[confcom] updating history version

src/confcom/HISTORY.rst

@@ -2,76 +2,97 @@
 
 Release History
 ===============
+
+0.2.17
+++++++
+* updating dmverity-vhd version to allow for larger images with better memory efficiency
+
 0.2.16
+++++++
 * adding stop signals as a field that is picked up from image manifest and placed into policy
 * updating --print-existing-policy to print the whole policy
 * refactoring tests to be more portable across releases
 
 0.2.15
+++++++
 * updating dmverity-vhd interface to be more flexible with output formats
 * bugfix for --print-existing-policy flag with parameter values
 
 0.2.14
+++++++
 * changing the name of api_svn and framework_svn to api_version and framework_version
 * changing fragment versions to an integer instead of semver
 * bugfix for allowing 32bit python on a 64bit OS
 
 0.2.13
+++++++
 * fixing bug where you could not pull by sha value if a tag was not specified
 * fixing error message when attempting to use sha value with tar files
 * making image caching template-wide instead of container group-wide
 
 0.2.12
+++++++
 * adding ability for mixed-mode OCI image pulling, e.g. using tar files and remote registries in the same template
 * adding option to use allow-all regex for environment variables
 * tar file bug fixes
 
 0.2.11
+++++++
 * bug fix for clean room scenario where non-existent docker client connection attempted to be closed
 * adding ability for ARM Template workflows to use regex for environment variables
 * fixing linux permissions for dmverity-vhd tool
 
 0.2.10
+++++++
 * dmverity-vhd tool fixes
 * changing startup checks to errors rather than warnings
 * can specify image name in arm template by its SHA256 hash
 * disabling stdio in pause container
 * adding another README.md with omre descriptive information
 
 0.2.9
+++++++
 * adding support for exec_processes for non-arm template input
 * adding --disable-stdio flag to disable stdio for containers
 * changing print behavior by not needing both --print-policy in conjunction with --outraw or --outraw-pretty-print
 * adding flag for --print-existing-policy that decodes and pretty prints the base64 encoded policy in the ARM template
 
 0.2.8
+++++++
 * adding secureValue as a valid input for environment variables
 
 0.2.7
+++++++
 * adding default mounts field for sidecars
 
 0.2.6
+++++++
 * updating secretSource mount source to "plan9://" and adding vkMetrics and scKubeProxy to sidecar list
 
 0.2.5
+++++++
 * removing default mounts and updating mount type to "bind"
 
 0.2.4
+++++++
 * updating sidecar package name and svn
 
 0.2.3
+++++++
 * added ability to use tarball as input for layer hashes and container manifests
 * added initContainers as container source in ARM Template
 * update dealing with liveness and readiness probes
 * update
 
 0.2.2
+++++++
 * added pause container to customer container groups
 * added caching for dm-verity calculation when using the same image multiple times in a container group
 * added new rego variables
 * made injecting security policies into ARM template the default behavior
 
 0.2.1
+++++++
 * update rego format
 * allow users to update the infrastructure fragment minimum svn value from command line arguments
 * add check for arm64 architecture
@@ -81,16 +102,19 @@ Release History
 * add ability to inject policy into ARM template
 
 0.2.0
+++++++
 * update to remove hardcoded side-cars
 * update to create CCE Policy with ARM Template
 * update to make rego the default output format
 
 0.1.2
+++++++
 * update for enable restart field
 
 0.1.1
+++++++
 * update for private preview
 
 0.1.0
 ++++++
-* Initial release.
+* Initial release.

src/confcom/azext_confcom/data/internal_config.json

@@ -1,5 +1,5 @@
 {
-    "version": "0.2.16",
+    "version": "0.2.17",
     "hcsshim_config": {
         "maxVersion": "1.0.0",
         "minVersion": "0.0.1"

src/confcom/azext_confcom/template_util.py

@@ -29,6 +29,9 @@ class DockerClient:
     def __init__(self) -> None:
         self._client = None
 
+    def __enter__(self) -> docker.DockerClient:
+        return self.get_client()
+
     def get_client(self) -> docker.DockerClient:
         if not self._client:
             self._client = docker.from_env()

src/confcom/azext_confcom/tests/latest/README.md

@@ -31,17 +31,17 @@ test_arm_template_with_parameter_file | mcr.microsoft.com/azure-functions/python
 test_arm_template_with_parameter_file_injected_env_vars | mcr.microsoft.com/azure-functions/python:4-python3.8 | See if env vars from the image are injected into the policy. Also make sure the `concat` function in ARM template won't break the CLI if it's not in a required spot like image name
 test_arm_template_with_parameter_file_arm_config | mcr.microsoft.com/azure-functions/python:4-python3.8 | Test valid case of using a parameter file with JSON output instead of Rego
 test_arm_template_with_parameter_file_clean_room | mcr.microsoft.com/azure-functions/node:4 | Test clean room case where image specified does not exist remotely but does locally
-test_policy_diff | rust:1.52.1 | See if the diff functionality outputs `True` when diffs match completely
-test_incorrect_policy_diff | rust:1.52.1 | Check output formatting and functionality of diff command
+test_policy_diff | alpine:3.16 | See if the diff functionality outputs `True` when diffs match completely
+test_incorrect_policy_diff | alpine:3.16 | Check output formatting and functionality of diff command
 test_update_infrastructure_svn | python:3.6.14-slim-buster | Change the minimum SVN for the insfrastructure fragment
-test_multiple_policies | python:3.6.14-slim-buster & rust:1.52.1 | See if two unique policies are generated from a single ARM Template container multiple container groups. Also have an extra resource that is untouched. Also has a secureValue for an environment variable.
-test_arm_template_with_init_container | python:3.6.14-slim-buster & rust:1.52.1 | See if having an initContainer is picked up and added to the list of valid containers
-test_arm_template_without_stdio_access | rust:1.52.1 | See if disabling container stdio access gets passed down to individual containers
-test_arm_template_allow_elevated_false | rust:1.52.1 | Disabling allow_elevated via securityContext
+test_multiple_policies | python:3.6.14-slim-buster & alpine:3.16 | See if two unique policies are generated from a single ARM Template container multiple container groups. Also have an extra resource that is untouched. Also has a secureValue for an environment variable.
+test_arm_template_with_init_container | python:3.6.14-slim-buster & alpine:3.16 | See if having an initContainer is picked up and added to the list of valid containers
+test_arm_template_without_stdio_access | alpine:3.16 | See if disabling container stdio access gets passed down to individual containers
+test_arm_template_allow_elevated_false | alpine:3.16 | Disabling allow_elevated via securityContext
 test_arm_template_policy_regex | python:3.6.14-slim-buster | Make sure the regex generated from the ARM Template workflow matches that of the policy.json workflow
 test_wildcard_env_var | python:3.6.14-slim-buster | Check that an "allow all" regex is created when a value for env var is not provided via a parameter value
 test_wildcard_env_var_invalid | N/A | Make sure the process errors out if a value is not given for an env var or an undefined parameter is used for the name of an env var
-test_arm_template_with_env_var | rust:1.52.1 | Make sure that a value that looks similar to but is not an ARM parameter is treated as a string
+test_arm_template_with_env_var | alpine:3.16 | Make sure that a value that looks similar to but is not an ARM parameter is treated as a string
 test_arm_template_security_context_defaults | N/A | Make sure default values for securityContext are correct
 test_arm_template_security_context_allow_privilege_escalation | N/A | See if changing the allowPrivilegeEscalation flag is working
 test_arm_template_security_context_user | N/A | Set the user field manually to make sure it is reflected in the policy
@@ -64,7 +64,7 @@ It is still used for generating sidecar CCE Policies.
 
 Test Name | Image Used | Purpose
 ---|---|---
-test_user_container_customized_mounts | rust:1.52.1 | See if mounts are translated correctly to the appropriate source and destination locations
+test_user_container_customized_mounts | alpine:3.16 | See if mounts are translated correctly to the appropriate source and destination locations
 test_user_container_mount_injected_dns | python:3.6.14-slim-buster | See if the resolvconf mount works properly
 test_injected_sidecar_container_msi | mcr.microsoft.com/aci/msi-atlas-adapter:master_20201203.1 | Make sure User mounts and env vars aren't added to sidecar containers, using JSON output format
 test_debug_flags | python:3.6.14-slim-buster | Enable flags set via debug_mode
@@ -74,17 +74,17 @@ test_incorrect_sidecar | mcr.microsoft.com/aci/msi-atlas-adapter:master_20201210
 test_customized_workingdir | python:3.6.14-slim-buster | Using different working dir than specified in image metadata
 test_allow_elevated | python:3.6.14-slim-buster | Using allow_elevated in container
 test_image_layers_python | python:3.6.14-slim-buster | Make sure image layers are as expected
-test_image_layers_rust | rust:1.52.1 | Make sure image layers are as expected with different image
-test_docker_pull | rust:1.52.1 | Test pulling an image from docker client
-test_infrastructure_svn | rust:1.52.1 | make sure the correct infrastructure_svn is present in the policy
+test_image_layers_nginx | nginx:1.22 | Make sure image layers are as expected with different image
+test_docker_pull | alpine:3.16 | Test pulling an image from docker client
+test_infrastructure_svn | alpine:3.16 | make sure the correct infrastructure_svn is present in the policy
 test_stdio_access_default | python:3.6.14-slim-buster | Checking the default value for std I/O access
 test_stdio_access_updated | python:3.6.14-slim-buster | Checking the value for std I/O when it's set
 test_environment_variables_parsing | mcr.microsoft.com/azuredocs/aci-dataprocessing-cc:v1 | Make sure env vars are output in the right format
 test_get_layers_from_not_exists_image | notexists:1.0.0 | Fail out grabbing layers if image doesn't exist
-test_incorrect_allow_elevated_data_type | rust:1.52.1 | Making allow_elevated fail out if it's not a boolean
-test_incorrect_workingdir_path | rust:1.52.1 | Fail if working dir isn't an absolute path string
-test_incorrect_workingdir_data_type | rust:1.52.1 | Fail if working dir is an array
-test_incorrect_command_data_type | rust:1.52.1 | Fail if command is not array of strings
+test_incorrect_allow_elevated_data_type | alpine:3.16 | Making allow_elevated fail out if it's not a boolean
+test_incorrect_workingdir_path | alpine:3.16 | Fail if working dir isn't an absolute path string
+test_incorrect_workingdir_data_type | alpine:3.16 | Fail if working dir is an array
+test_incorrect_command_data_type | alpine:3.16 | Fail if command is not array of strings
 test_json_missing_containers | N/A | Fail if containers are not specified
 test_json_missing_version | mcr.microsoft.com/azuredocs/aci-dataprocessing-cc:v1 | Fail if version is not included in policy.json
 test_json_missing_containerImage | N/A | Fail if container doesn't have an image specified