Access denied in ansible inventory about ansible_collection_falcon HOT 10 CLOSED

Hello @Gianlu - apologies as I noticed that I did not add the API Scope to the dynamic inventory in order to use it. Can you try adding the following API Scope to your credentials?

• assets [READ]

from ansible_collection_falcon.

Hello,
Sorry, where I have to define the scope? In crowdstryke console, I have full read for every single scope and I can't see the asset scope.
Moreover, with same credentials the falconpy samples work (es get_dups.py).

Thanks

from ansible_collection_falcon.

Which falconpy sample are you referring to? Also, would you mind sharing your dynamic inventory file configuration?

from ansible_collection_falcon.

Hello,
my inventory file is:

# filename: 20_my_inventory.falcon_discover.yml
plugin: crowdstrike.falcon.falcon_discover

client_id: '*****************'
client_secret: '************************'
cloud: eu-1

The duplicate finder is duplicate_sensors.py

Thanks

from ansible_collection_falcon.

Cool thanks.. So yeah, that FalconPy sample is for the Hosts collection service, not to be confused with the Discover service collection which is what this inventory file uses.

This would be the equivalent to trying this FalconPy sample. Can you let me know if that sample works for you?

from ansible_collection_falcon.

Hi @carlosmmatos I'm a colleague of @Gianlu and the one that manages the API keys and tokens. Nope, that sample doesn't work for me. I was wondering which scope I'm missing, as I've allowed (for debugging purpose obviously) every single scope in READ mode on my Falcon console. Is it possible that we may not have a specific subscription?

from ansible_collection_falcon.

Hey @romankis95 - It is possible you might not have the subscription needed for this. This is part of Exposure Management. This is what the subs needed would be:

And this is what the API scope would be:

If you are simply looking to take advantage of the Falcon Hosts API to use as an inventory, I have that as an action item todo.

from ansible_collection_falcon.

Hello @carlosmmatos.
It seems we don't have the right subscription but we are glad to read that an inventory version using the Hosts API is planned.
May I ask when do you plan to release it? I would be happy to be an "early adopter"; I hope the new version will have a similar input interface (eg. the fql filter) and will inherit cacheable and constructable (it's mandatory for us in order to modify inventory_hostname).
I have just a couple of questions:

• Does the inventory via Hosts API return in ouput the same (or similar) set of metadata?
• May I ask if you plan to release the inventory with Jinja2 templating support in parameters?

Thanks

from ansible_collection_falcon.

As for timeline, I'm trying to play catchup this week on this project. Have a few minor changes/updates, but then I plan on starting to add new modules + inventory plugin. It shouldn't take to long to do the inventory plugin since it will be very similar to the existing one.

With regards to your questions - the answer is yes, it will have the same feel as the existing dynamic inventory file - it will inherit cacheable and constructible and use fql to query the api. The output of the Hosts API is different than the Discover API, but if you wanted to get an idea of what to expect, you can do the following:

import json
from falconpy import Hosts

# Do not hardcode API credentials!
falcon = Hosts(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET
               )

# Pass in an AID of an existing host
response = falcon.GetDeviceDetails(ids='AID')

print(json.dumps(response, indent=4))

As for Jinja2 support, this is part of constructable class in dynamic inventories, so since we will be using it should support jinja2 templating. (I assume this is what you are asking for).

from ansible_collection_falcon.

@Gianlu | @romankis95 - new PR is in place right now: #470

from ansible_collection_falcon.