/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace Batch { namespace Model { /** *

The security context for a job. For more information, see Configure * a security context for a pod or container in the Kubernetes * documentation.

See Also:

AWS * API Reference

*/ class EksContainerSecurityContext { public: AWS_BATCH_API EksContainerSecurityContext(); AWS_BATCH_API EksContainerSecurityContext(Aws::Utils::Json::JsonView jsonValue); AWS_BATCH_API EksContainerSecurityContext& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_BATCH_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

When this parameter is specified, the container is run as the specified user * ID (uid). If this parameter isn't specified, the default is the * user that's specified in the image metadata. This parameter maps to * RunAsUser and MustRanAs policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline long long GetRunAsUser() const{ return m_runAsUser; } /** *

When this parameter is specified, the container is run as the specified user * ID (uid). If this parameter isn't specified, the default is the * user that's specified in the image metadata. This parameter maps to * RunAsUser and MustRanAs policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline bool RunAsUserHasBeenSet() const { return m_runAsUserHasBeenSet; } /** *

When this parameter is specified, the container is run as the specified user * ID (uid). If this parameter isn't specified, the default is the * user that's specified in the image metadata. This parameter maps to * RunAsUser and MustRanAs policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline void SetRunAsUser(long long value) { m_runAsUserHasBeenSet = true; m_runAsUser = value; } /** *

When this parameter is specified, the container is run as the specified user * ID (uid). If this parameter isn't specified, the default is the * user that's specified in the image metadata. This parameter maps to * RunAsUser and MustRanAs policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline EksContainerSecurityContext& WithRunAsUser(long long value) { SetRunAsUser(value); return *this;} /** *

When this parameter is specified, the container is run as the specified group * ID (gid). If this parameter isn't specified, the default is the * group that's specified in the image metadata. This parameter maps to * RunAsGroup and MustRunAs policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline long long GetRunAsGroup() const{ return m_runAsGroup; } /** *

When this parameter is specified, the container is run as the specified group * ID (gid). If this parameter isn't specified, the default is the * group that's specified in the image metadata. This parameter maps to * RunAsGroup and MustRunAs policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline bool RunAsGroupHasBeenSet() const { return m_runAsGroupHasBeenSet; } /** *

When this parameter is specified, the container is run as the specified group * ID (gid). If this parameter isn't specified, the default is the * group that's specified in the image metadata. This parameter maps to * RunAsGroup and MustRunAs policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline void SetRunAsGroup(long long value) { m_runAsGroupHasBeenSet = true; m_runAsGroup = value; } /** *

When this parameter is specified, the container is run as the specified group * ID (gid). If this parameter isn't specified, the default is the * group that's specified in the image metadata. This parameter maps to * RunAsGroup and MustRunAs policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline EksContainerSecurityContext& WithRunAsGroup(long long value) { SetRunAsGroup(value); return *this;} /** *

When this parameter is true, the container is given elevated * permissions on the host container instance. The level of permissions are similar * to the root user permissions. The default value is * false. This parameter maps to privileged policy in the * Privileged * pod security policies in the Kubernetes documentation.

*/ inline bool GetPrivileged() const{ return m_privileged; } /** *

When this parameter is true, the container is given elevated * permissions on the host container instance. The level of permissions are similar * to the root user permissions. The default value is * false. This parameter maps to privileged policy in the * Privileged * pod security policies in the Kubernetes documentation.

*/ inline bool PrivilegedHasBeenSet() const { return m_privilegedHasBeenSet; } /** *

When this parameter is true, the container is given elevated * permissions on the host container instance. The level of permissions are similar * to the root user permissions. The default value is * false. This parameter maps to privileged policy in the * Privileged * pod security policies in the Kubernetes documentation.

*/ inline void SetPrivileged(bool value) { m_privilegedHasBeenSet = true; m_privileged = value; } /** *

When this parameter is true, the container is given elevated * permissions on the host container instance. The level of permissions are similar * to the root user permissions. The default value is * false. This parameter maps to privileged policy in the * Privileged * pod security policies in the Kubernetes documentation.

*/ inline EksContainerSecurityContext& WithPrivileged(bool value) { SetPrivileged(value); return *this;} /** *

When this parameter is true, the container is given read-only * access to its root file system. The default value is false. This * parameter maps to ReadOnlyRootFilesystem policy in the Volumes * and file systems pod security policies in the Kubernetes * documentation.

*/ inline bool GetReadOnlyRootFilesystem() const{ return m_readOnlyRootFilesystem; } /** *

When this parameter is true, the container is given read-only * access to its root file system. The default value is false. This * parameter maps to ReadOnlyRootFilesystem policy in the Volumes * and file systems pod security policies in the Kubernetes * documentation.

*/ inline bool ReadOnlyRootFilesystemHasBeenSet() const { return m_readOnlyRootFilesystemHasBeenSet; } /** *

When this parameter is true, the container is given read-only * access to its root file system. The default value is false. This * parameter maps to ReadOnlyRootFilesystem policy in the Volumes * and file systems pod security policies in the Kubernetes * documentation.

*/ inline void SetReadOnlyRootFilesystem(bool value) { m_readOnlyRootFilesystemHasBeenSet = true; m_readOnlyRootFilesystem = value; } /** *

When this parameter is true, the container is given read-only * access to its root file system. The default value is false. This * parameter maps to ReadOnlyRootFilesystem policy in the Volumes * and file systems pod security policies in the Kubernetes * documentation.

*/ inline EksContainerSecurityContext& WithReadOnlyRootFilesystem(bool value) { SetReadOnlyRootFilesystem(value); return *this;} /** *

When this parameter is specified, the container is run as a user with a * uid other than 0. If this parameter isn't specified, so such rule * is enforced. This parameter maps to RunAsUser and * MustRunAsNonRoot policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline bool GetRunAsNonRoot() const{ return m_runAsNonRoot; } /** *

When this parameter is specified, the container is run as a user with a * uid other than 0. If this parameter isn't specified, so such rule * is enforced. This parameter maps to RunAsUser and * MustRunAsNonRoot policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline bool RunAsNonRootHasBeenSet() const { return m_runAsNonRootHasBeenSet; } /** *

When this parameter is specified, the container is run as a user with a * uid other than 0. If this parameter isn't specified, so such rule * is enforced. This parameter maps to RunAsUser and * MustRunAsNonRoot policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline void SetRunAsNonRoot(bool value) { m_runAsNonRootHasBeenSet = true; m_runAsNonRoot = value; } /** *

When this parameter is specified, the container is run as a user with a * uid other than 0. If this parameter isn't specified, so such rule * is enforced. This parameter maps to RunAsUser and * MustRunAsNonRoot policy in the Users * and groups pod security policies in the Kubernetes documentation.

*/ inline EksContainerSecurityContext& WithRunAsNonRoot(bool value) { SetRunAsNonRoot(value); return *this;} private: long long m_runAsUser; bool m_runAsUserHasBeenSet = false; long long m_runAsGroup; bool m_runAsGroupHasBeenSet = false; bool m_privileged; bool m_privilegedHasBeenSet = false; bool m_readOnlyRootFilesystem; bool m_readOnlyRootFilesystemHasBeenSet = false; bool m_runAsNonRoot; bool m_runAsNonRootHasBeenSet = false; }; } // namespace Model } // namespace Batch } // namespace Aws