Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moved from community ansible-test-gh-action to ansible-content-actions #41

Merged
merged 8 commits into from
Sep 25, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .ansible-lint-ignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# This file contains ignores rule violations for ansible-lint
roles/install_agent/defaults/main.yml var-naming[no-role-prefix]
roles/install_agent/tasks/Linux.yml command-instead-of-module
roles/install_agent/tasks/Linux.yml no-changed-when
roles/install_agent/vars/Linux.yml var-naming[no-role-prefix]
roles/install_agent/vars/Windows.yml var-naming[no-role-prefix]
roles/install_agent/vars/main.yml var-naming[no-role-prefix]
49 changes: 20 additions & 29 deletions .github/workflows/ansible-test.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
---
name: Sanity checks

concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true

on:
# Run CI against all pushes (direct commits, also merged PRs), Pull Requests
push:
Expand All @@ -11,37 +16,23 @@ on:
env:
NAMESPACE: sva
COLLECTION_NAME: sentinelone
#ANSIBLE_TEST_PREFER_PODMAN: 1
# ANSIBLE_TEST_PREFER_PODMAN: 1

jobs:
ansible-lint:
uses: ansible/ansible-content-actions/.github/workflows/ansible_lint.yaml@main
sanity:
name: Sanity (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
strategy:
matrix:
ansible:
- stable-2.14
- stable-2.15
- stable-2.16
python:
- '3.9'
- '3.10'
- '3.11'
exclude:
- ansible: stable-2.16
python: '3.9'
include:
- ansible: stable-2.16
python: '3.12'

uses: ansible/ansible-content-actions/.github/workflows/sanity.yaml@main
all_green:
if: ${{ always() }}
needs:
- ansible-lint
- sanity
runs-on: ubuntu-latest
steps:

- name: Check out code
uses: actions/checkout@v3

- name: Perform sanity testing with ansible-test
uses: ansible-community/ansible-test-gh-action@release/v1
with:
ansible-core-version: ${{ matrix.ansible }}
target-python-version: ${{ matrix.python }}
testing-type: sanity
- run: >-
python -c "assert 'failure' not in
set([
'${{ needs.sanity.result }}',
'${{ needs.ansible-lint.result }}'
])"
3 changes: 2 additions & 1 deletion .github/workflows/pr-build-docs-and-push-to-ghpages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ jobs:
init-lenient: true
init-fail-on-error: false
collection-name: sva.sentinelone
render-file-line: '> * `$<status>` [$<path_tail>](https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/pr/${{ github.event.number }}/$<path_tail>)'
render-file-line: '> * `$<status>` [$<path_tail>](https://${{ github.repository_owner }}.github.io/$
{{ github.event.repository.name }}/pr/${{ github.event.number }}/$<path_tail>)'

publish-docs-gh-pages:
# use to prevent running on forks
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
tests/output/
.idea/
.vscode/
84 changes: 42 additions & 42 deletions changelogs/changelog.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,54 +4,54 @@ releases:
changes:
release_summary: This is the initial version of the ``sva.sentinelone`` collection
fragments:
- v1.0.0.yml
- v1.0.0.yml
modules:
- description: Manage SentinelOne Config Overrides
name: sentinelone_config_overrides
namespace: ''
- description: Manage SentinelOne Filters
name: sentinelone_filters
namespace: ''
- description: Manage SentinelOne Groups
name: sentinelone_groups
namespace: ''
- description: Manage SentinelOne Path Exclusions
name: sentinelone_path_exclusions
namespace: ''
- description: Manage SentinelOne Policies
name: sentinelone_policies
namespace: ''
- description: Manage SentinelOne Sites
name: sentinelone_sites
namespace: ''
- description: Manage SentinelOne Upgrade Policies
name: sentinelone_upgrade_policies
namespace: ''
- description: Manage SentinelOne Config Overrides
name: sentinelone_config_overrides
namespace: ''
- description: Manage SentinelOne Filters
name: sentinelone_filters
namespace: ''
- description: Manage SentinelOne Groups
name: sentinelone_groups
namespace: ''
- description: Manage SentinelOne Path Exclusions
name: sentinelone_path_exclusions
namespace: ''
- description: Manage SentinelOne Policies
name: sentinelone_policies
namespace: ''
- description: Manage SentinelOne Sites
name: sentinelone_sites
namespace: ''
- description: Manage SentinelOne Upgrade Policies
name: sentinelone_upgrade_policies
namespace: ''
release_date: '2022-08-16'
1.0.1:
changes:
bugfixes:
- 'sentinelone_policies module: When a group policy inherited from the site
scope was updated with a custom setting, all other settings were reset to
the default values. Now the inherited settings are updated by the settings
passed to the module and the other inherited settings are retained.'
- 'sentinelone_policies module: When a group policy inherited from the site
scope was updated with a custom setting, all other settings were reset to
the default values. Now the inherited settings are updated by the settings
passed to the module and the other inherited settings are retained.'
release_summary: This is a bugfix release
fragments:
- v1.0.1.yaml
- v1.0.1.yaml
release_date: '2023-01-30'
1.0.2:
changes:
release_summary: Added detailed error message to module output if an API call
fails
fragments:
- v1.0.2.yml
- v1.0.2.yml
release_date: '2023-03-08'
1.0.3:
changes:
release_summary: Increased request timeout and implemented error handling for
requests that timed out.
fragments:
- v1.0.3.yml
- v1.0.3.yml
release_date: '2023-03-13'
1.1.0:
changes:
Expand All @@ -64,26 +64,26 @@ releases:

'
fragments:
- v1.1.0.yml
- v1.1.0.yml
modules:
- description: Download SentinelOne agent from Management Console
name: sentinelone_download_agent
namespace: ''
- description: Download SentinelOne agent from Management Console
name: sentinelone_download_agent
namespace: ''
objects:
role:
- description: A role to download and install SentinelAgent on Windows and Linux
hosts
name: install_agent
namespace: null
- description: A role to download and install SentinelAgent on Windows and Linux
hosts
name: install_agent
namespace: null
release_date: '2024-03-14'
1.1.1:
changes:
bugfixes:
- 'install_agent role: Added ''become: true'' to necessary linux tasks. It
is no longer necessary to use ''become: true'' on playbook level. Fixes https://github.com/svalabs/sva.sentinelone/issues/30'
- 'install_agent role: Added missing ''urlencode'' filter so special characters
like space can be used in site or group names. Fixes https://github.com/svalabs/sva.sentinelone/issues/28'
- 'install_agent role: Added ''become: true'' to necessary linux tasks. It
is no longer necessary to use ''become: true'' on playbook level. Fixes https://github.com/svalabs/sva.sentinelone/issues/30'
- 'install_agent role: Added missing ''urlencode'' filter so special characters
like space can be used in site or group names. Fixes https://github.com/svalabs/sva.sentinelone/issues/28'
release_summary: Maintenance release
fragments:
- v1.1.1.yml
- v1.1.1.yml
release_date: '2024-05-27'
32 changes: 16 additions & 16 deletions changelogs/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,22 @@ prelude_section_name: release_summary
prelude_section_title: Release Summary
sanitize_changelog: true
sections:
- - major_changes
- Major Changes
- - minor_changes
- Minor Changes
- - breaking_changes
- Breaking Changes / Porting Guide
- - deprecated_features
- Deprecated Features
- - removed_features
- Removed Features (previously deprecated)
- - security_fixes
- Security Fixes
- - bugfixes
- Bugfixes
- - known_issues
- Known Issues
- - major_changes
- Major Changes
- - minor_changes
- Minor Changes
- - breaking_changes
- Breaking Changes / Porting Guide
- - deprecated_features
- Deprecated Features
- - removed_features
- Removed Features (previously deprecated)
- - security_fixes
- Security Fixes
- - bugfixes
- Bugfixes
- - known_issues
- Known Issues
title: Sva.Sentinelone
trivial_section_name: trivial
use_fqcn: true
2 changes: 1 addition & 1 deletion meta/runtime.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
requires_ansible: '>=2.10.0'
requires_ansible: '>=2.15.0'
115 changes: 115 additions & 0 deletions plugins/module_utils/sentinelone/sentinelone_agent_base.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
# -*- coding: utf-8 -*-

# Copyright: (c) 2024, Marco Wester <[email protected]>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type

from ansible.module_utils.six.moves.urllib.parse import urlencode
from ansible_collections.sva.sentinelone.plugins.module_utils.sentinelone.sentinelone_base import SentineloneBase
from ansible.module_utils.basic import AnsibleModule


class SentineloneAgentBase(SentineloneBase):
def __init__(self, module: AnsibleModule):
module.params['site_name'] = module.params['site']

module.params['site_name'] = module.params['site']
# self.token, self.console_url, self.site_name, self.state, self.api_endpoint_*, self.group_names will be set in
# super Class
super().__init__(module)

# Set module specific parameters
self.agent_version = module.params["agent_version"]
self.custom_version = module.params["custom_version"]
self.os_type = module.params["os_type"]
self.packet_format = module.params["packet_format"]
self.architecture = module.params["architecture"]
self.download_dir = module.params.get("download_dir", None)

# Do sanity checks
self.check_sanity(self.os_type, self.packet_format, self.architecture, module)

@staticmethod
def check_sanity(os_type: str, packet_format: str, architecture: str, module: AnsibleModule):
"""
Check if the passed module arguments are contradicting each other

:param architecture: OS architecture
:type architecture: str
:param os_type: The specified OS type
:type os_type: str
:param packet_format: The speciefied packet format
:type packet_format: str
:param module: Ansible module for error handling
:type module: AnsibleModule
"""

if architecture == "aarch64" and os_type != "Linux":
module.fail_json(msg="Error: architecture 'aarch64' needs os_type to be 'Linux'")

if os_type == 'Windows':
if packet_format not in ['exe', 'msi']:
module.fail_json(msg="Error: 'packet_format' needs to be 'exe' or 'msi' if os_type is 'Windows'")
elif packet_format not in ['deb', 'rpm']:
module.fail_json(msg="Error: 'packet_format' needs to be 'deb' or 'rpm' if os_type is 'Linux'")

def get_package_obj(self, agent_version: str, custom_version: str, os_type: str, packet_format: str,
architecture: str, module: AnsibleModule):
"""
Queries the API to get the info about the agent package which maches the parameters

:param agent_version: which version to search for
:type agent_version: str
:param custom_version: custom agent version if specified
:type custom_version: str
:param os_type: For which OS the package should fit
:type os_type: str
:param packet_format: the packet format
:type packet_format: str
:param architecture: The OS architecture
:type architecture: str
:param module: Ansible module for error handling
:type module: AnsibleModule
:return: Returns the found agent object
:rtype: dict
"""

# Build query parameters dependend on the Modules input
# Default parameters which are set always
query_params = {
'platformTypes': os_type.lower(),
'sortOrder': 'desc',
'sortBy': 'version',
'fileExtension': f".{packet_format}"
}

if self.site_id is not None:
query_params['siteIds'] = str(self.site_id)

if agent_version == 'custom':
query_params['version'] = custom_version
elif agent_version == 'latest':
query_params['status'] = 'ga'

if os_type == 'Linux':
# Use query parameter to do a free text search matching the 'fileName' field beacause S1 API does not
# provide the information elementary. 'osArches' parameter applies only for windows
if architecture == 'aarch64':
query_params['query'] = 'SentinelAgent-aarch64'
else:
query_params['query'] = 'SentinelAgent_linux'
else:
query_params['packageType'] = 'AgentAndRanger'
# osArches is only supported if you query windows packaes
query_params['osArches'] = architecture.replace('_', ' ')

# translate dictionary to URI argurments and build full query
query_params_encoded = urlencode(query_params)
api_query_agent_package = f"{self.api_endpoint_update_agent_packages}?{query_params_encoded}"

response = self.api_call(module, api_query_agent_package)
if response["pagination"]["totalItems"] > 0:
return response["data"][0]

module.fail_json(msg="Error: No agent package found in management console. Please check the given parameters.")
4 changes: 2 additions & 2 deletions plugins/module_utils/sentinelone/sentinelone_base.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-

# Copyright: (c) 2023, Marco Wester <[email protected]>
# Copyright: (c) 2024, Marco Wester <[email protected]>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
Expand Down Expand Up @@ -57,7 +57,7 @@ def __init__(self, module: AnsibleModule):
self.token = module.params["token"]
self.console_url = module.params["console_url"]
self.site_name = module.params["site_name"]
self.state = module.params["state"]
self.state = module.params.get("state", None)
self.group_names = module.params.get("groups", [])

# Get AccountID by name
Expand Down
Loading
Loading