Class: FalconApi

Inherits:

Object

Object
FalconApi

show all

Defined in:: lib/puppet/puppet_x/falconapi.rb

Overview

FalconApi class to interact with the falcon api related to sensor downloads.

Instance Attribute Summary collapse

#bearer_token ⇒ Object

Returns the value of attribute bearer_token.
#falcon_cloud ⇒ Object

Returns the value of attribute falcon_cloud.
#module_version ⇒ Object

Returns the value of attribute module_version.
#platform_name ⇒ Object

Returns the value of attribute platform_name.
#update_policy ⇒ Object

Returns the value of attribute update_policy.

Instance Method Summary collapse

#download_installer(sha256, out_path) ⇒ Object

Downloads the sensor installer for the given sha256 - sha256 - the sha256 of the sensor installer to download.
#falcon_installers(query) ⇒ Object

Returns a lit of sensor resources that match the provided filter.
#initialize(falcon_cloud:, bearer_token: nil, client_id: nil, client_secret: nil, proxy_host: nil, proxy_port: nil) ⇒ FalconApi constructor

Initialize a new FalconApi instance.
#version_from_update_policy(update_policy = @update_policy, platform_name = @platform_name) ⇒ Object

Returns the version of the sensor installer for the given policy and platform name.

Constructor Details

#initialize(falcon_cloud:, bearer_token: nil, client_id: nil, client_secret: nil, proxy_host: nil, proxy_port: nil) ⇒ `FalconApi`

Initialize a new FalconApi instance.

falcon_cloud - the name of the falcon cloud to use.
bearer_token - the bearer token to use for authentication.
client_id - the client id to generate the bearer token if not provided.
client_secret - the client id to generate the bearer token if not provided.
proxy_host - the proxy host to use for the http client.
proxy_port - the proxy port to use for the http client.

# File 'lib/puppet/puppet_x/falconapi.rb', line 21

def initialize(falcon_cloud:, bearer_token: nil, client_id: nil, client_secret: nil, proxy_host: nil, proxy_port: nil)
  if (client_id.nil? || client_secret.nil?) && bearer_token.nil?
    raise ArgumentError, 'client_id and client_secret or bearer_token must be provided'
  end

  @falcon_cloud = falcon_cloud
  @proxy_host = proxy_host
  @proxy_port = proxy_port
  @http_client = http_client
  @bearer_token = if bearer_token.nil?
                    access_token(client_id, client_secret)
                  else
                    bearer_token
                  end
  @client_id = client_id
  @client_secret = client_secret
  @module_version = 'v0.11.0'
end

Instance Attribute Details

#bearer_token ⇒ `Object`

Returns the value of attribute bearer_token.



9
10
11

# File 'lib/puppet/puppet_x/falconapi.rb', line 9

def bearer_token
  @bearer_token
end

#falcon_cloud ⇒ `Object`

Returns the value of attribute falcon_cloud.



8
9
10

# File 'lib/puppet/puppet_x/falconapi.rb', line 8

def falcon_cloud
  @falcon_cloud
end

#module_version ⇒ `Object`

Returns the value of attribute module_version.



12
13
14

# File 'lib/puppet/puppet_x/falconapi.rb', line 12

def module_version
  @module_version
end

#platform_name ⇒ `Object`

Returns the value of attribute platform_name.



11
12
13

# File 'lib/puppet/puppet_x/falconapi.rb', line 11

def platform_name
  @platform_name
end

#update_policy ⇒ `Object`

Returns the value of attribute update_policy.



10
11
12

# File 'lib/puppet/puppet_x/falconapi.rb', line 10

def update_policy
  @update_policy
end

Instance Method Details

#download_installer(sha256, out_path) ⇒ `Object`

Downloads the sensor installer for the given sha256

sha256 - the sha256 of the sensor installer to download.
out_path - the path to write the installer to.

# File 'lib/puppet/puppet_x/falconapi.rb', line 105

def download_installer(sha256, out_path)
  url_path = "/sensors/entities/download-installer/v1?id=#{sha256}"

  request = Net::HTTP::Get.new(url_path)
  request['Content-Type'] = 'application/json'
  request['Authorization'] = "Bearer #{@bearer_token}"
  request['User-Agent'] = "crowdstrike-puppet/#{@module_version}"

  resp = @http_client.request(request)

  case resp
  when Net::HTTPSuccess, Net::HTTPRedirection then
    File.open(out_path, 'wb') do |file|
      file.write(resp.read_body)
    end
  else
    raise Puppet::Error, sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}")
  end
end

#falcon_installers(query) ⇒ `Object`

Returns a lit of sensor resources that match the provided filter.

query - unescaped string used filter the returned values. Example: “platform:‘windows’+version:‘6.2342.12”

# File 'lib/puppet/puppet_x/falconapi.rb', line 76

def falcon_installers(query)
  filter = CGI.escape(query)

  url_path = "/sensors/combined/installers/v1?filter=#{filter}"

  request = Net::HTTP::Get.new(url_path)
  request['Content-Type'] = 'application/json'
  request['Authorization'] = "Bearer #{@bearer_token.unwrap}"
  request['User-Agent'] = "crowdstrike-puppet/#{@module_version}"

  resp = @http_client.request(request)

  case resp
  when Net::HTTPSuccess, Net::HTTPRedirection then
    body = JSON.parse(resp.read_body)

    if body['resources'].nil? || body['resources'].empty?
      raise Puppet::Error, "No installers found for query: '#{query}'"
    end

    body['resources']
  else
    raise Puppet::Error, sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}")
  end
end

#version_from_update_policy(update_policy = @update_policy, platform_name = @platform_name) ⇒ `Object`

Returns the version of the sensor installer for the given policy and platform name.

update_policy - the name of the policy to get the version for.
platform_name - the name of the platform to get the version for.

# File 'lib/puppet/puppet_x/falconapi.rb', line 43

def version_from_update_policy(update_policy = @update_policy, platform_name = @platform_name)
  query = CGI.escape("platform_name:'#{platform_name}'+name.raw:'#{update_policy}'")
  url_path = "/policy/combined/sensor-update/v2?filter=#{query}"

  request = Net::HTTP::Get.new(url_path)
  request['Content-Type'] = 'application/json'
  request['Authorization'] = "Bearer #{@bearer_token.unwrap}"
  request['User-Agent'] = "crowdstrike-puppet/#{@module_version}"

  resp = @http_client.request(request)

  case resp
  when Net::HTTPSuccess, Net::HTTPRedirection then

    body = JSON.parse(resp.read_body)

    if body['resources'].nil? || body['resources'].empty?
      raise ArgumentError, "Policy: '#{update_policy}' not found for Platform: '#{platform_name}'"
    end

    unless body['resources'][0]['settings'].key?('sensor_version')
      raise Puppet::Error, "Policy: '#{update_policy}' and Platform: '#{platform_name}' returned zero installer versions"
    end

    body['resources'][0]['settings']['sensor_version']
  else
    raise Puppet::Error, sanitize_error_message("Falcon API error when calling #{url_path} - #{resp.code} #{resp.message} #{resp.body}")
  end
end

Class: FalconApi

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(falcon_cloud:, bearer_token: nil, client_id: nil, client_secret: nil, proxy_host: nil, proxy_port: nil) ⇒ FalconApi

Instance Attribute Details

#bearer_token ⇒ Object

#falcon_cloud ⇒ Object

#module_version ⇒ Object

#platform_name ⇒ Object

#update_policy ⇒ Object