fix(roles): updating roles in preparation for sensor_download module

CrowdStrike · Aug 25, 2023 · 796a3cc · 796a3cc
1 parent 2ec045c
commit 796a3cc
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 110 deletions.
diff --git a/roles/falcon_install/defaults/main.yml b/roles/falcon_install/defaults/main.yml
@@ -42,18 +42,13 @@ falcon_localfile_cleanup: no
 #
 falcon_gpg_key_check: yes
 
-# CrowdStrike API URL for downloading the Falcon sensor. Possible values:
+# CrowdStrike API Cloud region for downloading the Falcon sensor. Possible values:
 #       us-1:       api.crowdstrike.com
 #       us-2:       api.us-2.crowdstrike.com
 #       eu-1:       api.eu-1.crowdstrike.com
 #       us-gov-1:   api.laggar.gcw.crowdstrike.com
 #
-falcon_cloud: "api.crowdstrike.com"
-
-# Auto-discover the CrowdStrike Cloud API Region. When disabled,
-# 'falcon_cloud' should be changed to the appropriate cloud region.
-#
-falcon_cloud_autodiscover: true
+falcon_cloud: "us-1"
 
 # Your Falcon Customer ID (CID) used to associate your sensor.
 #

diff --git a/roles/falcon_install/tasks/api.yml b/roles/falcon_install/tasks/api.yml
@@ -1,102 +1,55 @@
 ---
-# Block when falcon_sensor_update_policy_name is supplied
-- name: Build Sensor Update Policy Block (Linux)
-  when:
-    - falcon_sensor_update_policy_name
-    - falcon_sensor_update_policy_platform == 'Linux'
-  block:
-    - name: "CrowdStrike Falcon | Build Sensor Update Policy API Query (Linux)"
-      ansible.builtin.set_fact:
-        falcon_sensor_update_policy_query: "{{ 'platform_name:\"' + falcon_sensor_update_policy_platform + '\"+name.raw:\"' + falcon_sensor_update_policy_name + '\"' }}"
-
-    - name: "CrowdStrike Falcon | Search for Sensor Update Policy (Linux)"
-      ansible.builtin.uri:
-        url: "https://{{ falcon_cloud }}/policy/combined/sensor-update/v2?filter={{ falcon_sensor_update_policy_query | urlencode }}"
-        method: GET
-        return_content: true
-        headers:
-          authorization: "Bearer {{ falcon_api_oauth2_token.json.access_token }}"
-          Content-Type: application/json
-      register: falcon_sensor_update_policy_info_linux
-      no_log: "{{ falcon_api_enable_no_log }}"
-      run_once: "{{ falcon_sensor_update_policy_run_once }}"
-
-- name: Build Sensor Update Policy Block (MacOS)
-  when:
-    - falcon_sensor_update_policy_name
-    - falcon_sensor_update_policy_platform == 'Mac'
-  block:
-    - name: "CrowdStrike Falcon | Build Sensor Update Policy API Query (MacOS)"
-      ansible.builtin.set_fact:
-        falcon_sensor_update_policy_query: "{{ 'platform_name:\"' + falcon_sensor_update_policy_platform + '\"+name.raw:\"' + falcon_sensor_update_policy_name + '\"' }}"
-
-    - name: "CrowdStrike Falcon | Search for Sensor Update Policy (MacOS)"
-      ansible.builtin.uri:
-        url: "https://{{ falcon_cloud }}/policy/combined/sensor-update/v2?filter={{ falcon_sensor_update_policy_query | urlencode }}"
-        method: GET
-        return_content: true
-        headers:
-          authorization: "Bearer {{ falcon_api_oauth2_token.json.access_token }}"
-          Content-Type: application/json
-      register: falcon_sensor_update_policy_info_mac
-      no_log: "{{ falcon_api_enable_no_log }}"
-      run_once: "{{ falcon_sensor_update_policy_run_once }}"
-
 - name: Sensor Update Policy Block
   when:
     - falcon_sensor_update_policy_name
   block:
     # Set falcon_sensor_update_policy_info fact based on platform
-    - name: "CrowdStrike Falcon | Set falcon_sensor_update_policy_info fact based on platform"
+    # - name: "CrowdStrike Falcon | Set falcon_sensor_update_policy_info fact based on platform"
+    #   ansible.builtin.set_fact:
+    #     falcon_sensor_update_policy_info: "{{ falcon_sensor_update_policy_info_linux if falcon_sensor_update_policy_platform == 'Linux' else falcon_sensor_update_policy_info_mac }}"
+    - name: "CrowdStrike Falcon | Build Sensor Update Policy API Query"
       ansible.builtin.set_fact:
-        falcon_sensor_update_policy_info: "{{ falcon_sensor_update_policy_info_linux if falcon_sensor_update_policy_platform == 'Linux' else falcon_sensor_update_policy_info_mac }}"
+        falcon_sensor_update_policy_filter: "platform_name:'{{ falcon_sensor_update_policy_platform }}'+name.raw:'{{ falcon_sensor_update_policy_name }}'"
+
+    - name: CrowdStrike Falcon | Search for Sensor Update Policy
+      crowdstrike.falcon.sensor_update_policy_info:
+        auth: "{{ falcon.auth }}"
+        filter: "{{ falcon_sensor_update_policy_filter }}"
+      register: falcon_sensor_update_policy_info
+      delegate_to: localhost
 
     - name: "CrowdStrike Falcon | Validate Sensor Update Policy request"
       ansible.builtin.fail:
         msg: "No Falcon Sensor Update Policy with name: {{ falcon_sensor_update_policy_name }} was found!"
-      when: falcon_sensor_update_policy_info.json.resources[0] is not defined
+      when: falcon_sensor_update_policy_info.policies is not defined
 
     - name: "CrowdStrike Falcon | Validate Sensor Update Policy request for aarch64 architectures"
       ansible.builtin.fail:
         msg: "No Falcon Sensor Update Policy with name: {{ falcon_sensor_update_policy_name }} and enabled for aarch64 was found!"
       when:
-        - falcon_sensor_update_policy_info.json.resources[0].settings.variants[0] is not defined
+        - falcon_sensor_update_policy_info.policies[0].settings.variants[0] is not defined
         - ansible_facts['machine'] == "aarch64"
 
     - name: "CrowdStrike Falcon | Get the Falcon Sensor version from Update Policy"
       ansible.builtin.set_fact:
-        falcon_sensor_update_policy_package_version: "{{ falcon_sensor_update_policy_info.json.resources[0].settings.sensor_version }}"
+        falcon_sensor_update_policy_package_version: "{{ falcon_sensor_update_policy_info.policies[0].settings.sensor_version }}"
       when: ansible_facts['machine'] != "aarch64"
 
     - name: "CrowdStrike Falcon | Get the Falcon Sensor version from Update Policy for aarch64 architecture"
       ansible.builtin.set_fact:
-        falcon_sensor_update_policy_package_version: "{{ falcon_sensor_update_policy_info.json.resources[0].settings.variants[0].sensor_version }}"
+        falcon_sensor_update_policy_package_version: "{{ falcon_sensor_update_policy_info.policies[0].settings.variants[0].sensor_version }}"
       when: ansible_facts['machine'] == "aarch64"
 
-    - name: "CrowdStrike Falcon | Build API Sensor Query based on Sensor Update Policy (Linux)"
+    - name: CrowdStrike Falcon | Override falcon_sensor_version with version from Sensor Update Policy
       ansible.builtin.set_fact:
-        falcon_os_query: "{{ 'os:\"' + falcon_target_os + '\"+os_version:\"' + falcon_os_version + '\"+version:\"' + falcon_sensor_update_policy_package_version + falcon_os_arch }}"
-      when: ansible_facts['system'] == "Linux"
+        falcon_sensor_version: "+version:'{{ falcon_sensor_update_policy_package_version }}'"
 
-    - name: "CrowdStrike Falcon | Build API Sensor Query based on Sensor Update Policy (MacOS)"
-      ansible.builtin.set_fact:
-        falcon_os_query: "{{ 'os:\"' + falcon_target_os + '\"+os_version:\"' + falcon_os_version + '\"+version:\"' + falcon_sensor_update_policy_package_version + '\"' }}"
-      when: ansible_facts['system'] == "Darwin"
 
-- name: "Build API Sensor Block"
-  when: not falcon_sensor_update_policy_name
-  block:
-    - name: "CrowdStrike Falcon | Build API Sensor Query (Linux)"
-      ansible.builtin.set_fact:
-        falcon_os_query: "{{ 'os:\"' + falcon_target_os + '\"+os_version:\"' + falcon_os_version + falcon_os_arch + '+version:\"' + falcon_sensor_version + '\"'
-          if (falcon_sensor_version) else 'os:\"' + falcon_target_os + '\"+os_version:\"' + falcon_os_version + falcon_os_arch }}"
-      when: ansible_facts['system'] == "Linux"
+- name: "CrowdStrike Falcon | Build API Sensor Query"
+  ansible.builtin.set_fact:
+    falcon_os_query: "os:'{{ falcon_target_os }}'+os_version:'{{ falcon_os_version }}'\
+      {{ falcon_os_arch | default('') }}{{ falcon_sensor_version | default('') }}"
 
-    - name: "CrowdStrike Falcon | Build API Sensor Query (MacOS)"
-      ansible.builtin.set_fact:
-        falcon_os_query: "{{ 'os:\"' + falcon_target_os + '\"+os_version:\"' + falcon_os_version + '\"+version:\"' + falcon_sensor_version + '\"'
-          if (falcon_sensor_version) else 'os:\"' + falcon_target_os + '\"+os_version:\"' + falcon_os_version + '\"' }}"
-      when: ansible_facts['system'] == "Darwin"
 
 - name: CrowdStrike Falcon | Get list of filtered Falcon sensors
   ansible.builtin.uri:

diff --git a/roles/falcon_install/tasks/auth.yml b/roles/falcon_install/tasks/auth.yml
@@ -1,42 +1,24 @@
 ---
 - name: CrowdStrike Falcon | Authenticate to CrowdStrike API
-  ansible.builtin.uri:
-    url: "https://{{ falcon_cloud }}/oauth2/token"
-    method: POST
-    body_format: json
-    body:
-      "client_id={{ falcon_client_id }}&client_secret={{ falcon_client_secret }}"
-    return_content: true
-    follow_redirects: all
-    status_code: 201
-    headers:
-      content-type: application/x-www-form-urlencoded
-  register: falcon_api_oauth2_token
-  no_log: "{{ falcon_api_enable_no_log }}"
+  crowdstrike.falcon.auth:
+    client_id: "{{ falcon_client_id }}"
+    client_secret: "{{ falcon_client_secret }}"
+    cloud: "{{ falcon_cloud }}"
+  register: falcon
   run_once: "{{ falcon_api_auth_run_once }}"
-
-- name: CrowdStrike Falcon | Auto-discover CrowdStrike Cloud Region
-  ansible.builtin.set_fact:
-      falcon_cloud: "{{ falcon_cloud_urls[falcon_api_oauth2_token.x_cs_region] }}"
-  when:
-    - falcon_cloud_autodiscover
-    - falcon_api_oauth2_token.x_cs_region | length > 0
+  no_log: "{{ falcon_api_enable_no_log }}"
+  delegate_to: localhost
 
 - name: Set falcon_cid Block
   when: not falcon_cid
   block:
   - name: CrowdStrike Falcon | Detect Target CID Based on Credentials
-    ansible.builtin.uri:
-      url: https://{{ falcon_cloud }}/sensors/queries/installers/ccid/v1
-      method: GET
-      return_content: true
-      headers:
-        authorization: "Bearer {{ falcon_api_oauth2_token.json.access_token }}"
-        Content-Type: application/json
-    register: falcon_api_target_cid
-    no_log: "{{ falcon_api_enable_no_log }}"
+    crowdstrike.falcon.cid_info:
+      auth: "{{ falcon.auth }}"
+    register: falcon_api_cid_info
     run_once: "{{ falcon_api_auth_run_once }}"
+    delegate_to: localhost
 
   - name: CrowdStrike Falcon | Set CID received from API
     ansible.builtin.set_fact:
-      falcon_cid: "{{ falcon_api_target_cid.json.resources[0] }}"
+      falcon_cid: "{{ falcon_api_cid_info.cid }}"
diff --git a/roles/falcon_install/tasks/preinstall.yml b/roles/falcon_install/tasks/preinstall.yml
@@ -104,3 +104,8 @@
   when:
     - falcon_sensor_update_policy_name or
       falcon_sensor_version
+
+- name: CrowdStrike Falcon | Override falcon_sensor_version when set
+  ansible.builtin.set_fact:
+    falcon_sensor_version: "+version:'{{ falcon_sensor_version }}'"
+  when: falcon_sensor_version | length > 0
diff --git a/roles/falcon_install/vars/main.yml b/roles/falcon_install/vars/main.yml
@@ -24,7 +24,6 @@ falcon_cloud_urls:
   us-gov-1: "api.laggar.gcw.crowdstrike.com"
 
 falcon_os_arch_dict:
-  # exclude arm64 and s390x
-  x86_64: "\"+os_version:!~\"arm64\"+os_version:!~\"zLinux\""
-  aarch64: "\"+os_version:~\"arm64\""
-  s390x: "\"+os_version:~\"zLinux\""
+  x86_64: "+os_version:!~'arm64'+os_version:!~'zLinux'"
+  aarch64: "+os_version:~'arm64'"
+  s390x: "+os_version:~'zLinux'"