tests/k8s: Enable tests for qemu-runtime-rs-coco-dev

Add the runtime class to the non-tee tests and enable it to run in the test code Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-08-22 17:59:31 +00:00 · 2025-06-23 15:21:41 +01:00 · 2025-06-23 15:21:41 +01:00 · 86ecaffb78
commit 86ecaffb78
parent 2741e42b34
5 changed files with 9 additions and 8 deletions
--- a/.github/workflows/run-kata-coco-tests.yaml
+++ b/.github/workflows/run-kata-coco-tests.yaml
@ -218,6 +218,7 @@ jobs:
      matrix:
        vmm:
          - qemu-coco-dev
+          - qemu-runtime-rs-coco-dev
        snapshotter:
          - nydus
        pull-type:
--- a/tests/integration/kubernetes/confidential_common.sh
+++ b/tests/integration/kubernetes/confidential_common.sh
@ -11,7 +11,7 @@ source "${BATS_TEST_DIRNAME}/../../common.bash"
 load "${BATS_TEST_DIRNAME}/confidential_kbs.sh"

 SUPPORTED_TEE_HYPERVISORS=("qemu-snp" "qemu-tdx" "qemu-se")
-SUPPORTED_NON_TEE_HYPERVISORS=("qemu-coco-dev")
+SUPPORTED_NON_TEE_HYPERVISORS=("qemu-coco-dev" "qemu-runtime-rs-coco-dev")

 function setup_unencrypted_confidential_pod() {
 	get_pod_config_dir
--- a/tests/integration/kubernetes/k8s-initdata.bats
+++ b/tests/integration/kubernetes/k8s-initdata.bats
@ -10,7 +10,7 @@
 # 3. Pull an image from a banned registry
 # 4. Check if the pulling fails with log `image security validation failed`,
 # the initdata works.
-# 
+#
 # Note that if initdata does not work, the pod still fails to launch (hang at
 # CreatingContainer status). The error information is
 # `[CDH] [ERROR]: Get Resource failed` which internally means that the KBS URL
@ -35,7 +35,7 @@ setup() {
    setup_common || die "setup_common failed"

    FAIL_TEST_IMAGE="quay.io/prometheus/busybox:latest"
-    
+
    SECURITY_POLICY_KBS_URI="kbs:///default/security-policy/test"
 }

@ -51,7 +51,7 @@ function setup_kbs_image_policy_for_initdata() {

    # TODO: Enable for more archs
    case "$KATA_HYPERVISOR" in
-        "qemu-tdx"|"qemu-coco-dev"|"qemu-snp")
+        "qemu-tdx"|"qemu-coco-dev"|"qemu-runtime-rs-coco-dev"|"qemu-snp")
            ;;
        *)
            skip "Test not supported for ${KATA_HYPERVISOR}."
@ -88,7 +88,7 @@ EOF

@test "Test that creating a container from an rejected image configured by initdata, fails according to policy reject" {
    setup_kbs_image_policy_for_initdata
-    
+
    CC_KBS_ADDRESS=$(kbs_k8s_svc_http_addr)

    kernel_parameter="agent.image_policy_file=${SECURITY_POLICY_KBS_URI} agent.enable_signature_verification=true"
--- a/tests/integration/kubernetes/setup.sh
+++ b/tests/integration/kubernetes/setup.sh
@ -126,7 +126,7 @@ add_runtime_handler_annotations() {
 	fi

 	case "${KATA_HYPERVISOR}" in
-		qemu-coco-dev | qemu-snp | qemu-tdx)
+		qemu-coco-dev | qemu-snp | qemu-tdx | qemu-runtime-rs-coco-dev)
 			info "Add runtime handler annotations for ${KATA_HYPERVISOR}"
 			local handler_value="kata-${KATA_HYPERVISOR}"
 			for K8S_TEST_YAML in runtimeclass_workloads_work/*.yaml
--- a/tests/integration/kubernetes/tests_common.sh
+++ b/tests/integration/kubernetes/tests_common.sh
@ -87,7 +87,7 @@ auto_generate_policy_enabled() {

 is_coco_platform() {
 	case "${KATA_HYPERVISOR}" in
-		"qemu-tdx"|"qemu-snp"|"qemu-coco-dev")
+		"qemu-tdx"|"qemu-snp"|"qemu-coco-dev"|"qemu-runtime-rs-coco-dev")
 			return 0
 			;;
 		*)
@ -274,7 +274,7 @@ hard_coded_policy_tests_enabled() {
 	# CI is testing hard-coded policies just on a the platforms listed here. Outside of CI,
 	# users can enable testing of the same policies (plus the auto-generated policies) by
 	# specifying AUTO_GENERATE_POLICY=yes.
-	local -r enabled_hypervisors=("qemu-coco-dev" "qemu-snp" "qemu-tdx")
+	local -r enabled_hypervisors=("qemu-coco-dev" "qemu-snp" "qemu-tdx" "qemu-runtime-rs-coco-dev")
 	for enabled_hypervisor in "${enabled_hypervisors[@]}"
 	do
 		if [[ "${enabled_hypervisor}" == "${KATA_HYPERVISOR}" ]]; then