policy-rules | Add CLI flag that enables merging duplicate or overlapping rules
gadinaor opened this issue · comments
The first 3 rules should can be collapsed into 1 rule
TYPE | SUBJECT | VERBS | NAMESPACE | API GROUP | KIND | NAMES | NONRESOURCEURI | ORIGINATED FROM
+----------------+---------------+-------+-------------+-----------+---------+-------------+----------------+--------------------------------+
ServiceAccount | the-test-user | get | policyrules | core | * | | | Roles>>policyrules/some-rules
ServiceAccount | the-test-user | get | policyrules | core | * | | | Roles>>policyrules/more-rules
ServiceAccount | the-test-user | get | policyrules | core | secrets | some-secret | | Roles>>policyrules/some-rules
ServiceAccount | the-test-user | get | policyrules | core | secrets | | | Roles>>policyrules/more-rules
ServiceAccount | the-test-user | list | policyrules | core | secrets | some-secret | | Roles>>policyrules/some-rules
ServiceAccount | the-test-user | watch | policyrules | core | secrets | some-secret | | Roles>>policyrules/some-rules
Why is this needed:
Having that functionality can reduce the # of rules one needs to review. It only refers to the actual and effective policy