From cac525059e0d7cc8a2c7e6822b6d75dc8c64f807 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Mon, 3 Jun 2024 16:28:38 +0200
Subject: [PATCH 1/2] ci: kbs: tdx: Use the hostname ip instead of localhost
 for the PCCS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We must ensure we use the host ip to connect to the PCCS running on the
host side, instead of using localhost (which has a different meaning
from inside the KBS pod).

The reason we're using `hostname -i` isntead of the helper functions, is
because the helper functions need the coco-kbs deployed for them to
work, and what we do is before the deployment.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tests/integration/kubernetes/confidential_kbs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/kubernetes/confidential_kbs.sh b/tests/integration/kubernetes/confidential_kbs.sh
index 640de6f196..b674c18cfb 100644
--- a/tests/integration/kubernetes/confidential_kbs.sh
+++ b/tests/integration/kubernetes/confidential_kbs.sh
@@ -251,7 +251,7 @@ function kbs_k8s_deploy() {
 		echo "Setting up custom PCCS for TDX"
 		cat <<- EOF > "${COCO_KBS_DIR}/config/kubernetes/custom_pccs/sgx_default_qcnl.conf"
 {
- "pccs_url": "https://localhost:8081/sgx/certification/v4/",
+ "pccs_url": "https://$(hostname -i):8081/sgx/certification/v4/",
 
  // To accept insecure HTTPS certificate, set this option to false
  "use_secure_cert": false

From fde457589ebb6375b30e5d109ff07ebf5ec8241a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Mon, 3 Jun 2024 16:31:48 +0200
Subject: [PATCH 2/2] ci: kbs: tdx: Enable basic attestation tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's stop skipping the CDH tests for TDX, as know we should have an
environmemnt where it can run and should pass. :-)

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tests/integration/kubernetes/k8s-confidential-attestation.bats | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/integration/kubernetes/k8s-confidential-attestation.bats b/tests/integration/kubernetes/k8s-confidential-attestation.bats
index f1b648c58b..d3aeb7e4f7 100644
--- a/tests/integration/kubernetes/k8s-confidential-attestation.bats
+++ b/tests/integration/kubernetes/k8s-confidential-attestation.bats
@@ -15,7 +15,6 @@ export KATA_HYPERVISOR="${KATA_HYPERVISOR:-qemu}"
 export AA_KBC="${AA_KBC:-cc_kbc}"
 
 setup() {
-	[ "${KATA_HYPERVISOR}" = "qemu-tdx" ] && skip "Test not ready yet for ${KATA_HYPERVISOR}"
 	is_confidential_runtime_class || skip "Test not supported for ${KATA_HYPERVISOR}."
 
 	if [ "${KBS}" = "false" ]; then
@@ -83,7 +82,6 @@ setup() {
 }
 
 teardown() {
-	[ "${KATA_HYPERVISOR}" = "qemu-tdx" ] && skip "Test not ready yet for ${KATA_HYPERVISOR}"
 	is_confidential_runtime_class || skip "Test not supported for ${KATA_HYPERVISOR}."
 
 	if [ "${KBS}" = "false" ]; then