ci: Install policy document on host to run kata-agent as local process.

The test setup starts kata-agent as a local process without the
UVM. The agent policy initialization fails due to missing policy
document at `/etc/kata-opa/default-policy.rego`. The fix
- installs a relaxed `allow-all.rego` policy document
- cleans up the install during exit

Signed-off-by: Sumedh Alok Sharma <sumsharma@microsoft.com>

tests/functional/kata-agent-apis/run-agent-api-tests.sh

@@ -48,6 +48,8 @@ main()
 
 	trap cleanup EXIT
 
+	install_policy_doc
+
 	setup_agent
 
 	run_tests

tests/functional/kata-agent-apis/setup_common.sh

@@ -32,6 +32,9 @@ agent_log_file="${PWD}/kata-agent.log"
 agent_log_level="debug"
 keep_logs=false
 
+local_policy_file="/opt/kata/test.rego"
+policy_file="/etc/kata-opa/default-policy.rego"
+
 cleanup()
 {
 	info "cleaning resources..."
@@ -40,6 +43,10 @@ cleanup()
 
 	stop_agent
 
+	sudo unlink $policy_file
+	sudo rm $local_policy_file
+	sudo rm -rf $(dirname ${policy_file})
+
 	local sandbox_dir="/run/sandbox-ns/"
 	sudo umount -f "${sandbox_dir}/uts" "${sandbox_dir}/ipc" &>/dev/null || true
 	sudo rm -rf "${sandbox_dir}" &>/dev/null || true
@@ -173,3 +180,21 @@ setup_agent() {
 
 	info "Setup done."
 }
+
+# The setup attempts to start kata-agent as standalone process instead of inside a UVM.
+# Hence, the contents of the UVM rootfs is not available here.
+# Initing Agent policy with a relaxed `allow-all.rego`
+install_policy_doc()
+{
+	info "Installing local policy document"
+
+	allow_all_rego_file="${repo_root_dir}/src/kata-opa/allow-all.rego"
+	[ ! -f $allow_all_rego_file ] && die "Failed to locate allow-all.rego file"
+
+	local policy_dir=$(dirname ${policy_file})
+	[ ! -d $policy_dir ] && sudo mkdir -p $policy_dir || true
+
+	sudo cp $allow_all_rego_file $local_policy_file
+
+	[ ! -f $policy_file ] && sudo ln -s $local_policy_file $policy_file || die "Failed to setup local policy file, exists: $policy_file"
+}