// IsAuthorizedForSignerName returns true if 'info' is authorized to perform the given // 'verb' on the synthetic 'signers' resource with the given signerName. // If the user does not have permission to perform the 'verb' on the given signerName, // it will also perform an authorization check against {domain portion}/*, for example // `kubernetes.io/*`. This allows an entity to be granted permission to 'verb' on all // signerNames with a given 'domain portion'. func IsAuthorizedForSignerName(ctx context.Context, authz authorizer.Authorizer, info user.Info, verb, signerName string) bool { … } func buildAttributes(info user.Info, verb, signerName string) authorizer.Attributes { … } func buildWildcardAttributes(info user.Info, verb, signerName string) authorizer.Attributes { … }