Merge pull request #546 from CrowdStrike/master-image-updates

Master image updates
CrowdStrike · Aug 8, 2024 · 2106e53 · 2106e53
2 parents bc14fd9 + 2ac6bf8
commit 2106e53
Show file tree

Hide file tree

Showing 10 changed files with 47 additions and 6 deletions.
diff --git a/.github/workflows/falcon_configure_remove_aid.yml b/.github/workflows/falcon_configure_remove_aid.yml
@@ -27,6 +27,7 @@ jobs:
       ANSIBLE_FORCE_COLOR: 1
       FALCON_CLIENT_ID: ${{ secrets.FALCON_CLIENT_ID }}
       FALCON_CLIENT_SECRET: ${{ secrets.FALCON_CLIENT_SECRET }}
+      FALCON_PROV_TOKEN: ${{ secrets.FALCON_PROV_TOKEN }}
       FALCON_CID: ${{ secrets.FALCON_CID }}
       AWS_REGION: "us-west-2"
       MOLECULE_VPC_SUBNET_ID: ${{ secrets.MOLECULE_VPC_SUBNET_ID }}

diff --git a/changelogs/fragments/master-image-update.yml b/changelogs/fragments/master-image-update.yml
@@ -0,0 +1,3 @@
+bugfixes:
+- falcon_configure - fixed issue with master image and provisioning tokens (https://github.com/CrowdStrike/ansible_collection_falcon/pull/546)
+- falconct_info - added support for querying provisioning tokens (https://github.com/CrowdStrike/ansible_collection_falcon/pull/546)
diff --git a/molecule/falcon_configure_remove_aid/converge.yml b/molecule/falcon_configure_remove_aid/converge.yml
@@ -10,6 +10,7 @@
       vars:
         falcon_option_set: yes
         falcon_cid: "{{ lookup('env', 'FALCON_CID') }}"
+        falcon_provisioning_token: "{{ lookup('env', 'FALCON_PROV_TOKEN') }}"
         falcon_tags: 'molecule,testing'
         falcon_backend: 'bpf'
         falcon_remove_aid: yes
diff --git a/molecule/falcon_configure_remove_aid/molecule.yml b/molecule/falcon_configure_remove_aid/molecule.yml
@@ -30,6 +30,5 @@ scenario:
     - prepare
     - converge
     - idempotence
-    - side_effect
     - verify
     - destroy
diff --git a/molecule/falcon_configure_remove_aid/verify.yml b/molecule/falcon_configure_remove_aid/verify.yml
@@ -19,3 +19,31 @@
     ansible.builtin.assert:
       that:
         - not info_verify.falconctl_info.aid
+
+  - name: Reboot system to force AID generation
+    ansible.builtin.reboot:
+
+  # Wait for aid to be generated
+  - name: Wait for Falcon Sensor to Generate AID
+    crowdstrike.falcon.falconctl_info:
+      name:
+        - aid
+    register: aid_info
+    retries: 6
+    delay: 10
+    until: aid_info.falconctl_info.aid
+
+  - name: Get new list of Falcon Sensor Options
+    crowdstrike.falcon.falconctl_info:
+    register: new_info_verify
+
+  - name: Validate a new AID is present
+    ansible.builtin.assert:
+      that:
+        - new_info_verify.falconctl_info.aid
+
+  - name: Validate CID and Tags are still present
+    ansible.builtin.assert:
+      that:
+        - new_info_verify.falconctl_info.cid
+        - new_info_verify.falconctl_info.tags
diff --git a/plugins/module_utils/falconctl_utils.py b/plugins/module_utils/falconctl_utils.py
@@ -29,7 +29,6 @@
     "message_log",
     "billing",
     "tags",
-    # 'provisioning_token', # Taking it out since this does not seem to be a perm option
     "version",
     "rfm_state",
     "rfm_reason",

diff --git a/plugins/modules/falconctl.py b/plugins/modules/falconctl.py
@@ -351,7 +351,7 @@ def main():  # pylint: disable=missing-function-docstring
     module_args = dict(
         state=dict(required=True, choices=["absent", "present"], type="str"),
         cid=dict(required=False, type="str"),
-        provisioning_token=dict(required=False, no_log=True, type="str"),
+        provisioning_token=dict(required=False, no_log=False, type="str"),
         aid=dict(required=False, type="bool"),
         apd=dict(required=False, type="str"),
         aph=dict(required=False, type="str"),

diff --git a/roles/falcon_configure/defaults/main.yml b/roles/falcon_configure/defaults/main.yml
@@ -40,7 +40,7 @@ falcon_client_secret:
 # Installation tokens prevent unauthorized hosts from being accidentally or maliciously added
 # to your Customer ID (CID). Installation tokens are an optional security
 # measure for your CID. For more details:
-# https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#optional:-installing-to-a-cid-that-requires-installation-tokens
+# https://falcon.crowdstrike.com/support/documentation/page/f4d593ca/installation-options-for-falcon-sensor-for-linux#l086f14c
 #
 falcon_provisioning_token:
 

diff --git a/roles/falcon_configure/tasks/configure.yml b/roles/falcon_configure/tasks/configure.yml
@@ -47,13 +47,23 @@
         - falconctl_result.changed
       # noqa no-handler
 
-    - name: CrowdStrike Falcon | Remove Falcon Agent ID (AID) If Building A Primary Image
+    # Handle Master Image steps
+    - name: CrowdStrike Falcon | Master Image Prep | Removing AID
       crowdstrike.falcon.falconctl:
         aid: yes
         state: absent
       when:
         - falcon_remove_aid
 
+    - name: CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable)
+      crowdstrike.falcon.falconctl:
+        cid: "{{ options.cid }}"
+        provisioning_token: "{{ options.provisioning_token }}"
+        state: present
+      when:
+        - falcon_remove_aid
+        - options.provisioning_token
+
 # Start of MacOSX Configuration
 - name: CrowdStrike Falcon | Stat Falcon Sensor (macOS)
   ansible.builtin.stat:

diff --git a/roles/falcon_configure/tasks/remove_aid.yml b/roles/falcon_configure/tasks/remove_aid.yml
@@ -1,5 +1,5 @@
 ---
-- name: CrowdStrike Falcon | Remove Falcon Agent ID (AID) If Building A Primary Image
+- name: CrowdStrike Falcon | Remove Falcon Agent ID (AID)
   crowdstrike.falcon.falconctl:
     aid: yes
     state: absent