Class: ArgoWorkflows::IoK8sApiCoreV1SecurityContext

Inherits:

Object

• Object
• ArgoWorkflows::IoK8sApiCoreV1SecurityContext

Defined in:

lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb

Overview

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

Instance Attribute Summary

• #allow_privilege_escalation ⇒ Object

  AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.

• #app_armor_profile ⇒ Object

  appArmorProfile is the AppArmor options to use by this container.

• #capabilities ⇒ Object

  The capabilities to add/drop when running containers.

• #privileged ⇒ Object

  Run container in privileged mode.

• #proc_mount ⇒ Object

  procMount denotes the type of proc mount to use for the containers.

• #read_only_root_filesystem ⇒ Object

  Whether this container has a read-only root filesystem.

• #run_as_group ⇒ Object

  The GID to run the entrypoint of the container process.

• #run_as_non_root ⇒ Object

  Indicates that the container must run as a non-root user.

• #run_as_user ⇒ Object

  The UID to run the entrypoint of the container process.

• #se_linux_options ⇒ Object

  The SELinux context to be applied to the container.

• #seccomp_profile ⇒ Object

  The seccomp options to use by this container.

• #windows_options ⇒ Object

  The Windows specific settings applied to all containers.

Class Method Summary

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .swagger_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #_deserialize(type, value) ⇒ Object

  Deserializes the data based on type.

• #_to_hash(value) ⇒ Hash

  Outputs non-array value in the form of hash For object, use to_hash.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Fixnum

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ IoK8sApiCoreV1SecurityContext constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_body ⇒ Hash

  to_body is an alias to to_hash (backward compatibility).

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Constructor Details

#initialize(attributes = {}) ⇒ IoK8sApiCoreV1SecurityContext

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 92

def initialize(attributes = {})
  return unless attributes.is_a?(Hash)

  # convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }

  if attributes.has_key?(:'allowPrivilegeEscalation')
    self.allow_privilege_escalation = attributes[:'allowPrivilegeEscalation']
  end

  if attributes.has_key?(:'appArmorProfile')
    self.app_armor_profile = attributes[:'appArmorProfile']
  end

  if attributes.has_key?(:'capabilities')
    self.capabilities = attributes[:'capabilities']
  end

  if attributes.has_key?(:'privileged')
    self.privileged = attributes[:'privileged']
  end

  if attributes.has_key?(:'procMount')
    self.proc_mount = attributes[:'procMount']
  end

  if attributes.has_key?(:'readOnlyRootFilesystem')
    self.read_only_root_filesystem = attributes[:'readOnlyRootFilesystem']
  end

  if attributes.has_key?(:'runAsGroup')
    self.run_as_group = attributes[:'runAsGroup']
  end

  if attributes.has_key?(:'runAsNonRoot')
    self.run_as_non_root = attributes[:'runAsNonRoot']
  end

  if attributes.has_key?(:'runAsUser')
    self.run_as_user = attributes[:'runAsUser']
  end

  if attributes.has_key?(:'seLinuxOptions')
    self.se_linux_options = attributes[:'seLinuxOptions']
  end

  if attributes.has_key?(:'seccompProfile')
    self.seccomp_profile = attributes[:'seccompProfile']
  end

  if attributes.has_key?(:'windowsOptions')
    self.windows_options = attributes[:'windowsOptions']
  end
end

Instance Attribute Details

#allow_privilege_escalation ⇒ Object

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 19

def allow_privilege_escalation
  @allow_privilege_escalation
end

#app_armor_profile ⇒ Object

appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod’s appArmorProfile. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 22

def app_armor_profile
  @app_armor_profile
end

#capabilities ⇒ Object

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 25

def capabilities
  @capabilities
end

#privileged ⇒ Object

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 28

def privileged
  @privileged
end

#proc_mount ⇒ Object

procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 31

def proc_mount
  @proc_mount
end

#read_only_root_filesystem ⇒ Object

Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 34

def read_only_root_filesystem
  @read_only_root_filesystem
end

#run_as_group ⇒ Object

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 37

def run_as_group
  @run_as_group
end

#run_as_non_root ⇒ Object

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 40

def run_as_non_root
  @run_as_non_root
end

#run_as_user ⇒ Object

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 43

def run_as_user
  @run_as_user
end

#se_linux_options ⇒ Object

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 46

def se_linux_options
  @se_linux_options
end

#seccomp_profile ⇒ Object

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 49

def seccomp_profile
  @seccomp_profile
end

#windows_options ⇒ Object

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 52

def windows_options
  @windows_options
end

Class Method Details

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 55

def self.attribute_map
  {
    :'allow_privilege_escalation' => :'allowPrivilegeEscalation',
    :'app_armor_profile' => :'appArmorProfile',
    :'capabilities' => :'capabilities',
    :'privileged' => :'privileged',
    :'proc_mount' => :'procMount',
    :'read_only_root_filesystem' => :'readOnlyRootFilesystem',
    :'run_as_group' => :'runAsGroup',
    :'run_as_non_root' => :'runAsNonRoot',
    :'run_as_user' => :'runAsUser',
    :'se_linux_options' => :'seLinuxOptions',
    :'seccomp_profile' => :'seccompProfile',
    :'windows_options' => :'windowsOptions'
  }
end

.swagger_types ⇒ Object

Attribute type mapping.

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 73

def self.swagger_types
  {
    :'allow_privilege_escalation' => :'BOOLEAN',
    :'app_armor_profile' => :'IoK8sApiCoreV1AppArmorProfile',
    :'capabilities' => :'IoK8sApiCoreV1Capabilities',
    :'privileged' => :'BOOLEAN',
    :'proc_mount' => :'String',
    :'read_only_root_filesystem' => :'BOOLEAN',
    :'run_as_group' => :'Integer',
    :'run_as_non_root' => :'BOOLEAN',
    :'run_as_user' => :'Integer',
    :'se_linux_options' => :'IoK8sApiCoreV1SELinuxOptions',
    :'seccomp_profile' => :'IoK8sApiCoreV1SeccompProfile',
    :'windows_options' => :'IoK8sApiCoreV1WindowsSecurityContextOptions'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• Object (Object) —

  to be compared

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 162

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      allow_privilege_escalation == o.allow_privilege_escalation &&
      app_armor_profile == o.app_armor_profile &&
      capabilities == o.capabilities &&
      privileged == o.privileged &&
      proc_mount == o.proc_mount &&
      read_only_root_filesystem == o.read_only_root_filesystem &&
      run_as_group == o.run_as_group &&
      run_as_non_root == o.run_as_non_root &&
      run_as_user == o.run_as_user &&
      se_linux_options == o.se_linux_options &&
      seccomp_profile == o.seccomp_profile &&
      windows_options == o.windows_options
end

#_deserialize(type, value) ⇒ Object

Deserializes the data based on type

Parameters:

• string —

  type Data type

• string —

  value Value to be deserialized

Returns:

• (Object) —

  Deserialized data

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 215

def _deserialize(type, value)
  case type.to_sym
  when :DateTime
    DateTime.parse(value)
  when :Date
    Date.parse(value)
  when :String
    value.to_s
  when :Integer
    value.to_i
  when :Float
    value.to_f
  when :BOOLEAN
    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
      true
    else
      false
    end
  when :Object
    # generic object (usually a Hash), return directly
    value
  when /\AArray<(?<inner_type>.+)>\z/
    inner_type = Regexp.last_match[:inner_type]
    value.map { |v| _deserialize(inner_type, v) }
  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
    k_type = Regexp.last_match[:k_type]
    v_type = Regexp.last_match[:v_type]
    {}.tap do |hash|
      value.each do |k, v|
        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
      end
    end
  else # model
    temp_model = ArgoWorkflows.const_get(type).new
    temp_model.build_from_hash(value)
  end
end

#_to_hash(value) ⇒ Hash

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value

Parameters:

• value (Object) —

  Any valid value

Returns:

• (Hash) —

  Returns the value in the form of hash

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 281

def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 194

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  self.class.swagger_types.each_pair do |key, type|
    if type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
    end # or else data not found in attributes(hash), not an issue as the data can be optional
  end

  self
end

#eql?(o) ⇒ Boolean

Parameters:

• Object (Object) —

  to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 181

def eql?(o)
  self == o
end

#hash ⇒ Fixnum

Calculates hash code according to all attributes.

Returns:

• (Fixnum) —

  Hash code

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 187

def hash
  [allow_privilege_escalation, app_armor_profile, capabilities, privileged, proc_mount, read_only_root_filesystem, run_as_group, run_as_non_root, run_as_user, se_linux_options, seccomp_profile, windows_options].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

Returns:

• Array for valid properties with the reasons

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 149

def list_invalid_properties
  invalid_properties = Array.new
  invalid_properties
end

#to_body ⇒ Hash

to_body is an alias to to_hash (backward compatibility)

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 261

def to_body
  to_hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 267

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    next if value.nil?
    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

Returns:

• (String) —

  String presentation of the object

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 255

def to_s
  to_hash.to_s
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

Returns:

• (Boolean) —

  true if the model is valid

# File 'lib/argo_workflows/models/io_k8s_api_core_v1_security_context.rb', line 156

def valid?
  true
end