From 4bcd64b4315121e7896432c06e2206bbaf4b4878 Mon Sep 17 00:00:00 2001
From: Carlos Matos <carlos.matos@crowdstrike.com>
Date: Thu, 5 Dec 2024 15:11:52 -0500
Subject: [PATCH 1/4] fix(falcon_configure): fixes issue with unwarranted bool
 (master image)

Fixes #579

This PR introduces a fix to incorrectly using the |bool filter when
working with prov tokens in master image prep. Also adding the ability
to stop the sensor when working within a master image prep as to prevent
the sensor from potentially updating/restarting via that cloud updates.
---
 roles/falcon_configure/tasks/configure.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/roles/falcon_configure/tasks/configure.yml b/roles/falcon_configure/tasks/configure.yml
index 35d18980..83961577 100644
--- a/roles/falcon_configure/tasks/configure.yml
+++ b/roles/falcon_configure/tasks/configure.yml
@@ -62,8 +62,14 @@
         state: present
       when:
         - falcon_remove_aid
-        - options.cid | bool
-        - options.provisioning_token | bool
+        - options.provisioning_token is defined and options.provisioning_token | length > 0
+
+    - name: CrowdStrike Falcon | Master Image Prep | Stop Falcon Sensor service
+      ansible.builtin.service:
+        name: falcon-sensor
+        state: stopped
+      when:
+        - falcon_remove_aid
 
 # Start of MacOSX Configuration
 - name: CrowdStrike Falcon | Stat Falcon Sensor (macOS)

From f573bb560545688134934a0b42bab2a8ef5e1936 Mon Sep 17 00:00:00 2001
From: Carlos Matos <carlos.matos@crowdstrike.com>
Date: Thu, 5 Dec 2024 15:13:22 -0500
Subject: [PATCH 2/4] ci: adds testing to ensure provisioning token is set

Prior to this change, we were not checking to see if the prov token was
set which was causing a false positive to occur.
---
 molecule/falcon_configure_remove_aid/verify.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/molecule/falcon_configure_remove_aid/verify.yml b/molecule/falcon_configure_remove_aid/verify.yml
index 8284ea6c..d88386f3 100644
--- a/molecule/falcon_configure_remove_aid/verify.yml
+++ b/molecule/falcon_configure_remove_aid/verify.yml
@@ -20,6 +20,16 @@
       that:
         - not info_verify.falconctl_info.aid
 
+  - name: Register provisioning token output
+    ansible.builtin.command:
+      cmd: /opt/CrowdStrike/falconctl -g --provisioning-token
+    register: provisioning_token
+
+  - name: Verify provisioning token is present
+    ansible.builtin.assert:
+      that:
+        - "'not set' not in provisioning_token.stdout"
+
   - name: Reboot system to force AID generation
     ansible.builtin.reboot:
 

From 82941d9db875411d758505dc62012530c65fb744 Mon Sep 17 00:00:00 2001
From: Carlos Matos <carlos.matos@crowdstrike.com>
Date: Thu, 5 Dec 2024 15:14:39 -0500
Subject: [PATCH 3/4] chore: changelog fragment

---
 changelogs/fragments/579-fix-image-prep.yml | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 changelogs/fragments/579-fix-image-prep.yml

diff --git a/changelogs/fragments/579-fix-image-prep.yml b/changelogs/fragments/579-fix-image-prep.yml
new file mode 100644
index 00000000..5c144754
--- /dev/null
+++ b/changelogs/fragments/579-fix-image-prep.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - falcon_configure - Fixed issue where the bool filter was incorrectly used with provisioning token when clause for master image prep (https://github.com/CrowdStrike/ansible_collection_falcon/pull/585)

From 3cb41c9d2eda526aa13372b829776edb3ec8f0ad Mon Sep 17 00:00:00 2001
From: Carlos Matos <carlos.matos@crowdstrike.com>
Date: Thu, 5 Dec 2024 15:35:12 -0500
Subject: [PATCH 4/4] chore: stray from using options dict due to omit
 specialness

---
 roles/falcon_configure/tasks/configure.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/falcon_configure/tasks/configure.yml b/roles/falcon_configure/tasks/configure.yml
index 83961577..beea3558 100644
--- a/roles/falcon_configure/tasks/configure.yml
+++ b/roles/falcon_configure/tasks/configure.yml
@@ -58,11 +58,11 @@
     - name: CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable)
       crowdstrike.falcon.falconctl:
         cid: "{{ options.cid }}"
-        provisioning_token: "{{ options.provisioning_token }}"
+        provisioning_token: "{{ falcon_provisioning_token }}"
         state: present
       when:
         - falcon_remove_aid
-        - options.provisioning_token is defined and options.provisioning_token | length > 0
+        - falcon_provisioning_token is not none and falcon_provisioning_token | length > 0
 
     - name: CrowdStrike Falcon | Master Image Prep | Stop Falcon Sensor service
       ansible.builtin.service: