Policy enforcement within the guest agent will utilize Regorus as the policy engine.
Regorus is maintained as a separate open-source repository.
For the initial implementation, a static MUSL executable is built separately and copied into the tests/data folder. The binary will eventually be published via official build pipeline and added to the guest agent package, but for now, is kept in a test directory.
This PR adds the initial policy engine framework:
new "Debug.EnableExtensionPolicy" conf flag added to enable policy enforcement
Regorus is only imported if policy is enabled via conf and the platform is supported. If there are import errors, the agent continues without policy enforcement.
Unit tests were added for policy_engine.py and regorus.py. There is no change to agent functionality, so no end-to-end tests have been added yet.
PR information
[x] The title of the PR is clear and informative.
[x] There are a small number of commits, each of which has an informative message. This means that previously merged commits do not appear in the history of the PR. For information on cleaning up the commits in your pull request, see this page.
[x] If applicable, the PR references the bug/issue that it fixes in the description.
[x] New Unit tests were added for the changes made
Description
Policy enforcement within the guest agent will utilize Regorus as the policy engine.
This PR adds the initial policy engine framework:
PR information
Quality of Code and Contribution Guidelines