313 lines
15 KiB
C#
313 lines
15 KiB
C#
// <auto-generated>
|
|
// Code generated by Microsoft (R) AutoRest Code Generator.
|
|
// Changes may cause incorrect behavior and will be lost if the code is
|
|
// regenerated.
|
|
// </auto-generated>
|
|
|
|
namespace k8s.Models
|
|
{
|
|
using Microsoft.Rest;
|
|
using Newtonsoft.Json;
|
|
using System.Collections;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
|
|
/// <summary>
|
|
/// Pod Security Policy Spec defines the policy enforced.
|
|
/// </summary>
|
|
public partial class Extensionsv1beta1PodSecurityPolicySpec
|
|
{
|
|
/// <summary>
|
|
/// Initializes a new instance of the
|
|
/// Extensionsv1beta1PodSecurityPolicySpec class.
|
|
/// </summary>
|
|
public Extensionsv1beta1PodSecurityPolicySpec()
|
|
{
|
|
CustomInit();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the
|
|
/// Extensionsv1beta1PodSecurityPolicySpec class.
|
|
/// </summary>
|
|
/// <param name="fsGroup">FSGroup is the strategy that will dictate
|
|
/// what fs group is used by the SecurityContext.</param>
|
|
/// <param name="runAsUser">runAsUser is the strategy that will dictate
|
|
/// the allowable RunAsUser values that may be set.</param>
|
|
/// <param name="seLinux">seLinux is the strategy that will dictate the
|
|
/// allowable labels that may be set.</param>
|
|
/// <param name="supplementalGroups">SupplementalGroups is the strategy
|
|
/// that will dictate what supplemental groups are used by the
|
|
/// SecurityContext.</param>
|
|
/// <param name="allowPrivilegeEscalation">AllowPrivilegeEscalation
|
|
/// determines if a pod can request to allow privilege escalation. If
|
|
/// unspecified, defaults to true.</param>
|
|
/// <param name="allowedCapabilities">AllowedCapabilities is a list of
|
|
/// capabilities that can be requested to add to the container.
|
|
/// Capabilities in this field may be added at the pod author's
|
|
/// discretion. You must not list a capability in both
|
|
/// AllowedCapabilities and RequiredDropCapabilities.</param>
|
|
/// <param name="allowedFlexVolumes">AllowedFlexVolumes is a whitelist
|
|
/// of allowed Flexvolumes. Empty or nil indicates that all
|
|
/// Flexvolumes may be used. This parameter is effective only when the
|
|
/// usage of the Flexvolumes is allowed in the "Volumes" field.</param>
|
|
/// <param name="allowedHostPaths">is a white list of allowed host
|
|
/// paths. Empty indicates that all host paths may be used.</param>
|
|
/// <param name="defaultAddCapabilities">DefaultAddCapabilities is the
|
|
/// default set of capabilities that will be added to the container
|
|
/// unless the pod spec specifically drops the capability. You may not
|
|
/// list a capability in both DefaultAddCapabilities and
|
|
/// RequiredDropCapabilities. Capabilities added here are implicitly
|
|
/// allowed, and need not be included in the AllowedCapabilities
|
|
/// list.</param>
|
|
/// <param
|
|
/// name="defaultAllowPrivilegeEscalation">DefaultAllowPrivilegeEscalation
|
|
/// controls the default setting for whether a process can gain more
|
|
/// privileges than its parent process.</param>
|
|
/// <param name="hostIPC">hostIPC determines if the policy allows the
|
|
/// use of HostIPC in the pod spec.</param>
|
|
/// <param name="hostNetwork">hostNetwork determines if the policy
|
|
/// allows the use of HostNetwork in the pod spec.</param>
|
|
/// <param name="hostPID">hostPID determines if the policy allows the
|
|
/// use of HostPID in the pod spec.</param>
|
|
/// <param name="hostPorts">hostPorts determines which host port ranges
|
|
/// are allowed to be exposed.</param>
|
|
/// <param name="privileged">privileged determines if a pod can request
|
|
/// to be run as privileged.</param>
|
|
/// <param name="readOnlyRootFilesystem">ReadOnlyRootFilesystem when
|
|
/// set to true will force containers to run with a read only root file
|
|
/// system. If the container specifically requests to run with a
|
|
/// non-read only root file system the PSP should deny the pod. If set
|
|
/// to false the container may run with a read only root file system if
|
|
/// it wishes but it will not be forced to.</param>
|
|
/// <param name="requiredDropCapabilities">RequiredDropCapabilities are
|
|
/// the capabilities that will be dropped from the container. These
|
|
/// are required to be dropped and cannot be added.</param>
|
|
/// <param name="volumes">volumes is a white list of allowed volume
|
|
/// plugins. Empty indicates that all plugins may be used.</param>
|
|
public Extensionsv1beta1PodSecurityPolicySpec(Extensionsv1beta1FSGroupStrategyOptions fsGroup, Extensionsv1beta1RunAsUserStrategyOptions runAsUser, Extensionsv1beta1SELinuxStrategyOptions seLinux, Extensionsv1beta1SupplementalGroupsStrategyOptions supplementalGroups, bool? allowPrivilegeEscalation = default(bool?), IList<string> allowedCapabilities = default(IList<string>), IList<Extensionsv1beta1AllowedFlexVolume> allowedFlexVolumes = default(IList<Extensionsv1beta1AllowedFlexVolume>), IList<Extensionsv1beta1AllowedHostPath> allowedHostPaths = default(IList<Extensionsv1beta1AllowedHostPath>), IList<string> defaultAddCapabilities = default(IList<string>), bool? defaultAllowPrivilegeEscalation = default(bool?), bool? hostIPC = default(bool?), bool? hostNetwork = default(bool?), bool? hostPID = default(bool?), IList<Extensionsv1beta1HostPortRange> hostPorts = default(IList<Extensionsv1beta1HostPortRange>), bool? privileged = default(bool?), bool? readOnlyRootFilesystem = default(bool?), IList<string> requiredDropCapabilities = default(IList<string>), IList<string> volumes = default(IList<string>))
|
|
{
|
|
AllowPrivilegeEscalation = allowPrivilegeEscalation;
|
|
AllowedCapabilities = allowedCapabilities;
|
|
AllowedFlexVolumes = allowedFlexVolumes;
|
|
AllowedHostPaths = allowedHostPaths;
|
|
DefaultAddCapabilities = defaultAddCapabilities;
|
|
DefaultAllowPrivilegeEscalation = defaultAllowPrivilegeEscalation;
|
|
FsGroup = fsGroup;
|
|
HostIPC = hostIPC;
|
|
HostNetwork = hostNetwork;
|
|
HostPID = hostPID;
|
|
HostPorts = hostPorts;
|
|
Privileged = privileged;
|
|
ReadOnlyRootFilesystem = readOnlyRootFilesystem;
|
|
RequiredDropCapabilities = requiredDropCapabilities;
|
|
RunAsUser = runAsUser;
|
|
SeLinux = seLinux;
|
|
SupplementalGroups = supplementalGroups;
|
|
Volumes = volumes;
|
|
CustomInit();
|
|
}
|
|
|
|
/// <summary>
|
|
/// An initialization method that performs custom operations like setting defaults
|
|
/// </summary>
|
|
partial void CustomInit();
|
|
|
|
/// <summary>
|
|
/// Gets or sets allowPrivilegeEscalation determines if a pod can
|
|
/// request to allow privilege escalation. If unspecified, defaults to
|
|
/// true.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "allowPrivilegeEscalation")]
|
|
public bool? AllowPrivilegeEscalation { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets allowedCapabilities is a list of capabilities that can
|
|
/// be requested to add to the container. Capabilities in this field
|
|
/// may be added at the pod author's discretion. You must not list a
|
|
/// capability in both AllowedCapabilities and
|
|
/// RequiredDropCapabilities.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "allowedCapabilities")]
|
|
public IList<string> AllowedCapabilities { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets allowedFlexVolumes is a whitelist of allowed
|
|
/// Flexvolumes. Empty or nil indicates that all Flexvolumes may be
|
|
/// used. This parameter is effective only when the usage of the
|
|
/// Flexvolumes is allowed in the "Volumes" field.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "allowedFlexVolumes")]
|
|
public IList<Extensionsv1beta1AllowedFlexVolume> AllowedFlexVolumes { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets is a white list of allowed host paths. Empty indicates
|
|
/// that all host paths may be used.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "allowedHostPaths")]
|
|
public IList<Extensionsv1beta1AllowedHostPath> AllowedHostPaths { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets defaultAddCapabilities is the default set of
|
|
/// capabilities that will be added to the container unless the pod
|
|
/// spec specifically drops the capability. You may not list a
|
|
/// capability in both DefaultAddCapabilities and
|
|
/// RequiredDropCapabilities. Capabilities added here are implicitly
|
|
/// allowed, and need not be included in the AllowedCapabilities list.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "defaultAddCapabilities")]
|
|
public IList<string> DefaultAddCapabilities { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets defaultAllowPrivilegeEscalation controls the default
|
|
/// setting for whether a process can gain more privileges than its
|
|
/// parent process.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "defaultAllowPrivilegeEscalation")]
|
|
public bool? DefaultAllowPrivilegeEscalation { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets fSGroup is the strategy that will dictate what fs
|
|
/// group is used by the SecurityContext.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "fsGroup")]
|
|
public Extensionsv1beta1FSGroupStrategyOptions FsGroup { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets hostIPC determines if the policy allows the use of
|
|
/// HostIPC in the pod spec.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "hostIPC")]
|
|
public bool? HostIPC { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets hostNetwork determines if the policy allows the use of
|
|
/// HostNetwork in the pod spec.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "hostNetwork")]
|
|
public bool? HostNetwork { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets hostPID determines if the policy allows the use of
|
|
/// HostPID in the pod spec.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "hostPID")]
|
|
public bool? HostPID { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets hostPorts determines which host port ranges are
|
|
/// allowed to be exposed.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "hostPorts")]
|
|
public IList<Extensionsv1beta1HostPortRange> HostPorts { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets privileged determines if a pod can request to be run
|
|
/// as privileged.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "privileged")]
|
|
public bool? Privileged { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets readOnlyRootFilesystem when set to true will force
|
|
/// containers to run with a read only root file system. If the
|
|
/// container specifically requests to run with a non-read only root
|
|
/// file system the PSP should deny the pod. If set to false the
|
|
/// container may run with a read only root file system if it wishes
|
|
/// but it will not be forced to.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "readOnlyRootFilesystem")]
|
|
public bool? ReadOnlyRootFilesystem { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets requiredDropCapabilities are the capabilities that
|
|
/// will be dropped from the container. These are required to be
|
|
/// dropped and cannot be added.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "requiredDropCapabilities")]
|
|
public IList<string> RequiredDropCapabilities { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets runAsUser is the strategy that will dictate the
|
|
/// allowable RunAsUser values that may be set.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "runAsUser")]
|
|
public Extensionsv1beta1RunAsUserStrategyOptions RunAsUser { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets seLinux is the strategy that will dictate the
|
|
/// allowable labels that may be set.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "seLinux")]
|
|
public Extensionsv1beta1SELinuxStrategyOptions SeLinux { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets supplementalGroups is the strategy that will dictate
|
|
/// what supplemental groups are used by the SecurityContext.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "supplementalGroups")]
|
|
public Extensionsv1beta1SupplementalGroupsStrategyOptions SupplementalGroups { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets volumes is a white list of allowed volume plugins.
|
|
/// Empty indicates that all plugins may be used.
|
|
/// </summary>
|
|
[JsonProperty(PropertyName = "volumes")]
|
|
public IList<string> Volumes { get; set; }
|
|
|
|
/// <summary>
|
|
/// Validate the object.
|
|
/// </summary>
|
|
/// <exception cref="ValidationException">
|
|
/// Thrown if validation fails
|
|
/// </exception>
|
|
public virtual void Validate()
|
|
{
|
|
if (FsGroup == null)
|
|
{
|
|
throw new ValidationException(ValidationRules.CannotBeNull, "FsGroup");
|
|
}
|
|
if (RunAsUser == null)
|
|
{
|
|
throw new ValidationException(ValidationRules.CannotBeNull, "RunAsUser");
|
|
}
|
|
if (SeLinux == null)
|
|
{
|
|
throw new ValidationException(ValidationRules.CannotBeNull, "SeLinux");
|
|
}
|
|
if (SupplementalGroups == null)
|
|
{
|
|
throw new ValidationException(ValidationRules.CannotBeNull, "SupplementalGroups");
|
|
}
|
|
if (AllowedFlexVolumes != null)
|
|
{
|
|
foreach (var element in AllowedFlexVolumes)
|
|
{
|
|
if (element != null)
|
|
{
|
|
element.Validate();
|
|
}
|
|
}
|
|
}
|
|
if (HostPorts != null)
|
|
{
|
|
foreach (var element1 in HostPorts)
|
|
{
|
|
if (element1 != null)
|
|
{
|
|
element1.Validate();
|
|
}
|
|
}
|
|
}
|
|
if (RunAsUser != null)
|
|
{
|
|
RunAsUser.Validate();
|
|
}
|
|
if (SeLinux != null)
|
|
{
|
|
SeLinux.Validate();
|
|
}
|
|
}
|
|
}
|
|
}
|