Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: CrowdStrike/chef-falcon
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 0.1.0
Choose a base ref
...
head repository: CrowdStrike/chef-falcon
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref

Commits on Oct 31, 2022

  1. Fix cookbook quality issues (#18)

    * Contributing File Metric
    
    * Testing File Metric
    
    * Updated changelog to not be default
    carlosmmatos authored Oct 31, 2022
    Copy the full SHA
    f081404 View commit details
  2. Copy the full SHA
    bc114dc View commit details
  3. Merge pull request #19 from carlosmmatos/add-supermarket-badge

    Added badge to README for cookbook in supermarket
    redhatrises authored Oct 31, 2022
    Copy the full SHA
    b4f6e08 View commit details
  4. Copy the full SHA
    7e39e83 View commit details

Commits on Nov 10, 2022

  1. Integration Testing (#21)

    * Fixed issue with correct version being set when using version install option
    
    * Added plaftform support for rhel9 based distro
    
    * Fixes issue when deleting configurations and not including CID.
    
    * Fix package version ohai fact
    
    * Integration tests added
    
    * Support new integration changes and inline with pr-target
    
    * Fix linting issues
    
    * Fix issue with location of chef executable
    
    * Support issue with suse, add lint dep
    
    * Added the rest of the suites
    
    * Removed opensuse from CI workflow
    
    Co-authored-by: ffalor <ffalor@users.noreply.github.com>
    carlosmmatos and ffalor authored Nov 10, 2022
    Copy the full SHA
    f0aca24 View commit details
  2. Copy the full SHA
    d81e4d8 View commit details

Commits on Nov 16, 2022

  1. Copy the full SHA
    a1dcc07 View commit details
  2. Copy the full SHA
    389b3aa View commit details
  3. Copy the full SHA
    4ceac85 View commit details
  4. Copy the full SHA
    463b7da View commit details
  5. Merge pull request #27 from carlosmmatos/ignore-mdl-unorderedlist

    Unorderd list mdl rule has no impact and is hit/miss
    redhatrises authored Nov 16, 2022
    Copy the full SHA
    4a4216d View commit details
  6. Fix mdlrc syntax

    carlosmmatos authored Nov 16, 2022
    Copy the full SHA
    080fb92 View commit details

Commits on Nov 18, 2022

  1. Copy the full SHA
    6db835e View commit details
  2. Copy the full SHA
    c7e2eac View commit details
  3. Copy the full SHA
    5ba1fe8 View commit details
  4. Merge pull request #29 from carlosmmatos/decrement-int-test

    Decrement int test
    redhatrises authored Nov 18, 2022
    Copy the full SHA
    c264fe4 View commit details

Commits on Dec 1, 2022

  1. Add local install_method to install falcon from local file source (#30)

    * Add local install_method to install falcon from local file source
    
    * Updated policy to use 6.48.14504 version
    
    * Updated docs
    carlosmmatos authored Dec 1, 2022
    Copy the full SHA
    5db4d0d View commit details
  2. Copy the full SHA
    6eff774 View commit details
  3. Copy the full SHA
    13b4944 View commit details
  4. Copy the full SHA
    3d93ed7 View commit details
  5. Copy the full SHA
    b25e2b7 View commit details
  6. Merge pull request #31 from carlosmmatos/update-ci-fix-local-install

    Update ci and fix local install
    redhatrises authored Dec 1, 2022
    Copy the full SHA
    baa6867 View commit details

Commits on Dec 22, 2022

  1. Copy the full SHA
    1b0ee50 View commit details

Commits on Jan 4, 2023

  1. Fix ci issues (#38)

    * Removes aid check due to issue with bpf intro
    
    * Updates runner to use ubuntu-20.04
    
    * Add nightly job
    
    * Ensure integration tests run when workflow file is modified
    carlosmmatos authored Jan 4, 2023
    Copy the full SHA
    3ba0afc View commit details

Commits on Jan 5, 2023

  1. Copy the full SHA
    d8c564f View commit details

Commits on Jan 6, 2023

  1. Copy the full SHA
    c044d76 View commit details
  2. Copy the full SHA
    005f788 View commit details

Commits on Mar 2, 2023

  1. Fix ci issues for version and lint (#43)

    * Fix ci issues for version and lint
    
    * Adds new markdown lint file and updates pre-commit
    carlosmmatos authored Mar 2, 2023
    Copy the full SHA
    052f2a2 View commit details

Commits on Mar 23, 2023

  1. Copy the full SHA
    62d0a45 View commit details
  2. Merge pull request #44 from carlosmmatos/update-workflow-to-use-env

    Manage sensor version via GH secrets
    redhatrises authored Mar 23, 2023
    Copy the full SHA
    c6af89b View commit details

Commits on Mar 24, 2023

  1. Copy the full SHA
    5825970 View commit details
  2. Merge pull request #46 from carlosmmatos/update-nightly-workflow

    Added new FALCON_VERSIONS to nightly workflow
    redhatrises authored Mar 24, 2023
    Copy the full SHA
    3ca4771 View commit details

Commits on Mar 27, 2023

  1. Copy the full SHA
    0b2e017 View commit details

Commits on May 15, 2023

  1. Copy the full SHA
    1576a4c View commit details
  2. Copy the full SHA
    3bf69e5 View commit details

Commits on Jun 9, 2023

  1. We only need to ensure package is installed. (#50)

    No need to check for a specific version. If this succeeds, then
    we know the policy worked.
    carlosmmatos authored Jun 9, 2023
    Copy the full SHA
    9a77709 View commit details
Showing with 650 additions and 128 deletions.
  1. +67 −24 .github/workflows/ci.yml
  2. +16 −0 .github/workflows/lint.yml
  3. +21 −0 .github/workflows/nightly.yml
  4. +6 −0 .markdownlint-cli2.jsonc
  5. +1 −0 .mdlrc
  6. +23 −0 .pre-commit-config.yaml
  7. +2 −0 .yamllint
  8. +31 −2 CHANGELOG.md
  9. +3 −0 CONTRIBUTING.md
  10. +6 −4 README.md
  11. +42 −0 TESTING.md
  12. +0 −2 documentation/falcon_config.md
  13. +10 −2 documentation/falcon_install.md
  14. +0 −1 documentation/falcon_service.md
  15. +23 −14 kitchen.vagrant.yml
  16. +32 −10 kitchen.yml
  17. +7 −8 libraries/falconapi.rb
  18. +17 −7 libraries/helpers.rb
  19. +1 −1 metadata.rb
  20. +1 −1 ohai/falcon.rb
  21. +5 −4 resources/config.rb
  22. +34 −22 resources/install.rb
  23. +1 −1 test/cookbooks/test/metadata.rb
  24. +10 −0 test/cookbooks/test/recipes/common.rb
  25. +9 −0 test/cookbooks/test/recipes/config_delete.rb
  26. +20 −0 test/cookbooks/test/recipes/config_set.rb
  27. +1 −9 test/cookbooks/test/recipes/default.rb
  28. +27 −0 test/cookbooks/test/recipes/install_api_decrement.rb
  29. +9 −0 test/cookbooks/test/recipes/install_api_policy.rb
  30. +9 −0 test/cookbooks/test/recipes/install_api_version.rb
  31. +9 −0 test/cookbooks/test/recipes/install_cleanup_installer.rb
  32. +25 −0 test/cookbooks/test/recipes/install_local.rb
  33. +29 −0 test/integration/common/controls/default.rb
  34. +5 −0 test/integration/common/inspec.yml
  35. +18 −0 test/integration/config_delete/controls/default.rb
  36. +8 −0 test/integration/config_delete/inspec.yml
  37. +18 −0 test/integration/config_set/controls/default.rb
  38. +8 −0 test/integration/config_set/inspec.yml
  39. +7 −0 test/integration/default/controls/default.rb
  40. +0 −16 test/integration/default/default_test.rb
  41. +8 −0 test/integration/default/inspec.yml
  42. +11 −0 test/integration/install_api_decrement/controls/default.rb
  43. +8 −0 test/integration/install_api_decrement/inspec.yml
  44. +2 −0 test/integration/install_api_policy/controls/default.rb
  45. +8 −0 test/integration/install_api_policy/inspec.yml
  46. +13 −0 test/integration/install_api_version/controls/default.rb
  47. +8 −0 test/integration/install_api_version/inspec.yml
  48. +11 −0 test/integration/install_cleanup_installer/controls/default.rb
  49. +8 −0 test/integration/install_cleanup_installer/inspec.yml
  50. +4 −0 test/integration/install_local/controls/default.rb
  51. +8 −0 test/integration/install_local/inspec.yml
91 changes: 67 additions & 24 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,24 +1,46 @@
---
name: ci

"on":
name: "Integration Tests"
on:
push:
branches:
- nonna
paths:
- 'libraries/**'
- 'resources/**'
- 'test/**'
- 'ohai/**'
- '.github/workflows/ci.yml'
pull_request_target:
types: [labeled]
paths:
- 'libraries/**'
- 'resources/**'
- 'test/**'
- 'ohai/**'
- '.github/workflows/ci.yml'
workflow_call:
secrets:
FALCON_CLIENT_ID:
description: 'Falcon API Client ID'
required: true
FALCON_CLIENT_SECRET:
description: 'Falcon API Client Secret'
required: true
FALCON_CID:
description: 'Falcon API CID'
required: true
FALCON_CLOUD:
description: 'Falcon API Cloud'
required: true
FALCON_VERSION:
description: 'Falcon API Version'
required: true

jobs:
lint-unit:
uses: sous-chefs/.github/.github/workflows/lint-unit.yml@0.0.3
permissions:
actions: write
checks: write
pull-requests: write
statuses: write
issues: write

integration:
#needs: lint-unit
runs-on: ubuntu-latest
if: |
github.event_name == 'push' ||
github.event_name == 'schedule' ||
(github.event_name == 'pull_request_target' &&
github.event.label.name == 'ok-to-test')
runs-on: ubuntu-20.04
strategy:
matrix:
os:
@@ -27,31 +49,52 @@ jobs:
- centos-7
- debian-10
- debian-11
- opensuse-leap-15
- rockylinux-8
# - opensuse-leap-15
- rockylinux-9
- ubuntu-1804
- ubuntu-2004
suite:
- default
- install-api-version
- install-api-policy
- install-api-decrement
- install-cleanup-installer
- install-local
- config-set
- config-delete
fail-fast: false

steps:
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v3
if: github.event_name != 'pull_request_target'

- name: Check out code
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.sha}}
if: github.event_name == 'pull_request_target'

- name: Install Chef
uses: actionshub/chef-install@main
- name: Dokken
uses: actionshub/test-kitchen@main

- name: Run role tests
uses: nick-fields/retry@v2
env:
CHEF_LICENSE: accept-no-persist
KITCHEN_LOCAL_YAML: kitchen.yml
FALCON_CLIENT_ID: ${{ secrets.FALCON_CLIENT_ID }}
FALCON_CLIENT_SECRET: ${{ secrets.FALCON_CLIENT_SECRET }}
FALCON_CID: ${{ secrets.FALCON_CID }}
FALCON_CLOUD: ${{ secrets.FALCON_CLOUD }}
FALCON_VERSION: ${{ secrets.FALCON_VERSION }}
with:
suite: ${{ matrix.suite }}
os: ${{ matrix.os }}
timeout_minutes: 6
max_attempts: 3
retry_on: error
command: >-
chef exec kitchen test ${{ matrix.suite }}-${{ matrix.os }}
- name: Print debug output on failure
if: failure()
run: |
16 changes: 16 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: "Lint Tests"

on:
push:
workflow_call:
pull_request:

jobs:
lint-unit:
uses: sous-chefs/.github/.github/workflows/lint-unit.yml@2.0.1
permissions:
actions: write
checks: write
pull-requests: write
statuses: write
issues: write
21 changes: 21 additions & 0 deletions .github/workflows/nightly.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: "nightly"

on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:

jobs:
lint-unit:
name: "Run Chef lint tests"
uses: ./.github/workflows/lint.yml

integration:
name: "Run Chef integration tests"
uses: ./.github/workflows/ci.yml
secrets:
FALCON_CLIENT_ID: ${{ secrets.FALCON_CLIENT_ID }}
FALCON_CLIENT_SECRET: ${{ secrets.FALCON_CLIENT_SECRET }}
FALCON_CID: ${{ secrets.FALCON_CID }}
FALCON_CLOUD: ${{ secrets.FALCON_CLOUD }}
FALCON_VERSION: ${{ secrets.FALCON_VERSION }}
6 changes: 6 additions & 0 deletions .markdownlint-cli2.jsonc
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"config": {
"line-length": false,
"no-bare-urls": false
}
}
1 change: 1 addition & 0 deletions .mdlrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
rules '~MD013', '~MD007'
23 changes: 23 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/mattlqx/pre-commit-ruby
rev: v1.3.5
hooks:
- id: rspec
# - id: chef-cookbook-version

- repo: https://github.com/belminf/pre-commit-chef
rev: v0.1.1
hooks:
- id: cookstyle

- repo: https://github.com/adrienverge/yamllint
rev: v1.28.0
hooks:
- id: yamllint

- repo: https://github.com/DavidAnson/markdownlint-cli2
rev: v0.6.0
hooks:
- id: markdownlint-cli2
2 changes: 2 additions & 0 deletions .yamllint
Original file line number Diff line number Diff line change
@@ -11,3 +11,5 @@ rules:
max-spaces-inside: 1
min-spaces-inside-empty: -1
max-spaces-inside-empty: -1
ignore: |
.github/
33 changes: 31 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -6,5 +6,34 @@ This file is used to list changes made in each version of the chef-falcon cookbo

Initial release.

- change 0
- change 1
- Linux support with API installation method

## 0.1.1

**Full Changelog**: <https://github.com/CrowdStrike/chef-falcon/compare/0.1.0...0.1.1>

- Fix cookbook quality issues by @carlosmmatos in <https://github.com/CrowdStrike/chef-falcon/pull/18>
- Added badge to README for cookbook in supermarket by @carlosmmatos in <https://github.com/CrowdStrike/chef-falcon/pull/19>
- Update readme to include full links by @carlosmmatos in <https://github.com/CrowdStrike/chef-falcon/pull/20>
- Integration Testing by @carlosmmatos in <https://github.com/CrowdStrike/chef-falcon/pull/21>

## v0.1.2

**Full Changelog**: <https://github.com/CrowdStrike/chef-falcon/compare/0.1.1...v0.1.2>

- Decrement int test by @carlosmmatos in <https://github.com/CrowdStrike/chef-falcon/pull/29>
- Add local install_method to install falcon from local file source by @carlosmmatos in <https://github.com/CrowdStrike/chef-falcon/pull/30>
- Update ci and fix local install by @carlosmmatos in <https://github.com/CrowdStrike/chef-falcon/pull/31>
- Fix issue with s390x support on sensor API by @carlosmmatos in <https://github.com/CrowdStrike/chef-falcon/pull/34>

## v0.1.3

**Full Changelog**: <https://github.com/CrowdStrike/chef-falcon/compare/0.1.2...v0.1.3>

- Fixed issue of pointing to wrong files for nightly runs by @carlosmmatos in https://github.com/CrowdStrike/chef-falcon/pull/39
- Add changelog for last release to not forget in next one by @carlosmmatos in https://github.com/CrowdStrike/chef-falcon/pull/42
- Fix ci issues for version and lint by @carlosmmatos in https://github.com/CrowdStrike/chef-falcon/pull/43
- Manage sensor version via GH secrets by @carlosmmatos in https://github.com/CrowdStrike/chef-falcon/pull/44
- Added new FALCON_VERSIONS to nightly workflow by @carlosmmatos in https://github.com/CrowdStrike/chef-falcon/pull/46
- Add FALCON_VERSION as valid workflow call by @carlosmmatos in https://github.com/CrowdStrike/chef-falcon/pull/47
- fixes issue with user-agent being overwritten by sensor version by @carlosmmatos in https://github.com/CrowdStrike/chef-falcon/pull/48
3 changes: 3 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Contributing

Please refer to our [CrowdStrike community contribution guide](https://github.com/CrowdStrike/community/blob/main/docs/contributing.md) while we work on a customized version specific to this project.
10 changes: 6 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Falcon Cookbook

[![Cookbook Version](https://img.shields.io/cookbook/v/falcon)](https://supermarket.chef.io/cookbooks/falcon)

This cookbook provides resources for installing and configuring the CrowdStrike Falcon sensor.

## Maintainers
@@ -34,9 +36,9 @@ Ensure the following API scopes are enabled (**_if applicable_**) for this role:

## Resources

- [falcon_install](./documentation/falcon_install.md)
- [falcon_config](./documentation/falcon_config.md)
- [falcon_service](./documentation/falcon_service.md)
- [falcon_install](https://github.com/CrowdStrike/chef-falcon/blob/main/documentation/falcon_install.md)
- [falcon_config](https://github.com/CrowdStrike/chef-falcon/blob/main/documentation/falcon_config.md)
- [falcon_service](https://github.com/CrowdStrike/chef-falcon/blob/main/documentation/falcon_service.md)

## Usage

@@ -128,7 +130,7 @@ See [full documentation](#resources) for each resource and action for more infor

Chef Falcon is an open source project, not a formal CrowdStrike product, to assist developers implement CrowdStrike's Falcon sensor deployment within their organizations. As such it carries no formal support, express or implied.

:fire: Is something going wrong? :fire:
Is something going wrong?
GitHub Issues are used to report bugs.

Submit a ticket here:
42 changes: 42 additions & 0 deletions TESTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Testing the Cookbook

This document will be updated as new tests are written.

## Integration Testing

Integration testing is performed by Test Kitchen. Tests should be designed to
ensure that a recipe has accomplished its goal.

By default, we use the Dokken driver (Docker) due to the ease of passing in
environment variables to the containers. In order to use Test Kitchen with this
cookbook, you will need to export the following environment variables:

```bash
export FALCON_CLIENT_ID=<Your API Client ID>
export FALCON_CLIENT_SECRET=<Your API Client Secret>
export FALCON_CLOUD=<Your API Cloud URL (ie api.crowdstrike.com)>
export FALCON_CID=<Your Falcon CID>
```

### Using Dokken

> Refer to the [kitchen.yml](kitchen.yml) for more details
Run the following command to do a full test of all platforms:

```bash
kitchen test # optionally pass -c for parallel runs
```

To run only against Ubuntu and CentOS:

```bash
kitchen test ubuntu|centos
```

### Using Vagrant (coming soon)

> Refer to the [kitchen.vagrant.yml](kitchen.vagrant.yml) for more details.
:exclamation: Until we figure out a clean way to pass ENV variables, this will be
under construction :exclamation:
2 changes: 0 additions & 2 deletions documentation/falcon_config.md
Original file line number Diff line number Diff line change
@@ -10,7 +10,6 @@ The Default action is `:set`
| **`:set`** | Set options for the Falcon sensor |
| `:delete` | Delete options for the Falcon sensor |


## Properties

| Name | Type | Default | Description |
@@ -23,7 +22,6 @@ The Default action is `:set`
| provisioning_token | String | | The provisioning token to use to register the agent
| tag_membership | ["minimum", "inclusive"] | `minimum` | Whether specified tags should be treated as a complete list `inclusive` or as a list of tags to add to the existing list `minimum`


## Example

```ruby
12 changes: 10 additions & 2 deletions documentation/falcon_install.md
Original file line number Diff line number Diff line change
@@ -22,10 +22,10 @@ The Default action is `:install`
| version_decrement | Integer | `0` | The number of versions to decrement the desired version by
| falcon_cloud | String | `api.crowdstrike.com` | The Falcon API cloud to use
| cleanup_installer | [true, false] | `true` | Whether or not to cleanup the installer after installation
| install_method | ['api'] | `api` | The method to use to install the Falcon sensor
| install_method | ['api', 'local'] | `api` | The method to use to install the Falcon sensor
| package_source | String | | The path to the package in the local file system
| sensor_tmp_dir | String | `/tmp` | The directory to stage the Falcon package in


## Example

```ruby
@@ -45,3 +45,11 @@ falcon_install 'falcon' do
action :install
end
```

```ruby
falcon_install 'falcon' do
install_method 'local'
package_source '/tmp/falcon-sensor.rpm'
action :install
end
```
1 change: 0 additions & 1 deletion documentation/falcon_service.md
Original file line number Diff line number Diff line change
@@ -20,7 +20,6 @@ The Default action is `:start`
| :--- | :--- | :------ | :---------- |
| service_name | String | `falcon-sensor` | The name of the falcon service


## Example

```ruby
Loading