Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use lookup to set event_source arguments with environment vars #286

Open
ffalor opened this issue Jan 14, 2023 · 6 comments
Open

use lookup to set event_source arguments with environment vars #286

ffalor opened this issue Jan 14, 2023 · 6 comments

Comments

@ffalor
Copy link

ffalor commented Jan 14, 2023
edited
Loading 

$ ansible-rulebook --version

__version__ = '0.9.4'
fca63ab1-f243-4459-97ef-bb546e3cc60d

$ ansible --version

ansible [core 2.12.2]
  config file = None
  configured module search path = ['/home/vscode/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  ansible collection location = /home/vscode/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True
  
$ cat /etc/os-release 

NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Description

This could be a me issue because I am learning rulebooks & ansible at the same time.

---
- name: Simple Event Stream Usage Example
  hosts: all
  sources:
    - crowdstrike.falcon.eventstream:
        falcon_client_id: "{{ lookup('env', 'FALCON_CLIENT_ID') }}"
        falcon_client_secret: "{{ lookup('env', 'FALCON_CLIENT_SECRET') }}"
        falcon_cloud: "us-2"
        stream_name: "{{stream_name | default('eda')}}"

  rules:
    - name: print output
      condition: event.falcon is defined 
      action:
        debug:

Running:

ansible-rulebook -i inventory.yml --rulebook rulebooks/event_stream_example.yml --env-vars FALCON_CLIENT_ID,FALCON_CLIENT_SECRET

Results in this error (I've tried with and without --env-vars):

ERROR:ansible_rulebook.engine:Source error
Traceback (most recent call last):
 File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/engine.py", line 130, in start_source
   args = {
 File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/engine.py", line 131, in <dictcomp>
   k: substitute_variables(v, variables)
 File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/util.py", line 36, in substitute_variables
   return render_string_or_return_value(value, context)
 File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/util.py", line 28, in render_string_or_return_value
   return render_string(value, context)
 File "/usr/local/lib/python3.8/dist-packages/ansible_rulebook/util.py", line 21, in render_string
   return jinja2.Template(value, undefined=jinja2.StrictUndefined).render(
 File "/usr/local/lib/python3.8/dist-packages/jinja2/environment.py", line 1301, in render
   self.environment.handle_exception()
 File "/usr/local/lib/python3.8/dist-packages/jinja2/environment.py", line 936, in handle_exception
   raise rewrite_traceback_stack(source=source)
 File "<template>", line 1, in top-level template code
 File "/usr/local/lib/python3.8/dist-packages/jinja2/utils.py", line 83, in from_obj
   if hasattr(obj, "jinja_pass_arg"):
jinja2.exceptions.UndefinedError: 'lookup' is undefined

It looks like I do have the env lookup pluging

ansible-doc -t lookup -l | grep env
[WARNING]: Collection ibm.qradar does not support Ansible version 2.12.2
[WARNING]: Collection splunk.es does not support Ansible version 2.12.2
[WARNING]: Collection frr.frr does not support Ansible version 2.12.2
env                                               Read the value of environ...

 `ansible-rulebook -i inventory.yml --rulebook rulebooks/event_stream_example.yml --env-vars FALCON_CLIENT_ID,FALCON_CLIENT_SECRET`
@ffalor ffalor changed the title use lookup to set arguments with environment vars use lookup to set event_source arguments with environment vars Jan 14, 2023
@konstruktoid
Copy link
Contributor

ansible/ansible-rulebook isn't ansible/ansible and alot of stuff is different and/or not implemented as of now.
my suggestion is that you get the environment variables using os.getenv() in the event_source instead.

@mkanoor
Copy link
Contributor

mkanoor commented Jan 15, 2023

@ffalor We don't have full Jinja2 support in the rulebook. In your case you should be able to change the rulebook to

sources:
    - crowd strike.falcon.eventstream:
        falcon_client_id: "{{ FALCON_CLIENT_ID }}"
        falcon_client_secret: "{{ FALCON_CLIENT_SECRET }}"
        falcon_cloud: "us-2"

@konstruktoid
Copy link
Contributor

{{ FALCON_CLIENT_ID }} would get the environment variable?

@mkanoor
Copy link
Contributor

mkanoor commented Jan 15, 2023

The env var name is passed via the command line and collected into a variable pool which is later used in substitution.

ansible-rulebook -i inventory.yml --rulebook rulebooks/event_stream_example.yml --env-vars FALCON_CLIENT_ID,FALCON_CLIENT_SECRET`

@konstruktoid
Copy link
Contributor

thanks @mkanoor for making me aware.
one caveat seems to be they have to be quoted and always returned as strings.

@konstruktoid konstruktoid mentioned this issue Jan 15, 2023
Closed
@ffalor
Copy link
Author

ffalor commented Jan 16, 2023

thanks for explaining how --env-vars works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mkanoor @konstruktoid @ffalor