Extension policy enforcement within the guest agent will utilize Regorus as the policy engine.
Regorus is maintained as a separate open-source repository.
For the initial implementation, the Regorus executable (.so file) is built separately and copied into the guest agent repository (Python bindings are built into a wheel file, which is unzipped to extract the .so. This avoids customers having to install a dependency via pip.) The binary will eventually be signed and added to the guest agent package, but for now, is kept in a test directory.
Eventually, we aim to set up a pipeline for the guest agent to automatically consume builds from Regorus.
This PR adds the Regorus library to the guest agent test directory:
The Regorus executable (.so file) is stored under tests_e2e/tests/executables. This binary is copied to e2e test machines and not on to customer machines.
The feature is currently gated behind the "Debug.EnableExtensionPolicy" conf flag. Regorus is only imported if policy is enabled via the configuration file and running on a supported Ubuntu machine (Ubuntu >= 16.04). If there are import errors, the agent continues without policy enforcement.
A template PolicyEngine class was added to test the import. Unit and E2E tests were added for the PolicyEngine class.
Description
Issue #
Extension policy enforcement within the guest agent will utilize Regorus as the policy engine.
This PR adds the Regorus library to the guest agent test directory:
Pipeline test run