tests: enable trusted ephemeral storage for runtime-rs

Remove the runtime-rs skip from the trusted ephemeral data storage
test now that runtime-rs implements block-encrypted emptyDir volumes.

Also remove the genpolicy drop-in that disabled encrypted_emptydir
for runtime-rs and the corresponding copy logic in tests_common.sh.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Assisted-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Fabiano Fidêncio
2026-05-08 16:26:12 +02:00
parent aa7392b1b9
commit 54aaa1ea2a
3 changed files with 0 additions and 13 deletions

View File

@@ -1,7 +0,0 @@
[
{
"op": "replace",
"path": "/cluster_config/encrypted_emptydir",
"value": false
}
]

View File

@@ -9,7 +9,6 @@ load "${BATS_TEST_DIRNAME}/tests_common.sh"
setup() {
is_confidential_runtime_class || skip "Only supported for CoCo"
[[ "${KATA_HYPERVISOR}" == *-runtime-rs ]] && skip "Not supported with runtime-rs"
setup_common
get_pod_config_dir
@@ -86,7 +85,6 @@ setup() {
teardown() {
is_confidential_runtime_class || skip "Only supported for CoCo"
[[ "${KATA_HYPERVISOR}" == *-runtime-rs ]] && skip "Not supported with runtime-rs"
confidential_teardown_common "${node}" "${node_start_time:-}"
}

View File

@@ -161,10 +161,6 @@ install_genpolicy_drop_ins() {
cp "${examples_dir}/20-experimental-force-guest-pull-drop-in.json" "${settings_d}/"
fi
# 20-* runtime-rs overlay (disable encrypted emptyDir, not supported yet)
if is_runtime_rs; then
cp "${examples_dir}/20-runtime-rs-drop-in.json" "${settings_d}/"
fi
}
# If auto-generated policy testing is enabled, make a copy of the genpolicy settings