@@ -15686,6 +15686,102 @@

     ]

    },

    {

+    "path": "/oapi/v1/namespaces/{namespace}/selfsubjectrulesreviews",

+    "description": "OpenShift REST API, version v1",

+    "operations": [

+     {

+      "type": "v1.SelfSubjectRulesReview",

+      "method": "POST",

+      "summary": "create a SelfSubjectRulesReview",

+      "nickname": "createNamespacedSelfSubjectRulesReview",

+      "parameters": [

+       {

+        "type": "string",

+        "paramType": "query",

+        "name": "pretty",

+        "description": "If 'true', then the output is pretty printed.",

+        "required": false,

+        "allowMultiple": false

+       },

+       {

+        "type": "v1.SelfSubjectRulesReview",

+        "paramType": "body",

+        "name": "body",

+        "description": "",

+        "required": true,

+        "allowMultiple": false

+       },

+       {

+        "type": "string",

+        "paramType": "path",

+        "name": "namespace",

+        "description": "object name and auth scope, such as for teams and projects",

+        "required": true,

+        "allowMultiple": false

+       }

+      ],

+      "responseMessages": [

+       {

+        "code": 200,

+        "message": "OK",

+        "responseModel": "v1.SelfSubjectRulesReview"

+       }

+      ],

+      "produces": [

+       "application/json",

+       "application/yaml"

+      ],

+      "consumes": [

+       "*/*"

+      ]

+     }

+    ]

+   },

+   {

+    "path": "/oapi/v1/selfsubjectrulesreviews",

+    "description": "OpenShift REST API, version v1",

+    "operations": [

+     {

+      "type": "v1.SelfSubjectRulesReview",

+      "method": "POST",

+      "summary": "create a SelfSubjectRulesReview",

+      "nickname": "createNamespacedSelfSubjectRulesReview",

+      "parameters": [

+       {

+        "type": "string",

+        "paramType": "query",

+        "name": "pretty",

+        "description": "If 'true', then the output is pretty printed.",

+        "required": false,

+        "allowMultiple": false

+       },

+       {

+        "type": "v1.SelfSubjectRulesReview",

+        "paramType": "body",

+        "name": "body",

+        "description": "",

+        "required": true,

+        "allowMultiple": false

+       }

+      ],

+      "responseMessages": [

+       {

+        "code": 200,

+        "message": "OK",

+        "responseModel": "v1.SelfSubjectRulesReview"

+       }

+      ],

+      "produces": [

+       "application/json",

+       "application/yaml"

+      ],

+      "consumes": [

+       "*/*"

+      ]

+     }

+    ]

+   },

+   {

     "path": "/oapi/v1/namespaces/{namespace}/subjectaccessreviews",

     "description": "OpenShift REST API, version v1",

     "operations": [

@@ -22610,6 +22706,44 @@

      }

     }

    },

+   "v1.SelfSubjectRulesReview": {

+    "id": "v1.SelfSubjectRulesReview",

+    "description": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace",

+    "properties": {

+     "kind": {

+      "type": "string",

+      "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds"

+     },

+     "apiVersion": {

+      "type": "string",

+      "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources"

+     },

+     "status": {

+      "$ref": "v1.SubjectRulesReviewStatus",

+      "description": "Status is completed by the server to tell which permissions you have"

+     }

+    }

+   },

+   "v1.SubjectRulesReviewStatus": {

+    "id": "v1.SubjectRulesReviewStatus",

+    "description": "SubjectRulesReviewStatus is contains the result of a rules check",

+    "required": [

+     "rules"

+    ],

+    "properties": {

+     "rules": {

+      "type": "array",

+      "items": {

+       "$ref": "v1.PolicyRule"

+      },

+      "description": "Rules is the list of rules (no particular sort) that are allowed for the subject"

+     },

+     "evaluationError": {

+      "type": "string",

+      "description": "EvaluationError can appear in combination with Rules.  It means some error happened during evaluation that may have prevented additional rules from being populated."

+     }

+    }

+   },

    "v1.SubjectAccessReview": {

     "id": "v1.SubjectAccessReview",

     "description": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action",

@@ -7216,6 +7216,46 @@ _oc_policy_who-can()

     must_have_one_noun=()

 }

+_oc_policy_what-can-i-do()

+{

+    last_command="oc_policy_what-can-i-do"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--google-json-key=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+}

+

 _oc_policy_add-role-to-user()

 {

     last_command="oc_policy_add-role-to-user"

@@ -7469,6 +7509,7 @@ _oc_policy()

     last_command="oc_policy"

     commands=()

     commands+=("who-can")

+    commands+=("what-can-i-do")

     commands+=("add-role-to-user")

     commands+=("remove-role-from-user")

     commands+=("remove-user")

@@ -10801,6 +10801,46 @@ _openshift_cli_policy_who-can()

     must_have_one_noun=()

 }

+_openshift_cli_policy_what-can-i-do()

+{

+    last_command="openshift_cli_policy_what-can-i-do"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--google-json-key=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+}

+

 _openshift_cli_policy_add-role-to-user()

 {

     last_command="openshift_cli_policy_add-role-to-user"

@@ -11054,6 +11094,7 @@ _openshift_cli_policy()

     last_command="openshift_cli_policy"

     commands=()

     commands+=("who-can")

+    commands+=("what-can-i-do")

     commands+=("add-role-to-user")

     commands+=("remove-role-from-user")

     commands+=("remove-user")

@@ -632,6 +632,18 @@ func deepCopy_api_RoleList(in api.RoleList, out *api.RoleList, c *conversion.Clo

 	return nil

 }

+func deepCopy_api_SelfSubjectRulesReview(in api.SelfSubjectRulesReview, out *api.SelfSubjectRulesReview, c *conversion.Cloner) error {

+	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

+		return err

+	} else {

+		out.TypeMeta = newVal.(unversioned.TypeMeta)

+	}

+	if err := deepCopy_api_SubjectRulesReviewStatus(in.Status, &out.Status, c); err != nil {

+		return err

+	}

+	return nil

+}

+

 func deepCopy_api_SubjectAccessReview(in api.SubjectAccessReview, out *api.SubjectAccessReview, c *conversion.Cloner) error {

 	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

 		return err

@@ -669,6 +681,21 @@ func deepCopy_api_SubjectAccessReviewResponse(in api.SubjectAccessReviewResponse

 	return nil

 }

+func deepCopy_api_SubjectRulesReviewStatus(in api.SubjectRulesReviewStatus, out *api.SubjectRulesReviewStatus, c *conversion.Cloner) error {

+	if in.Rules != nil {

+		out.Rules = make([]api.PolicyRule, len(in.Rules))

+		for i := range in.Rules {

+			if err := deepCopy_api_PolicyRule(in.Rules[i], &out.Rules[i], c); err != nil {

+				return err

+			}

+		}

+	} else {

+		out.Rules = nil

+	}

+	out.EvaluationError = in.EvaluationError

+	return nil

+}

+

 func deepCopy_api_BinaryBuildRequestOptions(in buildapi.BinaryBuildRequestOptions, out *buildapi.BinaryBuildRequestOptions, c *conversion.Cloner) error {

 	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

 		return err

@@ -3316,8 +3343,10 @@ func init() {

 		deepCopy_api_RoleBinding,

 		deepCopy_api_RoleBindingList,

 		deepCopy_api_RoleList,

+		deepCopy_api_SelfSubjectRulesReview,

 		deepCopy_api_SubjectAccessReview,

 		deepCopy_api_SubjectAccessReviewResponse,

+		deepCopy_api_SubjectRulesReviewStatus,

 		deepCopy_api_BinaryBuildRequestOptions,

 		deepCopy_api_BinaryBuildSource,

 		deepCopy_api_Build,

@@ -457,6 +457,20 @@ func Convert_api_RoleList_To_v1_RoleList(in *authorizationapi.RoleList, out *aut

 	return autoConvert_api_RoleList_To_v1_RoleList(in, out, s)

 }

+func autoConvert_api_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview(in *authorizationapi.SelfSubjectRulesReview, out *authorizationapiv1.SelfSubjectRulesReview, s conversion.Scope) error {

+	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

+		defaulting.(func(*authorizationapi.SelfSubjectRulesReview))(in)

+	}

+	if err := Convert_api_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(&in.Status, &out.Status, s); err != nil {

+		return err

+	}

+	return nil

+}

+

+func Convert_api_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview(in *authorizationapi.SelfSubjectRulesReview, out *authorizationapiv1.SelfSubjectRulesReview, s conversion.Scope) error {

+	return autoConvert_api_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview(in, out, s)

+}

+

 func autoConvert_api_SubjectAccessReview_To_v1_SubjectAccessReview(in *authorizationapi.SubjectAccessReview, out *authorizationapiv1.SubjectAccessReview, s conversion.Scope) error {

 	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

 		defaulting.(func(*authorizationapi.SubjectAccessReview))(in)

@@ -481,6 +495,28 @@ func Convert_api_SubjectAccessReviewResponse_To_v1_SubjectAccessReviewResponse(i

 	return autoConvert_api_SubjectAccessReviewResponse_To_v1_SubjectAccessReviewResponse(in, out, s)

 }

+func autoConvert_api_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(in *authorizationapi.SubjectRulesReviewStatus, out *authorizationapiv1.SubjectRulesReviewStatus, s conversion.Scope) error {

+	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

+		defaulting.(func(*authorizationapi.SubjectRulesReviewStatus))(in)

+	}

+	if in.Rules != nil {

+		out.Rules = make([]authorizationapiv1.PolicyRule, len(in.Rules))

+		for i := range in.Rules {

+			if err := authorizationapiv1.Convert_api_PolicyRule_To_v1_PolicyRule(&in.Rules[i], &out.Rules[i], s); err != nil {

+				return err

+			}

+		}

+	} else {

+		out.Rules = nil

+	}

+	out.EvaluationError = in.EvaluationError

+	return nil

+}

+

+func Convert_api_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(in *authorizationapi.SubjectRulesReviewStatus, out *authorizationapiv1.SubjectRulesReviewStatus, s conversion.Scope) error {

+	return autoConvert_api_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(in, out, s)

+}

+

 func autoConvert_v1_ClusterPolicy_To_api_ClusterPolicy(in *authorizationapiv1.ClusterPolicy, out *authorizationapi.ClusterPolicy, s conversion.Scope) error {

 	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

 		defaulting.(func(*authorizationapiv1.ClusterPolicy))(in)

@@ -910,6 +946,20 @@ func Convert_v1_RoleList_To_api_RoleList(in *authorizationapiv1.RoleList, out *a

 	return autoConvert_v1_RoleList_To_api_RoleList(in, out, s)

 }

+func autoConvert_v1_SelfSubjectRulesReview_To_api_SelfSubjectRulesReview(in *authorizationapiv1.SelfSubjectRulesReview, out *authorizationapi.SelfSubjectRulesReview, s conversion.Scope) error {

+	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

+		defaulting.(func(*authorizationapiv1.SelfSubjectRulesReview))(in)

+	}

+	if err := Convert_v1_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus(&in.Status, &out.Status, s); err != nil {

+		return err

+	}

+	return nil

+}

+

+func Convert_v1_SelfSubjectRulesReview_To_api_SelfSubjectRulesReview(in *authorizationapiv1.SelfSubjectRulesReview, out *authorizationapi.SelfSubjectRulesReview, s conversion.Scope) error {

+	return autoConvert_v1_SelfSubjectRulesReview_To_api_SelfSubjectRulesReview(in, out, s)

+}

+

 func autoConvert_v1_SubjectAccessReview_To_api_SubjectAccessReview(in *authorizationapiv1.SubjectAccessReview, out *authorizationapi.SubjectAccessReview, s conversion.Scope) error {

 	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

 		defaulting.(func(*authorizationapiv1.SubjectAccessReview))(in)

@@ -934,6 +984,28 @@ func Convert_v1_SubjectAccessReviewResponse_To_api_SubjectAccessReviewResponse(i

 	return autoConvert_v1_SubjectAccessReviewResponse_To_api_SubjectAccessReviewResponse(in, out, s)

 }

+func autoConvert_v1_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus(in *authorizationapiv1.SubjectRulesReviewStatus, out *authorizationapi.SubjectRulesReviewStatus, s conversion.Scope) error {

+	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

+		defaulting.(func(*authorizationapiv1.SubjectRulesReviewStatus))(in)

+	}

+	if in.Rules != nil {

+		out.Rules = make([]authorizationapi.PolicyRule, len(in.Rules))

+		for i := range in.Rules {

+			if err := authorizationapiv1.Convert_v1_PolicyRule_To_api_PolicyRule(&in.Rules[i], &out.Rules[i], s); err != nil {

+				return err

+			}

+		}

+	} else {

+		out.Rules = nil

+	}

+	out.EvaluationError = in.EvaluationError

+	return nil

+}

+

+func Convert_v1_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus(in *authorizationapiv1.SubjectRulesReviewStatus, out *authorizationapi.SubjectRulesReviewStatus, s conversion.Scope) error {

+	return autoConvert_v1_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus(in, out, s)

+}

+

 func autoConvert_api_BinaryBuildRequestOptions_To_v1_BinaryBuildRequestOptions(in *buildapi.BinaryBuildRequestOptions, out *v1.BinaryBuildRequestOptions, s conversion.Scope) error {

 	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

 		defaulting.(func(*buildapi.BinaryBuildRequestOptions))(in)

@@ -9097,11 +9169,13 @@ func init() {

 		autoConvert_api_SecretSpec_To_v1_SecretSpec,

 		autoConvert_api_SecretVolumeSource_To_v1_SecretVolumeSource,

 		autoConvert_api_SecurityContext_To_v1_SecurityContext,

+		autoConvert_api_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview,

 		autoConvert_api_SourceBuildStrategy_To_v1_SourceBuildStrategy,

 		autoConvert_api_SourceControlUser_To_v1_SourceControlUser,

 		autoConvert_api_SourceRevision_To_v1_SourceRevision,

 		autoConvert_api_SubjectAccessReviewResponse_To_v1_SubjectAccessReviewResponse,

 		autoConvert_api_SubjectAccessReview_To_v1_SubjectAccessReview,

+		autoConvert_api_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus,

 		autoConvert_api_TCPSocketAction_To_v1_TCPSocketAction,

 		autoConvert_api_TLSConfig_To_v1_TLSConfig,

 		autoConvert_api_TagEventCondition_To_v1_TagEventCondition,

@@ -9277,11 +9351,13 @@ func init() {

 		autoConvert_v1_SecretSpec_To_api_SecretSpec,

 		autoConvert_v1_SecretVolumeSource_To_api_SecretVolumeSource,

 		autoConvert_v1_SecurityContext_To_api_SecurityContext,

+		autoConvert_v1_SelfSubjectRulesReview_To_api_SelfSubjectRulesReview,

 		autoConvert_v1_SourceBuildStrategy_To_api_SourceBuildStrategy,

 		autoConvert_v1_SourceControlUser_To_api_SourceControlUser,

 		autoConvert_v1_SourceRevision_To_api_SourceRevision,

 		autoConvert_v1_SubjectAccessReviewResponse_To_api_SubjectAccessReviewResponse,

 		autoConvert_v1_SubjectAccessReview_To_api_SubjectAccessReview,

+		autoConvert_v1_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus,

 		autoConvert_v1_TCPSocketAction_To_api_TCPSocketAction,

 		autoConvert_v1_TLSConfig_To_api_TLSConfig,

 		autoConvert_v1_TagEventCondition_To_api_TagEventCondition,

@@ -656,6 +656,18 @@ func deepCopy_v1_RoleList(in v1.RoleList, out *v1.RoleList, c *conversion.Cloner

 	return nil

 }

+func deepCopy_v1_SelfSubjectRulesReview(in v1.SelfSubjectRulesReview, out *v1.SelfSubjectRulesReview, c *conversion.Cloner) error {

+	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

+		return err

+	} else {

+		out.TypeMeta = newVal.(unversioned.TypeMeta)

+	}

+	if err := deepCopy_v1_SubjectRulesReviewStatus(in.Status, &out.Status, c); err != nil {

+		return err

+	}

+	return nil

+}

+

 func deepCopy_v1_SubjectAccessReview(in v1.SubjectAccessReview, out *v1.SubjectAccessReview, c *conversion.Cloner) error {

 	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

 		return err

@@ -689,6 +701,21 @@ func deepCopy_v1_SubjectAccessReviewResponse(in v1.SubjectAccessReviewResponse,

 	return nil

 }

+func deepCopy_v1_SubjectRulesReviewStatus(in v1.SubjectRulesReviewStatus, out *v1.SubjectRulesReviewStatus, c *conversion.Cloner) error {

+	if in.Rules != nil {

+		out.Rules = make([]v1.PolicyRule, len(in.Rules))

+		for i := range in.Rules {

+			if err := deepCopy_v1_PolicyRule(in.Rules[i], &out.Rules[i], c); err != nil {

+				return err

+			}

+		}

+	} else {

+		out.Rules = nil

+	}

+	out.EvaluationError = in.EvaluationError

+	return nil

+}

+

 func deepCopy_v1_BinaryBuildRequestOptions(in apiv1.BinaryBuildRequestOptions, out *apiv1.BinaryBuildRequestOptions, c *conversion.Cloner) error {

 	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

 		return err

@@ -3205,8 +3232,10 @@ func init() {

 		deepCopy_v1_RoleBinding,

 		deepCopy_v1_RoleBindingList,

 		deepCopy_v1_RoleList,

+		deepCopy_v1_SelfSubjectRulesReview,

 		deepCopy_v1_SubjectAccessReview,

 		deepCopy_v1_SubjectAccessReviewResponse,

+		deepCopy_v1_SubjectRulesReviewStatus,

 		deepCopy_v1_BinaryBuildRequestOptions,

 		deepCopy_v1_BinaryBuildSource,

 		deepCopy_v1_Build,

@@ -460,6 +460,20 @@ func Convert_api_RoleList_To_v1beta3_RoleList(in *authorizationapi.RoleList, out

 	return autoConvert_api_RoleList_To_v1beta3_RoleList(in, out, s)

 }

+func autoConvert_api_SelfSubjectRulesReview_To_v1beta3_SelfSubjectRulesReview(in *authorizationapi.SelfSubjectRulesReview, out *authorizationapiv1beta3.SelfSubjectRulesReview, s conversion.Scope) error {

+	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

+		defaulting.(func(*authorizationapi.SelfSubjectRulesReview))(in)

+	}

+	if err := Convert_api_SubjectRulesReviewStatus_To_v1beta3_SubjectRulesReviewStatus(&in.Status, &out.Status, s); err != nil {

+		return err

+	}

+	return nil

+}

+

+func Convert_api_SelfSubjectRulesReview_To_v1beta3_SelfSubjectRulesReview(in *authorizationapi.SelfSubjectRulesReview, out *authorizationapiv1beta3.SelfSubjectRulesReview, s conversion.Scope) error {

+	return autoConvert_api_SelfSubjectRulesReview_To_v1beta3_SelfSubjectRulesReview(in, out, s)

+}

+

 func autoConvert_api_SubjectAccessReview_To_v1beta3_SubjectAccessReview(in *authorizationapi.SubjectAccessReview, out *authorizationapiv1beta3.SubjectAccessReview, s conversion.Scope) error {

 	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

 		defaulting.(func(*authorizationapi.SubjectAccessReview))(in)

@@ -484,6 +498,28 @@ func Convert_api_SubjectAccessReviewResponse_To_v1beta3_SubjectAccessReviewRespo

 	return autoConvert_api_SubjectAccessReviewResponse_To_v1beta3_SubjectAccessReviewResponse(in, out, s)

 }

+func autoConvert_api_SubjectRulesReviewStatus_To_v1beta3_SubjectRulesReviewStatus(in *authorizationapi.SubjectRulesReviewStatus, out *authorizationapiv1beta3.SubjectRulesReviewStatus, s conversion.Scope) error {

+	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

+		defaulting.(func(*authorizationapi.SubjectRulesReviewStatus))(in)

+	}

+	if in.Rules != nil {

+		out.Rules = make([]authorizationapiv1beta3.PolicyRule, len(in.Rules))

+		for i := range in.Rules {

+			if err := authorizationapiv1beta3.Convert_api_PolicyRule_To_v1beta3_PolicyRule(&in.Rules[i], &out.Rules[i], s); err != nil {

+				return err

+			}

+		}

+	} else {

+		out.Rules = nil

+	}

+	out.EvaluationError = in.EvaluationError

+	return nil

+}

+

+func Convert_api_SubjectRulesReviewStatus_To_v1beta3_SubjectRulesReviewStatus(in *authorizationapi.SubjectRulesReviewStatus, out *authorizationapiv1beta3.SubjectRulesReviewStatus, s conversion.Scope) error {

+	return autoConvert_api_SubjectRulesReviewStatus_To_v1beta3_SubjectRulesReviewStatus(in, out, s)

+}

+

 func autoConvert_v1beta3_ClusterPolicy_To_api_ClusterPolicy(in *authorizationapiv1beta3.ClusterPolicy, out *authorizationapi.ClusterPolicy, s conversion.Scope) error {

 	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

 		defaulting.(func(*authorizationapiv1beta3.ClusterPolicy))(in)

@@ -918,6 +954,20 @@ func Convert_v1beta3_RoleList_To_api_RoleList(in *authorizationapiv1beta3.RoleLi

 	return autoConvert_v1beta3_RoleList_To_api_RoleList(in, out, s)

 }

+func autoConvert_v1beta3_SelfSubjectRulesReview_To_api_SelfSubjectRulesReview(in *authorizationapiv1beta3.SelfSubjectRulesReview, out *authorizationapi.SelfSubjectRulesReview, s conversion.Scope) error {

+	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

+		defaulting.(func(*authorizationapiv1beta3.SelfSubjectRulesReview))(in)

+	}

+	if err := Convert_v1beta3_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus(&in.Status, &out.Status, s); err != nil {

+		return err

+	}

+	return nil

+}

+

+func Convert_v1beta3_SelfSubjectRulesReview_To_api_SelfSubjectRulesReview(in *authorizationapiv1beta3.SelfSubjectRulesReview, out *authorizationapi.SelfSubjectRulesReview, s conversion.Scope) error {

+	return autoConvert_v1beta3_SelfSubjectRulesReview_To_api_SelfSubjectRulesReview(in, out, s)

+}

+

 func autoConvert_v1beta3_SubjectAccessReview_To_api_SubjectAccessReview(in *authorizationapiv1beta3.SubjectAccessReview, out *authorizationapi.SubjectAccessReview, s conversion.Scope) error {

 	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

 		defaulting.(func(*authorizationapiv1beta3.SubjectAccessReview))(in)

@@ -942,6 +992,28 @@ func Convert_v1beta3_SubjectAccessReviewResponse_To_api_SubjectAccessReviewRespo

 	return autoConvert_v1beta3_SubjectAccessReviewResponse_To_api_SubjectAccessReviewResponse(in, out, s)

 }

+func autoConvert_v1beta3_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus(in *authorizationapiv1beta3.SubjectRulesReviewStatus, out *authorizationapi.SubjectRulesReviewStatus, s conversion.Scope) error {

+	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

+		defaulting.(func(*authorizationapiv1beta3.SubjectRulesReviewStatus))(in)

+	}

+	if in.Rules != nil {

+		out.Rules = make([]authorizationapi.PolicyRule, len(in.Rules))

+		for i := range in.Rules {

+			if err := authorizationapiv1beta3.Convert_v1beta3_PolicyRule_To_api_PolicyRule(&in.Rules[i], &out.Rules[i], s); err != nil {

+				return err

+			}

+		}

+	} else {

+		out.Rules = nil

+	}

+	out.EvaluationError = in.EvaluationError

+	return nil

+}

+

+func Convert_v1beta3_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus(in *authorizationapiv1beta3.SubjectRulesReviewStatus, out *authorizationapi.SubjectRulesReviewStatus, s conversion.Scope) error {

+	return autoConvert_v1beta3_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus(in, out, s)

+}

+

 func autoConvert_api_BinaryBuildRequestOptions_To_v1beta3_BinaryBuildRequestOptions(in *buildapi.BinaryBuildRequestOptions, out *v1beta3.BinaryBuildRequestOptions, s conversion.Scope) error {

 	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {

 		defaulting.(func(*buildapi.BinaryBuildRequestOptions))(in)

@@ -6880,11 +6952,13 @@ func init() {

 		autoConvert_api_SecretBuildSource_To_v1beta3_SecretBuildSource,

 		autoConvert_api_SecretSpec_To_v1beta3_SecretSpec,

 		autoConvert_api_SecretVolumeSource_To_v1beta3_SecretVolumeSource,

+		autoConvert_api_SelfSubjectRulesReview_To_v1beta3_SelfSubjectRulesReview,

 		autoConvert_api_SourceBuildStrategy_To_v1beta3_SourceBuildStrategy,

 		autoConvert_api_SourceControlUser_To_v1beta3_SourceControlUser,

 		autoConvert_api_SourceRevision_To_v1beta3_SourceRevision,

 		autoConvert_api_SubjectAccessReviewResponse_To_v1beta3_SubjectAccessReviewResponse,

 		autoConvert_api_SubjectAccessReview_To_v1beta3_SubjectAccessReview,

+		autoConvert_api_SubjectRulesReviewStatus_To_v1beta3_SubjectRulesReviewStatus,

 		autoConvert_api_TCPSocketAction_To_v1beta3_TCPSocketAction,

 		autoConvert_api_TLSConfig_To_v1beta3_TLSConfig,

 		autoConvert_api_TagImageHook_To_v1beta3_TagImageHook,

@@ -7023,11 +7097,13 @@ func init() {

 		autoConvert_v1beta3_SecretBuildSource_To_api_SecretBuildSource,

 		autoConvert_v1beta3_SecretSpec_To_api_SecretSpec,

 		autoConvert_v1beta3_SecretVolumeSource_To_api_SecretVolumeSource,

+		autoConvert_v1beta3_SelfSubjectRulesReview_To_api_SelfSubjectRulesReview,

 		autoConvert_v1beta3_SourceBuildStrategy_To_api_SourceBuildStrategy,

 		autoConvert_v1beta3_SourceControlUser_To_api_SourceControlUser,

 		autoConvert_v1beta3_SourceRevision_To_api_SourceRevision,

 		autoConvert_v1beta3_SubjectAccessReviewResponse_To_api_SubjectAccessReviewResponse,

 		autoConvert_v1beta3_SubjectAccessReview_To_api_SubjectAccessReview,

+		autoConvert_v1beta3_SubjectRulesReviewStatus_To_api_SubjectRulesReviewStatus,

 		autoConvert_v1beta3_TCPSocketAction_To_api_TCPSocketAction,

 		autoConvert_v1beta3_TLSConfig_To_api_TLSConfig,

 		autoConvert_v1beta3_TagImageHook_To_api_TagImageHook,

@@ -664,6 +664,18 @@ func deepCopy_v1beta3_RoleList(in v1beta3.RoleList, out *v1beta3.RoleList, c *co

 	return nil

 }

+func deepCopy_v1beta3_SelfSubjectRulesReview(in v1beta3.SelfSubjectRulesReview, out *v1beta3.SelfSubjectRulesReview, c *conversion.Cloner) error {

+	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

+		return err

+	} else {

+		out.TypeMeta = newVal.(unversioned.TypeMeta)

+	}

+	if err := deepCopy_v1beta3_SubjectRulesReviewStatus(in.Status, &out.Status, c); err != nil {

+		return err

+	}

+	return nil

+}

+

 func deepCopy_v1beta3_SubjectAccessReview(in v1beta3.SubjectAccessReview, out *v1beta3.SubjectAccessReview, c *conversion.Cloner) error {

 	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

 		return err

@@ -697,6 +709,21 @@ func deepCopy_v1beta3_SubjectAccessReviewResponse(in v1beta3.SubjectAccessReview

 	return nil

 }

+func deepCopy_v1beta3_SubjectRulesReviewStatus(in v1beta3.SubjectRulesReviewStatus, out *v1beta3.SubjectRulesReviewStatus, c *conversion.Cloner) error {

+	if in.Rules != nil {

+		out.Rules = make([]v1beta3.PolicyRule, len(in.Rules))

+		for i := range in.Rules {

+			if err := deepCopy_v1beta3_PolicyRule(in.Rules[i], &out.Rules[i], c); err != nil {

+				return err

+			}

+		}

+	} else {

+		out.Rules = nil

+	}

+	out.EvaluationError = in.EvaluationError

+	return nil

+}

+

 func deepCopy_v1beta3_BinaryBuildRequestOptions(in apiv1beta3.BinaryBuildRequestOptions, out *apiv1beta3.BinaryBuildRequestOptions, c *conversion.Cloner) error {

 	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {

 		return err

@@ -3008,8 +3035,10 @@ func init() {

 		deepCopy_v1beta3_RoleBinding,

 		deepCopy_v1beta3_RoleBindingList,

 		deepCopy_v1beta3_RoleList,

+		deepCopy_v1beta3_SelfSubjectRulesReview,

 		deepCopy_v1beta3_SubjectAccessReview,

 		deepCopy_v1beta3_SubjectAccessReviewResponse,

+		deepCopy_v1beta3_SubjectRulesReviewStatus,

 		deepCopy_v1beta3_BinaryBuildRequestOptions,

 		deepCopy_v1beta3_BinaryBuildSource,

 		deepCopy_v1beta3_Build,

@@ -36,6 +36,7 @@ func init() {

 }

 func registerAll() {

+	Validator.MustRegister(&authorizationapi.SelfSubjectRulesReview{}, authorizationvalidation.ValidateSelfSubjectRulesReview, nil)

 	Validator.MustRegister(&authorizationapi.SubjectAccessReview{}, authorizationvalidation.ValidateSubjectAccessReview, nil)

 	Validator.MustRegister(&authorizationapi.ResourceAccessReview{}, authorizationvalidation.ValidateResourceAccessReview, nil)

 	Validator.MustRegister(&authorizationapi.LocalSubjectAccessReview{}, authorizationvalidation.ValidateLocalSubjectAccessReview, nil)

@@ -37,6 +37,7 @@ func addKnownTypes(scheme *runtime.Scheme) {

 		&RoleBindingList{},

 		&RoleList{},

+		&SelfSubjectRulesReview{},

 		&ResourceAccessReview{},

 		&SubjectAccessReview{},

 		&LocalResourceAccessReview{},

@@ -72,6 +73,7 @@ func (obj *LocalSubjectAccessReview) GetObjectKind() unversioned.ObjectKind

 func (obj *LocalResourceAccessReview) GetObjectKind() unversioned.ObjectKind     { return &obj.TypeMeta }

 func (obj *SubjectAccessReview) GetObjectKind() unversioned.ObjectKind           { return &obj.TypeMeta }

 func (obj *ResourceAccessReview) GetObjectKind() unversioned.ObjectKind          { return &obj.TypeMeta }

+func (obj *SelfSubjectRulesReview) GetObjectKind() unversioned.ObjectKind        { return &obj.TypeMeta }

 func (obj *RoleList) GetObjectKind() unversioned.ObjectKind          { return &obj.TypeMeta }

 func (obj *RoleBindingList) GetObjectKind() unversioned.ObjectKind   { return &obj.TypeMeta }

@@ -92,7 +92,8 @@ var (

 		PermissionGrantingGroupName: {"roles", "rolebindings", "resourceaccessreviews" /* cluster scoped*/, "subjectaccessreviews" /* cluster scoped*/, "localresourceaccessreviews", "localsubjectaccessreviews"},

 		OpenshiftExposedGroupName:   {BuildGroupName, ImageGroupName, DeploymentGroupName, TemplateGroupName, "routes"},

 		OpenshiftAllGroupName: {OpenshiftExposedGroupName, UserGroupName, OAuthGroupName, PolicyOwnerGroupName, SDNGroupName, PermissionGrantingGroupName, OpenshiftStatusGroupName, "projects",

-			"clusterroles", "clusterrolebindings", "clusterpolicies", "clusterpolicybindings", "images" /* cluster scoped*/, "projectrequests", "builds/details", "imagestreams/secrets"},

+			"clusterroles", "clusterrolebindings", "clusterpolicies", "clusterpolicybindings", "images" /* cluster scoped*/, "projectrequests", "builds/details", "imagestreams/secrets",

+			"selfsubjectrulesreviews"},

 		OpenshiftStatusGroupName: {"imagestreams/status", "routes/status"},

 		QuotaGroupName:         {"limitranges", "resourcequotas", "resourcequotausages"},

@@ -199,6 +200,23 @@ type PolicyBinding struct {

 	RoleBindings map[string]*RoleBinding

 }

+// SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace

+type SelfSubjectRulesReview struct {

+	unversioned.TypeMeta

+

+	// Status is completed by the server to tell which permissions you have

+	Status SubjectRulesReviewStatus

+}

+

+// SubjectRulesReviewStatus is contains the result of a rules check

+type SubjectRulesReviewStatus struct {

+	// Rules is the list of rules (no particular sort) that are allowed for the subject

+	Rules []PolicyRule

+	// EvaluationError can appear in combination with Rules.  It means some error happened during evaluation

+	// that may have prevented additional rules from being populated.

+	EvaluationError string

+}

+

 // ResourceAccessReviewResponse describes who can perform the action

 type ResourceAccessReviewResponse struct {

 	unversioned.TypeMeta

@@ -28,6 +28,7 @@ func addKnownTypes(scheme *runtime.Scheme) {

 		&RoleBindingList{},

 		&RoleList{},

+		&SelfSubjectRulesReview{},

 		&ResourceAccessReview{},

 		&SubjectAccessReview{},

 		&LocalResourceAccessReview{},

@@ -63,6 +64,7 @@ func (obj *LocalSubjectAccessReview) GetObjectKind() unversioned.ObjectKind

 func (obj *LocalResourceAccessReview) GetObjectKind() unversioned.ObjectKind     { return &obj.TypeMeta }

 func (obj *SubjectAccessReview) GetObjectKind() unversioned.ObjectKind           { return &obj.TypeMeta }

 func (obj *ResourceAccessReview) GetObjectKind() unversioned.ObjectKind          { return &obj.TypeMeta }

+func (obj *SelfSubjectRulesReview) GetObjectKind() unversioned.ObjectKind        { return &obj.TypeMeta }

 func (obj *RoleList) GetObjectKind() unversioned.ObjectKind          { return &obj.TypeMeta }

 func (obj *RoleBindingList) GetObjectKind() unversioned.ObjectKind   { return &obj.TypeMeta }

@@ -291,6 +291,15 @@ func (RoleList) SwaggerDoc() map[string]string {

 	return map_RoleList

 }

+var map_SelfSubjectRulesReview = map[string]string{

+	"":       "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace",

+	"status": "Status is completed by the server to tell which permissions you have",

+}

+

+func (SelfSubjectRulesReview) SwaggerDoc() map[string]string {

+	return map_SelfSubjectRulesReview

+}

+

 var map_SubjectAccessReview = map[string]string{

 	"":       "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action",

 	"user":   "User is optional. If both User and Groups are empty, the current authenticated user is used.",

@@ -311,3 +320,13 @@ var map_SubjectAccessReviewResponse = map[string]string{

 func (SubjectAccessReviewResponse) SwaggerDoc() map[string]string {

 	return map_SubjectAccessReviewResponse

 }

+

+var map_SubjectRulesReviewStatus = map[string]string{

+	"":                "SubjectRulesReviewStatus is contains the result of a rules check",

+	"rules":           "Rules is the list of rules (no particular sort) that are allowed for the subject",

+	"evaluationError": "EvaluationError can appear in combination with Rules.  It means some error happened during evaluation that may have prevented additional rules from being populated.",

+}

+

+func (SubjectRulesReviewStatus) SwaggerDoc() map[string]string {

+	return map_SubjectRulesReviewStatus

+}

@@ -116,6 +116,23 @@ type NamedRoleBinding struct {

 	RoleBinding RoleBinding `json:"roleBinding"`

 }

+// SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace

+type SelfSubjectRulesReview struct {

+	unversioned.TypeMeta `json:",inline"`

+

+	// Status is completed by the server to tell which permissions you have

+	Status SubjectRulesReviewStatus `json:"status,omitempty"`

+}

+

+// SubjectRulesReviewStatus is contains the result of a rules check

+type SubjectRulesReviewStatus struct {

+	// Rules is the list of rules (no particular sort) that are allowed for the subject

+	Rules []PolicyRule `json:"rules"`

+	// EvaluationError can appear in combination with Rules.  It means some error happened during evaluation

+	// that may have prevented additional rules from being populated.

+	EvaluationError string `json:"evaluationError,omitempty"`

+}

+

 // ResourceAccessReviewResponse describes who can perform the action

 type ResourceAccessReviewResponse struct {

 	unversioned.TypeMeta `json:",inline"`

@@ -28,6 +28,7 @@ func addKnownTypes(scheme *runtime.Scheme) {

 		&RoleBindingList{},

 		&RoleList{},

+		&SelfSubjectRulesReview{},

 		&ResourceAccessReview{},

 		&SubjectAccessReview{},

 		&LocalResourceAccessReview{},

@@ -63,6 +64,7 @@ func (obj *LocalSubjectAccessReview) GetObjectKind() unversioned.ObjectKind

 func (obj *LocalResourceAccessReview) GetObjectKind() unversioned.ObjectKind     { return &obj.TypeMeta }

 func (obj *SubjectAccessReview) GetObjectKind() unversioned.ObjectKind           { return &obj.TypeMeta }

 func (obj *ResourceAccessReview) GetObjectKind() unversioned.ObjectKind          { return &obj.TypeMeta }

+func (obj *SelfSubjectRulesReview) GetObjectKind() unversioned.ObjectKind        { return &obj.TypeMeta }

 func (obj *RoleList) GetObjectKind() unversioned.ObjectKind          { return &obj.TypeMeta }

 func (obj *RoleBindingList) GetObjectKind() unversioned.ObjectKind   { return &obj.TypeMeta }

@@ -109,6 +109,23 @@ type NamedRoleBinding struct {

 	RoleBinding RoleBinding `json:"roleBinding"`

 }

+// SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace

+type SelfSubjectRulesReview struct {

+	unversioned.TypeMeta `json:",inline"`

+

+	// Status is completed by the server to tell which permissions you have

+	Status SubjectRulesReviewStatus `json:"status,omitempty"`

+}

+

+// SubjectRulesReviewStatus is contains the result of a rules check

+type SubjectRulesReviewStatus struct {

+	// Rules is the list of rules (no particular sort) that are allowed for the subject

+	Rules []PolicyRule `json:"rules"`

+	// EvaluationError can appear in combination with Rules.  It means some error happened during evaluation

+	// that may have prevented additional rules from being populated.

+	EvaluationError string `json:"evaluationError,omitempty"`

+}

+

 // ResourceAccessReviewResponse describes who can perform the action

 type ResourceAccessReviewResponse struct {

 	unversioned.TypeMeta `json:",inline"`

@@ -13,6 +13,10 @@ import (

 	uservalidation "github.com/openshift/origin/pkg/user/api/validation"

 )

+func ValidateSelfSubjectRulesReview(review *authorizationapi.SelfSubjectRulesReview) field.ErrorList {

+	return field.ErrorList{}

+}

+

 func ValidateSubjectAccessReview(review *authorizationapi.SubjectAccessReview) field.ErrorList {

 	allErrs := field.ErrorList{}

new file mode 100644

@@ -0,0 +1,39 @@

+package selfsubjectrulesreview

+

+import (

+	kapi "k8s.io/kubernetes/pkg/api"

+	"k8s.io/kubernetes/pkg/runtime"

+

+	authorizationapi "github.com/openshift/origin/pkg/authorization/api"

+	"github.com/openshift/origin/pkg/authorization/rulevalidation"

+)

+