com.amazonaws.services.batch.model.EksContainerSecurityContext Maven / Gradle / Ivy
Show all versions of aws-java-sdk-batch Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.batch.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
* The security context for a job. For more information, see Configure a security context for a
* pod or container in the Kubernetes documentation.
*
*
* @see AWS
* API Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class EksContainerSecurityContext implements Serializable, Cloneable, StructuredPojo {
/**
*
* When this parameter is specified, the container is run as the specified user ID (uid). If this
* parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to
* RunAsUser and MustRanAs policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*/
private Long runAsUser;
/**
*
* When this parameter is specified, the container is run as the specified group ID (gid). If this
* parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps
* to RunAsGroup and MustRunAs policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*/
private Long runAsGroup;
/**
*
* When this parameter is true, the container is given elevated permissions on the host container
* instance. The level of permissions are similar to the root user permissions. The default value is
* false. This parameter maps to privileged policy in the Privileged pod security
* policies in the Kubernetes documentation.
*
*/
private Boolean privileged;
/**
*
* Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The
* default value is false.
*
*/
private Boolean allowPrivilegeEscalation;
/**
*
* When this parameter is true, the container is given read-only access to its root file system. The
* default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and
* file systems pod security policies in the Kubernetes documentation.
*
*/
private Boolean readOnlyRootFilesystem;
/**
*
* When this parameter is specified, the container is run as a user with a uid other than 0. If this
* parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and
* MustRunAsNonRoot policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*/
private Boolean runAsNonRoot;
/**
*
* When this parameter is specified, the container is run as the specified user ID (uid). If this
* parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to
* RunAsUser and MustRanAs policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @param runAsUser
* When this parameter is specified, the container is run as the specified user ID (uid). If
* this parameter isn't specified, the default is the user that's specified in the image metadata. This
* parameter maps to RunAsUser and MustRanAs policy in the Users and groups
* pod security policies in the Kubernetes documentation.
*/
public void setRunAsUser(Long runAsUser) {
this.runAsUser = runAsUser;
}
/**
*
* When this parameter is specified, the container is run as the specified user ID (uid). If this
* parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to
* RunAsUser and MustRanAs policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @return When this parameter is specified, the container is run as the specified user ID (uid). If
* this parameter isn't specified, the default is the user that's specified in the image metadata. This
* parameter maps to RunAsUser and MustRanAs policy in the Users and
* groups pod security policies in the Kubernetes documentation.
*/
public Long getRunAsUser() {
return this.runAsUser;
}
/**
*
* When this parameter is specified, the container is run as the specified user ID (uid). If this
* parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to
* RunAsUser and MustRanAs policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @param runAsUser
* When this parameter is specified, the container is run as the specified user ID (uid). If
* this parameter isn't specified, the default is the user that's specified in the image metadata. This
* parameter maps to RunAsUser and MustRanAs policy in the Users and groups
* pod security policies in the Kubernetes documentation.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public EksContainerSecurityContext withRunAsUser(Long runAsUser) {
setRunAsUser(runAsUser);
return this;
}
/**
*
* When this parameter is specified, the container is run as the specified group ID (gid). If this
* parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps
* to RunAsGroup and MustRunAs policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @param runAsGroup
* When this parameter is specified, the container is run as the specified group ID (gid). If
* this parameter isn't specified, the default is the group that's specified in the image metadata. This
* parameter maps to RunAsGroup and MustRunAs policy in the Users and groups
* pod security policies in the Kubernetes documentation.
*/
public void setRunAsGroup(Long runAsGroup) {
this.runAsGroup = runAsGroup;
}
/**
*
* When this parameter is specified, the container is run as the specified group ID (gid). If this
* parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps
* to RunAsGroup and MustRunAs policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @return When this parameter is specified, the container is run as the specified group ID (gid). If
* this parameter isn't specified, the default is the group that's specified in the image metadata. This
* parameter maps to RunAsGroup and MustRunAs policy in the Users and
* groups pod security policies in the Kubernetes documentation.
*/
public Long getRunAsGroup() {
return this.runAsGroup;
}
/**
*
* When this parameter is specified, the container is run as the specified group ID (gid). If this
* parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps
* to RunAsGroup and MustRunAs policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @param runAsGroup
* When this parameter is specified, the container is run as the specified group ID (gid). If
* this parameter isn't specified, the default is the group that's specified in the image metadata. This
* parameter maps to RunAsGroup and MustRunAs policy in the Users and groups
* pod security policies in the Kubernetes documentation.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public EksContainerSecurityContext withRunAsGroup(Long runAsGroup) {
setRunAsGroup(runAsGroup);
return this;
}
/**
*
* When this parameter is true, the container is given elevated permissions on the host container
* instance. The level of permissions are similar to the root user permissions. The default value is
* false. This parameter maps to privileged policy in the Privileged pod security
* policies in the Kubernetes documentation.
*
*
* @param privileged
* When this parameter is true, the container is given elevated permissions on the host
* container instance. The level of permissions are similar to the root user permissions. The
* default value is false. This parameter maps to privileged policy in the Privileged pod
* security policies in the Kubernetes documentation.
*/
public void setPrivileged(Boolean privileged) {
this.privileged = privileged;
}
/**
*
* When this parameter is true, the container is given elevated permissions on the host container
* instance. The level of permissions are similar to the root user permissions. The default value is
* false. This parameter maps to privileged policy in the Privileged pod security
* policies in the Kubernetes documentation.
*
*
* @return When this parameter is true, the container is given elevated permissions on the host
* container instance. The level of permissions are similar to the root user permissions. The
* default value is false. This parameter maps to privileged policy in the Privileged pod
* security policies in the Kubernetes documentation.
*/
public Boolean getPrivileged() {
return this.privileged;
}
/**
*
* When this parameter is true, the container is given elevated permissions on the host container
* instance. The level of permissions are similar to the root user permissions. The default value is
* false. This parameter maps to privileged policy in the Privileged pod security
* policies in the Kubernetes documentation.
*
*
* @param privileged
* When this parameter is true, the container is given elevated permissions on the host
* container instance. The level of permissions are similar to the root user permissions. The
* default value is false. This parameter maps to privileged policy in the Privileged pod
* security policies in the Kubernetes documentation.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public EksContainerSecurityContext withPrivileged(Boolean privileged) {
setPrivileged(privileged);
return this;
}
/**
*
* When this parameter is true, the container is given elevated permissions on the host container
* instance. The level of permissions are similar to the root user permissions. The default value is
* false. This parameter maps to privileged policy in the Privileged pod security
* policies in the Kubernetes documentation.
*
*
* @return When this parameter is true, the container is given elevated permissions on the host
* container instance. The level of permissions are similar to the root user permissions. The
* default value is false. This parameter maps to privileged policy in the Privileged pod
* security policies in the Kubernetes documentation.
*/
public Boolean isPrivileged() {
return this.privileged;
}
/**
*
* Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The
* default value is false.
*
*
* @param allowPrivilegeEscalation
* Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process.
* The default value is false.
*/
public void setAllowPrivilegeEscalation(Boolean allowPrivilegeEscalation) {
this.allowPrivilegeEscalation = allowPrivilegeEscalation;
}
/**
*
* Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The
* default value is false.
*
*
* @return Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent
* process. The default value is false.
*/
public Boolean getAllowPrivilegeEscalation() {
return this.allowPrivilegeEscalation;
}
/**
*
* Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The
* default value is false.
*
*
* @param allowPrivilegeEscalation
* Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process.
* The default value is false.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public EksContainerSecurityContext withAllowPrivilegeEscalation(Boolean allowPrivilegeEscalation) {
setAllowPrivilegeEscalation(allowPrivilegeEscalation);
return this;
}
/**
*
* Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The
* default value is false.
*
*
* @return Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent
* process. The default value is false.
*/
public Boolean isAllowPrivilegeEscalation() {
return this.allowPrivilegeEscalation;
}
/**
*
* When this parameter is true, the container is given read-only access to its root file system. The
* default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and
* file systems pod security policies in the Kubernetes documentation.
*
*
* @param readOnlyRootFilesystem
* When this parameter is true, the container is given read-only access to its root file system.
* The default value is false. This parameter maps to ReadOnlyRootFilesystem policy
* in the Volumes
* and file systems pod security policies in the Kubernetes documentation.
*/
public void setReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem) {
this.readOnlyRootFilesystem = readOnlyRootFilesystem;
}
/**
*
* When this parameter is true, the container is given read-only access to its root file system. The
* default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and
* file systems pod security policies in the Kubernetes documentation.
*
*
* @return When this parameter is true, the container is given read-only access to its root file
* system. The default value is false. This parameter maps to
* ReadOnlyRootFilesystem policy in the Volumes
* and file systems pod security policies in the Kubernetes documentation.
*/
public Boolean getReadOnlyRootFilesystem() {
return this.readOnlyRootFilesystem;
}
/**
*
* When this parameter is true, the container is given read-only access to its root file system. The
* default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and
* file systems pod security policies in the Kubernetes documentation.
*
*
* @param readOnlyRootFilesystem
* When this parameter is true, the container is given read-only access to its root file system.
* The default value is false. This parameter maps to ReadOnlyRootFilesystem policy
* in the Volumes
* and file systems pod security policies in the Kubernetes documentation.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public EksContainerSecurityContext withReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem) {
setReadOnlyRootFilesystem(readOnlyRootFilesystem);
return this;
}
/**
*
* When this parameter is true, the container is given read-only access to its root file system. The
* default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and
* file systems pod security policies in the Kubernetes documentation.
*
*
* @return When this parameter is true, the container is given read-only access to its root file
* system. The default value is false. This parameter maps to
* ReadOnlyRootFilesystem policy in the Volumes
* and file systems pod security policies in the Kubernetes documentation.
*/
public Boolean isReadOnlyRootFilesystem() {
return this.readOnlyRootFilesystem;
}
/**
*
* When this parameter is specified, the container is run as a user with a uid other than 0. If this
* parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and
* MustRunAsNonRoot policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @param runAsNonRoot
* When this parameter is specified, the container is run as a user with a uid other than 0. If
* this parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser
* and MustRunAsNonRoot policy in the Users and groups
* pod security policies in the Kubernetes documentation.
*/
public void setRunAsNonRoot(Boolean runAsNonRoot) {
this.runAsNonRoot = runAsNonRoot;
}
/**
*
* When this parameter is specified, the container is run as a user with a uid other than 0. If this
* parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and
* MustRunAsNonRoot policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @return When this parameter is specified, the container is run as a user with a uid other than 0. If
* this parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser
* and MustRunAsNonRoot policy in the Users and
* groups pod security policies in the Kubernetes documentation.
*/
public Boolean getRunAsNonRoot() {
return this.runAsNonRoot;
}
/**
*
* When this parameter is specified, the container is run as a user with a uid other than 0. If this
* parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and
* MustRunAsNonRoot policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @param runAsNonRoot
* When this parameter is specified, the container is run as a user with a uid other than 0. If
* this parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser
* and MustRunAsNonRoot policy in the Users and groups
* pod security policies in the Kubernetes documentation.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public EksContainerSecurityContext withRunAsNonRoot(Boolean runAsNonRoot) {
setRunAsNonRoot(runAsNonRoot);
return this;
}
/**
*
* When this parameter is specified, the container is run as a user with a uid other than 0. If this
* parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and
* MustRunAsNonRoot policy in the Users and groups pod
* security policies in the Kubernetes documentation.
*
*
* @return When this parameter is specified, the container is run as a user with a uid other than 0. If
* this parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser
* and MustRunAsNonRoot policy in the Users and
* groups pod security policies in the Kubernetes documentation.
*/
public Boolean isRunAsNonRoot() {
return this.runAsNonRoot;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getRunAsUser() != null)
sb.append("RunAsUser: ").append(getRunAsUser()).append(",");
if (getRunAsGroup() != null)
sb.append("RunAsGroup: ").append(getRunAsGroup()).append(",");
if (getPrivileged() != null)
sb.append("Privileged: ").append(getPrivileged()).append(",");
if (getAllowPrivilegeEscalation() != null)
sb.append("AllowPrivilegeEscalation: ").append(getAllowPrivilegeEscalation()).append(",");
if (getReadOnlyRootFilesystem() != null)
sb.append("ReadOnlyRootFilesystem: ").append(getReadOnlyRootFilesystem()).append(",");
if (getRunAsNonRoot() != null)
sb.append("RunAsNonRoot: ").append(getRunAsNonRoot());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof EksContainerSecurityContext == false)
return false;
EksContainerSecurityContext other = (EksContainerSecurityContext) obj;
if (other.getRunAsUser() == null ^ this.getRunAsUser() == null)
return false;
if (other.getRunAsUser() != null && other.getRunAsUser().equals(this.getRunAsUser()) == false)
return false;
if (other.getRunAsGroup() == null ^ this.getRunAsGroup() == null)
return false;
if (other.getRunAsGroup() != null && other.getRunAsGroup().equals(this.getRunAsGroup()) == false)
return false;
if (other.getPrivileged() == null ^ this.getPrivileged() == null)
return false;
if (other.getPrivileged() != null && other.getPrivileged().equals(this.getPrivileged()) == false)
return false;
if (other.getAllowPrivilegeEscalation() == null ^ this.getAllowPrivilegeEscalation() == null)
return false;
if (other.getAllowPrivilegeEscalation() != null && other.getAllowPrivilegeEscalation().equals(this.getAllowPrivilegeEscalation()) == false)
return false;
if (other.getReadOnlyRootFilesystem() == null ^ this.getReadOnlyRootFilesystem() == null)
return false;
if (other.getReadOnlyRootFilesystem() != null && other.getReadOnlyRootFilesystem().equals(this.getReadOnlyRootFilesystem()) == false)
return false;
if (other.getRunAsNonRoot() == null ^ this.getRunAsNonRoot() == null)
return false;
if (other.getRunAsNonRoot() != null && other.getRunAsNonRoot().equals(this.getRunAsNonRoot()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getRunAsUser() == null) ? 0 : getRunAsUser().hashCode());
hashCode = prime * hashCode + ((getRunAsGroup() == null) ? 0 : getRunAsGroup().hashCode());
hashCode = prime * hashCode + ((getPrivileged() == null) ? 0 : getPrivileged().hashCode());
hashCode = prime * hashCode + ((getAllowPrivilegeEscalation() == null) ? 0 : getAllowPrivilegeEscalation().hashCode());
hashCode = prime * hashCode + ((getReadOnlyRootFilesystem() == null) ? 0 : getReadOnlyRootFilesystem().hashCode());
hashCode = prime * hashCode + ((getRunAsNonRoot() == null) ? 0 : getRunAsNonRoot().hashCode());
return hashCode;
}
@Override
public EksContainerSecurityContext clone() {
try {
return (EksContainerSecurityContext) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.batch.model.transform.EksContainerSecurityContextMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}