Class: Kubernetes::V1PodSecurityContext

Inherits:

Object

• Object
• Kubernetes::V1PodSecurityContext

Defined in:

lib/kubernetes/models/v1_pod_security_context.rb

Overview

PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.

Instance Attribute Summary

• #fs_group ⇒ Object

  A special supplemental group that applies to all containers in a pod.

• #run_as_group ⇒ Object

  The GID to run the entrypoint of the container process.

• #run_as_non_root ⇒ Object

  Indicates that the container must run as a non-root user.

• #run_as_user ⇒ Object

  The UID to run the entrypoint of the container process.

• #se_linux_options ⇒ Object

  The SELinux context to be applied to all containers.

• #supplemental_groups ⇒ Object

  A list of groups applied to the first process run in each container, in addition to the container’s primary GID.

• #sysctls ⇒ Object

  Sysctls hold a list of namespaced sysctls used for the pod.

Class Method Summary

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .swagger_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(other) ⇒ Object

  Checks equality by comparing each attribute.

• #_deserialize(type, value) ⇒ Object

  Deserializes the data based on type.

• #_to_hash(value) ⇒ Hash

  Outputs non-array value in the form of hash For object, use to_hash.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(other) ⇒ Boolean
• #hash ⇒ Fixnum

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ V1PodSecurityContext constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_body ⇒ Hash

  to_body is an alias to to_hash (backward compatibility).

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Constructor Details

#initialize(attributes = {}) ⇒ V1PodSecurityContext

Initializes the object

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 67

def initialize(attributes = {})
  return unless attributes.is_a?(Hash)

  # convert string to symbol for hash key
  attributes = attributes.transform_keys(&:to_sym)

  self.fs_group = attributes[:fsGroup] if attributes.key?(:fsGroup)

  self.run_as_group = attributes[:runAsGroup] if attributes.key?(:runAsGroup)

  self.run_as_non_root = attributes[:runAsNonRoot] if attributes.key?(:runAsNonRoot)

  self.run_as_user = attributes[:runAsUser] if attributes.key?(:runAsUser)

  self.se_linux_options = attributes[:seLinuxOptions] if attributes.key?(:seLinuxOptions)

  if attributes.key?(:supplementalGroups) && (value = attributes[:supplementalGroups]).is_a?(Array)
    self.supplemental_groups = value
  end

  return unless attributes.key?(:sysctls)
  return unless (value = attributes[:sysctls]).is_a?(Array)

  self.sysctls = value
end

Instance Attribute Details

#fs_group ⇒ Object

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw—- If unset, the Kubelet will not modify the ownership and permissions of any volume.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 19

def fs_group
  @fs_group
end

#run_as_group ⇒ Object

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 22

def run_as_group
  @run_as_group
end

#run_as_non_root ⇒ Object

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 25

def run_as_non_root
  @run_as_non_root
end

#run_as_user ⇒ Object

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 28

def run_as_user
  @run_as_user
end

#se_linux_options ⇒ Object

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 31

def se_linux_options
  @se_linux_options
end

#supplemental_groups ⇒ Object

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 34

def supplemental_groups
  @supplemental_groups
end

#sysctls ⇒ Object

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 37

def sysctls
  @sysctls
end

Class Method Details

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 40

def self.attribute_map
  {
    fs_group: :fsGroup,
    run_as_group: :runAsGroup,
    run_as_non_root: :runAsNonRoot,
    run_as_user: :runAsUser,
    se_linux_options: :seLinuxOptions,
    supplemental_groups: :supplementalGroups,
    sysctls: :sysctls
  }
end

.swagger_types ⇒ Object

Attribute type mapping.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 53

def self.swagger_types
  {
    fs_group: :Integer,
    run_as_group: :Integer,
    run_as_non_root: :BOOLEAN,
    run_as_user: :Integer,
    se_linux_options: :V1SELinuxOptions,
    supplemental_groups: :'Array<Integer>',
    sysctls: :'Array<V1Sysctl>'
  }
end

Instance Method Details

#==(other) ⇒ Object

Checks equality by comparing each attribute.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 107

def ==(other)
  return true if equal?(other)

  self.class == other.class &&
    fs_group == other.fs_group &&
    run_as_group == other.run_as_group &&
    run_as_non_root == other.run_as_non_root &&
    run_as_user == other.run_as_user &&
    se_linux_options == other.se_linux_options &&
    supplemental_groups == other.supplemental_groups &&
    sysctls == other.sysctls
end

#_deserialize(type, value) ⇒ Object

Deserializes the data based on type

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 160

def _deserialize(type, value)
  case type.to_sym
  when :DateTime
    DateTime.parse(value)
  when :Date
    Date.parse(value)
  when :String
    value.to_s
  when :Integer
    value.to_i
  when :Float
    value.to_f
  when :BOOLEAN
    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
      true
    else
      false
    end
  when :Object
    # generic object (usually a Hash), return directly
    value
  when /\AArray<(?<inner_type>.+)>\z/
    inner_type = Regexp.last_match[:inner_type]
    value.map { |v| _deserialize(inner_type, v) }
  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
    k_type = Regexp.last_match[:k_type]
    v_type = Regexp.last_match[:v_type]
    {}.tap do |hash|
      value.each do |k, v|
        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
      end
    end
  else # model
    temp_model = Kubernetes.const_get(type).new
    temp_model.build_from_hash(value)
  end
end

#_to_hash(value) ⇒ Hash

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 227

def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 136

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)

  self.class.swagger_types.each_pair do |key, type|
    if type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        send("#{key}=", attributes[self.class.attribute_map[key]].map do |v|
                          _deserialize(Regexp.last_match(1), v)
                        end)
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
    end
  end

  self
end

#eql?(other) ⇒ Boolean

See Also:

• `==` method

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 122

def eql?(other)
  self == other
end

#hash ⇒ Fixnum

Calculates hash code according to all attributes.

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 128

def hash
  [fs_group, run_as_group, run_as_non_root, run_as_user, se_linux_options, supplemental_groups,
   sysctls].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 95

def list_invalid_properties
  []
end

#to_body ⇒ Hash

to_body is an alias to to_hash (backward compatibility)

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 206

def to_body
  to_hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 212

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = send(attr)
    next if value.nil?

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 200

def to_s
  to_hash.to_s
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

# File 'lib/kubernetes/models/v1_pod_security_context.rb', line 101

def valid?
  true
end