func newAuthorizer(policyClient policyclient.ReadOnlyPolicyClient, projectRequestDenyMessage string) authorizer.Authorizer {
authorizer := authorizer.NewAuthorizer(rulevalidation.NewDefaultRuleResolver(
rulevalidation.PolicyGetter(policyClient),
rulevalidation.BindingLister(policyClient),
rulevalidation.ClusterPolicyGetter(policyClient),
rulevalidation.ClusterBindingLister(policyClient),
), authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage))
return authorizer
}
func newAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, informerFactory shared.InformerFactory, projectRequestDenyMessage string) authorizer.Authorizer {
messageMaker := authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage)
roleBasedAuthorizer := authorizer.NewAuthorizer(ruleResolver, messageMaker)
scopeLimitedAuthorizer := scope.NewAuthorizer(roleBasedAuthorizer, informerFactory.ClusterPolicies().Lister().ClusterPolicies(), messageMaker)
return scopeLimitedAuthorizer
}
func newAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, policyClient policyclient.ReadOnlyPolicyClient, projectRequestDenyMessage string) authorizer.Authorizer {
messageMaker := authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage)
roleBasedAuthorizer := authorizer.NewAuthorizer(ruleResolver, messageMaker)
scopeLimitedAuthorizer := scope.NewAuthorizer(roleBasedAuthorizer, policyClient, messageMaker)
return scopeLimitedAuthorizer
}