Skip to content

Commit c4e8521

Browse files
mcollins-ttdmcollins-ttd
committed
wip
1 parent e46d853 commit c4e8521

1 file changed

Lines changed: 7 additions & 3 deletions

File tree

scripts/azure-vn/deployment/generate-deployment-artifacts.sh

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -78,12 +78,16 @@ fi
7878
# Export the policy, update it to turn off allow_environment_variable_dropping, and then insert it into the template
7979
# note that the EnclaveId is generated by generate.py on the raw policy, not the base64 version
8080
POLICY_DIGEST_FILE=azure-vn-operator-digest-$VERSION_NUMBER.txt
81-
az confcom acipolicygen --approve-wildcards --template-file ${OUTPUT_DIR}/operator.json --print-policy > ${INPUT_DIR}/policy.base64
81+
az confcom acipolicygen --virtual-node-yaml ${OUTPUT_DIR}/operator.yaml --print-policy > ${INPUT_DIR}/policy.base64
8282
base64 -di < ${INPUT_DIR}/policy.base64 > ${INPUT_DIR}/generated.rego
8383
sed -i "s#allow_environment_variable_dropping := true#allow_environment_variable_dropping := false#g" ${INPUT_DIR}/generated.rego
84+
sed -i 's#{"pattern":"DEPLOYMENT_ENVIRONMENT=DEPLOYMENT_ENVIRONMENT_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"DEPLOYMENT_ENVIRONMENT=.+","required":false,"strategy":"re2"}#g' generated.rego
85+
sed -i 's#{"pattern":"VAULT_NAME=VAULT_NAME_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"VAULT_NAME=.+","required":false,"strategy":"re2"}#g' generated.rego
86+
sed -i 's#{"pattern":"OPERATOR_KEY_SECRET_NAME=OPERATOR_KEY_SECRET_NAME_PLACEHOLDER","required":false,"strategy":"string"}#{"pattern":"OPERATOR_KEY_SECRET_NAME=.+","required":false,"strategy":"re2"}#g' generated.rego
8487
base64 -w0 < ${INPUT_DIR}/generated.rego > ${INPUT_DIR}/generated.rego.base64
8588
python3 ${SCRIPT_DIR}/generate.py ${INPUT_DIR}/generated.rego > ${MANIFEST_DIR}/${POLICY_DIGEST_FILE}
8689

87-
cp ${OUTPUT_DIR}/operator.json ${INPUT_DIR}/source.json
88-
jq --arg policy "$(cat ${INPUT_DIR}/generated.rego.base64)" '.resources[].properties.confidentialComputeProperties.ccePolicy = $policy' ${INPUT_DIR}/source.json > ${OUTPUT_DIR}/operator.json
90+
sed -i "s#CCE_POLICY_PLACEHOLDER#$(cat $(INPUT_DIR)/generated.rego.base64)#g" ${OUTPUT_DIR}/operator.yaml
91+
# cp ${OUTPUT_DIR}/operator.json ${INPUT_DIR}/source.json
92+
# jq --arg policy "$(cat ${INPUT_DIR}/generated.rego.base64)" '.resources[].properties.confidentialComputeProperties.ccePolicy = $policy' ${INPUT_DIR}/source.json > ${OUTPUT_DIR}/operator.json
8993

0 commit comments

Comments
 (0)