k8s_openapi_ext/ext/
security_context.rs1use super::*;
2
3pub trait SecurityContextExt {
4 fn new() -> Self;
5
6 fn allow_privilege_escalation(self, yes: bool) -> Self;
7 fn read_only_root_filesystem(self, yes: bool) -> Self;
8 fn run_as_group(self, group: i64) -> Self;
9 fn run_as_non_root(self, yes: bool) -> Self;
10 fn run_as_user(self, user: i64) -> Self;
11 fn privileged(self, yes: bool) -> Self;
12 fn add_capabilities(self, capabilities: impl IntoIterator<Item = impl ToString>) -> Self;
13 fn drop_capabilities(self, capabilities: impl IntoIterator<Item = impl ToString>) -> Self;
14}
15
16impl SecurityContextExt for corev1::SecurityContext {
17 fn new() -> Self {
18 Self {
19 ..default()
32 }
33 }
34
35 fn allow_privilege_escalation(self, yes: bool) -> Self {
36 Self {
37 allow_privilege_escalation: Some(yes),
38 ..self
39 }
40 }
41
42 fn read_only_root_filesystem(self, yes: bool) -> Self {
43 Self {
44 read_only_root_filesystem: Some(yes),
45 ..self
46 }
47 }
48
49 fn run_as_group(self, group: i64) -> Self {
50 Self {
51 run_as_group: Some(group),
52 ..self
53 }
54 }
55
56 fn run_as_non_root(self, yes: bool) -> Self {
57 Self {
58 run_as_non_root: Some(yes),
59 ..self
60 }
61 }
62
63 fn run_as_user(self, user: i64) -> Self {
64 Self {
65 run_as_user: Some(user),
66 ..self
67 }
68 }
69
70 fn privileged(self, privileged: bool) -> Self {
71 Self {
72 privileged: Some(privileged),
73 ..self
74 }
75 }
76
77 fn add_capabilities(mut self, capabilities: impl IntoIterator<Item = impl ToString>) -> Self {
80 let add = capabilities
81 .into_iter()
82 .map(|item| item.to_string())
83 .collect();
84 self.capabilities.get_or_insert_default().add = Some(add);
85 self
86 }
87
88 fn drop_capabilities(mut self, capabilities: impl IntoIterator<Item = impl ToString>) -> Self {
91 let drop = capabilities
92 .into_iter()
93 .map(|item| item.to_string())
94 .collect();
95 self.capabilities.get_or_insert_default().drop = Some(drop);
96 self
97 }
98}