feat: New spec "/etc/fapolicyd/rules.d/*.rules" and parser (#3587)

* feat: New spec "/etc/fapolicyd/rules.d/*.rules" and parser

Signed-off-by: Huanhuan Li <[email protected]>

* Add "last_scan" in the example to make it more readable

* Add a comment to explain why the doc can not be tested

Signed-off-by: Huanhuan Li <[email protected]>

Signed-off-by: Huanhuan Li <[email protected]>

docs/shared_parsers_catalog/fapolicyd_rules.rst

@@ -0,0 +1,3 @@
+.. automodule:: insights.parsers.fapolicyd_rules
+   :members:
+   :show-inheritance:

insights/parsers/fapolicyd_rules.py

@@ -0,0 +1,35 @@
+"""
+FapolicydRules - file ``/etc/fapolicyd/rules.d/*.rules``
+========================================================
+"""
+
+from insights import parser
+from insights.core import LogFileOutput
+from insights.specs import Specs
+
+
+@parser(Specs.fapolicyd_rules)
+class FapolicydRules(LogFileOutput):
+    """
+    Parse the content of ``/etc/fapolicyd/rules.d/*.rules`` file.
+
+    .. note::
+
+        The rules do not require to get the parsed result currently.
+        It just need to check if it contains specific lines, so use
+        :class:`insights.core.LogFileOutput` as the base class.
+
+    Sample input::
+
+        deny_audit perm=any pattern=ld_so : all
+        deny_audit perm=any pattern=ld_preload : all
+
+    Examples:
+        >>> from insights.parsers.fapolicyd_rules import FapolicydRules
+        >>> FapolicydRules.last_scan('ld_so_deny_audit_test', 'deny_audit perm=any pattern=ld_so : all')
+        >>> type(fapolicyd_rules)
+        <class 'insights.parsers.fapolicyd_rules.FapolicydRules'>
+        >>> fapolicyd_rules.ld_so_deny_audit_test.get('raw_message')
+        'deny_audit perm=any pattern=ld_so : all'
+    """
+    pass

insights/specs/__init__.py

@@ -168,6 +168,7 @@ class Specs(SpecSet):
     ethtool_k = RegistryPoint(multi_output=True)
     exim_conf = RegistryPoint()
     facter = RegistryPoint()
+    fapolicyd_rules = RegistryPoint(multi_output=True, filterable=True)
     fc_match = RegistryPoint()
     fcoeadm_i = RegistryPoint()
     fdisk_l = RegistryPoint()

insights/specs/default.py

@@ -188,6 +188,7 @@ class DefaultSpecs(Specs):
     ethtool_g = foreach_execute(ethernet.interfaces, "/sbin/ethtool -g %s")
     ethtool_i = foreach_execute(ethernet.interfaces, "/sbin/ethtool -i %s")
     ethtool_k = foreach_execute(ethernet.interfaces, "/sbin/ethtool -k %s")
+    fapolicyd_rules = glob_file(r"/etc/fapolicyd/rules.d/*.rules")
     fcoeadm_i = simple_command("/usr/sbin/fcoeadm -i")
     findmnt_lo_propagation = simple_command("/bin/findmnt -lo+PROPAGATION")
     firewall_cmd_list_all_zones = simple_command("/usr/bin/firewall-cmd --list-all-zones")

insights/tests/parsers/test_fapolicyd_rules.py

@@ -0,0 +1,28 @@
+from insights.parsers.fapolicyd_rules import FapolicydRules
+from insights.tests import context_wrap
+
+CONTENT = """
+# This file contains the list of all patterns. Only the ld_so pattern
+# is enabled by default.
+
+deny_audit perm=any pattern=ld_so : all
+#deny_audit perm=any pattern=ld_preload : all
+#deny_audit perm=any pattern=static : all
+"""
+
+
+def test_udev_rules():
+    FapolicydRules.last_scan('test_deny_audit_lo_so1', 'deny_audit perm=any pattern=ld_so : all')
+    result = FapolicydRules(context_wrap(CONTENT, path='/etc/fapolicyd/rules.d/30-patterns.rules'))
+    assert result.test_deny_audit_lo_so1.get('raw_message') == 'deny_audit perm=any pattern=ld_so : all'
+
+
+def test_doc():
+    """
+    To make the examples readable, it's better to show one of the main usage "last_scan".
+    And the last_scan should be called before the parser initialation.
+    However, the initialization is done here, so the "last_scan" in the example won't work.
+    As a result, it will rasise error when refering the result key.
+    So we will not thest the examples, just show the users how to use it.
+    """
+    pass