updating method to get hcsshim files and updating cli version number

src/confcom/HISTORY.rst

@@ -2,6 +2,11 @@
 
 Release History
 ===============
+0.2.13
+* adding parsing of container security context field in ARM template
+* changing hardcoded API_SVN and FRAMEWORK_SVN to get values from HCSSHIM repo
+* bumping HCSSHIM version
+
 0.2.12
 * adding ability for mixed-mode OCI image pulling, e.g. using tar files and remote registries in the same template
 * adding option to use allow-all regex for environment variables

src/confcom/azext_confcom/config.py

@@ -132,5 +132,13 @@
 SIDECAR_REGO_FILE = "./data/sidecar_rego_policy.txt"
 SIDECAR_REGO_FILE_PATH = f"{script_directory}/{SIDECAR_REGO_FILE}"
 SIDECAR_REGO_POLICY = os_util.load_str_from_file(SIDECAR_REGO_FILE_PATH)
+# framework svn file
+SVN_FRAMEWORK_FILE = "./data/svn_framework"
+SVN_FRAMEWORK_PATH = f"{script_directory}/{SVN_FRAMEWORK_FILE}"
+SVN_FRAMEWORK_VERSION = os_util.load_str_from_file(SVN_FRAMEWORK_PATH)
+# api svn file
+SVN_API_FILE = "./data/svn_api"
+SVN_API_PATH = f"{script_directory}/{SVN_API_FILE}"
+SVN_API_VERSION = os_util.load_str_from_file(SVN_API_PATH)
 # default containers to be added to all container groups
 DEFAULT_CONTAINERS = _config["default_containers"]

src/confcom/azext_confcom/data/customer_rego_policy.txt

@@ -3,8 +3,8 @@ package policy
 import future.keywords.every
 import future.keywords.in
 
-api_svn := "0.10.0"
-framework_svn := "0.1.0"
+api_svn := %s
+framework_svn := %s
 
 fragments := %s
 

src/confcom/azext_confcom/data/internal_config.json

@@ -1,5 +1,5 @@
 {
-    "version": "0.2.12",
+    "version": "0.2.13",
     "hcsshim_config": {
         "maxVersion": "1.0.0",
         "minVersion": "0.0.1"

src/confcom/azext_confcom/data/sidecar_rego_policy.txt

@@ -1,7 +1,7 @@
 package microsoftcontainerinstance
 
 svn := "1.0.0"
-api_svn := "0.10.0"
-framework_svn := "0.1.0"
+api_svn := %s
+framework_svn := %s
 
 containers := %s

src/confcom/azext_confcom/security_policy.py

@@ -63,6 +63,8 @@ def __init__(
         self._disable_stdio = disable_stdio
         self._fragments = rego_fragments
         self._existing_fragments = existing_rego_fragments
+        self._svn_api = config.SVN_API_VERSION
+        self._svn_framework = config.SVN_FRAMEWORK_VERSION
         if debug_mode:
             self._allow_properties_access = config.DEBUG_MODE_SETTINGS.get(
                 "allowPropertiesAccess"
@@ -175,8 +177,14 @@ def _add_rego_boilerplate(self, output: str) -> str:
 
         # determine if we're outputting for a sidecar or not
         if self._images[0].get_id() and is_sidecar(self._images[0].get_id()):
-            return config.SIDECAR_REGO_POLICY % (output)
+            return config.SIDECAR_REGO_POLICY % (
+                pretty_print_func(self._svn_api),
+                pretty_print_func(self._svn_framework),
+                output
+            )
         return config.CUSTOMER_REGO_POLICY % (
+            pretty_print_func(self._svn_api),
+            pretty_print_func(self._svn_framework),
             pretty_print_func(self._fragments),
             output,
             pretty_print_func(self._allow_properties_access),

src/confcom/setup.py

@@ -19,9 +19,7 @@
 
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
 
-# TODO: Confirm this is the right version number you want and it matches your
-# HISTORY.rst entry.
-VERSION = "0.2.12"
+VERSION = "0.2.13"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers
@@ -43,21 +41,58 @@
 
 dir_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "azext_confcom")
 
-bin_folder = dir_path + "/bin"
+bin_folder = dir_path + "/bin/"
 if not os.path.exists(bin_folder):
     os.makedirs(bin_folder)
 
-exe_path = dir_path + "/bin/dmverity-vhd.exe"
-if not os.path.exists(exe_path):
-    r = requests.get("https://github.com/microsoft/hcsshim/releases/download/v0.10.0-rc.6/dmverity-vhd.exe")
-    with open(exe_path, "wb") as f:
-        f.write(r.content)
+data_folder = dir_path + "/data/"
+if not os.path.exists(data_folder):
+    os.makedirs(data_folder)
 
-bin_path = dir_path + "/bin/dmverity-vhd"
-if not os.path.exists(bin_path):
-    r = requests.get("https://github.com/microsoft/hcsshim/releases/download/v0.10.0-rc.6/dmverity-vhd")
-    with open(bin_path, "wb") as f:
-        f.write(r.content)
+# get the most recent release artifacts from github
+r = requests.get("https://api.github.com/repos/microsoft/hcsshim/releases")
+# list the artifacts from each release
+bin_flag = False
+exe_flag = False
+svn_flag = False
+for release in r.json():
+    # these should be newest to oldest
+    for asset in release["assets"]:
+        # download the file if it contains dmverity-vhd
+        if "dmverity-vhd" in asset["name"]:
+            if "exe" in asset["name"]:
+                exe_flag = True
+            else:
+                bin_flag = True
+            # get the download url for the dmverity-vhd file
+            exe_url = asset["browser_download_url"]
+            # download the file
+            r = requests.get(exe_url)
+            # save the file to the bin folder
+            with open(bin_folder + asset["name"], "wb") as f:
+                f.write(r.content)
+        elif bin_flag and exe_flag and "tar.gz" in asset["name"]:
+            svn_flag = True
+            # get the download url for the dmverity-vhd file
+            exe_url = asset["browser_download_url"]
+            # update the url to get framework svn file
+            exe_url.replace(".tar.gz", "pkg/securitypolicy/svn_framework")
+            # download the file
+            r = requests.get(exe_url)
+            # save the file to the data folder
+            with open(data_folder + "svn_framework", "w") as f:
+                f.write(r.content)
+            # update the url to get api svn file
+            exe_url.replace("framework", "api")
+            # download the file
+            r = requests.get(exe_url)
+            # save the file to the data folder
+            with open(data_folder + "svn_api", "w") as f:
+                f.write(r.content)
+
+    # break out of the loop if we have both files
+    if bin_flag and exe_flag and svn_flag:
+        break
 
 with open("README.md", "r", encoding="utf-8") as f:
     README = f.read()