diff --git a/src/confcom/HISTORY.rst b/src/confcom/HISTORY.rst index 472669adcd1..b8f1fc177e4 100644 --- a/src/confcom/HISTORY.rst +++ b/src/confcom/HISTORY.rst @@ -2,6 +2,10 @@ Release History =============== +0.3.2 +++++++ +* updating genpolicy version to allow for topologySpreadConstraints, version genpolicy-0.6.2-2 + 0.3.1 ++++++ * removing unneeded print statement diff --git a/src/confcom/azext_confcom/data/internal_config.json b/src/confcom/azext_confcom/data/internal_config.json index 180906a96b7..e2b932b2791 100644 --- a/src/confcom/azext_confcom/data/internal_config.json +++ b/src/confcom/azext_confcom/data/internal_config.json @@ -1,5 +1,5 @@ { - "version": "0.3.1", + "version": "0.3.2", "hcsshim_config": { "maxVersion": "1.0.0", "minVersion": "0.0.1" @@ -18,7 +18,7 @@ "fabric": { "environmentVariables": [ { - "name": "((?i)FABRIC)_.+", + "name": "(?i)(FABRIC)_.+", "value": ".+", "strategy": "re2", "required": false diff --git a/src/confcom/azext_confcom/security_policy.py b/src/confcom/azext_confcom/security_policy.py index cf07ec19930..cddc64b7f1e 100644 --- a/src/confcom/azext_confcom/security_policy.py +++ b/src/confcom/azext_confcom/security_policy.py @@ -438,8 +438,10 @@ def populate_policy_content_for_all_images( if signals: image.set_signals(signals) - if (deepdiff.DeepDiff(image.get_user(), config.DEFAULT_USER, ignore_order=True) == {} - and image_info.get("User") != ""): + if ( + not deepdiff.DeepDiff(image.get_user(), config.DEFAULT_USER, ignore_order=True) + and image_info.get("User") != "" + ): # valid values are in the form "user", "user:group", "uid", "uid:gid", "user:gid", "uid:group" # where each entry is either a string or an unsigned integer # "" means any user (use default) diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py b/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py index 2471f7ac7f6..d8e40a34672 100644 --- a/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py +++ b/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py @@ -22,7 +22,6 @@ TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), "..")) - class PolicyGeneratingArm(unittest.TestCase): custom_json = """ { @@ -1988,7 +1987,7 @@ def test_multiple_policies(self): is_valid, diff = self.aci_policy.validate_cce_policy() self.assertFalse(is_valid) # just check to make sure the containers in both policies are different - expected_diff = {"alpine:3.16":"alpine:3.16 not found in policy"} + expected_diff = {"alpine:3.16": "alpine:3.16 not found in policy"} self.assertEqual(diff, expected_diff) @@ -2472,9 +2471,7 @@ def test_arm_template_allow_elevated_false(self): self.assertFalse(allow_elevated) - class PrintExistingPolicy(unittest.TestCase): - def test_printing_existing_policy(self): template = """ { @@ -3372,7 +3369,7 @@ def test_arm_template_policy_regex(self): normalized_aci_arm_policy = json.loads( self.aci_arm_policy.get_serialized_output( - output_type=OutputType.RAW,rego_boilerplate=False + output_type=OutputType.RAW, rego_boilerplate=False ) ) @@ -3395,15 +3392,17 @@ def test_wildcard_env_var(self): ) self.assertEqual( - normalized_aci_arm_policy[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS - ][1][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_STRATEGY], - "re2" + normalized_aci_arm_policy[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS][1][ + config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_STRATEGY + ], + "re2", ) self.assertEqual( - normalized_aci_arm_policy[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS - ][1][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE], - "TEST_WILDCARD_ENV=.*" + normalized_aci_arm_policy[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS][1][ + config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE + ], + "TEST_WILDCARD_ENV=.*", ) normalized_aci_arm_policy2 = json.loads( @@ -3417,9 +3416,10 @@ def test_wildcard_env_var(self): ) self.assertEqual( - normalized_aci_arm_policy2[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS - ][1][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE], - "TEST_WILDCARD_ENV=.*" + normalized_aci_arm_policy2[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS][1][ + config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE + ], + "TEST_WILDCARD_ENV=.*", ) def test_wildcard_env_var_invalid(self): @@ -3875,7 +3875,6 @@ class PolicyGeneratingSecurityContext(unittest.TestCase): } """ - custom_arm_json3 = """ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -4196,7 +4195,6 @@ def setUpClass(cls): ] cls.aci_arm_policy4.populate_policy_content_for_all_images() - def test_arm_template_security_context_defaults(self): expected_user_json = json.loads("""{ "user_idname": @@ -4761,7 +4759,6 @@ class PolicyGeneratingSecurityContextUserEdgeCases(unittest.TestCase): } """ - @classmethod def setUpClass(cls): cls.aci_arm_policy = load_policy_from_arm_template_str(cls.custom_arm_json, "")[ @@ -5287,7 +5284,6 @@ def test_arm_template_security_context_seccomp_profile_missing_syscalls(self): self.assertEqual(regular_image_json[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_SECCOMP_PROFILE_SHA256], expected_seccomp_profile_sha256) - class PolicyStopSignal(unittest.TestCase): custom_arm_json = """ { diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_image.py b/src/confcom/azext_confcom/tests/latest/test_confcom_image.py index f4fa00c7e3c..2724f5d5800 100644 --- a/src/confcom/azext_confcom/tests/latest/test_confcom_image.py +++ b/src/confcom/azext_confcom/tests/latest/test_confcom_image.py @@ -18,6 +18,7 @@ TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), "..")) + class PolicyGeneratingImage(unittest.TestCase): custom_json = """ { @@ -36,6 +37,7 @@ class PolicyGeneratingImage(unittest.TestCase): ] } """ + @classmethod def setUpClass(cls): with load_policy_from_image_name("python:3.6.14-slim-buster") as aci_policy: @@ -49,6 +51,7 @@ def test_image_policy(self): # deep diff the output policies from the regular policy.json and the single image self.assertEqual(self.aci_policy.get_serialized_output(), self.custom_policy.get_serialized_output()) + class PolicyGeneratingImageSidecar(unittest.TestCase): custom_json = """ { @@ -82,6 +85,7 @@ def setUpClass(cls): def test_sidecar_image_policy(self): self.assertEqual(self.aci_policy.get_serialized_output(), self.custom_policy.get_serialized_output()) + class PolicyGeneratingImageInvalid(unittest.TestCase): def test_invalid_image_policy(self): @@ -92,6 +96,7 @@ def test_invalid_image_policy(self): policy.populate_policy_content_for_all_images(individual_image=True) self.assertEqual(exc_info.exception.code, 1) + class PolicyGeneratingImageCleanRoom(unittest.TestCase): def test_clean_room_policy(self): client = docker.from_env() diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_scenario.py b/src/confcom/azext_confcom/tests/latest/test_confcom_scenario.py index d92cd7b36ca..a9b8d5fa163 100644 --- a/src/confcom/azext_confcom/tests/latest/test_confcom_scenario.py +++ b/src/confcom/azext_confcom/tests/latest/test_confcom_scenario.py @@ -18,6 +18,7 @@ TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), "..")) + class MountEnforcement(unittest.TestCase): custom_json = """ { @@ -146,6 +147,7 @@ def test_user_container_mount_injected_dns(self): mount[config.POLICY_FIELD_CONTAINERS_ELEMENTS_MOUNTS_OPTIONS][2], "rw" ) + class PolicyGenerating(unittest.TestCase): custom_json = """ { @@ -195,7 +197,7 @@ class PolicyGenerating(unittest.TestCase): "strategy": "string" }, { - "name": "((?i)FABRIC)_.+", + "name": "(?i)(FABRIC)_.+", "value": ".+", "strategy": "re2" }, @@ -267,84 +269,84 @@ def setUpClass(cls): def test_injected_sidecar_container_msi(self): image = self.aci_policy.get_images()[0] env_vars = [ - { - "name": "IDENTITY_API_VERSION", - "value": ".+", - }, - { - "name": "IDENTITY_HEADER", - "value": ".+", - }, - { - "name": "IDENTITY_SERVER_THUMBPRINT", - "value": ".+", - }, - { - "name": "ACI_MI_CLIENT_ID_.+", - "value": ".+", - }, - { - "name": "ACI_MI_RES_ID_.+", - "value": ".+", - }, - { - "name": "HOSTNAME", - "value": ".+", - }, - { - "name": "TERM", - "value": "xterm", - }, - { - "name": "PATH", - "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - }, - { - "name": "((?i)FABRIC)_.+", - "value": ".+", - }, - { - "name": "Fabric_Id+", - "value": ".+", - }, - { - "name": "Fabric_ServiceName", - "value": ".+", - }, - { - "name": "Fabric_ApplicationName", - "value": ".+", - }, - { - "name": "Fabric_CodePackageName", - "value": ".+", - }, - { - "name": "Fabric_ServiceDnsName", - "value": ".+", - }, - { - "name": "ACI_MI_DEFAULT", - "value": ".+", - }, - { - "name": "TokenProxyIpAddressEnvKeyName", - "value": "[ContainerToHostAddress|Fabric_NodelPOrFQDN]", - }, - { - "name": "ContainerToHostAddress", - "value": "", - }, - { - "name": "Fabric_NetworkingMode", - "value": ".+", - }, - { - "name": "azurecontainerinstance_restarted_by", - "value": ".+", - } - ] - command = ["/bin/sh","-c","until ./msiAtlasAdapter; do echo $? restarting; done"] + { + "name": "IDENTITY_API_VERSION", + "value": ".+", + }, + { + "name": "IDENTITY_HEADER", + "value": ".+", + }, + { + "name": "IDENTITY_SERVER_THUMBPRINT", + "value": ".+", + }, + { + "name": "ACI_MI_CLIENT_ID_.+", + "value": ".+", + }, + { + "name": "ACI_MI_RES_ID_.+", + "value": ".+", + }, + { + "name": "HOSTNAME", + "value": ".+", + }, + { + "name": "TERM", + "value": "xterm", + }, + { + "name": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + }, + { + "name": "(?i)(FABRIC)_.+", + "value": ".+", + }, + { + "name": "Fabric_Id+", + "value": ".+", + }, + { + "name": "Fabric_ServiceName", + "value": ".+", + }, + { + "name": "Fabric_ApplicationName", + "value": ".+", + }, + { + "name": "Fabric_CodePackageName", + "value": ".+", + }, + { + "name": "Fabric_ServiceDnsName", + "value": ".+", + }, + { + "name": "ACI_MI_DEFAULT", + "value": ".+", + }, + { + "name": "TokenProxyIpAddressEnvKeyName", + "value": "[ContainerToHostAddress|Fabric_NodelPOrFQDN]", + }, + { + "name": "ContainerToHostAddress", + "value": "", + }, + { + "name": "Fabric_NetworkingMode", + "value": ".+", + }, + { + "name": "azurecontainerinstance_restarted_by", + "value": ".+", + } + ] + command = ["/bin/sh", "-c", "until ./msiAtlasAdapter; do echo $? restarting; done"] self.assertEqual(image.base, "mcr.microsoft.com/aci/msi-atlas-adapter") self.assertIsNotNone(image) @@ -403,6 +405,7 @@ def test_debug_flags(self): self.assertTrue(expected_capability_dropping in policy) self.assertTrue(expected_unencrypted_scratch in policy) + class SidecarValidation(unittest.TestCase): custom_json = """ { @@ -474,9 +477,7 @@ def test_sidecar_stdio_access_default(self): self.aci_policy.get_serialized_output( output_type=OutputType.RAW, rego_boilerplate=False ) - )[0][ - config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_STDIO_ACCESS - ] + )[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_STDIO_ACCESS] ) def test_incorrect_sidecar(self): @@ -496,6 +497,7 @@ def test_incorrect_sidecar(self): self.assertEqual(diff, expected_diff) + class CustomJsonParsing(unittest.TestCase): def test_customized_workingdir(self): custom_json = """ @@ -630,11 +632,10 @@ def test_docker_pull(self): with load_policy_from_str(custom_json) as aci_policy: image = aci_policy.pull_image(aci_policy.get_images()[0]) self.assertIsNotNone(image.id) - print("image: ", image) self.assertEqual( image.id, - "sha256:187eae39ad949e24d9410fa5c4eab8cafba7edd4892211c1d710bdaf49265c37", + "sha256:e525c930fe751104ff24c356a7bcfad66ce4b92797780eb38dc2ff95d7a66fdc", ) def test_infrastructure_svn(self): @@ -729,15 +730,12 @@ def test_stdio_access_default(self): with load_policy_from_str(custom_json) as aci_policy: aci_policy.populate_policy_content_for_all_images() self.assertTrue( - json.loads( - aci_policy.get_serialized_output( - output_type=OutputType.RAW, rego_boilerplate=False + json.loads( + aci_policy.get_serialized_output( + output_type=OutputType.RAW, rego_boilerplate=False ) - )[0][ - config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_STDIO_ACCESS - ] - ) - + )[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_STDIO_ACCESS] + ) def test_stdio_access_updated(self): custom_json = """ @@ -757,14 +755,12 @@ def test_stdio_access_updated(self): aci_policy.populate_policy_content_for_all_images() self.assertFalse( - json.loads( - aci_policy.get_serialized_output( - output_type=OutputType.RAW, rego_boilerplate=False - ) - )[0][ - config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_STDIO_ACCESS - ] - ) + json.loads( + aci_policy.get_serialized_output( + output_type=OutputType.RAW, rego_boilerplate=False + ) + )[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_STDIO_ACCESS] + ) class CustomJsonParsingIncorrect(unittest.TestCase): @@ -955,5 +951,3 @@ def test_json_missing_command(self): with self.assertRaises(SystemExit) as exc_info: load_policy_from_str(custom_json) self.assertEqual(exc_info.exception.code, 1) - - diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_startup.py b/src/confcom/azext_confcom/tests/latest/test_confcom_startup.py index e54149547eb..761de8356a4 100644 --- a/src/confcom/azext_confcom/tests/latest/test_confcom_startup.py +++ b/src/confcom/azext_confcom/tests/latest/test_confcom_startup.py @@ -9,6 +9,7 @@ TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), "..")) + class InitialErrors(ScenarioTest): def test_invalid_output_flags(self): with self.assertRaises(SystemExit) as wrapped_exit: diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_tar.py b/src/confcom/azext_confcom/tests/latest/test_confcom_tar.py index 03693210f1d..9c0adfa49ba 100644 --- a/src/confcom/azext_confcom/tests/latest/test_confcom_tar.py +++ b/src/confcom/azext_confcom/tests/latest/test_confcom_tar.py @@ -19,6 +19,7 @@ import azext_confcom.config as config from azext_confcom.template_util import DockerClient + def create_tar_file(image_path: str) -> None: if not os.path.isfile(image_path): with DockerClient() as client: @@ -28,17 +29,18 @@ def create_tar_file(image_path: str) -> None: f.write(chunk) f.close() + def remove_tar_file(image_path: str) -> None: if os.path.isfile(image_path): os.remove(image_path) + class PolicyGeneratingArmParametersCleanRoomTarFile(unittest.TestCase): @classmethod def setUpClass(cls) -> None: path = os.path.dirname(__file__) cls.path = path - def test_arm_template_with_parameter_file_clean_room_tar(self): custom_arm_json_default_value = """ { @@ -174,7 +176,6 @@ def test_arm_template_with_parameter_file_clean_room_tar(self): custom_arm_json_default_value, "" )[0] - try: filename = os.path.join(self.path, "./nginx.tar") tar_mapping_file = {"nginx:1.22": filename} @@ -381,12 +382,11 @@ def test_arm_template_mixed_mode_tar(self): custom_arm_json_default_value, "" )[0] - filename = os.path.join(self.path, "./nginx2.tar") create_tar_file(filename) clean_room_image.populate_policy_content_for_all_images( tar_mapping=filename - ) + ) remove_tar_file(filename) regular_image_json = json.loads( regular_image.get_serialized_output(output_type=OutputType.RAW, rego_boilerplate=False) @@ -407,7 +407,6 @@ def test_arm_template_mixed_mode_tar(self): {}, ) - def test_arm_template_with_parameter_file_clean_room_tar_invalid(self): custom_arm_json_default_value = """ { diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_template_util.py b/src/confcom/azext_confcom/tests/latest/test_confcom_template_util.py index 50e76264104..4ead921535e 100644 --- a/src/confcom/azext_confcom/tests/latest/test_confcom_template_util.py +++ b/src/confcom/azext_confcom/tests/latest/test_confcom_template_util.py @@ -15,6 +15,7 @@ TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), "..")) + class TemplateUtil(unittest.TestCase): def test_case_insensitive_dict_get(self): test_dict = {"key1": "value1", "key2": "value2", "KEY3": "value3"} @@ -76,7 +77,7 @@ def test_extract_confidential_properties(self): "strategy": "string", }, { - "pattern": "((?i)FABRIC)_.+=.+", + "pattern": "(?i)(FABRIC)_.+=.+", "required": false, "strategy": "re2", }, diff --git a/src/confcom/samples/sample-policy-output.rego b/src/confcom/samples/sample-policy-output.rego index e4194593d72..4189f08ca99 100644 --- a/src/confcom/samples/sample-policy-output.rego +++ b/src/confcom/samples/sample-policy-output.rego @@ -9,15 +9,70 @@ framework_version := "0.2.3" fragments := [{ "feed": "mcr.microsoft.com/aci/aci-cc-infra-fragment", - "includes": ["containers"], + "includes": [ + "containers", + "fragments", + ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", "minimum_svn": "1", }] containers := [ { - "allow_elevated": true, + "allow_elevated": false, "allow_stdio_access": true, + "capabilities": { + "ambient": [], + "bounding": [ + "CAP_AUDIT_WRITE", + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_MKNOD", + "CAP_NET_BIND_SERVICE", + "CAP_NET_RAW", + "CAP_SETFCAP", + "CAP_SETGID", + "CAP_SETPCAP", + "CAP_SETUID", + "CAP_SYS_CHROOT", + ], + "effective": [ + "CAP_AUDIT_WRITE", + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_MKNOD", + "CAP_NET_BIND_SERVICE", + "CAP_NET_RAW", + "CAP_SETFCAP", + "CAP_SETGID", + "CAP_SETPCAP", + "CAP_SETUID", + "CAP_SYS_CHROOT", + ], + "inheritable": [], + "permitted": [ + "CAP_AUDIT_WRITE", + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_MKNOD", + "CAP_NET_BIND_SERVICE", + "CAP_NET_RAW", + "CAP_SETFCAP", + "CAP_SETGID", + "CAP_SETPCAP", + "CAP_SETUID", + "CAP_SYS_CHROOT", + ], + }, "command": ["bash"], "env_rules": [ { @@ -51,7 +106,7 @@ containers := [ "strategy": "string", }, { - "pattern": "((?i)FABRIC)_.+=.+", + "pattern": "(?i)(FABRIC)_.+=.+", "required": false, "strategy": "re2", }, @@ -128,12 +183,77 @@ containers := [ "type": "bind", }, ], + "no_new_privileges": false, + "seccomp_profile_sha256": "", "signals": [], + "user": { + "group_idnames": [{ + "pattern": "", + "strategy": "any", + }], + "umask": "0022", + "user_idname": { + "pattern": "", + "strategy": "any", + }, + }, "working_dir": "/", }, { "allow_elevated": false, "allow_stdio_access": true, + "capabilities": { + "ambient": [], + "bounding": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FSETID", + "CAP_FOWNER", + "CAP_MKNOD", + "CAP_NET_RAW", + "CAP_SETGID", + "CAP_SETUID", + "CAP_SETFCAP", + "CAP_SETPCAP", + "CAP_NET_BIND_SERVICE", + "CAP_SYS_CHROOT", + "CAP_KILL", + "CAP_AUDIT_WRITE", + ], + "effective": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FSETID", + "CAP_FOWNER", + "CAP_MKNOD", + "CAP_NET_RAW", + "CAP_SETGID", + "CAP_SETUID", + "CAP_SETFCAP", + "CAP_SETPCAP", + "CAP_NET_BIND_SERVICE", + "CAP_SYS_CHROOT", + "CAP_KILL", + "CAP_AUDIT_WRITE", + ], + "inheritable": [], + "permitted": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FSETID", + "CAP_FOWNER", + "CAP_MKNOD", + "CAP_NET_RAW", + "CAP_SETGID", + "CAP_SETUID", + "CAP_SETFCAP", + "CAP_SETPCAP", + "CAP_NET_BIND_SERVICE", + "CAP_SYS_CHROOT", + "CAP_KILL", + "CAP_AUDIT_WRITE", + ], + }, "command": ["/pause"], "env_rules": [ { @@ -150,7 +270,20 @@ containers := [ "exec_processes": [], "layers": ["16b514057a06ad665f92c02863aca074fd5976c755d26bff16365299169e8415"], "mounts": [], + "no_new_privileges": false, + "seccomp_profile_sha256": "", "signals": [], + "user": { + "group_idnames": [{ + "pattern": "", + "strategy": "any", + }], + "umask": "0022", + "user_idname": { + "pattern": "", + "strategy": "any", + }, + }, "working_dir": "/", }, ] @@ -165,6 +298,8 @@ allow_environment_variable_dropping := true allow_unencrypted_scratch := false +allow_capability_dropping := true + mount_device := data.framework.mount_device unmount_device := data.framework.unmount_device diff --git a/src/confcom/samples/sample-template-output.json b/src/confcom/samples/sample-template-output.json index 37dcaff3f87..d8c08b80364 100644 --- a/src/confcom/samples/sample-template-output.json +++ b/src/confcom/samples/sample-template-output.json @@ -13,7 +13,7 @@ "location": "[resourceGroup().location]", "properties": { "confidentialComputeProperties": { - "ccePolicy": "cGFja2FnZSBwb2xpY3kKCmltcG9ydCBmdXR1cmUua2V5d29yZHMuZXZlcnkKaW1wb3J0IGZ1dHVyZS5rZXl3b3Jkcy5pbgoKYXBpX3ZlcnNpb24gOj0gIjAuMTAuMCIKZnJhbWV3b3JrX3ZlcnNpb24gOj0gIjAuMi4zIgoKZnJhZ21lbnRzIDo9IFsKICB7CiAgICAiZmVlZCI6ICJtY3IubWljcm9zb2Z0LmNvbS9hY2kvYWNpLWNjLWluZnJhLWZyYWdtZW50IiwKICAgICJpbmNsdWRlcyI6IFsKICAgICAgImNvbnRhaW5lcnMiCiAgICBdLAogICAgImlzc3VlciI6ICJkaWQ6eDUwOTowOnNoYTI1NjpJX19pdUwyNW9YRVZGZFRQX2FCTHhfZVQxUlBIYkNRX0VDQlFmWVpwdDlzOjpla3U6MS4zLjYuMS40LjEuMzExLjc2LjU5LjEuMyIsCiAgICAibWluaW11bV9zdm4iOiAxCiAgfQpdCgpjb250YWluZXJzIDo9IFt7ImFsbG93X2VsZXZhdGVkIjp0cnVlLCJhbGxvd19zdGRpb19hY2Nlc3MiOnRydWUsImNvbW1hbmQiOlsiYmFzaCJdLCJlbnZfcnVsZXMiOlt7InBhdHRlcm4iOiJQQVRIPS9jdXN0b21pemVkL3BhdGgvdmFsdWUiLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5Ijoic3RyaW5nIn0seyJwYXR0ZXJuIjoiVEVTVF9SRUdFWFBfRU5WPXRlc3RfcmVnZXhwX2VudiIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJzdHJpbmcifSx7InBhdHRlcm4iOiJSVVNUVVBfSE9NRT0vdXNyL2xvY2FsL3J1c3R1cCIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJzdHJpbmcifSx7InBhdHRlcm4iOiJDQVJHT19IT01FPS91c3IvbG9jYWwvY2FyZ28iLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5Ijoic3RyaW5nIn0seyJwYXR0ZXJuIjoiUlVTVF9WRVJTSU9OPTEuNTIuMSIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJzdHJpbmcifSx7InBhdHRlcm4iOiJURVJNPXh0ZXJtIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InN0cmluZyJ9LHsicGF0dGVybiI6IigoP2kpRkFCUklDKV8uKz0uKyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJyZTIifSx7InBhdHRlcm4iOiJIT1NUTkFNRT0uKyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJyZTIifSx7InBhdHRlcm4iOiJUKEUpP01QPS4rIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InJlMiJ9LHsicGF0dGVybiI6IkZhYnJpY1BhY2thZ2VGaWxlTmFtZT0uKyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJyZTIifSx7InBhdHRlcm4iOiJIb3N0ZWRTZXJ2aWNlTmFtZT0uKyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJyZTIifSx7InBhdHRlcm4iOiJJREVOVElUWV9BUElfVkVSU0lPTj0uKyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJyZTIifSx7InBhdHRlcm4iOiJJREVOVElUWV9IRUFERVI9LisiLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5IjoicmUyIn0seyJwYXR0ZXJuIjoiSURFTlRJVFlfU0VSVkVSX1RIVU1CUFJJTlQ9LisiLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5IjoicmUyIn0seyJwYXR0ZXJuIjoiYXp1cmVjb250YWluZXJpbnN0YW5jZV9yZXN0YXJ0ZWRfYnk9LisiLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5IjoicmUyIn1dLCJleGVjX3Byb2Nlc3NlcyI6W10sImlkIjoicnVzdDoxLjUyLjEiLCJsYXllcnMiOlsiZmU4NGM5ZDViZmRkZDA3YTI2MjRkMDAzMzNjZjEzYzFhOWM5NDFmM2EyNjFmMTNlYWQ0NGZjNmE5M2JjMGU3YSIsIjRkZWRhZTQyODQ3YzcwNGRhODkxYTI4YzI1ZDMyMjAxYTFhZTQ0MGJjZTJhZWNjY2ZhOGU2ZjAzYjk3YTZhNmMiLCI0MWQ2NGNkZWIzNDdiZjIzNmI0YzEzYjc0MDNiNjMzZmYxMWYxY2Y5NGRiYzdjZjg4MWE0NGQ2ZGE4OGM1MTU2IiwiZWIzNjkyMWUxZjgyYWY0NmRmZTI0OGVmOGYxYjNhZmI2YTUyMzBhNjQxODFkOTYwZDEwMjM3YTA4Y2Q3M2M3OSIsImU3NjlkNzQ4N2NjMzE0ZDNlZTc0OGE0NDQwODA1MzE3YzE5MjYyYzdhY2QyZmRiZGIwZDQ3ZDJlNDYxM2ExNWMiLCIxYjgwZjEyMGRiZDg4ZTQzNTVkNjI0MWI1MTljM2UyNTI5MDIxNWM0Njk1MTZiNDlkZWNlOWNmMDcxNzVhNzY2Il0sIm1vdW50cyI6W3siZGVzdGluYXRpb24iOiIvbW91bnQvYXp1cmVmaWxlIiwib3B0aW9ucyI6WyJyYmluZCIsInJzaGFyZWQiLCJydyJdLCJzb3VyY2UiOiJzYW5kYm94Oi8vL3RtcC9hdGxhcy9henVyZUZpbGVWb2x1bWUvLisiLCJ0eXBlIjoiYmluZCJ9LHsiZGVzdGluYXRpb24iOiIvZXRjL3Jlc29sdi5jb25mIiwib3B0aW9ucyI6WyJyYmluZCIsInJzaGFyZWQiLCJydyJdLCJzb3VyY2UiOiJzYW5kYm94Oi8vL3RtcC9hdGxhcy9yZXNvbHZjb25mLy4rIiwidHlwZSI6ImJpbmQifV0sInNpZ25hbHMiOltdLCJ3b3JraW5nX2RpciI6Ii8ifSx7ImFsbG93X2VsZXZhdGVkIjpmYWxzZSwiYWxsb3dfc3RkaW9fYWNjZXNzIjp0cnVlLCJjb21tYW5kIjpbIi9wYXVzZSJdLCJlbnZfcnVsZXMiOlt7InBhdHRlcm4iOiJQQVRIPS91c3IvbG9jYWwvc2JpbjovdXNyL2xvY2FsL2JpbjovdXNyL3NiaW46L3Vzci9iaW46L3NiaW46L2JpbiIsInJlcXVpcmVkIjp0cnVlLCJzdHJhdGVneSI6InN0cmluZyJ9LHsicGF0dGVybiI6IlRFUk09eHRlcm0iLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5Ijoic3RyaW5nIn1dLCJleGVjX3Byb2Nlc3NlcyI6W10sImxheWVycyI6WyIxNmI1MTQwNTdhMDZhZDY2NWY5MmMwMjg2M2FjYTA3NGZkNTk3NmM3NTVkMjZiZmYxNjM2NTI5OTE2OWU4NDE1Il0sIm1vdW50cyI6W10sInNpZ25hbHMiOltdLCJ3b3JraW5nX2RpciI6Ii8ifV0KCmFsbG93X3Byb3BlcnRpZXNfYWNjZXNzIDo9IGZhbHNlCmFsbG93X2R1bXBfc3RhY2tzIDo9IGZhbHNlCmFsbG93X3J1bnRpbWVfbG9nZ2luZyA6PSBmYWxzZQphbGxvd19lbnZpcm9ubWVudF92YXJpYWJsZV9kcm9wcGluZyA6PSB0cnVlCmFsbG93X3VuZW5jcnlwdGVkX3NjcmF0Y2ggOj0gZmFsc2UKCgoKbW91bnRfZGV2aWNlIDo9IGRhdGEuZnJhbWV3b3JrLm1vdW50X2RldmljZQp1bm1vdW50X2RldmljZSA6PSBkYXRhLmZyYW1ld29yay51bm1vdW50X2RldmljZQptb3VudF9vdmVybGF5IDo9IGRhdGEuZnJhbWV3b3JrLm1vdW50X292ZXJsYXkKdW5tb3VudF9vdmVybGF5IDo9IGRhdGEuZnJhbWV3b3JrLnVubW91bnRfb3ZlcmxheQpjcmVhdGVfY29udGFpbmVyIDo9IGRhdGEuZnJhbWV3b3JrLmNyZWF0ZV9jb250YWluZXIKZXhlY19pbl9jb250YWluZXIgOj0gZGF0YS5mcmFtZXdvcmsuZXhlY19pbl9jb250YWluZXIKZXhlY19leHRlcm5hbCA6PSBkYXRhLmZyYW1ld29yay5leGVjX2V4dGVybmFsCnNodXRkb3duX2NvbnRhaW5lciA6PSBkYXRhLmZyYW1ld29yay5zaHV0ZG93bl9jb250YWluZXIKc2lnbmFsX2NvbnRhaW5lcl9wcm9jZXNzIDo9IGRhdGEuZnJhbWV3b3JrLnNpZ25hbF9jb250YWluZXJfcHJvY2VzcwpwbGFuOV9tb3VudCA6PSBkYXRhLmZyYW1ld29yay5wbGFuOV9tb3VudApwbGFuOV91bm1vdW50IDo9IGRhdGEuZnJhbWV3b3JrLnBsYW45X3VubW91bnQKZ2V0X3Byb3BlcnRpZXMgOj0gZGF0YS5mcmFtZXdvcmsuZ2V0X3Byb3BlcnRpZXMKZHVtcF9zdGFja3MgOj0gZGF0YS5mcmFtZXdvcmsuZHVtcF9zdGFja3MKcnVudGltZV9sb2dnaW5nIDo9IGRhdGEuZnJhbWV3b3JrLnJ1bnRpbWVfbG9nZ2luZwpsb2FkX2ZyYWdtZW50IDo9IGRhdGEuZnJhbWV3b3JrLmxvYWRfZnJhZ21lbnQKc2NyYXRjaF9tb3VudCA6PSBkYXRhLmZyYW1ld29yay5zY3JhdGNoX21vdW50CnNjcmF0Y2hfdW5tb3VudCA6PSBkYXRhLmZyYW1ld29yay5zY3JhdGNoX3VubW91bnQKCnJlYXNvbiA6PSB7ImVycm9ycyI6IGRhdGEuZnJhbWV3b3JrLmVycm9yc30=" + "ccePolicy": "cGFja2FnZSBwb2xpY3kKCmltcG9ydCBmdXR1cmUua2V5d29yZHMuZXZlcnkKaW1wb3J0IGZ1dHVyZS5rZXl3b3Jkcy5pbgoKYXBpX3ZlcnNpb24gOj0gIjAuMTAuMCIKZnJhbWV3b3JrX3ZlcnNpb24gOj0gIjAuMi4zIgoKZnJhZ21lbnRzIDo9IFsKICB7CiAgICAiZmVlZCI6ICJtY3IubWljcm9zb2Z0LmNvbS9hY2kvYWNpLWNjLWluZnJhLWZyYWdtZW50IiwKICAgICJpbmNsdWRlcyI6IFsKICAgICAgImNvbnRhaW5lcnMiLAogICAgICAiZnJhZ21lbnRzIgogICAgXSwKICAgICJpc3N1ZXIiOiAiZGlkOng1MDk6MDpzaGEyNTY6SV9faXVMMjVvWEVWRmRUUF9hQkx4X2VUMVJQSGJDUV9FQ0JRZllacHQ5czo6ZWt1OjEuMy42LjEuNC4xLjMxMS43Ni41OS4xLjMiLAogICAgIm1pbmltdW1fc3ZuIjogIjEiCiAgfQpdCgpjb250YWluZXJzIDo9IFt7ImFsbG93X2VsZXZhdGVkIjpmYWxzZSwiYWxsb3dfc3RkaW9fYWNjZXNzIjp0cnVlLCJjYXBhYmlsaXRpZXMiOnsiYW1iaWVudCI6W10sImJvdW5kaW5nIjpbIkNBUF9BVURJVF9XUklURSIsIkNBUF9DSE9XTiIsIkNBUF9EQUNfT1ZFUlJJREUiLCJDQVBfRk9XTkVSIiwiQ0FQX0ZTRVRJRCIsIkNBUF9LSUxMIiwiQ0FQX01LTk9EIiwiQ0FQX05FVF9CSU5EX1NFUlZJQ0UiLCJDQVBfTkVUX1JBVyIsIkNBUF9TRVRGQ0FQIiwiQ0FQX1NFVEdJRCIsIkNBUF9TRVRQQ0FQIiwiQ0FQX1NFVFVJRCIsIkNBUF9TWVNfQ0hST09UIl0sImVmZmVjdGl2ZSI6WyJDQVBfQVVESVRfV1JJVEUiLCJDQVBfQ0hPV04iLCJDQVBfREFDX09WRVJSSURFIiwiQ0FQX0ZPV05FUiIsIkNBUF9GU0VUSUQiLCJDQVBfS0lMTCIsIkNBUF9NS05PRCIsIkNBUF9ORVRfQklORF9TRVJWSUNFIiwiQ0FQX05FVF9SQVciLCJDQVBfU0VURkNBUCIsIkNBUF9TRVRHSUQiLCJDQVBfU0VUUENBUCIsIkNBUF9TRVRVSUQiLCJDQVBfU1lTX0NIUk9PVCJdLCJpbmhlcml0YWJsZSI6W10sInBlcm1pdHRlZCI6WyJDQVBfQVVESVRfV1JJVEUiLCJDQVBfQ0hPV04iLCJDQVBfREFDX09WRVJSSURFIiwiQ0FQX0ZPV05FUiIsIkNBUF9GU0VUSUQiLCJDQVBfS0lMTCIsIkNBUF9NS05PRCIsIkNBUF9ORVRfQklORF9TRVJWSUNFIiwiQ0FQX05FVF9SQVciLCJDQVBfU0VURkNBUCIsIkNBUF9TRVRHSUQiLCJDQVBfU0VUUENBUCIsIkNBUF9TRVRVSUQiLCJDQVBfU1lTX0NIUk9PVCJdfSwiY29tbWFuZCI6WyJiYXNoIl0sImVudl9ydWxlcyI6W3sicGF0dGVybiI6IlBBVEg9L2N1c3RvbWl6ZWQvcGF0aC92YWx1ZSIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJzdHJpbmcifSx7InBhdHRlcm4iOiJURVNUX1JFR0VYUF9FTlY9dGVzdF9yZWdleHBfZW52IiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InN0cmluZyJ9LHsicGF0dGVybiI6IlJVU1RVUF9IT01FPS91c3IvbG9jYWwvcnVzdHVwIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InN0cmluZyJ9LHsicGF0dGVybiI6IkNBUkdPX0hPTUU9L3Vzci9sb2NhbC9jYXJnbyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJzdHJpbmcifSx7InBhdHRlcm4iOiJSVVNUX1ZFUlNJT049MS41Mi4xIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InN0cmluZyJ9LHsicGF0dGVybiI6IlRFUk09eHRlcm0iLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5Ijoic3RyaW5nIn0seyJwYXR0ZXJuIjoiKD9pKShGQUJSSUMpXy4rPS4rIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InJlMiJ9LHsicGF0dGVybiI6IkhPU1ROQU1FPS4rIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InJlMiJ9LHsicGF0dGVybiI6IlQoRSk/TVA9LisiLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5IjoicmUyIn0seyJwYXR0ZXJuIjoiRmFicmljUGFja2FnZUZpbGVOYW1lPS4rIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InJlMiJ9LHsicGF0dGVybiI6Ikhvc3RlZFNlcnZpY2VOYW1lPS4rIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InJlMiJ9LHsicGF0dGVybiI6IklERU5USVRZX0FQSV9WRVJTSU9OPS4rIiwicmVxdWlyZWQiOmZhbHNlLCJzdHJhdGVneSI6InJlMiJ9LHsicGF0dGVybiI6IklERU5USVRZX0hFQURFUj0uKyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJyZTIifSx7InBhdHRlcm4iOiJJREVOVElUWV9TRVJWRVJfVEhVTUJQUklOVD0uKyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJyZTIifSx7InBhdHRlcm4iOiJhenVyZWNvbnRhaW5lcmluc3RhbmNlX3Jlc3RhcnRlZF9ieT0uKyIsInJlcXVpcmVkIjpmYWxzZSwic3RyYXRlZ3kiOiJyZTIifV0sImV4ZWNfcHJvY2Vzc2VzIjpbXSwiaWQiOiJydXN0OjEuNTIuMSIsImxheWVycyI6WyJmZTg0YzlkNWJmZGRkMDdhMjYyNGQwMDMzM2NmMTNjMWE5Yzk0MWYzYTI2MWYxM2VhZDQ0ZmM2YTkzYmMwZTdhIiwiNGRlZGFlNDI4NDdjNzA0ZGE4OTFhMjhjMjVkMzIyMDFhMWFlNDQwYmNlMmFlY2NjZmE4ZTZmMDNiOTdhNmE2YyIsIjQxZDY0Y2RlYjM0N2JmMjM2YjRjMTNiNzQwM2I2MzNmZjExZjFjZjk0ZGJjN2NmODgxYTQ0ZDZkYTg4YzUxNTYiLCJlYjM2OTIxZTFmODJhZjQ2ZGZlMjQ4ZWY4ZjFiM2FmYjZhNTIzMGE2NDE4MWQ5NjBkMTAyMzdhMDhjZDczYzc5IiwiZTc2OWQ3NDg3Y2MzMTRkM2VlNzQ4YTQ0NDA4MDUzMTdjMTkyNjJjN2FjZDJmZGJkYjBkNDdkMmU0NjEzYTE1YyIsIjFiODBmMTIwZGJkODhlNDM1NWQ2MjQxYjUxOWMzZTI1MjkwMjE1YzQ2OTUxNmI0OWRlY2U5Y2YwNzE3NWE3NjYiXSwibW91bnRzIjpbeyJkZXN0aW5hdGlvbiI6Ii9tb3VudC9henVyZWZpbGUiLCJvcHRpb25zIjpbInJiaW5kIiwicnNoYXJlZCIsInJ3Il0sInNvdXJjZSI6InNhbmRib3g6Ly8vdG1wL2F0bGFzL2F6dXJlRmlsZVZvbHVtZS8uKyIsInR5cGUiOiJiaW5kIn0seyJkZXN0aW5hdGlvbiI6Ii9ldGMvcmVzb2x2LmNvbmYiLCJvcHRpb25zIjpbInJiaW5kIiwicnNoYXJlZCIsInJ3Il0sInNvdXJjZSI6InNhbmRib3g6Ly8vdG1wL2F0bGFzL3Jlc29sdmNvbmYvLisiLCJ0eXBlIjoiYmluZCJ9XSwibm9fbmV3X3ByaXZpbGVnZXMiOmZhbHNlLCJzZWNjb21wX3Byb2ZpbGVfc2hhMjU2IjoiIiwic2lnbmFscyI6W10sInVzZXIiOnsiZ3JvdXBfaWRuYW1lcyI6W3sicGF0dGVybiI6IiIsInN0cmF0ZWd5IjoiYW55In1dLCJ1bWFzayI6IjAwMjIiLCJ1c2VyX2lkbmFtZSI6eyJwYXR0ZXJuIjoiIiwic3RyYXRlZ3kiOiJhbnkifX0sIndvcmtpbmdfZGlyIjoiLyJ9LHsiYWxsb3dfZWxldmF0ZWQiOmZhbHNlLCJhbGxvd19zdGRpb19hY2Nlc3MiOnRydWUsImNhcGFiaWxpdGllcyI6eyJhbWJpZW50IjpbXSwiYm91bmRpbmciOlsiQ0FQX0NIT1dOIiwiQ0FQX0RBQ19PVkVSUklERSIsIkNBUF9GU0VUSUQiLCJDQVBfRk9XTkVSIiwiQ0FQX01LTk9EIiwiQ0FQX05FVF9SQVciLCJDQVBfU0VUR0lEIiwiQ0FQX1NFVFVJRCIsIkNBUF9TRVRGQ0FQIiwiQ0FQX1NFVFBDQVAiLCJDQVBfTkVUX0JJTkRfU0VSVklDRSIsIkNBUF9TWVNfQ0hST09UIiwiQ0FQX0tJTEwiLCJDQVBfQVVESVRfV1JJVEUiXSwiZWZmZWN0aXZlIjpbIkNBUF9DSE9XTiIsIkNBUF9EQUNfT1ZFUlJJREUiLCJDQVBfRlNFVElEIiwiQ0FQX0ZPV05FUiIsIkNBUF9NS05PRCIsIkNBUF9ORVRfUkFXIiwiQ0FQX1NFVEdJRCIsIkNBUF9TRVRVSUQiLCJDQVBfU0VURkNBUCIsIkNBUF9TRVRQQ0FQIiwiQ0FQX05FVF9CSU5EX1NFUlZJQ0UiLCJDQVBfU1lTX0NIUk9PVCIsIkNBUF9LSUxMIiwiQ0FQX0FVRElUX1dSSVRFIl0sImluaGVyaXRhYmxlIjpbXSwicGVybWl0dGVkIjpbIkNBUF9DSE9XTiIsIkNBUF9EQUNfT1ZFUlJJREUiLCJDQVBfRlNFVElEIiwiQ0FQX0ZPV05FUiIsIkNBUF9NS05PRCIsIkNBUF9ORVRfUkFXIiwiQ0FQX1NFVEdJRCIsIkNBUF9TRVRVSUQiLCJDQVBfU0VURkNBUCIsIkNBUF9TRVRQQ0FQIiwiQ0FQX05FVF9CSU5EX1NFUlZJQ0UiLCJDQVBfU1lTX0NIUk9PVCIsIkNBUF9LSUxMIiwiQ0FQX0FVRElUX1dSSVRFIl19LCJjb21tYW5kIjpbIi9wYXVzZSJdLCJlbnZfcnVsZXMiOlt7InBhdHRlcm4iOiJQQVRIPS91c3IvbG9jYWwvc2JpbjovdXNyL2xvY2FsL2JpbjovdXNyL3NiaW46L3Vzci9iaW46L3NiaW46L2JpbiIsInJlcXVpcmVkIjp0cnVlLCJzdHJhdGVneSI6InN0cmluZyJ9LHsicGF0dGVybiI6IlRFUk09eHRlcm0iLCJyZXF1aXJlZCI6ZmFsc2UsInN0cmF0ZWd5Ijoic3RyaW5nIn1dLCJleGVjX3Byb2Nlc3NlcyI6W10sImxheWVycyI6WyIxNmI1MTQwNTdhMDZhZDY2NWY5MmMwMjg2M2FjYTA3NGZkNTk3NmM3NTVkMjZiZmYxNjM2NTI5OTE2OWU4NDE1Il0sIm1vdW50cyI6W10sIm5vX25ld19wcml2aWxlZ2VzIjpmYWxzZSwic2VjY29tcF9wcm9maWxlX3NoYTI1NiI6IiIsInNpZ25hbHMiOltdLCJ1c2VyIjp7Imdyb3VwX2lkbmFtZXMiOlt7InBhdHRlcm4iOiIiLCJzdHJhdGVneSI6ImFueSJ9XSwidW1hc2siOiIwMDIyIiwidXNlcl9pZG5hbWUiOnsicGF0dGVybiI6IiIsInN0cmF0ZWd5IjoiYW55In19LCJ3b3JraW5nX2RpciI6Ii8ifV0KCmFsbG93X3Byb3BlcnRpZXNfYWNjZXNzIDo9IHRydWUKYWxsb3dfZHVtcF9zdGFja3MgOj0gZmFsc2UKYWxsb3dfcnVudGltZV9sb2dnaW5nIDo9IGZhbHNlCmFsbG93X2Vudmlyb25tZW50X3ZhcmlhYmxlX2Ryb3BwaW5nIDo9IHRydWUKYWxsb3dfdW5lbmNyeXB0ZWRfc2NyYXRjaCA6PSBmYWxzZQphbGxvd19jYXBhYmlsaXR5X2Ryb3BwaW5nIDo9IHRydWUKCm1vdW50X2RldmljZSA6PSBkYXRhLmZyYW1ld29yay5tb3VudF9kZXZpY2UKdW5tb3VudF9kZXZpY2UgOj0gZGF0YS5mcmFtZXdvcmsudW5tb3VudF9kZXZpY2UKbW91bnRfb3ZlcmxheSA6PSBkYXRhLmZyYW1ld29yay5tb3VudF9vdmVybGF5CnVubW91bnRfb3ZlcmxheSA6PSBkYXRhLmZyYW1ld29yay51bm1vdW50X292ZXJsYXkKY3JlYXRlX2NvbnRhaW5lciA6PSBkYXRhLmZyYW1ld29yay5jcmVhdGVfY29udGFpbmVyCmV4ZWNfaW5fY29udGFpbmVyIDo9IGRhdGEuZnJhbWV3b3JrLmV4ZWNfaW5fY29udGFpbmVyCmV4ZWNfZXh0ZXJuYWwgOj0gZGF0YS5mcmFtZXdvcmsuZXhlY19leHRlcm5hbApzaHV0ZG93bl9jb250YWluZXIgOj0gZGF0YS5mcmFtZXdvcmsuc2h1dGRvd25fY29udGFpbmVyCnNpZ25hbF9jb250YWluZXJfcHJvY2VzcyA6PSBkYXRhLmZyYW1ld29yay5zaWduYWxfY29udGFpbmVyX3Byb2Nlc3MKcGxhbjlfbW91bnQgOj0gZGF0YS5mcmFtZXdvcmsucGxhbjlfbW91bnQKcGxhbjlfdW5tb3VudCA6PSBkYXRhLmZyYW1ld29yay5wbGFuOV91bm1vdW50CmdldF9wcm9wZXJ0aWVzIDo9IGRhdGEuZnJhbWV3b3JrLmdldF9wcm9wZXJ0aWVzCmR1bXBfc3RhY2tzIDo9IGRhdGEuZnJhbWV3b3JrLmR1bXBfc3RhY2tzCnJ1bnRpbWVfbG9nZ2luZyA6PSBkYXRhLmZyYW1ld29yay5ydW50aW1lX2xvZ2dpbmcKbG9hZF9mcmFnbWVudCA6PSBkYXRhLmZyYW1ld29yay5sb2FkX2ZyYWdtZW50CnNjcmF0Y2hfbW91bnQgOj0gZGF0YS5mcmFtZXdvcmsuc2NyYXRjaF9tb3VudApzY3JhdGNoX3VubW91bnQgOj0gZGF0YS5mcmFtZXdvcmsuc2NyYXRjaF91bm1vdW50CgpyZWFzb24gOj0geyJlcnJvcnMiOiBkYXRhLmZyYW1ld29yay5lcnJvcnN9" }, "containers": [ { diff --git a/src/confcom/setup.py b/src/confcom/setup.py index 0cf1c6d6d99..0806c17c810 100644 --- a/src/confcom/setup.py +++ b/src/confcom/setup.py @@ -18,7 +18,7 @@ logger.warn("Wheel is not available, disabling bdist_wheel hook") -VERSION = "0.3.1" +VERSION = "0.3.2" # The full list of classifiers is available at # https://pypi.python.org/pypi?%3Aaction=list_classifiers