Merged
Conversation
SethHollandsworth
requested review from
hgarvison and
stevendongatmsft
as code owners
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for VN2 fragments by extending the virtual node YAML processing, updating test coverage, and aligning fragment handling with Confidential ACI functionality. Key changes include:
- New test cases and certificate setup in test_confcom_virtual_node.py and test_confcom_fragment.py to validate VN2 fragment generation.
- Updates to security_policy.py, custom.py, container.py, and config.py to handle new fragment-related parameters and usage ("vn2") correctly.
- Adjusted expected image layer hash values in test_confcom_scenario.py.
Reviewed Changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/latest/test_confcom_virtual_node.py | Introduces new test methods for VN2 fragment policy generation and certificate setup. |
| tests/latest/test_confcom_scenario.py | Updates expected image layer hash values. |
| tests/latest/test_confcom_fragment.py | Adds tests for VN2 fragment generation including securityContext validations. |
| security_policy.py | Extends function parameters and modifies mount handling for virtual node YAML processing and fragment support. |
| custom.py | Updates acipolicygen_confcom parameters to pass fragment-related arguments. |
| container.py | Improves handling of environment rules and container mounts for VN2 policies. |
| config.py | Introduces new usage constants, including VN2. |
Files not reviewed (1)
- src/confcom/HISTORY.rst: Language not supported
Comments suppressed due to low confidence (2)
src/confcom/azext_confcom/custom.py:147
- [nitpick] The parameter name 'diff' may shadow built-in functions; consider renaming it (for example, 'diff_mode_flag') for improved clarity.
diff_mode=diff,
src/confcom/azext_confcom/security_policy.py:1160
- Resetting 'mounts' to an empty list replaces the default mounts from config.DEFAULT_MOUNTS_VIRTUAL_NODE; please verify that this change is intentional and does not omit necessary default mounts for non-VN2 scenarios.
mounts = []
hgarvison
reviewed
Apr 22, 2025
hgarvison
approved these changes
Apr 22, 2025
ksayid
reviewed
Apr 23, 2025
src/confcom/azext_confcom/tests/latest/test_confcom_fragment.py
Outdated
Show resolved
Hide resolved
ksayid
approved these changes
Apr 23, 2025
hgarvison
approved these changes
Apr 24, 2025
SethHollandsworth
force-pushed
the
vn2_fragments
branch
from
ee7c8a0 to
885f4d2
Compare
hgarvison
approved these changes
Apr 24, 2025
SethHollandsworth
pushed a commit
that referenced
this pull request
Aug 27, 2025
* build: add cicd pipeline (#7) * build: move update version logic to workflow (#8) * build: Run CI on multiple python version (#38) * build: Run CI in Python 3.8-3.11 * build: remove pull request event for CI to avoid duplicate runs * feat: enable openapi spec from url in api register (#74) * feat: enable openapi spec from url in api register * refactor: set spec definition as link format when link provided * fix: fix style * test: add error handling case for testing invalid spec url * fix: fix test case * fix: use 404 response url * test: update case * test: update test case * refactor: update error logic * test: update test case to setup live test pipeline (#76) * test: update test case to setup live test pipeline (#75) * test: update test case * update * . * . * . * . * . * . * . * . * . * . * . * test: update test case * refactor: enable both identity * fix: bad if else * fix: fix bad parameter * refactor: add example (#77) * refactor: add example * fix: update params * fix: bad api id * refactor: add @filename.json examples (#78) * refactor: add example * fix: update params * fix: bad api id * refactor: add @filename.json examples * refactor: update * refactor: add error handling (#79) * refactor: add error handling * refactor: catch internal error * fix: revert the change * feat: support APIM/APIC sync (#80) * feat: add APIM/APIC sync commands * feat: rename apim to azure-api-management * style: fix code style * fix: sync property names with new API spec * Revert "fix: sync property names with new API spec" This reverts commit 04da67e. --------- Co-authored-by: frankqianms <frankqian@microsoft.com> * feat: resolve feedback and fix examples (#82) * feat: resolve feedback and fix examples * style: fix code style * feat: amazon api gateway sync (#81) * feat: add APIM/APIC sync commands * feat: rename apim to azure-api-management * style: fix code style * fix: sync property names with new API spec * feat: add aws api gateway sync command * Revert "fix: sync property names with new API spec" This reverts commit 04da67e. * refactor: add amazonApiGatewaySource * refactor: refactoring apim sync and amazon sync * refactor: refactor cmd structure to make apim and aws sync seperated * fix: remove log print * chore: generate new cmds * refactor: update version and remove import * feat: add `apic integration create amazon-api-gateway` * fix: style * fix: change query param api-version * revert changes in _delete.py * fix: some neede fixs * fix: add the help sentence * refactor: make params clear * refactor: handle msi-resource-id * refacor: revert flatten of apim resource * fix: use 06-01-preiew currently * fix: style * refactor: arg groups * fix: bad short param name * chore: re-generate * fix: old resource_id name * chore: arg group * chore: naming * fix: fix according to comments * chore: update * fix: style --------- Co-authored-by: Chaoyi Yuan <chyuan@microsoft.com> * feat: add import amazon-api-gateway cmd (#83) * feat: add import amazon-api-gateway cmd * feat: change arg group and update parameter name --------- Co-authored-by: Chaoyi Yuan <chyuan@microsoft.com> * fix: use older version API (#84) * feat: rename command and param names (#85) * feat: rename command and param names * doc: update comments * doc: update sample * test: add test case for sync cmd `apic integration create apim` and `apic integration create aws` (#86) * test: add test case for apim sync * refactor: refactor for apim preparer * refactor: refactoring case and utils, optimize checkers * chore: remove print and add explaination * refactor: rename file * fix: try to fix error determing the version * revert: Remove specific azure-cli and azure-core installations * test: add aws sync testcase (#87) * test: add test case for aws sync command * fix: remove key value * fix: remove pip install * chore: renaming constants * refactor: update the utils and test case * refactor: updated * fix: workaround for urllib3 package (#88) * Revert "fix: workaround for urllib3 package (#88)" (#90) This reverts commit 1d508f4. * build: 1.2.0 beta 1 release * build: remove CI and CD files * doc: improve history * fix: set extention version to be preview * refactor: integration examples and bad example for `apic update` (#91) * refactor: integration examples * fix: apic update example * feat: add api-analysis rules (#89) * feat: analysi rule init * feat: add create cmd * feat: add create and delete api-analysis commands * feat: add import-ruleset and export-ruleset commands * fix: update aaz * fix: registered * fix: examples * fix: fix style * refactor: renaming * refactor: regenerate aaz * fix: fix codes * fix: fix logics * fix: style * fix: rename parameter service name * fix: change api-analysis status to preview * fix: integration list * refactor: modify examples * feat: analysi rule init * feat: add create cmd * feat: add create and delete api-analysis commands * feat: add import-ruleset and export-ruleset commands * fix: update aaz * fix: registered * fix: examples * fix: fix style * refactor: renaming * refactor: regenerate aaz * fix: fix codes * fix: fix logics * fix: style * fix: change api-analysis status to preview * fix: change short name of service name * fix: apic update example * fix: examples and default value * chore: example * fix: bad parameter short names * fix: downgrade api version * fix: set default workspace for list,show,update api-analysis * refactor: integration examples * fix: style * chore: update log * test: add import-aws case and modify region * feat: add import apim and deperacate import-from-apim, add analysis create and list test cases * fix: correctly deprecate import-from-apim * test: add apianalysis test cases * build: bump up to 1.2.0b2 * test: add api-analysis update testcase * build: change log of 1.2.0b2 * chore: unregister the filter * fix: better methods name and remove extra lint disable * refactor: set default analyzer-type in aaz * refactor: remove preview tag for some integration commands and hide the analyzer_type param * chore: update spec for filter param * fix: set default analyzer_type correctly * fix: import apim fix (#92) * add CD * rename * upgrade upload-artifact * fix: fix missing apis param in import apim * fix: regenerate according to new spec * cd: remove cd file * test: update test cases * fix: fix spec version in register command * test: update test cases * test: update recordings * test: live test * fix: fix test cases of api analysis * fix: update recordings * fix: remove comment * fix: merge and align latest version * Update command_patches.py fix linter * fix: remove import cmds & preview tag of integrate cmds * test: remove uneeded test cases * fix: fix linter failures for auto generated params * test: update tests * Update HISTORY.rst * fix: remove extra yml * Update HISTORY.rst * test: update test cases and recordings * fix: fix cases --------- Co-authored-by: Chaoyi Yuan <blackchoey@gmail.com> Co-authored-by: Chaoyi Yuan <chyuan@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Since VN2 and fragments were developed concurrently, this functionality hadn't been considered. This PR closes the gap between using fragments for VN2 vs. Confidential ACI. Usage is the same as confidential ACI but using
--virtual-node-yamlinstead of--template-file.Ex)
az confcom acipolicygen --virtual-node-yaml <yaml-path> --include-fragments --fragments-json <fragment-import-path>