feat: add new command fwupdmgr to spec.fw_security (#4320)

Signed-off-by: Xiaoxue Wang <[email protected]> (cherry picked from commit 409aff8) (cherry picked from commit 70d22de)
RedHatInsights · Jan 2, 2025 · 2e957a0 · 2e957a0
1 parent 3a43152
commit 2e957a0
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 3 deletions.
diff --git a/insights/parsers/fwupdagent.py b/insights/parsers/fwupdagent.py
@@ -129,7 +129,9 @@ class FwupdagentDevices(CommandParser, JSONParser):
 @parser(Specs.fw_security)
 class FwupdagentSecurity(CommandParser, JSONParser):
     """
-    Class ``FwupdagentSecurity`` parses the output of the ``/bin/fwupdagent get-devices`` command.
+    Class ``FwupdagentSecurity`` parses the output of any of the commands:
+        - ``/usr/bin/fwupdmgr security --force --json``
+        - ``/bin/fwupdagent security --force``
 
     Attributes:
         data (dict): The parsed output of the command.

diff --git a/insights/specs/default.py b/insights/specs/default.py
@@ -356,7 +356,10 @@ class DefaultSpecs(Specs):
     firewalld_conf = simple_file("/etc/firewalld/firewalld.conf")
     foreman_production_log = simple_file("/var/log/foreman/production.log")
     fstab = simple_file("/etc/fstab")
-    fw_security = simple_command("/bin/fwupdagent security --force", deps=[IsBareMetal])
+    fw_security = first_of([
+        simple_command("/usr/bin/fwupdmgr security --force --json", deps=[IsBareMetal]),
+        simple_command("/bin/fwupdagent security --force", deps=[IsBareMetal])
+    ])
     galera_cnf = first_file(
         [
             "/var/lib/config-data/puppet-generated/mysql/etc/my.cnf.d/galera.cnf",

diff --git a/insights/specs/insights_archive.py b/insights/specs/insights_archive.py
@@ -79,7 +79,10 @@ class InsightsArchiveSpecs(Specs):
     findmnt_lo_propagation = simple_file("insights_commands/findmnt_-lo_PROPAGATION")
     firewall_cmd_list_all_zones = simple_file("insights_commands/firewall-cmd_--list-all-zones")
     fw_devices = simple_file("insights_commands/fwupdagent_get-devices")
-    fw_security = simple_file("insights_commands/fwupdagent_security_--force")
+    fw_security = first_file([
+        "insights_commands/fwupdmgr_security_--force_--json",
+        "insights_commands/fwupdagent_security_--force",
+    ])
     gcp_instance_type = simple_file("insights_commands/python_-m_insights.tools.cat_--no-header_gcp_instance_type")
     gcp_license_codes = simple_file("insights_commands/python_-m_insights.tools.cat_--no-header_gcp_license_codes")
     getcert_list = simple_file("insights_commands/getcert_list")

diff --git a/insights/tests/parsers/test_fwupdagent.py b/insights/tests/parsers/test_fwupdagent.py
@@ -133,6 +133,32 @@
 }
 """
 
+SECURITY_FWUPDMGR = """
+WARNING: UEFI firmware can not be updated in legacy BIOS mode
+See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information.
+{
+  "HostSecurityAttributes" : [
+    {
+      "AppstreamId" : "org.fwupd.hsi.Kernel.Tainted",
+      "HsiResult" : "not-tainted",
+      "Name" : "Linux kernel",
+      "Uri" : "https://fwupd.github.io/hsi.html#org.fwupd.hsi.Kernel.Tainted",
+      "Flags" : [
+        "success",
+        "runtime-issue"
+      ]
+    },
+    {
+      "AppstreamId" : "org.fwupd.hsi.EncryptedRam",
+      "HsiLevel" : 4,
+      "HsiResult" : "not-supported",
+      "Name" : "Encrypted RAM",
+      "Uri" : "https://fwupd.github.io/hsi.html#org.fwupd.hsi.EncryptedRam"
+    }
+  ]
+}
+"""
+
 SECURITY_ERROR_1 = """
 Failed to parse arguments: Unknown option --force
 """
@@ -185,6 +211,16 @@ def test_security():
         "WARNING: UEFI firmware can not be updated in legacy BIOS mode",
         "  See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information."]
 
+    security = FwupdagentSecurity(context_wrap(SECURITY_FWUPDMGR))
+    assert len(security["HostSecurityAttributes"]) == 2
+    assert security["HostSecurityAttributes"][0]["Name"] == "Linux kernel"
+    assert security["HostSecurityAttributes"][0]["HsiResult"] == "not-tainted"
+    assert security["HostSecurityAttributes"][1]["Name"] == "Encrypted RAM"
+    assert security["HostSecurityAttributes"][1]["HsiLevel"] == 4
+    assert security.unparsed_lines == [
+        "WARNING: UEFI firmware can not be updated in legacy BIOS mode",
+        "See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information."]
+
     with pytest.raises(ParseException):
         FwupdagentSecurity(context_wrap(SECURITY_ERROR_1))