add ability to template cloud

Created a function to verify a proper cloud region was passed, this now allows us to support templating for cloud.
CrowdStrike · Mar 26, 2024 · 6488b91 · 6488b91
1 parent dda77f5
commit 6488b91
Showing 1 changed file with 17 additions and 6 deletions.
diff --git a/plugins/inventory/falcon_hosts.py b/plugins/inventory/falcon_hosts.py
@@ -46,11 +46,8 @@
       - The CrowdStrike cloud region to use.
       - All clouds are automatically discovered if not specified, except for the C(us-gov-1) cloud.
       - The C(FALCON_CLOUD) environment variable can also be used.
-    choices:
-      - us-1
-      - us-2
-      - us-gov-1
-      - eu-1
+      - This option can be set using a Jinja2 template value.
+      - Valid values are C(us-1), C(us-2), C(eu-1), C(us-gov-1).
     default: us-1
     type: str
   filter:
@@ -95,6 +92,11 @@
 # client_secret: 1234567890abcdef1234567890abcdef12345
 # cloud: us-1
 
+# authentication example using hashicorp vault lookup plugin
+# client_id: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=path/to/secret:client_id') }}"
+# client_secret: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=path/to/secret:client_secret') }}"
+# cloud: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=path/to/secret:cloud') }}"
+
 # return all Windows hosts (authentication via environment variables)
 # filter: "platform_name:'Windows'"
 
@@ -250,9 +252,10 @@ def _credential_setup(self):
         for key, env in cred_mapping.items():
             value = self.get_option(key) or os.getenv(env)
             if self.templar.is_template(value):
-                value = self.templar.template(variable=value,disable_lookups=False)
+                value = self.templar.template(variable=value, disable_lookups=False)
             if value:
                 if key == "cloud":
+                    self._verify_cloud(value)
                     creds["base_url"] = value
                 else:
                     creds[key] = value
@@ -265,6 +268,14 @@ def _credential_setup(self):
 
         return creds
 
+    def _verify_cloud(self, cloud):
+        """Verify the cloud region."""
+        valid_clouds = ["us-1", "us-2", "eu-1", "us-gov-1"]
+        if cloud not in valid_clouds:
+            raise ValueError(
+                f"Invalid cloud region: '{cloud}'. Valid values are {', '.join(valid_clouds)}"
+            )
+
     def _authenticate(self):
         """Authenticate to the CrowdStrike Falcon API."""
         creds = self._credential_setup()