tests/main/cohorts: replace yq with a Python snippet
The yq tool changed its command line arguments and the test broke. Try not to
depend on external tools and use a simple Python snippet to extract the cohort key.
Signed-off-by: Maciej Borzecki <email address hidden>
interfaces/greengrass-support: finalize the flavor attribute names
The flavor attribute names are now as follows:
- "legacy-container" is the full containerization also known as
"Greengrass container" in AWS's UI.
- "no-container" is the process-mode, no confinement mode, also known as "no
container" in AWS's UI.
The PR that added greengras attribute names was merged prematurely
before Samuele had a chance to review the naming. This commit adds
the TODO and will be milestoned 2.49 to ensure that we do not
release anything to stable with the preliminary names.
interfaces/greengrass-support: add additional "process" flavor for 1.11 update
This adds a new attribute to the greengrass-support interface, "flavor", which
indicates what mode of containerization the greengrassd daemon is meant to be
supporting with the plug. With no flavor attribute, or the "container" flavor,
then the old policy is available so as to not break old users of the snap, but
with a new "process" flavor, then a far less privileged version of the interface
is provided, which allows the greengrassd daemon to implement no
containerization and thus the lambdas that are run are not run with the
additional privilege afforded to the original implementation of the interface,
as that would allow lambdas to trivially escape the sandbox.
These accesses are generally useful to snaps wanting to know more about their
host system, but also more specifically useful to the new version of the
Greengrass snap which will use much less privilege to run.