func newProjectAuthorizationCache(authorizer authorizer.Authorizer, kubeClient *kclient.Client, informerFactory shared.InformerFactory) *projectauth.AuthorizationCache {
return projectauth.NewAuthorizationCache(
projectauth.NewAuthorizerReviewer(authorizer),
kubeClient.Namespaces(),
informerFactory.ClusterPolicies().Lister(),
informerFactory.ClusterPolicyBindings().Lister(),
informerFactory.Policies().Lister(),
informerFactory.PolicyBindings().Lister(),
)
}
func newAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, informerFactory shared.InformerFactory, projectRequestDenyMessage string) authorizer.Authorizer {
messageMaker := authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage)
roleBasedAuthorizer := authorizer.NewAuthorizer(ruleResolver, messageMaker)
scopeLimitedAuthorizer := scope.NewAuthorizer(roleBasedAuthorizer, informerFactory.ClusterPolicies().Lister().ClusterPolicies(), messageMaker)
return scopeLimitedAuthorizer
}
