[confcom] updating docs to include new genpolicy info (#7093)

* updating docs to include new genpolicy info * updating image hash * updating styling in test files * updating styling and a regex * adding back if statement * fixing syntax bug
Azure · Dec 20, 2023 · 4503d9d · 4503d9d
1 parent a439f67
commit 4503d9d
Show file tree

Hide file tree

Showing 12 changed files with 272 additions and 135 deletions.
diff --git a/src/confcom/HISTORY.rst b/src/confcom/HISTORY.rst
@@ -2,6 +2,10 @@
 
 Release History
 ===============
+0.3.2
+++++++
+* updating genpolicy version to allow for topologySpreadConstraints, version genpolicy-0.6.2-2
+
 0.3.1
 ++++++
 * removing unneeded print statement

diff --git a/src/confcom/azext_confcom/data/internal_config.json b/src/confcom/azext_confcom/data/internal_config.json
@@ -1,5 +1,5 @@
 {
-    "version": "0.3.1",
+    "version": "0.3.2",
     "hcsshim_config": {
         "maxVersion": "1.0.0",
         "minVersion": "0.0.1"
@@ -18,7 +18,7 @@
     "fabric": {
         "environmentVariables": [
             {
-                "name": "((?i)FABRIC)_.+",
+                "name": "(?i)(FABRIC)_.+",
                 "value": ".+",
                 "strategy": "re2",
                 "required": false

diff --git a/src/confcom/azext_confcom/security_policy.py b/src/confcom/azext_confcom/security_policy.py
@@ -438,8 +438,10 @@ def populate_policy_content_for_all_images(
                     if signals:
                         image.set_signals(signals)
 
-                    if (deepdiff.DeepDiff(image.get_user(), config.DEFAULT_USER, ignore_order=True) == {}
-                            and image_info.get("User") != ""):
+                    if (
+                        not deepdiff.DeepDiff(image.get_user(), config.DEFAULT_USER, ignore_order=True)
+                        and image_info.get("User") != ""
+                    ):
                         # valid values are in the form "user", "user:group", "uid", "uid:gid", "user:gid", "uid:group"
                         # where each entry is either a string or an unsigned integer
                         # "" means any user (use default)

diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py b/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py
@@ -22,7 +22,6 @@
 TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), ".."))
 
 
-
 class PolicyGeneratingArm(unittest.TestCase):
     custom_json = """
         {
@@ -1988,7 +1987,7 @@ def test_multiple_policies(self):
         is_valid, diff = self.aci_policy.validate_cce_policy()
         self.assertFalse(is_valid)
         # just check to make sure the containers in both policies are different
-        expected_diff = {"alpine:3.16":"alpine:3.16 not found in policy"}
+        expected_diff = {"alpine:3.16": "alpine:3.16 not found in policy"}
         self.assertEqual(diff, expected_diff)
 
 
@@ -2472,9 +2471,7 @@ def test_arm_template_allow_elevated_false(self):
         self.assertFalse(allow_elevated)
 
 
-
 class PrintExistingPolicy(unittest.TestCase):
-
     def test_printing_existing_policy(self):
         template = """
         {
@@ -3372,7 +3369,7 @@ def test_arm_template_policy_regex(self):
 
         normalized_aci_arm_policy = json.loads(
             self.aci_arm_policy.get_serialized_output(
-                output_type=OutputType.RAW,rego_boilerplate=False
+                output_type=OutputType.RAW, rego_boilerplate=False
             )
         )
 
@@ -3395,15 +3392,17 @@ def test_wildcard_env_var(self):
         )
 
         self.assertEqual(
-            normalized_aci_arm_policy[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS
-                ][1][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_STRATEGY],
-            "re2"
+            normalized_aci_arm_policy[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS][1][
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_STRATEGY
+            ],
+            "re2",
         )
 
         self.assertEqual(
-            normalized_aci_arm_policy[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS
-                ][1][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE],
-            "TEST_WILDCARD_ENV=.*"
+            normalized_aci_arm_policy[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS][1][
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE
+            ],
+            "TEST_WILDCARD_ENV=.*",
         )
 
         normalized_aci_arm_policy2 = json.loads(
@@ -3417,9 +3416,10 @@ def test_wildcard_env_var(self):
         )
 
         self.assertEqual(
-            normalized_aci_arm_policy2[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS
-                ][1][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE],
-            "TEST_WILDCARD_ENV=.*"
+            normalized_aci_arm_policy2[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS][1][
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE
+            ],
+            "TEST_WILDCARD_ENV=.*",
         )
 
     def test_wildcard_env_var_invalid(self):
@@ -3875,7 +3875,6 @@ class PolicyGeneratingSecurityContext(unittest.TestCase):
     }
     """
 
-
     custom_arm_json3 = """
     {
         "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -4196,7 +4195,6 @@ def setUpClass(cls):
         ]
         cls.aci_arm_policy4.populate_policy_content_for_all_images()
 
-
     def test_arm_template_security_context_defaults(self):
         expected_user_json = json.loads("""{
             "user_idname":
@@ -4761,7 +4759,6 @@ class PolicyGeneratingSecurityContextUserEdgeCases(unittest.TestCase):
     }
     """
 
-
     @classmethod
     def setUpClass(cls):
         cls.aci_arm_policy = load_policy_from_arm_template_str(cls.custom_arm_json, "")[
@@ -5287,7 +5284,6 @@ def test_arm_template_security_context_seccomp_profile_missing_syscalls(self):
         self.assertEqual(regular_image_json[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_SECCOMP_PROFILE_SHA256], expected_seccomp_profile_sha256)
 
 
-
 class PolicyStopSignal(unittest.TestCase):
     custom_arm_json = """
     {

diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_image.py b/src/confcom/azext_confcom/tests/latest/test_confcom_image.py
@@ -18,6 +18,7 @@
 
 TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), ".."))
 
+
 class PolicyGeneratingImage(unittest.TestCase):
     custom_json = """
         {
@@ -36,6 +37,7 @@ class PolicyGeneratingImage(unittest.TestCase):
             ]
         }
         """
+
     @classmethod
     def setUpClass(cls):
         with load_policy_from_image_name("python:3.6.14-slim-buster") as aci_policy:
@@ -49,6 +51,7 @@ def test_image_policy(self):
         # deep diff the output policies from the regular policy.json and the single image
         self.assertEqual(self.aci_policy.get_serialized_output(), self.custom_policy.get_serialized_output())
 
+
 class PolicyGeneratingImageSidecar(unittest.TestCase):
     custom_json = """
         {
@@ -82,6 +85,7 @@ def setUpClass(cls):
     def test_sidecar_image_policy(self):
         self.assertEqual(self.aci_policy.get_serialized_output(), self.custom_policy.get_serialized_output())
 
+
 class PolicyGeneratingImageInvalid(unittest.TestCase):
     def test_invalid_image_policy(self):
 
@@ -92,6 +96,7 @@ def test_invalid_image_policy(self):
             policy.populate_policy_content_for_all_images(individual_image=True)
         self.assertEqual(exc_info.exception.code, 1)
 
+
 class PolicyGeneratingImageCleanRoom(unittest.TestCase):
     def test_clean_room_policy(self):
         client = docker.from_env()