gha: enable autogenerated policy testing on

SEV-SNP Enable autogenerated policy testing on SEV-SNP Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
2025-07-05 11:36:56 +00:00 · 2024-06-13 14:19:44 -07:00 · 2024-06-13 14:19:44 -07:00 · 57d2ded3e2
commit 57d2ded3e2
parent b3cc8b200f
3 changed files with 7 additions and 8 deletions
--- a/tests/integration/kubernetes/gha-run.sh
+++ b/tests/integration/kubernetes/gha-run.sh
@ -274,7 +274,8 @@ function run_tests() {
 	# TODO: enable testing auto-generated policy for other types of hosts too.
 	if [ "${KATA_HOST_OS}" = "cbl-mariner" ] || \
 	   [ "${KATA_HYPERVISOR}" = "qemu-tdx" ] || \
-	   [ "${KATA_HYPERVISOR}" = "qemu-sev" ]; then
+	   [ "${KATA_HYPERVISOR}" = "qemu-sev" ] || \
+	   [ "${KATA_HYPERVISOR}" = "qemu-snp" ]; then
 		export AUTO_GENERATE_POLICY="yes"
 	fi

--- a/tests/integration/kubernetes/k8s-policy-pvc.bats
+++ b/tests/integration/kubernetes/k8s-policy-pvc.bats
@ -10,7 +10,7 @@ load "${BATS_TEST_DIRNAME}/tests_common.sh"

 setup() {
 	auto_generate_policy_enabled || skip "Auto-generated policy tests are disabled."
-	( [ "${KATA_HYPERVISOR}" == "qemu-tdx" ] || [ "${KATA_HYPERVISOR}" == "qemu-sev" ] ) && skip "https://github.com/kata-containers/kata-containers/issues/9846"
+	( [ "${KATA_HYPERVISOR}" == "qemu-tdx" ] || [ "${KATA_HYPERVISOR}" == "qemu-sev" ] || [ "${KATA_HYPERVISOR}" == "qemu-snp" ] ) && skip "https://github.com/kata-containers/kata-containers/issues/9846"

 	pod_name="policy-pod-pvc"
 	pvc_name="policy-dev"
@ -55,7 +55,7 @@ test_pod_policy_error() {

 teardown() {
 	auto_generate_policy_enabled || skip "Auto-generated policy tests are disabled."
-	( [ "${KATA_HYPERVISOR}" == "qemu-tdx" ] || [ "${KATA_HYPERVISOR}" == "qemu-sev" ] ) && skip "https://github.com/kata-containers/kata-containers/issues/9846"
+	( [ "${KATA_HYPERVISOR}" == "qemu-tdx" ] || [ "${KATA_HYPERVISOR}" == "qemu-sev" ] || [ "${KATA_HYPERVISOR}" == "qemu-snp" ] ) && skip "https://github.com/kata-containers/kata-containers/issues/9846"

 	# Debugging information. Don't print the "Message:" line because it contains a truncated policy log.
 	kubectl describe pod "${pod_name}" | grep -v "Message:"
--- a/tests/integration/kubernetes/tests_common.sh
+++ b/tests/integration/kubernetes/tests_common.sh
@ -130,18 +130,16 @@ auto_generate_policy_enabled() {
 	[ "${AUTO_GENERATE_POLICY}" == "yes" ]
 }

-# adapt common policy settings for tdx
+# adapt common policy settings for tdx or snp
 adapt_common_policy_settings_for_tdx() {
-
 	local settings_dir=$1

-	info "Adapting common policy settings for TDX"
+	info "Adapting common policy settings for TDX or SNP"
 	jq '.common.cpath = "/run/kata-containers" | .volumes.configMap.mount_point = "^$(cpath)/$(bundle-id)-[a-z0-9]{16}-"' "${settings_dir}/genpolicy-settings.json" > temp.json && sudo mv temp.json "${settings_dir}/genpolicy-settings.json"
 }

 # adapt common policy settings for qemu-sev
 adapt_common_policy_settings_for_sev() {
-
 	local settings_dir=$1

 	info "Adapting common policy settings for SEV"
@ -154,7 +152,7 @@ adapt_common_policy_settings() {
 	local settings_dir=$1

 	case "${KATA_HYPERVISOR}" in
-  		"qemu-tdx")
+  		"qemu-tdx"|"qemu-snp")
 			adapt_common_policy_settings_for_tdx "${settings_dir}"
 			;;
  		"qemu-sev")