Merge pull request #11951 from burgerdev/watchable

genpolicy: allow non-watchable ConfigMaps

src/tools/genpolicy/genpolicy-settings.json

@@ -229,7 +229,7 @@
     "common": {
         "cpath": "/run/kata-containers/shared/containers",
         "root_path": "/run/kata-containers/$(bundle-id)/rootfs",
-        "sfprefix": "^$(cpath)/$(bundle-id)-[a-z0-9]{16}-",
+        "sfprefix": "^$(cpath)/(watchable/)?$(bundle-id)-[a-z0-9]{16}-",
         "ip_p": "[0-9]{1,5}",
         "ipv4_a": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])",
         "svc_name_downward_env": "[A-Z](?:[A-Z0-9_]{0,61}[A-Z0-9])?",

tests/integration/kubernetes/tests_common.sh

@@ -111,7 +111,7 @@ adapt_common_policy_settings_for_non_coco() {
 	sudo mv temp.json "${settings_dir}/genpolicy-settings.json"
 
 	# Using watchable binds for configMap volumes - instead of CopyFileRequest.
-	jq '.volumes.configMap.mount_point = "^$(cpath)/watchable/$(bundle-id)-[a-z0-9]{16}-" | .volumes.configMap.driver = "watchable-bind"' \
+	jq '.volumes.configMap.driver = "watchable-bind"' \
 		"${settings_dir}/genpolicy-settings.json" > temp.json
 	sudo mv temp.json "${settings_dir}/genpolicy-settings.json"