diff --git a/libraries/falconapi.rb b/libraries/falconapi.rb index 827c9b2..6198d54 100644 --- a/libraries/falconapi.rb +++ b/libraries/falconapi.rb @@ -40,7 +40,7 @@ def initialize(falcon_cloud: nil, bearer_token: nil, client_id: nil, client_secr end @client_id = client_id @client_secret = client_secret - @version = '0.0.1' + @version = '0.1.0' end # Returns the version of the sensor installer for the given policy and platform name. @@ -75,8 +75,7 @@ def version_from_update_policy(update_policy = @update_policy, platform_name = @ @version = body['resources'][0]['settings']['sensor_version'] version else - # raise Puppet::Error, sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}") - Chef::Log.error("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}") + Chef::Log.error(sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}")) raise end end @@ -107,8 +106,7 @@ def falcon_installers(query) body['resources'] else - # raise Puppet::Error, sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}")) - Chef::Log.error("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}") + Chef::Log.error(sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}")) raise end end @@ -130,8 +128,7 @@ def download_installer(sha256, out_path) when Net::HTTPSuccess, Net::HTTPRedirection File.binwrite(out_path, resp.body) else - # raise Puppet::Error, sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}") - Chef::Log.error("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}") + Chef::Log.error(sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}")) raise end end @@ -139,16 +136,12 @@ def download_installer(sha256, out_path) # Private class methods private - # Ensure error message does not include client_id, client_secret, or bearer_token. - # def sanitize_error_message(message) - # [@client_id, @client_secret, @bearer_token].each do |value| - # if value.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) - # value = value.unwrap - # end - # message.gsub!(value, '') if !value.nil? && !value.empty? - # end - # message - # end + def sanitize_error_message(message) + [@client_id, @client_secret, @bearer_token].each do |value| + message.gsub!(value, '') if !value.nil? && !value.empty? + end + message + end # Returns a new Net::HTTP instance. def http_client @@ -182,12 +175,10 @@ def access_token(client_id, client_secret) when Net::HTTPSuccess JSON.parse(resp.read_body)['access_token'] when Net::HTTPRedirection - # raise Puppet::Error, sanitize_error_message("Error - incorrect value for falcon_cloud: #{@falcon_cloud}. Update the falcon_cloud property with the correct cloud: #{resp.header['Location'].split('/')[2]}") - Chef::Log.error("Error - incorrect value for falcon_cloud: #{@falcon_cloud}. Update the falcon_cloud property with the correct cloud: #{resp.header['Location'].split('/')[2]}") + Chef::Log.error(sanitize_error_message("Error - incorrect value for falcon_cloud: #{@falcon_cloud}. Update the falcon_cloud property with the correct cloud: #{resp.header['Location'].split('/')[2]}")) raise else - # raise Puppet::Error, sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}") - Chef::Log.error("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}") + Chef::Log.error(sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}")) raise end end diff --git a/libraries/helpers.rb b/libraries/helpers.rb index 5aeee50..21207b9 100644 --- a/libraries/helpers.rb +++ b/libraries/helpers.rb @@ -66,8 +66,8 @@ def sensor_download_info(client_id, client_secret, options) falcon_api.platform_name = platform_name # If version is provied, use it to get the sensor package info - if options.key?('version') && !options[:version].nil? - query = build_sensor_installer_query(platform_name: platform_name, version: version, os_name: os_name, os_version: os_version) + if options.key?(:version) && !options[:version].nil? + query = build_sensor_installer_query(platform_name: platform_name, version: options[:version], os_name: os_name, os_version: os_version) installer = falcon_api.falcon_installers(query)[0] # If update_policy is provided, use it to get the sensor package info elsif options.key?(:update_policy) && !options[:update_policy].nil? diff --git a/resources/config.rb b/resources/config.rb index ca25db9..5167cc6 100644 --- a/resources/config.rb +++ b/resources/config.rb @@ -57,13 +57,11 @@ def delete_option(option) action :set do converge_if_changed :cid do - converge_by "Setting CID to #{new_resource.cid}" do - cmd = "#{FALCONCTL_CMD} -sf --cid=#{new_resource.cid}" - if property_is_set?(:provisioning_token) - cmd += " --provisioning-token=#{new_resource.provisioning_token}" - end - shell_out!(cmd) + cmd = "#{FALCONCTL_CMD} -sf --cid=#{new_resource.cid}" + if property_is_set?(:provisioning_token) + cmd += " --provisioning-token=#{new_resource.provisioning_token}" end + shell_out!(cmd) end converge_if_changed :tags do diff --git a/resources/install.rb b/resources/install.rb index 1a59ca3..6533004 100644 --- a/resources/install.rb +++ b/resources/install.rb @@ -4,8 +4,8 @@ default_action :install property :version, String, - description: 'The version of the Falcon sensor to install' -property :version_manage, [true, false], default: false, + description: 'The version of the Falcon sensor to install', desired_state: false +property :version_manage, [true, false], default: false, desired_state: false, description: 'Whether or not Chef should enforce a specific version and do upgrades/downgrades' property :client_id, String, sensitive: true, desired_state: false, description: 'The client id used to authenticate with the Falcon API' @@ -49,6 +49,8 @@ def insync?(new_resource, desired_version) sensor_info = sensor_download_info(new_resource.client_id, new_resource.client_secret, { version_decrement: new_resource.version_decrement, sensor_tmp_dir: new_resource.sensor_tmp_dir, + update_policy: new_resource.update_policy, + version: new_resource.version, falcon_cloud: new_resource.falcon_cloud, })