add what-can-i-do endpoint

api/swagger-spec/oapi-v1.json

@@ -15685,6 +15685,102 @@
      }
     ]
    },
+   {
+    "path": "/oapi/v1/namespaces/{namespace}/selfsubjectrulesreviews",
+    "description": "OpenShift REST API, version v1",
+    "operations": [
+     {
+      "type": "v1.SelfSubjectRulesReview",
+      "method": "POST",
+      "summary": "create a SelfSubjectRulesReview",
+      "nickname": "createNamespacedSelfSubjectRulesReview",
+      "parameters": [
+       {
+        "type": "string",
+        "paramType": "query",
+        "name": "pretty",
+        "description": "If 'true', then the output is pretty printed.",
+        "required": false,
+        "allowMultiple": false
+       },
+       {
+        "type": "v1.SelfSubjectRulesReview",
+        "paramType": "body",
+        "name": "body",
+        "description": "",
+        "required": true,
+        "allowMultiple": false
+       },
+       {
+        "type": "string",
+        "paramType": "path",
+        "name": "namespace",
+        "description": "object name and auth scope, such as for teams and projects",
+        "required": true,
+        "allowMultiple": false
+       }
+      ],
+      "responseMessages": [
+       {
+        "code": 200,
+        "message": "OK",
+        "responseModel": "v1.SelfSubjectRulesReview"
+       }
+      ],
+      "produces": [
+       "application/json",
+       "application/yaml"
+      ],
+      "consumes": [
+       "*/*"
+      ]
+     }
+    ]
+   },
+   {
+    "path": "/oapi/v1/selfsubjectrulesreviews",
+    "description": "OpenShift REST API, version v1",
+    "operations": [
+     {
+      "type": "v1.SelfSubjectRulesReview",
+      "method": "POST",
+      "summary": "create a SelfSubjectRulesReview",
+      "nickname": "createNamespacedSelfSubjectRulesReview",
+      "parameters": [
+       {
+        "type": "string",
+        "paramType": "query",
+        "name": "pretty",
+        "description": "If 'true', then the output is pretty printed.",
+        "required": false,
+        "allowMultiple": false
+       },
+       {
+        "type": "v1.SelfSubjectRulesReview",
+        "paramType": "body",
+        "name": "body",
+        "description": "",
+        "required": true,
+        "allowMultiple": false
+       }
+      ],
+      "responseMessages": [
+       {
+        "code": 200,
+        "message": "OK",
+        "responseModel": "v1.SelfSubjectRulesReview"
+       }
+      ],
+      "produces": [
+       "application/json",
+       "application/yaml"
+      ],
+      "consumes": [
+       "*/*"
+      ]
+     }
+    ]
+   },
    {
     "path": "/oapi/v1/namespaces/{namespace}/subjectaccessreviews",
     "description": "OpenShift REST API, version v1",
@@ -22610,6 +22706,44 @@
      }
     }
    },
+   "v1.SelfSubjectRulesReview": {
+    "id": "v1.SelfSubjectRulesReview",
+    "description": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace",
+    "properties": {
+     "kind": {
+      "type": "string",
+      "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds"
+     },
+     "apiVersion": {
+      "type": "string",
+      "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources"
+     },
+     "status": {
+      "$ref": "v1.SubjectRulesReviewStatus",
+      "description": "Status is completed by the server to tell which permissions you have"
+     }
+    }
+   },
+   "v1.SubjectRulesReviewStatus": {
+    "id": "v1.SubjectRulesReviewStatus",
+    "description": "SubjectRulesReviewStatus is contains the result of a rules check",
+    "required": [
+     "rules"
+    ],
+    "properties": {
+     "rules": {
+      "type": "array",
+      "items": {
+       "$ref": "v1.PolicyRule"
+      },
+      "description": "Rules is the list of rules (no particular sort) that are allowed for the subject"
+     },
+     "evaluationError": {
+      "type": "string",
+      "description": "EvaluationError can appear in combination with Rules.  It means some error happened during evaluation that may have prevented additional rules from being populated."
+     }
+    }
+   },
    "v1.SubjectAccessReview": {
     "id": "v1.SubjectAccessReview",
     "description": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action",

contrib/completions/bash/oc

@@ -7216,6 +7216,46 @@ _oc_policy_who-can()
     must_have_one_noun=()
 }
 
+_oc_policy_what-can-i-do()
+{
+    last_command="oc_policy_what-can-i-do"
+    commands=()
+
+    flags=()
+    two_word_flags=()
+    flags_with_completion=()
+    flags_completion=()
+
+    flags+=("--api-version=")
+    flags+=("--as=")
+    flags+=("--certificate-authority=")
+    flags_with_completion+=("--certificate-authority")
+    flags_completion+=("_filedir")
+    flags+=("--client-certificate=")
+    flags_with_completion+=("--client-certificate")
+    flags_completion+=("_filedir")
+    flags+=("--client-key=")
+    flags_with_completion+=("--client-key")
+    flags_completion+=("_filedir")
+    flags+=("--cluster=")
+    flags+=("--config=")
+    flags_with_completion+=("--config")
+    flags_completion+=("_filedir")
+    flags+=("--context=")
+    flags+=("--google-json-key=")
+    flags+=("--insecure-skip-tls-verify")
+    flags+=("--log-flush-frequency=")
+    flags+=("--match-server-version")
+    flags+=("--namespace=")
+    two_word_flags+=("-n")
+    flags+=("--server=")
+    flags+=("--token=")
+    flags+=("--user=")
+
+    must_have_one_flag=()
+    must_have_one_noun=()
+}
+
 _oc_policy_add-role-to-user()
 {
     last_command="oc_policy_add-role-to-user"
@@ -7469,6 +7509,7 @@ _oc_policy()
     last_command="oc_policy"
     commands=()
     commands+=("who-can")
+    commands+=("what-can-i-do")
     commands+=("add-role-to-user")
     commands+=("remove-role-from-user")
     commands+=("remove-user")

contrib/completions/bash/openshift

@@ -10801,6 +10801,46 @@ _openshift_cli_policy_who-can()
     must_have_one_noun=()
 }
 
+_openshift_cli_policy_what-can-i-do()
+{
+    last_command="openshift_cli_policy_what-can-i-do"
+    commands=()
+
+    flags=()
+    two_word_flags=()
+    flags_with_completion=()
+    flags_completion=()
+
+    flags+=("--api-version=")
+    flags+=("--as=")
+    flags+=("--certificate-authority=")
+    flags_with_completion+=("--certificate-authority")
+    flags_completion+=("_filedir")
+    flags+=("--client-certificate=")
+    flags_with_completion+=("--client-certificate")
+    flags_completion+=("_filedir")
+    flags+=("--client-key=")
+    flags_with_completion+=("--client-key")
+    flags_completion+=("_filedir")
+    flags+=("--cluster=")
+    flags+=("--config=")
+    flags_with_completion+=("--config")
+    flags_completion+=("_filedir")
+    flags+=("--context=")
+    flags+=("--google-json-key=")
+    flags+=("--insecure-skip-tls-verify")
+    flags+=("--log-flush-frequency=")
+    flags+=("--match-server-version")
+    flags+=("--namespace=")
+    two_word_flags+=("-n")
+    flags+=("--server=")
+    flags+=("--token=")
+    flags+=("--user=")
+
+    must_have_one_flag=()
+    must_have_one_noun=()
+}
+
 _openshift_cli_policy_add-role-to-user()
 {
     last_command="openshift_cli_policy_add-role-to-user"
@@ -11054,6 +11094,7 @@ _openshift_cli_policy()
     last_command="openshift_cli_policy"
     commands=()
     commands+=("who-can")
+    commands+=("what-can-i-do")
     commands+=("add-role-to-user")
     commands+=("remove-role-from-user")
     commands+=("remove-user")

pkg/api/deep_copy_generated.go

@@ -632,6 +632,18 @@ func deepCopy_api_RoleList(in api.RoleList, out *api.RoleList, c *conversion.Clo
 	return nil
 }
 
+func deepCopy_api_SelfSubjectRulesReview(in api.SelfSubjectRulesReview, out *api.SelfSubjectRulesReview, c *conversion.Cloner) error {
+	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {
+		return err
+	} else {
+		out.TypeMeta = newVal.(unversioned.TypeMeta)
+	}
+	if err := deepCopy_api_SubjectRulesReviewStatus(in.Status, &out.Status, c); err != nil {
+		return err
+	}
+	return nil
+}
+
 func deepCopy_api_SubjectAccessReview(in api.SubjectAccessReview, out *api.SubjectAccessReview, c *conversion.Cloner) error {
 	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {
 		return err
@@ -669,6 +681,21 @@ func deepCopy_api_SubjectAccessReviewResponse(in api.SubjectAccessReviewResponse
 	return nil
 }
 
+func deepCopy_api_SubjectRulesReviewStatus(in api.SubjectRulesReviewStatus, out *api.SubjectRulesReviewStatus, c *conversion.Cloner) error {
+	if in.Rules != nil {
+		out.Rules = make([]api.PolicyRule, len(in.Rules))
+		for i := range in.Rules {
+			if err := deepCopy_api_PolicyRule(in.Rules[i], &out.Rules[i], c); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.Rules = nil
+	}
+	out.EvaluationError = in.EvaluationError
+	return nil
+}
+
 func deepCopy_api_BinaryBuildRequestOptions(in buildapi.BinaryBuildRequestOptions, out *buildapi.BinaryBuildRequestOptions, c *conversion.Cloner) error {
 	if newVal, err := c.DeepCopy(in.TypeMeta); err != nil {
 		return err
@@ -3316,8 +3343,10 @@ func init() {
 		deepCopy_api_RoleBinding,
 		deepCopy_api_RoleBindingList,
 		deepCopy_api_RoleList,
+		deepCopy_api_SelfSubjectRulesReview,
 		deepCopy_api_SubjectAccessReview,
 		deepCopy_api_SubjectAccessReviewResponse,
+		deepCopy_api_SubjectRulesReviewStatus,
 		deepCopy_api_BinaryBuildRequestOptions,
 		deepCopy_api_BinaryBuildSource,
 		deepCopy_api_Build,