{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.ECS.Types.KernelCapabilities -- Copyright : (c) 2013-2023 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) module Amazonka.ECS.Types.KernelCapabilities where import qualified Amazonka.Core as Core import qualified Amazonka.Core.Lens.Internal as Lens import qualified Amazonka.Data as Data import qualified Amazonka.Prelude as Prelude -- | The Linux capabilities for the container that are added to or dropped -- from the default configuration provided by Docker. For more information -- about the default capabilities and the non-default available -- capabilities, see -- <https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities Runtime privilege and Linux capabilities> -- in the /Docker run reference/. For more detailed information about these -- Linux capabilities, see the -- <http://man7.org/linux/man-pages/man7/capabilities.7.html capabilities(7)> -- Linux manual page. -- -- /See:/ 'newKernelCapabilities' smart constructor. data KernelCapabilities = KernelCapabilities' { -- | The Linux capabilities for the container that have been added to the -- default configuration provided by Docker. This parameter maps to -- @CapAdd@ in the -- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container> -- section of the -- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the -- @--cap-add@ option to -- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>. -- -- Tasks launched on Fargate only support adding the @SYS_PTRACE@ kernel -- capability. -- -- Valid values: -- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@ KernelCapabilities -> Maybe [Text] add :: Prelude.Maybe [Prelude.Text], -- | The Linux capabilities for the container that have been removed from the -- default configuration provided by Docker. This parameter maps to -- @CapDrop@ in the -- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container> -- section of the -- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the -- @--cap-drop@ option to -- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>. -- -- Valid values: -- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@ KernelCapabilities -> Maybe [Text] drop :: Prelude.Maybe [Prelude.Text] } deriving (KernelCapabilities -> KernelCapabilities -> Bool forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: KernelCapabilities -> KernelCapabilities -> Bool $c/= :: KernelCapabilities -> KernelCapabilities -> Bool == :: KernelCapabilities -> KernelCapabilities -> Bool $c== :: KernelCapabilities -> KernelCapabilities -> Bool Prelude.Eq, ReadPrec [KernelCapabilities] ReadPrec KernelCapabilities Int -> ReadS KernelCapabilities ReadS [KernelCapabilities] forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [KernelCapabilities] $creadListPrec :: ReadPrec [KernelCapabilities] readPrec :: ReadPrec KernelCapabilities $creadPrec :: ReadPrec KernelCapabilities readList :: ReadS [KernelCapabilities] $creadList :: ReadS [KernelCapabilities] readsPrec :: Int -> ReadS KernelCapabilities $creadsPrec :: Int -> ReadS KernelCapabilities Prelude.Read, Int -> KernelCapabilities -> ShowS [KernelCapabilities] -> ShowS KernelCapabilities -> String forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [KernelCapabilities] -> ShowS $cshowList :: [KernelCapabilities] -> ShowS show :: KernelCapabilities -> String $cshow :: KernelCapabilities -> String showsPrec :: Int -> KernelCapabilities -> ShowS $cshowsPrec :: Int -> KernelCapabilities -> ShowS Prelude.Show, forall x. Rep KernelCapabilities x -> KernelCapabilities forall x. KernelCapabilities -> Rep KernelCapabilities x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep KernelCapabilities x -> KernelCapabilities $cfrom :: forall x. KernelCapabilities -> Rep KernelCapabilities x Prelude.Generic) -- | -- Create a value of 'KernelCapabilities' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'add', 'kernelCapabilities_add' - The Linux capabilities for the container that have been added to the -- default configuration provided by Docker. This parameter maps to -- @CapAdd@ in the -- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container> -- section of the -- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the -- @--cap-add@ option to -- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>. -- -- Tasks launched on Fargate only support adding the @SYS_PTRACE@ kernel -- capability. -- -- Valid values: -- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@ -- -- 'drop', 'kernelCapabilities_drop' - The Linux capabilities for the container that have been removed from the -- default configuration provided by Docker. This parameter maps to -- @CapDrop@ in the -- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container> -- section of the -- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the -- @--cap-drop@ option to -- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>. -- -- Valid values: -- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@ newKernelCapabilities :: KernelCapabilities newKernelCapabilities :: KernelCapabilities newKernelCapabilities = KernelCapabilities' { $sel:add:KernelCapabilities' :: Maybe [Text] add = forall a. Maybe a Prelude.Nothing, $sel:drop:KernelCapabilities' :: Maybe [Text] drop = forall a. Maybe a Prelude.Nothing } -- | The Linux capabilities for the container that have been added to the -- default configuration provided by Docker. This parameter maps to -- @CapAdd@ in the -- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container> -- section of the -- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the -- @--cap-add@ option to -- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>. -- -- Tasks launched on Fargate only support adding the @SYS_PTRACE@ kernel -- capability. -- -- Valid values: -- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@ kernelCapabilities_add :: Lens.Lens' KernelCapabilities (Prelude.Maybe [Prelude.Text]) kernelCapabilities_add :: Lens' KernelCapabilities (Maybe [Text]) kernelCapabilities_add = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\KernelCapabilities' {Maybe [Text] add :: Maybe [Text] $sel:add:KernelCapabilities' :: KernelCapabilities -> Maybe [Text] add} -> Maybe [Text] add) (\s :: KernelCapabilities s@KernelCapabilities' {} Maybe [Text] a -> KernelCapabilities s {$sel:add:KernelCapabilities' :: Maybe [Text] add = Maybe [Text] a} :: KernelCapabilities) forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b. (Functor f, Functor g) => AnIso s t a b -> Iso (f s) (g t) (f a) (g b) Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | The Linux capabilities for the container that have been removed from the -- default configuration provided by Docker. This parameter maps to -- @CapDrop@ in the -- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container> -- section of the -- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the -- @--cap-drop@ option to -- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>. -- -- Valid values: -- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@ kernelCapabilities_drop :: Lens.Lens' KernelCapabilities (Prelude.Maybe [Prelude.Text]) kernelCapabilities_drop :: Lens' KernelCapabilities (Maybe [Text]) kernelCapabilities_drop = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\KernelCapabilities' {Maybe [Text] drop :: Maybe [Text] $sel:drop:KernelCapabilities' :: KernelCapabilities -> Maybe [Text] drop} -> Maybe [Text] drop) (\s :: KernelCapabilities s@KernelCapabilities' {} Maybe [Text] a -> KernelCapabilities s {$sel:drop:KernelCapabilities' :: Maybe [Text] drop = Maybe [Text] a} :: KernelCapabilities) forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b. (Functor f, Functor g) => AnIso s t a b -> Iso (f s) (g t) (f a) (g b) Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced instance Data.FromJSON KernelCapabilities where parseJSON :: Value -> Parser KernelCapabilities parseJSON = forall a. String -> (Object -> Parser a) -> Value -> Parser a Data.withObject String "KernelCapabilities" ( \Object x -> Maybe [Text] -> Maybe [Text] -> KernelCapabilities KernelCapabilities' forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> (Object x forall a. FromJSON a => Object -> Key -> Parser (Maybe a) Data..:? Key "add" forall a. Parser (Maybe a) -> a -> Parser a Data..!= forall a. Monoid a => a Prelude.mempty) forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x forall a. FromJSON a => Object -> Key -> Parser (Maybe a) Data..:? Key "drop" forall a. Parser (Maybe a) -> a -> Parser a Data..!= forall a. Monoid a => a Prelude.mempty) ) instance Prelude.Hashable KernelCapabilities where hashWithSalt :: Int -> KernelCapabilities -> Int hashWithSalt Int _salt KernelCapabilities' {Maybe [Text] drop :: Maybe [Text] add :: Maybe [Text] $sel:drop:KernelCapabilities' :: KernelCapabilities -> Maybe [Text] $sel:add:KernelCapabilities' :: KernelCapabilities -> Maybe [Text] ..} = Int _salt forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` Maybe [Text] add forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` Maybe [Text] drop instance Prelude.NFData KernelCapabilities where rnf :: KernelCapabilities -> () rnf KernelCapabilities' {Maybe [Text] drop :: Maybe [Text] add :: Maybe [Text] $sel:drop:KernelCapabilities' :: KernelCapabilities -> Maybe [Text] $sel:add:KernelCapabilities' :: KernelCapabilities -> Maybe [Text] ..} = forall a. NFData a => a -> () Prelude.rnf Maybe [Text] add seq :: forall a b. a -> b -> b `Prelude.seq` forall a. NFData a => a -> () Prelude.rnf Maybe [Text] drop instance Data.ToJSON KernelCapabilities where toJSON :: KernelCapabilities -> Value toJSON KernelCapabilities' {Maybe [Text] drop :: Maybe [Text] add :: Maybe [Text] $sel:drop:KernelCapabilities' :: KernelCapabilities -> Maybe [Text] $sel:add:KernelCapabilities' :: KernelCapabilities -> Maybe [Text] ..} = [Pair] -> Value Data.object ( forall a. [Maybe a] -> [a] Prelude.catMaybes [ (Key "add" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe [Text] add, (Key "drop" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe [Text] drop ] )