/
authorizer.go
26 lines (23 loc) · 1.16 KB
/
authorizer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
package openshiftapiserver
import (
rbacinformers "k8s.io/client-go/informers/rbac/v1"
rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation"
rbacauthorizer "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac"
)
func NewRuleResolver(informers rbacinformers.Interface) rbacregistryvalidation.AuthorizationRuleResolver {
return rbacregistryvalidation.NewDefaultRuleResolver(
&rbacauthorizer.RoleGetter{Lister: informers.Roles().Lister()},
&rbacauthorizer.RoleBindingLister{Lister: informers.RoleBindings().Lister()},
&rbacauthorizer.ClusterRoleGetter{Lister: informers.ClusterRoles().Lister()},
&rbacauthorizer.ClusterRoleBindingLister{Lister: informers.ClusterRoleBindings().Lister()},
)
}
func NewSubjectLocator(informers rbacinformers.Interface) rbacauthorizer.SubjectLocator {
return rbacauthorizer.NewSubjectAccessEvaluator(
&rbacauthorizer.RoleGetter{Lister: informers.Roles().Lister()},
&rbacauthorizer.RoleBindingLister{Lister: informers.RoleBindings().Lister()},
&rbacauthorizer.ClusterRoleGetter{Lister: informers.ClusterRoles().Lister()},
&rbacauthorizer.ClusterRoleBindingLister{Lister: informers.ClusterRoleBindings().Lister()},
"",
)
}