chore: prefer host retention policies over hide_host (#582)

* chore: prefer host retention policies over hide_host * chore: pr review updates * ci: remove idempotence as we're more interested in first failures --------- Co-authored-by: Carlos Matos <[email protected]>
CrowdStrike · Dec 4, 2024 · 56d777b · 56d777b
1 parent b8d7fe5
commit 56d777b
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -53,7 +53,7 @@ Name | Description
 [crowdstrike.falcon.auth](https://crowdstrike.github.io/ansible_collection_falcon/auth_module.html)|Manage Authentication with Falcon API
 [crowdstrike.falcon.cid_info](https://crowdstrike.github.io/ansible_collection_falcon/cid_info_module.html)|Get CID with checksum
 [crowdstrike.falcon.host_contain](https://crowdstrike.github.io/ansible_collection_falcon/host_contain_module.html)|Network contain hosts in Falcon
-[crowdstrike.falcon.host_hide](https://crowdstrike.github.io/ansible_collection_falcon/host_hide_module.html)|Hide/Unhide hosts from the Falcon console
+[crowdstrike.falcon.host_hide](https://crowdstrike.github.io/ansible_collection_falcon/host_hide_module.html)|Hide/Unhide hosts from the Falcon console. Preference should be given to using `Host Retention Policies` under `Host Management` in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead.
 [crowdstrike.falcon.host_info](https://crowdstrike.github.io/ansible_collection_falcon/host_info_module.html)|Get information about Falcon hosts
 [crowdstrike.falcon.kernel_support_info](https://crowdstrike.github.io/ansible_collection_falcon/kernel_support_info_module.html)|Get information about kernels supported by the Falcon Sensor for Linux
 [crowdstrike.falcon.sensor_download](https://crowdstrike.github.io/ansible_collection_falcon/sensor_download_module.html)|Download Falcon Sensor Installer

diff --git a/changelogs/fragments/prefer-host-retention-policies.yml b/changelogs/fragments/prefer-host-retention-policies.yml
@@ -0,0 +1,6 @@
+trivial:
+  - host_hide - Preference should be given to using Host Retention Policies under Host Management in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead (https://github.com/CrowdStrike/ansible_collection_falcon/pull/582)
+  - host_ids - Preference should be given to using Host Retention Policies under Host Management in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead (https://github.com/CrowdStrike/ansible_collection_falcon/pull/582)
+
+bugfixes:
+  - falcon_uninstall - add missing when clause for removing host from UI (https://github.com/CrowdStrike/ansible_collection_falcon/pull/582)
diff --git a/molecule/falcon_uninstall/molecule.yml b/molecule/falcon_uninstall/molecule.yml
@@ -34,7 +34,5 @@ scenario:
     - create
     - prepare
     - converge
-    - idempotence
-    - side_effect
     - verify
     - destroy
diff --git a/plugins/lookup/host_ids.py b/plugins/lookup/host_ids.py
@@ -59,13 +59,6 @@
           'platform_name:"Linux"
           + reduced_functionality_mode:"yes"')
       }}
-
-- name: Hide stale devices that haven't been seen in 15 days (using a filter variable)
-  crowdstrike.falcon.host_hide:
-    hidden: true
-    hosts: "{{ lookup('crowdstrike.falcon.host_ids', stale_filter) }}"
-  vars:
-    stale_filter: 'last_seen:<="now-15d"'
 """
 
 RETURN = r"""

diff --git a/plugins/modules/host_hide.py b/plugins/modules/host_hide.py
@@ -44,6 +44,10 @@
   - crowdstrike.falcon.credentials.auth
 
 notes:
+  - While you can use this module to hide or unhide hosts, it is recommended to
+    use the B(Host Retention Policies) in the Falcon console to create policies to
+    manage automatically hiding and deleting hosts in the console instead of using
+    this module.
   - This module handles the 100 hosts per request limit by the Falcon API. This
     means that if more than 100 hosts are passed to the module, it will process
     them in batches of 100 automatically.

diff --git a/roles/falcon_uninstall/README.md b/roles/falcon_uninstall/README.md
@@ -23,6 +23,8 @@ Uninstalls the CrowdStrike Falcon Sensor.
     - **eu-1** -> api.eu-1.crowdstrike.com
 - `falcon_api_enable_no_log` - Whether to enable or disable the logging of sensitive data being exposed in API calls (bool, default: ***true***)
 - `falcon_remove_host` - Whether to hide/remove the host from the CrowdStrike console (bool, default: false)
+   > :warning:
+   > Please use `Host Retention Policies` under `Host Management` in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead.
 
 ### Windows Specific Variables
 

diff --git a/roles/falcon_uninstall/tasks/main.yml b/roles/falcon_uninstall/tasks/main.yml
@@ -46,6 +46,7 @@
 - name: Hide host
   when:
     - falcon.auth is defined
+    - falcon_remove_host
     - falcon_uninstall_remove_aid is defined
   block:
     - ansible.builtin.include_tasks: hide_host.yml