Skip to content

Commit 1cc8cd0

Browse files
committed
[confcom] Address copilot reviews
1 parent f3e726c commit 1cc8cd0

File tree

3 files changed

+17
-6
lines changed

3 files changed

+17
-6
lines changed

src/confcom/HISTORY.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Release History
44
===============
55

66
2.0.0b1
7-
+++++
7+
+++++++
88
* Add Windows container support with CIM-based layer hashing
99
* Support for mounted_cim field in security policies for Windows containers
1010

src/confcom/azext_confcom/container.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -563,7 +563,7 @@ def from_json(
563563
mounts=mounts,
564564
allow_elevated=allow_elevated,
565565
extraEnvironmentRules=[],
566-
platform=container_json["platform"],
566+
platform=container_json.get("platform", "linux/amd64"),
567567
execProcesses=exec_processes,
568568
signals=signals,
569569
user=user,
@@ -814,7 +814,7 @@ def from_json(
814814
image.__class__ = UserContainerImage
815815
# inject default mounts for user container
816816
if (image.base not in config.BASELINE_SIDECAR_CONTAINERS) and (not is_vn2):
817-
if container_json["platform"].startswith("linux"):
817+
if container_json.get("platform", "linux/amd64").startswith("linux"):
818818
image.get_mounts().extend(_DEFAULT_MOUNTS)
819819

820820
if (image.base not in config.BASELINE_SIDECAR_CONTAINERS) and (is_vn2):
@@ -823,7 +823,7 @@ def from_json(
823823
# Start with the customer environment rules
824824
env_rules = (
825825
copy.deepcopy(_INJECTED_CUSTOMER_ENV_RULES)
826-
if container_json["platform"].startswith("linux") else []
826+
if container_json.get("platform", "linux/amd64").startswith("linux") else []
827827
)
828828
# If is_vn2, add the VN2 environment rules
829829
if is_vn2:

src/confcom/azext_confcom/security_policy.py

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -149,8 +149,11 @@ def __init__(
149149
image_platform = c.get("platform", "linux/amd64")
150150
if self._platform is None:
151151
self._platform = image_platform
152-
else:
153-
assert self._platform == image_platform, "All images must have the same platform"
152+
elif self._platform != image_platform:
153+
eprint(
154+
f'All images must have the same platform. '
155+
f'Found "{image_platform}" but expected "{self._platform}".'
156+
)
154157

155158
if not is_sidecar(c[config.POLICY_FIELD_CONTAINERS_ID]):
156159
container_image = UserContainerImage.from_json(c, is_vn2=is_vn2)
@@ -250,6 +253,8 @@ def _add_rego_boilerplate(self, output: str) -> str:
250253
pretty_print_func(self._allow_runtime_logging),
251254
pretty_print_func(self._allow_environment_variable_dropping),
252255
)
256+
eprint(f'Unsupported platform: "{self._platform}". '
257+
f'Supported platforms are linux/amd64 and windows/amd64.')
253258

254259
def validate_cce_policy(self) -> Tuple[bool, Dict]:
255260
"""Utility method: check to see if the existing policy
@@ -716,6 +721,12 @@ def validate_image_platform(image_name: str, platform: str) -> None:
716721
f'"{platform}": {e}'
717722
)
718723

724+
if image is None:
725+
eprint(
726+
f'Image "{image_name}" could not be retrieved for platform validation.'
727+
)
728+
return
729+
719730
detected = f"{image.attrs.get('Os')}/{image.attrs.get('Architecture')}"
720731
if detected != platform:
721732
eprint(

0 commit comments

Comments
 (0)