Add some basic SELinux facts & additional fact documentation (#648)

benridley · web-flow · commit a04400841530 · 2021-08-22T18:09:39.000+01:00
* Add some basic SELinux facts

* Add documentation for requires_command and default functions for facts

* Improve example docstring for SEBoolean fact

* Add required command for SEboolean

* Remove lint

* Remove lint
diff --git a/docs/api/facts.rst b/docs/api/facts.rst
@@ -5,6 +5,11 @@ Writing Facts
 and a ``process`` function. The command is executed on the target host and the output
 passed (as a ``list`` of lines) to the ``process`` handler to generate fact data. Facts can output anything, normally a ``list`` or ``dict``.
 
+Fact classes may provide a ``default`` function that takes no arguments (except ``self``). The return value of this function is used if an error
+occurs during fact collection. Additionally, a ``requires_command`` variable can be set on the fact that specifies a command that must be available
+on the host to collect the fact. If this command is not present on the hos the fact will be set to the default, or empty if no ``default`` function
+is available.
+
 Importing & Using Facts
 ~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/pyinfra/facts/selinux.py b/pyinfra/facts/selinux.py
@@ -0,0 +1,44 @@
+from pyinfra.api import FactBase
+
+
+class FileContext(FactBase):
+    '''
+    Returns structured SELinux file context data for a specified file.
+
+    .. code:: python
+        {
+            'user': 'system_u',
+            'role': 'object_r',
+            'type': 'deafult_t',
+            'level': 's0',
+        }
+    '''
+
+    def command(self, path):
+        return 'stat -c %C {0} || exit 0'.format(path)
+
+    def process(self, output):
+        context = {}
+        components = output[0].split(':')
+        context['user'] = components[0]
+        context['role'] = components[1]
+        context['type'] = components[2]
+        context['level'] = components[3]
+        return context
+
+
+class SEBoolean(FactBase):
+    '''
+    Returns the on/off status of a SELinux Boolean.
+
+    .. code:: python
+        host.get_fact(SEBoolean, "httpd_can_network_connect") -> "off"
+    '''
+    requires_command = 'getsebool'
+
+    def command(self, boolean):
+        return 'getsebool {0}'.format(boolean)
+
+    def process(self, output):
+        components = output[0].split(' --> ')
+        return components[1]
