func newProjectAuthorizationCache(authorizer authorizer.Authorizer, kubeClient *kclient.Client, informerFactory shared.InformerFactory) *projectauth.AuthorizationCache { return projectauth.NewAuthorizationCache( projectauth.NewAuthorizerReviewer(authorizer), kubeClient.Namespaces(), informerFactory.ClusterPolicies().Lister(), informerFactory.ClusterPolicyBindings().Lister(), informerFactory.Policies().Lister(), informerFactory.PolicyBindings().Lister(), ) }
func newAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, informerFactory shared.InformerFactory, projectRequestDenyMessage string) authorizer.Authorizer { messageMaker := authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage) roleBasedAuthorizer := authorizer.NewAuthorizer(ruleResolver, messageMaker) scopeLimitedAuthorizer := scope.NewAuthorizer(roleBasedAuthorizer, informerFactory.ClusterPolicies().Lister().ClusterPolicies(), messageMaker) return scopeLimitedAuthorizer }