From 2a5e0190ea1534e83af62f7ab7f81152f67cb63b Mon Sep 17 00:00:00 2001 From: BBBmau Date: Tue, 24 Oct 2023 16:13:08 -0700 Subject: [PATCH] add windows_options schema for container --- kubernetes/schema_container.go | 31 ++++++++++++++++++++++++++++++ kubernetes/schema_pod_spec.go | 4 ++-- kubernetes/structures_container.go | 7 +++++++ 3 files changed, 40 insertions(+), 2 deletions(-) diff --git a/kubernetes/schema_container.go b/kubernetes/schema_container.go index 9d1cdedeb1..ab648db16b 100644 --- a/kubernetes/schema_container.go +++ b/kubernetes/schema_container.go @@ -808,6 +808,37 @@ func securityContextSchema(isUpdatable bool) *schema.Resource { Schema: seLinuxOptionsField(isUpdatable), }, }, + "windows_options": { + Type: schema.TypeList, + MaxItems: 1, + Description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "gmsa_credential_spec": { + Type: schema.TypeString, + Description: "GMSACredentialSpec is where the GMSA admission webhook inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field", + Required: true, + }, + "gmsa_credential_spec_name": { + Type: schema.TypeString, + Description: "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + Required: true, + }, + "host_process": { + Type: schema.TypeBool, + Description: "HostProcess determines if a container should be run as a 'Host Process' container. Default value is false.", + Default: false, + Optional: true, + }, + "run_as_username": { + Type: schema.TypeString, + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + Optional: true, + }, + }, + }, + }, } return &schema.Resource{ diff --git a/kubernetes/schema_pod_spec.go b/kubernetes/schema_pod_spec.go index 8d014f0cf0..8de527c276 100644 --- a/kubernetes/schema_pod_spec.go +++ b/kubernetes/schema_pod_spec.go @@ -356,12 +356,12 @@ func podSpecFields(isUpdatable, isComputed bool) map[string]*schema.Schema { "gmsa_credential_spec": { Type: schema.TypeString, Description: "GMSACredentialSpec is where the GMSA admission webhook inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field", - Optional: true, + Required: true, }, "gmsa_credential_spec_name": { Type: schema.TypeString, Description: "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - Optional: true, + Required: true, }, "host_process": { Type: schema.TypeBool, diff --git a/kubernetes/structures_container.go b/kubernetes/structures_container.go index 66f7ce712f..617e5df1d9 100644 --- a/kubernetes/structures_container.go +++ b/kubernetes/structures_container.go @@ -51,6 +51,10 @@ func flattenContainerSecurityContext(in *v1.SecurityContext) []interface{} { if in.SELinuxOptions != nil { att["se_linux_options"] = flattenSeLinuxOptions(in.SELinuxOptions) } + if in.WindowsOptions != nil { + att["windows_options"] = flattenWindowsOptions(*in.WindowsOptions) + } + return []interface{}{att} } @@ -634,6 +638,9 @@ func expandContainerSecurityContext(l []interface{}) (*v1.SecurityContext, error if v, ok := in["se_linux_options"].([]interface{}); ok && len(v) > 0 { obj.SELinuxOptions = expandSeLinuxOptions(v) } + if v, ok := in["windows_options"].([]interface{}); ok && len(v) > 0 { + obj.WindowsOptions = expandWindowsOptions(v) + } return &obj, nil }