Class: Kubernetes::V1PodSecurityContext

Inherits:

Object

• Object
• Kubernetes::V1PodSecurityContext

Defined in:

lib/kubernetes/models/v1_pod_security_context.rb

Overview

PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.

Instance Attribute Summary

• #app_armor_profile ⇒ Object

  Returns the value of attribute app_armor_profile.

• #fs_group ⇒ Object

  A special supplemental group that applies to all containers in a pod.

• #fs_group_change_policy ⇒ Object

  fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod.

• #run_as_group ⇒ Object

  The GID to run the entrypoint of the container process.

• #run_as_non_root ⇒ Object

  Indicates that the container must run as a non-root user.

• #run_as_user ⇒ Object

  The UID to run the entrypoint of the container process.

• #se_linux_change_policy ⇒ Object

  seLinuxChangePolicy defines how the container’s SELinux label is applied to all volumes used by the Pod.

• #se_linux_options ⇒ Object

  Returns the value of attribute se_linux_options.

• #seccomp_profile ⇒ Object

  Returns the value of attribute seccomp_profile.

• #supplemental_groups ⇒ Object

  A list of groups applied to the first process run in each container, in addition to the container’s primary GID and fsGroup (if specified).

• #supplemental_groups_policy ⇒ Object

  Defines how supplemental groups of the first container processes are calculated.

• #sysctls ⇒ Object

  Sysctls hold a list of namespaced sysctls used for the pod.

• #windows_options ⇒ Object

  Returns the value of attribute windows_options.

Class Method Summary

• .acceptable_attributes ⇒ Object

  Returns all the JSON keys this model knows about.

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• .openapi_nullable ⇒ Object

  List of attributes with nullable: true.

• .openapi_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #_deserialize(type, value) ⇒ Object

  Deserializes the data based on type.

• #_to_hash(value) ⇒ Hash

  Outputs non-array value in the form of hash For object, use to_hash.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Integer

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ V1PodSecurityContext constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_body ⇒ Hash

  to_body is an alias to to_hash (backward compatibility).

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Constructor Details

#initialize(attributes = {}) ⇒ V1PodSecurityContext

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 105

def initialize(attributes = {})
  if (!attributes.is_a?(Hash))
    fail ArgumentError, "The input argument (attributes) must be a hash in `Kubernetes::V1PodSecurityContext` initialize method"
  end

  # check to see if the attribute exists and convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h|
    if (!self.class.attribute_map.key?(k.to_sym))
      fail ArgumentError, "`#{k}` is not a valid attribute in `Kubernetes::V1PodSecurityContext`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
    end
    h[k.to_sym] = v
  }

  if attributes.key?(:'app_armor_profile')
    self.app_armor_profile = attributes[:'app_armor_profile']
  end

  if attributes.key?(:'fs_group')
    self.fs_group = attributes[:'fs_group']
  end

  if attributes.key?(:'fs_group_change_policy')
    self.fs_group_change_policy = attributes[:'fs_group_change_policy']
  end

  if attributes.key?(:'run_as_group')
    self.run_as_group = attributes[:'run_as_group']
  end

  if attributes.key?(:'run_as_non_root')
    self.run_as_non_root = attributes[:'run_as_non_root']
  end

  if attributes.key?(:'run_as_user')
    self.run_as_user = attributes[:'run_as_user']
  end

  if attributes.key?(:'se_linux_change_policy')
    self.se_linux_change_policy = attributes[:'se_linux_change_policy']
  end

  if attributes.key?(:'se_linux_options')
    self.se_linux_options = attributes[:'se_linux_options']
  end

  if attributes.key?(:'seccomp_profile')
    self.seccomp_profile = attributes[:'seccomp_profile']
  end

  if attributes.key?(:'supplemental_groups')
    if (value = attributes[:'supplemental_groups']).is_a?(Array)
      self.supplemental_groups = value
    end
  end

  if attributes.key?(:'supplemental_groups_policy')
    self.supplemental_groups_policy = attributes[:'supplemental_groups_policy']
  end

  if attributes.key?(:'sysctls')
    if (value = attributes[:'sysctls']).is_a?(Array)
      self.sysctls = value
    end
  end

  if attributes.key?(:'windows_options')
    self.windows_options = attributes[:'windows_options']
  end
end

Instance Attribute Details

#app_armor_profile ⇒ Object

Returns the value of attribute app_armor_profile.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 19

def app_armor_profile
  @app_armor_profile
end

#fs_group ⇒ Object

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw—- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 22

def fs_group
  @fs_group
end

#fs_group_change_policy ⇒ Object

fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 25

def fs_group_change_policy
  @fs_group_change_policy
end

#run_as_group ⇒ Object

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 28

def run_as_group
  @run_as_group
end

#run_as_non_root ⇒ Object

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 31

def run_as_non_root
  @run_as_non_root
end

#run_as_user ⇒ Object

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 34

def run_as_user
  @run_as_user
end

#se_linux_change_policy ⇒ Object

seLinuxChangePolicy defines how the container’s SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. "MountOption" mounts all eligible Pod volumes with ‘-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 37

def se_linux_change_policy
  @se_linux_change_policy
end

#se_linux_options ⇒ Object

Returns the value of attribute se_linux_options.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 39

def se_linux_options
  @se_linux_options
end

#seccomp_profile ⇒ Object

Returns the value of attribute seccomp_profile.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 41

def seccomp_profile
  @seccomp_profile
end

#supplemental_groups ⇒ Object

A list of groups applied to the first process run in each container, in addition to the container’s primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 44

def supplemental_groups
  @supplemental_groups
end

#supplemental_groups_policy ⇒ Object

Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 47

def supplemental_groups_policy
  @supplemental_groups_policy
end

#sysctls ⇒ Object

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 50

def sysctls
  @sysctls
end

#windows_options ⇒ Object

Returns the value of attribute windows_options.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 52

def windows_options
  @windows_options
end

Class Method Details

.acceptable_attributes ⇒ Object

Returns all the JSON keys this model knows about

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 74

def self.acceptable_attributes
  attribute_map.values
end

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 55

def self.attribute_map
  {
    :'app_armor_profile' => :'appArmorProfile',
    :'fs_group' => :'fsGroup',
    :'fs_group_change_policy' => :'fsGroupChangePolicy',
    :'run_as_group' => :'runAsGroup',
    :'run_as_non_root' => :'runAsNonRoot',
    :'run_as_user' => :'runAsUser',
    :'se_linux_change_policy' => :'seLinuxChangePolicy',
    :'se_linux_options' => :'seLinuxOptions',
    :'seccomp_profile' => :'seccompProfile',
    :'supplemental_groups' => :'supplementalGroups',
    :'supplemental_groups_policy' => :'supplementalGroupsPolicy',
    :'sysctls' => :'sysctls',
    :'windows_options' => :'windowsOptions'
  }
end

.build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 223

def self.build_from_hash(attributes)
  new.build_from_hash(attributes)
end

.openapi_nullable ⇒ Object

List of attributes with nullable: true

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 98

def self.openapi_nullable
  Set.new([
  ])
end

.openapi_types ⇒ Object

Attribute type mapping.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 79

def self.openapi_types
  {
    :'app_armor_profile' => :'V1AppArmorProfile',
    :'fs_group' => :'Integer',
    :'fs_group_change_policy' => :'String',
    :'run_as_group' => :'Integer',
    :'run_as_non_root' => :'Boolean',
    :'run_as_user' => :'Integer',
    :'se_linux_change_policy' => :'String',
    :'se_linux_options' => :'V1SELinuxOptions',
    :'seccomp_profile' => :'V1SeccompProfile',
    :'supplemental_groups' => :'Array<Integer>',
    :'supplemental_groups_policy' => :'String',
    :'sysctls' => :'Array<V1Sysctl>',
    :'windows_options' => :'V1WindowsSecurityContextOptions'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• Object (Object) —

  to be compared

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 190

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      app_armor_profile == o.app_armor_profile &&
      fs_group == o.fs_group &&
      fs_group_change_policy == o.fs_group_change_policy &&
      run_as_group == o.run_as_group &&
      run_as_non_root == o.run_as_non_root &&
      run_as_user == o.run_as_user &&
      se_linux_change_policy == o.se_linux_change_policy &&
      se_linux_options == o.se_linux_options &&
      seccomp_profile == o.seccomp_profile &&
      supplemental_groups == o.supplemental_groups &&
      supplemental_groups_policy == o.supplemental_groups_policy &&
      sysctls == o.sysctls &&
      windows_options == o.windows_options
end

#_deserialize(type, value) ⇒ Object

Deserializes the data based on type

Parameters:

• string —

  type Data type

• string —

  value Value to be deserialized

Returns:

• (Object) —

  Deserialized data

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 253

def _deserialize(type, value)
  case type.to_sym
  when :Time
    Time.parse(value)
  when :Date
    Date.parse(value)
  when :String
    value.to_s
  when :Integer
    value.to_i
  when :Float
    value.to_f
  when :Boolean
    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
      true
    else
      false
    end
  when :Object
    # generic object (usually a Hash), return directly
    value
  when /\AArray<(?<inner_type>.+)>\z/
    inner_type = Regexp.last_match[:inner_type]
    value.map { |v| _deserialize(inner_type, v) }
  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
    k_type = Regexp.last_match[:k_type]
    v_type = Regexp.last_match[:v_type]
    {}.tap do |hash|
      value.each do |k, v|
        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
      end
    end
  else # model
    # models (e.g. Pet) or oneOf
    klass = Kubernetes.const_get(type)
    klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
  end
end

#_to_hash(value) ⇒ Hash

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value

Parameters:

• value (Object) —

  Any valid value

Returns:

• (Hash) —

  Returns the value in the form of hash

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 324

def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 230

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  self.class.openapi_types.each_pair do |key, type|
    if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
      self.send("#{key}=", nil)
    elsif type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
    end
  end

  self
end

#eql?(o) ⇒ Boolean

Parameters:

• Object (Object) —

  to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 210

def eql?(o)
  self == o
end

#hash ⇒ Integer

Calculates hash code according to all attributes.

Returns:

• (Integer) —

  Hash code

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 216

def hash
  [app_armor_profile, fs_group, fs_group_change_policy, run_as_group, run_as_non_root, run_as_user, se_linux_change_policy, se_linux_options, seccomp_profile, supplemental_groups, supplemental_groups_policy, sysctls, windows_options].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

Returns:

• Array for valid properties with the reasons

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 177

def list_invalid_properties
  invalid_properties = Array.new
  invalid_properties
end

#to_body ⇒ Hash

to_body is an alias to to_hash (backward compatibility)

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 300

def to_body
  to_hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 306

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    if value.nil?
      is_nullable = self.class.openapi_nullable.include?(attr)
      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
    end

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

Returns:

• (String) —

  String presentation of the object

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 294

def to_s
  to_hash.to_s
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

Returns:

• (Boolean) —

  true if the model is valid

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 184

def valid?
  true
end