From a7e4d3b738c7d4c800d9a981bbd6644bafe974b8 Mon Sep 17 00:00:00 2001 From: Hyounggyu Choi Date: Thu, 18 Jul 2024 18:09:45 +0200 Subject: [PATCH] tests: Call repack_secure_image() in set_metadata_annotation() It is not good practice to call repack_secure_image() from a bats file because the test code might not consider cases where `qemu-se` is used as `KATA_HYPERVISOR`. This commit moves the function call to set_metadata_annotation() if a key includes `kernel_params` and `KATA_HYPERVISOR` is set to `qemu-se`, allowing developers to focus on the test scenario itself. Signed-off-by: Hyounggyu Choi --- .../kubernetes/k8s-confidential-attestation.bats | 9 --------- .../kubernetes/k8s-guest-pull-image-authenticated.bats | 9 --------- tests/integration/kubernetes/lib.sh | 9 +++++++++ 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/tests/integration/kubernetes/k8s-confidential-attestation.bats b/tests/integration/kubernetes/k8s-confidential-attestation.bats index 47720ae9eb..cc27b2193a 100644 --- a/tests/integration/kubernetes/k8s-confidential-attestation.bats +++ b/tests/integration/kubernetes/k8s-confidential-attestation.bats @@ -44,15 +44,6 @@ setup() { set_metadata_annotation "${K8S_TEST_YAML}" \ "${kernel_params_annotation}" \ "${kernel_params_value}" - - # A secure boot image for IBM SE should be rebuilt according to the KBS configuration. - if [ "${KATA_HYPERVISOR}" == "qemu-se" ]; then - if [ -z "${IBM_SE_CREDS_DIR:-}" ]; then - >&2 echo "ERROR: IBM_SE_CREDS_DIR is empty" - return 1 - fi - repack_secure_image "${kernel_params_value}" "${IBM_SE_CREDS_DIR}" "true" - fi } @test "Get CDH resource" { diff --git a/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats b/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats index 5a7d978763..e8fc5fa4de 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats @@ -90,15 +90,6 @@ function create_pod_yaml_with_private_image() { "${kernel_params_annotation}" \ "${kernel_params_value}" - # A secure boot image for IBM SE should be rebuilt according to the KBS configuration. - if [ "${KATA_HYPERVISOR}" == "qemu-se" ]; then - if [ -z "${IBM_SE_CREDS_DIR:-}" ]; then - >&2 echo "ERROR: IBM_SE_CREDS_DIR is empty" - return 1 - fi - repack_secure_image "${kernel_params_value} agent.log=debug" "${IBM_SE_CREDS_DIR}" "true" - fi - # Set annotation to pull image in guest set_metadata_annotation "${kata_pod_with_private_image}" \ "io.containerd.cri.runtime-handler" \ diff --git a/tests/integration/kubernetes/lib.sh b/tests/integration/kubernetes/lib.sh index af04d82c0f..0fa743b61d 100644 --- a/tests/integration/kubernetes/lib.sh +++ b/tests/integration/kubernetes/lib.sh @@ -191,6 +191,15 @@ set_metadata_annotation() { # yq set annotations in yaml. Quoting the key because it can have # dots. yq -i ".${annotation_key} = \"${value}\"" "${yaml}" + + if [[ "${key}" =~ kernel_params ]] && [[ "${KATA_HYPERVISOR}" == "qemu-se" ]]; then + # A secure boot image for IBM SE should be rebuilt according to the KBS configuration. + if [ -z "${IBM_SE_CREDS_DIR:-}" ]; then + >&2 echo "ERROR: IBM_SE_CREDS_DIR is empty" + return 1 + fi + repack_secure_image "${value}" "${IBM_SE_CREDS_DIR}" "true" + fi } # Set the command for container spec.