Install azfilesauth package #593
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds the azfilesauth package to the Cloud Shell image for mounting Azure storage, along with the Python requests package which is required for azfilesauth functionality.
Changes:
- Installs the azfilesauth package via tdnf package manager in the base.Dockerfile
- Installs the Python requests package using pip
- Updates the command_list test baseline to include new commands provided by azfilesauth: azfilesauthmanager, azfilesrefresh, and normalizer
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| linux/base.Dockerfile | Adds azfilesauth to the tdnf package installation list and installs the requests Python package via pip |
| tests/command_list | Updates the baseline command list to include azfilesauthmanager, azfilesrefresh, and normalizer commands that are now available after installing azfilesauth |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # | ||
| # Install requests package for azfilesauth | ||
| # | ||
| pip install requests No newline at end of file |
There was a problem hiding this comment.
For consistency with other Python package installations in this file, consider using pip3 instead of pip. Other pip commands in the Dockerfile use pip3 explicitly (line 165) or python -m pip (line 172).
| # | ||
| # Install requests package for azfilesauth | ||
| # | ||
| pip install requests No newline at end of file |
There was a problem hiding this comment.
The Dockerfile installs the Python requests package via pip install requests without pinning a version or verifying integrity. This creates a supply chain risk where a compromised or malicious requests release on PyPI could be pulled into the base CloudShell image and executed at build time or when imported at runtime. Prefer using a pinned version from a trusted source (e.g., internal feed) and, where possible, enabling hash or signature verification for the downloaded package.
Can we get the size increase all of these contribute to? Also it is only a POC at the moment, we could add it once we determine everything works with identity isn't it? |
| # | ||
| # Install requests package for azfilesauth | ||
| # | ||
| pip install requests No newline at end of file |
There was a problem hiding this comment.
why do we need requests library? Is this a dependency induced by one of these packages?
|
Also, can we move these libaries into a section where we comment clearly saying these are used for cloudshell's operational purposes, and these are not customer packages. just the azauthfiles and not requests etc. We can track which package is for what purpose in this huge monolith |
Installing the azfilesauth package which is used for mounting storage, requests package for python is also installed as it is needed for azfilesauthmanager functionality.