From 5eaaa7ffa196885b9d0738c33617c3c20b399d0a Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Wed, 2 Apr 2025 15:11:12 +0400 Subject: [PATCH] test: fix enforcing steps in cron Build UKI certs in cron. Also pass `enforcing=1` to the initial step (if applicable). Signed-off-by: Andrey Smirnov --- .github/workflows/ci.yaml | 46 ++++++++++++++++++- ...ntegration-conformance-enforcing-cron.yaml | 9 +++- .../integration-misc-1-enforcing-cron.yaml | 12 ++++- .../integration-misc-3-enforcing-cron.yaml | 11 ++++- .../integration-misc-4-enforcing-cron.yaml | 12 ++++- .../integration-qemu-enforcing-cron.yaml | 9 +++- ...tegration-trusted-boot-enforcing-cron.yaml | 3 +- .kres.yaml | 39 ++++++++++++++++ hack/test/e2e-qemu.sh | 7 +++ 9 files changed, 141 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 549c4a20d..267cbc6c0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-04-01T10:44:44Z by kres d903dae. +# Generated on 2025-04-02T11:11:10Z by kres d903dae. name: default concurrency: @@ -1179,6 +1179,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -1201,6 +1207,7 @@ jobs: QEMU_MEMORY_WORKERS: "4096" TAG_SUFFIX_IN: -enforcing TEST_MODE: fast-conformance + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: save artifacts @@ -2154,6 +2161,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -2175,6 +2188,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing WITH_CLUSTER_DISCOVERY: "false" + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: e2e-kubespan @@ -2185,6 +2199,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing WITH_CLUSTER_DISCOVERY: "true" + WITH_ENFORCING: "true" WITH_KUBESPAN: "true" run: | sudo -E make e2e-qemu @@ -2197,6 +2212,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: e2e-min-requirements @@ -2209,6 +2225,7 @@ jobs: QEMU_SYSTEM_DISK_SIZE: "10240" SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: save artifacts @@ -2557,6 +2574,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -2577,6 +2600,7 @@ jobs: IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: "true" WITH_NETWORK_CHAOS: "yes" run: | sudo -E make e2e-qemu @@ -2588,6 +2612,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing WITH_CONFIG_INJECTION_METHOD: metal-iso + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: e2e-iommu-pcidriverrebind @@ -2597,6 +2622,7 @@ jobs: IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: "true" WITH_IOMMU: "yes" run: | sudo -E make e2e-qemu @@ -2811,6 +2837,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -2832,6 +2864,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" WITH_SIDEROLINK_AGENT: "true" run: | sudo -E make e2e-qemu @@ -2843,6 +2876,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" WITH_SIDEROLINK_AGENT: tunnel run: | sudo -E make e2e-qemu @@ -2854,6 +2888,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" WITH_SIDEROLINK_AGENT: wireguard+tls run: | sudo -E make e2e-qemu @@ -2873,6 +2908,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml' + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: save artifacts @@ -3790,6 +3826,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -3813,6 +3855,7 @@ jobs: TAG_SUFFIX_IN: -enforcing USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2 WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml' + WITH_ENFORCING: "true" WITH_USER_DISK: "true" run: | sudo -E make e2e-qemu @@ -4227,6 +4270,7 @@ jobs: IMAGE_REGISTRY: registry.dev.siderolabs.io TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" WITH_TRUSTED_BOOT_ISO: "true" run: | sudo -E make e2e-qemu diff --git a/.github/workflows/integration-conformance-enforcing-cron.yaml b/.github/workflows/integration-conformance-enforcing-cron.yaml index cfc35a0c2..f870e9dc5 100644 --- a/.github/workflows/integration-conformance-enforcing-cron.yaml +++ b/.github/workflows/integration-conformance-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-04-01T08:14:24Z by kres d903dae. +# Generated on 2025-04-02T11:11:10Z by kres d903dae. name: integration-conformance-enforcing-cron concurrency: @@ -74,6 +74,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -96,6 +102,7 @@ jobs: QEMU_MEMORY_WORKERS: "4096" TAG_SUFFIX_IN: -enforcing TEST_MODE: fast-conformance + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: save artifacts diff --git a/.github/workflows/integration-misc-1-enforcing-cron.yaml b/.github/workflows/integration-misc-1-enforcing-cron.yaml index 9c8bbee4f..29b42d892 100644 --- a/.github/workflows/integration-misc-1-enforcing-cron.yaml +++ b/.github/workflows/integration-misc-1-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-04-01T10:44:44Z by kres d903dae. +# Generated on 2025-04-02T11:11:10Z by kres d903dae. name: integration-misc-1-enforcing-cron concurrency: @@ -74,6 +74,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -95,6 +101,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing WITH_CLUSTER_DISCOVERY: "false" + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: e2e-kubespan @@ -105,6 +112,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing WITH_CLUSTER_DISCOVERY: "true" + WITH_ENFORCING: "true" WITH_KUBESPAN: "true" run: | sudo -E make e2e-qemu @@ -117,6 +125,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: e2e-min-requirements @@ -129,6 +138,7 @@ jobs: QEMU_SYSTEM_DISK_SIZE: "10240" SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: save artifacts diff --git a/.github/workflows/integration-misc-3-enforcing-cron.yaml b/.github/workflows/integration-misc-3-enforcing-cron.yaml index e93e26584..7e7e22bcb 100644 --- a/.github/workflows/integration-misc-3-enforcing-cron.yaml +++ b/.github/workflows/integration-misc-3-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-04-01T08:14:24Z by kres d903dae. +# Generated on 2025-04-02T11:11:10Z by kres d903dae. name: integration-misc-3-enforcing-cron concurrency: @@ -74,6 +74,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -94,6 +100,7 @@ jobs: IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: "true" WITH_NETWORK_CHAOS: "yes" run: | sudo -E make e2e-qemu @@ -105,6 +112,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing WITH_CONFIG_INJECTION_METHOD: metal-iso + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: e2e-iommu-pcidriverrebind @@ -114,6 +122,7 @@ jobs: IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: "true" WITH_IOMMU: "yes" run: | sudo -E make e2e-qemu diff --git a/.github/workflows/integration-misc-4-enforcing-cron.yaml b/.github/workflows/integration-misc-4-enforcing-cron.yaml index fe5b354b9..7556226f1 100644 --- a/.github/workflows/integration-misc-4-enforcing-cron.yaml +++ b/.github/workflows/integration-misc-4-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-04-01T08:14:24Z by kres d903dae. +# Generated on 2025-04-02T11:11:10Z by kres d903dae. name: integration-misc-4-enforcing-cron concurrency: @@ -74,6 +74,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -95,6 +101,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" WITH_SIDEROLINK_AGENT: "true" run: | sudo -E make e2e-qemu @@ -106,6 +113,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" WITH_SIDEROLINK_AGENT: tunnel run: | sudo -E make e2e-qemu @@ -117,6 +125,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" WITH_SIDEROLINK_AGENT: wireguard+tls run: | sudo -E make e2e-qemu @@ -136,6 +145,7 @@ jobs: SHORT_INTEGRATION_TEST: "yes" TAG_SUFFIX_IN: -enforcing WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml' + WITH_ENFORCING: "true" run: | sudo -E make e2e-qemu - name: save artifacts diff --git a/.github/workflows/integration-qemu-enforcing-cron.yaml b/.github/workflows/integration-qemu-enforcing-cron.yaml index c622efad4..9cfecc4e7 100644 --- a/.github/workflows/integration-qemu-enforcing-cron.yaml +++ b/.github/workflows/integration-qemu-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-04-01T08:14:24Z by kres d903dae. +# Generated on 2025-04-02T11:11:10Z by kres d903dae. name: integration-qemu-enforcing-cron concurrency: @@ -74,6 +74,12 @@ jobs: PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: uki-certs + if: github.event_name == 'schedule' + env: + PLATFORM: linux/amd64 + run: | + make uki-certs - name: talosctl-cni-bundle if: github.event_name == 'schedule' run: | @@ -97,6 +103,7 @@ jobs: TAG_SUFFIX_IN: -enforcing USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2 WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml' + WITH_ENFORCING: "true" WITH_USER_DISK: "true" run: | sudo -E make e2e-qemu diff --git a/.github/workflows/integration-trusted-boot-enforcing-cron.yaml b/.github/workflows/integration-trusted-boot-enforcing-cron.yaml index bd416ff4d..13d3897f4 100644 --- a/.github/workflows/integration-trusted-boot-enforcing-cron.yaml +++ b/.github/workflows/integration-trusted-boot-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-04-01T08:14:24Z by kres d903dae. +# Generated on 2025-04-02T11:11:10Z by kres d903dae. name: integration-trusted-boot-enforcing-cron concurrency: @@ -108,6 +108,7 @@ jobs: IMAGE_REGISTRY: registry.dev.siderolabs.io TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" + WITH_ENFORCING: "true" WITH_TRUSTED_BOOT_ISO: "true" run: | sudo -E make e2e-qemu diff --git a/.kres.yaml b/.kres.yaml index dd7991059..b058c352f 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -388,6 +388,11 @@ spec: PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true + - name: uki-certs + environment: + PLATFORM: linux/amd64 + conditions: + - only-on-schedule - name: talosctl-cni-bundle conditions: - only-on-schedule @@ -410,6 +415,7 @@ spec: QEMU_EXTRA_DISKS_DRIVERS: "ide,nvme" WITH_CONFIG_PATCH_WORKER: "@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml" WITH_USER_DISK: "true" + WITH_ENFORCING: true USER_DISKS_MOUNTS: "/var/lib/extra,/var/lib/p1,/var/lib/p2" - name: save-talos-logs conditions: @@ -505,6 +511,11 @@ spec: PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true + - name: uki-certs + environment: + PLATFORM: linux/amd64 + conditions: + - only-on-schedule - name: talosctl-cni-bundle conditions: - only-on-schedule @@ -525,6 +536,7 @@ spec: QEMU_MEMORY_WORKERS: 4096 TEST_MODE: fast-conformance TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: true EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs @@ -671,6 +683,7 @@ spec: VIA_MAINTENANCE_MODE: true WITH_TRUSTED_BOOT_ISO: true TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: true EXTRA_TEST_ARGS: "-talos.trustedboot -talos.enforcing" IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs @@ -1034,6 +1047,11 @@ spec: PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true + - name: uki-certs + environment: + PLATFORM: linux/amd64 + conditions: + - only-on-schedule - name: talosctl-cni-bundle conditions: - only-on-schedule @@ -1054,6 +1072,7 @@ spec: WITH_CLUSTER_DISCOVERY: false TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing + WITH_ENFORCING: true IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-kubespan command: e2e-qemu @@ -1065,6 +1084,7 @@ spec: WITH_KUBESPAN: true TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing + WITH_ENFORCING: true IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-default-hostname command: e2e-qemu @@ -1076,6 +1096,7 @@ spec: DISABLE_DHCP_HOSTNAME: true TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing + WITH_ENFORCING: true IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-min-requirements command: e2e-qemu @@ -1088,6 +1109,7 @@ spec: QEMU_SYSTEM_DISK_SIZE: 10240 TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing + WITH_ENFORCING: true IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs conditions: @@ -1311,6 +1333,11 @@ spec: PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true + - name: uki-certs + environment: + PLATFORM: linux/amd64 + conditions: + - only-on-schedule - name: talosctl-cni-bundle conditions: - only-on-schedule @@ -1331,6 +1358,7 @@ spec: WITH_NETWORK_CHAOS: yes TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing + WITH_ENFORCING: true IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-metal-iso command: e2e-qemu @@ -1341,6 +1369,7 @@ spec: WITH_CONFIG_INJECTION_METHOD: "metal-iso" TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing + WITH_ENFORCING: true IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-iommu-pcidriverrebind command: e2e-qemu @@ -1351,6 +1380,7 @@ spec: WITH_IOMMU: yes TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing + WITH_ENFORCING: true IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs conditions: @@ -1482,6 +1512,11 @@ spec: PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true + - name: uki-certs + environment: + PLATFORM: linux/amd64 + conditions: + - only-on-schedule - name: talosctl-cni-bundle conditions: - only-on-schedule @@ -1502,6 +1537,7 @@ spec: WITH_SIDEROLINK_AGENT: true VIA_MAINTENANCE_MODE: true TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: true EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-siderolink-tunnel @@ -1513,6 +1549,7 @@ spec: WITH_SIDEROLINK_AGENT: tunnel VIA_MAINTENANCE_MODE: true TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: true EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-siderolink-tls @@ -1524,6 +1561,7 @@ spec: WITH_SIDEROLINK_AGENT: wireguard+tls VIA_MAINTENANCE_MODE: true TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: true EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-apparmor @@ -1542,6 +1580,7 @@ spec: SHORT_INTEGRATION_TEST: yes WITH_CONFIG_PATCH: "@hack/test/patches/usernamespace.yaml" TAG_SUFFIX_IN: -enforcing + WITH_ENFORCING: true EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs diff --git a/hack/test/e2e-qemu.sh b/hack/test/e2e-qemu.sh index 541fb731e..f53df5c6f 100755 --- a/hack/test/e2e-qemu.sh +++ b/hack/test/e2e-qemu.sh @@ -255,6 +255,13 @@ case "${WITH_USER_DISK:-false}" in ;; esac +case "${WITH_ENFORCING:-false}" in + false) + ;; + *) + QEMU_FLAGS+=("--extra-boot-kernel-args=enforcing=1") + ;; +esac function create_cluster { build_registry_mirrors