k8s-openapi-ext 0.26.1

Collection of fluent builder traits for Kubernetes objects
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

use super::*;

pub trait SecurityContextExt {
    fn new() -> Self;

    fn allow_privilege_escalation(self, yes: bool) -> Self;
    fn read_only_root_filesystem(self, yes: bool) -> Self;
    fn run_as_group(self, group: i64) -> Self;
    fn run_as_non_root(self, yes: bool) -> Self;
    fn run_as_user(self, user: i64) -> Self;
    fn privileged(self, yes: bool) -> Self;
    fn add_capabilities(self, capabilities: impl IntoIterator<Item = impl ToString>) -> Self;
    fn drop_capabilities(self, capabilities: impl IntoIterator<Item = impl ToString>) -> Self;
}

impl SecurityContextExt for corev1::SecurityContext {
    fn new() -> Self {
        Self {
            // allow_privilege_escalation: todo!(),
            // app_armor_profile: todo!(),
            // capabilities: todo!(),
            // privileged: todo!(),
            // proc_mount: todo!(),
            // read_only_root_filesystem: todo!(),
            // run_as_group: todo!(),
            // run_as_non_root: todo!(),
            // run_as_user: todo!(),
            // se_linux_options: todo!(),
            // seccomp_profile: todo!(),
            // windows_options: todo!(),
            ..default()
        }
    }

    fn allow_privilege_escalation(self, yes: bool) -> Self {
        Self {
            allow_privilege_escalation: Some(yes),
            ..self
        }
    }

    fn read_only_root_filesystem(self, yes: bool) -> Self {
        Self {
            read_only_root_filesystem: Some(yes),
            ..self
        }
    }

    fn run_as_group(self, group: i64) -> Self {
        Self {
            run_as_group: Some(group),
            ..self
        }
    }

    fn run_as_non_root(self, yes: bool) -> Self {
        Self {
            run_as_non_root: Some(yes),
            ..self
        }
    }

    fn run_as_user(self, user: i64) -> Self {
        Self {
            run_as_user: Some(user),
            ..self
        }
    }

    fn privileged(self, privileged: bool) -> Self {
        Self {
            privileged: Some(privileged),
            ..self
        }
    }

    /// Set capabilities 'add' list
    ///
    fn add_capabilities(mut self, capabilities: impl IntoIterator<Item = impl ToString>) -> Self {
        let add = capabilities
            .into_iter()
            .map(|item| item.to_string())
            .collect();
        self.capabilities.get_or_insert_default().add = Some(add);
        self
    }

    /// Set capabilities 'drop' list
    ///
    fn drop_capabilities(mut self, capabilities: impl IntoIterator<Item = impl ToString>) -> Self {
        let drop = capabilities
            .into_iter()
            .map(|item| item.to_string())
            .collect();
        self.capabilities.get_or_insert_default().drop = Some(drop);
        self
    }
}