ci: k8s: Fix checks used to skip confidential tests #9108
Conversation
This has been introduced by 53bc4a4, where the condition was changed. The correct condition is: * If the list of supported tees does not contain the kata hypervisor and the list of supported non tees does not contain the kata hypervisor. The error is that we were checking whether kata-hypervisor would contain the list of supported tees, and that would almost always be false (unless in the case where the list had an one and only one element). Fixes: kata-containers#9055 -- part II Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
|
/test |
There was a problem hiding this comment.
Approving, thanks @fidencio. All required checks and tests passing.
I spent some time trying to debug the snp failure. I will continue to investigate this, but may be a good idea to get this in so that the confidential test runs for now.
My understanding is that SNP shouldn't work, as the patch bringing in gmem support was not merged yet. Is this assumption valid? |
There was a problem hiding this comment.
My shell script interpretation logic hasn't booted yet, so I copied the if logic into a little script and tried it for all the hypervisors (and some random ones) and they all worked as I expected:
# ./test.sh qemu
KATA_HYPERVISOR: qemu
Setup proceeded
Non-tee - Need to apply image annotations
Confidential Launch Test not supported for qemu.
# ./test.sh qemu-sev
KATA_HYPERVISOR: qemu-sev
Setup proceeded
# ./test.sh qemu-se
KATA_HYPERVISOR: qemu-se
Setup proceeded
# ./test.sh qemu-snp
KATA_HYPERVISOR: qemu-snp
Setup proceeded
# ./test.sh qemu-tdx
KATA_HYPERVISOR: qemu-tdx
Setup proceeded
# ./test.sh qemu-fc
KATA_HYPERVISOR: qemu-fc
Test not supported for qemu-fc.
# ./test.sh qemu-junk
KATA_HYPERVISOR: qemu-junk
Test not supported for qemu-junk.
Thanks for the fix!
As the node kernel version has been updated, yes it shouldn't work. However, the job seemed to be failing on an earlier test. |
This has been introduced by 53bc4a4, where the condition was changed.
The correct condition is:
The error is that we were checking whether kata-hypervisor would contain the list of supported tees, and that would almost always be false (unless in the case where the list had an one and only one element).
Fixes: #9055 -- part II