kubernetes/plugin/pkg/admission/certificates/util.go

// IsAuthorizedForSignerName returns true if 'info' is authorized to perform the given
// 'verb' on the synthetic 'signers' resource with the given signerName.
// If the user does not have permission to perform the 'verb' on the given signerName,
// it will also perform an authorization check against {domain portion}/*, for example
// `kubernetes.io/*`. This allows an entity to be granted permission to 'verb' on all
// signerNames with a given 'domain portion'.
func IsAuthorizedForSignerName(ctx context.Context, authz authorizer.Authorizer, info user.Info, verb, signerName string) bool {}

func buildAttributes(info user.Info, verb, signerName string) authorizer.Attributes {}

func buildWildcardAttributes(info user.Info, verb, signerName string) authorizer.Attributes {}