SethHollandsworth · SethHollandsworth · Oct 17, 2023 · Oct 17, 2023
@@ -29,6 +29,9 @@ class DockerClient:
     def __init__(self) -> None:
         self._client = None
 
+    def __enter__(self) -> docker.DockerClient:
+        return self.get_client()
+
     def get_client(self) -> docker.DockerClient:
         if not self._client:
             self._client = docker.from_env()

@@ -31,17 +31,17 @@ test_arm_template_with_parameter_file | mcr.microsoft.com/azure-functions/python
 test_arm_template_with_parameter_file_injected_env_vars | mcr.microsoft.com/azure-functions/python:4-python3.8 | See if env vars from the image are injected into the policy. Also make sure the `concat` function in ARM template won't break the CLI if it's not in a required spot like image name
 test_arm_template_with_parameter_file_arm_config | mcr.microsoft.com/azure-functions/python:4-python3.8 | Test valid case of using a parameter file with JSON output instead of Rego
 test_arm_template_with_parameter_file_clean_room | mcr.microsoft.com/azure-functions/node:4 | Test clean room case where image specified does not exist remotely but does locally
-test_policy_diff | rust:1.52.1 | See if the diff functionality outputs `True` when diffs match completely
-test_incorrect_policy_diff | rust:1.52.1 | Check output formatting and functionality of diff command
+test_policy_diff | alpine:3.16 | See if the diff functionality outputs `True` when diffs match completely
+test_incorrect_policy_diff | alpine:3.16 | Check output formatting and functionality of diff command
 test_update_infrastructure_svn | python:3.6.14-slim-buster | Change the minimum SVN for the insfrastructure fragment
-test_multiple_policies | python:3.6.14-slim-buster & rust:1.52.1 | See if two unique policies are generated from a single ARM Template container multiple container groups. Also have an extra resource that is untouched. Also has a secureValue for an environment variable.
-test_arm_template_with_init_container | python:3.6.14-slim-buster & rust:1.52.1 | See if having an initContainer is picked up and added to the list of valid containers
-test_arm_template_without_stdio_access | rust:1.52.1 | See if disabling container stdio access gets passed down to individual containers
-test_arm_template_allow_elevated_false | rust:1.52.1 | Disabling allow_elevated via securityContext
+test_multiple_policies | python:3.6.14-slim-buster & alpine:3.16 | See if two unique policies are generated from a single ARM Template container multiple container groups. Also have an extra resource that is untouched. Also has a secureValue for an environment variable.
+test_arm_template_with_init_container | python:3.6.14-slim-buster & alpine:3.16 | See if having an initContainer is picked up and added to the list of valid containers
+test_arm_template_without_stdio_access | alpine:3.16 | See if disabling container stdio access gets passed down to individual containers
+test_arm_template_allow_elevated_false | alpine:3.16 | Disabling allow_elevated via securityContext
 test_arm_template_policy_regex | python:3.6.14-slim-buster | Make sure the regex generated from the ARM Template workflow matches that of the policy.json workflow
 test_wildcard_env_var | python:3.6.14-slim-buster | Check that an "allow all" regex is created when a value for env var is not provided via a parameter value
 test_wildcard_env_var_invalid | N/A | Make sure the process errors out if a value is not given for an env var or an undefined parameter is used for the name of an env var
-test_arm_template_with_env_var | rust:1.52.1 | Make sure that a value that looks similar to but is not an ARM parameter is treated as a string
+test_arm_template_with_env_var | alpine:3.16 | Make sure that a value that looks similar to but is not an ARM parameter is treated as a string
 test_arm_template_security_context_defaults | N/A | Make sure default values for securityContext are correct
 test_arm_template_security_context_allow_privilege_escalation | N/A | See if changing the allowPrivilegeEscalation flag is working
 test_arm_template_security_context_user | N/A | Set the user field manually to make sure it is reflected in the policy
@@ -64,7 +64,7 @@ It is still used for generating sidecar CCE Policies.
 
 Test Name | Image Used | Purpose
 ---|---|---
-test_user_container_customized_mounts | rust:1.52.1 | See if mounts are translated correctly to the appropriate source and destination locations
+test_user_container_customized_mounts | alpine:3.16 | See if mounts are translated correctly to the appropriate source and destination locations
 test_user_container_mount_injected_dns | python:3.6.14-slim-buster | See if the resolvconf mount works properly
 test_injected_sidecar_container_msi | mcr.microsoft.com/aci/msi-atlas-adapter:master_20201203.1 | Make sure User mounts and env vars aren't added to sidecar containers, using JSON output format
 test_debug_flags | python:3.6.14-slim-buster | Enable flags set via debug_mode
@@ -74,17 +74,17 @@ test_incorrect_sidecar | mcr.microsoft.com/aci/msi-atlas-adapter:master_20201210
 test_customized_workingdir | python:3.6.14-slim-buster | Using different working dir than specified in image metadata
 test_allow_elevated | python:3.6.14-slim-buster | Using allow_elevated in container
 test_image_layers_python | python:3.6.14-slim-buster | Make sure image layers are as expected
-test_image_layers_rust | rust:1.52.1 | Make sure image layers are as expected with different image
-test_docker_pull | rust:1.52.1 | Test pulling an image from docker client
-test_infrastructure_svn | rust:1.52.1 | make sure the correct infrastructure_svn is present in the policy
+test_image_layers_nginx | nginx:1.22 | Make sure image layers are as expected with different image
+test_docker_pull | alpine:3.16 | Test pulling an image from docker client
+test_infrastructure_svn | alpine:3.16 | make sure the correct infrastructure_svn is present in the policy
 test_stdio_access_default | python:3.6.14-slim-buster | Checking the default value for std I/O access
 test_stdio_access_updated | python:3.6.14-slim-buster | Checking the value for std I/O when it's set
 test_environment_variables_parsing | mcr.microsoft.com/azuredocs/aci-dataprocessing-cc:v1 | Make sure env vars are output in the right format
 test_get_layers_from_not_exists_image | notexists:1.0.0 | Fail out grabbing layers if image doesn't exist
-test_incorrect_allow_elevated_data_type | rust:1.52.1 | Making allow_elevated fail out if it's not a boolean
-test_incorrect_workingdir_path | rust:1.52.1 | Fail if working dir isn't an absolute path string
-test_incorrect_workingdir_data_type | rust:1.52.1 | Fail if working dir is an array
-test_incorrect_command_data_type | rust:1.52.1 | Fail if command is not array of strings
+test_incorrect_allow_elevated_data_type | alpine:3.16 | Making allow_elevated fail out if it's not a boolean
+test_incorrect_workingdir_path | alpine:3.16 | Fail if working dir isn't an absolute path string
+test_incorrect_workingdir_data_type | alpine:3.16 | Fail if working dir is an array
+test_incorrect_command_data_type | alpine:3.16 | Fail if command is not array of strings
 test_json_missing_containers | N/A | Fail if containers are not specified
 test_json_missing_version | mcr.microsoft.com/azuredocs/aci-dataprocessing-cc:v1 | Fail if version is not included in policy.json
 test_json_missing_containerImage | N/A | Fail if container doesn't have an image specified