do not show undefined parameters in falcon_sensor fact

8b9d9a49 · Alex Tayts · 7865ba71 · 8b9d9a49 · 8b9d9a49 · 8b9d9a49
Commit 8b9d9a49 authored 4 years ago by Alex Tayts
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Changelog

+## [v1.1] (https://code.stanford.edu/pe-public/crowdstrike/-/tree/v1.0) (2021-03-08)
+
+* Do not show unconfigured parameters in the fact.
+* Fix puppet lint and rubocop validation warnings.
+
 ## [v1.0] (https://code.stanford.edu/pe-public/crowdstrike/-/tree/v1.0) (2021-03-05)

 * Initial release
--- a/README.md
+++ b/README.md
@@ -30,8 +30,8 @@ The module deploys a fact named *falcon_sensor*. It is used by the puppet code t
  "falcon_sensor": {
    "agent_id": "64f78b8f66504aae8419a10c6a8b524e",
    "proxy_disable": true,
-    "proxy_host": null,
-    "proxy_port": null,
+    "proxy_host": 'proxy-server.stanford.edu',
+    "proxy_port": 17123,
    "reduced_functionality_mode": true,
    "reduced_functionality_reason": "Unspecified",
    "version": "6.14.11110.0",
@@ -42,3 +42,6 @@ The module deploys a fact named *falcon_sensor*. It is used by the puppet code t
  }
 }
 ```
+
+Note that unconfigured agent parameters would not show in the fact's output.
+
--- a/lib/facter/falcon_sensor.rb
+++ b/lib/facter/falcon_sensor.rb
@@ -8,9 +8,19 @@ Facter.add(:falcon_sensor) do

  setcode do
    # invoke falconctl to get the current settings
-    get_string = "/opt/CrowdStrike/falconctl -g --aid --apd --aph --app --rfm-state --rfm-reason --version --tags"
+    get_string = "/opt/CrowdStrike/falconctl -g --aid --apd --aph --app \
+      --rfm-state --rfm-reason --version --tags"
+
    # format in which falconctl outputs data
-    pattern = /^aid="(?<agent_id>[a-f0-9]*)", apd(?:=| is )(?<proxy_disable>not set|TRUE|FALSE), aph(?:=| is )(?<proxy_host>not set|[^,]+), app(?:=| is )(?<proxy_port>not set|[^,]+), rfm-state=(?<reduced_functionality_mode>true|false), rfm-reason=(?<reduced_functionality_reason>[^,]+), code=0x[A-F0-9]+, version = (?<version>[\d\.]+)(?:Sensor grouping )?tags(?:=| are )(?<tags>.*),\s*$/
+    pattern = %r{^aid="(?<agent_id>[a-f0-9]*)",\s
+      apd(?:=|\sis\s)(?<proxy_disable>not\sset|TRUE|FALSE),\s
+      aph(?:=|\sis\s)(?<proxy_host>not\sset|[^,]+),\s
+      app(?:=|\sis\s)(?<proxy_port>not\sset|[^,]+),\s
+      rfm-state=(?<reduced_functionality_mode>true|false),\s
+      rfm-reason=(?<reduced_functionality_reason>[^,]+),\s
+      code=0x[A-F0-9]+,\s
+      version\s=\s(?<version>[\d\.]+)
+      (?:Sensor\sgrouping\s)?tags(?:=|\sare\s)(?<tags>.*),\s*$}x

    falcon_says = Facter::Util::Resolution.exec(get_string)

@@ -18,27 +28,28 @@ Facter.add(:falcon_sensor) do
      match_data = pattern.match(falcon_says)
      if match_data
        falcon_facts = Hash[match_data.names.zip(match_data.captures)]
-        
+
        # process other tags, which are strings
-        falcon_facts.each do |key,value|
-          case value.downcase
-          when 'true'
-            falcon_facts[key] = true
-          when 'false'
-            falcon_facts[key] = false
-          when 'not set'
-            falcon_facts[key] = nil
-          else
-            if key == 'tags'
-              falcon_facts[key] = value.split(/,/)
-            else
-              falcon_facts[key] = value
-            end
-          end
+        falcon_facts.each do |key, value|
+          falcon_facts[key] = case value.downcase
+                              when 'true'
+                                true
+                              when 'false'
+                                false
+                              when 'not set'
+                                nil
+                              else
+                                if key == 'tags'
+                                  value.split(',')
+                                else
+                                  value
+                                end
+                              end
        end
      else
        nil
      end
+      falcon_facts.reject { |_, value| value.nil? }
    else
      nil
    end

--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -39,14 +39,21 @@ class crowdstrike (

    if 'falcon_sensor' in $facts {
      # crowdstrike is installed
-      if sort($tags) != sort($facts['falcon_sensor']['tags']) {
+      # get currently used tags
+      $current_tags = $facts.get('falcon_sensor.tags', undef)
+      if $current_tags and (sort($tags) != sort($current_tags)) {
        $update_tags = $cmd_tags
      } else {
        $update_tags = ''
      }

+      # get current proxy settings
+      $current_proxy_disable = $facts.get('falcon_sensor.proxy_disable', true)
+      $current_proxy_host = $facts.get('falcon_sensor.proxy_host', undef)
+      $current_proxy_port = $facts.get('falcon_sensor.proxy_port', undef)
+
      if $disable_proxy {
-        if ($facts['falcon_sensor']['proxy_disable'] != true) {
+        if ($current_proxy_disable == false) {
          # if proxy is enabled, but has to be disabled
          $update_proxy = $cmd_proxy
        } else {
@@ -55,9 +62,9 @@ class crowdstrike (
        }
      } else {
        if (
-          ($facts['falcon_sensor']['proxy_host'] != "${proxy_host}") or
-          ($facts['falcon_sensor']['proxy_port'] != "${proxy_port}") or
-          ($facts['falcon_sensor']['proxy_disable'] == true)
+          ($current_proxy_host != $proxy_host) or
+          ($current_proxy_port != $proxy_port) or
+          ($current_proxy_disable == true)
        ) {
          # if proxy is disabled, but has to be enabled or host/port have changed
          $update_proxy = $cmd_proxy