Class: Google::Apis::CloudbuildV2::SecurityContext

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
lib/google/apis/cloudbuild_v2/classes.rb,
lib/google/apis/cloudbuild_v2/representations.rb,
lib/google/apis/cloudbuild_v2/representations.rb

Overview

Security options the container should be run with.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ SecurityContext

Returns a new instance of SecurityContext.



2107
2108
2109
# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2107

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allow_privilege_escalationBoolean Also known as: allow_privilege_escalation?

Optional. AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec. os.name is windows. +optional Corresponds to the JSON property allowPrivilegeEscalation

Returns:

  • (Boolean)


2064
2065
2066
# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2064

def allow_privilege_escalation
  @allow_privilege_escalation
end

#capabilitiesGoogle::Apis::CloudbuildV2::Capabilities

Capabilities adds and removes POSIX capabilities from running containers. Corresponds to the JSON property capabilities



2070
2071
2072
# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2070

def capabilities
  @capabilities
end

#privilegedBoolean Also known as: privileged?

Run container in privileged mode. Corresponds to the JSON property privileged

Returns:

  • (Boolean)


2075
2076
2077
# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2075

def privileged
  @privileged
end

#run_as_groupFixnum

Optional. The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional Corresponds to the JSON property runAsGroup

Returns:

  • (Fixnum)


2085
2086
2087
# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2085

def run_as_group
  @run_as_group
end

#run_as_non_rootBoolean Also known as: run_as_non_root?

Optional. Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional Corresponds to the JSON property runAsNonRoot

Returns:

  • (Boolean)


2095
2096
2097
# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2095

def run_as_non_root
  @run_as_non_root
end

#run_as_userFixnum

Optional. The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional Corresponds to the JSON property runAsUser

Returns:

  • (Fixnum)


2105
2106
2107
# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2105

def run_as_user
  @run_as_user
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



2112
2113
2114
2115
2116
2117
2118
2119
# File 'lib/google/apis/cloudbuild_v2/classes.rb', line 2112

def update!(**args)
  @allow_privilege_escalation = args[:allow_privilege_escalation] if args.key?(:allow_privilege_escalation)
  @capabilities = args[:capabilities] if args.key?(:capabilities)
  @privileged = args[:privileged] if args.key?(:privileged)
  @run_as_group = args[:run_as_group] if args.key?(:run_as_group)
  @run_as_non_root = args[:run_as_non_root] if args.key?(:run_as_non_root)
  @run_as_user = args[:run_as_user] if args.key?(:run_as_user)
end