Rancher 2 v6.1.1, May 10 24

Rancher 2 v6.1.1 published on Friday, May 10, 2024 by Pulumi

rancher2.getPodSecurityPolicyTemplate

Explore with Pulumi AI

Rancher 2 v6.1.1 published on Friday, May 10, 2024 by Pulumi

Example Usage

data "rancher2_pod_security_policy_template" "foo" {
    name = "foo"
}

Using getPodSecurityPolicyTemplate

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPodSecurityPolicyTemplate(args: GetPodSecurityPolicyTemplateArgs, opts?: InvokeOptions): Promise<GetPodSecurityPolicyTemplateResult>
function getPodSecurityPolicyTemplateOutput(args: GetPodSecurityPolicyTemplateOutputArgs, opts?: InvokeOptions): Output<GetPodSecurityPolicyTemplateResult>

def get_pod_security_policy_template(allow_privilege_escalation: Optional[bool] = None,
                                     allowed_capabilities: Optional[Sequence[str]] = None,
                                     allowed_csi_drivers: Optional[Sequence[GetPodSecurityPolicyTemplateAllowedCsiDriver]] = None,
                                     allowed_flex_volumes: Optional[Sequence[GetPodSecurityPolicyTemplateAllowedFlexVolume]] = None,
                                     allowed_host_paths: Optional[Sequence[GetPodSecurityPolicyTemplateAllowedHostPath]] = None,
                                     allowed_proc_mount_types: Optional[Sequence[str]] = None,
                                     allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
                                     annotations: Optional[Mapping[str, Any]] = None,
                                     default_add_capabilities: Optional[Sequence[str]] = None,
                                     default_allow_privilege_escalation: Optional[bool] = None,
                                     description: Optional[str] = None,
                                     forbidden_sysctls: Optional[Sequence[str]] = None,
                                     fs_group: Optional[GetPodSecurityPolicyTemplateFsGroup] = None,
                                     host_ipc: Optional[bool] = None,
                                     host_network: Optional[bool] = None,
                                     host_pid: Optional[bool] = None,
                                     host_ports: Optional[Sequence[GetPodSecurityPolicyTemplateHostPort]] = None,
                                     labels: Optional[Mapping[str, Any]] = None,
                                     name: Optional[str] = None,
                                     privileged: Optional[bool] = None,
                                     read_only_root_filesystem: Optional[bool] = None,
                                     required_drop_capabilities: Optional[Sequence[str]] = None,
                                     run_as_group: Optional[GetPodSecurityPolicyTemplateRunAsGroup] = None,
                                     run_as_user: Optional[GetPodSecurityPolicyTemplateRunAsUser] = None,
                                     runtime_class: Optional[GetPodSecurityPolicyTemplateRuntimeClass] = None,
                                     se_linux: Optional[GetPodSecurityPolicyTemplateSeLinux] = None,
                                     supplemental_group: Optional[GetPodSecurityPolicyTemplateSupplementalGroup] = None,
                                     volumes: Optional[Sequence[str]] = None,
                                     opts: Optional[InvokeOptions] = None) -> GetPodSecurityPolicyTemplateResult
def get_pod_security_policy_template_output(allow_privilege_escalation: Optional[pulumi.Input[bool]] = None,
                                     allowed_capabilities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     allowed_csi_drivers: Optional[pulumi.Input[Sequence[pulumi.Input[GetPodSecurityPolicyTemplateAllowedCsiDriverArgs]]]] = None,
                                     allowed_flex_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[GetPodSecurityPolicyTemplateAllowedFlexVolumeArgs]]]] = None,
                                     allowed_host_paths: Optional[pulumi.Input[Sequence[pulumi.Input[GetPodSecurityPolicyTemplateAllowedHostPathArgs]]]] = None,
                                     allowed_proc_mount_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     allowed_unsafe_sysctls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     annotations: Optional[pulumi.Input[Mapping[str, Any]]] = None,
                                     default_add_capabilities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     default_allow_privilege_escalation: Optional[pulumi.Input[bool]] = None,
                                     description: Optional[pulumi.Input[str]] = None,
                                     forbidden_sysctls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     fs_group: Optional[pulumi.Input[GetPodSecurityPolicyTemplateFsGroupArgs]] = None,
                                     host_ipc: Optional[pulumi.Input[bool]] = None,
                                     host_network: Optional[pulumi.Input[bool]] = None,
                                     host_pid: Optional[pulumi.Input[bool]] = None,
                                     host_ports: Optional[pulumi.Input[Sequence[pulumi.Input[GetPodSecurityPolicyTemplateHostPortArgs]]]] = None,
                                     labels: Optional[pulumi.Input[Mapping[str, Any]]] = None,
                                     name: Optional[pulumi.Input[str]] = None,
                                     privileged: Optional[pulumi.Input[bool]] = None,
                                     read_only_root_filesystem: Optional[pulumi.Input[bool]] = None,
                                     required_drop_capabilities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     run_as_group: Optional[pulumi.Input[GetPodSecurityPolicyTemplateRunAsGroupArgs]] = None,
                                     run_as_user: Optional[pulumi.Input[GetPodSecurityPolicyTemplateRunAsUserArgs]] = None,
                                     runtime_class: Optional[pulumi.Input[GetPodSecurityPolicyTemplateRuntimeClassArgs]] = None,
                                     se_linux: Optional[pulumi.Input[GetPodSecurityPolicyTemplateSeLinuxArgs]] = None,
                                     supplemental_group: Optional[pulumi.Input[GetPodSecurityPolicyTemplateSupplementalGroupArgs]] = None,
                                     volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     opts: Optional[InvokeOptions] = None) -> Output[GetPodSecurityPolicyTemplateResult]

func LookupPodSecurityPolicyTemplate(ctx *Context, args *LookupPodSecurityPolicyTemplateArgs, opts ...InvokeOption) (*LookupPodSecurityPolicyTemplateResult, error)
func LookupPodSecurityPolicyTemplateOutput(ctx *Context, args *LookupPodSecurityPolicyTemplateOutputArgs, opts ...InvokeOption) LookupPodSecurityPolicyTemplateResultOutput

> Note: This function is named LookupPodSecurityPolicyTemplate in the Go SDK.

public static class GetPodSecurityPolicyTemplate 
{
    public static Task<GetPodSecurityPolicyTemplateResult> InvokeAsync(GetPodSecurityPolicyTemplateArgs args, InvokeOptions? opts = null)
    public static Output<GetPodSecurityPolicyTemplateResult> Invoke(GetPodSecurityPolicyTemplateInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetPodSecurityPolicyTemplateResult> getPodSecurityPolicyTemplate(GetPodSecurityPolicyTemplateArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: rancher2:index/getPodSecurityPolicyTemplate:getPodSecurityPolicyTemplate
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string: The name of the PodSecurityPolicyTemplate (string)
AllowPrivilegeEscalation bool: = (Optional)
AllowedCapabilities List<string>: (list)
AllowedCsiDrivers List<GetPodSecurityPolicyTemplateAllowedCsiDriver>: (list)
AllowedFlexVolumes List<GetPodSecurityPolicyTemplateAllowedFlexVolume>: (list)
AllowedHostPaths List<GetPodSecurityPolicyTemplateAllowedHostPath>: (list)
AllowedProcMountTypes List<string>: (list)
AllowedUnsafeSysctls List<string>: (list)
Annotations Dictionary<string, object>: Annotations for PodSecurityPolicyTemplate object (map)
DefaultAddCapabilities List<string>: (list)
DefaultAllowPrivilegeEscalation bool: (list)
Description string: The PodSecurityPolicyTemplate description (string)
ForbiddenSysctls List<string>: (list)
FsGroup GetPodSecurityPolicyTemplateFsGroup: (list maxitems:1)
HostIpc bool: (bool)
HostNetwork bool
HostPid bool: (bool)
HostPorts List<GetPodSecurityPolicyTemplateHostPort>: (list)
Labels Dictionary<string, object>: Labels for PodSecurityPolicyTemplate object (map)
Privileged bool: (bool)
ReadOnlyRootFilesystem bool: (bool)
RequiredDropCapabilities List<string>: (list)
RunAsGroup GetPodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
RunAsUser GetPodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
RuntimeClass GetPodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
SeLinux GetPodSecurityPolicyTemplateSeLinux: (list maxitems:1)
SupplementalGroup GetPodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
Volumes List<string>: (list)

Name string: The name of the PodSecurityPolicyTemplate (string)
AllowPrivilegeEscalation bool: = (Optional)
AllowedCapabilities []string: (list)
AllowedCsiDrivers []GetPodSecurityPolicyTemplateAllowedCsiDriver: (list)
AllowedFlexVolumes []GetPodSecurityPolicyTemplateAllowedFlexVolume: (list)
AllowedHostPaths []GetPodSecurityPolicyTemplateAllowedHostPath: (list)
AllowedProcMountTypes []string: (list)
AllowedUnsafeSysctls []string: (list)
Annotations map[string]interface{}: Annotations for PodSecurityPolicyTemplate object (map)
DefaultAddCapabilities []string: (list)
DefaultAllowPrivilegeEscalation bool: (list)
Description string: The PodSecurityPolicyTemplate description (string)
ForbiddenSysctls []string: (list)
FsGroup GetPodSecurityPolicyTemplateFsGroup: (list maxitems:1)
HostIpc bool: (bool)
HostNetwork bool
HostPid bool: (bool)
HostPorts []GetPodSecurityPolicyTemplateHostPort: (list)
Labels map[string]interface{}: Labels for PodSecurityPolicyTemplate object (map)
Privileged bool: (bool)
ReadOnlyRootFilesystem bool: (bool)
RequiredDropCapabilities []string: (list)
RunAsGroup GetPodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
RunAsUser GetPodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
RuntimeClass GetPodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
SeLinux GetPodSecurityPolicyTemplateSeLinux: (list maxitems:1)
SupplementalGroup GetPodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
Volumes []string: (list)

name String: The name of the PodSecurityPolicyTemplate (string)
allowPrivilegeEscalation Boolean: = (Optional)
allowedCapabilities List<String>: (list)
allowedCsiDrivers List<GetPodSecurityPolicyTemplateAllowedCsiDriver>: (list)
allowedFlexVolumes List<GetPodSecurityPolicyTemplateAllowedFlexVolume>: (list)
allowedHostPaths List<GetPodSecurityPolicyTemplateAllowedHostPath>: (list)
allowedProcMountTypes List<String>: (list)
allowedUnsafeSysctls List<String>: (list)
annotations Map<String,Object>: Annotations for PodSecurityPolicyTemplate object (map)
defaultAddCapabilities List<String>: (list)
defaultAllowPrivilegeEscalation Boolean: (list)
description String: The PodSecurityPolicyTemplate description (string)
forbiddenSysctls List<String>: (list)
fsGroup GetPodSecurityPolicyTemplateFsGroup: (list maxitems:1)
hostIpc Boolean: (bool)
hostNetwork Boolean
hostPid Boolean: (bool)
hostPorts List<GetPodSecurityPolicyTemplateHostPort>: (list)
labels Map<String,Object>: Labels for PodSecurityPolicyTemplate object (map)
privileged Boolean: (bool)
readOnlyRootFilesystem Boolean: (bool)
requiredDropCapabilities List<String>: (list)
runAsGroup GetPodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
runAsUser GetPodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
runtimeClass GetPodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
seLinux GetPodSecurityPolicyTemplateSeLinux: (list maxitems:1)
supplementalGroup GetPodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
volumes List<String>: (list)

name string: The name of the PodSecurityPolicyTemplate (string)
allowPrivilegeEscalation boolean: = (Optional)
allowedCapabilities string[]: (list)
allowedCsiDrivers GetPodSecurityPolicyTemplateAllowedCsiDriver[]: (list)
allowedFlexVolumes GetPodSecurityPolicyTemplateAllowedFlexVolume[]: (list)
allowedHostPaths GetPodSecurityPolicyTemplateAllowedHostPath[]: (list)
allowedProcMountTypes string[]: (list)
allowedUnsafeSysctls string[]: (list)
annotations {[key: string]: any}: Annotations for PodSecurityPolicyTemplate object (map)
defaultAddCapabilities string[]: (list)
defaultAllowPrivilegeEscalation boolean: (list)
description string: The PodSecurityPolicyTemplate description (string)
forbiddenSysctls string[]: (list)
fsGroup GetPodSecurityPolicyTemplateFsGroup: (list maxitems:1)
hostIpc boolean: (bool)
hostNetwork boolean
hostPid boolean: (bool)
hostPorts GetPodSecurityPolicyTemplateHostPort[]: (list)
labels {[key: string]: any}: Labels for PodSecurityPolicyTemplate object (map)
privileged boolean: (bool)
readOnlyRootFilesystem boolean: (bool)
requiredDropCapabilities string[]: (list)
runAsGroup GetPodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
runAsUser GetPodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
runtimeClass GetPodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
seLinux GetPodSecurityPolicyTemplateSeLinux: (list maxitems:1)
supplementalGroup GetPodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
volumes string[]: (list)

name str: The name of the PodSecurityPolicyTemplate (string)
allow_privilege_escalation bool: = (Optional)
allowed_capabilities Sequence[str]: (list)
allowed_csi_drivers Sequence[GetPodSecurityPolicyTemplateAllowedCsiDriver]: (list)
allowed_flex_volumes Sequence[GetPodSecurityPolicyTemplateAllowedFlexVolume]: (list)
allowed_host_paths Sequence[GetPodSecurityPolicyTemplateAllowedHostPath]: (list)
allowed_proc_mount_types Sequence[str]: (list)
allowed_unsafe_sysctls Sequence[str]: (list)
annotations Mapping[str, Any]: Annotations for PodSecurityPolicyTemplate object (map)
default_add_capabilities Sequence[str]: (list)
default_allow_privilege_escalation bool: (list)
description str: The PodSecurityPolicyTemplate description (string)
forbidden_sysctls Sequence[str]: (list)
fs_group GetPodSecurityPolicyTemplateFsGroup: (list maxitems:1)
host_ipc bool: (bool)
host_network bool
host_pid bool: (bool)
host_ports Sequence[GetPodSecurityPolicyTemplateHostPort]: (list)
labels Mapping[str, Any]: Labels for PodSecurityPolicyTemplate object (map)
privileged bool: (bool)
read_only_root_filesystem bool: (bool)
required_drop_capabilities Sequence[str]: (list)
run_as_group GetPodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
run_as_user GetPodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
runtime_class GetPodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
se_linux GetPodSecurityPolicyTemplateSeLinux: (list maxitems:1)
supplemental_group GetPodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
volumes Sequence[str]: (list)

name String: The name of the PodSecurityPolicyTemplate (string)
allowPrivilegeEscalation Boolean: = (Optional)
allowedCapabilities List<String>: (list)
allowedCsiDrivers List<Property Map>: (list)
allowedFlexVolumes List<Property Map>: (list)
allowedHostPaths List<Property Map>: (list)
allowedProcMountTypes List<String>: (list)
allowedUnsafeSysctls List<String>: (list)
annotations Map<Any>: Annotations for PodSecurityPolicyTemplate object (map)
defaultAddCapabilities List<String>: (list)
defaultAllowPrivilegeEscalation Boolean: (list)
description String: The PodSecurityPolicyTemplate description (string)
forbiddenSysctls List<String>: (list)
fsGroup Property Map: (list maxitems:1)
hostIpc Boolean: (bool)
hostNetwork Boolean
hostPid Boolean: (bool)
hostPorts List<Property Map>: (list)
labels Map<Any>: Labels for PodSecurityPolicyTemplate object (map)
privileged Boolean: (bool)
readOnlyRootFilesystem Boolean: (bool)
requiredDropCapabilities List<String>: (list)
runAsGroup Property Map: (list maxitems:1)
runAsUser Property Map: (list maxitems:1)
runtimeClass Property Map: (list maxitems:1)
seLinux Property Map: (list maxitems:1)
supplementalGroup Property Map: (list maxitems:1)
volumes List<String>: (list)

getPodSecurityPolicyTemplate Result

The following output properties are available:

AllowPrivilegeEscalation bool
Annotations Dictionary<string, object>
Description string
FsGroup GetPodSecurityPolicyTemplateFsGroup
HostIpc bool
HostNetwork bool
HostPid bool
HostPorts List<GetPodSecurityPolicyTemplateHostPort>
Id string: The provider-assigned unique ID for this managed resource.
Labels Dictionary<string, object>
Name string
Privileged bool
ReadOnlyRootFilesystem bool
RunAsUser GetPodSecurityPolicyTemplateRunAsUser
SeLinux GetPodSecurityPolicyTemplateSeLinux
SupplementalGroup GetPodSecurityPolicyTemplateSupplementalGroup
Volumes List<string>
AllowedCapabilities List<string>
AllowedCsiDrivers List<GetPodSecurityPolicyTemplateAllowedCsiDriver>
AllowedFlexVolumes List<GetPodSecurityPolicyTemplateAllowedFlexVolume>
AllowedHostPaths List<GetPodSecurityPolicyTemplateAllowedHostPath>
AllowedProcMountTypes List<string>
AllowedUnsafeSysctls List<string>
DefaultAddCapabilities List<string>
DefaultAllowPrivilegeEscalation bool
ForbiddenSysctls List<string>
RequiredDropCapabilities List<string>
RunAsGroup GetPodSecurityPolicyTemplateRunAsGroup
RuntimeClass GetPodSecurityPolicyTemplateRuntimeClass

AllowPrivilegeEscalation bool
Annotations map[string]interface{}
Description string
FsGroup GetPodSecurityPolicyTemplateFsGroup
HostIpc bool
HostNetwork bool
HostPid bool
HostPorts []GetPodSecurityPolicyTemplateHostPort
Id string: The provider-assigned unique ID for this managed resource.
Labels map[string]interface{}
Name string
Privileged bool
ReadOnlyRootFilesystem bool
RunAsUser GetPodSecurityPolicyTemplateRunAsUser
SeLinux GetPodSecurityPolicyTemplateSeLinux
SupplementalGroup GetPodSecurityPolicyTemplateSupplementalGroup
Volumes []string
AllowedCapabilities []string
AllowedCsiDrivers []GetPodSecurityPolicyTemplateAllowedCsiDriver
AllowedFlexVolumes []GetPodSecurityPolicyTemplateAllowedFlexVolume
AllowedHostPaths []GetPodSecurityPolicyTemplateAllowedHostPath
AllowedProcMountTypes []string
AllowedUnsafeSysctls []string
DefaultAddCapabilities []string
DefaultAllowPrivilegeEscalation bool
ForbiddenSysctls []string
RequiredDropCapabilities []string
RunAsGroup GetPodSecurityPolicyTemplateRunAsGroup
RuntimeClass GetPodSecurityPolicyTemplateRuntimeClass

allowPrivilegeEscalation Boolean
annotations Map<String,Object>
description String
fsGroup GetPodSecurityPolicyTemplateFsGroup
hostIpc Boolean
hostNetwork Boolean
hostPid Boolean
hostPorts List<GetPodSecurityPolicyTemplateHostPort>
id String: The provider-assigned unique ID for this managed resource.
labels Map<String,Object>
name String
privileged Boolean
readOnlyRootFilesystem Boolean
runAsUser GetPodSecurityPolicyTemplateRunAsUser
seLinux GetPodSecurityPolicyTemplateSeLinux
supplementalGroup GetPodSecurityPolicyTemplateSupplementalGroup
volumes List<String>
allowedCapabilities List<String>
allowedCsiDrivers List<GetPodSecurityPolicyTemplateAllowedCsiDriver>
allowedFlexVolumes List<GetPodSecurityPolicyTemplateAllowedFlexVolume>
allowedHostPaths List<GetPodSecurityPolicyTemplateAllowedHostPath>
allowedProcMountTypes List<String>
allowedUnsafeSysctls List<String>
defaultAddCapabilities List<String>
defaultAllowPrivilegeEscalation Boolean
forbiddenSysctls List<String>
requiredDropCapabilities List<String>
runAsGroup GetPodSecurityPolicyTemplateRunAsGroup
runtimeClass GetPodSecurityPolicyTemplateRuntimeClass

allowPrivilegeEscalation boolean
annotations {[key: string]: any}
description string
fsGroup GetPodSecurityPolicyTemplateFsGroup
hostIpc boolean
hostNetwork boolean
hostPid boolean
hostPorts GetPodSecurityPolicyTemplateHostPort[]
id string: The provider-assigned unique ID for this managed resource.
labels {[key: string]: any}
name string
privileged boolean
readOnlyRootFilesystem boolean
runAsUser GetPodSecurityPolicyTemplateRunAsUser
seLinux GetPodSecurityPolicyTemplateSeLinux
supplementalGroup GetPodSecurityPolicyTemplateSupplementalGroup
volumes string[]
allowedCapabilities string[]
allowedCsiDrivers GetPodSecurityPolicyTemplateAllowedCsiDriver[]
allowedFlexVolumes GetPodSecurityPolicyTemplateAllowedFlexVolume[]
allowedHostPaths GetPodSecurityPolicyTemplateAllowedHostPath[]
allowedProcMountTypes string[]
allowedUnsafeSysctls string[]
defaultAddCapabilities string[]
defaultAllowPrivilegeEscalation boolean
forbiddenSysctls string[]
requiredDropCapabilities string[]
runAsGroup GetPodSecurityPolicyTemplateRunAsGroup
runtimeClass GetPodSecurityPolicyTemplateRuntimeClass

allow_privilege_escalation bool
annotations Mapping[str, Any]
description str
fs_group GetPodSecurityPolicyTemplateFsGroup
host_ipc bool
host_network bool
host_pid bool
host_ports Sequence[GetPodSecurityPolicyTemplateHostPort]
id str: The provider-assigned unique ID for this managed resource.
labels Mapping[str, Any]
name str
privileged bool
read_only_root_filesystem bool
run_as_user GetPodSecurityPolicyTemplateRunAsUser
se_linux GetPodSecurityPolicyTemplateSeLinux
supplemental_group GetPodSecurityPolicyTemplateSupplementalGroup
volumes Sequence[str]
allowed_capabilities Sequence[str]
allowed_csi_drivers Sequence[GetPodSecurityPolicyTemplateAllowedCsiDriver]
allowed_flex_volumes Sequence[GetPodSecurityPolicyTemplateAllowedFlexVolume]
allowed_host_paths Sequence[GetPodSecurityPolicyTemplateAllowedHostPath]
allowed_proc_mount_types Sequence[str]
allowed_unsafe_sysctls Sequence[str]
default_add_capabilities Sequence[str]
default_allow_privilege_escalation bool
forbidden_sysctls Sequence[str]
required_drop_capabilities Sequence[str]
run_as_group GetPodSecurityPolicyTemplateRunAsGroup
runtime_class GetPodSecurityPolicyTemplateRuntimeClass

allowPrivilegeEscalation Boolean
annotations Map<Any>
description String
fsGroup Property Map
hostIpc Boolean
hostNetwork Boolean
hostPid Boolean
hostPorts List<Property Map>
id String: The provider-assigned unique ID for this managed resource.
labels Map<Any>
name String
privileged Boolean
readOnlyRootFilesystem Boolean
runAsUser Property Map
seLinux Property Map
supplementalGroup Property Map
volumes List<String>
allowedCapabilities List<String>
allowedCsiDrivers List<Property Map>
allowedFlexVolumes List<Property Map>
allowedHostPaths List<Property Map>
allowedProcMountTypes List<String>
allowedUnsafeSysctls List<String>
defaultAddCapabilities List<String>
defaultAllowPrivilegeEscalation Boolean
forbiddenSysctls List<String>
requiredDropCapabilities List<String>
runAsGroup Property Map
runtimeClass Property Map

Supporting Types

GetPodSecurityPolicyTemplateAllowedCsiDriver

Name string: The name of the PodSecurityPolicyTemplate (string)

Name string: The name of the PodSecurityPolicyTemplate (string)

name String: The name of the PodSecurityPolicyTemplate (string)

name string: The name of the PodSecurityPolicyTemplate (string)

name str: The name of the PodSecurityPolicyTemplate (string)

name String: The name of the PodSecurityPolicyTemplate (string)

GetPodSecurityPolicyTemplateAllowedFlexVolume

Driver string: driver is the name of the Flexvolume driver.

Driver string: driver is the name of the Flexvolume driver.

driver String: driver is the name of the Flexvolume driver.

driver string: driver is the name of the Flexvolume driver.

driver str: driver is the name of the Flexvolume driver.

driver String: driver is the name of the Flexvolume driver.

GetPodSecurityPolicyTemplateAllowedHostPath

PathPrefix string: pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
ReadOnly bool: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

PathPrefix string: pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
ReadOnly bool: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

pathPrefix String: pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
readOnly Boolean: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

pathPrefix string: pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
readOnly boolean: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

path_prefix str: pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
read_only bool: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

pathPrefix String: pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
readOnly Boolean: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

GetPodSecurityPolicyTemplateFsGroup

Ranges List<GetPodSecurityPolicyTemplateFsGroupRange>: ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
Rule string: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

Ranges []GetPodSecurityPolicyTemplateFsGroupRange: ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
Rule string: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

ranges List<GetPodSecurityPolicyTemplateFsGroupRange>: ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
rule String: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

ranges GetPodSecurityPolicyTemplateFsGroupRange[]: ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
rule string: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

ranges Sequence[GetPodSecurityPolicyTemplateFsGroupRange]: ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
rule str: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

ranges List<Property Map>: ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
rule String: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

GetPodSecurityPolicyTemplateFsGroupRange

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

max Integer: max is the end of the range, inclusive.
min Integer: min is the start of the range, inclusive.

max number: max is the end of the range, inclusive.
min number: min is the start of the range, inclusive.

max int: max is the end of the range, inclusive.
min int: min is the start of the range, inclusive.

max Number: max is the end of the range, inclusive.
min Number: min is the start of the range, inclusive.

GetPodSecurityPolicyTemplateHostPort

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

max Integer: max is the end of the range, inclusive.
min Integer: min is the start of the range, inclusive.

max number: max is the end of the range, inclusive.
min number: min is the start of the range, inclusive.

max int: max is the end of the range, inclusive.
min int: min is the start of the range, inclusive.

max Number: max is the end of the range, inclusive.
min Number: min is the start of the range, inclusive.

GetPodSecurityPolicyTemplateRunAsGroup

Rule string: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
Ranges List<GetPodSecurityPolicyTemplateRunAsGroupRange>: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

Rule string: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
Ranges []GetPodSecurityPolicyTemplateRunAsGroupRange: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

rule String: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
ranges List<GetPodSecurityPolicyTemplateRunAsGroupRange>: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

rule string: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
ranges GetPodSecurityPolicyTemplateRunAsGroupRange[]: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

rule str: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
ranges Sequence[GetPodSecurityPolicyTemplateRunAsGroupRange]: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

rule String: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
ranges List<Property Map>: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

GetPodSecurityPolicyTemplateRunAsGroupRange

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

max Integer: max is the end of the range, inclusive.
min Integer: min is the start of the range, inclusive.

max number: max is the end of the range, inclusive.
min number: min is the start of the range, inclusive.

max int: max is the end of the range, inclusive.
min int: min is the start of the range, inclusive.

max Number: max is the end of the range, inclusive.
min Number: min is the start of the range, inclusive.

GetPodSecurityPolicyTemplateRunAsUser

Rule string: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
Ranges List<GetPodSecurityPolicyTemplateRunAsUserRange>: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

Rule string: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
Ranges []GetPodSecurityPolicyTemplateRunAsUserRange: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

rule String: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
ranges List<GetPodSecurityPolicyTemplateRunAsUserRange>: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

rule string: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
ranges GetPodSecurityPolicyTemplateRunAsUserRange[]: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

rule str: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
ranges Sequence[GetPodSecurityPolicyTemplateRunAsUserRange]: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

rule String: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
ranges List<Property Map>: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

GetPodSecurityPolicyTemplateRunAsUserRange

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

max Integer: max is the end of the range, inclusive.
min Integer: min is the start of the range, inclusive.

max number: max is the end of the range, inclusive.
min number: min is the start of the range, inclusive.

max int: max is the end of the range, inclusive.
min int: min is the start of the range, inclusive.

max Number: max is the end of the range, inclusive.
min Number: min is the start of the range, inclusive.

GetPodSecurityPolicyTemplateRuntimeClass

AllowedRuntimeClassNames List<string>: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
DefaultRuntimeClassName string: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

AllowedRuntimeClassNames []string: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
DefaultRuntimeClassName string: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

allowedRuntimeClassNames List<String>: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
defaultRuntimeClassName String: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

allowedRuntimeClassNames string[]: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
defaultRuntimeClassName string: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

allowed_runtime_class_names Sequence[str]: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
default_runtime_class_name str: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

allowedRuntimeClassNames List<String>: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
defaultRuntimeClassName String: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

GetPodSecurityPolicyTemplateSeLinux

Rule string: rule is the strategy that will dictate the allowable labels that may be set.
SeLinuxOption GetPodSecurityPolicyTemplateSeLinuxSeLinuxOption: seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

Rule string: rule is the strategy that will dictate the allowable labels that may be set.
SeLinuxOption GetPodSecurityPolicyTemplateSeLinuxSeLinuxOption: seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

rule String: rule is the strategy that will dictate the allowable labels that may be set.
seLinuxOption GetPodSecurityPolicyTemplateSeLinuxSeLinuxOption: seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

rule string: rule is the strategy that will dictate the allowable labels that may be set.
seLinuxOption GetPodSecurityPolicyTemplateSeLinuxSeLinuxOption: seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

rule str: rule is the strategy that will dictate the allowable labels that may be set.
se_linux_option GetPodSecurityPolicyTemplateSeLinuxSeLinuxOption: seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

rule String: rule is the strategy that will dictate the allowable labels that may be set.
seLinuxOption Property Map: seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

GetPodSecurityPolicyTemplateSeLinuxSeLinuxOption

Level string: Level is SELinux level label that applies to the container.
Role string: Role is a SELinux role label that applies to the container.
Type string: Type is a SELinux type label that applies to the container.
User string: User is a SELinux user label that applies to the container.

Level string: Level is SELinux level label that applies to the container.
Role string: Role is a SELinux role label that applies to the container.
Type string: Type is a SELinux type label that applies to the container.
User string: User is a SELinux user label that applies to the container.

level String: Level is SELinux level label that applies to the container.
role String: Role is a SELinux role label that applies to the container.
type String: Type is a SELinux type label that applies to the container.
user String: User is a SELinux user label that applies to the container.

level string: Level is SELinux level label that applies to the container.
role string: Role is a SELinux role label that applies to the container.
type string: Type is a SELinux type label that applies to the container.
user string: User is a SELinux user label that applies to the container.

level str: Level is SELinux level label that applies to the container.
role str: Role is a SELinux role label that applies to the container.
type str: Type is a SELinux type label that applies to the container.
user str: User is a SELinux user label that applies to the container.

level String: Level is SELinux level label that applies to the container.
role String: Role is a SELinux role label that applies to the container.
type String: Type is a SELinux type label that applies to the container.
user String: User is a SELinux user label that applies to the container.

GetPodSecurityPolicyTemplateSupplementalGroup

Ranges List<GetPodSecurityPolicyTemplateSupplementalGroupRange>: ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
Rule string: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

Ranges []GetPodSecurityPolicyTemplateSupplementalGroupRange: ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
Rule string: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

ranges List<GetPodSecurityPolicyTemplateSupplementalGroupRange>: ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
rule String: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

ranges GetPodSecurityPolicyTemplateSupplementalGroupRange[]: ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
rule string: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

ranges Sequence[GetPodSecurityPolicyTemplateSupplementalGroupRange]: ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
rule str: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

ranges List<Property Map>: ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
rule String: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

GetPodSecurityPolicyTemplateSupplementalGroupRange

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

Max int: max is the end of the range, inclusive.
Min int: min is the start of the range, inclusive.

max Integer: max is the end of the range, inclusive.
min Integer: min is the start of the range, inclusive.

max number: max is the end of the range, inclusive.
min number: min is the start of the range, inclusive.

max int: max is the end of the range, inclusive.
min int: min is the start of the range, inclusive.

max Number: max is the end of the range, inclusive.
min Number: min is the start of the range, inclusive.

Package Details

Repository: Rancher2 pulumi/pulumi-rancher2
License: Apache-2.0
Notes: This Pulumi package is based on the rancher2 Terraform Provider.

Rancher 2 v6.1.1 published on Friday, May 10, 2024 by Pulumi

pulumi/pulumi-rancher2

rancher2.getPodSecurityPolicyTemplate

On this page

On this page

Example Usage

Using getPodSecurityPolicyTemplate

getPodSecurityPolicyTemplate Result

Supporting Types

GetPodSecurityPolicyTemplateAllowedCsiDriver

GetPodSecurityPolicyTemplateAllowedFlexVolume

GetPodSecurityPolicyTemplateAllowedHostPath

GetPodSecurityPolicyTemplateFsGroup

GetPodSecurityPolicyTemplateFsGroupRange

GetPodSecurityPolicyTemplateHostPort

GetPodSecurityPolicyTemplateRunAsGroup

GetPodSecurityPolicyTemplateRunAsGroupRange

GetPodSecurityPolicyTemplateRunAsUser

GetPodSecurityPolicyTemplateRunAsUserRange

GetPodSecurityPolicyTemplateRuntimeClass

GetPodSecurityPolicyTemplateSeLinux

GetPodSecurityPolicyTemplateSeLinuxSeLinuxOption

GetPodSecurityPolicyTemplateSupplementalGroup

GetPodSecurityPolicyTemplateSupplementalGroupRange

Package Details

On this page

On this page