search

ansible / ansible-rulebook

Apache License 2.0
191 stars 77 forks source link

use lookup to set event_source arguments with environment vars #286

Open ffalor opened 1 year ago

ffalor commented 1 year ago 
$ ansible-rulebook --version

__version__ = '0.9.4'
fca63ab1-f243-4459-97ef-bb546e3cc60d

$ ansible --version

ansible [core 2.12.2]
  config file = None
  configured module search path = ['/home/vscode/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  ansible collection location = /home/vscode/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True

$ cat /etc/os-release 

NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Description

This could be a me issue because I am learning rulebooks & ansible at the same time.

---
- name: Simple Event Stream Usage Example
  hosts: all
  sources:
    - crowdstrike.falcon.eventstream:
        falcon_client_id: "{{ lookup('env', 'FALCON_CLIENT_ID') }}"
        falcon_client_secret: "{{ lookup('env', 'FALCON_CLIENT_SECRET') }}"
        falcon_cloud: "us-2"
        stream_name: "{{stream_name | default('eda')}}"

  rules:
    - name: print output
      condition: event.falcon is defined 
      action:
        debug:

Running:

ansible-rulebook -i inventory.yml --rulebook rulebooks/event_stream_example.yml --env-vars FALCON_CLIENT_ID,FALCON_CLIENT_SECRET

Results in this error (I've tried with and without --env-vars):

 ERROR:ansible_rulebook.engine:Source error
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/engine.py", line 130, in start_source
    args = {
  File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/engine.py", line 131, in <dictcomp>
    k: substitute_variables(v, variables)
  File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/util.py", line 36, in substitute_variables
    return render_string_or_return_value(value, context)
  File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/util.py", line 28, in render_string_or_return_value
    return render_string(value, context)
  File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/util.py", line 21, in render_string
    return jinja2.Template(value, undefined=jinja2.StrictUndefined).render(
  File "/usr/local/lib/python3.8/dist-packages/jinja2/environment.py", line 1301, in render
    self.environment.handle_exception()
  File "/usr/local/lib/python3.8/dist-packages/jinja2/environment.py", line 936, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "<template>", line 1, in top-level template code
  File "/usr/local/lib/python3.8/dist-packages/jinja2/utils.py", line 83, in from_obj
    if hasattr(obj, "jinja_pass_arg"):
jinja2.exceptions.UndefinedError: 'lookup' is undefined

It looks like I do have the env lookup pluging

ansible-doc -t lookup -l | grep env
[WARNING]: Collection ibm.qradar does not support Ansible version 2.12.2
[WARNING]: Collection splunk.es does not support Ansible version 2.12.2
[WARNING]: Collection frr.frr does not support Ansible version 2.12.2
env                                               Read the value of environ...
 `ansible-rulebook -i inventory.yml --rulebook rulebooks/event_stream_example.yml --env-vars FALCON_CLIENT_ID,FALCON_CLIENT_SECRET`
konstruktoid commented 1 year ago

ansible/ansible-rulebook isn't ansible/ansible and alot of stuff is different and/or not implemented as of now. my suggestion is that you get the environment variables using os.getenv() in the event_source instead.

mkanoor commented 1 year ago

@ffalor We don't have full Jinja2 support in the rulebook. In your case you should be able to change the rulebook to

sources:
    - crowd strike.falcon.eventstream:
        falcon_client_id: "{{ FALCON_CLIENT_ID }}"
        falcon_client_secret: "{{ FALCON_CLIENT_SECRET }}"
        falcon_cloud: "us-2"
konstruktoid commented 1 year ago

{{ FALCON_CLIENT_ID }} would get the environment variable?

mkanoor commented 1 year ago

The env var name is passed via the command line and collected into a variable pool which is later used in substitution.

ansible-rulebook -i inventory.yml --rulebook rulebooks/event_stream_example.yml --env-vars FALCON_CLIENT_ID,FALCON_CLIENT_SECRET`
konstruktoid commented 1 year ago

thanks @mkanoor for making me aware. one caveat seems to be they have to be quoted and always returned as strings.

ffalor commented 1 year ago

thanks for explaining how --env-vars works.