kubernetes/staging/src/k8s.io/component-helpers/auth/rbac/validation/policy_comparator.go

// Covers determines whether or not the ownerRules cover the servantRules in terms of allowed actions.
// It returns whether or not the ownerRules cover and a list of the rules that the ownerRules do not cover.
func Covers(ownerRules, servantRules []rbacv1.PolicyRule) (bool, []rbacv1.PolicyRule) {}

// BreadownRule takes a rule and builds an equivalent list of rules that each have at most one verb, one
// resource, and one resource name
func BreakdownRule(rule rbacv1.PolicyRule) []rbacv1.PolicyRule {}

func has(set []string, ele string) bool {}

func hasAll(set, contains []string) bool {}

func resourceCoversAll(setResources, coversResources []string) bool {}

func nonResourceURLsCoversAll(set, covers []string) bool {}

func nonResourceURLCovers(ownerPath, subPath string) bool {}

// ruleCovers determines whether the ownerRule (which may have multiple verbs, resources, and resourceNames) covers
// the subrule (which may only contain at most one verb, resource, and resourceName)
func ruleCovers(ownerRule, subRule rbacv1.PolicyRule) bool {}