Class: Google::Apis::CloudbuildV2::SecurityContext

Inherits:

Object

Object
Google::Apis::CloudbuildV2::SecurityContext

show all

Includes:: Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport

Defined in:: lib/google/apis/cloudbuild_v2/classes.rb,
lib/google/apis/cloudbuild_v2/representations.rb,
lib/google/apis/cloudbuild_v2/representations.rb

Overview

Security options the container should be run with.

Instance Attribute Summary collapse

#allow_privilege_escalation ⇒ Boolean (also: #allow_privilege_escalation?)
Optional.
#capabilities ⇒ Google::Apis::CloudbuildV2::Capabilities
Capabilities adds and removes POSIX capabilities from running containers.
#privileged ⇒ Boolean (also: #privileged?)
Run container in privileged mode.
#run_as_group ⇒ Fixnum
Optional.
#run_as_non_root ⇒ Boolean (also: #run_as_non_root?)
Optional.
#run_as_user ⇒ Fixnum
Optional.

Instance Method Summary collapse

#initialize(**args) ⇒ SecurityContext constructor
A new instance of SecurityContext.
#update!(**args) ⇒ Object
Update properties of this object.

Constructor Details

#initialize(**args) ⇒ `SecurityContext`

Returns a new instance of SecurityContext.



2465
2466
2467

# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2465

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allow_privilege_escalation ⇒ `Boolean` Also known as: allow_privilege_escalation?

Optional. AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec. os.name is windows. +optional Corresponds to the JSON property allowPrivilegeEscalation

Returns:

(Boolean)



2422
2423
2424

# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2422

def allow_privilege_escalation
  @allow_privilege_escalation
end

#capabilities ⇒ `Google::Apis::CloudbuildV2::Capabilities`

Capabilities adds and removes POSIX capabilities from running containers. Corresponds to the JSON property capabilities

Returns:

(Google::Apis::CloudbuildV2::Capabilities)



2428
2429
2430

# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2428

def capabilities
  @capabilities
end

#privileged ⇒ `Boolean` Also known as: privileged?

Run container in privileged mode. Corresponds to the JSON property privileged

Returns:

(Boolean)



2433
2434
2435

# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2433

def privileged
  @privileged
end

#run_as_group ⇒ `Fixnum`

Optional. The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional Corresponds to the JSON property runAsGroup

Returns:

(Fixnum)



2443
2444
2445

# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2443

def run_as_group
  @run_as_group
end

#run_as_non_root ⇒ `Boolean` Also known as: run_as_non_root?

Optional. Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional Corresponds to the JSON property runAsNonRoot

Returns:

(Boolean)



2453
2454
2455

# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2453

def run_as_non_root
  @run_as_non_root
end

#run_as_user ⇒ `Fixnum`

Optional. The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional Corresponds to the JSON property runAsUser

Returns:

(Fixnum)



2463
2464
2465

# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2463

def run_as_user
  @run_as_user
end

Instance Method Details

#update!(**args) ⇒ `Object`

Update properties of this object

# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2470

def update!(**args)
  @allow_privilege_escalation = args[:allow_privilege_escalation] if args.key?(:allow_privilege_escalation)
  @capabilities = args[:capabilities] if args.key?(:capabilities)
  @privileged = args[:privileged] if args.key?(:privileged)
  @run_as_group = args[:run_as_group] if args.key?(:run_as_group)
  @run_as_non_root = args[:run_as_non_root] if args.key?(:run_as_non_root)
  @run_as_user = args[:run_as_user] if args.key?(:run_as_user)
end

Class: Google::Apis::CloudbuildV2::SecurityContext

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ SecurityContext

Instance Attribute Details

#allow_privilege_escalation ⇒ Boolean Also known as: allow_privilege_escalation?

#capabilities ⇒ Google::Apis::CloudbuildV2::Capabilities

#privileged ⇒ Boolean Also known as: privileged?

#run_as_group ⇒ Fixnum

#run_as_non_root ⇒ Boolean Also known as: run_as_non_root?

#run_as_user ⇒ Fixnum

Instance Method Details

#update!(**args) ⇒ Object

#initialize(**args) ⇒ `SecurityContext`

#allow_privilege_escalation ⇒ `Boolean` Also known as: allow_privilege_escalation?

#capabilities ⇒ `Google::Apis::CloudbuildV2::Capabilities`

#privileged ⇒ `Boolean` Also known as: privileged?

#run_as_group ⇒ `Fixnum`

#run_as_non_root ⇒ `Boolean` Also known as: run_as_non_root?

#run_as_user ⇒ `Fixnum`

#update!(**args) ⇒ `Object`