gcp: add --confidential-vm option to support confidential vm

[HuijingHei]

To run tests on confidential vm on gcp using kola, like:
kola run -d -p gcp --gcp-image=projects/fedora-coreos-cloud/global/images/fedora-coreos-38-20230507-20-3-gcp-x86-64 --gcp-json-key=/srv/tool/gcp.json --gcp-machinetype n2d-standard-2 --gcp-confidential-vm basic
Refer to coreos/fedora-coreos-tracker#1457

Note:
Confidential VM supports the N2D series of machine types. See https://cloud.google.com/compute/docs/about-confidential-vm

[HuijingHei]

$ ./bin/kola run -d -p gcp --gcp-image=projects/fedora-coreos-cloud/global/images/fedora-coreos-38-20230507-20-3-gcp-x86-64 --gcp-json-key=/srv/tool/gcp.json --gcp-project=xxx --gcp-machinetype n2d-standard-2 --gcp-confidential-vm basic
2023-05-15T13:26:26Z cli: Started logging at level DEBUG
2023-05-15T13:26:26Z cli: Started logging at level DEBUG
=== RUN   basic
2023-05-15T13:26:26Z platform/api/gcloud: Creating instance "kola-5639acb7177d31acf571"
2023-05-15T13:26:38Z util: WaitUntilReady: checkFunction took 119.49877ms
2023-05-15T13:26:38Z platform/api/gcloud: Created instance "kola-5639acb7177d31acf571"
2023-05-15T13:26:38Z kola: Trying to StartMachine() kola-5639acb7177d31acf571
2023-05-15T13:27:03Z util: RetryUntilTimeout: f() took 25.098270917s
2023-05-15T13:27:19Z util: RetryUntilTimeout: f() took 6.285688485s
2023-05-15T13:27:30Z util: RetryUntilTimeout: f() took 730.941085ms
2023-05-15T13:27:30Z util: RetryUntilTimeout: f() took 566.726001ms
=== RUN   basic/FCOSGrowpart
=== RUN   basic/PortSSH
=== RUN   basic/DbusPerms
=== RUN   basic/ServicesActive
=== RUN   basic/ReadOnly
=== RUN   basic/Useradd
=== RUN   basic/MachineID
2023-05-15T13:27:43Z platform/api/gcloud: Terminating instance "kola-5639acb7177d31acf571"
--- PASS: basic (77.41s)
    --- PASS: basic/FCOSGrowpart (0.60s)
    --- PASS: basic/PortSSH (0.57s)
    --- PASS: basic/DbusPerms (0.68s)
    --- PASS: basic/ServicesActive (0.58s)
    --- PASS: basic/ReadOnly (0.57s)
    --- PASS: basic/Useradd (0.68s)
    --- PASS: basic/MachineID (0.57s)
PASS, output in _kola_temp/gcp-2023-05-15-1326-13682

[cgwalters]

LGTM. We could probably build on this to add a sanity check for confidential compute in kola...something like

   platforms: gcp
   platform-flags: confidential

in an external test metadata?

But that can clearly be a followup.

[HuijingHei]

We could probably build on this to add a sanity check for confidential compute in kola...something like

   platforms: gcp
   platform-flags: confidential

in an external test metadata?

But that can clearly be a followup.

Yes, you are correct, thanks for the heads up.

[dustymabe]

We could probably build on this to add a sanity check for confidential compute in kola...something like

   platforms: gcp
   platform-flags: confidential

in an external test metadata?
But that can clearly be a followup.

Yes, you are correct, thanks for the heads up.

I agree. It would be pretty cool to have the tests define what requirements they have and then they just get mixed into the other tests instead of having to be run separately. For example, we have a few different invocations of tests in our kola-aws test that we could probably just define in the tests themselves and let it run in the main kola run invocation.

I do agree this is a larger feature and should probably be done in a followup. For now for GCP we can just add another call in the kola-gcp pipeline job.

[HuijingHei]

/retest-required

[jlebon]

LGTM, thanks! Let's chat about better test integration in coreos/fedora-coreos-tracker#1457. I had written a suggestion there too.