CrowdStrike / ansible_collection_falcon

Comprehensive toolkit for streamlining your interactions with the CrowdStrike Falcon platform.
https://galaxy.ansible.com/ui/repo/published/crowdstrike/falcon/
GNU General Public License v3.0
97 stars 60 forks source link

4.6.0 fails #564

Closed TyraelTLK closed 1 month ago

TyraelTLK commented 1 month ago

Hi, my pipeline that test the latest release of this collection started to fail with 4.6.0.

TASK [crowdstrike.falcon.falcon_configure : CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable)] *** fatal: [ksx-t6-debian12-postinstall.cos.is.keysight.com]: FAILED! => {"changed": false, "msg": "ERROR: \"\" is not valid value for checksum CID (CCID)"}

it is running with these variables:

"falcon_option_set": false, "falcon_remove_aid": true, "falcon_cid": ""

With these pipeline I'm checking just the package installation without activating the hosts. I'm not sure what changes in 4.6.0 caused this and 4.5.2 worked fine.

carlosmmatos commented 1 month ago

@TyraelTLK - I'll try to look into it later today - but that task will only run if you are using provisioning tokens? The conditional should fail if you are not passing in a token:

    - name: CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable)
      crowdstrike.falcon.falconctl:
        cid: "{{ options.cid }}"
        provisioning_token: "{{ options.provisioning_token }}"
        state: present
      when:
        - falcon_remove_aid
        - options.provisioning_token

Can you debug that for me - specifically I'm interested in knowing the output of the following task in the main.yml task:

- name: Checks if any options are set
  ansible.builtin.set_fact:
    any_option_set: "{{ true if (options | dict2items | selectattr('value', 'ne', omit) | list | length > 0) else false }}"
TyraelTLK commented 1 month ago
TASK [crowdstrike.falcon.falcon_configure : CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable)] ***
task path: /runner/requirements_collections/ansible_collections/crowdstrike/falcon/roles/falcon_configure/tasks/configure.yml:58
<> ESTABLISH SSH CONNECTION FOR USER: 
<> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"'  '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp `"&& mkdir "` echo /tmp/ansible-tmp-1726070780.3412554-560-143436587451144 `" && echo ansible-tmp-1726070780.3412554-560-143436587451144="` echo /tmp/ansible-tmp-1726070780.3412554-560-143436587451144 `" ) && sleep 0'"'"''
<> (0, b'ansible-tmp-1726070780.3412554-560-143436587451144=/tmp/ansible-tmp-1726070780.3412554-560-143436587451144\\n', b'')
Using module file /runner/requirements_collections/ansible_collections/crowdstrike/falcon/plugins/modules/falconctl.py
<> PUT /runner/.ansible/tmp/ansible-local-17fphrg_a5/tmp8bpzs9za TO /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/AnsiballZ_falconctl.py
<> SSH: EXEC sshpass -d12 sftp -o BatchMode=no -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"' '[]'
<> (0, b'sftp> put /runner/.ansible/tmp/ansible-local-17fphrg_a5/tmp8bpzs9za /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/AnsiballZ_falconctl.py\\n', b'')
<> ESTABLISH SSH CONNECTION FOR USER: 
<> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"'  '/bin/sh -c '"'"'chmod u+x /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/ /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/AnsiballZ_falconctl.py && sleep 0'"'"''
<> (0, b'', b'')
<> ESTABLISH SSH CONNECTION FOR USER: 
<> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"' -tt  '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=] password:" -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-; VAULT_TOKEN=hvs.VAULT_ADDR=https://vault.keysight.com /usr/bin/python3 /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/AnsiballZ_falconctl.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<> (1, b'\\r\\n\\r\\n{"failed": true, "msg": "ERROR: \\\\"\\\\" is not valid value for checksum CID (CCID)", "invocation": {"module_args": {"cid": "", "state": "present", "provisioning_token": null, "aid": null, "apd": null, "aph": null, "app": null, "trace": null, "feature": null, "message_log": null, "billing": null, "tags": null, "backend": null}}}\\r\\n', b'Shared connection to  closed.\\r\\n')
<> Failed to connect to the host via ssh: Shared connection to  closed.
<> ESTABLISH SSH CONNECTION FOR USER: 
<> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"'  '/bin/sh -c '"'"'rm -f -r /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/ > /dev/null 2>&1 && sleep 0'"'"''
<> (0, b'', b'')
fatal: []: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "aid": null,
            "apd": null,
            "aph": null,
            "app": null,
            "backend": null,
            "billing": null,
            "cid": "",
            "feature": null,
            "message_log": null,
            "provisioning_token": null,
            "state": "present",
            "tags": null,
            "trace": null
        }
    },
    "msg": "ERROR: \\"\\" is not valid value for checksum CID (CCID)"
}
TASK [crowdstrike.falcon.falcon_configure : Checks if any options are set] *****
task path: /runner/requirements_collections/ansible_collections/crowdstrike/falcon/roles/falcon_configure/tasks/main.yml:14
ok: [] => {
    "ansible_facts": {
        "any_option_set": true
    },
    "changed": false
}

Is this ok or do you need anything else?

carlosmmatos commented 1 month ago

@TyraelTLK Can you try running against the latest changes in the git repo? Merged in the changes but want to make sure you are good before creating a new release.

TyraelTLK commented 1 month ago

Hi, yes I can test it. I was FTO I'll send the result tomorrow

TyraelTLK commented 1 month ago

https://github.com/CrowdStrike/ansible_collection_falcon/pull/565 is working fine! Thank you