Add initial condition parser for access monitoring rules (#40659)

* Add initial condition parser for access monitoring rules

* Update integrations/access/accessrequest/app.go

Co-authored-by: Zac Bergquist <[email protected]>

* Check previously unchecked error and minor refactor of AMR

* Simplify check for applicable access monitoring rules

* Refactor access monitoring rules plugin integration

* Fix formating and move lock aquisition

* Add methods for listing access monitoring rules with a filter

* Add contains_any predicate expression func

* Add in is_empty func to predicate expression

* Lock AMR cache in plugins while getting initial rules

* Add in check for access monitoring rule version

* Update integrations/access/accessrequest/app.go

Co-authored-by: Roman Tkachenko <[email protected]>

* Update integrations/access/accessrequest/app.go

Co-authored-by: Roman Tkachenko <[email protected]>

* Move lock so it doesnt persist over api calls

* Remove unused constant and add more context to logs

* Appease linter

* Update access monitoring rules tests to pass rule validation

* Add in missing access monitoring rules list with filter code

* Appease linter

* Add back validation code for AMRs

* Fix test plugin role and rename listaccessmonitoringrulewithfilter

* Fix local test for AMR crud operations

* Fix end range for listing rules

* Fix unwrapping of resource153 event for monitoring rules

* Refactor AMR cache init into helper function in plugin app

* Add seperate response type for listAccessMonitoringRulesWithfilter

* Add context to log for plugins failing to fetch recipients

* Grab access monitoring rules cache under lock all at once

* Add clarification for which fields are optional in listAMRfilter req

* Update integrations/access/accessrequest/app.go

Co-authored-by: Zac Bergquist <[email protected]>

* Update integrations/access/accessrequest/app.go

Co-authored-by: Zac Bergquist <[email protected]>

* Add forEach to common recipient set

* Move type check to after AMR event op switch

* Move turn some default parser spec methods to funcs

* Make some predicate func usable as methods as well

* Add len func to common recipient sets

* Add integration test for access monitoring rule and slack plugin

* Fix error types and messages when handling AMRs

* Use generic list resource with filter for AMR

* Add test for generic listResourceWithFilter

* Update listResourceWithFilter to use revision instead of id

* Update generic tests to use revision instead of id

* Fix linting

---------

Co-authored-by: Zac Bergquist <[email protected]>
Co-authored-by: Roman Tkachenko <[email protected]>

api/client/accessmonitoringrules/access_monitoring_rules_client.go

@@ -109,3 +109,17 @@ func (c *Client) ListAccessMonitoringRules(ctx context.Context, pageSize int, pa
 	}
 	return resp.Rules, resp.GetNextPageToken(), nil
 }
+
+// ListAccessMonitoringRulesWithFilter lists current access monitoring rules.
+func (c *Client) ListAccessMonitoringRulesWithFilter(ctx context.Context, pageSize int, pageToken string, subjects []string, notificationName string) ([]*accessmonitoringrulesv1.AccessMonitoringRule, string, error) {
+	resp, err := c.grpcClient.ListAccessMonitoringRulesWithFilter(ctx, &accessmonitoringrulesv1.ListAccessMonitoringRulesWithFilterRequest{
+		PageSize:         int64(pageSize),
+		PageToken:        pageToken,
+		Subjects:         subjects,
+		NotificationName: notificationName,
+	})
+	if err != nil {
+		return nil, "", trace.Wrap(err)
+	}
+	return resp.Rules, resp.GetNextPageToken(), nil
+}