github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-02 09:24:35 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9062 from GabyCT/topic/nonteet

Browse Source 
tests: Add ability to run non-TEE environments
This commit is contained in:
GabyCT
2024-02-13 14:28:07 -06:00
committed by GitHub
parent 28488f0790 53bc4a432b
commit 9cf343779f
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/integration/kubernetes/gha-run.sh
View File

@@ -135,6 +135,10 @@ function deploy_kata() {
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[-1].value' "${KATA_HOST_OS}"
fi
if [ "${KATA_HYPERVISOR}" = "qemu" ]; then
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[6].value' "image initrd kernel default_vcpus"
fi
echo "::group::Final kata-deploy.yaml that is used in the test"
cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
grep "${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}" "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" || die "Failed to setup the tests image"

16
tests/integration/kubernetes/k8s-confidential.bats
View File

@@ -10,17 +10,25 @@ load "${BATS_TEST_DIRNAME}/confidential_common.sh"
load "${BATS_TEST_DIRNAME}/tests_common.sh"
setup() {
SUPPORTED_HYPERVISORS=("qemu-sev" "qemu-snp" "qemu-tdx" "qemu-se")
SUPPORTED_TEE_HYPERVISORS=("qemu-sev" "qemu-snp" "qemu-tdx" "qemu-se")
SUPPORTED_NON_TEE_HYPERVISORS=("qemu")
# This check must be done with "<SPACE>${KATA_HYPERVISOR}<SPACE>" to avoid
# having substrings, like qemu, being matched with qemu-$something.
[[ " ${SUPPORTED_HYPERVISORS[*]} " =~ " ${KATA_HYPERVISOR} " ]] || skip "Test not supported for ${KATA_HYPERVISOR}."
if ! [[ " ${KATA_HYPERVISOR} " =~ " ${SUPPORTED_TEE_HYPERVISORS[@]} " ]] && ! [[ " ${KATA_HYPERVISOR} " =~ " ${SUPPORTED_NON_TEE_HYPERVISORS} " ]]; then
skip "Test not supported for ${KATA_HYPERVISOR}."
fi
if [[ " ${KATA_HYPERVISOR} " =~ " ${SUPPORTED_NON_TEE_HYPERVISORS} " ]]; then
info "Need to apply image annotations"
else
get_pod_config_dir
setup_unencrypted_confidential_pod
fi
}
@test "Test unencrypted confidential container launch success and verify that we are running in a secure enclave." {
[[ " ${KATA_HYPERVISOR} " =~ " ${SUPPORTED_NON_TEE_HYPERVISORS} " ]] && skip "Test not supported for ${KATA_HYPERVISOR}."
# Start the service/deployment/pod
kubectl apply -f "${pod_config_dir}/pod-confidential-unencrypted.yaml"
@@ -46,7 +54,9 @@ setup() {
}
teardown() {
[[ " ${SUPPORTED_HYPERVISORS[*]} " =~ " ${KATA_HYPERVISOR} " ]] || skip "Test not supported for ${KATA_HYPERVISOR}."
if ! [[ " ${KATA_HYPERVISOR} " =~ " ${SUPPORTED_TEE_HYPERVISORS[@]} " ]] && ! [[ " ${KATA_HYPERVISOR} " =~ " ${SUPPORTED_NON_TEE_HYPERVISORS} " ]]; then
skip "Test not supported for ${KATA_HYPERVISOR}."
fi
kubectl describe "pod/${pod_name}" || true
kubectl delete -f "${pod_config_dir}/pod-confidential-unencrypted.yaml" || true