Azure
diff --git a/‎linter_exclusions.yml‎
Lines changed: 0 additions & 12 deletions b/‎linter_exclusions.yml‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎src/confcom/HISTORY.rst‎
Lines changed: 0 additions & 6 deletions b/‎src/confcom/HISTORY.rst‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎src/confcom/azext_confcom/_help.py‎
Lines changed: 0 additions & 43 deletions b/‎src/confcom/azext_confcom/_help.py‎
Lines changed: 0 additions & 43 deletions
diff --git a/‎src/confcom/azext_confcom/_params.py‎
Lines changed: 0 additions & 35 deletions b/‎src/confcom/azext_confcom/_params.py‎
Lines changed: 0 additions & 35 deletions
diff --git a/‎src/confcom/azext_confcom/command/fragment_attach.py‎
Lines changed: 0 additions & 46 deletions b/‎src/confcom/azext_confcom/command/fragment_attach.py‎
Lines changed: 0 additions & 46 deletions
diff --git a/‎src/confcom/azext_confcom/command/fragment_push.py‎
Lines changed: 0 additions & 46 deletions b/‎src/confcom/azext_confcom/command/fragment_push.py‎
Lines changed: 0 additions & 46 deletions
diff --git a/‎src/confcom/azext_confcom/commands.py‎
Lines changed: 0 additions & 4 deletions b/‎src/confcom/azext_confcom/commands.py‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎src/confcom/azext_confcom/custom.py‎
Lines changed: 6 additions & 46 deletions b/‎src/confcom/azext_confcom/custom.py‎
Lines changed: 6 additions & 46 deletions
@@ -3504,15 +3504,3 @@ neon postgres organization:
 neon postgres project:
   rule_exclusions:
   - require_wait_command_if_no_wait
-
-confcom fragment push:
-  parameters:
-    signed_fragment:
-      rule_exclusions:
-        - no_positional_parameters
-
-confcom fragment attach:
-  parameters:
-    signed_fragment:
-      rule_exclusions:
-        - no_positional_parameters
@@ -3,12 +3,6 @@
 Release History
 ===============
 
-1.5.0
-++++++
-* restored the behaviour of --upload-fragment in acifragmentgen to attach to first image in input
-* added confcom fragment push command to allow explicit uploading of standalone fragments
-* added confcom fragment attach command to allow explicit uploading of image attached fragments
-
 1.4.5
 ++++++
 * Drop the dependency on OPA
 
@@ -278,46 +278,3 @@
         - name: Input a Kubernetes YAML file with a custom containerd socket path
           text: az confcom katapolicygen --yaml "./pod.json" --containerd-pull --containerd-socket-path "/my/custom/containerd.sock"
 """
-
-helps[
-    "confcom fragment"
-] = """
-    type: group
-    short-summary: Commands to handle Confidential Container Policy Fragments.
-"""
-
-helps[
-    "confcom fragment push"
-] = """
-    type: command
-    short-summary: Push a Confidential Container Policy Fragment to an ORAS registry
-
-    parameters:
-      - name: --manifest-tag
-        type: string
-        short-summary: 'The reference to push the signed fragment to'
-
-    examples:
-        - name: Push a signed fragment to a registry
-          text: az confcom fragment push ./fragment.reg.cose --manifest-tag myregistry.azurecr.io/fragment:latest
-        - name: Push the output of acifragmentgen to a registry
-          text: az confcom acifragmentgen --chain my.cert.pem --key my_key.pem --svn "1" --namespace contoso --feed "test-feed" --input ./fragment_spec.json | az confcom fragment push --manifest-tag myregistry.azurecr.io/fragment:latest
-"""
-
-helps[
-    "confcom fragment attach"
-] = """
-    type: command
-    short-summary: Attach a Confidential Container Policy Fragment to an image in an ORAS registry.
-
-    parameters:
-      - name: --manifest-tag
-        type: string
-        short-summary: 'The reference to attach the signed fragment to'
-
-    examples:
-        - name: Attach a signed fragment to a registry
-          text: az confcom fragment attach ./fragment.reg.cose --manifest-tag myregistry.azurecr.io/image:latest
-        - name: Attach the output of acifragmentgen to a registry
-          text: az confcom acifragmentgen --chain my.cert.pem --key my_key.pem --svn "1" --namespace contoso --feed "test-feed" --input ./fragment_spec.json | az confcom fragment attach --manifest-tag myregistry.azurecr.io/image:latest
-"""
@@ -5,8 +5,6 @@
 # pylint: disable=line-too-long
 
 import json
-import argparse
-import sys
 from knack.arguments import CLIArgumentType
 from azext_confcom._validators import (
     validate_params_file,
@@ -46,32 +44,6 @@ def load_arguments(self, _):
         c.argument("tags", tags_type)
         c.argument("confcom_name", confcom_name_type, options_list=["--name", "-n"])
 
-    with self.argument_context("confcom fragment attach") as c:
-        c.positional(
-            "signed_fragment",
-            nargs='?',
-            type=argparse.FileType('rb'),
-            default=sys.stdin.buffer,
-            help="Signed fragment to attach",
-        )
-        c.argument(
-            "manifest_tag",
-            help="Manifest tag for the fragment",
-        )
-
-    with self.argument_context("confcom fragment push") as c:
-        c.positional(
-            "signed_fragment",
-            nargs='?',
-            type=argparse.FileType('rb'),
-            default=sys.stdin.buffer,
-            help="Signed fragment to push",
-        )
-        c.argument(
-            "manifest_tag",
-            help="Manifest tag for the fragment",
-        )
-
     with self.argument_context("confcom acipolicygen") as c:
         c.argument(
             "input_path",
@@ -390,13 +362,6 @@ def load_arguments(self, _):
             type=json.loads,
             help='Container definitions to include in the policy'
         )
-        c.argument(
-            "out_signed_fragment",
-            action="store_true",
-            default=False,
-            required=False,
-            help="Emit only the signed fragment bytes",
-        )
 
     with self.argument_context("confcom katapolicygen") as c:
         c.argument(
 
@@ -11,9 +11,5 @@ def load_command_table(self, _):
         g.custom_command("acifragmentgen", "acifragmentgen_confcom")
         g.custom_command("katapolicygen", "katapolicygen_confcom")
 
-    with self.command_group("confcom fragment") as g:
-        g.custom_command("attach", "fragment_attach", is_preview=True)
-        g.custom_command("push", "fragment_push", is_preview=True)
-
     with self.command_group("confcom"):
         pass
@@ -5,8 +5,7 @@
 
 import os
 import sys
-import tempfile
-from typing import Optional, BinaryIO
+from typing import Optional
 
 from azext_confcom import oras_proxy, os_util, security_policy
 from azext_confcom._validators import resolve_stdio
@@ -23,8 +22,6 @@
     get_image_name, inject_policy_into_template, inject_policy_into_yaml,
     pretty_print_func, print_existing_policy_from_arm_template,
     print_existing_policy_from_yaml, print_func, str_to_sha256)
-from azext_confcom.command.fragment_attach import fragment_attach as _fragment_attach
-from azext_confcom.command.fragment_push import fragment_push as _fragment_push
 from knack.log import get_logger
 from pkg_resources import parse_version
 
@@ -258,7 +255,6 @@ def acifragmentgen_confcom(
     upload_fragment: bool = False,
     no_print: bool = False,
     fragments_json: str = "",
-    out_signed_fragment: bool = False,
 ):
     if container_definitions is None:
         container_definitions = []
@@ -365,40 +361,24 @@ def acifragmentgen_confcom(
 
     fragment_text = policy.generate_fragment(namespace, svn, output_type, omit_id=omit_id)
 
-    if output_type != security_policy.OutputType.DEFAULT and not no_print and not out_signed_fragment:
+    if output_type != security_policy.OutputType.DEFAULT and not no_print:
         print(fragment_text)
 
     # take ".rego" off the end of the filename if it's there, it'll get added back later
     output_filename = output_filename.replace(".rego", "")
     filename = f"{output_filename or namespace}.rego"
-
-    if out_signed_fragment:
-        filename = os.path.join(tempfile.gettempdir(), filename)
-
     os_util.write_str_to_file(filename, fragment_text)
 
     if key:
         cose_proxy = CoseSignToolProxy()
         iss = cose_proxy.create_issuer(chain)
         out_path = filename + ".cose"
 
-        if out_signed_fragment:
-            out_path = os.path.join(tempfile.gettempdir(), os.path.basename(out_path))
-
         cose_proxy.cose_sign(filename, key, chain, feed, iss, algo, out_path)
-
-        # Preserve default behaviour established since version 1.1.0 of attaching
-        # the fragment to the first image specified in input
-        # (or --image-target if specified)
-        if upload_fragment:
-            oras_proxy.attach_fragment_to_image(
-                image_name=image_target or policy_images[0].containerImage,
-                filename=out_path,
-            )
-
-        if out_signed_fragment:
-            with open(out_path, "rb") as f:
-                sys.stdout.buffer.write(f.read())
+        if upload_fragment and image_target:
+            oras_proxy.attach_fragment_to_image(image_target, out_path)
+        elif upload_fragment:
+            oras_proxy.push_fragment_to_registry(feed, out_path)
 
 
 def katapolicygen_confcom(
@@ -532,23 +512,3 @@ def get_fragment_output_type(outraw):
     if outraw:
         output_type = security_policy.OutputType.RAW
     return output_type
-
-
-def fragment_attach(
-    signed_fragment: BinaryIO,
-    manifest_tag: str,
-) -> None:
-    _fragment_attach(
-        signed_fragment=signed_fragment,
-        manifest_tag=manifest_tag
-    )
-
-
-def fragment_push(
-    signed_fragment: BinaryIO,
-    manifest_tag: str,
-) -> None:
-    _fragment_push(
-        signed_fragment=signed_fragment,
-        manifest_tag=manifest_tag
-    )