From 866b1fbf84fb08806441971ae5ffcd36177d9c1a Mon Sep 17 00:00:00 2001
From: Maksim An <maksiman@microsoft.com>
Date: Mon, 14 Mar 2022 10:00:36 -0700
Subject: [PATCH] Hide policy tests behind LCOWIntegrity feature flag

Signed-off-by: Maksim An <maksiman@microsoft.com>
---
 test/cri-containerd/layer_integrity_test.go |  4 ++--
 test/cri-containerd/policy_test.go          | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/test/cri-containerd/layer_integrity_test.go b/test/cri-containerd/layer_integrity_test.go
index b4ae92ea59..b9b8f94457 100644
--- a/test/cri-containerd/layer_integrity_test.go
+++ b/test/cri-containerd/layer_integrity_test.go
@@ -14,7 +14,7 @@ import (
 )
 
 func Test_LCOW_Layer_Integrity(t *testing.T) {
-	requireFeatures(t, featureLCOWIntegrity, featureLCOW)
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
 
 	client := newTestRuntimeClient(t)
 	ctx, cancel := context.WithCancel(context.Background())
@@ -85,7 +85,7 @@ func Test_LCOW_Layer_Integrity(t *testing.T) {
 
 			// Validate that verity target(s) present
 			output := shimDiagExecOutput(ctx, t, podID, []string{"ls", "-l", "/dev/mapper"})
-			filtered := filterStrings(strings.Split(output, "\n"), fmt.Sprintf("dm-verity-%s", scenario.layerType))
+			filtered := filterStrings(strings.Split(output, "\n"), fmt.Sprintf("verity-%s", scenario.layerType))
 			if len(filtered) == 0 {
 				t.Fatalf("expected verity targets for %s devices, none found.\n%s\n", scenario.layerType, output)
 			}
diff --git a/test/cri-containerd/policy_test.go b/test/cri-containerd/policy_test.go
index fcddab8b10..ea8b1f51f9 100644
--- a/test/cri-containerd/policy_test.go
+++ b/test/cri-containerd/policy_test.go
@@ -103,7 +103,7 @@ func sandboxRequestWithPolicy(t *testing.T, policy string) *runtime.RunPodSandbo
 }
 
 func Test_RunPodSandbox_WithPolicy_Allowed(t *testing.T) {
-	requireFeatures(t, featureLCOW)
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
 	pullRequiredLCOWImages(t, []string{imageLcowK8sPause})
 
 	sandboxPolicy := sandboxSecurityPolicy(t)
@@ -120,7 +120,7 @@ func Test_RunPodSandbox_WithPolicy_Allowed(t *testing.T) {
 }
 
 func Test_RunSimpleAlpineContainer_WithPolicy_Allowed(t *testing.T) {
-	requireFeatures(t, featureLCOW)
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
 	pullRequiredLCOWImages(t, []string{imageLcowK8sPause, imageLcowAlpine})
 
 	alpinePolicy := alpineSecurityPolicy(t)
@@ -290,13 +290,13 @@ func Test_RunContainer_ValidContainerConfigs_Allowed(t *testing.T) {
 		opts []configOpt
 	}
 
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
+	pullRequiredLCOWImages(t, []string{imageLcowK8sPause, imageLcowAlpine})
+
 	client := newTestRuntimeClient(t)
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	requireFeatures(t, featureLCOW)
-	pullRequiredLCOWImages(t, []string{imageLcowK8sPause, imageLcowAlpine})
-
 	for _, testConfig := range []config{
 		{
 			name: "WorkingDir",
@@ -357,13 +357,13 @@ func Test_RunContainer_InvalidContainerConfigs_NotAllowed(t *testing.T) {
 		expectedError string
 	}
 
+	requireFeatures(t, featureLCOW, featureLCOWIntegrity)
+	pullRequiredLCOWImages(t, []string{imageLcowK8sPause, imageLcowAlpine})
+
 	client := newTestRuntimeClient(t)
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	requireFeatures(t, featureLCOW)
-	pullRequiredLCOWImages(t, []string{imageLcowK8sPause, imageLcowAlpine})
-
 	alpinePolicy := alpineSecurityPolicy(t)
 	for _, testConfig := range []config{
 		{