AA/kbs_protocol: update KBS test image in RCAR unit test

The newest KBS uses a configuration file to launch. The new KBS image was built after merging commit confidential-containers/trustee@f141a78#diff-16118c763a8e72d853ec0c7c5d6e8355496c41d1b3da27bf0e4c432a2ea158a8 That commit updates the KBS side RCAR runtime data definition. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Xynnn007 · Dec 22, 2023 · 1e76429 · 1e76429
1 parent 6f87275
commit 1e76429
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/attestation-agent/kbs_protocol/src/client/rcar_client.rs b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
@@ -268,7 +268,7 @@ impl KbsClientCapabilities for KbsClient<Box<dyn EvidenceProvider>> {
 
 #[cfg(test)]
 mod test {
-    use std::{env, path::PathBuf};
+    use std::{env, path::PathBuf, time::Duration};
     use testcontainers::{clients, images::generic::GenericImage};
     use tokio::fs;
 
@@ -301,11 +301,13 @@ mod test {
         // we should change the entrypoint of the kbs image by using
         // a start script
         let mut start_kbs_script = env::current_dir().expect("get cwd");
+        let mut kbs_config = start_kbs_script.clone();
         start_kbs_script.push("test/start_kbs.sh");
+        kbs_config.push("test/kbs-config.toml");
 
         let image = GenericImage::new(
-            "ghcr.io/confidential-containers/key-broker-service",
-            "built-in-as-v0.7.0",
+            "ghcr.io/confidential-containers/staged-images/kbs",
+            "latest",
         )
         .with_exposed_port(8085)
         .with_volume(
@@ -316,9 +318,14 @@ mod test {
             start_kbs_script.into_os_string().to_string_lossy(),
             "/usr/local/bin/start_kbs.sh",
         )
+        .with_volume(
+            kbs_config.into_os_string().to_string_lossy(),
+            "/etc/kbs-config.toml",
+        )
         .with_entrypoint("/usr/local/bin/start_kbs.sh");
         let kbs = docker.run(image);
 
+        tokio::time::sleep(Duration::from_secs(10)).await;
         let port = kbs.get_host_port_ipv4(8085);
         let kbs_host_url = format!("http://127.0.0.1:{port}");
 

diff --git a/attestation-agent/kbs_protocol/test/kbs-config.toml b/attestation-agent/kbs_protocol/test/kbs-config.toml
@@ -0,0 +1,3 @@
+insecure_http = true
+insecure_api = true
+sockets = ["0.0.0.0:8085"]
diff --git a/attestation-agent/kbs_protocol/test/start_kbs.sh b/attestation-agent/kbs_protocol/test/start_kbs.sh
@@ -1,2 +1,2 @@
 #! /bin/bash
-kbs --socket 0.0.0.0:8085 --insecure-api --insecure-http
+kbs --config-file /etc/kbs-config.toml