersion() != "extensions/v1beta1" {
-			t.Fatalf("Expected extensions/v1beta1, got %v", legacyScale.GetAPIVersion())
-		}
-		scaleBytes, err := legacyScale.MarshalJSON()
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		// Ensure we can submit the same type back
-		if err := adminAppsClient.RESTClient().Put().AbsPath(legacyPath).Body(scaleBytes).Do().Error(); err != nil {
-			t.Fatal(err)
-		}
-	}
-
 	{
 		// Get scale subresource
 		scalePath := fmt.Sprintf("/apis/apps.openshift.io/v1/namespaces/%s/deploymentconfigs/%s/scale", dc.Namespace, dc.Name)
diff --git a/test/integration/etcd_storage_path_test.go b/test/integration/etcd_storage_path_test.go
index 38a9fe2a4c81..f5ab4edccec0 100644
--- a/test/integration/etcd_storage_path_test.go
+++ b/test/integration/etcd_storage_path_test.go
@@ -37,57 +37,31 @@ import (
 	// install all APIs
 	etcdv3 "github.com/coreos/etcd/clientv3"
 	"github.com/openshift/origin/pkg/api/install"
-	"github.com/openshift/origin/pkg/api/legacygroupification"
 )
 
 // Etcd data for all persisted OpenShift objects.
 var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageData{
 	// github.com/openshift/origin/pkg/authorization/apis/authorization/v1
-	gvr("", "v1", "roles"): {
-		Stub:             `{"metadata": {"name": "r1b1o1"}, "rules": [{"verbs": ["create"], "apiGroups": ["authorization.k8s.io"], "resources": ["selfsubjectaccessreviews"]}]}`,
-		ExpectedEtcdPath: "kubernetes.io/roles/etcdstoragepathtestnamespace/r1b1o1",
-		ExpectedGVK:      gvkP("rbac.authorization.k8s.io", "v1", "Role"), // proxy to RBAC
-	},
 	gvr("authorization.openshift.io", "v1", "roles"): {
 		Stub:             `{"metadata": {"name": "r1b1o2"}, "rules": [{"verbs": ["create"], "apiGroups": ["authorization.k8s.io"], "resources": ["selfsubjectaccessreviews"]}]}`,
 		ExpectedEtcdPath: "kubernetes.io/roles/etcdstoragepathtestnamespace/r1b1o2",
 		ExpectedGVK:      gvkP("rbac.authorization.k8s.io", "v1", "Role"), // proxy to RBAC
 	},
-	gvr("", "v1", "clusterroles"): {
-		Stub:             `{"metadata": {"name": "cr1a1o1"}, "rules": [{"verbs": ["create"], "apiGroups": ["authorization.k8s.io"], "resources": ["selfsubjectaccessreviews"]}]}`,
-		ExpectedEtcdPath: "kubernetes.io/clusterroles/cr1a1o1",
-		ExpectedGVK:      gvkP("rbac.authorization.k8s.io", "v1", "ClusterRole"), // proxy to RBAC
-	},
 	gvr("authorization.openshift.io", "v1", "clusterroles"): {
 		Stub:             `{"metadata": {"name": "cr1a1o2"}, "rules": [{"verbs": ["create"], "apiGroups": ["authorization.k8s.io"], "resources": ["selfsubjectaccessreviews"]}]}`,
 		ExpectedEtcdPath: "kubernetes.io/clusterroles/cr1a1o2",
 		ExpectedGVK:      gvkP("rbac.authorization.k8s.io", "v1", "ClusterRole"), // proxy to RBAC
 	},
-	gvr("", "v1", "rolebindings"): {
-		Stub:             `{"metadata": {"name": "rb1a1o1"}, "subjects": [{"kind": "Group", "name": "system:authenticated"}], "roleRef": {"kind": "Role", "name": "r1a1"}}`,
-		ExpectedEtcdPath: "kubernetes.io/rolebindings/etcdstoragepathtestnamespace/rb1a1o1",
-		ExpectedGVK:      gvkP("rbac.authorization.k8s.io", "v1", "RoleBinding"), // proxy to RBAC
-	},
 	gvr("authorization.openshift.io", "v1", "rolebindings"): {
 		Stub:             `{"metadata": {"name": "rb1a1o2"}, "subjects": [{"kind": "Group", "name": "system:authenticated"}], "roleRef": {"kind": "Role", "name": "r1a1"}}`,
 		ExpectedEtcdPath: "kubernetes.io/rolebindings/etcdstoragepathtestnamespace/rb1a1o2",
 		ExpectedGVK:      gvkP("rbac.authorization.k8s.io", "v1", "RoleBinding"), // proxy to RBAC
 	},
-	gvr("", "v1", "clusterrolebindings"): {
-		Stub:             `{"metadata": {"name": "crb1a1o1"}, "subjects": [{"kind": "Group", "name": "system:authenticated"}], "roleRef": {"kind": "ClusterRole", "name": "cr1a1"}}`,
-		ExpectedEtcdPath: "kubernetes.io/clusterrolebindings/crb1a1o1",
-		ExpectedGVK:      gvkP("rbac.authorization.k8s.io", "v1", "ClusterRoleBinding"), // proxy to RBAC
-	},
 	gvr("authorization.openshift.io", "v1", "clusterrolebindings"): {
 		Stub:             `{"metadata": {"name": "crb1a1o2"}, "subjects": [{"kind": "Group", "name": "system:authenticated"}], "roleRef": {"kind": "ClusterRole", "name": "cr1a1"}}`,
 		ExpectedEtcdPath: "kubernetes.io/clusterrolebindings/crb1a1o2",
 		ExpectedGVK:      gvkP("rbac.authorization.k8s.io", "v1", "ClusterRoleBinding"), // proxy to RBAC
 	},
-	gvr("", "v1", "rolebindingrestrictions"): {
-		Stub:             `{"metadata": {"name": "rbr"}, "spec": {"serviceaccountrestriction": {"serviceaccounts": [{"name": "sa"}]}}}`,
-		ExpectedEtcdPath: "openshift.io/rolebindingrestrictions/etcdstoragepathtestnamespace/rbr",
-		ExpectedGVK:      gvkP("authorization.openshift.io", "v1", "RoleBindingRestriction"),
-	},
 	gvr("authorization.openshift.io", "v1", "rolebindingrestrictions"): {
 		Stub:             `{"metadata": {"name": "rbrg"}, "spec": {"serviceaccountrestriction": {"serviceaccounts": [{"name": "sa"}]}}}`,
 		ExpectedEtcdPath: "openshift.io/rolebindingrestrictions/etcdstoragepathtestnamespace/rbrg",
@@ -95,20 +69,10 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/build/apis/build/v1
-	gvr("", "v1", "builds"): {
-		Stub:             `{"metadata": {"name": "build1"}, "spec": {"source": {"dockerfile": "Dockerfile1"}, "strategy": {"dockerStrategy": {"noCache": true}}}}`,
-		ExpectedEtcdPath: "openshift.io/builds/etcdstoragepathtestnamespace/build1",
-		ExpectedGVK:      gvkP("build.openshift.io", "v1", "Build"),
-	},
 	gvr("build.openshift.io", "v1", "builds"): {
 		Stub:             `{"metadata": {"name": "build1g"}, "spec": {"source": {"dockerfile": "Dockerfile1"}, "strategy": {"dockerStrategy": {"noCache": true}}}}`,
 		ExpectedEtcdPath: "openshift.io/builds/etcdstoragepathtestnamespace/build1g",
 	},
-	gvr("", "v1", "buildconfigs"): {
-		Stub:             `{"metadata": {"name": "bc1"}, "spec": {"source": {"dockerfile": "Dockerfile0"}, "strategy": {"dockerStrategy": {"noCache": true}}}}`,
-		ExpectedEtcdPath: "openshift.io/buildconfigs/etcdstoragepathtestnamespace/bc1",
-		ExpectedGVK:      gvkP("build.openshift.io", "v1", "BuildConfig"),
-	},
 	gvr("build.openshift.io", "v1", "buildconfigs"): {
 		Stub:             `{"metadata": {"name": "bc1g"}, "spec": {"source": {"dockerfile": "Dockerfile0"}, "strategy": {"dockerStrategy": {"noCache": true}}}}`,
 		ExpectedEtcdPath: "openshift.io/buildconfigs/etcdstoragepathtestnamespace/bc1g",
@@ -116,11 +80,6 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/apps/apis/apps/v1
-	gvr("", "v1", "deploymentconfigs"): {
-		Stub:             `{"metadata": {"name": "dc1"}, "spec": {"selector": {"d": "c"}, "template": {"metadata": {"labels": {"d": "c"}}, "spec": {"containers": [{"image": "fedora:latest", "name": "container2"}]}}}}`,
-		ExpectedEtcdPath: "openshift.io/deploymentconfigs/etcdstoragepathtestnamespace/dc1",
-		ExpectedGVK:      gvkP("apps.openshift.io", "v1", "DeploymentConfig"),
-	},
 	gvr("apps.openshift.io", "v1", "deploymentconfigs"): {
 		Stub:             `{"metadata": {"name": "dc1g"}, "spec": {"selector": {"d": "c"}, "template": {"metadata": {"labels": {"d": "c"}}, "spec": {"containers": [{"image": "fedora:latest", "name": "container2"}]}}}}`,
 		ExpectedEtcdPath: "openshift.io/deploymentconfigs/etcdstoragepathtestnamespace/dc1g",
@@ -128,20 +87,10 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/image/apis/image/v1
-	gvr("", "v1", "imagestreams"): {
-		Stub:             `{"metadata": {"name": "is1"}, "spec": {"dockerImageRepository": "docker"}}`,
-		ExpectedEtcdPath: "openshift.io/imagestreams/etcdstoragepathtestnamespace/is1",
-		ExpectedGVK:      gvkP("image.openshift.io", "v1", "ImageStream"),
-	},
 	gvr("image.openshift.io", "v1", "imagestreams"): {
 		Stub:             `{"metadata": {"name": "is1g"}, "spec": {"dockerImageRepository": "docker"}}`,
 		ExpectedEtcdPath: "openshift.io/imagestreams/etcdstoragepathtestnamespace/is1g",
 	},
-	gvr("", "v1", "images"): {
-		Stub:             `{"dockerImageReference": "fedora:latest", "metadata": {"name": "image1"}}`,
-		ExpectedEtcdPath: "openshift.io/images/image1",
-		ExpectedGVK:      gvkP("image.openshift.io", "v1", "Image"),
-	},
 	gvr("image.openshift.io", "v1", "images"): {
 		Stub:             `{"dockerImageReference": "fedora:latest", "metadata": {"name": "image1g"}}`,
 		ExpectedEtcdPath: "openshift.io/images/image1g",
@@ -149,21 +98,6 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/oauth/apis/oauth/v1
-	gvr("", "v1", "oauthclientauthorizations"): {
-		Stub:             `{"clientName": "system:serviceaccount:etcdstoragepathtestnamespace:client", "metadata": {"name": "user:system:serviceaccount:etcdstoragepathtestnamespace:client"}, "scopes": ["user:info"], "userName": "user", "userUID": "cannot be empty"}`,
-		ExpectedEtcdPath: "openshift.io/oauth/clientauthorizations/user:system:serviceaccount:etcdstoragepathtestnamespace:client",
-		Prerequisites: []etcddata.Prerequisite{
-			{
-				GvrData: gvr("", "v1", "serviceaccounts"),
-				Stub:    `{"metadata": {"annotations": {"serviceaccounts.openshift.io/oauth-redirecturi.foo": "http://bar"}, "name": "client"}}`,
-			},
-			{
-				GvrData: gvr("", "v1", "secrets"),
-				Stub:    `{"metadata": {"annotations": {"kubernetes.io/service-account.name": "client"}, "generateName": "client"}, "type": "kubernetes.io/service-account-token"}`,
-			},
-		},
-		ExpectedGVK: gvkP("oauth.openshift.io", "v1", "OAuthClientAuthorization"),
-	},
 	gvr("oauth.openshift.io", "v1", "oauthclientauthorizations"): {
 		Stub:             `{"clientName": "system:serviceaccount:etcdstoragepathtestnamespace:clientg", "metadata": {"name": "user:system:serviceaccount:etcdstoragepathtestnamespace:clientg"}, "scopes": ["user:info"], "userName": "user", "userUID": "cannot be empty"}`,
 		ExpectedEtcdPath: "openshift.io/oauth/clientauthorizations/user:system:serviceaccount:etcdstoragepathtestnamespace:clientg",
@@ -178,17 +112,6 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 			},
 		},
 	},
-	gvr("", "v1", "oauthaccesstokens"): {
-		Stub:             `{"clientName": "client1", "metadata": {"name": "tokenneedstobelongenoughelseitwontwork"}, "userName": "user", "userUID": "cannot be empty"}`,
-		ExpectedEtcdPath: "openshift.io/oauth/accesstokens/tokenneedstobelongenoughelseitwontwork",
-		Prerequisites: []etcddata.Prerequisite{
-			{
-				GvrData: gvr("", "v1", "oauthclients"),
-				Stub:    `{"metadata": {"name": "client1"}}`,
-			},
-		},
-		ExpectedGVK: gvkP("oauth.openshift.io", "v1", "OAuthAccessToken"),
-	},
 	gvr("oauth.openshift.io", "v1", "oauthaccesstokens"): {
 		Stub:             `{"clientName": "client1g", "metadata": {"name": "tokenneedstobelongenoughelseitwontworkg"}, "userName": "user", "userUID": "cannot be empty"}`,
 		ExpectedEtcdPath: "openshift.io/oauth/accesstokens/tokenneedstobelongenoughelseitwontworkg",
@@ -199,17 +122,6 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 			},
 		},
 	},
-	gvr("", "v1", "oauthauthorizetokens"): {
-		Stub:             `{"clientName": "client0", "metadata": {"name": "tokenneedstobelongenoughelseitwontwork"}, "userName": "user", "userUID": "cannot be empty", "expiresIn": 86400}`,
-		ExpectedEtcdPath: "openshift.io/oauth/authorizetokens/tokenneedstobelongenoughelseitwontwork",
-		Prerequisites: []etcddata.Prerequisite{
-			{
-				GvrData: gvr("", "v1", "oauthclients"),
-				Stub:    `{"metadata": {"name": "client0"}}`,
-			},
-		},
-		ExpectedGVK: gvkP("oauth.openshift.io", "v1", "OAuthAuthorizeToken"),
-	},
 	gvr("oauth.openshift.io", "v1", "oauthauthorizetokens"): {
 		Stub:             `{"clientName": "client0g", "metadata": {"name": "tokenneedstobelongenoughelseitwontworkg"}, "userName": "user", "userUID": "cannot be empty", "expiresIn": 86400}`,
 		ExpectedEtcdPath: "openshift.io/oauth/authorizetokens/tokenneedstobelongenoughelseitwontworkg",
@@ -220,11 +132,6 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 			},
 		},
 	},
-	gvr("", "v1", "oauthclients"): {
-		Stub:             `{"metadata": {"name": "client"}}`,
-		ExpectedEtcdPath: "openshift.io/oauth/clients/client",
-		ExpectedGVK:      gvkP("oauth.openshift.io", "v1", "OAuthClient"),
-	},
 	gvr("oauth.openshift.io", "v1", "oauthclients"): {
 		Stub:             `{"metadata": {"name": "clientg"}}`,
 		ExpectedEtcdPath: "openshift.io/oauth/clients/clientg",
@@ -232,11 +139,6 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/project/apis/project/v1
-	gvr("", "v1", "projects"): {
-		Stub:             `{"metadata": {"name": "namespace2"}, "spec": {"finalizers": ["kubernetes", "openshift.io/origin"]}}`,
-		ExpectedEtcdPath: "kubernetes.io/namespaces/namespace2",
-		ExpectedGVK:      gvkP("", "v1", "Namespace"), // project is a proxy for namespace
-	},
 	gvr("project.openshift.io", "v1", "projects"): {
 		Stub:             `{"metadata": {"name": "namespace2g"}, "spec": {"finalizers": ["kubernetes", "openshift.io/origin"]}}`,
 		ExpectedEtcdPath: "kubernetes.io/namespaces/namespace2g",
@@ -245,11 +147,6 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/quota/apis/quota/v1
-	gvr("", "v1", "clusterresourcequotas"): {
-		Stub:             `{"metadata": {"name": "quota1"}, "spec": {"selector": {"labels": {"matchLabels": {"a": "b"}}}}}`,
-		ExpectedEtcdPath: "openshift.io/clusterresourcequotas/quota1",
-		ExpectedGVK:      gvkP("quota.openshift.io", "v1", "ClusterResourceQuota"),
-	},
 	gvr("quota.openshift.io", "v1", "clusterresourcequotas"): {
 		Stub:             `{"metadata": {"name": "quota1g"}, "spec": {"selector": {"labels": {"matchLabels": {"a": "b"}}}}}`,
 		ExpectedEtcdPath: "openshift.io/clusterresourcequotas/quota1g",
@@ -257,40 +154,12 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/route/apis/route/v1
-	gvr("", "v1", "routes"): {
-		Stub:             `{"metadata": {"name": "route1"}, "spec": {"host": "hostname1", "to": {"name": "service1"}}}`,
-		ExpectedEtcdPath: "openshift.io/routes/etcdstoragepathtestnamespace/route1",
-		ExpectedGVK:      gvkP("route.openshift.io", "v1", "Route"),
-	},
 	gvr("route.openshift.io", "v1", "routes"): {
 		Stub:             `{"metadata": {"name": "route1g"}, "spec": {"host": "hostname1", "to": {"name": "service1"}}}`,
 		ExpectedEtcdPath: "openshift.io/routes/etcdstoragepathtestnamespace/route1g",
 	},
 	// --
 
-	// github.com/openshift/origin/pkg/network/apis/network/v1
-	gvr("", "v1", "netnamespaces"): {
-		Stub:             `{"metadata": {"name": "networkname"}, "netid": 100, "netname": "networkname"}`,
-		ExpectedEtcdPath: "openshift.io/registry/sdnnetnamespaces/networkname",
-		ExpectedGVK:      gvkP("network.openshift.io", "v1", "NetNamespace"),
-	},
-	gvr("", "v1", "hostsubnets"): {
-		Stub:             `{"host": "hostname", "hostIP": "192.168.1.1", "metadata": {"name": "hostname"}, "subnet": "192.168.1.0/24"}`,
-		ExpectedEtcdPath: "openshift.io/registry/sdnsubnets/hostname",
-		ExpectedGVK:      gvkP("network.openshift.io", "v1", "HostSubnet"),
-	},
-	gvr("", "v1", "clusternetworks"): {
-		Stub:             `{"metadata": {"name": "cn1"}, "serviceNetwork": "192.168.1.0/24", "clusterNetworks": [{"CIDR": "192.166.0.0/16", "hostSubnetLength": 8}], "vxlan":""}`,
-		ExpectedEtcdPath: "openshift.io/registry/sdnnetworks/cn1",
-		ExpectedGVK:      gvkP("network.openshift.io", "v1", "ClusterNetwork"),
-	},
-	gvr("", "v1", "egressnetworkpolicies"): {
-		Stub:             `{"metadata": {"name": "enp1"}, "spec": {"egress": [{"to": {"cidrSelector": "192.168.1.0/24"}, "type": "Allow"}]}}`,
-		ExpectedEtcdPath: "openshift.io/registry/egressnetworkpolicy/etcdstoragepathtestnamespace/enp1",
-		ExpectedGVK:      gvkP("network.openshift.io", "v1", "EgressNetworkPolicy"),
-	},
-	// --
-
 	// github.com/openshift/origin/pkg/security/apis/security/v1
 	gvr("security.openshift.io", "v1", "securitycontextconstraints"): {
 		Stub:             `{"allowPrivilegedContainer": true, "fsGroup": {"type": "RunAsAny"}, "metadata": {"name": "scc2"}, "runAsUser": {"type": "RunAsAny"}, "seLinuxContext": {"type": "MustRunAs"}, "supplementalGroups": {"type": "RunAsAny"}}`,
@@ -303,11 +172,6 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/template/apis/template/v1
-	gvr("", "v1", "templates"): {
-		Stub:             `{"message": "Jenkins template", "metadata": {"name": "template1"}}`,
-		ExpectedEtcdPath: "openshift.io/templates/etcdstoragepathtestnamespace/template1",
-		ExpectedGVK:      gvkP("template.openshift.io", "v1", "Template"),
-	},
 	gvr("template.openshift.io", "v1", "templates"): {
 		Stub:             `{"message": "Jenkins template", "metadata": {"name": "template1g"}}`,
 		ExpectedEtcdPath: "openshift.io/templates/etcdstoragepathtestnamespace/template1g",
@@ -323,29 +187,14 @@ var openshiftEtcdStorageData = map[schema.GroupVersionResource]etcddata.StorageD
 	// --
 
 	// github.com/openshift/origin/pkg/user/apis/user/v1
-	gvr("", "v1", "groups"): {
-		Stub:             `{"metadata": {"name": "group"}, "users": ["user1", "user2"]}`,
-		ExpectedEtcdPath: "openshift.io/groups/group",
-		ExpectedGVK:      gvkP("user.openshift.io", "v1", "Group"),
-	},
 	gvr("user.openshift.io", "v1", "groups"): {
 		Stub:             `{"metadata": {"name": "groupg"}, "users": ["user1", "user2"]}`,
 		ExpectedEtcdPath: "openshift.io/groups/groupg",
 	},
-	gvr("", "v1", "users"): {
-		Stub:             `{"fullName": "user1", "metadata": {"name": "user1"}}`,
-		ExpectedEtcdPath: "openshift.io/users/user1",
-		ExpectedGVK:      gvkP("user.openshift.io", "v1", "User"),
-	},
 	gvr("user.openshift.io", "v1", "users"): {
 		Stub:             `{"fullName": "user1g", "metadata": {"name": "user1g"}}`,
 		ExpectedEtcdPath: "openshift.io/users/user1g",
 	},
-	gvr("", "v1", "identities"): {
-		Stub:             `{"metadata": {"name": "github:user2"}, "providerName": "github", "providerUserName": "user2"}`,
-		ExpectedEtcdPath: "openshift.io/useridentities/github:user2",
-		ExpectedGVK:      gvkP("user.openshift.io", "v1", "Identity"),
-	},
 	gvr("user.openshift.io", "v1", "identities"): {
 		Stub:             `{"metadata": {"name": "github:user2g"}, "providerName": "github", "providerUserName": "user2g"}`,
 		ExpectedEtcdPath: "openshift.io/useridentities/github:user2g",
@@ -471,15 +320,8 @@ func TestEtcd3StoragePath(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	oapiServerResources := &metav1.APIResourceList{
-		GroupVersion: "v1",
-	}
-	if err := kubeClient.Discovery().RESTClient().Get().AbsPath("oapi", "v1").Do().Into(oapiServerResources); err != nil {
-		t.Fatal(err)
-	}
 	resourcesToPersist := append(
 		etcddata.GetResources(t, serverResources),
-		etcddata.GetResources(t, []*metav1.APIResourceList{oapiServerResources})...,
 	)
 
 	for _, resourceToPersist := range resourcesToPersist {
@@ -698,8 +540,6 @@ type allClient struct {
 func (c *allClient) verb(verb string, gvk schema.GroupVersionKind) (*restclient.Request, error) {
 	apiPath := "/apis"
 	switch {
-	case legacygroupification.IsOAPI(gvk) && gvk != (schema.GroupVersionKind{Group: "", Version: "v1", Kind: "SecurityContextConstraints"}):
-		apiPath = "/oapi"
 	case gvk.Group == kapi.GroupName:
 		apiPath = "/api"
 	}
diff --git a/test/integration/front_proxy_test.go b/test/integration/front_proxy_test.go
index da0757134a33..81724280843c 100644
--- a/test/integration/front_proxy_test.go
+++ b/test/integration/front_proxy_test.go
@@ -164,7 +164,7 @@ func TestFrontProxy(t *testing.T) {
 	} {
 		proxyHTTPHandler.setUser(test.user)
 
-		response, err := http.Get(proxyServer.URL + "/oapi/v1/projects")
+		response, err := http.Get(proxyServer.URL + "/apis/projects.openshift.io/v1/projects")
 		if err != nil {
 			t.Fatal(err)
 		}
diff --git a/test/integration/gc_default_test.go b/test/integration/gc_default_test.go
deleted file mode 100644
index 1eca1bf091e7..000000000000
--- a/test/integration/gc_default_test.go
+++ /dev/null
@@ -1,124 +0,0 @@
-package integration
-
-import (
-	"testing"
-	"time"
-
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/wait"
-	kapi "k8s.io/kubernetes/pkg/apis/core"
-
-	buildv1 "github.com/openshift/api/build/v1"
-	buildv1client "github.com/openshift/client-go/build/clientset/versioned"
-	testutil "github.com/openshift/origin/test/util"
-	testserver "github.com/openshift/origin/test/util/server"
-)
-
-func TestGCDefaults(t *testing.T) {
-	masterConfig, clusterAdminKubeConfig, err := testserver.StartTestMaster()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer testserver.CleanupMasterEtcd(t, masterConfig)
-
-	clusterAdminConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
-	if err != nil {
-		t.Fatal(err)
-	}
-	kubeClient, err := testutil.GetClusterAdminKubeInternalClient(clusterAdminKubeConfig)
-	if err != nil {
-		t.Fatal(err)
-	}
-	newBuildClient, err := buildv1client.NewForConfig(clusterAdminConfig)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	ns := "some-ns-old"
-	if _, _, err := testserver.CreateNewProject(clusterAdminConfig, ns, "adminUser"); err != nil {
-		t.Fatal(err)
-	}
-
-	buildConfig := &buildv1.BuildConfig{}
-	buildConfig.Name = "bc"
-	buildConfig.Spec.RunPolicy = buildv1.BuildRunPolicyParallel
-	buildConfig.GenerateName = "buildconfig-"
-	buildConfig.Spec.Strategy = strategyForType(t, "source")
-	buildConfig.Spec.Source.Git = &buildv1.GitBuildSource{URI: "example.org"}
-
-	firstBuildConfig, err := newBuildClient.Build().BuildConfigs(ns).Create(buildConfig)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	childConfigMap := &kapi.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{Namespace: ns, Name: "child"},
-	}
-	childConfigMap.OwnerReferences = append(childConfigMap.OwnerReferences, metav1.OwnerReference{
-		APIVersion: "build.openshift.io/v1",
-		Kind:       "BuildConfig",
-		Name:       firstBuildConfig.Name,
-		UID:        firstBuildConfig.UID,
-	})
-
-	if _, err := kubeClient.Core().ConfigMaps(ns).Create(childConfigMap); err != nil {
-		t.Fatal(err)
-	}
-	// we need to make sure that the GC graph has observed the creation of the configmap *before* it observes the delete of
-	// the buildconfig or the orphaning step won't find anything to orphan, then the delete will complete, the configmap
-	// creation will be observed, there will be no parent, and the configmap will be deleted.
-	// There is no API to determine if the configmap was observed.
-	time.Sleep(3 * time.Second)
-
-	// this looks weird, but we want no new dependencies on the old client
-	if err := newBuildClient.Build().RESTClient().Delete().AbsPath("/oapi/v1/namespaces/" + ns + "/buildconfigs/" + buildConfig.Name).Do().Error(); err != nil {
-		t.Fatal(err)
-	}
-
-	// the /oapi endpoints should orphan by default
-	// wait for a bit and make sure that the build is still there
-	time.Sleep(6 * time.Second)
-	childConfigMap, err = kubeClient.Core().ConfigMaps(ns).Get(childConfigMap.Name, metav1.GetOptions{})
-	if err != nil {
-		t.Error(err)
-	}
-
-	if bc, err := newBuildClient.Build().BuildConfigs(ns).Get(buildConfig.Name, metav1.GetOptions{}); !apierrors.IsNotFound(err) {
-		t.Fatalf("%v and %#v", err, bc)
-	}
-
-	secondBuildConfig, err := newBuildClient.Build().BuildConfigs(ns).Create(buildConfig)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	childConfigMap.OwnerReferences = append(childConfigMap.OwnerReferences, metav1.OwnerReference{
-		APIVersion: "build.openshift.io/v1",
-		Kind:       "BuildConfig",
-		Name:       secondBuildConfig.Name,
-		UID:        secondBuildConfig.UID,
-	})
-	if _, err := kubeClient.Core().ConfigMaps(ns).Update(childConfigMap); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := newBuildClient.Build().BuildConfigs(ns).Delete(secondBuildConfig.Name, nil); err != nil {
-		t.Fatal(err)
-	}
-
-	err = wait.PollImmediate(30*time.Millisecond, 10*time.Second, func() (bool, error) {
-		_, err := kubeClient.Core().ConfigMaps(ns).Get(childConfigMap.Name, metav1.GetOptions{})
-		if apierrors.IsNotFound(err) {
-			return true, nil
-		}
-		if err != nil {
-			return false, err
-		}
-		return false, nil
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
diff --git a/test/integration/master_routes_test.go b/test/integration/master_routes_test.go
index 8506ed097364..83d41ee20063 100644
--- a/test/integration/master_routes_test.go
+++ b/test/integration/master_routes_test.go
@@ -122,7 +122,6 @@ var expectedIndex = []string{
 	"/healthz/poststarthook/start-kube-apiserver-admission-initializer",
 	"/healthz/poststarthook/start-kube-apiserver-informers",
 	"/metrics",
-	"/oapi",
 	"/openapi/v2",
 	"/swagger-2.0.0.json",
 	"/swagger-2.0.0.pb-v1",
diff --git a/test/integration/webhook_test.go b/test/integration/webhook_test.go
index 971190d42b4c..052251986802 100644
--- a/test/integration/webhook_test.go
+++ b/test/integration/webhook_test.go
@@ -64,9 +64,9 @@ func TestWebhook(t *testing.T) {
 			Payload:    "generic/testdata/push-generic.json",
 			HeaderFunc: genericHeaderFunc,
 			URLs: []string{
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret200/generic",
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret201/generic",
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret202/generic",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret200/generic",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret201/generic",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret202/generic",
 			},
 		},
 		{
@@ -74,9 +74,9 @@ func TestWebhook(t *testing.T) {
 			Payload:    "github/testdata/pushevent.json",
 			HeaderFunc: githubHeaderFunc,
 			URLs: []string{
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret100/github",
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github",
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret102/github",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret100/github",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret102/github",
 			},
 		},
 		{
@@ -84,9 +84,9 @@ func TestWebhook(t *testing.T) {
 			Payload:    "gitlab/testdata/pushevent.json",
 			HeaderFunc: gitlabHeaderFunc,
 			URLs: []string{
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret300/gitlab",
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret301/gitlab",
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret302/gitlab",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret300/gitlab",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret301/gitlab",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret302/gitlab",
 			},
 		},
 		{
@@ -94,9 +94,9 @@ func TestWebhook(t *testing.T) {
 			Payload:    "bitbucket/testdata/pushevent.json",
 			HeaderFunc: bitbucketHeaderFunc,
 			URLs: []string{
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret400/bitbucket",
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret401/bitbucket",
-				"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret402/bitbucket",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret400/bitbucket",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret401/bitbucket",
+				"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret402/bitbucket",
 			},
 		},
 	}
@@ -206,9 +206,9 @@ func TestWebhookGitHubPushWithImage(t *testing.T) {
 	}
 
 	for _, s := range []string{
-		"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret100/github",
-		"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github",
-		"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret102/github",
+		"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret100/github",
+		"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github",
+		"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret102/github",
 	} {
 
 		// trigger build event sending push notification
@@ -324,7 +324,7 @@ func TestWebhookGitHubPushWithImageStream(t *testing.T) {
 	}
 	defer watch.Stop()
 
-	s := "/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github"
+	s := "/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github"
 
 	// trigger build event sending push notification
 	postFile(clusterAdminBuildClient.RESTClient(), githubHeaderFunc, "github/testdata/pushevent.json", clusterAdminClientConfig.Host+s, http.StatusOK, t)
@@ -385,9 +385,9 @@ func TestWebhookGitHubPing(t *testing.T) {
 	defer watch.Stop()
 
 	for _, s := range []string{
-		"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github",
-		"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret100/github",
-		"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret102/github",
+		"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github",
+		"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret100/github",
+		"/apis/build.openshift.io/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret102/github",
 	} {
 		// trigger build event sending push notification
 		clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
diff --git a/vendor/k8s.io/kubernetes/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go b/vendor/k8s.io/kubernetes/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go
index 62f81800ebf4..81555cf4602e 100644
--- a/vendor/k8s.io/kubernetes/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go
+++ b/vendor/k8s.io/kubernetes/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go
@@ -261,12 +261,6 @@ func (s *APIAggregator) AddAPIService(apiService *apiregistration.APIService) er
 	s.GenericAPIServer.Handler.NonGoRestfulMux.Handle(proxyPath, proxyHandler)
 	s.GenericAPIServer.Handler.NonGoRestfulMux.UnlistedHandlePrefix(proxyPath+"/", proxyHandler)
 
-	// this exists to proxy /oapi
-	if apiService.Spec.Group == "apps.openshift.io" {
-		s.GenericAPIServer.Handler.NonGoRestfulMux.Handle("/oapi", proxyHandler)
-		s.GenericAPIServer.Handler.NonGoRestfulMux.UnlistedHandlePrefix("/oapi/", proxyHandler)
-	}
-
 	// if we're dealing with the legacy group, we're done here
 	if apiService.Name == legacyAPIServiceName {
 		return nil