From 097c3715e752149e3880367da8d63d9383e55725 Mon Sep 17 00:00:00 2001
From: stevenhorsman <steven@uk.ibm.com>
Date: Mon, 23 Jun 2025 15:21:41 +0100
Subject: [PATCH] tests/k8s: Enable tests for qemu-runtime-rs-coco-dev

Add the runtime class to the non-tee tests and
enable it to run in the test code

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
---
 .github/workflows/run-kata-coco-tests.yaml             |  1 +
 tests/integration/kubernetes/confidential_common.sh    |  2 +-
 tests/integration/kubernetes/k8s-guest-pull-image.bats | 10 +++++-----
 tests/integration/kubernetes/k8s-initdata.bats         |  8 ++++----
 tests/integration/kubernetes/setup.sh                  |  2 +-
 tests/integration/kubernetes/tests_common.sh           |  4 ++--
 6 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml
index e71e59fd8c..147f152f7f 100644
--- a/.github/workflows/run-kata-coco-tests.yaml
+++ b/.github/workflows/run-kata-coco-tests.yaml
@@ -218,6 +218,7 @@ jobs:
       matrix:
         vmm:
           - qemu-coco-dev
+          - qemu-runtime-rs-coco-dev
         snapshotter:
           - nydus
         pull-type:
diff --git a/tests/integration/kubernetes/confidential_common.sh b/tests/integration/kubernetes/confidential_common.sh
index 617deaf6a0..4625134537 100644
--- a/tests/integration/kubernetes/confidential_common.sh
+++ b/tests/integration/kubernetes/confidential_common.sh
@@ -11,7 +11,7 @@ source "${BATS_TEST_DIRNAME}/../../common.bash"
 load "${BATS_TEST_DIRNAME}/confidential_kbs.sh"
 
 SUPPORTED_TEE_HYPERVISORS=("qemu-snp" "qemu-tdx" "qemu-se")
-SUPPORTED_NON_TEE_HYPERVISORS=("qemu-coco-dev")
+SUPPORTED_NON_TEE_HYPERVISORS=("qemu-coco-dev" "qemu-runtime-rs-coco-dev")
 
 function setup_unencrypted_confidential_pod() {
 	get_pod_config_dir
diff --git a/tests/integration/kubernetes/k8s-guest-pull-image.bats b/tests/integration/kubernetes/k8s-guest-pull-image.bats
index ca53140644..acbf2c3ab4 100644
--- a/tests/integration/kubernetes/k8s-guest-pull-image.bats
+++ b/tests/integration/kubernetes/k8s-guest-pull-image.bats
@@ -110,7 +110,7 @@ setup() {
 
 
     # Set CreateContainerRequest timeout for qemu-coco-dev
-    if [ "${KATA_HYPERVISOR}" == "qemu-coco-dev" ]; then
+    if [[ "${KATA_HYPERVISOR}" == "qemu-coco-dev" || "${KATA_HYPERVISOR}" == "qemu-runtime-rs-coco-dev" ]]; then
         create_container_timeout=300
         set_metadata_annotation "$pod_config" \
             "io.katacontainers.config.runtime.create_container_timeout" \
@@ -133,7 +133,7 @@ setup() {
 
     add_allow_all_policy_to_yaml "$pod_config"
     local wait_time=120
-    [ "${KATA_HYPERVISOR}" == "qemu-coco-dev" ] && wait_time=300
+    [[ "${KATA_HYPERVISOR}" == "qemu-coco-dev" || "${KATA_HYPERVISOR}" == "qemu-runtime-rs-coco-dev" ]] && wait_time=300
     k8s_create_pod "$pod_config" "$wait_time"
 }
 
@@ -187,7 +187,7 @@ setup() {
     [ "${KATA_HYPERVISOR}" == "qemu-snp" ] && skip "See: https://github.com/kata-containers/kata-containers/issues/10838"
     [ "${KATA_HYPERVISOR}" == "qemu-tdx" ] && skip "See: https://github.com/kata-containers/kata-containers/issues/10838"
 
-    if [ "${KATA_HYPERVISOR}" = "qemu-coco-dev" ] && [ "${KBS_INGRESS}" = "aks" ]; then
+    if [[ "${KATA_HYPERVISOR}" == "qemu-coco-dev" || "${KATA_HYPERVISOR}" == "qemu-runtime-rs-coco-dev" ]] && [ "${KBS_INGRESS}" = "aks" ]; then
         skip "skip this specific one due to issue https://github.com/kata-containers/kata-containers/issues/10299"
     fi
     storage_config=$(mktemp "${BATS_FILE_TMPDIR}/$(basename "${storage_config_template}").XXX")
@@ -206,7 +206,7 @@ setup() {
 
     # Set CreateContainerRequest timeout in the annotation to pull large image in guest
     create_container_timeout=120
-    [ "${KATA_HYPERVISOR}" == "qemu-coco-dev" ] && create_container_timeout=600
+    [[ "${KATA_HYPERVISOR}" == "qemu-coco-dev" || "${KATA_HYPERVISOR}" == "qemu-runtime-rs-coco-dev" ]] && create_container_timeout=600
     set_metadata_annotation "$pod_config" \
         "io.katacontainers.config.runtime.create_container_timeout" \
         "${create_container_timeout}"
@@ -227,7 +227,7 @@ setup() {
 
     add_allow_all_policy_to_yaml "$pod_config"
     local wait_time=120
-    [ "${KATA_HYPERVISOR}" == "qemu-coco-dev" ] && wait_time=600
+    [[ "${KATA_HYPERVISOR}" == "qemu-coco-dev" || "${KATA_HYPERVISOR}" == "qemu-runtime-rs-coco-dev" ]] && wait_time=600
     k8s_create_pod "$pod_config" "$wait_time"
 }
 
diff --git a/tests/integration/kubernetes/k8s-initdata.bats b/tests/integration/kubernetes/k8s-initdata.bats
index 1dd801dca8..53ad9f2504 100644
--- a/tests/integration/kubernetes/k8s-initdata.bats
+++ b/tests/integration/kubernetes/k8s-initdata.bats
@@ -10,7 +10,7 @@
 # 3. Pull an image from a banned registry
 # 4. Check if the pulling fails with log `image security validation failed`,
 # the initdata works.
-# 
+#
 # Note that if initdata does not work, the pod still fails to launch (hang at
 # CreatingContainer status). The error information is
 # `[CDH] [ERROR]: Get Resource failed` which internally means that the KBS URL
@@ -35,7 +35,7 @@ setup() {
     setup_common || die "setup_common failed"
 
     FAIL_TEST_IMAGE="quay.io/prometheus/busybox:latest"
-    
+
     SECURITY_POLICY_KBS_URI="kbs:///default/security-policy/test"
 }
 
@@ -51,7 +51,7 @@ function setup_kbs_image_policy_for_initdata() {
 
     # TODO: Enable for more archs
     case "$KATA_HYPERVISOR" in
-        "qemu-tdx"|"qemu-coco-dev"|"qemu-snp")
+        "qemu-tdx"|"qemu-coco-dev"|"qemu-runtime-rs-coco-dev"|"qemu-snp")
             ;;
         *)
             skip "Test not supported for ${KATA_HYPERVISOR}."
@@ -88,7 +88,7 @@ EOF
 
 @test "Test that creating a container from an rejected image configured by initdata, fails according to policy reject" {
     setup_kbs_image_policy_for_initdata
-    
+
     CC_KBS_ADDRESS=$(kbs_k8s_svc_http_addr)
 
     kernel_parameter="agent.image_policy_file=${SECURITY_POLICY_KBS_URI} agent.enable_signature_verification=true"
diff --git a/tests/integration/kubernetes/setup.sh b/tests/integration/kubernetes/setup.sh
index 98a6054bd0..ed8600558c 100644
--- a/tests/integration/kubernetes/setup.sh
+++ b/tests/integration/kubernetes/setup.sh
@@ -126,7 +126,7 @@ add_runtime_handler_annotations() {
 	fi
 
 	case "${KATA_HYPERVISOR}" in
-		qemu-coco-dev | qemu-snp | qemu-tdx)
+		qemu-coco-dev | qemu-snp | qemu-tdx | qemu-runtime-rs-coco-dev)
 			info "Add runtime handler annotations for ${KATA_HYPERVISOR}"
 			local handler_value="kata-${KATA_HYPERVISOR}"
 			for K8S_TEST_YAML in runtimeclass_workloads_work/*.yaml
diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh
index 473358a579..32944f4bed 100644
--- a/tests/integration/kubernetes/tests_common.sh
+++ b/tests/integration/kubernetes/tests_common.sh
@@ -87,7 +87,7 @@ auto_generate_policy_enabled() {
 
 is_coco_platform() {
 	case "${KATA_HYPERVISOR}" in
-		"qemu-tdx"|"qemu-snp"|"qemu-coco-dev")
+		"qemu-tdx"|"qemu-snp"|"qemu-coco-dev"|"qemu-runtime-rs-coco-dev")
 			return 0
 			;;
 		*)
@@ -274,7 +274,7 @@ hard_coded_policy_tests_enabled() {
 	# CI is testing hard-coded policies just on a the platforms listed here. Outside of CI,
 	# users can enable testing of the same policies (plus the auto-generated policies) by
 	# specifying AUTO_GENERATE_POLICY=yes.
-	local -r enabled_hypervisors=("qemu-coco-dev" "qemu-snp" "qemu-tdx")
+	local -r enabled_hypervisors=("qemu-coco-dev" "qemu-snp" "qemu-tdx" "qemu-runtime-rs-coco-dev")
 	for enabled_hypervisor in "${enabled_hypervisors[@]}"
 	do
 		if [[ "${enabled_hypervisor}" == "${KATA_HYPERVISOR}" ]]; then