Merge pull request #13062 from BbolroC/skip-coco-test-with-no-reference-values-ibm-sel

test: skip CDH resource test for qemu-se without reference values
This commit is contained in:
Hyounggyu Choi
2026-05-18 14:47:50 +02:00
committed by GitHub

View File

@@ -117,9 +117,18 @@ setup() {
# (the AS policy must return an affirming trust vector), but no
# reference values are set.
#
# This can run on all platforms.
# Skipped on IBM SEL / qemu-se* because that environment returns an
# affirming trust vector when verification completes successfully, even
# without reference values.
@test "Cannot get CDH resource when affirming policy is set without reference values" {
if [[ "${KATA_HYPERVISOR}" == qemu-se* ]]; then
local skip_reason="IBM SEL returns an affirming trust vector if the verification process "
skip_reason+="completes successfully, even if no reference values are set. See "
skip_reason+="https://github.com/confidential-containers/trustee/blob/d4e317620c4039c89779b725f74974d8f005da66/attestation-service/src/ear_token/ear_default_policy_cpu.rego#L323-L339"
skip "${skip_reason}"
fi
# Require CPU0 to have affirming trust level.
kbs_set_cpu0_resource_policy
kubectl apply -f "${K8S_TEST_YAML}"