diff --git a/schemas/2022-10-01-preview/Microsoft.ContainerInstance.json b/schemas/2022-10-01-preview/Microsoft.ContainerInstance.json index 30c83ecf21..1a3bd3d3f0 100644 --- a/schemas/2022-10-01-preview/Microsoft.ContainerInstance.json +++ b/schemas/2022-10-01-preview/Microsoft.ContainerInstance.json @@ -713,6 +713,17 @@ ], "description": "The resource requirements." }, + "securityContext": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityContextDefinition" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The security context for the container." + }, "volumeMounts": { "oneOf": [ { @@ -1026,6 +1037,17 @@ "type": "string", "description": "The image of the init container." }, + "securityContext": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityContextDefinition" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The security context for the container." + }, "volumeMounts": { "oneOf": [ { @@ -1308,6 +1330,105 @@ ], "description": "The resource requirements." }, + "SecurityContextCapabilitiesDefinition": { + "type": "object", + "properties": { + "add": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The capabilities to add to the container." + }, + "drop": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The capabilities to drop from the container." + } + }, + "description": "The capabilities to add or drop from a container." + }, + "SecurityContextDefinition": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A boolean value indicating whether the init process can elevate its privileges" + }, + "capabilities": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityContextCapabilitiesDefinition" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The capabilities to add or drop from a container." + }, + "privileged": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The flag to determine if the container permissions is elevated to Privileged." + }, + "runAsGroup": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sets the User GID for the container." + }, + "runAsUser": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sets the User UID for the container." + }, + "seccompProfile": { + "type": "string", + "description": "a base64 encoded string containing the contents of the JSON in the seccomp profile" + } + }, + "description": "The security context for the container." + }, "UserAssignedIdentities": { "type": "object", "properties": {}, diff --git a/schemas/2023-02-01-preview/Microsoft.ContainerInstance.json b/schemas/2023-02-01-preview/Microsoft.ContainerInstance.json index b15973b97a..8985f6e04f 100644 --- a/schemas/2023-02-01-preview/Microsoft.ContainerInstance.json +++ b/schemas/2023-02-01-preview/Microsoft.ContainerInstance.json @@ -687,6 +687,17 @@ ], "description": "The resource requirements." }, + "securityContext": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityContextDefinition" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The security context for the container." + }, "volumeMounts": { "oneOf": [ { @@ -1282,6 +1293,105 @@ ], "description": "The resource requirements." }, + "SecurityContextCapabilitiesDefinition": { + "type": "object", + "properties": { + "add": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The capabilities to add to the container." + }, + "drop": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The capabilities to drop from the container." + } + }, + "description": "The capabilities to add or drop from a container." + }, + "SecurityContextDefinition": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A boolean value indicating whether the init process can elevate its privileges" + }, + "capabilities": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityContextCapabilitiesDefinition" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The capabilities to add or drop from a container." + }, + "privileged": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The flag to determine if the container permissions is elevated to Privileged." + }, + "runAsGroup": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sets the User GID for the container." + }, + "runAsUser": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sets the User UID for the container." + }, + "seccompProfile": { + "type": "string", + "description": "a base64 encoded string containing the contents of the JSON in the seccomp profile" + } + }, + "description": "The security context for the container." + }, "UserAssignedIdentities": { "type": "object", "properties": {},