{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.Batch.Types.EksContainerSecurityContext
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.Batch.Types.EksContainerSecurityContext where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude

-- | The security context for a job. For more information, see
-- <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ Configure a security context for a pod or container>
-- in the /Kubernetes documentation/.
--
-- /See:/ 'newEksContainerSecurityContext' smart constructor.
data EksContainerSecurityContext = EksContainerSecurityContext'
  { -- | When this parameter is @true@, the container is given elevated
    -- permissions on the host container instance. The level of permissions are
    -- similar to the @root@ user permissions. The default value is @false@.
    -- This parameter maps to @privileged@ policy in the
    -- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#privileged Privileged pod security policies>
    -- in the /Kubernetes documentation/.
    EksContainerSecurityContext -> Maybe Bool
privileged :: Prelude.Maybe Prelude.Bool,
    -- | When this parameter is @true@, the container is given read-only access
    -- to its root file system. The default value is @false@. This parameter
    -- maps to @ReadOnlyRootFilesystem@ policy in the
    -- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems Volumes and file systems pod security policies>
    -- in the /Kubernetes documentation/.
    EksContainerSecurityContext -> Maybe Bool
readOnlyRootFilesystem :: Prelude.Maybe Prelude.Bool,
    -- | When this parameter is specified, the container is run as the specified
    -- group ID (@gid@). If this parameter isn\'t specified, the default is the
    -- group that\'s specified in the image metadata. This parameter maps to
    -- @RunAsGroup@ and @MustRunAs@ policy in the
    -- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
    -- in the /Kubernetes documentation/.
    EksContainerSecurityContext -> Maybe Integer
runAsGroup :: Prelude.Maybe Prelude.Integer,
    -- | When this parameter is specified, the container is run as a user with a
    -- @uid@ other than 0. If this parameter isn\'t specified, so such rule is
    -- enforced. This parameter maps to @RunAsUser@ and @MustRunAsNonRoot@
    -- policy in the
    -- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
    -- in the /Kubernetes documentation/.
    EksContainerSecurityContext -> Maybe Bool
runAsNonRoot :: Prelude.Maybe Prelude.Bool,
    -- | When this parameter is specified, the container is run as the specified
    -- user ID (@uid@). If this parameter isn\'t specified, the default is the
    -- user that\'s specified in the image metadata. This parameter maps to
    -- @RunAsUser@ and @MustRanAs@ policy in the
    -- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
    -- in the /Kubernetes documentation/.
    EksContainerSecurityContext -> Maybe Integer
runAsUser :: Prelude.Maybe Prelude.Integer
  }
  deriving (EksContainerSecurityContext -> EksContainerSecurityContext -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: EksContainerSecurityContext -> EksContainerSecurityContext -> Bool
$c/= :: EksContainerSecurityContext -> EksContainerSecurityContext -> Bool
== :: EksContainerSecurityContext -> EksContainerSecurityContext -> Bool
$c== :: EksContainerSecurityContext -> EksContainerSecurityContext -> Bool
Prelude.Eq, ReadPrec [EksContainerSecurityContext]
ReadPrec EksContainerSecurityContext
Int -> ReadS EksContainerSecurityContext
ReadS [EksContainerSecurityContext]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [EksContainerSecurityContext]
$creadListPrec :: ReadPrec [EksContainerSecurityContext]
readPrec :: ReadPrec EksContainerSecurityContext
$creadPrec :: ReadPrec EksContainerSecurityContext
readList :: ReadS [EksContainerSecurityContext]
$creadList :: ReadS [EksContainerSecurityContext]
readsPrec :: Int -> ReadS EksContainerSecurityContext
$creadsPrec :: Int -> ReadS EksContainerSecurityContext
Prelude.Read, Int -> EksContainerSecurityContext -> ShowS
[EksContainerSecurityContext] -> ShowS
EksContainerSecurityContext -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [EksContainerSecurityContext] -> ShowS
$cshowList :: [EksContainerSecurityContext] -> ShowS
show :: EksContainerSecurityContext -> String
$cshow :: EksContainerSecurityContext -> String
showsPrec :: Int -> EksContainerSecurityContext -> ShowS
$cshowsPrec :: Int -> EksContainerSecurityContext -> ShowS
Prelude.Show, forall x.
Rep EksContainerSecurityContext x -> EksContainerSecurityContext
forall x.
EksContainerSecurityContext -> Rep EksContainerSecurityContext x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep EksContainerSecurityContext x -> EksContainerSecurityContext
$cfrom :: forall x.
EksContainerSecurityContext -> Rep EksContainerSecurityContext x
Prelude.Generic)

-- |
-- Create a value of 'EksContainerSecurityContext' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'privileged', 'eksContainerSecurityContext_privileged' - When this parameter is @true@, the container is given elevated
-- permissions on the host container instance. The level of permissions are
-- similar to the @root@ user permissions. The default value is @false@.
-- This parameter maps to @privileged@ policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#privileged Privileged pod security policies>
-- in the /Kubernetes documentation/.
--
-- 'readOnlyRootFilesystem', 'eksContainerSecurityContext_readOnlyRootFilesystem' - When this parameter is @true@, the container is given read-only access
-- to its root file system. The default value is @false@. This parameter
-- maps to @ReadOnlyRootFilesystem@ policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems Volumes and file systems pod security policies>
-- in the /Kubernetes documentation/.
--
-- 'runAsGroup', 'eksContainerSecurityContext_runAsGroup' - When this parameter is specified, the container is run as the specified
-- group ID (@gid@). If this parameter isn\'t specified, the default is the
-- group that\'s specified in the image metadata. This parameter maps to
-- @RunAsGroup@ and @MustRunAs@ policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
-- in the /Kubernetes documentation/.
--
-- 'runAsNonRoot', 'eksContainerSecurityContext_runAsNonRoot' - When this parameter is specified, the container is run as a user with a
-- @uid@ other than 0. If this parameter isn\'t specified, so such rule is
-- enforced. This parameter maps to @RunAsUser@ and @MustRunAsNonRoot@
-- policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
-- in the /Kubernetes documentation/.
--
-- 'runAsUser', 'eksContainerSecurityContext_runAsUser' - When this parameter is specified, the container is run as the specified
-- user ID (@uid@). If this parameter isn\'t specified, the default is the
-- user that\'s specified in the image metadata. This parameter maps to
-- @RunAsUser@ and @MustRanAs@ policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
-- in the /Kubernetes documentation/.
newEksContainerSecurityContext ::
  EksContainerSecurityContext
newEksContainerSecurityContext :: EksContainerSecurityContext
newEksContainerSecurityContext =
  EksContainerSecurityContext'
    { $sel:privileged:EksContainerSecurityContext' :: Maybe Bool
privileged =
        forall a. Maybe a
Prelude.Nothing,
      $sel:readOnlyRootFilesystem:EksContainerSecurityContext' :: Maybe Bool
readOnlyRootFilesystem = forall a. Maybe a
Prelude.Nothing,
      $sel:runAsGroup:EksContainerSecurityContext' :: Maybe Integer
runAsGroup = forall a. Maybe a
Prelude.Nothing,
      $sel:runAsNonRoot:EksContainerSecurityContext' :: Maybe Bool
runAsNonRoot = forall a. Maybe a
Prelude.Nothing,
      $sel:runAsUser:EksContainerSecurityContext' :: Maybe Integer
runAsUser = forall a. Maybe a
Prelude.Nothing
    }

-- | When this parameter is @true@, the container is given elevated
-- permissions on the host container instance. The level of permissions are
-- similar to the @root@ user permissions. The default value is @false@.
-- This parameter maps to @privileged@ policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#privileged Privileged pod security policies>
-- in the /Kubernetes documentation/.
eksContainerSecurityContext_privileged :: Lens.Lens' EksContainerSecurityContext (Prelude.Maybe Prelude.Bool)
eksContainerSecurityContext_privileged :: Lens' EksContainerSecurityContext (Maybe Bool)
eksContainerSecurityContext_privileged = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EksContainerSecurityContext' {Maybe Bool
privileged :: Maybe Bool
$sel:privileged:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
privileged} -> Maybe Bool
privileged) (\s :: EksContainerSecurityContext
s@EksContainerSecurityContext' {} Maybe Bool
a -> EksContainerSecurityContext
s {$sel:privileged:EksContainerSecurityContext' :: Maybe Bool
privileged = Maybe Bool
a} :: EksContainerSecurityContext)

-- | When this parameter is @true@, the container is given read-only access
-- to its root file system. The default value is @false@. This parameter
-- maps to @ReadOnlyRootFilesystem@ policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems Volumes and file systems pod security policies>
-- in the /Kubernetes documentation/.
eksContainerSecurityContext_readOnlyRootFilesystem :: Lens.Lens' EksContainerSecurityContext (Prelude.Maybe Prelude.Bool)
eksContainerSecurityContext_readOnlyRootFilesystem :: Lens' EksContainerSecurityContext (Maybe Bool)
eksContainerSecurityContext_readOnlyRootFilesystem = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EksContainerSecurityContext' {Maybe Bool
readOnlyRootFilesystem :: Maybe Bool
$sel:readOnlyRootFilesystem:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
readOnlyRootFilesystem} -> Maybe Bool
readOnlyRootFilesystem) (\s :: EksContainerSecurityContext
s@EksContainerSecurityContext' {} Maybe Bool
a -> EksContainerSecurityContext
s {$sel:readOnlyRootFilesystem:EksContainerSecurityContext' :: Maybe Bool
readOnlyRootFilesystem = Maybe Bool
a} :: EksContainerSecurityContext)

-- | When this parameter is specified, the container is run as the specified
-- group ID (@gid@). If this parameter isn\'t specified, the default is the
-- group that\'s specified in the image metadata. This parameter maps to
-- @RunAsGroup@ and @MustRunAs@ policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
-- in the /Kubernetes documentation/.
eksContainerSecurityContext_runAsGroup :: Lens.Lens' EksContainerSecurityContext (Prelude.Maybe Prelude.Integer)
eksContainerSecurityContext_runAsGroup :: Lens' EksContainerSecurityContext (Maybe Integer)
eksContainerSecurityContext_runAsGroup = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EksContainerSecurityContext' {Maybe Integer
runAsGroup :: Maybe Integer
$sel:runAsGroup:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Integer
runAsGroup} -> Maybe Integer
runAsGroup) (\s :: EksContainerSecurityContext
s@EksContainerSecurityContext' {} Maybe Integer
a -> EksContainerSecurityContext
s {$sel:runAsGroup:EksContainerSecurityContext' :: Maybe Integer
runAsGroup = Maybe Integer
a} :: EksContainerSecurityContext)

-- | When this parameter is specified, the container is run as a user with a
-- @uid@ other than 0. If this parameter isn\'t specified, so such rule is
-- enforced. This parameter maps to @RunAsUser@ and @MustRunAsNonRoot@
-- policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
-- in the /Kubernetes documentation/.
eksContainerSecurityContext_runAsNonRoot :: Lens.Lens' EksContainerSecurityContext (Prelude.Maybe Prelude.Bool)
eksContainerSecurityContext_runAsNonRoot :: Lens' EksContainerSecurityContext (Maybe Bool)
eksContainerSecurityContext_runAsNonRoot = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EksContainerSecurityContext' {Maybe Bool
runAsNonRoot :: Maybe Bool
$sel:runAsNonRoot:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
runAsNonRoot} -> Maybe Bool
runAsNonRoot) (\s :: EksContainerSecurityContext
s@EksContainerSecurityContext' {} Maybe Bool
a -> EksContainerSecurityContext
s {$sel:runAsNonRoot:EksContainerSecurityContext' :: Maybe Bool
runAsNonRoot = Maybe Bool
a} :: EksContainerSecurityContext)

-- | When this parameter is specified, the container is run as the specified
-- user ID (@uid@). If this parameter isn\'t specified, the default is the
-- user that\'s specified in the image metadata. This parameter maps to
-- @RunAsUser@ and @MustRanAs@ policy in the
-- <https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups Users and groups pod security policies>
-- in the /Kubernetes documentation/.
eksContainerSecurityContext_runAsUser :: Lens.Lens' EksContainerSecurityContext (Prelude.Maybe Prelude.Integer)
eksContainerSecurityContext_runAsUser :: Lens' EksContainerSecurityContext (Maybe Integer)
eksContainerSecurityContext_runAsUser = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EksContainerSecurityContext' {Maybe Integer
runAsUser :: Maybe Integer
$sel:runAsUser:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Integer
runAsUser} -> Maybe Integer
runAsUser) (\s :: EksContainerSecurityContext
s@EksContainerSecurityContext' {} Maybe Integer
a -> EksContainerSecurityContext
s {$sel:runAsUser:EksContainerSecurityContext' :: Maybe Integer
runAsUser = Maybe Integer
a} :: EksContainerSecurityContext)

instance Data.FromJSON EksContainerSecurityContext where
  parseJSON :: Value -> Parser EksContainerSecurityContext
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"EksContainerSecurityContext"
      ( \Object
x ->
          Maybe Bool
-> Maybe Bool
-> Maybe Integer
-> Maybe Bool
-> Maybe Integer
-> EksContainerSecurityContext
EksContainerSecurityContext'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"privileged")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"readOnlyRootFilesystem")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"runAsGroup")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"runAsNonRoot")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"runAsUser")
      )

instance Prelude.Hashable EksContainerSecurityContext where
  hashWithSalt :: Int -> EksContainerSecurityContext -> Int
hashWithSalt Int
_salt EksContainerSecurityContext' {Maybe Bool
Maybe Integer
runAsUser :: Maybe Integer
runAsNonRoot :: Maybe Bool
runAsGroup :: Maybe Integer
readOnlyRootFilesystem :: Maybe Bool
privileged :: Maybe Bool
$sel:runAsUser:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Integer
$sel:runAsNonRoot:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
$sel:runAsGroup:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Integer
$sel:readOnlyRootFilesystem:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
$sel:privileged:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Bool
privileged
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Bool
readOnlyRootFilesystem
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Integer
runAsGroup
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Bool
runAsNonRoot
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Integer
runAsUser

instance Prelude.NFData EksContainerSecurityContext where
  rnf :: EksContainerSecurityContext -> ()
rnf EksContainerSecurityContext' {Maybe Bool
Maybe Integer
runAsUser :: Maybe Integer
runAsNonRoot :: Maybe Bool
runAsGroup :: Maybe Integer
readOnlyRootFilesystem :: Maybe Bool
privileged :: Maybe Bool
$sel:runAsUser:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Integer
$sel:runAsNonRoot:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
$sel:runAsGroup:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Integer
$sel:readOnlyRootFilesystem:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
$sel:privileged:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
privileged
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
readOnlyRootFilesystem
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Integer
runAsGroup
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
runAsNonRoot
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Integer
runAsUser

instance Data.ToJSON EksContainerSecurityContext where
  toJSON :: EksContainerSecurityContext -> Value
toJSON EksContainerSecurityContext' {Maybe Bool
Maybe Integer
runAsUser :: Maybe Integer
runAsNonRoot :: Maybe Bool
runAsGroup :: Maybe Integer
readOnlyRootFilesystem :: Maybe Bool
privileged :: Maybe Bool
$sel:runAsUser:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Integer
$sel:runAsNonRoot:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
$sel:runAsGroup:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Integer
$sel:readOnlyRootFilesystem:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
$sel:privileged:EksContainerSecurityContext' :: EksContainerSecurityContext -> Maybe Bool
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"privileged" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
privileged,
            (Key
"readOnlyRootFilesystem" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
readOnlyRootFilesystem,
            (Key
"runAsGroup" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Integer
runAsGroup,
            (Key
"runAsNonRoot" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
runAsNonRoot,
            (Key
"runAsUser" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Integer
runAsUser
          ]
      )