From e23561ebefe1d1ad2fd158442fe194077ef5b41e Mon Sep 17 00:00:00 2001 From: Dominic Ayre Date: Sat, 27 Sep 2025 14:22:03 +0000 Subject: [PATCH] Fix merge conflict between new tests and default min svn bump --- src/confcom/samples/aci/command/policy.rego | 2 +- .../samples/aci/command/policy_debug.rego | 2 +- .../aci/command/policy_disable_stdio.rego | 2 +- .../samples/aci/command/policy_fragment.rego | 2 +- .../aci/conflicting_variables/policy.rego | 2 +- .../conflicting_variables/policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- .../aci/container_group_profiles/policy.rego | 2 +- .../policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- .../samples/aci/default_variables/policy.rego | 2 +- .../aci/default_variables/policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../default_variables/policy_fragment.rego | 2 +- .../default_variables_override/policy.rego | 2 +- .../policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- .../aci/environment_variables/policy.rego | 2 +- .../environment_variables/policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- src/confcom/samples/aci/minimal/policy.rego | 2 +- .../samples/aci/minimal/policy_debug.rego | 2 +- .../aci/minimal/policy_disable_stdio.rego | 2 +- .../samples/aci/minimal/policy_fragment.rego | 2 +- .../aci/multi_container_groups/policy.rego | 4 +- .../multi_container_groups/policy_debug.rego | 4 +- .../policy_disable_stdio.rego | 4 +- .../samples/aci/multi_containers/policy.rego | 2 +- .../aci/multi_containers/policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../aci/multi_containers/policy_fragment.rego | 2 +- .../policy.rego | 2 +- .../policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- .../policy.rego | 2 +- .../policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- .../policy.rego | 2 +- .../policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- .../security_context_run_as_group/policy.rego | 2 +- .../policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- .../security_context_run_as_user/policy.rego | 2 +- .../policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../policy_fragment.rego | 2 +- src/confcom/samples/aci/variables/policy.rego | 2 +- .../samples/aci/variables/policy_debug.rego | 2 +- .../aci/variables/policy_disable_stdio.rego | 2 +- .../aci/variables/policy_fragment.rego | 2 +- .../aci/volume_mount_secret/policy.rego | 2 +- .../aci/volume_mount_secret/policy_debug.rego | 2 +- .../policy_disable_stdio.rego | 2 +- .../volume_mount_secret/policy_fragment.rego | 2 +- .../samples/aci/volume_mounts/policy.rego | 2 +- .../aci/volume_mounts/policy_debug.rego | 2 +- .../volume_mounts/policy_disable_stdio.rego | 2 +- .../aci/volume_mounts/policy_fragment.rego | 2 +- src/confcom/samples/fragments/fragment.rego | 191 +----------------- .../samples/fragments/fragment.rego.cose | Bin 8975 -> 7184 bytes 69 files changed, 72 insertions(+), 259 deletions(-) diff --git a/src/confcom/samples/aci/command/policy.rego b/src/confcom/samples/aci/command/policy.rego index 0ac22ef29d6..0a8288ed727 100644 --- a/src/confcom/samples/aci/command/policy.rego +++ b/src/confcom/samples/aci/command/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/command/policy_debug.rego b/src/confcom/samples/aci/command/policy_debug.rego index cbe8596bf74..5726d4f6d31 100644 --- a/src/confcom/samples/aci/command/policy_debug.rego +++ b/src/confcom/samples/aci/command/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/command/policy_disable_stdio.rego b/src/confcom/samples/aci/command/policy_disable_stdio.rego index 59e364df781..c93faa1ea15 100644 --- a/src/confcom/samples/aci/command/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/command/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/command/policy_fragment.rego b/src/confcom/samples/aci/command/policy_fragment.rego index f6b9b7c5508..70e92051fb0 100644 --- a/src/confcom/samples/aci/command/policy_fragment.rego +++ b/src/confcom/samples/aci/command/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/conflicting_variables/policy.rego b/src/confcom/samples/aci/conflicting_variables/policy.rego index c26263c6ad4..2564d1f4d7d 100644 --- a/src/confcom/samples/aci/conflicting_variables/policy.rego +++ b/src/confcom/samples/aci/conflicting_variables/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/conflicting_variables/policy_debug.rego b/src/confcom/samples/aci/conflicting_variables/policy_debug.rego index a928561ed0c..37ecc10f214 100644 --- a/src/confcom/samples/aci/conflicting_variables/policy_debug.rego +++ b/src/confcom/samples/aci/conflicting_variables/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/conflicting_variables/policy_disable_stdio.rego b/src/confcom/samples/aci/conflicting_variables/policy_disable_stdio.rego index 97bd7e09205..9177bee6ae8 100644 --- a/src/confcom/samples/aci/conflicting_variables/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/conflicting_variables/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/conflicting_variables/policy_fragment.rego b/src/confcom/samples/aci/conflicting_variables/policy_fragment.rego index 7084aab34f5..da895107e92 100644 --- a/src/confcom/samples/aci/conflicting_variables/policy_fragment.rego +++ b/src/confcom/samples/aci/conflicting_variables/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/container_group_profiles/policy.rego b/src/confcom/samples/aci/container_group_profiles/policy.rego index 54041c457f3..721ef3581f3 100644 --- a/src/confcom/samples/aci/container_group_profiles/policy.rego +++ b/src/confcom/samples/aci/container_group_profiles/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/container_group_profiles/policy_debug.rego b/src/confcom/samples/aci/container_group_profiles/policy_debug.rego index 2fe79cc3aa8..f33fa7b46c8 100644 --- a/src/confcom/samples/aci/container_group_profiles/policy_debug.rego +++ b/src/confcom/samples/aci/container_group_profiles/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/container_group_profiles/policy_disable_stdio.rego b/src/confcom/samples/aci/container_group_profiles/policy_disable_stdio.rego index 2eca9f7c45e..d4f5c46ce0c 100644 --- a/src/confcom/samples/aci/container_group_profiles/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/container_group_profiles/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/container_group_profiles/policy_fragment.rego b/src/confcom/samples/aci/container_group_profiles/policy_fragment.rego index 0b8d0c95bde..d9ea7a4f5a6 100644 --- a/src/confcom/samples/aci/container_group_profiles/policy_fragment.rego +++ b/src/confcom/samples/aci/container_group_profiles/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/default_variables/policy.rego b/src/confcom/samples/aci/default_variables/policy.rego index 54041c457f3..721ef3581f3 100644 --- a/src/confcom/samples/aci/default_variables/policy.rego +++ b/src/confcom/samples/aci/default_variables/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/default_variables/policy_debug.rego b/src/confcom/samples/aci/default_variables/policy_debug.rego index 2fe79cc3aa8..f33fa7b46c8 100644 --- a/src/confcom/samples/aci/default_variables/policy_debug.rego +++ b/src/confcom/samples/aci/default_variables/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/default_variables/policy_disable_stdio.rego b/src/confcom/samples/aci/default_variables/policy_disable_stdio.rego index 2eca9f7c45e..d4f5c46ce0c 100644 --- a/src/confcom/samples/aci/default_variables/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/default_variables/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/default_variables/policy_fragment.rego b/src/confcom/samples/aci/default_variables/policy_fragment.rego index 0b8d0c95bde..d9ea7a4f5a6 100644 --- a/src/confcom/samples/aci/default_variables/policy_fragment.rego +++ b/src/confcom/samples/aci/default_variables/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/default_variables_override/policy.rego b/src/confcom/samples/aci/default_variables_override/policy.rego index c26263c6ad4..2564d1f4d7d 100644 --- a/src/confcom/samples/aci/default_variables_override/policy.rego +++ b/src/confcom/samples/aci/default_variables_override/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/default_variables_override/policy_debug.rego b/src/confcom/samples/aci/default_variables_override/policy_debug.rego index a928561ed0c..37ecc10f214 100644 --- a/src/confcom/samples/aci/default_variables_override/policy_debug.rego +++ b/src/confcom/samples/aci/default_variables_override/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/default_variables_override/policy_disable_stdio.rego b/src/confcom/samples/aci/default_variables_override/policy_disable_stdio.rego index 97bd7e09205..9177bee6ae8 100644 --- a/src/confcom/samples/aci/default_variables_override/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/default_variables_override/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/default_variables_override/policy_fragment.rego b/src/confcom/samples/aci/default_variables_override/policy_fragment.rego index 7084aab34f5..da895107e92 100644 --- a/src/confcom/samples/aci/default_variables_override/policy_fragment.rego +++ b/src/confcom/samples/aci/default_variables_override/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/environment_variables/policy.rego b/src/confcom/samples/aci/environment_variables/policy.rego index 9fbd44fb847..6966ac35d00 100644 --- a/src/confcom/samples/aci/environment_variables/policy.rego +++ b/src/confcom/samples/aci/environment_variables/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/environment_variables/policy_debug.rego b/src/confcom/samples/aci/environment_variables/policy_debug.rego index 5b576350f14..79a435f36ef 100644 --- a/src/confcom/samples/aci/environment_variables/policy_debug.rego +++ b/src/confcom/samples/aci/environment_variables/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/environment_variables/policy_disable_stdio.rego b/src/confcom/samples/aci/environment_variables/policy_disable_stdio.rego index e605639b95b..1b3bf3399eb 100644 --- a/src/confcom/samples/aci/environment_variables/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/environment_variables/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/environment_variables/policy_fragment.rego b/src/confcom/samples/aci/environment_variables/policy_fragment.rego index a85279359a7..f3c958b6d44 100644 --- a/src/confcom/samples/aci/environment_variables/policy_fragment.rego +++ b/src/confcom/samples/aci/environment_variables/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/minimal/policy.rego b/src/confcom/samples/aci/minimal/policy.rego index 54041c457f3..721ef3581f3 100644 --- a/src/confcom/samples/aci/minimal/policy.rego +++ b/src/confcom/samples/aci/minimal/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/minimal/policy_debug.rego b/src/confcom/samples/aci/minimal/policy_debug.rego index 2fe79cc3aa8..f33fa7b46c8 100644 --- a/src/confcom/samples/aci/minimal/policy_debug.rego +++ b/src/confcom/samples/aci/minimal/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/minimal/policy_disable_stdio.rego b/src/confcom/samples/aci/minimal/policy_disable_stdio.rego index 2eca9f7c45e..d4f5c46ce0c 100644 --- a/src/confcom/samples/aci/minimal/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/minimal/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/minimal/policy_fragment.rego b/src/confcom/samples/aci/minimal/policy_fragment.rego index 0b8d0c95bde..d9ea7a4f5a6 100644 --- a/src/confcom/samples/aci/minimal/policy_fragment.rego +++ b/src/confcom/samples/aci/minimal/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/multi_container_groups/policy.rego b/src/confcom/samples/aci/multi_container_groups/policy.rego index 17c26c09076..67de04a0285 100644 --- a/src/confcom/samples/aci/multi_container_groups/policy.rego +++ b/src/confcom/samples/aci/multi_container_groups/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] @@ -64,7 +64,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/multi_container_groups/policy_debug.rego b/src/confcom/samples/aci/multi_container_groups/policy_debug.rego index d9135f99cb9..7ddb75b3742 100644 --- a/src/confcom/samples/aci/multi_container_groups/policy_debug.rego +++ b/src/confcom/samples/aci/multi_container_groups/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] @@ -64,7 +64,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/multi_container_groups/policy_disable_stdio.rego b/src/confcom/samples/aci/multi_container_groups/policy_disable_stdio.rego index 18595d41158..c7e0650713b 100644 --- a/src/confcom/samples/aci/multi_container_groups/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/multi_container_groups/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] @@ -64,7 +64,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/multi_containers/policy.rego b/src/confcom/samples/aci/multi_containers/policy.rego index 0453be8480a..e9ea916e0a8 100644 --- a/src/confcom/samples/aci/multi_containers/policy.rego +++ b/src/confcom/samples/aci/multi_containers/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/multi_containers/policy_debug.rego b/src/confcom/samples/aci/multi_containers/policy_debug.rego index 572b61ae2b7..36217c9ac09 100644 --- a/src/confcom/samples/aci/multi_containers/policy_debug.rego +++ b/src/confcom/samples/aci/multi_containers/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/multi_containers/policy_disable_stdio.rego b/src/confcom/samples/aci/multi_containers/policy_disable_stdio.rego index 250d409b948..19c2177c1ce 100644 --- a/src/confcom/samples/aci/multi_containers/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/multi_containers/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/multi_containers/policy_fragment.rego b/src/confcom/samples/aci/multi_containers/policy_fragment.rego index df44653b377..e1d6b484c42 100644 --- a/src/confcom/samples/aci/multi_containers/policy_fragment.rego +++ b/src/confcom/samples/aci/multi_containers/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/security_context_capabilities_add/policy.rego b/src/confcom/samples/aci/security_context_capabilities_add/policy.rego index 44fd8c4ddc2..e17f515f228 100644 --- a/src/confcom/samples/aci/security_context_capabilities_add/policy.rego +++ b/src/confcom/samples/aci/security_context_capabilities_add/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_add/policy_debug.rego b/src/confcom/samples/aci/security_context_capabilities_add/policy_debug.rego index c8fe9f15c8d..be2655f5834 100644 --- a/src/confcom/samples/aci/security_context_capabilities_add/policy_debug.rego +++ b/src/confcom/samples/aci/security_context_capabilities_add/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_add/policy_disable_stdio.rego b/src/confcom/samples/aci/security_context_capabilities_add/policy_disable_stdio.rego index c8394d1c6a1..a5188b24c04 100644 --- a/src/confcom/samples/aci/security_context_capabilities_add/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/security_context_capabilities_add/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_add/policy_fragment.rego b/src/confcom/samples/aci/security_context_capabilities_add/policy_fragment.rego index 8a1c9b9b249..38027274a76 100644 --- a/src/confcom/samples/aci/security_context_capabilities_add/policy_fragment.rego +++ b/src/confcom/samples/aci/security_context_capabilities_add/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/security_context_capabilities_add_drop/policy.rego b/src/confcom/samples/aci/security_context_capabilities_add_drop/policy.rego index cd054883fdd..db0eb992c57 100644 --- a/src/confcom/samples/aci/security_context_capabilities_add_drop/policy.rego +++ b/src/confcom/samples/aci/security_context_capabilities_add_drop/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_debug.rego b/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_debug.rego index cdd3be48d18..cbfd9699780 100644 --- a/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_debug.rego +++ b/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_disable_stdio.rego b/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_disable_stdio.rego index e6c787e3e77..285be86a07d 100644 --- a/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_fragment.rego b/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_fragment.rego index c13e6c775a6..27ccf902d93 100644 --- a/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_fragment.rego +++ b/src/confcom/samples/aci/security_context_capabilities_add_drop/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/security_context_capabilities_drop/policy.rego b/src/confcom/samples/aci/security_context_capabilities_drop/policy.rego index 5ede94c7b9d..c9e88f85555 100644 --- a/src/confcom/samples/aci/security_context_capabilities_drop/policy.rego +++ b/src/confcom/samples/aci/security_context_capabilities_drop/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_drop/policy_debug.rego b/src/confcom/samples/aci/security_context_capabilities_drop/policy_debug.rego index 254558dfc8a..bd1c6052a14 100644 --- a/src/confcom/samples/aci/security_context_capabilities_drop/policy_debug.rego +++ b/src/confcom/samples/aci/security_context_capabilities_drop/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_drop/policy_disable_stdio.rego b/src/confcom/samples/aci/security_context_capabilities_drop/policy_disable_stdio.rego index 9a163b52fbb..34425ff5777 100644 --- a/src/confcom/samples/aci/security_context_capabilities_drop/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/security_context_capabilities_drop/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_capabilities_drop/policy_fragment.rego b/src/confcom/samples/aci/security_context_capabilities_drop/policy_fragment.rego index e5efdd8584d..580ae543b37 100644 --- a/src/confcom/samples/aci/security_context_capabilities_drop/policy_fragment.rego +++ b/src/confcom/samples/aci/security_context_capabilities_drop/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/security_context_run_as_group/policy.rego b/src/confcom/samples/aci/security_context_run_as_group/policy.rego index 98bc85c201e..93f30fa1e74 100644 --- a/src/confcom/samples/aci/security_context_run_as_group/policy.rego +++ b/src/confcom/samples/aci/security_context_run_as_group/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_run_as_group/policy_debug.rego b/src/confcom/samples/aci/security_context_run_as_group/policy_debug.rego index 31f6c9c720b..9a618bafc91 100644 --- a/src/confcom/samples/aci/security_context_run_as_group/policy_debug.rego +++ b/src/confcom/samples/aci/security_context_run_as_group/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_run_as_group/policy_disable_stdio.rego b/src/confcom/samples/aci/security_context_run_as_group/policy_disable_stdio.rego index c14ec8e16dd..23fac5e69db 100644 --- a/src/confcom/samples/aci/security_context_run_as_group/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/security_context_run_as_group/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_run_as_group/policy_fragment.rego b/src/confcom/samples/aci/security_context_run_as_group/policy_fragment.rego index ebf6699020f..43322bb43ac 100644 --- a/src/confcom/samples/aci/security_context_run_as_group/policy_fragment.rego +++ b/src/confcom/samples/aci/security_context_run_as_group/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/security_context_run_as_user/policy.rego b/src/confcom/samples/aci/security_context_run_as_user/policy.rego index ebacb0f5c24..e16fb4563d0 100644 --- a/src/confcom/samples/aci/security_context_run_as_user/policy.rego +++ b/src/confcom/samples/aci/security_context_run_as_user/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_run_as_user/policy_debug.rego b/src/confcom/samples/aci/security_context_run_as_user/policy_debug.rego index 12d8171cfc3..6e31e8f99ef 100644 --- a/src/confcom/samples/aci/security_context_run_as_user/policy_debug.rego +++ b/src/confcom/samples/aci/security_context_run_as_user/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_run_as_user/policy_disable_stdio.rego b/src/confcom/samples/aci/security_context_run_as_user/policy_disable_stdio.rego index 4879bf1ddb5..28c1efee0c1 100644 --- a/src/confcom/samples/aci/security_context_run_as_user/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/security_context_run_as_user/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/security_context_run_as_user/policy_fragment.rego b/src/confcom/samples/aci/security_context_run_as_user/policy_fragment.rego index db67962c52e..e7098c289ce 100644 --- a/src/confcom/samples/aci/security_context_run_as_user/policy_fragment.rego +++ b/src/confcom/samples/aci/security_context_run_as_user/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/variables/policy.rego b/src/confcom/samples/aci/variables/policy.rego index 54041c457f3..721ef3581f3 100644 --- a/src/confcom/samples/aci/variables/policy.rego +++ b/src/confcom/samples/aci/variables/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/variables/policy_debug.rego b/src/confcom/samples/aci/variables/policy_debug.rego index 2fe79cc3aa8..f33fa7b46c8 100644 --- a/src/confcom/samples/aci/variables/policy_debug.rego +++ b/src/confcom/samples/aci/variables/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/variables/policy_disable_stdio.rego b/src/confcom/samples/aci/variables/policy_disable_stdio.rego index 2eca9f7c45e..d4f5c46ce0c 100644 --- a/src/confcom/samples/aci/variables/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/variables/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/variables/policy_fragment.rego b/src/confcom/samples/aci/variables/policy_fragment.rego index 0b8d0c95bde..d9ea7a4f5a6 100644 --- a/src/confcom/samples/aci/variables/policy_fragment.rego +++ b/src/confcom/samples/aci/variables/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/volume_mount_secret/policy.rego b/src/confcom/samples/aci/volume_mount_secret/policy.rego index 96480eb9632..b5a639bb912 100644 --- a/src/confcom/samples/aci/volume_mount_secret/policy.rego +++ b/src/confcom/samples/aci/volume_mount_secret/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/volume_mount_secret/policy_debug.rego b/src/confcom/samples/aci/volume_mount_secret/policy_debug.rego index 7ac2ee888d7..24215106d3f 100644 --- a/src/confcom/samples/aci/volume_mount_secret/policy_debug.rego +++ b/src/confcom/samples/aci/volume_mount_secret/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/volume_mount_secret/policy_disable_stdio.rego b/src/confcom/samples/aci/volume_mount_secret/policy_disable_stdio.rego index 37d5d864f4c..3f5ce0efda4 100644 --- a/src/confcom/samples/aci/volume_mount_secret/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/volume_mount_secret/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/volume_mount_secret/policy_fragment.rego b/src/confcom/samples/aci/volume_mount_secret/policy_fragment.rego index f70c8d32bf7..bb5bf4e1743 100644 --- a/src/confcom/samples/aci/volume_mount_secret/policy_fragment.rego +++ b/src/confcom/samples/aci/volume_mount_secret/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/aci/volume_mounts/policy.rego b/src/confcom/samples/aci/volume_mounts/policy.rego index a1bd4e08d6b..273b195b4d9 100644 --- a/src/confcom/samples/aci/volume_mounts/policy.rego +++ b/src/confcom/samples/aci/volume_mounts/policy.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/volume_mounts/policy_debug.rego b/src/confcom/samples/aci/volume_mounts/policy_debug.rego index d7d49129f8a..ebe8d8cff89 100644 --- a/src/confcom/samples/aci/volume_mounts/policy_debug.rego +++ b/src/confcom/samples/aci/volume_mounts/policy_debug.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/volume_mounts/policy_disable_stdio.rego b/src/confcom/samples/aci/volume_mounts/policy_disable_stdio.rego index 4c4418eb03e..71223a5d727 100644 --- a/src/confcom/samples/aci/volume_mounts/policy_disable_stdio.rego +++ b/src/confcom/samples/aci/volume_mounts/policy_disable_stdio.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] diff --git a/src/confcom/samples/aci/volume_mounts/policy_fragment.rego b/src/confcom/samples/aci/volume_mounts/policy_fragment.rego index c91dc53d559..80286bf873a 100644 --- a/src/confcom/samples/aci/volume_mounts/policy_fragment.rego +++ b/src/confcom/samples/aci/volume_mounts/policy_fragment.rego @@ -14,7 +14,7 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" }, { "feed": "mcr.microsoft.com/acc/samples/aci/helloworld", diff --git a/src/confcom/samples/fragments/fragment.rego b/src/confcom/samples/fragments/fragment.rego index 7c470c0c41a..a9e90546022 100644 --- a/src/confcom/samples/fragments/fragment.rego +++ b/src/confcom/samples/fragments/fragment.rego @@ -11,195 +11,8 @@ fragments := [ "fragments" ], "issuer": "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6.1.4.1.311.76.59.1.3", - "minimum_svn": "1" + "minimum_svn": "4" } ] -containers := [ - { - "allow_elevated": false, - "allow_stdio_access": true, - "capabilities": { - "ambient": [], - "bounding": [ - "CAP_AUDIT_WRITE", - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_MKNOD", - "CAP_NET_BIND_SERVICE", - "CAP_NET_RAW", - "CAP_SETFCAP", - "CAP_SETGID", - "CAP_SETPCAP", - "CAP_SETUID", - "CAP_SYS_CHROOT" - ], - "effective": [ - "CAP_AUDIT_WRITE", - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_MKNOD", - "CAP_NET_BIND_SERVICE", - "CAP_NET_RAW", - "CAP_SETFCAP", - "CAP_SETGID", - "CAP_SETPCAP", - "CAP_SETUID", - "CAP_SYS_CHROOT" - ], - "inheritable": [], - "permitted": [ - "CAP_AUDIT_WRITE", - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_MKNOD", - "CAP_NET_BIND_SERVICE", - "CAP_NET_RAW", - "CAP_SETFCAP", - "CAP_SETGID", - "CAP_SETPCAP", - "CAP_SETUID", - "CAP_SYS_CHROOT" - ] - }, - "command": [ - "python3", - "main.py" - ], - "env_rules": [ - { - "pattern": "PATH=/customized/path/value", - "required": false, - "strategy": "string" - }, - { - "pattern": "TEST_REGEXP_ENV=test_regexp_env(.*)", - "required": false, - "strategy": "re2" - }, - { - "pattern": "PYTHONUNBUFFERED=1", - "required": false, - "strategy": "string" - }, - { - "pattern": "TERM=xterm", - "required": false, - "strategy": "string" - }, - { - "pattern": "(?i)(FABRIC)_.+=.+", - "required": false, - "strategy": "re2" - }, - { - "pattern": "HOSTNAME=.+", - "required": false, - "strategy": "re2" - }, - { - "pattern": "T(E)?MP=.+", - "required": false, - "strategy": "re2" - }, - { - "pattern": "FabricPackageFileName=.+", - "required": false, - "strategy": "re2" - }, - { - "pattern": "HostedServiceName=.+", - "required": false, - "strategy": "re2" - }, - { - "pattern": "IDENTITY_API_VERSION=.+", - "required": false, - "strategy": "re2" - }, - { - "pattern": "IDENTITY_HEADER=.+", - "required": false, - "strategy": "re2" - }, - { - "pattern": "IDENTITY_SERVER_THUMBPRINT=.+", - "required": false, - "strategy": "re2" - }, - { - "pattern": "azurecontainerinstance_restarted_by=.+", - "required": false, - "strategy": "re2" - } - ], - "exec_processes": [ - { - "command": [ - "echo", - "Hello World" - ], - "signals": [] - } - ], - "id": "mcr.microsoft.com/acc/samples/aci/helloworld:2.9", - "layers": [ - "4e74440c7b0e6e6c1cc9e6eb9b779e1ffde807122ed8a16bb0422a1d64fd5aa8", - "4cf856bcde8e1fa71f57d2218e21dd7c1a6a12c6d930d2bdb4bdb13a46fed9e4", - "41a52f45506177737caec5d57fe6160b6c8942dcac1bc7834fc0e94e62ff6b4d", - "b8ea8eae7795453b5e3dcfafe3f11fb2d68efb1062308e4d2411d44dd19fa97c", - "a0df1939f552483286c45204e7f583c9a6146963a79556fe22578d7b7e63e7a1", - "3ccbd6b119e951f3f2586339e9d10168b064a5852fd87cfae94af47a89f4d6c6", - "8348c9d4357db6a600aa4c5116ed9755a230d274096706a7d214c02105d0b256" - ], - "mounts": [ - { - "destination": "/mount/azurefile", - "options": [ - "rbind", - "rshared", - "ro" - ], - "source": "sandbox:///tmp/atlas/azureFileVolume/.+", - "type": "bind" - }, - { - "destination": "/etc/resolv.conf", - "options": [ - "rbind", - "rshared", - "rw" - ], - "source": "sandbox:///tmp/atlas/resolvconf/.+", - "type": "bind" - } - ], - "name": "my-image", - "no_new_privileges": false, - "seccomp_profile_sha256": "", - "signals": [], - "user": { - "group_idnames": [ - { - "pattern": "", - "strategy": "any" - } - ], - "umask": "0022", - "user_idname": { - "pattern": "", - "strategy": "any" - } - }, - "working_dir": "/app" - } -] +containers := [{"allow_elevated":false,"allow_stdio_access":true,"capabilities":{"ambient":[],"bounding":["CAP_AUDIT_WRITE","CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_MKNOD","CAP_NET_BIND_SERVICE","CAP_NET_RAW","CAP_SETFCAP","CAP_SETGID","CAP_SETPCAP","CAP_SETUID","CAP_SYS_CHROOT"],"effective":["CAP_AUDIT_WRITE","CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_MKNOD","CAP_NET_BIND_SERVICE","CAP_NET_RAW","CAP_SETFCAP","CAP_SETGID","CAP_SETPCAP","CAP_SETUID","CAP_SYS_CHROOT"],"inheritable":[],"permitted":["CAP_AUDIT_WRITE","CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_MKNOD","CAP_NET_BIND_SERVICE","CAP_NET_RAW","CAP_SETFCAP","CAP_SETGID","CAP_SETPCAP","CAP_SETUID","CAP_SYS_CHROOT"]},"command":["python3","main.py"],"env_rules":[{"pattern":"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","required":false,"strategy":"string"},{"pattern":"PYTHONUNBUFFERED=1","required":false,"strategy":"string"},{"pattern":"TERM=xterm","required":false,"strategy":"string"},{"pattern":"(?i)(FABRIC)_.+=.+","required":false,"strategy":"re2"},{"pattern":"HOSTNAME=.+","required":false,"strategy":"re2"},{"pattern":"T(E)?MP=.+","required":false,"strategy":"re2"},{"pattern":"FabricPackageFileName=.+","required":false,"strategy":"re2"},{"pattern":"HostedServiceName=.+","required":false,"strategy":"re2"},{"pattern":"IDENTITY_API_VERSION=.+","required":false,"strategy":"re2"},{"pattern":"IDENTITY_HEADER=.+","required":false,"strategy":"re2"},{"pattern":"IDENTITY_SERVER_THUMBPRINT=.+","required":false,"strategy":"re2"},{"pattern":"azurecontainerinstance_restarted_by=.+","required":false,"strategy":"re2"}],"exec_processes":[],"id":"mcr.microsoft.com/acc/samples/aci/helloworld:2.9","layers":["4e74440c7b0e6e6c1cc9e6eb9b779e1ffde807122ed8a16bb0422a1d64fd5aa8","4cf856bcde8e1fa71f57d2218e21dd7c1a6a12c6d930d2bdb4bdb13a46fed9e4","41a52f45506177737caec5d57fe6160b6c8942dcac1bc7834fc0e94e62ff6b4d","b8ea8eae7795453b5e3dcfafe3f11fb2d68efb1062308e4d2411d44dd19fa97c","a0df1939f552483286c45204e7f583c9a6146963a79556fe22578d7b7e63e7a1","3ccbd6b119e951f3f2586339e9d10168b064a5852fd87cfae94af47a89f4d6c6","8348c9d4357db6a600aa4c5116ed9755a230d274096706a7d214c02105d0b256"],"mounts":[{"destination":"/etc/resolv.conf","options":["rbind","rshared","rw"],"source":"sandbox:///tmp/atlas/resolvconf/.+","type":"bind"}],"name":"my-image","no_new_privileges":false,"seccomp_profile_sha256":"","signals":[],"user":{"group_idnames":[{"pattern":"","strategy":"any"}],"umask":"0022","user_idname":{"pattern":"","strategy":"any"}},"working_dir":"/app"}] diff --git a/src/confcom/samples/fragments/fragment.rego.cose b/src/confcom/samples/fragments/fragment.rego.cose index d7bff615de076b59667bb4dc66cb7a3a576e043f..dcb24549c3e1fcf9e6e5541ad13088d13baacc97 100644 GIT binary patch literal 7184 zcmds62UHXJ)(1i_Qe{yDAt<7h%%n^bT+k2_dT0R!#O!1;fe0xip^G9YioIY#MNla! zuA(BsqOd3ybj99QRv%*TWf2k4_YdOkzI}VX_m1y;-*?VChdKPq+~5D+n|puv&dkO6 zaTeB<+6*Eg%MMj2QY9FwmdItKbXkf_o+)!z;z@El=fXJM2~dHq3sj(EQbEws*3r?i z(1OhLjV2WZ7WJ8FYn$q6L5Z*lWTa1s(bc!siHU|Spb?shp{YRtE>|W=P}mBx(5x7n z8ih$PrCcQ!tKkulsbA-E$<3F4WL6g+vlx><}DlYu!FU(4x|NH>KlDm6sTSF&QDugSC^opKXu6E4(8h0 zpEPs53djLC(_y@>Eo7r_=&rA=r)NOW{%u5n#%i`*bb-_JZCXk)`w*Gk!E?-?HgJub z83)5=Hhz{Lp=+yavmeRHzBb{;4ohLtBqqa{fRv)ADVc(E_HrJo20tVnI> z&#FJPKK-24!fBOOFGDZQrCWB6x**MzoQyc%SWpz$Sf+o~?#gHaeY%sC2O}^ZCLoTP+xSNT3V65nK{0tD$;2} zcS+$x=lWw3*BQO%4{ko5xA6Jdfkbw1VDcDjQY%D)|gS7%>-k9_~6sqN<0+l849eHpD3*)+qL6;Iuj7<^aKE3H`4^pQHMr7yPK zpqg}G<;a56Ge`|S;t=tbYf0Ya(8#H3_wwXj554Hruxh(e&J}h$N1CLaD~rvG)2o3B z^tM9{BKiMfe!JHDWa{X1yaOZ z3$UoMjwV;y>aR5pRK7PYa_m@~BRFA}JEM1Q{i(ap6YHoAzSB(7?Ne(xmHfWfw+2Se zy>6alGiu+W)dOSwyozGP6DZlw-{7~WY>D@G-s$OAWbS2VdN5$cA=Qs|`O%vQpWY@M z$v!GMQdBmIm{8L?_+X9H(ah}^(mm^jt|ODJT~}?g_dXZlF#h-vG}Q6b!?wXH-BTX; zjVGe-T+XgtGE+QxZlB)bSr+t}^J@mt+E>OiJT&M7w5qaOseWPcY zKC5=YihWPr-9sJ>AfuD<+L$F99z0{ zQt$GwT2()K6m#j|Wxwa~%lx9xy|EN7eJ~FFX^#i%Zd`rf08_Z9*Sevxux8W=^C+#A zxqS{}10ye=BrHRIe0{Wk?SQLGq3i6UCvwVox;`NnPo6Kx-#XSdq;jD{$Nt8yvre_z zg9*Yo*q%s`2Bi0khyEW z{>=}b+x!e4^f$^`j^dqj?!LLzn%m4^Det|A64q8R z?<2~OU-;Ri=c(Vmyliw z!PkG(gl$QQ*XAEv-aD}Z^UkiC$VKdRluqT#Y9`EG#2K^fmp+4q6)Tdj6+WECjm8$c zIhAjsw>pk50d9xK7nq7G+SGQ- zZtE)xSwHeh_r}>*Z_wBRN61}IsXHMO{Df*1$LDv-zG~bd`k;qzUxc17f zv@?;NyoNL@`~HCgR%SWAJ-W6pQ`$PuJWb~xTXSJ#h3VbtlU))nNrP_B-aOMSIPI;? zu_KEO+du5cd3wdw-q-cbQt9B)v4V~KWax)G4_i|A`?n2bGMX=yKCf^cw<8fwn{jjG zmX52xSYLk78jEe*{BlF}*5<8kW-}AmlXyv6UFqY4zeznN+->y626=qHbL#fQaP#PT z>Z%{LLw~rLzwlG>_3%9P!g;6R_N%_{%r+^4bP}vemE_`^e=FYH5YAwvt=xUb%ZF>& zIpu@9{x|UEk`Y^;6?*9TwyaMbx9@ChUuVCR z0w?~&Xwx102?13hO~vZxznrxv_wTyZXTEe@Muq2^%F?~fqr&R4K1mvH^sG3y?YjE} zL|r8HeKJKJqtHad~**f73?Il)DWMZQ%h&}g`wzFgPIgoLVCuF_ z4_yjBIljJ`yJO~estn`tl#ismd(Q@qVzRt%9r{!zX zLk~A~eRIbiE-;?*Ry26Z-rR0>g5X5g>YbHiWY&wH1$>CB?&2(1Tm1~bV8SE3f8Un0 z!e;R{?Rm$oV)KNhy4Rb2-DMviKrpNh_eYn{^2(W=UpLUlR5FBzui%ZHycNRo8rDw@ z5&g)_spMZ{w`=+V2+9B;u%j4j}ITY>}5~yezW2`Y58ftp6^Nf zD9qh${XW!d#4PK+1=&UnoAvdL-#MrCrdj^{vhL&fcB)0g+w9r&t8boIo)B{#{S*F* z#s89||5Fy%|5GjwvABiF9vbhefOfF$WMp9H+AT>YP?~=7z4;F|AFi%G_H)IF@5XH< z&~H?Fo~+aLc}Qw@-e98CtIeCmpyHtbFliUZeja%(tgpa&OMWv*WR7sjCP53^)^nr#XGt;C2X(B)z_umm6Rj9 zx^KrD^^^stah@e_-T!@7(~=A04!^$bc3NF|=_LBM)n{szzwWt2D2aVJH`*wEU}j!H z>0N?PkL{*thrKVVjO!AYnQ^Y{%$_@{otA(BN4yIy2s}XA8!thB)T>?rT4eL(mHUtW{>UbHw|{|P5O^s zSTY!{Kh1%(tvAk`Z)(xuhPEf~VpU$#QTVlb7ujk*maFrEm(S02Jc_ToUNXoExOe9K z8)3F_XW`NT?lz|Z*8MqI#truH#ez9;-}(q5yGdp2s@tX$4P0^?j)WhbG<)^@dfS}& zj#U)_DrU(;=8jo0u5ErH+>Qs`wzVl{5~!nPujP%YZ0^J}NJDyJQAenb=*^5b3s;o$nMC6?X=+PVURwbik8seQsj*CgjRECpd#8?`F zc(SL5L^Ihe&*|}DY1}X&S1x5T17@L7WIV{*Ta_-Hg=1=OHqU$bNw^};WVHgtQqUya z3H$tTY;3H`kU4q#I1yo@u~>;p@l3fgMUa6jRp5=m&<5m1_M#AtHM>btT&7lORuhb! zoN~eCzesUhyh6=Xd3)n2>E5sx#S8I*y{O=#z_1q`@uD#`<1fleB{GRL zT`B+$(;P|F=#pogXl(qu#zUUTC8DXR@=O7qif4e=9KbhXG*yLr3@@wHB8gmpVi>Lh zcB_@?UQwo`eL2h7J$ILU`d{mU$e$ zz%PjBFNo$u#Rjpz;AobkSks0D01g+Z^ZP8|H(0P0@ef-uzi-7w3)q2C;o*EDFbx-r zL4-;&@c%;FB(h{&DN&=sRE>4OSOs|VB~cFr#DCcjnFk_RE|sD(5bFsoji|!I5dtQ7|x5~`NeR#oG6aJ5BxPK zd`?uDPnPC==GREOO_5A=j3OvZ#t;#c0*S~%k&p^5n1WIf zF)m`_R1E}-(#T>ejRqkwold9FF%-vWA{t$cBQOF95sbm4l0_Jb!9tAApispagfpo) zLKce=Ayot*gbW-7e>hN^Mx{}NG@K&B#Hbjjh+$YPB#RIRE*8QNLZ(0roGKzyVOT_^ zibOC|j56sMfIuOU7-mwKVj7K1Wl+cr1f$Z(5O9&0#-LzK6oIJ-6QQ8s2pUkHOs3Hp zBD#={BNUvDY8Z%uVL}ligkdJmq`_i}m`r0J6bhJ$UFpL0i(P=ak7$73ksSp#PLkJ374O20Q z3_~;#Bm^C%hN`8Y-%x+%Y0#RfC9-q*fc8!%2It8Ynh#4u!Jq_W ztnsB1^r{*%2BS<3oJyXq#6Srosz7}Z%Co#lB$8UHAfe!UjcOQ9gGL%+Ky|i4bMFvV z9*~v+ZqbBkwx>i2+E#!nlM7^cCJ1Ip2H>6~O*9YpS1KF>Wk{ikb1~Qwd~TY7G>}qB zl4PI@`&^0BRhq6bmzboKrz->!k>-%k2LE1|G%~-J5mc5<)Tom#MO7&P5rW8MaEAtH zSYCtoKT79$5H+nes73;j1RPH!flqS))Oh-L4?5nAQ@0;*N}TL4^Qql~gLHk$yS{AE z`>vwZ3@Zx0Fh?&muOm~iHG|}{#1{F;a1g{z&$3_2S-Sr|KW<%Je`dv!xFB7_%c7r_ a8YMc*=3G)kb+sSx9d7HQgALA}9{4+gv?Rv> literal 8975 zcmeI2cUTiyyTAzqkSdA=R0Lx~kT8=Tl$90?(n1I*AjZke1R|uELQz=+6ja294M7y7 zh%~{5*sx*23U*yoENeq$QBfDyI|-mz_I`VJANT(AJ&*G^bJ|M|o^T~~K^cOGZ~3{rpV829y(C{ei>MMRJiwQ+X^h7UF&Q2{223{pW7 z6%55bX&?afd;$^wNqo0L`o{XM%4kTUgnCpoG}d>QN|cyFJtaopl<0ga0b(#S^fANF zIcwwebnTPyS_B<|7Jk#k3-^W}?tEHvHFVJ-)7gJm9%x#)mu)qp#^7D&6v%MCpW*ww z-|Lg|4~3eDp~|0c4h=oK_q@wkdiWGzTye_6EaS#3&*$|+Htacz4$-TRttgzlI?5x@ zBm1e(j6P&!A!|$03Lq&%<6$dvyf&Z(^wTq#naakczIDUl@OT|*DdTCsNo zVTol|e^dM*{DAkQfRbX1LdJs}|G74;BUbn0Pn+}A3eZW`#%WDFGCWN=eLH_g%)FMz zt$hh=I0jF~=QUm^G05^y-)zS5Wo?^YHuiX>dFNiszIodh;?9OdNQ_Kc^yHVQFV=im ztbBgn+4SUwj;GZ_%`Bm$35zBjfN0wSh?h#;kw+!B*Oyv6C7vYIA-@dtaGM)C_ofQ+ zyp|EKt#r8mIO$UAjBLx0#bGgzu1}t6s<&lEtk_KdYA{$bfc;kDcL!-*{n6S!Wpi^{ zSXpjjOI1neiv*^BJ{!NVXp{BS#jg543!-Y{ru@2Z@700!k-V+_5$|)2w+r^~$xcWs zh_rphT*?j7MW2|5D~3Ald2(jsU1ff@P+At%n7(qIMY~bq7+moB%eK{zv}e8|G`E=0 zZVenT+}3CUYu-_ltF`MptivWYS83CYRn(DMG~}05yXmF}ZI1bDe=&sqmTlOClpO-r?G=H>x@4ff=BitkI zRfCE84i&WcB&hN^(Q^E)gt~-PUTO5J{gZdv9a)+*!IBxWpuX&YpZ7ib(Xl>b4y~O! z!0+vY!J@FIyla01_{<<^jcNYqKZV6>4=#J$DOi42etE}|WVXZX;4Sl~a83QPkZT3Q zkFKgdCdwYN;_a??mpYrdzh4WdHKaT*Fi{5j6lE`Ezw}+a)V%QJio`h=mNkax76Zw; zTYzMp^zV|w2qVSc2-UyBj_v@*LX|6(D!^H$r|ivXZq4y+Z`2tA&L~UoDKH zhT7^_*%6rXZs6iGH8N2`*;~47!nXF(&Vd`eBA+jT=I8G#+>#MSV^v;Y9==67+C=hL zwt5z0*~~%Y!k{BJ=OF!aYOEX2ImSlgOPB1LqVRrvQ2VfQYj#w2PNxGm%wb~XuXAsb zBYu4mv4n#Qns(pW=B?@Bq&IOfBHa_=(}y*^+CsfCSWRc)F9Veo-HPn^egza{k_&cIW>Od@u}W*%%2vFC0k`* zdf{njiQaI3Q<`#xbgJ-XT#>i7E5u_ys=CLwouNbyCxYO+-$$9uOem3AG{?HF=VUmv zEjL-V!?J`s%Dl?+T_^4LMavJJ6|LAN*hGHd;?~qq{MPG%rKP`9qU=2Tp_XwBI;f&O z_2b=T{C7`UM$eOfP%QA`@0zjPONX)H$ZzH=jvs$#+*F!^?CQK0vM8N(&~D3>oo93J zW}d9gz8rdbE~h!gDZA|P(-JKY>j%v(bHl`)!xY zVWD5i+7l%nI$^he%O5tD5@U7O`OKoIfi>$k30;H8_6haB9w^K_zjaGR>neekal_?N z$AqODmtRZFeUchHX|=Vs4o(ZV1qPsAoc%6_dvp5a+L{;Ji|t3s=Okq|t)3k_u3+vu zpsyO_=4$Ti0y@}#Uv31r)ZWVwi$D#j!;aR8tA4wkc)?>|M?Z_pTW1mbJeK7pSGyIp zwG1eoIUz-tw*Jubt1Dtc&I{KzB`5pTQi8n3eLP<)tmEe%VJqKhTVLhmv|r~v*%1&~ zy<+>`A}-0cw6DhqHduCdc18GmUJI0~8y7Kh)x8CjlS4d@`DRR#hrcx%|3^Mm7O;Hn zpjr6I4<~+HvOuft@YZ3!I}e{FGS>2cR&IZ9nbzBZzD`AE7THF^tv?+%>$JT=8#VG8 zW#HVbKD({2jUu-V-*LIh%Y5u-muWEkEq*_tx!9O#hMh_p=zg_qL>;EML@N+kdD75>Pz`{e8W8 z-Rm%g)yCEt{0~xmRSa|96<(xO`Q*b*N0;F18s7|juw*Vf>eAWN>W5iRgG+pUjJ@Z2 z`;=rR_&SqUyY8Pjc&L9wDbv0wg zf+d0m5962>4j&&qmiX*`QjU(=iW=hQm+cI^O}$=Xk^pp6H4{3sEz*6LKC(Hvf3Mlm z_>2QvFFfmbfA=(GsAUh@J)1M6Wqn!&?vK!5$H5t<&pJYMk7A@ggps(=%zel+o}OOoknUfwYTEnPMw@3JR=%p+kb2}n zO3Q(({j(lyWuHEoH96)+)cg%u!}GHy-wycl2Fv2os=WWU7ZpN$=Euo8AwLw=m5_jKu7emM?Yqd&$+9wYfZkOh; z=eTOW)?;V-+M)*;L)Qm|x!5eL^BueBB5ap`TekE~QSJTHVYbV`PWF@<3-;;6`5CsR z2UYR49p#21{W|)*J8mHlU-WgI+Nv#i^jiQb8YSx)EJ=Pdz6nE4ZfUXy; zYdVB9!y|TwuELwFbAtwK9hbUmvUXzi>S~=kch&^III&YaXaDQl@V)nu5%85b?Us=n z&dshHyLQ$F>uFc&PEH$N^2?^NiR*Hy)&emoiRY?>91cVz|Lf(xI3eTT|!g-865k&-BUTPjh=6 zaL|yyuITiPhMe#Xu0lJoj7Lhl{v*P9z**TWJDQqmo~U+HSo@+!8W=FEkdsOeauXTjJJs1MF-#N z+cGM&V6WEe>n&VQVwUnmW%5a3yIDnQdvwB;i_jdO_=U5Z&drFOxyY^KQC)Oe+nQ6i z?jOs}KijImpep5FwIDV3MPoxBSfo(I1t22CDGtM<6X2wXgh*7H6T?4J#hV?#5y%A| zzSDx40jNYd&C82Bbv7&x;=3^z62>f!9Gt3fgPoidD#0uiRyw)+Idz|eH;43JDTClB zC<3*CyAH>OhKd-8jgzwt0VEg-<&YSSmCB>|F{oUD-56*p03wMDjYwsx-+Po5izFhk zO3cR`rWT3$%f=?bFx=4av&LU}28xcB#`4ip~A#cfNlxi_7)$_@;v=)}F=vx`$^Vi|6I>b*Z

(N z6;A(M>fc$t|8S{m=#kLPC=B9aNTMcJkE;o?cx9wi(gQ_|Bw`HKL|OcoWJV=1e7P$6 z3$phR4C^Ct$T^)u>vu)uqLynari91U}q(&Q1Y?6aWqcG#|*F~ z+Ku}gD#%gNUzE=Y;j#Vwg8bZqJUv-lmWMO=H^luPE#~?<$EmO2f3zgqNuqJKo~~|O zFZXeLqP;WG{%=V9>#k(`2lD(}eOW(R4$qb~ZjvwOM~m@<1ac9~=}Of+MbW4qmYDr$ zp=_xF!)hQZj}gKDia;#G@Z)*$Liny6FFuxX1bX@V{b(aU$z-!!Jy_g-O`JNpVR899 zc95?dhwJ6X`_Yo2IVw5&DKiyG6iP?}qZr<>7dbZ1d_nv_S3$$s?!B3S#-T7@CYP#H z**^pSw;PHE$|xKu?ZpRdhhU>v?rbwvDvw5bXxb|e!x|_=5fUt$R&Pz=J-Giu9nqg2 zN?=C?B$i>DljeXDsg{HtdZH005|P=h1tA)WSD!$7ZG04zPN7f$m@WWN8cKsf7-nKG z0;YgYXQH4`h@cFB4w6VH!hk@UKmbrkBnU)k6d^)|AjT*A2ozYzpwa{|)&c7W(Lo`V zj*v(o10{h7LWer^GFbY2tg*9DWp3BcSZq%z1b6QY3>8k0tbFiBL*A`*#8XCQO|9i@>`I`nxDB#>cPfY1aW z$V8b`P)HV%s00MZx&fJT9+49o)vgN`YSSq2Fybcn$eQV<$U`>YdYIRj=Q z6f)*$0S%%700dEBDhSdrhtjE32(t&wt7UTjEmT`3@VCn*_ zr5ro{t8HZgfrWOxADzLLVu*Rgk^0wBH{{ivS BNWK67