org.cdk8s.plus23.ContainerSecurityContext Maven / Gradle / Ivy
package org.cdk8s.plus23;
/**
* Container security attributes and settings.
*/
@javax.annotation.Generated(value = "jsii-pacmak/1.75.0 (build 63bb957)", date = "2023-02-21T09:46:03.557Z")
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
@software.amazon.jsii.Jsii(module = org.cdk8s.plus23.$Module.class, fqn = "cdk8s-plus-23.ContainerSecurityContext")
public class ContainerSecurityContext extends software.amazon.jsii.JsiiObject {
protected ContainerSecurityContext(final software.amazon.jsii.JsiiObjectRef objRef) {
super(objRef);
}
protected ContainerSecurityContext(final software.amazon.jsii.JsiiObject.InitializationMode initializationMode) {
super(initializationMode);
}
/**
* @param props
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public ContainerSecurityContext(final @org.jetbrains.annotations.Nullable org.cdk8s.plus23.ContainerSecurityContextProps props) {
super(software.amazon.jsii.JsiiObject.InitializationMode.JSII);
software.amazon.jsii.JsiiEngine.getInstance().createNewObject(this, new Object[] { props });
}
/**
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public ContainerSecurityContext() {
super(software.amazon.jsii.JsiiObject.InitializationMode.JSII);
software.amazon.jsii.JsiiEngine.getInstance().createNewObject(this);
}
/**
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public @org.jetbrains.annotations.NotNull java.lang.Boolean getEnsureNonRoot() {
return software.amazon.jsii.Kernel.get(this, "ensureNonRoot", software.amazon.jsii.NativeType.forClass(java.lang.Boolean.class));
}
/**
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public @org.jetbrains.annotations.NotNull java.lang.Boolean getPrivileged() {
return software.amazon.jsii.Kernel.get(this, "privileged", software.amazon.jsii.NativeType.forClass(java.lang.Boolean.class));
}
/**
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public @org.jetbrains.annotations.NotNull java.lang.Boolean getReadOnlyRootFilesystem() {
return software.amazon.jsii.Kernel.get(this, "readOnlyRootFilesystem", software.amazon.jsii.NativeType.forClass(java.lang.Boolean.class));
}
/**
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public @org.jetbrains.annotations.Nullable java.lang.Boolean getAllowPrivilegeEscalation() {
return software.amazon.jsii.Kernel.get(this, "allowPrivilegeEscalation", software.amazon.jsii.NativeType.forClass(java.lang.Boolean.class));
}
/**
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public @org.jetbrains.annotations.Nullable java.lang.Number getGroup() {
return software.amazon.jsii.Kernel.get(this, "group", software.amazon.jsii.NativeType.forClass(java.lang.Number.class));
}
/**
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public @org.jetbrains.annotations.Nullable java.lang.Number getUser() {
return software.amazon.jsii.Kernel.get(this, "user", software.amazon.jsii.NativeType.forClass(java.lang.Number.class));
}
/**
* A fluent builder for {@link org.cdk8s.plus23.ContainerSecurityContext}.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public static final class Builder implements software.amazon.jsii.Builder {
/**
* @return a new instance of {@link Builder}.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public static Builder create() {
return new Builder();
}
private org.cdk8s.plus23.ContainerSecurityContextProps.Builder props;
private Builder() {
}
/**
* Whether a process can gain more privileges than its parent process.
*
* Default: false
*
* @return {@code this}
* @param allowPrivilegeEscalation Whether a process can gain more privileges than its parent process. This parameter is required.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public Builder allowPrivilegeEscalation(final java.lang.Boolean allowPrivilegeEscalation) {
this.props().allowPrivilegeEscalation(allowPrivilegeEscalation);
return this;
}
/**
* Indicates that the container must run as a non-root user.
*
* If true, the Kubelet will validate the image at runtime to ensure that it does
* not run as UID 0 (root) and fail to start the container if it does.
*
* Default: true
*
* @return {@code this}
* @param ensureNonRoot Indicates that the container must run as a non-root user. This parameter is required.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public Builder ensureNonRoot(final java.lang.Boolean ensureNonRoot) {
this.props().ensureNonRoot(ensureNonRoot);
return this;
}
/**
* The GID to run the entrypoint of the container process.
*
* Default: - 26000. An arbitrary number bigger than 9999 is selected here.
* This is so that the container is blocked to access host files even if
* somehow it manages to get access to host file system.
*
* @return {@code this}
* @param group The GID to run the entrypoint of the container process. This parameter is required.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public Builder group(final java.lang.Number group) {
this.props().group(group);
return this;
}
/**
* Run container in privileged mode.
*
* Processes in privileged containers are essentially equivalent to root on the host.
*
* Default: false
*
* @return {@code this}
* @param privileged Run container in privileged mode. This parameter is required.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public Builder privileged(final java.lang.Boolean privileged) {
this.props().privileged(privileged);
return this;
}
/**
* Whether this container has a read-only root filesystem.
*
* Default: true
*
* @return {@code this}
* @param readOnlyRootFilesystem Whether this container has a read-only root filesystem. This parameter is required.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public Builder readOnlyRootFilesystem(final java.lang.Boolean readOnlyRootFilesystem) {
this.props().readOnlyRootFilesystem(readOnlyRootFilesystem);
return this;
}
/**
* The UID to run the entrypoint of the container process.
*
* Default: - 25000. An arbitrary number bigger than 9999 is selected here.
* This is so that the container is blocked to access host files even if
* somehow it manages to get access to host file system.
*
* @return {@code this}
* @param user The UID to run the entrypoint of the container process. This parameter is required.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
public Builder user(final java.lang.Number user) {
this.props().user(user);
return this;
}
/**
* @returns a newly built instance of {@link org.cdk8s.plus23.ContainerSecurityContext}.
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
@Override
public org.cdk8s.plus23.ContainerSecurityContext build() {
return new org.cdk8s.plus23.ContainerSecurityContext(
this.props != null ? this.props.build() : null
);
}
private org.cdk8s.plus23.ContainerSecurityContextProps.Builder props() {
if (this.props == null) {
this.props = new org.cdk8s.plus23.ContainerSecurityContextProps.Builder();
}
return this.props;
}
}
}