From 54aaa1ea2a65bd0ed8f4064ee734dfdf8522d202 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 8 May 2026 16:26:12 +0200 Subject: [PATCH] tests: enable trusted ephemeral storage for runtime-rs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove the runtime-rs skip from the trusted ephemeral data storage test now that runtime-rs implements block-encrypted emptyDir volumes. Also remove the genpolicy drop-in that disabled encrypted_emptydir for runtime-rs and the corresponding copy logic in tests_common.sh. Signed-off-by: Fabiano FidĂȘncio Assisted-by: Cursor --- .../genpolicy/drop-in-examples/20-runtime-rs-drop-in.json | 7 ------- .../kubernetes/k8s-trusted-ephemeral-data-storage.bats | 2 -- tests/integration/kubernetes/tests_common.sh | 4 ---- 3 files changed, 13 deletions(-) delete mode 100644 src/tools/genpolicy/drop-in-examples/20-runtime-rs-drop-in.json diff --git a/src/tools/genpolicy/drop-in-examples/20-runtime-rs-drop-in.json b/src/tools/genpolicy/drop-in-examples/20-runtime-rs-drop-in.json deleted file mode 100644 index ab6c32a0b2..0000000000 --- a/src/tools/genpolicy/drop-in-examples/20-runtime-rs-drop-in.json +++ /dev/null @@ -1,7 +0,0 @@ -[ - { - "op": "replace", - "path": "/cluster_config/encrypted_emptydir", - "value": false - } -] diff --git a/tests/integration/kubernetes/k8s-trusted-ephemeral-data-storage.bats b/tests/integration/kubernetes/k8s-trusted-ephemeral-data-storage.bats index e8e6c43c03..42aaa152b3 100644 --- a/tests/integration/kubernetes/k8s-trusted-ephemeral-data-storage.bats +++ b/tests/integration/kubernetes/k8s-trusted-ephemeral-data-storage.bats @@ -9,7 +9,6 @@ load "${BATS_TEST_DIRNAME}/tests_common.sh" setup() { is_confidential_runtime_class || skip "Only supported for CoCo" - [[ "${KATA_HYPERVISOR}" == *-runtime-rs ]] && skip "Not supported with runtime-rs" setup_common get_pod_config_dir @@ -86,7 +85,6 @@ setup() { teardown() { is_confidential_runtime_class || skip "Only supported for CoCo" - [[ "${KATA_HYPERVISOR}" == *-runtime-rs ]] && skip "Not supported with runtime-rs" confidential_teardown_common "${node}" "${node_start_time:-}" } diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh index f41e95cc44..5d32df17ee 100644 --- a/tests/integration/kubernetes/tests_common.sh +++ b/tests/integration/kubernetes/tests_common.sh @@ -161,10 +161,6 @@ install_genpolicy_drop_ins() { cp "${examples_dir}/20-experimental-force-guest-pull-drop-in.json" "${settings_d}/" fi - # 20-* runtime-rs overlay (disable encrypted emptyDir, not supported yet) - if is_runtime_rs; then - cp "${examples_dir}/20-runtime-rs-drop-in.json" "${settings_d}/" - fi } # If auto-generated policy testing is enabled, make a copy of the genpolicy settings