openshift_openapi/v4_5/api/security/v1/
security_context_constraints.rs

1// Generated from definition com.github.openshift.api.security.v1.SecurityContextConstraints
2
3/// SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.
4#[derive(Clone, Debug, Default, PartialEq)]
5pub struct SecurityContextConstraints {
6    /// AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin
7    pub allow_host_dir_volume_plugin: bool,
8
9    /// AllowHostIPC determines if the policy allows host ipc in the containers.
10    pub allow_host_ipc: bool,
11
12    /// AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
13    pub allow_host_network: bool,
14
15    /// AllowHostPID determines if the policy allows host pid in the containers.
16    pub allow_host_pid: bool,
17
18    /// AllowHostPorts determines if the policy allows host ports in the containers.
19    pub allow_host_ports: bool,
20
21    /// AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
22    pub allow_privilege_escalation: Option<bool>,
23
24    /// AllowPrivilegedContainer determines if a container can request to be run as privileged.
25    pub allow_privileged_container: bool,
26
27    /// AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.
28    pub allowed_capabilities: Vec<String>,
29
30    /// AllowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field.
31    pub allowed_flex_volumes: Option<Vec<crate::api::security::v1::AllowedFlexVolume>>,
32
33    /// AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
34    ///
35    /// Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
36    pub allowed_unsafe_sysctls: Option<Vec<String>>,
37
38    /// DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.
39    pub default_add_capabilities: Vec<String>,
40
41    /// DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
42    pub default_allow_privilege_escalation: Option<bool>,
43
44    /// ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
45    ///
46    /// Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
47    pub forbidden_sysctls: Option<Vec<String>>,
48
49    /// FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
50    pub fs_group: Option<crate::api::security::v1::FSGroupStrategyOptions>,
51
52    /// The groups that have permission to use this security context constraints
53    pub groups: Option<Vec<String>>,
54
55    /// Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
56    pub metadata: k8s_openapi::apimachinery::pkg::apis::meta::v1::ObjectMeta,
57
58    /// Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.
59    pub priority: i32,
60
61    /// ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
62    pub read_only_root_filesystem: bool,
63
64    /// RequiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
65    pub required_drop_capabilities: Vec<String>,
66
67    /// RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.
68    pub run_as_user: Option<crate::api::security::v1::RunAsUserStrategyOptions>,
69
70    /// SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.
71    pub se_linux_context: Option<crate::api::security::v1::SELinuxContextStrategyOptions>,
72
73    /// SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations.  An unset (nil) or empty value means that no profiles may be specifid by the pod or container.    The wildcard '*' may be used to allow all profiles.  When used to generate a value for a pod the first non-wildcard profile will be used as the default.
74    pub seccomp_profiles: Option<Vec<String>>,
75
76    /// SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
77    pub supplemental_groups: Option<crate::api::security::v1::SupplementalGroupsStrategyOptions>,
78
79    /// The users who have permissions to use this security context constraints
80    pub users: Option<Vec<String>>,
81
82    /// Volumes is a white list of allowed volume plugins.  FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir).  To allow all volumes you may use "*". To allow no volumes, set to \["none"\].
83    pub volumes: Vec<String>,
84}
85
86// Begin security.openshift.io/v1/SecurityContextConstraints
87
88// Generated from operation createSecurityOpenshiftIoV1SecurityContextConstraints
89
90impl SecurityContextConstraints {
91    /// create SecurityContextConstraints
92    ///
93    /// Use the returned [`k8s_openapi::ResponseBody`]`<`[`k8s_openapi::CreateResponse`]`<Self>>` constructor, or [`k8s_openapi::CreateResponse`]`<Self>` directly, to parse the HTTP response.
94    ///
95    /// # Arguments
96    ///
97    /// * `body`
98    ///
99    /// * `optional`
100    ///
101    ///     Optional parameters. Use `Default::default()` to not pass any.
102    #[cfg(feature = "api")]
103    pub fn create_security_context_constraints(
104        body: &crate::api::security::v1::SecurityContextConstraints,
105        optional: k8s_openapi::CreateOptional<'_>,
106    ) -> Result<(http::Request<Vec<u8>>, fn(http::StatusCode) -> k8s_openapi::ResponseBody<k8s_openapi::CreateResponse<Self>>), k8s_openapi::RequestError> {
107        let __url = "/apis/security.openshift.io/v1/securitycontextconstraints?".to_owned();
108        let mut __query_pairs = k8s_openapi::url::form_urlencoded::Serializer::new(__url);
109        optional.__serialize(&mut __query_pairs);
110        let __url = __query_pairs.finish();
111
112        let __request = http::Request::post(__url);
113        let __body = serde_json::to_vec(body).map_err(k8s_openapi::RequestError::Json)?;
114        let __request = __request.header(http::header::CONTENT_TYPE, http::header::HeaderValue::from_static("application/json"));
115        match __request.body(__body) {
116            Ok(request) => Ok((request, k8s_openapi::ResponseBody::new)),
117            Err(err) => Err(k8s_openapi::RequestError::Http(err)),
118        }
119    }
120}
121
122// Generated from operation deleteSecurityOpenshiftIoV1CollectionSecurityContextConstraints
123
124impl SecurityContextConstraints {
125    /// delete collection of SecurityContextConstraints
126    ///
127    /// Use the returned [`k8s_openapi::ResponseBody`]`<`[`k8s_openapi::DeleteResponse`]`<`[`k8s_openapi::List`]`<Self>>>` constructor, or [`k8s_openapi::DeleteResponse`]`<`[`k8s_openapi::List`]`<Self>>` directly, to parse the HTTP response.
128    ///
129    /// # Arguments
130    ///
131    /// * `delete_optional`
132    ///
133    ///     Delete options. Use `Default::default()` to not pass any.
134    ///
135    /// * `list_optional`
136    ///
137    ///     List options. Use `Default::default()` to not pass any.
138    #[cfg(feature = "api")]
139    pub fn delete_collection_security_context_constraints(
140        delete_optional: k8s_openapi::DeleteOptional<'_>,
141        list_optional: k8s_openapi::ListOptional<'_>,
142    ) -> Result<(http::Request<Vec<u8>>, fn(http::StatusCode) -> k8s_openapi::ResponseBody<k8s_openapi::DeleteResponse<k8s_openapi::List<Self>>>), k8s_openapi::RequestError> {
143        let __url = "/apis/security.openshift.io/v1/securitycontextconstraints?".to_owned();
144        let mut __query_pairs = k8s_openapi::url::form_urlencoded::Serializer::new(__url);
145        list_optional.__serialize(&mut __query_pairs);
146        let __url = __query_pairs.finish();
147
148        let __request = http::Request::delete(__url);
149        let __body = serde_json::to_vec(&delete_optional).map_err(k8s_openapi::RequestError::Json)?;
150        let __request = __request.header(http::header::CONTENT_TYPE, http::header::HeaderValue::from_static("application/json"));
151        match __request.body(__body) {
152            Ok(request) => Ok((request, k8s_openapi::ResponseBody::new)),
153            Err(err) => Err(k8s_openapi::RequestError::Http(err)),
154        }
155    }
156}
157
158// Generated from operation deleteSecurityOpenshiftIoV1SecurityContextConstraints
159
160impl SecurityContextConstraints {
161    /// delete SecurityContextConstraints
162    ///
163    /// Use the returned [`k8s_openapi::ResponseBody`]`<`[`k8s_openapi::DeleteResponse`]`<Self>>` constructor, or [`k8s_openapi::DeleteResponse`]`<Self>` directly, to parse the HTTP response.
164    ///
165    /// # Arguments
166    ///
167    /// * `name`
168    ///
169    ///     name of the SecurityContextConstraints
170    ///
171    /// * `optional`
172    ///
173    ///     Optional parameters. Use `Default::default()` to not pass any.
174    #[cfg(feature = "api")]
175    pub fn delete_security_context_constraints(
176        name: &str,
177        optional: k8s_openapi::DeleteOptional<'_>,
178    ) -> Result<(http::Request<Vec<u8>>, fn(http::StatusCode) -> k8s_openapi::ResponseBody<k8s_openapi::DeleteResponse<Self>>), k8s_openapi::RequestError> {
179        let __url = format!("/apis/security.openshift.io/v1/securitycontextconstraints/{name}",
180            name = k8s_openapi::percent_encoding::percent_encode(name.as_bytes(), k8s_openapi::percent_encoding2::PATH_SEGMENT_ENCODE_SET),
181        );
182
183        let __request = http::Request::delete(__url);
184        let __body = serde_json::to_vec(&optional).map_err(k8s_openapi::RequestError::Json)?;
185        let __request = __request.header(http::header::CONTENT_TYPE, http::header::HeaderValue::from_static("application/json"));
186        match __request.body(__body) {
187            Ok(request) => Ok((request, k8s_openapi::ResponseBody::new)),
188            Err(err) => Err(k8s_openapi::RequestError::Http(err)),
189        }
190    }
191}
192
193// Generated from operation listSecurityOpenshiftIoV1SecurityContextConstraints
194
195impl SecurityContextConstraints {
196    /// list or watch objects of kind SecurityContextConstraints
197    ///
198    /// This operation only supports listing all items of this type.
199    ///
200    /// Use the returned [`k8s_openapi::ResponseBody`]`<`[`k8s_openapi::ListResponse`]`<Self>>` constructor, or [`k8s_openapi::ListResponse`]`<Self>` directly, to parse the HTTP response.
201    ///
202    /// # Arguments
203    ///
204    /// * `optional`
205    ///
206    ///     Optional parameters. Use `Default::default()` to not pass any.
207    #[cfg(feature = "api")]
208    pub fn list_security_context_constraints(
209        optional: k8s_openapi::ListOptional<'_>,
210    ) -> Result<(http::Request<Vec<u8>>, fn(http::StatusCode) -> k8s_openapi::ResponseBody<k8s_openapi::ListResponse<Self>>), k8s_openapi::RequestError> {
211        let __url = "/apis/security.openshift.io/v1/securitycontextconstraints?".to_owned();
212        let mut __query_pairs = k8s_openapi::url::form_urlencoded::Serializer::new(__url);
213        optional.__serialize(&mut __query_pairs);
214        let __url = __query_pairs.finish();
215
216        let __request = http::Request::get(__url);
217        let __body = vec![];
218        match __request.body(__body) {
219            Ok(request) => Ok((request, k8s_openapi::ResponseBody::new)),
220            Err(err) => Err(k8s_openapi::RequestError::Http(err)),
221        }
222    }
223}
224
225// Generated from operation patchSecurityOpenshiftIoV1SecurityContextConstraints
226
227impl SecurityContextConstraints {
228    /// partially update the specified SecurityContextConstraints
229    ///
230    /// Use the returned [`k8s_openapi::ResponseBody`]`<`[`k8s_openapi::PatchResponse`]`<Self>>` constructor, or [`k8s_openapi::PatchResponse`]`<Self>` directly, to parse the HTTP response.
231    ///
232    /// # Arguments
233    ///
234    /// * `name`
235    ///
236    ///     name of the SecurityContextConstraints
237    ///
238    /// * `body`
239    ///
240    /// * `optional`
241    ///
242    ///     Optional parameters. Use `Default::default()` to not pass any.
243    #[cfg(feature = "api")]
244    pub fn patch_security_context_constraints(
245        name: &str,
246        body: &k8s_openapi::apimachinery::pkg::apis::meta::v1::Patch,
247        optional: k8s_openapi::PatchOptional<'_>,
248    ) -> Result<(http::Request<Vec<u8>>, fn(http::StatusCode) -> k8s_openapi::ResponseBody<k8s_openapi::PatchResponse<Self>>), k8s_openapi::RequestError> {
249        let __url = format!("/apis/security.openshift.io/v1/securitycontextconstraints/{name}?",
250            name = k8s_openapi::percent_encoding::percent_encode(name.as_bytes(), k8s_openapi::percent_encoding2::PATH_SEGMENT_ENCODE_SET),
251        );
252        let mut __query_pairs = k8s_openapi::url::form_urlencoded::Serializer::new(__url);
253        optional.__serialize(&mut __query_pairs);
254        let __url = __query_pairs.finish();
255
256        let __request = http::Request::patch(__url);
257        let __body = serde_json::to_vec(body).map_err(k8s_openapi::RequestError::Json)?;
258        let __request = __request.header(http::header::CONTENT_TYPE, http::header::HeaderValue::from_static(match body {
259            k8s_openapi::apimachinery::pkg::apis::meta::v1::Patch::Json(_) => "application/json-patch+json",
260            k8s_openapi::apimachinery::pkg::apis::meta::v1::Patch::Merge(_) => "application/merge-patch+json",
261            k8s_openapi::apimachinery::pkg::apis::meta::v1::Patch::StrategicMerge(_) => "application/strategic-merge-patch+json",
262        }));
263        match __request.body(__body) {
264            Ok(request) => Ok((request, k8s_openapi::ResponseBody::new)),
265            Err(err) => Err(k8s_openapi::RequestError::Http(err)),
266        }
267    }
268}
269
270// Generated from operation readSecurityOpenshiftIoV1SecurityContextConstraints
271
272impl SecurityContextConstraints {
273    /// read the specified SecurityContextConstraints
274    ///
275    /// Use the returned [`k8s_openapi::ResponseBody`]`<`[`ReadSecurityContextConstraintsResponse`]`>` constructor, or [`ReadSecurityContextConstraintsResponse`] directly, to parse the HTTP response.
276    ///
277    /// # Arguments
278    ///
279    /// * `name`
280    ///
281    ///     name of the SecurityContextConstraints
282    ///
283    /// * `optional`
284    ///
285    ///     Optional parameters. Use `Default::default()` to not pass any.
286    #[cfg(feature = "api")]
287    pub fn read_security_context_constraints(
288        name: &str,
289        optional: ReadSecurityContextConstraintsOptional<'_>,
290    ) -> Result<(http::Request<Vec<u8>>, fn(http::StatusCode) -> k8s_openapi::ResponseBody<ReadSecurityContextConstraintsResponse>), k8s_openapi::RequestError> {
291        let ReadSecurityContextConstraintsOptional {
292            exact,
293            export,
294            pretty,
295        } = optional;
296        let __url = format!("/apis/security.openshift.io/v1/securitycontextconstraints/{name}?",
297            name = k8s_openapi::percent_encoding::percent_encode(name.as_bytes(), k8s_openapi::percent_encoding2::PATH_SEGMENT_ENCODE_SET),
298        );
299        let mut __query_pairs = k8s_openapi::url::form_urlencoded::Serializer::new(__url);
300        if let Some(exact) = exact {
301            __query_pairs.append_pair("exact", &exact.to_string());
302        }
303        if let Some(export) = export {
304            __query_pairs.append_pair("export", &export.to_string());
305        }
306        if let Some(pretty) = pretty {
307            __query_pairs.append_pair("pretty", pretty);
308        }
309        let __url = __query_pairs.finish();
310
311        let __request = http::Request::get(__url);
312        let __body = vec![];
313        match __request.body(__body) {
314            Ok(request) => Ok((request, k8s_openapi::ResponseBody::new)),
315            Err(err) => Err(k8s_openapi::RequestError::Http(err)),
316        }
317    }
318}
319
320/// Optional parameters of [`SecurityContextConstraints::read_security_context_constraints`]
321#[cfg(feature = "api")]
322#[derive(Clone, Copy, Debug, Default)]
323pub struct ReadSecurityContextConstraintsOptional<'a> {
324    /// Should the export be exact.  Exact export maintains cluster-specific fields like 'Namespace'.
325    pub exact: Option<bool>,
326    /// Should this value be exported.  Export strips fields that a user can not specify.
327    pub export: Option<bool>,
328    /// If 'true', then the output is pretty printed.
329    pub pretty: Option<&'a str>,
330}
331
332/// Use `<ReadSecurityContextConstraintsResponse as Response>::try_from_parts` to parse the HTTP response body of [`SecurityContextConstraints::read_security_context_constraints`]
333#[cfg(feature = "api")]
334#[derive(Debug)]
335pub enum ReadSecurityContextConstraintsResponse {
336    Ok(crate::api::security::v1::SecurityContextConstraints),
337    Other(Result<Option<serde_json::Value>, serde_json::Error>),
338}
339
340#[cfg(feature = "api")]
341impl k8s_openapi::Response for ReadSecurityContextConstraintsResponse {
342    fn try_from_parts(status_code: http::StatusCode, buf: &[u8]) -> Result<(Self, usize), k8s_openapi::ResponseError> {
343        match status_code {
344            http::StatusCode::OK => {
345                let result = match serde_json::from_slice(buf) {
346                    Ok(value) => value,
347                    Err(ref err) if err.is_eof() => return Err(k8s_openapi::ResponseError::NeedMoreData),
348                    Err(err) => return Err(k8s_openapi::ResponseError::Json(err)),
349                };
350                Ok((ReadSecurityContextConstraintsResponse::Ok(result), buf.len()))
351            },
352            _ => {
353                let (result, read) =
354                    if buf.is_empty() {
355                        (Ok(None), 0)
356                    }
357                    else {
358                        match serde_json::from_slice(buf) {
359                            Ok(value) => (Ok(Some(value)), buf.len()),
360                            Err(ref err) if err.is_eof() => return Err(k8s_openapi::ResponseError::NeedMoreData),
361                            Err(err) => (Err(err), 0),
362                        }
363                    };
364                Ok((ReadSecurityContextConstraintsResponse::Other(result), read))
365            },
366        }
367    }
368}
369
370// Generated from operation replaceSecurityOpenshiftIoV1SecurityContextConstraints
371
372impl SecurityContextConstraints {
373    /// replace the specified SecurityContextConstraints
374    ///
375    /// Use the returned [`k8s_openapi::ResponseBody`]`<`[`k8s_openapi::ReplaceResponse`]`<Self>>` constructor, or [`k8s_openapi::ReplaceResponse`]`<Self>` directly, to parse the HTTP response.
376    ///
377    /// # Arguments
378    ///
379    /// * `name`
380    ///
381    ///     name of the SecurityContextConstraints
382    ///
383    /// * `body`
384    ///
385    /// * `optional`
386    ///
387    ///     Optional parameters. Use `Default::default()` to not pass any.
388    #[cfg(feature = "api")]
389    pub fn replace_security_context_constraints(
390        name: &str,
391        body: &crate::api::security::v1::SecurityContextConstraints,
392        optional: k8s_openapi::ReplaceOptional<'_>,
393    ) -> Result<(http::Request<Vec<u8>>, fn(http::StatusCode) -> k8s_openapi::ResponseBody<k8s_openapi::ReplaceResponse<Self>>), k8s_openapi::RequestError> {
394        let __url = format!("/apis/security.openshift.io/v1/securitycontextconstraints/{name}?",
395            name = k8s_openapi::percent_encoding::percent_encode(name.as_bytes(), k8s_openapi::percent_encoding2::PATH_SEGMENT_ENCODE_SET),
396        );
397        let mut __query_pairs = k8s_openapi::url::form_urlencoded::Serializer::new(__url);
398        optional.__serialize(&mut __query_pairs);
399        let __url = __query_pairs.finish();
400
401        let __request = http::Request::put(__url);
402        let __body = serde_json::to_vec(body).map_err(k8s_openapi::RequestError::Json)?;
403        let __request = __request.header(http::header::CONTENT_TYPE, http::header::HeaderValue::from_static("application/json"));
404        match __request.body(__body) {
405            Ok(request) => Ok((request, k8s_openapi::ResponseBody::new)),
406            Err(err) => Err(k8s_openapi::RequestError::Http(err)),
407        }
408    }
409}
410
411// Generated from operation watchSecurityOpenshiftIoV1SecurityContextConstraints
412
413impl SecurityContextConstraints {
414    /// list or watch objects of kind SecurityContextConstraints
415    ///
416    /// This operation only supports watching one item, or a list of items, of this type for changes.
417    ///
418    /// Use the returned [`k8s_openapi::ResponseBody`]`<`[`k8s_openapi::WatchResponse`]`<Self>>` constructor, or [`k8s_openapi::WatchResponse`]`<Self>` directly, to parse the HTTP response.
419    ///
420    /// # Arguments
421    ///
422    /// * `optional`
423    ///
424    ///     Optional parameters. Use `Default::default()` to not pass any.
425    #[cfg(feature = "api")]
426    pub fn watch_security_context_constraints(
427        optional: k8s_openapi::WatchOptional<'_>,
428    ) -> Result<(http::Request<Vec<u8>>, fn(http::StatusCode) -> k8s_openapi::ResponseBody<k8s_openapi::WatchResponse<Self>>), k8s_openapi::RequestError> {
429        let __url = "/apis/security.openshift.io/v1/securitycontextconstraints?".to_owned();
430        let mut __query_pairs = k8s_openapi::url::form_urlencoded::Serializer::new(__url);
431        optional.__serialize(&mut __query_pairs);
432        let __url = __query_pairs.finish();
433
434        let __request = http::Request::get(__url);
435        let __body = vec![];
436        match __request.body(__body) {
437            Ok(request) => Ok((request, k8s_openapi::ResponseBody::new)),
438            Err(err) => Err(k8s_openapi::RequestError::Http(err)),
439        }
440    }
441}
442
443// End security.openshift.io/v1/SecurityContextConstraints
444
445impl k8s_openapi::Resource for SecurityContextConstraints {
446    const API_VERSION: &'static str = "security.openshift.io/v1";
447    const GROUP: &'static str = "security.openshift.io";
448    const KIND: &'static str = "SecurityContextConstraints";
449    const VERSION: &'static str = "v1";
450}
451
452impl k8s_openapi::ListableResource for SecurityContextConstraints {
453    const LIST_KIND: &'static str = concat!("SecurityContextConstraints", "List");
454}
455
456impl k8s_openapi::Metadata for SecurityContextConstraints {
457    type Ty = k8s_openapi::apimachinery::pkg::apis::meta::v1::ObjectMeta;
458
459    fn metadata(&self) -> &<Self as k8s_openapi::Metadata>::Ty {
460        &self.metadata
461    }
462
463    fn metadata_mut(&mut self) -> &mut<Self as k8s_openapi::Metadata>::Ty {
464        &mut self.metadata
465    }
466}
467
468impl<'de> serde::Deserialize<'de> for SecurityContextConstraints {
469    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: serde::Deserializer<'de> {
470        #[allow(non_camel_case_types)]
471        enum Field {
472            Key_api_version,
473            Key_kind,
474            Key_allow_host_dir_volume_plugin,
475            Key_allow_host_ipc,
476            Key_allow_host_network,
477            Key_allow_host_pid,
478            Key_allow_host_ports,
479            Key_allow_privilege_escalation,
480            Key_allow_privileged_container,
481            Key_allowed_capabilities,
482            Key_allowed_flex_volumes,
483            Key_allowed_unsafe_sysctls,
484            Key_default_add_capabilities,
485            Key_default_allow_privilege_escalation,
486            Key_forbidden_sysctls,
487            Key_fs_group,
488            Key_groups,
489            Key_metadata,
490            Key_priority,
491            Key_read_only_root_filesystem,
492            Key_required_drop_capabilities,
493            Key_run_as_user,
494            Key_se_linux_context,
495            Key_seccomp_profiles,
496            Key_supplemental_groups,
497            Key_users,
498            Key_volumes,
499            Other,
500        }
501
502        impl<'de> serde::Deserialize<'de> for Field {
503            fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: serde::Deserializer<'de> {
504                struct Visitor;
505
506                impl<'de> serde::de::Visitor<'de> for Visitor {
507                    type Value = Field;
508
509                    fn expecting(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
510                        f.write_str("field identifier")
511                    }
512
513                    fn visit_str<E>(self, v: &str) -> Result<Self::Value, E> where E: serde::de::Error {
514                        Ok(match v {
515                            "apiVersion" => Field::Key_api_version,
516                            "kind" => Field::Key_kind,
517                            "allowHostDirVolumePlugin" => Field::Key_allow_host_dir_volume_plugin,
518                            "allowHostIPC" => Field::Key_allow_host_ipc,
519                            "allowHostNetwork" => Field::Key_allow_host_network,
520                            "allowHostPID" => Field::Key_allow_host_pid,
521                            "allowHostPorts" => Field::Key_allow_host_ports,
522                            "allowPrivilegeEscalation" => Field::Key_allow_privilege_escalation,
523                            "allowPrivilegedContainer" => Field::Key_allow_privileged_container,
524                            "allowedCapabilities" => Field::Key_allowed_capabilities,
525                            "allowedFlexVolumes" => Field::Key_allowed_flex_volumes,
526                            "allowedUnsafeSysctls" => Field::Key_allowed_unsafe_sysctls,
527                            "defaultAddCapabilities" => Field::Key_default_add_capabilities,
528                            "defaultAllowPrivilegeEscalation" => Field::Key_default_allow_privilege_escalation,
529                            "forbiddenSysctls" => Field::Key_forbidden_sysctls,
530                            "fsGroup" => Field::Key_fs_group,
531                            "groups" => Field::Key_groups,
532                            "metadata" => Field::Key_metadata,
533                            "priority" => Field::Key_priority,
534                            "readOnlyRootFilesystem" => Field::Key_read_only_root_filesystem,
535                            "requiredDropCapabilities" => Field::Key_required_drop_capabilities,
536                            "runAsUser" => Field::Key_run_as_user,
537                            "seLinuxContext" => Field::Key_se_linux_context,
538                            "seccompProfiles" => Field::Key_seccomp_profiles,
539                            "supplementalGroups" => Field::Key_supplemental_groups,
540                            "users" => Field::Key_users,
541                            "volumes" => Field::Key_volumes,
542                            _ => Field::Other,
543                        })
544                    }
545                }
546
547                deserializer.deserialize_identifier(Visitor)
548            }
549        }
550
551        struct Visitor;
552
553        impl<'de> serde::de::Visitor<'de> for Visitor {
554            type Value = SecurityContextConstraints;
555
556            fn expecting(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
557                f.write_str(<Self::Value as k8s_openapi::Resource>::KIND)
558            }
559
560            fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error> where A: serde::de::MapAccess<'de> {
561                let mut value_allow_host_dir_volume_plugin: Option<bool> = None;
562                let mut value_allow_host_ipc: Option<bool> = None;
563                let mut value_allow_host_network: Option<bool> = None;
564                let mut value_allow_host_pid: Option<bool> = None;
565                let mut value_allow_host_ports: Option<bool> = None;
566                let mut value_allow_privilege_escalation: Option<bool> = None;
567                let mut value_allow_privileged_container: Option<bool> = None;
568                let mut value_allowed_capabilities: Option<Vec<String>> = None;
569                let mut value_allowed_flex_volumes: Option<Vec<crate::api::security::v1::AllowedFlexVolume>> = None;
570                let mut value_allowed_unsafe_sysctls: Option<Vec<String>> = None;
571                let mut value_default_add_capabilities: Option<Vec<String>> = None;
572                let mut value_default_allow_privilege_escalation: Option<bool> = None;
573                let mut value_forbidden_sysctls: Option<Vec<String>> = None;
574                let mut value_fs_group: Option<crate::api::security::v1::FSGroupStrategyOptions> = None;
575                let mut value_groups: Option<Vec<String>> = None;
576                let mut value_metadata: Option<k8s_openapi::apimachinery::pkg::apis::meta::v1::ObjectMeta> = None;
577                let mut value_priority: Option<i32> = None;
578                let mut value_read_only_root_filesystem: Option<bool> = None;
579                let mut value_required_drop_capabilities: Option<Vec<String>> = None;
580                let mut value_run_as_user: Option<crate::api::security::v1::RunAsUserStrategyOptions> = None;
581                let mut value_se_linux_context: Option<crate::api::security::v1::SELinuxContextStrategyOptions> = None;
582                let mut value_seccomp_profiles: Option<Vec<String>> = None;
583                let mut value_supplemental_groups: Option<crate::api::security::v1::SupplementalGroupsStrategyOptions> = None;
584                let mut value_users: Option<Vec<String>> = None;
585                let mut value_volumes: Option<Vec<String>> = None;
586
587                while let Some(key) = serde::de::MapAccess::next_key::<Field>(&mut map)? {
588                    match key {
589                        Field::Key_api_version => {
590                            let value_api_version: String = serde::de::MapAccess::next_value(&mut map)?;
591                            if value_api_version != <Self::Value as k8s_openapi::Resource>::API_VERSION {
592                                return Err(serde::de::Error::invalid_value(serde::de::Unexpected::Str(&value_api_version), &<Self::Value as k8s_openapi::Resource>::API_VERSION));
593                            }
594                        },
595                        Field::Key_kind => {
596                            let value_kind: String = serde::de::MapAccess::next_value(&mut map)?;
597                            if value_kind != <Self::Value as k8s_openapi::Resource>::KIND {
598                                return Err(serde::de::Error::invalid_value(serde::de::Unexpected::Str(&value_kind), &<Self::Value as k8s_openapi::Resource>::KIND));
599                            }
600                        },
601                        Field::Key_allow_host_dir_volume_plugin => value_allow_host_dir_volume_plugin = Some(serde::de::MapAccess::next_value(&mut map)?),
602                        Field::Key_allow_host_ipc => value_allow_host_ipc = Some(serde::de::MapAccess::next_value(&mut map)?),
603                        Field::Key_allow_host_network => value_allow_host_network = Some(serde::de::MapAccess::next_value(&mut map)?),
604                        Field::Key_allow_host_pid => value_allow_host_pid = Some(serde::de::MapAccess::next_value(&mut map)?),
605                        Field::Key_allow_host_ports => value_allow_host_ports = Some(serde::de::MapAccess::next_value(&mut map)?),
606                        Field::Key_allow_privilege_escalation => value_allow_privilege_escalation = serde::de::MapAccess::next_value(&mut map)?,
607                        Field::Key_allow_privileged_container => value_allow_privileged_container = Some(serde::de::MapAccess::next_value(&mut map)?),
608                        Field::Key_allowed_capabilities => value_allowed_capabilities = Some(serde::de::MapAccess::next_value(&mut map)?),
609                        Field::Key_allowed_flex_volumes => value_allowed_flex_volumes = serde::de::MapAccess::next_value(&mut map)?,
610                        Field::Key_allowed_unsafe_sysctls => value_allowed_unsafe_sysctls = serde::de::MapAccess::next_value(&mut map)?,
611                        Field::Key_default_add_capabilities => value_default_add_capabilities = Some(serde::de::MapAccess::next_value(&mut map)?),
612                        Field::Key_default_allow_privilege_escalation => value_default_allow_privilege_escalation = serde::de::MapAccess::next_value(&mut map)?,
613                        Field::Key_forbidden_sysctls => value_forbidden_sysctls = serde::de::MapAccess::next_value(&mut map)?,
614                        Field::Key_fs_group => value_fs_group = serde::de::MapAccess::next_value(&mut map)?,
615                        Field::Key_groups => value_groups = serde::de::MapAccess::next_value(&mut map)?,
616                        Field::Key_metadata => value_metadata = Some(serde::de::MapAccess::next_value(&mut map)?),
617                        Field::Key_priority => value_priority = Some(serde::de::MapAccess::next_value(&mut map)?),
618                        Field::Key_read_only_root_filesystem => value_read_only_root_filesystem = Some(serde::de::MapAccess::next_value(&mut map)?),
619                        Field::Key_required_drop_capabilities => value_required_drop_capabilities = Some(serde::de::MapAccess::next_value(&mut map)?),
620                        Field::Key_run_as_user => value_run_as_user = serde::de::MapAccess::next_value(&mut map)?,
621                        Field::Key_se_linux_context => value_se_linux_context = serde::de::MapAccess::next_value(&mut map)?,
622                        Field::Key_seccomp_profiles => value_seccomp_profiles = serde::de::MapAccess::next_value(&mut map)?,
623                        Field::Key_supplemental_groups => value_supplemental_groups = serde::de::MapAccess::next_value(&mut map)?,
624                        Field::Key_users => value_users = serde::de::MapAccess::next_value(&mut map)?,
625                        Field::Key_volumes => value_volumes = Some(serde::de::MapAccess::next_value(&mut map)?),
626                        Field::Other => { let _: serde::de::IgnoredAny = serde::de::MapAccess::next_value(&mut map)?; },
627                    }
628                }
629
630                Ok(SecurityContextConstraints {
631                    allow_host_dir_volume_plugin: value_allow_host_dir_volume_plugin.ok_or_else(|| serde::de::Error::missing_field("allowHostDirVolumePlugin"))?,
632                    allow_host_ipc: value_allow_host_ipc.ok_or_else(|| serde::de::Error::missing_field("allowHostIPC"))?,
633                    allow_host_network: value_allow_host_network.ok_or_else(|| serde::de::Error::missing_field("allowHostNetwork"))?,
634                    allow_host_pid: value_allow_host_pid.ok_or_else(|| serde::de::Error::missing_field("allowHostPID"))?,
635                    allow_host_ports: value_allow_host_ports.ok_or_else(|| serde::de::Error::missing_field("allowHostPorts"))?,
636                    allow_privilege_escalation: value_allow_privilege_escalation,
637                    allow_privileged_container: value_allow_privileged_container.ok_or_else(|| serde::de::Error::missing_field("allowPrivilegedContainer"))?,
638                    allowed_capabilities: value_allowed_capabilities.ok_or_else(|| serde::de::Error::missing_field("allowedCapabilities"))?,
639                    allowed_flex_volumes: value_allowed_flex_volumes,
640                    allowed_unsafe_sysctls: value_allowed_unsafe_sysctls,
641                    default_add_capabilities: value_default_add_capabilities.ok_or_else(|| serde::de::Error::missing_field("defaultAddCapabilities"))?,
642                    default_allow_privilege_escalation: value_default_allow_privilege_escalation,
643                    forbidden_sysctls: value_forbidden_sysctls,
644                    fs_group: value_fs_group,
645                    groups: value_groups,
646                    metadata: value_metadata.ok_or_else(|| serde::de::Error::missing_field("metadata"))?,
647                    priority: value_priority.ok_or_else(|| serde::de::Error::missing_field("priority"))?,
648                    read_only_root_filesystem: value_read_only_root_filesystem.ok_or_else(|| serde::de::Error::missing_field("readOnlyRootFilesystem"))?,
649                    required_drop_capabilities: value_required_drop_capabilities.ok_or_else(|| serde::de::Error::missing_field("requiredDropCapabilities"))?,
650                    run_as_user: value_run_as_user,
651                    se_linux_context: value_se_linux_context,
652                    seccomp_profiles: value_seccomp_profiles,
653                    supplemental_groups: value_supplemental_groups,
654                    users: value_users,
655                    volumes: value_volumes.ok_or_else(|| serde::de::Error::missing_field("volumes"))?,
656                })
657            }
658        }
659
660        deserializer.deserialize_struct(
661            <Self as k8s_openapi::Resource>::KIND,
662            &[
663                "apiVersion",
664                "kind",
665                "allowHostDirVolumePlugin",
666                "allowHostIPC",
667                "allowHostNetwork",
668                "allowHostPID",
669                "allowHostPorts",
670                "allowPrivilegeEscalation",
671                "allowPrivilegedContainer",
672                "allowedCapabilities",
673                "allowedFlexVolumes",
674                "allowedUnsafeSysctls",
675                "defaultAddCapabilities",
676                "defaultAllowPrivilegeEscalation",
677                "forbiddenSysctls",
678                "fsGroup",
679                "groups",
680                "metadata",
681                "priority",
682                "readOnlyRootFilesystem",
683                "requiredDropCapabilities",
684                "runAsUser",
685                "seLinuxContext",
686                "seccompProfiles",
687                "supplementalGroups",
688                "users",
689                "volumes",
690            ],
691            Visitor,
692        )
693    }
694}
695
696impl serde::Serialize for SecurityContextConstraints {
697    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: serde::Serializer {
698        let mut state = serializer.serialize_struct(
699            <Self as k8s_openapi::Resource>::KIND,
700            15 +
701            self.allow_privilege_escalation.as_ref().map_or(0, |_| 1) +
702            self.allowed_flex_volumes.as_ref().map_or(0, |_| 1) +
703            self.allowed_unsafe_sysctls.as_ref().map_or(0, |_| 1) +
704            self.default_allow_privilege_escalation.as_ref().map_or(0, |_| 1) +
705            self.forbidden_sysctls.as_ref().map_or(0, |_| 1) +
706            self.fs_group.as_ref().map_or(0, |_| 1) +
707            self.groups.as_ref().map_or(0, |_| 1) +
708            self.run_as_user.as_ref().map_or(0, |_| 1) +
709            self.se_linux_context.as_ref().map_or(0, |_| 1) +
710            self.seccomp_profiles.as_ref().map_or(0, |_| 1) +
711            self.supplemental_groups.as_ref().map_or(0, |_| 1) +
712            self.users.as_ref().map_or(0, |_| 1),
713        )?;
714        serde::ser::SerializeStruct::serialize_field(&mut state, "apiVersion", <Self as k8s_openapi::Resource>::API_VERSION)?;
715        serde::ser::SerializeStruct::serialize_field(&mut state, "kind", <Self as k8s_openapi::Resource>::KIND)?;
716        serde::ser::SerializeStruct::serialize_field(&mut state, "allowHostDirVolumePlugin", &self.allow_host_dir_volume_plugin)?;
717        serde::ser::SerializeStruct::serialize_field(&mut state, "allowHostIPC", &self.allow_host_ipc)?;
718        serde::ser::SerializeStruct::serialize_field(&mut state, "allowHostNetwork", &self.allow_host_network)?;
719        serde::ser::SerializeStruct::serialize_field(&mut state, "allowHostPID", &self.allow_host_pid)?;
720        serde::ser::SerializeStruct::serialize_field(&mut state, "allowHostPorts", &self.allow_host_ports)?;
721        if let Some(value) = &self.allow_privilege_escalation {
722            serde::ser::SerializeStruct::serialize_field(&mut state, "allowPrivilegeEscalation", value)?;
723        }
724        serde::ser::SerializeStruct::serialize_field(&mut state, "allowPrivilegedContainer", &self.allow_privileged_container)?;
725        serde::ser::SerializeStruct::serialize_field(&mut state, "allowedCapabilities", &self.allowed_capabilities)?;
726        if let Some(value) = &self.allowed_flex_volumes {
727            serde::ser::SerializeStruct::serialize_field(&mut state, "allowedFlexVolumes", value)?;
728        }
729        if let Some(value) = &self.allowed_unsafe_sysctls {
730            serde::ser::SerializeStruct::serialize_field(&mut state, "allowedUnsafeSysctls", value)?;
731        }
732        serde::ser::SerializeStruct::serialize_field(&mut state, "defaultAddCapabilities", &self.default_add_capabilities)?;
733        if let Some(value) = &self.default_allow_privilege_escalation {
734            serde::ser::SerializeStruct::serialize_field(&mut state, "defaultAllowPrivilegeEscalation", value)?;
735        }
736        if let Some(value) = &self.forbidden_sysctls {
737            serde::ser::SerializeStruct::serialize_field(&mut state, "forbiddenSysctls", value)?;
738        }
739        if let Some(value) = &self.fs_group {
740            serde::ser::SerializeStruct::serialize_field(&mut state, "fsGroup", value)?;
741        }
742        if let Some(value) = &self.groups {
743            serde::ser::SerializeStruct::serialize_field(&mut state, "groups", value)?;
744        }
745        serde::ser::SerializeStruct::serialize_field(&mut state, "metadata", &self.metadata)?;
746        serde::ser::SerializeStruct::serialize_field(&mut state, "priority", &self.priority)?;
747        serde::ser::SerializeStruct::serialize_field(&mut state, "readOnlyRootFilesystem", &self.read_only_root_filesystem)?;
748        serde::ser::SerializeStruct::serialize_field(&mut state, "requiredDropCapabilities", &self.required_drop_capabilities)?;
749        if let Some(value) = &self.run_as_user {
750            serde::ser::SerializeStruct::serialize_field(&mut state, "runAsUser", value)?;
751        }
752        if let Some(value) = &self.se_linux_context {
753            serde::ser::SerializeStruct::serialize_field(&mut state, "seLinuxContext", value)?;
754        }
755        if let Some(value) = &self.seccomp_profiles {
756            serde::ser::SerializeStruct::serialize_field(&mut state, "seccompProfiles", value)?;
757        }
758        if let Some(value) = &self.supplemental_groups {
759            serde::ser::SerializeStruct::serialize_field(&mut state, "supplementalGroups", value)?;
760        }
761        if let Some(value) = &self.users {
762            serde::ser::SerializeStruct::serialize_field(&mut state, "users", value)?;
763        }
764        serde::ser::SerializeStruct::serialize_field(&mut state, "volumes", &self.volumes)?;
765        serde::ser::SerializeStruct::end(state)
766    }
767}