Files
kata-containers/tests/integration/kubernetes/k8s-inotify.bats
Hyounggyu Choi ab462a4b89 tests: Add IBM SE to the basic confidential test
The existing confidential basic test titled `Test unencrypted
confidential container launch success and verify that we are
running in a secure enclave` has been updated to incorporate
IBM Secure Execution (`qemu-se`).
Previously, a secure image was absent from kata-deploy, hindering
the inclusion of IBM SE in the test.
Thanks to the #6755 update, it is now possible to test the TEE.

This modification extends the existing test by introducing
`qemu-se`. The specific changes are outlined below:

- Add an additional test `cc-se-e2e-tests` to s390x nightly
- Expansion of `REMOTE_COMMAND_PER_HYPERVISOR` for `qemu-se`
- Temporary exclusion of two test cases currently incompatible with IBM SE
(`cpu-ns` is a common issue across all TEEs, while `inotify`
will be addressed in a subsequent pull request).

Fixes: #8913

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2024-01-26 06:04:39 +01:00

51 lines
1.8 KiB
Bash

#!/usr/bin/env bats
#
# Copyright (c) 2021 Apple Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
load "${BATS_TEST_DIRNAME}/../../common.bash"
load "${BATS_TEST_DIRNAME}/tests_common.sh"
setup() {
[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
[ "${KATA_HYPERVISOR}" == "fc" ] && skip "test not working see: ${fc_limitations}"
issue_url="https://github.com/kata-containers/kata-containers/issues/8906"
[ "${KATA_HYPERVISOR}" == "qemu-se" ] && skip "test not working for IBM Z LPAR (see ${issue_url})"
get_pod_config_dir
}
@test "configmap update works, and preserves symlinks" {
pod_name="inotify-configmap-testing"
# Create configmap for my deployment
kubectl apply -f "${pod_config_dir}"/inotify-configmap.yaml
# Create deployment that expects identity-certs
kubectl apply -f "${pod_config_dir}"/inotify-configmap-pod.yaml
kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
# Update configmap
kubectl apply -f "${pod_config_dir}"/inotify-updated-configmap.yaml
# Ideally we'd wait for the pod to complete...
sleep 120
# Verify we saw the update
result=$(kubectl get pod "$pod_name" --output="jsonpath={.status.containerStatuses[]}")
echo $result | grep -vq Error
kubectl delete configmap cm
}
teardown() {
[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
[ "${KATA_HYPERVISOR}" == "fc" ] && skip "test not working see: ${fc_limitations}"
issue_url="https://github.com/kata-containers/kata-containers/issues/8906"
[ "${KATA_HYPERVISOR}" == "qemu-se" ] && skip "test not working for IBM Z LPAR (see ${issue_url})"
# Debugging information
kubectl describe "pod/$pod_name"
kubectl delete pod "$pod_name"
}