hashicorp · BBBmau · Oct 24, 2023 · acolombier · Jan 16, 2024
@@ -808,6 +808,37 @@ func securityContextSchema(isUpdatable bool) *schema.Resource {
 				Schema: seLinuxOptionsField(isUpdatable),
 			},
 		},
+		"windows_options": {
+			Type:        schema.TypeList,
+			MaxItems:    1,
+			Description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.",
+			Optional:    true,
+			Elem: &schema.Resource{
+				Schema: map[string]*schema.Schema{
+					"gmsa_credential_spec": {
+						Type:        schema.TypeString,
+						Description: "GMSACredentialSpec is where the GMSA admission webhook inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field",
+						Required:    true,
+					},
+					"gmsa_credential_spec_name": {
+						Type:        schema.TypeString,
+						Description: "GMSACredentialSpecName is the name of the GMSA credential spec to use.",
+						Required:    true,
+					},
+					"host_process": {
+						Type:        schema.TypeBool,
+						Description: "HostProcess determines if a container should be run as a 'Host Process' container. Default value is false.",
+						Default:     false,
+						Optional:    true,
+					},
+					"run_as_username": {
+						Type:        schema.TypeString,
+						Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",
+						Optional:    true,
+					},
+				},
+			},
+		},
 	}
 
 	return &schema.Resource{

@@ -356,12 +356,12 @@ func podSpecFields(isUpdatable, isComputed bool) map[string]*schema.Schema {
 								"gmsa_credential_spec": {
 									Type:        schema.TypeString,
 									Description: "GMSACredentialSpec is where the GMSA admission webhook inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field",
-									Optional:    true,
+									Required:    true,
 								},
 								"gmsa_credential_spec_name": {
 									Type:        schema.TypeString,
 									Description: "GMSACredentialSpecName is the name of the GMSA credential spec to use.",
-									Optional:    true,
+									Required:    true,
 								},
 								"host_process": {
 									Type:        schema.TypeBool,

@@ -51,6 +51,10 @@ func flattenContainerSecurityContext(in *v1.SecurityContext) []interface{} {
 	if in.SELinuxOptions != nil {
 		att["se_linux_options"] = flattenSeLinuxOptions(in.SELinuxOptions)
 	}
+	if in.WindowsOptions != nil {
+		att["windows_options"] = flattenWindowsOptions(*in.WindowsOptions)
+	}
+
 	return []interface{}{att}
 
 }
@@ -634,6 +638,9 @@ func expandContainerSecurityContext(l []interface{}) (*v1.SecurityContext, error
 	if v, ok := in["se_linux_options"].([]interface{}); ok && len(v) > 0 {
 		obj.SELinuxOptions = expandSeLinuxOptions(v)
 	}
+	if v, ok := in["windows_options"].([]interface{}); ok && len(v) > 0 {
+		obj.WindowsOptions = expandWindowsOptions(v)
+	}
 
 	return &obj, nil
 }