github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-28 12:31:04 +00:00
Code Issues Projects Releases Wiki Activity

tests: k8s: hard-coded policy for any platform

Browse Source 
Users of AUTO_GENERATE_POLICY=yes:

- Already tested *auto-generated* policy on any platform.
- Will be able to test *hard-coded* policy too on any platform, after
  this change.

CI continues to test hard-coded policies just on the platforms listed
here, but testing those policies locally (outside of CI) on other
platforms can be useful too.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai 2024-07-26 17:18:29 +00:00
parent 83056457d6
commit 7b691455c2
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/integration/kubernetes/k8s-exec-rejected.bats
View File

@ -9,7 +9,7 @@ load "${BATS_TEST_DIRNAME}/../../common.bash"
load "${BATS_TEST_DIRNAME}/tests_common.sh" load "${BATS_TEST_DIRNAME}/tests_common.sh"
setup() { setup() {
policy_tests_enabled || skip "Policy tests are disabled." hard_coded_policy_tests_enabled || skip "Policy tests are disabled."
get_pod_config_dir get_pod_config_dir
pod_name="policy-exec-rejected" pod_name="policy-exec-rejected"
@ -38,7 +38,7 @@ setup() {
} }
teardown() { teardown() {
policy_tests_enabled || skip "Policy tests are disabled." hard_coded_policy_tests_enabled || skip "Policy tests are disabled."
# Debugging information # Debugging information
kubectl describe "pod/$pod_name" kubectl describe "pod/$pod_name"

12
tests/integration/kubernetes/tests_common.sh
View File

@ -306,16 +306,18 @@ set_namespace_to_policy_settings() {
mv "${settings_dir}/new-genpolicy-settings.json" "${settings_dir}/genpolicy-settings.json" mv "${settings_dir}/new-genpolicy-settings.json" "${settings_dir}/genpolicy-settings.json"
} }
policy_tests_enabled() { hard_coded_policy_tests_enabled() {
# The Guest images for these platforms have been built using AGENT_POLICY=yes - # CI is testing hard-coded policies just on a the platforms listed here. Outside of CI,
# see kata-deploy-binaries.sh. # users can enable testing of the same policies (plus the auto-generated policies) by
# specifying AUTO_GENERATE_POLICY=yes.
local enabled_hypervisors="qemu-coco-dev qemu-sev qemu-snp qemu-tdx" local enabled_hypervisors="qemu-coco-dev qemu-sev qemu-snp qemu-tdx"
[[ " $enabled_hypervisors " =~ " ${KATA_HYPERVISOR} " ]] || \ [[ " $enabled_hypervisors " =~ " ${KATA_HYPERVISOR} " ]] || \
[ "${KATA_HOST_OS}" == "cbl-mariner" ] [ "${KATA_HOST_OS}" == "cbl-mariner" ] || \
auto_generate_policy_enabled
} }
add_allow_all_policy_to_yaml() { add_allow_all_policy_to_yaml() {
policy_tests_enabled || return 0 hard_coded_policy_tests_enabled || return 0
local yaml_file="$1" local yaml_file="$1"
# Previous version of yq was not ready to handle multiple objects in a single yaml. # Previous version of yq was not ready to handle multiple objects in a single yaml.