From abbe1be69fe83facfc2eb8d79dfdff2471f2fc7f Mon Sep 17 00:00:00 2001
From: Archana Choudhary <archana1@microsoft.com>
Date: Thu, 19 Jun 2025 11:39:21 +0000
Subject: [PATCH] tests: enable confidential_guest setting for coco

This commit updates the `tests_common.sh` script
to enable the `confidential_guest`
setting for the coco tests in the Kubernetes
integration tests.

Signed-off-by: Archana Choudhary <archana1@microsoft.com>
---
 src/tools/genpolicy/genpolicy-settings.json  | 6 +++---
 tests/integration/kubernetes/tests_common.sh | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
index cc8c9f0067..1b9321d49c 100644
--- a/src/tools/genpolicy/genpolicy-settings.json
+++ b/src/tools/genpolicy/genpolicy-settings.json
@@ -165,8 +165,8 @@
         },
         "confidential_emptyDir": {
             "mount_type": "local",
-            "mount_source": "^$(cpath)/$(sandbox-id)/local/",
-            "mount_point": "^$(cpath)/$(sandbox-id)/local/",
+            "mount_source": "^$(cpath)/$(sandbox-id)/rootfs/local/",
+            "mount_point": "^$(cpath)/$(sandbox-id)/rootfs/local/",
             "driver": "local",
             "source": "local",
             "fstype": "local",
@@ -375,4 +375,4 @@
         "UpdateEphemeralMountsRequest": false,
         "WriteStreamRequest": false
     }
-}
\ No newline at end of file
+}
diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh
index a1a4adda38..a4e828178f 100644
--- a/tests/integration/kubernetes/tests_common.sh
+++ b/tests/integration/kubernetes/tests_common.sh
@@ -90,7 +90,7 @@ adapt_common_policy_settings_for_tdx() {
 	local settings_dir=$1
 
 	info "Adapting common policy settings for TDX, SNP, or the non-TEE development environment"
-	jq '.common.cpath = "/run/kata-containers" | .volumes.configMap.mount_point = "^$(cpath)/$(bundle-id)-[a-z0-9]{16}-"' "${settings_dir}/genpolicy-settings.json" > temp.json && sudo mv temp.json "${settings_dir}/genpolicy-settings.json"
+	jq '.kata_config.confidential_guest = true | .common.cpath = "/run/kata-containers" | .volumes.configMap.mount_point = "^$(cpath)/$(bundle-id)-[a-z0-9]{16}-"' "${settings_dir}/genpolicy-settings.json" > temp.json && sudo mv temp.json "${settings_dir}/genpolicy-settings.json"
 }
 
 # adapt common policy settings for qemu-sev