test/e2e: Update KBS calls

The attestation-policy doesn't support allow_all, so remove those calls to use the default and where we were denying this, try switching that to the resource policy instead. Signed-off-by: stevenhorsman <steven@uk.ibm.com>
confidential-containers · Jan 17, 2025 · ded7cdf · ded7cdf
1 parent 884ff6b
commit ded7cdf
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 15 deletions.
diff --git a/src/cloud-api-adaptor/test/e2e/common_suite.go b/src/cloud-api-adaptor/test/e2e/common_suite.go
@@ -547,10 +547,6 @@ func DoTestImageDecryption(t *testing.T, e env.Environment, assert CloudAssert,
 		if err != nil {
 			t.Fatalf("Failed to enable KBS customized resource policy: %v", err)
 		}
-		err = kbs.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
-		if err != nil {
-			t.Fatalf("Failed to enable KBS customized attestation policy: %v", err)
-		}
 		kbsEndpoint, err = kbs.GetCachedKbsEndpoint()
 		if err != nil {
 			t.Fatalf("Failed to get KBS endpoint: %v", err)

diff --git a/src/cloud-api-adaptor/test/e2e/libvirt_test.go b/src/cloud-api-adaptor/test/e2e/libvirt_test.go
@@ -159,10 +159,6 @@ func TestLibvirtSealedSecret(t *testing.T) {
 	if err != nil {
 		t.Fatalf("EnableKbsCustomizedResourcePolicy failed with: %v", err)
 	}
-	err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
-	if err != nil {
-		t.Fatalf("EnableKbsCustomizedAttestationPolicy failed with: %v", err)
-	}
 	kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
 	if err != nil {
 		t.Fatalf("GetCachedKbsEndpoint failed with: %v", err)
@@ -182,14 +178,10 @@ func TestLibvirtKbsKeyRelease(t *testing.T) {
 	if err != nil {
 		t.Fatalf("SetSecret failed with: %v", err)
 	}
-	err = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
+	err = keyBrokerService.EnableKbsCustomizedResourcePolicy("deny_all.rego")
 	if err != nil {
 		t.Fatalf("EnableKbsCustomizedResourcePolicy failed with: %v", err)
 	}
-	err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("deny_all.rego")
-	if err != nil {
-		t.Fatalf("EnableKbsCustomizedAttestationPolicy failed with: %v", err)
-	}
 	kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
 	if err != nil {
 		t.Fatalf("GetCachedKbsEndpoint failed with: %v", err)
@@ -213,9 +205,9 @@ func TestLibvirtKbsKeyRelease(t *testing.T) {
 		DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
 	} else {
 		t.Log("KBS normal cases")
-		err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
+		err = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
 		if err != nil {
-			t.Fatalf("EnableKbsCustomizedAttestationPolicy failed with: %v", err)
+			t.Fatalf("EnableKbsCustomizedResourcePolicy failed with: %v", err)
 		}
 		DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
 	}