current atomic.Pointer[authorizerResolver]
}

type authorizerResolver struct {
	authorizer   authorizer.Authorizer
	ruleResolver authorizer.RuleResolver
}

func (r *reloadableAuthorizerResolver) Authorize(ctx context.Context, a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error) {
	return r.current.Load().authorizer.Authorize(ctx, a)
}

	"k8s.io/apiserver/pkg/authorization/authorizer"
)

type authzResult struct {
	authorized authorizer.Decision
	reason     string
	err        error
}

type cachingAuthorizer struct {
	authorizer authorizer.Authorizer
	decisions  map[string]authzResult
}

func newCachingAuthorizer(in authorizer.Authorizer) authorizer.Authorizer {
	return &cachingAuthorizer{
		authorizer: in,

		return authorizer.DecisionAllow, "", nil
	}
	return authorizer.DecisionNoOpinion, "", nil
}

// authorizeStatusUpdate authorizes get/update/patch requests to status subresources of the specified type if they are related to the specified node
func (r *NodeAuthorizer) authorizeStatusUpdate(nodeName string, startingType vertexType, attrs authorizer.Attributes) (authorizer.Decision, string, error) {

	GetSubresource() string
}

func NewAuthorizerVal(userInfo user.Info, authorizer authorizer.Authorizer) ref.Val {
	return authorizerVal{receiverOnlyObjectVal: receiverOnlyVal(AuthorizerType), userInfo: userInfo, authAuthorizer: authorizer}
}

func NewResourceAuthorizerVal(userInfo user.Info, authorizer authorizer.Authorizer, requestResource Resource) ref.Val {

			serv.statusCode = test.statusCode
			authorized, _, err := wh.Authorize(context.Background(), test.attr)
			if test.expectedErr && err == nil {
				t.Fatalf("%d: Expected error", i)
			} else if !test.expectedErr && err != nil {
				t.Fatalf("%d: unexpected error: %v", i, err)
			}

			if test.expectedAuthorized != (authorized == authorizer.DecisionAllow) {

		}
		seenModes.Insert(authorizer.Type)

		expectedName := GetNameForAuthorizerMode(string(authorizer.Type))
		if expectedName != authorizer.Name {
			allErrors = append(allErrors, fmt.Errorf("expected name %s for authorizer %s instead of %s", expectedName, authorizer.Type, authorizer.Name))
		}

	}

	if missingTypes := requireNonWebhookTypes.Difference(seenModes); missingTypes.Len() > 0 {

			auth: func(ctx context.Context, a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error) {
				return authorizer.DecisionDeny, "", nil
			},
		},
		{
			name:     "authorized",
			userInfo: &user.DefaultInfo{Groups: []string{user.AllAuthenticated}},
			auth: func(ctx context.Context, a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error) {

	RegisterMetrics()
	return &instrumentedAuthorizer{
		authorizerType: string(authorizerType),
		authorizerName: authorizerName,
		delegate:       delegate,
	}
}

type instrumentedAuthorizer struct {
	authorizerType string
	authorizerName string
	delegate       authorizer.Authorizer
}

		User      user.Info
		Secret    string
		ConfigMap string
		Decision  authorizer.Decision
	}{
		{User: node1, Decision: authorizer.DecisionAllow, Secret: "node1-only"},
		{User: node1, Decision: authorizer.DecisionAllow, Secret: "node1-node2-only"},
		{User: node1, Decision: authorizer.DecisionAllow, Secret: "shared-all"},

		{User: node2, Decision: authorizer.DecisionNoOpinion, Secret: "node1-only"},

			t.Fatal(err)
		}
		authorizationDecisionsTotal.Reset()
	}

}

type dummyAuthorizer struct {
	decision authorizer.Decision
	err      error
}

func (d *dummyAuthorizer) Authorize(ctx context.Context, attrs authorizer.Attributes) (authorizer.Decision, string, error) {
	return d.decision, "", d.err