diff --git a/insights/parsers/fwupdagent.py b/insights/parsers/fwupdagent.py index 7a6695b52d..e465d8bec7 100644 --- a/insights/parsers/fwupdagent.py +++ b/insights/parsers/fwupdagent.py @@ -129,7 +129,9 @@ class FwupdagentDevices(CommandParser, JSONParser): @parser(Specs.fw_security) class FwupdagentSecurity(CommandParser, JSONParser): """ - Class ``FwupdagentSecurity`` parses the output of the ``/bin/fwupdagent get-devices`` command. + Class ``FwupdagentSecurity`` parses the output of any of the commands: + - ``/usr/bin/fwupdmgr security --force --json`` + - ``/bin/fwupdagent security --force`` Attributes: data (dict): The parsed output of the command. diff --git a/insights/specs/default.py b/insights/specs/default.py index 92e7306d85..336fe9df13 100644 --- a/insights/specs/default.py +++ b/insights/specs/default.py @@ -356,7 +356,10 @@ class DefaultSpecs(Specs): firewalld_conf = simple_file("/etc/firewalld/firewalld.conf") foreman_production_log = simple_file("/var/log/foreman/production.log") fstab = simple_file("/etc/fstab") - fw_security = simple_command("/bin/fwupdagent security --force", deps=[IsBareMetal]) + fw_security = first_of([ + simple_command("/usr/bin/fwupdmgr security --force --json", deps=[IsBareMetal]), + simple_command("/bin/fwupdagent security --force", deps=[IsBareMetal]) + ]) galera_cnf = first_file( [ "/var/lib/config-data/puppet-generated/mysql/etc/my.cnf.d/galera.cnf", diff --git a/insights/specs/insights_archive.py b/insights/specs/insights_archive.py index ae53d31d6e..88554b4d38 100644 --- a/insights/specs/insights_archive.py +++ b/insights/specs/insights_archive.py @@ -79,7 +79,10 @@ class InsightsArchiveSpecs(Specs): findmnt_lo_propagation = simple_file("insights_commands/findmnt_-lo_PROPAGATION") firewall_cmd_list_all_zones = simple_file("insights_commands/firewall-cmd_--list-all-zones") fw_devices = simple_file("insights_commands/fwupdagent_get-devices") - fw_security = simple_file("insights_commands/fwupdagent_security_--force") + fw_security = first_file([ + "insights_commands/fwupdmgr_security_--force_--json", + "insights_commands/fwupdagent_security_--force", + ]) gcp_instance_type = simple_file("insights_commands/python_-m_insights.tools.cat_--no-header_gcp_instance_type") gcp_license_codes = simple_file("insights_commands/python_-m_insights.tools.cat_--no-header_gcp_license_codes") getcert_list = simple_file("insights_commands/getcert_list") diff --git a/insights/tests/parsers/test_fwupdagent.py b/insights/tests/parsers/test_fwupdagent.py index ebb50089a2..8ed2c73093 100644 --- a/insights/tests/parsers/test_fwupdagent.py +++ b/insights/tests/parsers/test_fwupdagent.py @@ -133,6 +133,32 @@ } """ +SECURITY_FWUPDMGR = """ +WARNING: UEFI firmware can not be updated in legacy BIOS mode +See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information. +{ + "HostSecurityAttributes" : [ + { + "AppstreamId" : "org.fwupd.hsi.Kernel.Tainted", + "HsiResult" : "not-tainted", + "Name" : "Linux kernel", + "Uri" : "https://fwupd.github.io/hsi.html#org.fwupd.hsi.Kernel.Tainted", + "Flags" : [ + "success", + "runtime-issue" + ] + }, + { + "AppstreamId" : "org.fwupd.hsi.EncryptedRam", + "HsiLevel" : 4, + "HsiResult" : "not-supported", + "Name" : "Encrypted RAM", + "Uri" : "https://fwupd.github.io/hsi.html#org.fwupd.hsi.EncryptedRam" + } + ] +} +""" + SECURITY_ERROR_1 = """ Failed to parse arguments: Unknown option --force """ @@ -185,6 +211,16 @@ def test_security(): "WARNING: UEFI firmware can not be updated in legacy BIOS mode", " See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information."] + security = FwupdagentSecurity(context_wrap(SECURITY_FWUPDMGR)) + assert len(security["HostSecurityAttributes"]) == 2 + assert security["HostSecurityAttributes"][0]["Name"] == "Linux kernel" + assert security["HostSecurityAttributes"][0]["HsiResult"] == "not-tainted" + assert security["HostSecurityAttributes"][1]["Name"] == "Encrypted RAM" + assert security["HostSecurityAttributes"][1]["HsiLevel"] == 4 + assert security.unparsed_lines == [ + "WARNING: UEFI firmware can not be updated in legacy BIOS mode", + "See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information."] + with pytest.raises(ParseException): FwupdagentSecurity(context_wrap(SECURITY_ERROR_1))