From 1c2ea78bf8d06305305c24e42272ef116c2c8065 Mon Sep 17 00:00:00 2001
From: Maksim An <maksiman@microsoft.com>
Date: Mon, 14 Mar 2022 10:00:36 -0700
Subject: [PATCH] Hide policy tests behind LCOWIntegrity feature flag

Signed-off-by: Maksim An <maksiman@microsoft.com>
---
 test/cri-containerd/layer_integrity_test.go | 4 ++--
 test/cri-containerd/policy_test.go          | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/test/cri-containerd/layer_integrity_test.go b/test/cri-containerd/layer_integrity_test.go
index 2be96dda8c..e246aa2132 100644
--- a/test/cri-containerd/layer_integrity_test.go
+++ b/test/cri-containerd/layer_integrity_test.go
@@ -14,7 +14,7 @@ import (
 )
 
 func Test_LCOW_Layer_Integrity(t *testing.T) {
-	requireFeatures(t, featureLCOWIntegrity, featureLCOW)
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
 
 	client := newTestRuntimeClient(t)
 	ctx, cancel := context.WithCancel(context.Background())
@@ -85,7 +85,7 @@ func Test_LCOW_Layer_Integrity(t *testing.T) {
 
 			// Validate that verity target(s) present
 			output := shimDiagExecOutput(ctx, t, podID, []string{"ls", "-l", "/dev/mapper"})
-			filtered := filterStrings(strings.Split(output, "\n"), fmt.Sprintf("dm-verity-%s", scenario.layerType))
+			filtered := filterStrings(strings.Split(output, "\n"), fmt.Sprintf("verity-%s", scenario.layerType))
 			if len(filtered) == 0 {
 				t.Fatalf("expected verity targets for %s devices, none found.\n%s\n", scenario.layerType, output)
 			}
diff --git a/test/cri-containerd/policy_test.go b/test/cri-containerd/policy_test.go
index 1db6dd2fd9..ea184ecff4 100644
--- a/test/cri-containerd/policy_test.go
+++ b/test/cri-containerd/policy_test.go
@@ -92,7 +92,7 @@ func sandboxRequestWithPolicy(t *testing.T, policy string) *runtime.RunPodSandbo
 }
 
 func Test_RunPodSandbox_WithPolicy_Allowed(t *testing.T) {
-	requireFeatures(t, featureLCOW)
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
 	pullRequiredLCOWImages(t, []string{imageLcowK8sPause})
 
 	sandboxPolicy := sandboxSecurityPolicy(t)
@@ -109,7 +109,7 @@ func Test_RunPodSandbox_WithPolicy_Allowed(t *testing.T) {
 }
 
 func Test_RunSimpleAlpineContainer_WithPolicy_Allowed(t *testing.T) {
-	requireFeatures(t, featureLCOW)
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
 	pullRequiredLCOWImages(t, []string{imageLcowK8sPause, imageLcowAlpine})
 
 	alpinePolicy := alpineSecurityPolicy(t)
@@ -147,7 +147,7 @@ func Test_RunContainer_ValidContainerConfigs_Allowed(t *testing.T) {
 		opts []configOpt
 	}
 
-	requireFeatures(t, featureLCOW)
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
 	pullRequiredLCOWImages(t, []string{imageLcowK8sPause, imageLcowAlpine})
 
 	client := newTestRuntimeClient(t)
@@ -214,7 +214,7 @@ func Test_RunContainer_InvalidContainerConfigs_NotAllowed(t *testing.T) {
 		expectedError string
 	}
 
-	requireFeatures(t, featureLCOW)
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
 	pullRequiredLCOWImages(t, []string{imageLcowK8sPause, imageLcowAlpine})
 
 	alpinePolicy := alpineSecurityPolicy(t)