/keylime-e2e-tests-with-python-agent:

  summary: run selected keylime e2e tests using Python keylime_agent

  context:
    swtpm: yes
    agent: python

  prepare:
    - how: shell
      script:
       - dnf config-manager --set-enabled updates-testing updates-testing-modular
       - systemctl disable --now dnf-makecache.service || true
       - systemctl disable --now dnf-makecache.timer || true
    - how: shell
      order: 90
      script:
       - sed -i "s/tpm_hash_alg =.*/tpm_hash_alg = sha256/" /etc/keylime.conf

  discover:
    how: fmf
    url: https://github.com/RedHat-SP-Security/keylime-tests
    ref: "@.tmt/dynamic_ref.fmf"
    test:
     - /setup/configure_tpm_emulator
     - /setup/configure_kernel_ima_module/ima_policy_signing
     - /setup/inject_SELinux_AVC_check
     - /functional/basic-attestation-on-localhost
     - /functional/measured-boot-swtpm-sanity
     - /functional/ek-cert-use-ek_check_script
     - /functional/ek-cert-use-ek_handle-custom-ca_certs

  execute:
    how: tmt

  adjust:
    - when: distro == fedora-rawhide
      environment:
          AVC_CHECK_AUSEARCH_PARAMS: "-se keylime"
      because: "On Rawhide we ignore SELinux AVCs not related to keylime"