From 8ee80b4c3762eb92a5fbe5bdcd240494fff02f30 Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Thu, 31 Jul 2025 10:02:34 +0100 Subject: [PATCH] test/k8s: Extend initdata tests to run on s390x Enable testing of initdata on the qemu-coco-dev and qemu-se runtime classes, so we can validate the function on s390x Signed-off-by: stevenhorsman --- .../integration/kubernetes/k8s-initdata.bats | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/tests/integration/kubernetes/k8s-initdata.bats b/tests/integration/kubernetes/k8s-initdata.bats index 1dd801dca8..15bcc4993c 100644 --- a/tests/integration/kubernetes/k8s-initdata.bats +++ b/tests/integration/kubernetes/k8s-initdata.bats @@ -10,7 +10,7 @@ # 3. Pull an image from a banned registry # 4. Check if the pulling fails with log `image security validation failed`, # the initdata works. -# +# # Note that if initdata does not work, the pod still fails to launch (hang at # CreatingContainer status). The error information is # `[CDH] [ERROR]: Get Resource failed` which internally means that the KBS URL @@ -35,7 +35,7 @@ setup() { setup_common || die "setup_common failed" FAIL_TEST_IMAGE="quay.io/prometheus/busybox:latest" - + SECURITY_POLICY_KBS_URI="kbs:///default/security-policy/test" } @@ -45,13 +45,16 @@ function setup_kbs_image_policy_for_initdata() { fi export CURRENT_ARCH=$(uname -m) - if [ "${CURRENT_ARCH}" != "x86_64" ]; then - skip "Test skipped as only x86-64 supports, while current platform is ${CURRENT_ARCH}" - fi + case "${CURRENT_ARCH}" in + "x86_64"|"s390x") + ;; + *) + skip "Test skipped as only x86-64 & s390x is supported, while current platform is ${CURRENT_ARCH}" + ;; + esac - # TODO: Enable for more archs case "$KATA_HYPERVISOR" in - "qemu-tdx"|"qemu-coco-dev"|"qemu-snp") + "qemu-tdx"|"qemu-coco-dev"|"qemu-snp"|"qemu-se") ;; *) skip "Test not supported for ${KATA_HYPERVISOR}." @@ -88,7 +91,7 @@ EOF @test "Test that creating a container from an rejected image configured by initdata, fails according to policy reject" { setup_kbs_image_policy_for_initdata - + CC_KBS_ADDRESS=$(kbs_k8s_svc_http_addr) kernel_parameter="agent.image_policy_file=${SECURITY_POLICY_KBS_URI} agent.enable_signature_verification=true"