type simpleResource … // CompactRules combines rules that contain a single APIGroup/Resource, differ only by verb, and contain no other attributes. // this is a fast check, and works well with the decomposed "missing rules" list from a Covers check. func CompactRules(rules []rbacv1.PolicyRule) ([]rbacv1.PolicyRule, error) { … } // isSimpleResourceRule returns true if the given rule contains verbs, a single resource, a single API group, at most one Resource Name, and no other values func isSimpleResourceRule(rule *rbacv1.PolicyRule) (simpleResource, bool) { … } // BreakdownRule takes a rule and builds an equivalent list of rules that each have at most one verb, one // resource, and one resource name func BreakdownRule(rule rbacv1.PolicyRule) []rbacv1.PolicyRule { … } type SortableRuleSlice … func (s SortableRuleSlice) Len() int { … } func (s SortableRuleSlice) Swap(i, j int) { … } func (s SortableRuleSlice) Less(i, j int) bool { … }