wip

mcollins-ttd · mcollins-ttd · commit e46d853aba55 · 2025-03-07T14:47:46.000+11:00
diff --git a/scripts/azure-vn/deployment/generate-deployment-artifacts.sh b/scripts/azure-vn/deployment/generate-deployment-artifacts.sh
@@ -39,10 +39,7 @@ fi
 
 # Input files
 INPUT_FILES=(
-    operator.json operator.parameters.json
-    vault.json vault.parameters.json
-    vnet.json vnet.parameters.json
-    gateway.json gateway.parameters.json
+    operator.yaml
 )
 
 # Copy input files to output dir
@@ -70,16 +67,17 @@ if [[ $? -ne 0 ]]; then
 fi
 
 # Generate operator template
-sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" ${OUTPUT_DIR}/operator.json && \
-  sed -i "s#IMAGE_VERSION_PLACEHOLDER#${IMAGE_VERSION}#g" ${OUTPUT_DIR}/operator.json
+sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" ${OUTPUT_DIR}/operator.yaml
+# && \
+#   sed -i "s#IMAGE_VERSION_PLACEHOLDER#${IMAGE_VERSION}#g" ${OUTPUT_DIR}/operator.yaml
 if [[ $? -ne 0 ]]; then
   echo "Failed to pre-process operator template file"
   exit 1
 fi
 
 # Export the policy, update it to turn off allow_environment_variable_dropping, and then insert it into the template
 # note that the EnclaveId is generated by generate.py on the raw policy, not the base64 version
-POLICY_DIGEST_FILE=azure-cc-operator-digest-$VERSION_NUMBER.txt
+POLICY_DIGEST_FILE=azure-vn-operator-digest-$VERSION_NUMBER.txt
 az confcom acipolicygen --approve-wildcards --template-file ${OUTPUT_DIR}/operator.json --print-policy > ${INPUT_DIR}/policy.base64
 base64 -di < ${INPUT_DIR}/policy.base64 > ${INPUT_DIR}/generated.rego
 sed -i "s#allow_environment_variable_dropping := true#allow_environment_variable_dropping := false#g" ${INPUT_DIR}/generated.rego
diff --git a/scripts/azure-vn/deployment/generate.py b/scripts/azure-vn/deployment/generate.py
@@ -0,0 +1,20 @@
+import sys
+from hashlib import sha256
+
+def str_to_sha256(x: str) -> str:
+    return sha256(x.encode('utf-8')).hexdigest()
+
+def print_data_sha256(data: str) -> str:
+    print(str_to_sha256(data))
+
+def print_data_sha256_stripped(data: str) -> str:
+    print(str_to_sha256(data.strip()))
+
+def main():
+    with open(sys.argv[1], 'r') as file:
+        data = file.read()
+
+    print_data_sha256(data)
+
+if __name__ == '__main__':
+    main()
diff --git a/scripts/azure-vn/deployment/operator.yaml b/scripts/azure-vn/deployment/operator.yaml
@@ -12,7 +12,7 @@ spec:
       labels:
         app.kubernetes.io/name: operator
       annotations:
-        microsoft.containerinstance.virtualnode.ccepolicy: ''
+        microsoft.containerinstance.virtualnode.ccepolicy: CCE_POLICY_PLACEHOLDER
         microsoft.containerinstance.virtualnode.identity: IDENTITY_PLACEHOLDER
         microsoft.containerinstance.virtualnode.injectdns: "false"
     spec:
