mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-10-22 04:18:53 +00:00
The existing confidential basic test titled `Test unencrypted confidential container launch success and verify that we are running in a secure enclave` has been updated to incorporate IBM Secure Execution (`qemu-se`). Previously, a secure image was absent from kata-deploy, hindering the inclusion of IBM SE in the test. Thanks to the #6755 update, it is now possible to test the TEE. This modification extends the existing test by introducing `qemu-se`. The specific changes are outlined below: - Add an additional test `cc-se-e2e-tests` to s390x nightly - Expansion of `REMOTE_COMMAND_PER_HYPERVISOR` for `qemu-se` - Temporary exclusion of two test cases currently incompatible with IBM SE (`cpu-ns` is a common issue across all TEEs, while `inotify` will be addressed in a subsequent pull request). Fixes: #8913 Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
51 lines
1.8 KiB
Bash
51 lines
1.8 KiB
Bash
#!/usr/bin/env bats
|
|
#
|
|
# Copyright (c) 2021 Apple Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
load "${BATS_TEST_DIRNAME}/../../common.bash"
|
|
load "${BATS_TEST_DIRNAME}/tests_common.sh"
|
|
|
|
setup() {
|
|
[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
|
|
[ "${KATA_HYPERVISOR}" == "fc" ] && skip "test not working see: ${fc_limitations}"
|
|
issue_url="https://github.com/kata-containers/kata-containers/issues/8906"
|
|
[ "${KATA_HYPERVISOR}" == "qemu-se" ] && skip "test not working for IBM Z LPAR (see ${issue_url})"
|
|
get_pod_config_dir
|
|
}
|
|
|
|
@test "configmap update works, and preserves symlinks" {
|
|
pod_name="inotify-configmap-testing"
|
|
|
|
# Create configmap for my deployment
|
|
kubectl apply -f "${pod_config_dir}"/inotify-configmap.yaml
|
|
|
|
# Create deployment that expects identity-certs
|
|
kubectl apply -f "${pod_config_dir}"/inotify-configmap-pod.yaml
|
|
kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
|
|
|
|
# Update configmap
|
|
kubectl apply -f "${pod_config_dir}"/inotify-updated-configmap.yaml
|
|
|
|
# Ideally we'd wait for the pod to complete...
|
|
sleep 120
|
|
|
|
# Verify we saw the update
|
|
result=$(kubectl get pod "$pod_name" --output="jsonpath={.status.containerStatuses[]}")
|
|
echo $result | grep -vq Error
|
|
|
|
kubectl delete configmap cm
|
|
}
|
|
|
|
teardown() {
|
|
[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
|
|
[ "${KATA_HYPERVISOR}" == "fc" ] && skip "test not working see: ${fc_limitations}"
|
|
issue_url="https://github.com/kata-containers/kata-containers/issues/8906"
|
|
[ "${KATA_HYPERVISOR}" == "qemu-se" ] && skip "test not working for IBM Z LPAR (see ${issue_url})"
|
|
# Debugging information
|
|
kubectl describe "pod/$pod_name"
|
|
kubectl delete pod "$pod_name"
|
|
}
|