func newAuthorizer(policyClient policyclient.ReadOnlyPolicyClient, projectRequestDenyMessage string) authorizer.Authorizer { authorizer := authorizer.NewAuthorizer(rulevalidation.NewDefaultRuleResolver( rulevalidation.PolicyGetter(policyClient), rulevalidation.BindingLister(policyClient), rulevalidation.ClusterPolicyGetter(policyClient), rulevalidation.ClusterBindingLister(policyClient), ), authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage)) return authorizer }
func newAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, informerFactory shared.InformerFactory, projectRequestDenyMessage string) authorizer.Authorizer { messageMaker := authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage) roleBasedAuthorizer := authorizer.NewAuthorizer(ruleResolver, messageMaker) scopeLimitedAuthorizer := scope.NewAuthorizer(roleBasedAuthorizer, informerFactory.ClusterPolicies().Lister().ClusterPolicies(), messageMaker) return scopeLimitedAuthorizer }
func newAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, policyClient policyclient.ReadOnlyPolicyClient, projectRequestDenyMessage string) authorizer.Authorizer { messageMaker := authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage) roleBasedAuthorizer := authorizer.NewAuthorizer(ruleResolver, messageMaker) scopeLimitedAuthorizer := scope.NewAuthorizer(roleBasedAuthorizer, policyClient, messageMaker) return scopeLimitedAuthorizer }