[confcom] Windows support for the tooling (#9783)

* Support windows platform images

* Pull specific versions of integrity-vhd instead of latest

* Set version to be wcow

* Make version compliant

* Make the policy windows shaped

* Support --debug-mode

* Make lib a module

* Only add platform flag on windows

* Use updated integrity-vhd for fixed C-WCOW policy gen

* Support windows images also in the new "containers from_image" command

* [confcom]: acipolicygen: Fix missing platform field in generated policy config for vn2

* Update tooling to consume json

* Bump framework version for windows

* Update dll requirements

And add a fix to framework for rw_mount

* Bump confcom version 2.0.0 and pick v2.0 dmverity-vhd release

* [confcom] Update policy api version for "new style" command too

* [confcom] Make the to-be-released version 2.0.0b1 instead of an actual 2.0.0

Suggested-by: Ken Gordon <kegordo@microsoft.com>

* Update azext_confcom/data/README

* Update all sample policies to the new api version and add the rw_mount_device enforcement point

This fixes unit tests

* Remove misleading comment

This is not, in fact, where parameters and variables are populated. That happens
in the constructor for AciPolicy.

* [confcom] Fix trying to fetch image with a name containing unresolved parameters/variables

* [confcom] Fix lint errors

* [confcom] Add --platform commandline option

* [confcom] fix Virtual Node bug

* [confcom] Derive image platform and add --platform validation

* [confcom] update help text and README

* [confcom] Do not use inspect, just use image pull

* [confcom] Address copilot reviews

* [confcom] regenerate golden policies

---------

Co-authored-by: Dominic Ayre <dominicayre@microsoft.com>
Co-authored-by: Dominic Ayre <domayre@outlook.com>
Co-authored-by: Tingmao Wang <tingmaowang@microsoft.com>

Author: 3 people

src/confcom/HISTORY.rst

@@ -3,6 +3,11 @@
 Release History
 ===============
 
+2.0.0b1
++++++++
+* Add Windows container support with CIM-based layer hashing
+* Support for mounted_cim field in security policies for Windows containers
+
 1.8.0
 +++++
 * Ensure that fragments are attached to the correct manifest for a multiarch image.

src/confcom/README.md

@@ -29,6 +29,9 @@
     ```
 
   - Windows: [Docker Desktop](https://www.docker.com/products/docker-desktop) and [WSL2](https://docs.microsoft.com/en-us/windows/wsl/install)
+- **CimWriter.dll** (Windows only, for Windows container support)
+  - Required for generating security policies for Windows containers
+  - Windows Server 2025 or newer is recommended for deterministic hash generation
 
 ## Installation Instructions (End User)
 
@@ -57,6 +60,21 @@ The `confcom` extension does not currently support:
 - Variables and Parameters with non-primitive data types e.g. objects and arrays
 - Nested and Linked ARM Templates
 
+## Platform Support (Linux and Windows Policies)
+
+The `--platform` parameter controls whether policies are generated for Linux (`linux/amd64`, the default) or Windows (`windows/amd64`) containers.
+
+**Docker Desktop must be running in the matching container mode** to produce correct layer hashes:
+
+| Policy Target | Docker Container Mode | Where to Run |
+|---|---|---|
+| Linux (`--platform linux/amd64`) | Linux containers | WSL or PowerShell |
+| Windows (`--platform windows/amd64`) | Windows containers | PowerShell only |
+
+- **Windows policies cannot be generated from WSL**, because Windows layer hashing (CIMfs) requires Windows APIs.
+- **Linux policies can be generated from either WSL or PowerShell**, as long as Docker Desktop is in Linux containers mode.
+- Running with the wrong Docker container mode may produce **incorrect layer hashes** that will cause the container to be rejected at runtime.
+
 ## Trademarks
 
 This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft

src/confcom/azext_confcom/README.md

@@ -399,7 +399,7 @@ package policy
 import future.keywords.every
 import future.keywords.in
 
-api_version := "0.10.0"
+api_version := "0.11.0"
 framework_version := "0.1.0"
 
 fragments := [...]
@@ -432,6 +432,7 @@ runtime_logging := data.framework.runtime_logging
 load_fragment := data.framework.load_fragment
 scratch_mount := data.framework.scratch_mount
 scratch_unmount := data.framework.scratch_unmount
+rw_mount_device := data.framework.rw_mount_device
 
 reason := {"errors": data.framework.errors}
 ```

src/confcom/azext_confcom/_help.py

@@ -105,6 +105,10 @@
           type: boolean
           short-summary: 'When enabled, the default fragments are not included in the generated policy. This includes containers needed to mount azure files, mount secrets, mount git repos, and other common ACI features'
 
+        - name: --platform
+          type: string
+          short-summary: 'Target platform for policy generation (linux/amd64 or windows/amd64). Defaults to linux/amd64. Docker Desktop must be running in the matching container mode to produce correct layer hashes.'
+
     examples:
         - name: Input an ARM Template file to inject a base64 encoded Confidential Container Security Policy into the ARM Template
           text: az confcom acipolicygen --template-file "./template.json"
@@ -116,6 +120,8 @@
           text: az confcom acipolicygen --template-file "./template.json" --tar "./image.tar"
         - name: Input an ARM Template file and use a fragments JSON file to generate a policy
           text: az confcom acipolicygen --template-file "./template.json" --fragments-json "./fragments.json" --include-fragments
+        - name: Generate a Windows container policy (requires Docker Desktop in Windows containers mode)
+          text: az confcom acipolicygen --template-file "./template.json" --platform windows/amd64 --outraw-pretty-print
 """
 
 helps[
@@ -340,7 +346,7 @@
     parameters:
         - name: --platform
           type: str
-          short-summary: 'The name of the platform the container definition will run on'
+          short-summary: 'The name of the platform the container definition will run on. Must be either "aci" or "vn2".'
 
 
     examples:

src/confcom/azext_confcom/_params.py

@@ -114,6 +114,17 @@ def load_arguments(self, _):
             help="Image Name",
             validator=validate_aci_source
         )
+        c.argument(
+            "platform",
+            options_list=("--platform",),
+            required=False,
+            default="linux/amd64",
+            help="Target platform for policy generation. Defaults to linux/amd64. "
+                 "Note: Docker Desktop must be running in the matching container mode "
+                 "(Linux containers for linux/amd64, Windows containers for windows/amd64) "
+                 "to produce correct layer hashes.",
+            choices=["linux/amd64", "windows/amd64"],
+        )
         c.argument(
             "tar_mapping_location",
             options_list=("--tar",),

src/confcom/azext_confcom/azext_metadata.json

@@ -1,3 +1,4 @@
 {
-    "azext.minCliCoreVersion": "2.26.2"
-}
+    "azext.minCliCoreVersion": "2.26.2",
+    "azext.isPreview": true
+}

src/confcom/azext_confcom/command/containers_from_image.py

@@ -8,5 +8,5 @@
 from azext_confcom.lib.containers import from_image as lib_containers_from_image
 
 
-def containers_from_image(image: str, platform: str) -> None:
-    print(json.dumps(lib_containers_from_image(image, platform)))
+def containers_from_image(image: str, aci_or_vn2: str) -> None:
+    print(json.dumps(lib_containers_from_image(image, aci_or_vn2)))

src/confcom/azext_confcom/command/containers_from_vn2.py

@@ -192,7 +192,7 @@ def containers_from_vn2(
 
     container_defs = []
     for template_container, template_doc in template_containers:
-        image_container_def = container_from_image(template_container.get("image"), platform="vn2")
+        image_container_def = container_from_image(template_container.get("image"), aci_or_vn2="vn2")
 
         template_container_def = {
             "name": template_container.get("name"),

src/confcom/azext_confcom/config.py

@@ -127,6 +127,7 @@
 POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE = "pattern"
 POLICY_FIELD_CONTAINERS_ELEMENTS_REQUIRED = "required"
 POLICY_FIELD_CONTAINERS_ELEMENTS_LAYERS = "layers"
+POLICY_FIELD_CONTAINERS_ELEMENTS_MOUNTED_CIM = "mounted_cim"
 POLICY_FIELD_CONTAINERS_ELEMENTS_WORKINGDIR = "working_dir"
 POLICY_FIELD_CONTAINERS_ELEMENTS_MOUNTS = "mounts"
 POLICY_FIELD_CONTAINERS_ELEMENTS_MOUNTS_SOURCE = "source"
@@ -211,6 +212,7 @@
 DEFAULT_REGO_FRAGMENTS = _config["default_rego_fragments"]
 # things that need to be set for debug mode
 DEBUG_MODE_SETTINGS = _config["debugMode"]
+DEBUG_MODE_SETTINGS_WINDOWS = _config["debugModeWindows"]
 # reserved fragment names for existing pieces of Rego
 RESERVED_FRAGMENT_NAMES = _config["reserved_fragment_namespaces"]
 # fragment artifact type
@@ -227,6 +229,7 @@
 }
 """
 CUSTOMER_REGO_POLICY = load_str_from_file(REGO_FILE_PATH)
+CUSTOMER_REGO_POLICY_WINDOWS = load_str_from_file(f"{script_directory}/data/customer_rego_policy_windows.txt")
 CUSTOMER_REGO_FRAGMENT = load_str_from_file(REGO_FRAGMENT_FILE_PATH)
 # sidecar rego file
 SIDECAR_REGO_FILE = "./data/sidecar_rego_policy.txt"

src/confcom/azext_confcom/container.py

@@ -563,6 +563,7 @@ def from_json(
             mounts=mounts,
             allow_elevated=allow_elevated,
             extraEnvironmentRules=[],
+            platform=container_json.get("platform", "linux/amd64"),
             execProcesses=exec_processes,
             signals=signals,
             user=user,
@@ -583,6 +584,7 @@ def __init__(
         allow_elevated: bool,
         id_val: str,
         extraEnvironmentRules: Dict,
+        platform: str = "linux/amd64",
         entrypoint: List[str] = None,
         capabilities: Dict = copy.deepcopy(_CAPABILITIES),
         user: Dict = copy.deepcopy(_DEFAULT_USER),
@@ -604,6 +606,7 @@ def __init__(
         self._command = command
         self._workingDir = workingDir
         self._layers = []
+        self._mounted_cim = []
         self._mounts = mounts
         self._allow_elevated = allow_elevated
         self._allow_stdio_access = allowStdioAccess
@@ -615,6 +618,7 @@ def __init__(
         self._exec_processes = execProcesses or []
         self._signals = signals or []
         self._extraEnvironmentRules = extraEnvironmentRules
+        self._platform = platform
 
     def get_policy_json(self, omit_id: bool = False) -> str:
         return self._populate_policy_json_elements(omit_id=omit_id)
@@ -658,6 +662,12 @@ def get_layers(self) -> List[str]:
     def set_layers(self, layers: List[str]) -> None:
         self._layers = layers
 
+    def get_mounted_cim(self) -> List[str]:
+        return self._mounted_cim
+
+    def set_mounted_cim(self, mounted_cim: List[str]) -> None:
+        self._mounted_cim = mounted_cim
+
     def get_user(self) -> Dict:
         return self._user
 
@@ -764,16 +774,27 @@ def _populate_policy_json_elements(self, omit_id: bool = False) -> Dict[str, Any
             config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS: self._get_environment_rules(),
             config.POLICY_FIELD_CONTAINERS_ELEMENTS_WORKINGDIR: self._workingDir,
             config.POLICY_FIELD_CONTAINERS_ELEMENTS_MOUNTS: self._get_mounts_json(),
-            config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_ELEVATED: self._allow_elevated,
             config.POLICY_FIELD_CONTAINERS_ELEMENTS_EXEC_PROCESSES: self._exec_processes,
             config.POLICY_FIELD_CONTAINERS_ELEMENTS_SIGNAL_CONTAINER_PROCESSES: self._signals,
-            config.POLICY_FIELD_CONTAINERS_ELEMENTS_USER: self.get_user(),
-            config.POLICY_FIELD_CONTAINERS_ELEMENTS_CAPABILITIES: self._capabilities,
-            config.POLICY_FIELD_CONTAINERS_ELEMENTS_SECCOMP_PROFILE_SHA256: self._seccomp_profile_sha256,
             config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_STDIO_ACCESS: self._allow_stdio_access,
-            config.POLICY_FIELD_CONTAINERS_ELEMENTS_NO_NEW_PRIVILEGES: not self._allow_privilege_escalation
         }
 
+        if self._platform.startswith("linux"):
+            elements.update({
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_CAPABILITIES: self._capabilities,
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_SECCOMP_PROFILE_SHA256: self._seccomp_profile_sha256,
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_USER: self.get_user(),
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_ALLOW_ELEVATED: self._allow_elevated,
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_NO_NEW_PRIVILEGES: not self._allow_privilege_escalation,
+            })
+        elif self._platform.startswith("windows"):
+            elements.update({
+                config.POLICY_FIELD_CONTAINERS_ELEMENTS_USER: self.get_user()["user_idname"]["pattern"],
+            })
+            # Add mounted_cim for Windows if present
+            if self._mounted_cim:
+                elements[config.POLICY_FIELD_CONTAINERS_ELEMENTS_MOUNTED_CIM] = self._mounted_cim
+
         if not omit_id:
             elements[config.POLICY_FIELD_CONTAINERS_ID] = self._identifier
         # if we are omitting the id, we should remove the id value from the policy if it's in the name field
@@ -793,13 +814,17 @@ def from_json(
         image.__class__ = UserContainerImage
         # inject default mounts for user container
         if (image.base not in config.BASELINE_SIDECAR_CONTAINERS) and (not is_vn2):
-            image.get_mounts().extend(_DEFAULT_MOUNTS)
+            if container_json.get("platform", "linux/amd64").startswith("linux"):
+                image.get_mounts().extend(_DEFAULT_MOUNTS)
 
         if (image.base not in config.BASELINE_SIDECAR_CONTAINERS) and (is_vn2):
             image.get_mounts().extend(_DEFAULT_MOUNTS_VN2)
 
         # Start with the customer environment rules
-        env_rules = copy.deepcopy(_INJECTED_CUSTOMER_ENV_RULES)
+        env_rules = (
+            copy.deepcopy(_INJECTED_CUSTOMER_ENV_RULES)
+            if container_json.get("platform", "linux/amd64").startswith("linux") else []
+        )
         # If is_vn2, add the VN2 environment rules
         if is_vn2:
             env_rules += _INJECTED_SERVICE_VN2_ENV_RULES