From f990d27cbf1723621ffc1496c1215f60634c9197 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Tue, 10 Dec 2024 10:24:28 -0500 Subject: [PATCH] fix(falcon_configure): fixes issue with unwarranted bool (master image) (#585) * fix(falcon_configure): fixes issue with unwarranted bool (master image) Fixes #579 This PR introduces a fix to incorrectly using the |bool filter when working with prov tokens in master image prep. Also adding the ability to stop the sensor when working within a master image prep as to prevent the sensor from potentially updating/restarting via that cloud updates. * ci: adds testing to ensure provisioning token is set Prior to this change, we were not checking to see if the prov token was set which was causing a false positive to occur. * chore: changelog fragment * chore: stray from using options dict due to omit specialness --- changelogs/fragments/579-fix-image-prep.yml | 2 ++ molecule/falcon_configure_remove_aid/verify.yml | 10 ++++++++++ roles/falcon_configure/tasks/configure.yml | 12 +++++++++--- 3 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/579-fix-image-prep.yml diff --git a/changelogs/fragments/579-fix-image-prep.yml b/changelogs/fragments/579-fix-image-prep.yml new file mode 100644 index 00000000..5c144754 --- /dev/null +++ b/changelogs/fragments/579-fix-image-prep.yml @@ -0,0 +1,2 @@ +bugfixes: + - falcon_configure - Fixed issue where the bool filter was incorrectly used with provisioning token when clause for master image prep (https://github.com/CrowdStrike/ansible_collection_falcon/pull/585) diff --git a/molecule/falcon_configure_remove_aid/verify.yml b/molecule/falcon_configure_remove_aid/verify.yml index 8284ea6c..d88386f3 100644 --- a/molecule/falcon_configure_remove_aid/verify.yml +++ b/molecule/falcon_configure_remove_aid/verify.yml @@ -20,6 +20,16 @@ that: - not info_verify.falconctl_info.aid + - name: Register provisioning token output + ansible.builtin.command: + cmd: /opt/CrowdStrike/falconctl -g --provisioning-token + register: provisioning_token + + - name: Verify provisioning token is present + ansible.builtin.assert: + that: + - "'not set' not in provisioning_token.stdout" + - name: Reboot system to force AID generation ansible.builtin.reboot: diff --git a/roles/falcon_configure/tasks/configure.yml b/roles/falcon_configure/tasks/configure.yml index 35d18980..beea3558 100644 --- a/roles/falcon_configure/tasks/configure.yml +++ b/roles/falcon_configure/tasks/configure.yml @@ -58,12 +58,18 @@ - name: CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable) crowdstrike.falcon.falconctl: cid: "{{ options.cid }}" - provisioning_token: "{{ options.provisioning_token }}" + provisioning_token: "{{ falcon_provisioning_token }}" state: present when: - falcon_remove_aid - - options.cid | bool - - options.provisioning_token | bool + - falcon_provisioning_token is not none and falcon_provisioning_token | length > 0 + + - name: CrowdStrike Falcon | Master Image Prep | Stop Falcon Sensor service + ansible.builtin.service: + name: falcon-sensor + state: stopped + when: + - falcon_remove_aid # Start of MacOSX Configuration - name: CrowdStrike Falcon | Stat Falcon Sensor (macOS)