From ad3c8c2cdaeb1238386a1d5e93e239e84718d415 Mon Sep 17 00:00:00 2001 From: sethho Date: Tue, 1 Apr 2025 10:45:09 -0400 Subject: [PATCH] adding replacement for special env var --- src/confcom/azext_confcom/config.py | 3 +++ src/confcom/azext_confcom/template_util.py | 10 ++++++++++ .../azext_confcom/tests/latest/test_confcom_arm.py | 11 +++++++++++ 3 files changed, 24 insertions(+) diff --git a/src/confcom/azext_confcom/config.py b/src/confcom/azext_confcom/config.py index 44fe6a874bf..609bc03e5ac 100644 --- a/src/confcom/azext_confcom/config.py +++ b/src/confcom/azext_confcom/config.py @@ -85,6 +85,9 @@ ACI_FIELD_YAML_LIVENESS_PROBE = "livenessProbe" ACI_FIELD_YAML_READINESS_PROBE = "readinessProbe" ACI_FIELD_YAML_STARTUP_PROBE = "startupProbe" +ACI_FIELD_TEMPLATE_SPECIAL_ENV_VAR_REGEX_NAME = "THIM_ENDPOINT" +ACI_FIELD_TEMPLATE_SPECIAL_ENV_VAR_REGEX_VALUE = "^===CONFIDENTIAL.THIM.ENDPOINT===$" + VIRTUAL_NODE_YAML_METADATA = "metadata" VIRTUAL_NODE_YAML_COMMAND = "command" VIRTUAL_NODE_YAML_ARGS = "args" diff --git a/src/confcom/azext_confcom/template_util.py b/src/confcom/azext_confcom/template_util.py index d8b25a400e3..a1089cf71f3 100644 --- a/src/confcom/azext_confcom/template_util.py +++ b/src/confcom/azext_confcom/template_util.py @@ -244,6 +244,16 @@ def process_env_vars_from_template(params: dict, config.ACI_FIELD_CONTAINERS_ENVS_VALUE: ".*", config.ACI_FIELD_CONTAINERS_ENVS_STRATEGY: "re2", }) + elif ( + re.match(config.ACI_FIELD_TEMPLATE_SPECIAL_ENV_VAR_REGEX_VALUE, value) and + name == config.ACI_FIELD_TEMPLATE_SPECIAL_ENV_VAR_REGEX_NAME + ): + # special case for adding THIM endpoint to container + env_vars.append({ + config.ACI_FIELD_CONTAINERS_ENVS_NAME: config.ACI_FIELD_TEMPLATE_SPECIAL_ENV_VAR_REGEX_NAME, + config.ACI_FIELD_CONTAINERS_ENVS_VALUE: ".*", + config.ACI_FIELD_CONTAINERS_ENVS_STRATEGY: "re2", + }) else: env_vars.append({ config.ACI_FIELD_CONTAINERS_ENVS_NAME: name, diff --git a/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py b/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py index cd9f315ab76..542a848fd95 100644 --- a/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py +++ b/src/confcom/azext_confcom/tests/latest/test_confcom_arm.py @@ -970,6 +970,12 @@ def test_arm_template_with_parameter_file_injected_env_vars(self): "name": "[parameters('containername')]", "properties": { "image": "[parameters('image')]", + "environmentVariables": [ + { + "name": "THIM_ENDPOINT", + "value": "===CONFIDENTIAL.THIM.ENDPOINT===" + } + ], "ports": [ { "port": "[parameters('port')]" @@ -1023,10 +1029,15 @@ def test_arm_template_with_parameter_file_injected_env_vars(self): # see if we have environment variables specific to the python image in the parameter file python_flag = False + thim_flag = False for value in output_json[0][config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS]: if "PYTHON" in value[config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE]: python_flag = True + if f"{config.ACI_FIELD_TEMPLATE_SPECIAL_ENV_VAR_REGEX_NAME}=.*" == value[config.POLICY_FIELD_CONTAINERS_ELEMENTS_ENVS_RULE]: + thim_flag = True self.assertTrue(python_flag) + self.assertTrue(thim_flag) + class PolicyGeneratingArmContainerConfig(unittest.TestCase):