[confcom] getting rid of dependencies, updating dmverity interface (#…

…6315) * making rootfs proxy work with upcoming dmverity changes * getting rid of pydash * making printing existing policy work if container group name is empty * updating version number * adding comments
Azure · May 24, 2023 · b4c9e4c · b4c9e4c
1 parent 943c159
commit b4c9e4c
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 20 deletions.
diff --git a/src/confcom/HISTORY.rst b/src/confcom/HISTORY.rst
@@ -2,6 +2,10 @@
 
 Release History
 ===============
+0.2.15
+* updating dmverity-vhd interface to be more flexible with output formats
+* bugfix for --print-existing-policy flag with parameter values
+
 0.2.14
 * changing the name of api_svn and framework_svn to api_version and framework_version
 * changing fragment versions to an integer instead of semver

diff --git a/src/confcom/azext_confcom/data/internal_config.json b/src/confcom/azext_confcom/data/internal_config.json
@@ -1,5 +1,5 @@
 {
-    "version": "0.2.14",
+    "version": "0.2.15",
     "hcsshim_config": {
         "maxVersion": "1.0.0",
         "minVersion": "0.0.1"

diff --git a/src/confcom/azext_confcom/rootfs_proxy.py b/src/confcom/azext_confcom/rootfs_proxy.py
@@ -121,9 +121,8 @@ def get_policy_image_layers(
         if outputlines is None:
             eprint("Null pointer detected.")
         elif len(outputlines) > 0:
-            output = outputlines.decode("utf8").rstrip("\n").split("\n")
-            output = [output[j * 2 + 1] for j in range(len(output) // 2)]
-            output = [i.rstrip("\n").split(": ", 1)[1] for i in output]
+            output = outputlines.decode("utf8").strip("\n").split("\n")
+            output = [i.split(": ", 1)[1] for i in output if len(i.split(": ", 1)) > 1]
         else:
             eprint(
                 "Cannot get layer hashes"

diff --git a/src/confcom/azext_confcom/template_util.py b/src/confcom/azext_confcom/template_util.py
@@ -12,7 +12,6 @@
 import deepdiff
 import yaml
 import docker
-import pydash
 from azext_confcom.errors import (
     eprint,
 )
@@ -775,7 +774,9 @@ def get_container_group_name(
             if case_insensitive_dict_get(all_params, key):
                 all_params[key]["value"] = case_insensitive_dict_get(
                     case_insensitive_dict_get(input_parameter_values_json, key), "value"
-                ) or case_insensitive_dict_get(
+                ) if case_insensitive_dict_get(
+                    case_insensitive_dict_get(input_parameter_values_json, key), "value"
+                ) is not None else case_insensitive_dict_get(
                     case_insensitive_dict_get(input_parameter_values_json, key),
                     "secureValue",
                 )
@@ -789,8 +790,7 @@ def get_container_group_name(
         eprint(
             f'Field ["{config.ACI_FIELD_TEMPLATE_PARAMETERS}"] is empty or cannot be found in Parameter file'
         )
-    # TODO: replace this with doing param replacement as-needed
-    arm_json = parse_template(all_params, all_vars, arm_json)
+
     # find the image names and extract them from the template
     arm_resources = case_insensitive_dict_get(arm_json, config.ACI_FIELD_RESOURCES)
 
@@ -809,6 +809,7 @@ def get_container_group_name(
         )
 
     resource = aci_list[count]
+    resource = replace_params_and_vars(all_params, all_vars, resource)
     container_group_name = case_insensitive_dict_get(resource, config.ACI_FIELD_RESOURCES_NAME)
     return container_group_name
 
@@ -819,7 +820,8 @@ def print_existing_policy_from_arm_template(arm_template_path, parameter_data_pa
     input_arm_json = os_util.load_json_from_file(arm_template_path)
     parameter_data = None
     if parameter_data_path:
-        parameter_data = os_util.load_json_from_file(arm_template_path)
+        parameter_data = os_util.load_json_from_file(parameter_data_path)
+
     # find the image names and extract them from the template
     arm_resources = case_insensitive_dict_get(
         input_arm_json, config.ACI_FIELD_RESOURCES
@@ -852,26 +854,41 @@ def print_existing_policy_from_arm_template(arm_template_path, parameter_data_pa
 
 
 def process_seccomp_policy(policy2):
+
+    # helper function to add fields to a dictionary if they don't exist
+    def defaults(obj, default):
+        for key in default:
+            obj.setdefault(key, default[key])
+        return obj
+
+    # helper function to pick fields from a dictionary
+    def pick(obj, *keys):
+        result = {}
+        for key in keys:
+            if key in obj:
+                result[key] = obj[key]
+        return result
+
     policy = json.loads(policy2)
-    policy = pydash.defaults(policy, {'defaultAction': ""})
-    policy = pydash.pick(policy, 'defaultAction', 'defaultErrnoRet', 'architectures',
-                         'flags', 'listenerPath', 'listenerMetadata', 'syscalls')
+    policy = defaults(policy, {'defaultAction': ""})
+    policy = pick(policy, 'defaultAction', 'defaultErrnoRet', 'architectures',
+                  'flags', 'listenerPath', 'listenerMetadata', 'syscalls')
     if 'syscalls' in policy:
         syscalls = policy['syscalls']
         temp_syscalls = []
         for s in syscalls:
             syscall = s
-            syscall = pydash.defaults(syscall, {'names': [], 'action': ""})
-            syscall = pydash.pick(syscall, 'names', 'action', 'errnoRet', 'args')
+            syscall = defaults(syscall, {'names': [], 'action': ""})
+            syscall = pick(syscall, 'names', 'action', 'errnoRet', 'args')
 
             if 'args' in syscall:
                 temp_args = []
                 args = syscall['args']
 
                 for j in args:
                     arg = j
-                    arg = pydash.defaults(arg, {'value': 0, 'op': "", 'index': 0})
-                    arg = pydash.pick(arg, 'index', 'value', 'valueTwo', 'op')
+                    arg = defaults(arg, {'value': 0, 'op': "", 'index': 0})
+                    arg = pick(arg, 'index', 'value', 'valueTwo', 'op')
                     temp_args.append(arg)
                 syscall['args'] = temp_args
             temp_syscalls.append(syscall)

diff --git a/src/confcom/requirements.txt b/src/confcom/requirements.txt
@@ -1,5 +1,4 @@
 docker
 tqdm
 azure-devtools
-deepdiff
-pydash
+deepdiff
diff --git a/src/confcom/setup.py b/src/confcom/setup.py
@@ -17,7 +17,7 @@
 
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
 
-VERSION = "0.2.14"
+VERSION = "0.2.15"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers
@@ -35,7 +35,7 @@
     "License :: OSI Approved :: MIT License",
 ]
 
-DEPENDENCIES = ["docker", "tqdm", "deepdiff", "pydash"]
+DEPENDENCIES = ["docker", "tqdm", "deepdiff"]
 
 SecurityPolicyProxy.download_binaries()