search

CrowdStrike / puppet-falcon

https://forge.puppet.com/modules/crowdstrike/falcon
MIT License
7 stars 8 forks source link

Puppet run fails if proxy parameters are undef #93

Open absld opened 5 months ago

absld commented 5 months ago

Just updated to v0.10.0 where proxy settings have been added to be set for sensor download. 

# @param sensor_dl_proxy_host
#  The proxy host to use when downloading the falcon sensor. Defaults to `undef`.
#
# @param sensor_dl_proxy_port
#  The proxy port to use when downloading the falcon sensor. Defaults to `undef`.

I don't have a proxy server, so I did not set any values for sensor_dl_proxy_host and sensor_dl_proxy_port, i.e. leaving them undef.

Unfortunately, Puppet runs fail now telling me the keywords proxy_host and proxy_port for falcon::sensor_download_info function are missing.

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, unknown keywords: :proxy_host, :proxy_port (file: /data/puppet/code/environments/testing/modules/falcon/manifests/install.pp, line: 20, column: 15)

ffalor commented 5 months ago

Hey @absld my testing and the acceptance tests are passing without issue on this version.

Error while evaluating a Function Call, unknown keywords: :proxy_host, :proxy_port

This error may be saying the function sensor_download_info doesn't support the proxy_host and proxy_port arguments, not that undef is unsupported. Or that proxy_host and proxy_port are unknown variables in the install.pp which would indicate an issue with the params.pp. I downloaded 0.10.0 from the forge and confirmed all the files were correct and match the same code being tested in our CI.

I'd check the CM that this server used for the run to verify it has the correct module code.

For example, inside the falcon module the function file should be lib/puppet/functions/falcon/sensor_download_info.rb

This is what dispatch should look like:

  dispatch :sensor_download_info do
    param 'Sensitive', :client_id
    param 'Sensitive', :client_secret
    param 'Hash', :options
    optional_param 'Variant[String, Undef]', :proxy_host
    optional_param 'Variant[Integer, Undef]', :proxy_port
    return_type 'Hash'
  end

I'd also verify the other files were correctly updated.

absld commented 5 months ago

Hey @ffalor, I updated again from 0.9.0 to 0.10.0 but i get the same error again.

The dispatch stanza looks ok:

me@my_puppet_server:/data/puppet/code/environments/testing/modules/falcon$ grep -A7 dispatch lib/puppet/functions/falcon/sensor_download_info.rb
  dispatch :sensor_download_info do
    param 'Sensitive', :client_id
    param 'Sensitive', :client_secret
    param 'Hash', :options
    optional_param 'Variant[String, Undef]', :proxy_host
    optional_param 'Variant[Integer, Undef]', :proxy_port
    return_type 'Hash'
  end

So, in line 20 of manifests/install.pp, the falcon::sensor_download_info function is called with parameters $falcon::client_id, $falcon::client_secret, $config, $falcon::sensor_dl_proxy_host, $falcon::sensor_dl_proxy_port, which map to client_id, client_secret, options, proxy_host and proxy_port inside the function.

The two parameters sensor_dl_proxy_host and sensor_dl_proxy_port are present properly in params.pp:

me@my_puppet_server:/data/puppet/code/environments/testing/modules/falcon$ grep sensor_dl_proxy manifests/params.pp
  $sensor_dl_proxy_host = undef
  $sensor_dl_proxy_port = undef

I guess there's some misbehaviour with passing undef parameters to functions...but I also won't understand why it's working for you

Here's some information about my Puppet Env:

Puppet agent version 8.6.0 Puppet server version 8.6.0

Hieradata:

falcon::update_policy: 'Linux Sensor Update N-1'
falcon::falcon_cloud: 'api.eu-1.crowdstrike.com'
falcon::cid: '******'
falcon::client_id: >
  ENC[***]
falcon::client_secret: >
  ENC[***]

Falcon class declaration:


$client_id = lookup('falcon::client_id')
$client_secret = lookup('falcon::client_secret')
class { 'falcon':
  client_id     => Sensitive($client_id),
  client_secret => Sensitive($client_secret),
  cid           => lookup('falcon::cid'),
  update_policy => lookup('falcon::update_policy'),
  falcon_cloud  => lookup('falcon::falcon_cloud'),
}
ccombs-trustamerica commented 4 months ago

I am seeing the same error after I updated to 0.10.0.

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, unknown keywords: proxy_host, proxy_port (file: /etc/puppetlabs/code/environments/ccombs/modules/falcon/manifests/install.pp, line: 20, column: 15) on node

cconfredo commented 1 month ago

I'm also affected by this and have had to keep a previous version pinned for the time being.

Any status update or recommended workaround? Happy to provide any information that may be helpful.