tests: refactor the check for hypervisor to a function

Extract two reusable functions for confidential tests in confidential_common.sh - check_hypervisor_for_confidential_tests: verifies if the input hypervisor supports confidential tests. - confidential_setup: performs the common setup for confidential tests. Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com> Co-authored-by: stevenhorsman <steven@uk.ibm.com> Co-authored-by: Fabiano Fidêncio <fabiano.fidencio@intel.com> Co-authored-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2025-07-31 23:36:12 +00:00 · 2024-02-23 15:18:10 +08:00 · 2024-02-23 15:18:10 +08:00 · e8c4effc07
commit e8c4effc07
parent 6e5e4e55d0
2 changed files with 30 additions and 19 deletions
--- a/tests/integration/kubernetes/confidential_common.sh
+++ b/tests/integration/kubernetes/confidential_common.sh
@ -7,6 +7,9 @@

 source "${BATS_TEST_DIRNAME}/tests_common.sh"

+SUPPORTED_TEE_HYPERVISORS=("qemu-sev" "qemu-snp" "qemu-tdx" "qemu-se")
+SUPPORTED_NON_TEE_HYPERVISORS=("qemu")
+
 function setup_unencrypted_confidential_pod() {
 	get_pod_config_dir

@ -33,3 +36,26 @@ function get_remote_command_per_hypervisor() {

 	echo "${REMOTE_COMMAND_PER_HYPERVISOR[${KATA_HYPERVISOR}]}"
 }
+
+# This function verifies whether the input hypervisor supports confidential tests and 
+# relies on `KATA_HYPERVISOR` being an environment variable
+function check_hypervisor_for_confidential_tests() {
+	local kata_hypervisor="${1}"
+	# This check must be done with "<SPACE>${KATA_HYPERVISOR}<SPACE>" to avoid
+	# having substrings, like qemu, being matched with qemu-$something.
+    if [[ " ${SUPPORTED_TEE_HYPERVISORS[*]} " =~ " ${kata_hypervisor} " ]] ||\
+       [[ " ${SUPPORTED_NON_TEE_HYPERVISORS[*]} " =~ " ${kata_hypervisor} " ]]; then        
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Common setup for confidential tests.
+function confidential_setup() {
+	if ! check_hypervisor_for_confidential_tests "${KATA_HYPERVISOR}"; then
+        return 1
+    elif [[ " ${SUPPORTED_NON_TEE_HYPERVISORS[*]} " =~ " ${KATA_HYPERVISOR} " ]]; then
+        info "Need to apply image annotations"
+    fi
+}
--- a/tests/integration/kubernetes/k8s-confidential.bats
+++ b/tests/integration/kubernetes/k8s-confidential.bats
@ -10,21 +10,8 @@ load "${BATS_TEST_DIRNAME}/confidential_common.sh"
 load "${BATS_TEST_DIRNAME}/tests_common.sh"

 setup() {
-	SUPPORTED_TEE_HYPERVISORS=("qemu-sev" "qemu-snp" "qemu-tdx" "qemu-se")
-	SUPPORTED_NON_TEE_HYPERVISORS=("qemu")
-
-	# This check must be done with "<SPACE>${KATA_HYPERVISOR}<SPACE>" to avoid
-	# having substrings, like qemu, being matched with qemu-$something.
-	if ! [[ " ${SUPPORTED_TEE_HYPERVISORS[@]} " =~ " ${KATA_HYPERVISOR} " ]] && ! [[ " ${SUPPORTED_NON_TEE_HYPERVISORS} " =~ " ${KATA_HYPERVISOR} " ]]; then
-		skip "Test not supported for ${KATA_HYPERVISOR}."
-	fi
-
-	if [[ " ${SUPPORTED_NON_TEE_HYPERVISORS} " =~ " ${KATA_HYPERVISOR} " ]]; then
-		info "Need to apply image annotations"
-	else
-		get_pod_config_dir
-		setup_unencrypted_confidential_pod
-	fi
+	confidential_setup || skip "Test not supported for ${KATA_HYPERVISOR}."
+	setup_unencrypted_confidential_pod
 }

@test "Test unencrypted confidential container launch success and verify that we are running in a secure enclave." {
@ -54,10 +41,8 @@ setup() {
 }

 teardown() {
-	if ! [[ " ${SUPPORTED_TEE_HYPERVISORS[@]} " =~ " ${KATA_HYPERVISOR} " ]] && ! [[ " ${SUPPORTED_NON_TEE_HYPERVISORS} " =~ " ${KATA_HYPERVISOR} " ]]; then
-		skip "Test not supported for ${KATA_HYPERVISOR}."
-	fi
-
+	check_hypervisor_for_confidential_tests ${KATA_HYPERVISOR} || skip "Test not supported for ${KATA_HYPERVISOR}."
+	
 	kubectl describe "pod/${pod_name}" || true
 	kubectl delete -f "${pod_config_dir}/pod-confidential-unencrypted.yaml" || true
 }