Introduce and apply the "partition exists" platform

[matejak]

Description:

This PR introduces platforms related to existence of partitions that can be used to extend applicability behaviors.
The new functionality is heavily macro-based, and instantiated for /tmp and /var/tmp partitions.

TODO:

• Verify the Ansible conditional
• Apply to all appropriate rules - see Add the platform applicability to relevant rules #9324

Rationale:

If a profile doesn't require separate partitions, but it prescribes mount options if they exist, the applicability approach is the right one.

• Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2032403

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[matejak]

Checks using content test filtering fail because of ComplianceAsCode/content-test-filtering#27

[evgenyz]

Suggested change

	<criterion comment="The path {{{ path }}} is a partition's mount point" test_ref="test_partition_{{{ escaped_path }}}_exists" />
	<criterion comment="The path {{{ path }}} is a partition's mount point" test_ref="test_partition_{{{ path|escape_id }}}_exists" />

There is a special Jinja filter that can create XCCDF-compatible IDs from anything.

[evgenyz]

It just cries for being templated. But that will come shortly.

[evgenyz]

?

[codeclimate]

Code Climate has analyzed commit 7b3c9eb and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 42.7% (0.0% change).

View more on Code Climate.

[evgenyz]

I think we need @mildas help here. Shared OVALs don't necessary have a connected rule.

[openshift-ci]

@matejak: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ocp4-cis-node	7b3c9eb	link	true	/test e2e-aws-ocp4-cis-node
ci/prow/e2e-aws-ocp4-pci-dss-node	7b3c9eb	link	true	/test e2e-aws-ocp4-pci-dss-node
ci/prow/e2e-aws-rhcos4-moderate	7b3c9eb	link	true	/test e2e-aws-rhcos4-moderate
ci/prow/e2e-aws-rhcos4-e8	7b3c9eb	link	true	/test e2e-aws-rhcos4-e8
ci/prow/e2e-aws-ocp4-high	7b3c9eb	link	true	/test e2e-aws-ocp4-high
ci/prow/e2e-aws-ocp4-high-node	7b3c9eb	link	true	/test e2e-aws-ocp4-high-node
ci/prow/e2e-aws-ocp4-e8	7b3c9eb	link	true	/test e2e-aws-ocp4-e8
ci/prow/e2e-aws-ocp4-stig	7b3c9eb	link	true	/test e2e-aws-ocp4-stig

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[matejak]

I have used this snippet to verify whether the json_query is used correctly, and saved that one as task.yml.

- name: test
  hosts: localhost
  tasks:
    - set_fact:
        my_device: "{{ ansible_mounts|json_query(\"[?mount=='/'].mount\") | first }}"
      vars:
        query: "[?mount=='/'].device"
    - debug:
        var: my_device

and running ansible-playbook -c local task.yml