tests: enable confidential_guest setting for coco

This commit updates the `tests_common.sh` script to enable the `confidential_guest` setting for the coco tests in the Kubernetes integration tests. Signed-off-by: Archana Choudhary <archana1@microsoft.com>
2025-07-07 12:29:56 +00:00 · 2025-06-19 11:39:21 +00:00 · 2025-06-19 11:39:21 +00:00 · abbe1be69f
commit abbe1be69f
parent 9dd365fdb5
2 changed files with 4 additions and 4 deletions
--- a/src/tools/genpolicy/genpolicy-settings.json
+++ b/src/tools/genpolicy/genpolicy-settings.json
@ -165,8 +165,8 @@
        },
        "confidential_emptyDir": {
            "mount_type": "local",
-            "mount_source": "^$(cpath)/$(sandbox-id)/local/",
-            "mount_point": "^$(cpath)/$(sandbox-id)/local/",
+            "mount_source": "^$(cpath)/$(sandbox-id)/rootfs/local/",
+            "mount_point": "^$(cpath)/$(sandbox-id)/rootfs/local/",
            "driver": "local",
            "source": "local",
            "fstype": "local",
@ -375,4 +375,4 @@
        "UpdateEphemeralMountsRequest": false,
        "WriteStreamRequest": false
    }
-}
+}
--- a/tests/integration/kubernetes/tests_common.sh
+++ b/tests/integration/kubernetes/tests_common.sh
@ -90,7 +90,7 @@ adapt_common_policy_settings_for_tdx() {
 	local settings_dir=$1

 	info "Adapting common policy settings for TDX, SNP, or the non-TEE development environment"
-	jq '.common.cpath = "/run/kata-containers" | .volumes.configMap.mount_point = "^$(cpath)/$(bundle-id)-[a-z0-9]{16}-"' "${settings_dir}/genpolicy-settings.json" > temp.json && sudo mv temp.json "${settings_dir}/genpolicy-settings.json"
+	jq '.kata_config.confidential_guest = true | .common.cpath = "/run/kata-containers" | .volumes.configMap.mount_point = "^$(cpath)/$(bundle-id)-[a-z0-9]{16}-"' "${settings_dir}/genpolicy-settings.json" > temp.json && sudo mv temp.json "${settings_dir}/genpolicy-settings.json"
 }

 # adapt common policy settings for qemu-sev