func makeTestStorage() rolebindingregistry.Storage {
clusterBindingRegistry := test.NewClusterPolicyBindingRegistry(testNewClusterBindings(), nil)
bindingRegistry := test.NewPolicyBindingRegistry(testNewLocalBindings(), nil)
clusterPolicyRegistry := test.NewClusterPolicyRegistry(testNewClusterPolicies(), nil)
policyRegistry := test.NewPolicyRegistry([]authorizationapi.Policy{}, nil)
return NewVirtualStorage(policyRegistry, bindingRegistry, clusterPolicyRegistry, clusterBindingRegistry)
}
func (test *subjectsTest) test(t *testing.T) {
policyRegistry := testpolicyregistry.NewPolicyRegistry(test.policies, test.policyRetrievalError)
policyBindingRegistry := testpolicyregistry.NewPolicyBindingRegistry(test.bindings, test.bindingRetrievalError)
clusterPolicyRegistry := testpolicyregistry.NewClusterPolicyRegistry(test.clusterPolicies, test.policyRetrievalError)
clusterPolicyBindingRegistry := testpolicyregistry.NewClusterPolicyBindingRegistry(test.clusterBindings, test.bindingRetrievalError)
authorizer := NewAuthorizer(rulevalidation.NewDefaultRuleResolver(policyRegistry, policyBindingRegistry, clusterPolicyRegistry, clusterPolicyBindingRegistry), NewForbiddenMessageResolver(""))
actualUsers, actualGroups, actualError := authorizer.GetAllowedSubjects(test.context, *test.attributes)
matchStringSlice(test.expectedUsers.List(), actualUsers.List(), "users", t)
matchStringSlice(test.expectedGroups.List(), actualGroups.List(), "groups", t)
matchError(test.expectedError, actualError, "error", t)
}
func makeLocalTestStorage() roleregistry.Storage {
policyRegistry := test.NewPolicyRegistry(testNewLocalPolicies(), nil)
return NewVirtualStorage(policyRegistry)
}