[confcom] Fix opa installation on windows and in strict networking environments (#9440)

* [confcom] Fix opa installation on windows and in strict networking environments

* Bump version and history

* Fix merge conflict from previous commits

* Add clear error if user on unsupported platform

* .

Author: DomAyre

src/confcom/HISTORY.rst

@@ -3,6 +3,10 @@
 Release History
 ===============
 
+1.4.3
+++++++
+* Fix installing OPA on Windows and in strict networking environments
+
 1.4.2
 ++++++
 * Update policy model to use pydantic and explicitly declare collections where order doesn't affect function. These fields will serialize in alphabetical order and comparisons will ignore order.

src/confcom/azext_confcom/lib/opa.py

@@ -16,18 +16,25 @@
 from azext_confcom.lib.binaries import get_binaries_dir
 
 _opa_path = os.path.abspath(os.path.join(get_binaries_dir(), "opa"))
-_expected_sha256 = "fe8e191d44fec33db2a3d0ca788b9f83f866d980c5371063620c3c6822792877"
+_opa_url = {
+    "Linux": "https://github.com/open-policy-agent/opa/releases/download/v1.10.1/opa_linux_amd64",
+    "Windows": "https://github.com/open-policy-agent/opa/releases/download/v1.10.1/opa_windows_amd64.exe",
+}
+_expected_sha256 = {
+    "Linux": "fe8e191d44fec33db2a3d0ca788b9f83f866d980c5371063620c3c6822792877",
+    "Windows": "4c932053350eabca47681208924046fbf3ad9de922d6853fb12cddf59aef15ce",
+}
 
 
 def opa_get():
 
-    opa_fetch_resp = requests.get(
-        f"https://openpolicyagent.org/downloads/v1.10.1/opa_{platform.system().lower()}_amd64",
-        verify=True,
-    )
+    if not all(platform.system() in mapping for mapping in [_opa_url, _expected_sha256]):
+        raise RuntimeError(f"OPA is not supported on platform: {platform.system()}")
+
+    opa_fetch_resp = requests.get(_opa_url[platform.system()], verify=True)
     opa_fetch_resp.raise_for_status()
 
-    assert hashlib.sha256(opa_fetch_resp.content).hexdigest() == _expected_sha256
+    assert hashlib.sha256(opa_fetch_resp.content).hexdigest() == _expected_sha256[platform.system()]
 
     with open(_opa_path, "wb") as f:
         f.write(opa_fetch_resp.content)

src/confcom/azext_confcom/tests/conftest.py

@@ -14,6 +14,7 @@
 import shutil
 
 from pathlib import Path
+import zipfile
 
 
 # This fixture ensures tests are run against final built wheels of the extension
@@ -57,9 +58,9 @@ def run_on_wheel(request):
                     if (extension_dir / "build").exists():
                         shutil.rmtree((extension_dir / "build").as_posix(), ignore_errors=True)
 
-                if not any(build_dir.glob(f"{extension_name}*.whl")):
+                if not any(build_dir.glob(f"*{extension_name}*.whl")):
                     subprocess.run(
-                        ["azdev", "extension", "build", extension.replace("azext_", ""), "--dist-dir", build_dir.as_posix()],
+                        ["azdev", "extension", "build", extension_name, "--dist-dir", build_dir.as_posix()],
                         check=True,
                     )
 
@@ -68,7 +69,15 @@ def run_on_wheel(request):
 
     # Add the wheel to the path and reload extension modules so the
     # tests pick up the wheel code over the unbuilt code
-    sys.path.insert(0, build_dir.glob("*.whl").__next__().as_posix())
+    wheel_path = next(build_dir.glob("*.whl"))
+
+    expanded_dir = build_dir / f"{wheel_path.stem}_expanded"
+    if not expanded_dir.exists():
+        expanded_dir.mkdir(exist_ok=True)
+        with zipfile.ZipFile(wheel_path, "r") as z:
+            z.extractall(expanded_dir)
+
+    sys.path.insert(0, expanded_dir.resolve().as_posix())
     for module in list(sys.modules.values()):
         if extension in module.__name__ and module not in modules_to_test:
             del sys.modules[module.__name__]

src/confcom/setup.py

@@ -20,7 +20,7 @@
 
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
 
-VERSION = "1.4.2"
+VERSION = "1.4.3"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers