test: add coverage for disabling crypto.fips_enabled when FIPS_DISABL…

…E is set

Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>

test/pod.bats

@@ -157,6 +157,18 @@ function teardown() {
 	[[ "$output" == *"net.ipv4.ip_forward = 1"* ]]
 }
 
+@test "disable crypto.fips_enabled when FIPS_DISABLE is set" {
+	start_crio
+
+	jq '   .labels["FIPS_DISABLE"] = "true"' \
+		"$TESTDATA"/sandbox_config.json > "$TESTDIR"/sboxconfig.json
+
+	ctr_id=$(crictl run "$TESTDATA"/container_sleep.json "$TESTDIR"/sboxconfig.json)
+
+	output=$(crictl exec --sync "$ctr_id" cat /proc/sys/crypto/fips_enabled)
+	[[ "$output" == "0" ]]
+}
+
 @test "fail to pass pod sysctls to runtime if invalid spaces" {
 	CONTAINER_DEFAULT_SYSCTLS="net.ipv4.ip_forward = 1" crio &
 	run ! wait_until_reachable