Azure
diff --git a/‎src/confcom/azext_confcom/command/containers_from_vn2.py‎
Lines changed: 15 additions & 13 deletions b/‎src/confcom/azext_confcom/command/containers_from_vn2.py‎
Lines changed: 15 additions & 13 deletions
diff --git a/‎src/confcom/azext_confcom/custom.py‎
Lines changed: 2 additions & 2 deletions b/‎src/confcom/azext_confcom/custom.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/confcom/azext_confcom/lib/containers.py‎
Lines changed: 4 additions & 4 deletions b/‎src/confcom/azext_confcom/lib/containers.py‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/confcom/azext_confcom/lib/policy.py‎
Lines changed: 2 additions & 3 deletions b/‎src/confcom/azext_confcom/lib/policy.py‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/confcom/azext_confcom/tests/latest/test_confcom_acipolicygen_arm.py‎
Lines changed: 1 addition & 1 deletion b/‎src/confcom/azext_confcom/tests/latest/test_confcom_acipolicygen_arm.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/confcom/samples/vn2/basic_command_args/containers.inc.rego‎
Lines changed: 20 additions & 40 deletions b/‎src/confcom/samples/vn2/basic_command_args/containers.inc.rego‎
Lines changed: 20 additions & 40 deletions
@@ -53,17 +53,15 @@ def vn2_container_env_rules(template: dict, container: dict, template_variables:
                     env_var.get('valueFrom').get("secretKeyRef", None)
                 )
                 yield {
-                    "name": env_var.get('name'),
-                    "value": template_variables[var_ref.get("name")][var_ref.get("key")],
+                    "pattern": f"{env_var.get('name')}={template_variables[var_ref.get('name')][var_ref.get('key')]}",
                     "strategy": "string",
                     "required": False,
                 }
 
             elif "fieldRef" in env_var.get('valueFrom'):
                 # Existing behaviour is to wildcard this, there is a correct implementation below
                 yield {
-                    "name": env_var.get('name'),
-                    "value": ".*",
+                    "pattern": f"{env_var.get('name')}=.*",
                     "strategy": "re2",
                     "required": False,
                 }
@@ -156,17 +154,21 @@ def containers_from_vn2(
         "name": container_name,
         "command": template_container.get("command", []) + template_container.get("args", []),
         "env_rules": (
-            config.OPENGCS_ENV_RULES
-            + config.FABRIC_ENV_RULES
-            + config.MANAGED_IDENTITY_ENV_RULES
-            + config.ENABLE_RESTART_ENV_RULE
-            + config.VIRTUAL_NODE_ENV_RULES
+            [
+                {
+                    "pattern": rule.get("pattern") or f"{rule.get('name')}={rule.get('value')}",
+                    "strategy": rule.get("strategy", "string"),
+                    "required": rule.get("required", False),
+                } for rule in (
+                config.OPENGCS_ENV_RULES
+                + config.FABRIC_ENV_RULES
+                + config.MANAGED_IDENTITY_ENV_RULES
+                + config.ENABLE_RESTART_ENV_RULE
+                + config.VIRTUAL_NODE_ENV_RULES
+            )]
             + list(vn2_container_env_rules(template_doc, template_container, variables))
         ),
-        "mounts": (
-            VN2_MOUNTS
-            + vn2_container_mounts(template_doc, template_container)
-        ),
+        "mounts": vn2_container_mounts(template_doc, template_container),
     }
 
     # Parse security context
 
@@ -570,7 +570,7 @@ def containers_from_vn2(
     template: str,
     container_name: str,
 ) -> None:
-    _containers_from_vn2(
+    print(_containers_from_vn2(
         template=template,
         container_name=container_name,
-    )
+    ))
@@ -3,6 +3,7 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 
+from dataclasses import asdict
 from azext_confcom.lib.images import get_image_layers, get_image_config
 from azext_confcom.lib.platform import ACI_MOUNTS, VN2_MOUNTS
 
@@ -21,9 +22,8 @@ def merge_containers(*args) -> dict:
                 "mounts",
                 "signals",
             }:
-                if key not in merged_container:
-                    merged_container[key] = []
-                merged_container[key] += value
+                existing = merged_container.get(key) or []
+                merged_container[key] = list(existing) + list(value or [])
             else:
                 merged_container[key] = value
 
@@ -33,7 +33,7 @@ def merge_containers(*args) -> dict:
 def from_image(image: str, platform: str) -> dict:
 
     mounts = {
-        "aci": ACI_MOUNTS,
+        "aci": [asdict(mount) for mount in ACI_MOUNTS],
         "vn2": VN2_MOUNTS,
     }.get(platform, None)
 
 
@@ -52,8 +52,7 @@ class ContainerRuleLegacy:
 @dataclass
 class ContainerExecProcesses:
     command: List[str]
-    signals: Optional[List[str]] = OrderlessField(default=None)
-    allow_stdio_access: bool = True
+    signals: Optional[List[int]] = OrderlessField(default=None)
 
 
 @dataclass()
@@ -98,7 +97,7 @@ class Container:
     name: Optional[str] = None
     no_new_privileges: bool = False
     seccomp_profile_sha256: str = ""
-    signals: List[str] = OrderlessField(default_factory=list)
+    signals: List[int] = OrderlessField(default_factory=list)
     user: ContainerUser = Field(default_factory=ContainerUser)
     working_dir: str = "/"
 
 
@@ -67,7 +67,7 @@ def test_acipolicygen(sample_directory, generated_policy_path):
     parameters_path = os.path.join(SAMPLES_ROOT, sample_directory, "parameters.json")
     if not os.path.isfile(parameters_path):
         parameters_path = None
-    flags = POLICYGEN_ARGS[generated_policy_path]
+    flags = POLICYGEN_ARGS[generated_policy_path].copy()
 
     with open(os.path.join(SAMPLES_ROOT, sample_directory, generated_policy_path), "r", encoding="utf-8") as f:
         expected_policy = f.read()
 
@@ -7,124 +7,104 @@
     ],
     "env_rules": [
       {
-        "name": "APP_MODE",
         "required": false,
         "strategy": "string",
-        "value": "production"
+        "pattern": "APP_MODE=production"
       },
       {
-        "name": "PATH",
         "required": false,
         "strategy": "string",
-        "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        "pattern": "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
       },
       {
-        "name": "TERM",
         "required": false,
         "strategy": "string",
-        "value": "xterm"
+        "pattern": "TERM=xterm"
       },
       {
-        "name": "(?i)(FABRIC)_.+",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "(?i)(FABRIC)_.+=.+"
       },
       {
-        "name": "HOSTNAME",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "HOSTNAME=.+"
       },
       {
-        "name": "T(E)?MP",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "T(E)?MP=.+"
       },
       {
-        "name": "FabricPackageFileName",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "FabricPackageFileName=.+"
       },
       {
-        "name": "HostedServiceName",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "HostedServiceName=.+"
       },
       {
-        "name": "IDENTITY_API_VERSION",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "IDENTITY_API_VERSION=.+"
       },
       {
-        "name": "IDENTITY_HEADER",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "IDENTITY_HEADER=.+"
       },
       {
-        "name": "IDENTITY_SERVER_THUMBPRINT",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "IDENTITY_SERVER_THUMBPRINT=.+"
       },
       {
-        "name": "azurecontainerinstance_restarted_by",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "azurecontainerinstance_restarted_by=.+"
       },
       {
-        "name": "[A-Z0-9_]+_SERVICE_HOST",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "[A-Z0-9_]+_SERVICE_HOST=.+"
       },
       {
-        "name": "[A-Z0-9_]+_SERVICE_PORT",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "[A-Z0-9_]+_SERVICE_PORT=.+"
       },
       {
-        "name": "[A-Z0-9_]+_SERVICE_PORT_[A-Z0-9_]+",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "[A-Z0-9_]+_SERVICE_PORT_[A-Z0-9_]+=.+"
       },
       {
-        "name": "[A-Z0-9_]+_PORT",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "[A-Z0-9_]+_PORT=.+"
       },
       {
-        "name": "[A-Z0-9_]+_PORT_[0-9]+_TCP",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "[A-Z0-9_]+_PORT_[0-9]+_TCP=.+"
       },
       {
-        "name": "[A-Z0-9_]+_PORT_[0-9]+_TCP_PROTO",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "[A-Z0-9_]+_PORT_[0-9]+_TCP_PROTO=.+"
       },
       {
-        "name": "[A-Z0-9_]+_PORT_[0-9]+_TCP_PORT",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "[A-Z0-9_]+_PORT_[0-9]+_TCP_PORT=.+"
       },
       {
-        "name": "[A-Z0-9_]+_PORT_[0-9]+_TCP_ADDR",
         "required": false,
         "strategy": "re2",
-        "value": ".+"
+        "pattern": "[A-Z0-9_]+_PORT_[0-9]+_TCP_ADDR=.+"
       }
     ],
     "id": "mcr.microsoft.com/azurelinux/distroless/base@sha256:1e77d97e1e39f22ed9c52f49b3508b4c1044cec23743df9098ac44e025f654f2",