diff --git a/tests/integration/kubernetes/k8s-exec-rejected.bats b/tests/integration/kubernetes/k8s-exec-rejected.bats index 978ee8a5ad..e6dbe67c04 100644 --- a/tests/integration/kubernetes/k8s-exec-rejected.bats +++ b/tests/integration/kubernetes/k8s-exec-rejected.bats @@ -9,7 +9,7 @@ load "${BATS_TEST_DIRNAME}/../../common.bash" load "${BATS_TEST_DIRNAME}/tests_common.sh" setup() { - policy_tests_enabled || skip "Policy tests are disabled." + hard_coded_policy_tests_enabled || skip "Policy tests are disabled." get_pod_config_dir pod_name="policy-exec-rejected" @@ -38,7 +38,7 @@ setup() { } teardown() { - policy_tests_enabled || skip "Policy tests are disabled." + hard_coded_policy_tests_enabled || skip "Policy tests are disabled." # Debugging information kubectl describe "pod/$pod_name" diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh index 6ed0e42ac2..21114f9f2a 100644 --- a/tests/integration/kubernetes/tests_common.sh +++ b/tests/integration/kubernetes/tests_common.sh @@ -306,16 +306,18 @@ set_namespace_to_policy_settings() { mv "${settings_dir}/new-genpolicy-settings.json" "${settings_dir}/genpolicy-settings.json" } -policy_tests_enabled() { - # The Guest images for these platforms have been built using AGENT_POLICY=yes - - # see kata-deploy-binaries.sh. +hard_coded_policy_tests_enabled() { + # CI is testing hard-coded policies just on a the platforms listed here. Outside of CI, + # users can enable testing of the same policies (plus the auto-generated policies) by + # specifying AUTO_GENERATE_POLICY=yes. local enabled_hypervisors="qemu-coco-dev qemu-sev qemu-snp qemu-tdx" [[ " $enabled_hypervisors " =~ " ${KATA_HYPERVISOR} " ]] || \ - [ "${KATA_HOST_OS}" == "cbl-mariner" ] + [ "${KATA_HOST_OS}" == "cbl-mariner" ] || \ + auto_generate_policy_enabled } add_allow_all_policy_to_yaml() { - policy_tests_enabled || return 0 + hard_coded_policy_tests_enabled || return 0 local yaml_file="$1" # Previous version of yq was not ready to handle multiple objects in a single yaml.