From 40d7b09a97843f55d2a6e5d2ca3f87c4831b2c0e Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Thu, 30 Mar 2023 11:25:28 -0500 Subject: [PATCH 1/8] Update to accept Deployment Info Var for ECE Proxy --- plugins/module_utils/kibana.py | 30 +++++++++++++--- plugins/modules/ece_cluster_alias.py | 17 ++++----- plugins/modules/ece_cluster_info.py | 36 +++++++++++++++++++ .../modules/ece_cluster_logs_and_metrics.py | 26 +++++++++++++- plugins/modules/ece_cluster_tag.py | 25 +++++++++++-- plugins/modules/elastic_agentlist_info.py | 29 ++++++++++++++- plugins/modules/elastic_agentpolicy.py | 34 ++++++++++++++++-- plugins/modules/elastic_agentpolicy_info.py | 31 +++++++++++++++- plugins/modules/elastic_detection_rule.py | 31 +++++++++++++++- .../modules/elastic_expedient_pkgpolicy.py | 32 ++++++++++++++++- plugins/modules/elastic_fleet_agent_report.py | 3 +- plugins/modules/elastic_integration_info.py | 3 +- plugins/modules/elastic_pkgpolicy.py | 3 +- plugins/modules/elastic_pkgpolicy_info.py | 3 +- plugins/modules/elastic_security_rule.py | 13 +++++-- plugins/modules/elastic_user.py | 3 +- 16 files changed, 290 insertions(+), 29 deletions(-) diff --git a/plugins/module_utils/kibana.py b/plugins/module_utils/kibana.py index 9e20f4d..9e6099c 100644 --- a/plugins/module_utils/kibana.py +++ b/plugins/module_utils/kibana.py @@ -355,9 +355,26 @@ def delete_action(self, action): # Elastic Security Rules functions + def get_security_rule_byid(self, rule_id): + endpoint = "detection_engine/rules?id=" + str(rule_id) + rule_object = self.send_api_request(endpoint, 'GET') + return rule_object + def update_security_rule(self, body): endpoint = "detection_engine/rules" - update_rule = self.send_api_request(endpoint, 'PATCH', data=body) + rule_object = self.get_security_rule_byid(body['id']) + rule_object.pop('updated_at') + rule_object.pop('updated_by') + rule_object.pop('created_at') + rule_object.pop('created_by') + rule_object.pop('execution_summary') + rule_object.pop('rule_id') + rule_object.pop('related_integrations') + rule_object.pop('immutable') + rule_object.pop('required_fields') + rule_object.pop('setup') + rule_object.update(body) + update_rule = self.send_api_request(endpoint, 'PUT', data=rule_object) return update_rule def get_security_rules(self, page_size, page_no): @@ -417,11 +434,10 @@ def enable_security_rule_action( update_rule = self.update_security_rule(body) return update_rule - def activate_security_rule(self, rule_name): + def activate_security_rule(self, rule_name, page_size = 500): #### Getting first page of rules page_number = 1 - page_size = 100 rules = self.get_security_rules_byfilter(rule_name) noOfRules = rules['total'] allrules = rules['data'] @@ -441,7 +457,13 @@ def activate_security_rule(self, rule_name): # Elastic Integration functions def get_integrations(self): - if int(self.major_version) > 8 or (int(self.major_version) == 8 and int(self.minor_version) >= 6): + if 'self.major_version' in locals(): + major_version = self.major_version + minor_version = self.minor_version + else: + [major_version,minor_version,patch_version] = self.deployment_info['version'].split('.') + + if int(major_version) > 8 or (int(major_version) == 8 and int(minor_version) >= 6): all_integration_flag = "prerelease" else: all_integration_flag = "experimental" diff --git a/plugins/modules/ece_cluster_alias.py b/plugins/modules/ece_cluster_alias.py index 2d97577..2b05fcd 100644 --- a/plugins/modules/ece_cluster_alias.py +++ b/plugins/modules/ece_cluster_alias.py @@ -18,19 +18,21 @@ author: Ian Scott +short_description: Create Elastic Deployment Alias from ECE + description: - - Updates Elastic Deployment and adds the indicated Alias + - Create Elastic Deployment Alias from ECE requirements: - python3 options: - port: "{{ deployment_port }}" - host: "{{ deployment_host }}" - deployment_name: "{{ deployment_name}}" - username: "{{ ece_username }}" - password: "{{ ece_password }}" - alias_name: "{{ alias_name }}" + host: ECE Host + port: ECE Port + deployment_name or deployment_id + username: ECE Username + password: ECE Password + alias_name: Deployment Alias String ''' from ansible.module_utils.basic import AnsibleModule @@ -60,7 +62,6 @@ def main(): verify_ssl_cert=dict(type='bool', default=True), deployment_name=dict(type='str'), deployment_id=dict(type='str', default=None), - no_cluster_object=dict(type='bool', default=True), alias_name=dict(type='str', required=True) ) argument_dependencies = [] diff --git a/plugins/modules/ece_cluster_info.py b/plugins/modules/ece_cluster_info.py index 46ed0d6..9026b14 100644 --- a/plugins/modules/ece_cluster_info.py +++ b/plugins/modules/ece_cluster_info.py @@ -12,7 +12,29 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: ece_cluster_info + +author: Ian Scott + +short_description: Get Elastic Deployment from ECE + +description: + - Get Elastic Deployment from ECE + +requirements: + - python3 + +options: + host: ECE Host + port: ECE Port + deployment_name or deployment_id + username: ECE Username + password: ECE Password + no_cluster_object: True/False # Sometimes it is not neccesary to return all the data of a deployment + +''' from ansible.module_utils.basic import AnsibleModule try: @@ -106,6 +128,20 @@ def main(): deployment_apm_service_url = j.get('url') if j['service'] == "fleet": deployment_fleet_service_url = j.get('url') + results['deployment_info'] = { + "deployment_id": deployment_objects[0]['id'], + "deployment_name": deployment_objects[0]['name'], + "resource_type": "kibana", + "ref_id": deployment_objects[0]['resources']['kibana'][0]['ref_id'], + "version": deployment_objects[0]['resources']['kibana'][0]['info']['plan_info']['current']['plan']['kibana']['version'] + } + results['elastic_deployment_info'] = { + "deployment_id": deployment_objects[0]['id'], + "deployment_name": deployment_objects[0]['name'], + "resource_type": "elasticsearch", + "ref_id": deployment_objects[0]['resources']['elasticsearch'][0]['ref_id'], + "version": deployment_objects[0]['resources']['elasticsearch'][0]['info']['plan_info']['current']['plan']['elasticsearch']['version'] + } results['deployment_id'] = deployment_objects[0]['id'] results['deployment_elasticsearch_version'] = deployment_elasticsearch_version results['deployment_kibana_endpoint'] = deployment_kibana_endpoint diff --git a/plugins/modules/ece_cluster_logs_and_metrics.py b/plugins/modules/ece_cluster_logs_and_metrics.py index 5050f2e..058a23b 100644 --- a/plugins/modules/ece_cluster_logs_and_metrics.py +++ b/plugins/modules/ece_cluster_logs_and_metrics.py @@ -12,7 +12,32 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: ece_cluster_logs_and_metrics + +author: Ian Scott + +short_description: Update Elastic Deployment Logging and Metrics Settings + +description: + - Update Elastic Deployment Logging and Metrics Settings + +requirements: + - python3 + +options: + host: ECE Host + port: ECE Port + deployment_name or deployment_id + username: ECE Username + password: ECE Password + logging_dest: Destination Deployment name for Logging + metrics_dest: Destination Deployment name for Metrics + logging_ref_id: Reference ID for Logging + metrics_ref_id: Reference ID for Metrics + +''' from ansible.module_utils.basic import AnsibleModule import time @@ -40,7 +65,6 @@ def main(): verify_ssl_cert=dict(type='bool', default=True), deployment_name=dict(type='str'), deployment_id=dict(type='str', default=None), - no_cluster_object=dict(type='bool', default=True), logging_dest=dict(type='str', required=True), metrics_dest=dict(type='str', required=True), logging_ref_id=dict(type='str', default="elasticsearch"), diff --git a/plugins/modules/ece_cluster_tag.py b/plugins/modules/ece_cluster_tag.py index 65ef974..5cf6ee6 100644 --- a/plugins/modules/ece_cluster_tag.py +++ b/plugins/modules/ece_cluster_tag.py @@ -12,7 +12,30 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: ece_cluster_tag + +author: Ian Scott + +short_description: Create or Update Elastic Deployment Tag + +description: + - Create or Update Elastic Deployment Tag + +requirements: + - python3 + +options: + host: ECE Host + port: ECE Port + deployment_name or deployment_id + username: ECE Username + password: ECE Password + tag_label: ECE Deployment Tag Label + tag_value: ECE Deployment Tag Value + +''' from ansible.module_utils.basic import AnsibleModule try: @@ -38,7 +61,6 @@ def main(): verify_ssl_cert=dict(type='bool', default=True), deployment_name=dict(type='str'), deployment_id=dict(type='str', default=None), - no_cluster_object=dict(type='bool', default=True), tag_label=dict(type='str'), tag_value=dict(type='str') @@ -51,7 +73,6 @@ def main(): deployment_name = module.params.get('deployment_name') deployment_id = module.params.get('deployment_id') - no_cluster_object = module.params.get('no_cluster_object') tag_label = module.params.get('tag_label') tag_value = module.params.get('tag_value') results = { 'changed': True } diff --git a/plugins/modules/elastic_agentlist_info.py b/plugins/modules/elastic_agentlist_info.py index d1aee92..ff70b19 100644 --- a/plugins/modules/elastic_agentlist_info.py +++ b/plugins/modules/elastic_agentlist_info.py @@ -12,7 +12,33 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_agentlist_info + +author: Ian Scott + +short_description: Create Fleet Agent List for Elastic Deployment + +description: + - Create Fleet Agent List for Elastic Deployment + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule import json @@ -34,7 +60,8 @@ def main(): port=dict(type='int', default=9243), username=dict(type='str', required=True), password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True) + verify_ssl_cert=dict(type='bool', default=True), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] diff --git a/plugins/modules/elastic_agentpolicy.py b/plugins/modules/elastic_agentpolicy.py index db7249a..bcc94e5 100644 --- a/plugins/modules/elastic_agentpolicy.py +++ b/plugins/modules/elastic_agentpolicy.py @@ -12,7 +12,36 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_agentpolicy + +author: Ian Scott + +short_description: Create or Delete Agent Policy by Name or ID from Elastic Deployment + +description: + - Create or Delete Agent Policy by Name or ID from Elastic Deployment + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + agent_policy_name: Name of Agent Policy + agent_policy_id: ID of Agent Policy + monitoring: Monitoring Attributes + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: @@ -37,8 +66,8 @@ def main(): agent_policy_name=dict(type='str', required=True), agent_policy_desc=dict(type='str', default='None'), state=dict(type='str', default='present'), - namespace=dict(type='str', default='default'), - monitoring=dict(type='list', default=[]) + monitoring=dict(type='list', default=[]), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] @@ -54,7 +83,6 @@ def main(): agent_policy_name = module.params.get('agent_policy_name') agent_policy_desc = module.params.get('agent_policy_desc') agent_policy_id = module.params.get('agent_policy_id') - namespace = module.params.get('namespace') monitoring = module.params.get('monitoring') if module.check_mode: diff --git a/plugins/modules/elastic_agentpolicy_info.py b/plugins/modules/elastic_agentpolicy_info.py index 96c78b9..2a7c64a 100644 --- a/plugins/modules/elastic_agentpolicy_info.py +++ b/plugins/modules/elastic_agentpolicy_info.py @@ -12,7 +12,35 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_agentpolicy_info + +author: Ian Scott + +short_description: Get Agent Policy by Name or ID from Elastic Deployment + +description: + - Get Agent Policy by Name or ID from Elastic Deployment + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + agent_policy_name: Name of Agent Policy + agent_policy_id: ID of Agent Policy + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: @@ -37,7 +65,8 @@ def main(): password=dict(type='str', no_log=True, required=True), verify_ssl_cert=dict(type='bool', default=True), agent_policy_name=dict(type='str'), - agent_policy_id=dict(type='str') + agent_policy_id=dict(type='str'), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] diff --git a/plugins/modules/elastic_detection_rule.py b/plugins/modules/elastic_detection_rule.py index 21974ad..5637dd0 100644 --- a/plugins/modules/elastic_detection_rule.py +++ b/plugins/modules/elastic_detection_rule.py @@ -12,6 +12,34 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' + +module: elastic_detection_rule + +author: Ian Scott + +short_description: Activate Security Rule such as Endpoint Security + +description: + - Activate Security Rule such as Endpoint Security + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + security_rule_name: Name of Security Rule + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * @@ -37,7 +65,8 @@ def main(): verify_ssl_cert=dict(type='bool', default=True), state=dict(type='str', default='present'), active=dict(type='bool', default=True), - security_rule_name=dict(type='str') + security_rule_name=dict(type='str'), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), diff --git a/plugins/modules/elastic_expedient_pkgpolicy.py b/plugins/modules/elastic_expedient_pkgpolicy.py index f51ac8f..59e14be 100644 --- a/plugins/modules/elastic_expedient_pkgpolicy.py +++ b/plugins/modules/elastic_expedient_pkgpolicy.py @@ -13,6 +13,35 @@ # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' + +module: elastic_detection_rule + +author: Ian Scott + +short_description: Activate Security Rule such as Endpoint Security + +description: + - Activate Security Rule such as Endpoint Security + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + security_rule_name: Name of Security Rule + +''' + from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * @@ -100,7 +129,8 @@ def main(): pkg_policy_vars=dict(type='json'), namespace=dict(type='str', default='default'), state=dict(type='str', default='present'), - integration_settings=dict(type='dict') + integration_settings=dict(type='dict'), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), diff --git a/plugins/modules/elastic_fleet_agent_report.py b/plugins/modules/elastic_fleet_agent_report.py index 84befba..2cc308a 100644 --- a/plugins/modules/elastic_fleet_agent_report.py +++ b/plugins/modules/elastic_fleet_agent_report.py @@ -35,7 +35,8 @@ def main(): username=dict(type='str', required=True), password=dict(type='str', no_log=True, required=True), deployment_info=dict(type='dict', default=None), - verify_ssl_cert=dict(type='bool', default=True) + verify_ssl_cert=dict(type='bool', default=True), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] diff --git a/plugins/modules/elastic_integration_info.py b/plugins/modules/elastic_integration_info.py index 55385c5..5addc31 100644 --- a/plugins/modules/elastic_integration_info.py +++ b/plugins/modules/elastic_integration_info.py @@ -35,7 +35,8 @@ def main(): password=dict(type='str', no_log=True, required=True), verify_ssl_cert=dict(type='bool', default=True), integration_title=dict(type='str'), - integration_name=dict(type='str') + integration_name=dict(type='str'), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), diff --git a/plugins/modules/elastic_pkgpolicy.py b/plugins/modules/elastic_pkgpolicy.py index 91fe7e6..0485e22 100644 --- a/plugins/modules/elastic_pkgpolicy.py +++ b/plugins/modules/elastic_pkgpolicy.py @@ -99,7 +99,8 @@ def main(): pkg_policy_desc=dict(type='str'), namespace=dict(type='str', default='default'), state=dict(type='str', default='present'), - integration_settings=dict(type='dict') + integration_settings=dict(type='dict'), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), diff --git a/plugins/modules/elastic_pkgpolicy_info.py b/plugins/modules/elastic_pkgpolicy_info.py index e7dee57..788cf05 100644 --- a/plugins/modules/elastic_pkgpolicy_info.py +++ b/plugins/modules/elastic_pkgpolicy_info.py @@ -35,7 +35,8 @@ def main(): username=dict(type='str', required=True), password=dict(type='str', no_log=True, required=True), verify_ssl_cert=dict(type='bool', default=True), - pkg_policy_name=dict(type='str') + pkg_policy_name=dict(type='str'), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), diff --git a/plugins/modules/elastic_security_rule.py b/plugins/modules/elastic_security_rule.py index fe078c9..e56ce60 100644 --- a/plugins/modules/elastic_security_rule.py +++ b/plugins/modules/elastic_security_rule.py @@ -41,7 +41,8 @@ def main(): action_group=dict(type='str'), replace_or_append=dict(type='str'), state=dict(type='str', default='present'), - existing_actions=dict(type='str') + existing_actions=dict(type='str'), + deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] @@ -89,7 +90,15 @@ def main(): results['rule_object'] = target_rule existing_actions = target_rule['actions'] - rule_action_object = kibana.enable_security_rule_action(target_rule['id'],connector_exists['id'],connector_exists['connector_type_id'], action_body, replace_or_append, existing_actions, action_group) + rule_action_object = kibana.enable_security_rule_action( + target_rule['id'], + connector_exists['id'], + connector_exists['connector_type_id'], + action_body, + replace_or_append, + existing_actions, + action_group + ) results['rule_action_status'] = "Created Rule Action Connector" results['rule_action_object'] = rule_action_object diff --git a/plugins/modules/elastic_user.py b/plugins/modules/elastic_user.py index a85220d..48674ff 100644 --- a/plugins/modules/elastic_user.py +++ b/plugins/modules/elastic_user.py @@ -152,7 +152,8 @@ def main(): full_name=dict(type='str', required=False), email=dict(type='str', required=False), metadata=dict(type='dict', default={}), - enabled=dict(type='bool', default=True) + enabled=dict(type='bool', default=True), + deployment_info=dict(type='dict', default=None) ) results = {'changed': False} From 43a64d96d044ba68706b3ff4bf49ff519c2d7728 Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Thu, 30 Mar 2023 18:11:27 -0500 Subject: [PATCH 2/8] fixing stuff and upping timeouts --- galaxy.yml | 2 +- plugins/module_utils/ece_apiproxy.py | 6 ++--- plugins/module_utils/kibana.py | 26 ++++++++++++------- plugins/modules/elastic_agentpolicy.py | 4 ++- .../modules/elastic_expedient_pkgpolicy.py | 7 +++-- 5 files changed, 29 insertions(+), 16 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index a575471..b95067e 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,7 +13,7 @@ # limitations under the License. --- -version: 2.3.24 +version: 2.3.25-dev3 namespace: expedient name: elastic readme: README.md diff --git a/plugins/module_utils/ece_apiproxy.py b/plugins/module_utils/ece_apiproxy.py index 343bb6e..91d82ff 100644 --- a/plugins/module_utils/ece_apiproxy.py +++ b/plugins/module_utils/ece_apiproxy.py @@ -47,7 +47,7 @@ def __init__(self, module): self.ece_auth = ECE(module) - def send_api_request(self, endpoint, method, data=None, headers={}, timeout=120, space_id='default', no_kbnver=False, version=None): + def send_api_request(self, endpoint, method, data=None, headers={}, timeout=300, space_id='default', no_kbnver=False, version=None): if endpoint.startswith('_'): url = f'https://{self.host}:{self.port}/api/v1/deployments/{self.deployment_id}/{self.resource_type}/{self.ref_id}/proxy/{endpoint}' @@ -70,7 +70,7 @@ def send_api_request(self, endpoint, method, data=None, headers={}, timeout=120, headers=headers, method=method, validate_certs=self.validate_certs, - timeout=120 + timeout=timeout ) if response.reason != 'No Content': content = loads(response.read()) @@ -78,7 +78,7 @@ def send_api_request(self, endpoint, method, data=None, headers={}, timeout=120, content = '' return content - def send_file_api_request(self, endpoint, method, data=None, headers={}, file=None, timeout=120, space_id = "default", no_kbnver=False, version=None, *args, **kwargs): + def send_file_api_request(self, endpoint, method, data=None, headers={}, file=None, timeout=300, space_id = "default", no_kbnver=False, version=None, *args, **kwargs): url = f'https://{self.host}:{self.port}/api/v1/deployments/{self.deployment_id}/{self.resource_type}/{self.ref_id}/proxy/s/{space_id}/api/{endpoint}' diff --git a/plugins/module_utils/kibana.py b/plugins/module_utils/kibana.py index 9e6099c..9394d1d 100644 --- a/plugins/module_utils/kibana.py +++ b/plugins/module_utils/kibana.py @@ -55,7 +55,7 @@ def __init__(self, module): self.version = self.get_cluster_version() self.major_version,self.minor_version,self.patch_version = self.version.split(".") - def send_api_request(self, endpoint, method, data = None, headers = {}, timeout = 120, space_id = "default", no_kbnver = False,*args, **kwargs): + def send_api_request(self, endpoint, method, data = None, headers = {}, timeout = 300, space_id = "default", no_kbnver = False,*args, **kwargs): if self.deployment_info: result = self.ece_api_proxy.send_api_request(endpoint, method, data, headers, timeout, space_id, no_kbnver) @@ -63,7 +63,7 @@ def send_api_request(self, endpoint, method, data = None, headers = {}, timeout result = self.send_kibana_api_request(endpoint, method, data, headers, timeout, space_id, no_kbnver) return result - def send_kibana_api_request(self, endpoint, method, data=None, headers={}, timeout=120, space_id = "default", no_kbnver = False, *args, **kwargs): + def send_kibana_api_request(self, endpoint, method, data=None, headers={}, timeout=300, space_id = "default", no_kbnver = False, *args, **kwargs): if space_id != "default": url = f'https://{self.host}:{self.port}/s/{space_id}/api/{endpoint}' @@ -77,8 +77,16 @@ def send_kibana_api_request(self, endpoint, method, data=None, headers={}, timeo if self.version and no_kbnver == False: headers['kbn-version'] = self.version try: - response = open_url(url, data=payload, method=method, validate_certs=self.validate_certs, headers=headers, - force_basic_auth=True, url_username=self.username, url_password=self.password, timeout=timeout) + response = open_url( + url, + data=payload, + method=method, + validate_certs=self.validate_certs, + headers=headers, + force_basic_auth=True, + url_username=self.username, + url_password=self.password, + timeout=timeout) except HTTPError as e: raise e ## This allows errors raised during the request to be inspected while debugging if response.msg == 'No Content' and str(response.status).startswith('2'): @@ -96,7 +104,7 @@ def send_kibana_api_request(self, endpoint, method, data=None, headers={}, timeo else: return response_list[0] - def send_epr_api_request(self, endpoint, method, data=None, headers={}, timeout=120): + def send_epr_api_request(self, endpoint, method, data=None, headers={}, timeout=300): url = f'https://epr.elastic.co/{endpoint}' payload = None if data: @@ -111,15 +119,15 @@ def send_epr_api_request(self, endpoint, method, data=None, headers={}, timeout= raise e ## This allows errors raised during the request to be inspected while debugging return loads(response.read()) - def send_file_api_request(self, endpoint, method, data = None, headers = {}, file = None, timeout = 120, space_id = "default", no_kbnver = False,*args, **kwargs): + def send_file_api_request(self, endpoint, method, data = None, headers = {}, file = None, timeout = 300, space_id = "default", no_kbnver = False,*args, **kwargs): if self.deployment_info: result = self.ece_api_proxy.send_file_api_request(endpoint, method, data, headers, file, timeout, space_id, no_kbnver) else: - result = self.send_kibana_file_api_request(endpoint, method, data, headers, file, space_id ) + result = self.send_kibana_file_api_request(endpoint, method, data, headers, file, space_id, timeout ) return result - def send_kibana_file_api_request(self, endpoint, method, data=None, headers={}, file=None, space_id = "default", *args, **kwargs): + def send_kibana_file_api_request(self, endpoint, method, data=None, headers={}, file=None, space_id = "default", timeout = 300, *args, **kwargs): if space_id != "default": url = f'https://{self.host}:{self.port}/s/{space_id}/api/{endpoint}' @@ -143,7 +151,7 @@ def send_kibana_file_api_request(self, endpoint, method, data=None, headers={}, auth=(self.username, self.password), files={'file': open(file,'rb')}, headers=headers, - timeout=60 + timeout=timeout ) except HTTPError as e: raise e ## This allows errors raised during the request to be inspected while debugging diff --git a/plugins/modules/elastic_agentpolicy.py b/plugins/modules/elastic_agentpolicy.py index bcc94e5..fc7f1fc 100644 --- a/plugins/modules/elastic_agentpolicy.py +++ b/plugins/modules/elastic_agentpolicy.py @@ -67,7 +67,8 @@ def main(): agent_policy_desc=dict(type='str', default='None'), state=dict(type='str', default='present'), monitoring=dict(type='list', default=[]), - deployment_info=dict(type='dict', default=None) + deployment_info=dict(type='dict', default=None), + namespace=dict(type='str', default='default') ) argument_dependencies = [] @@ -84,6 +85,7 @@ def main(): agent_policy_desc = module.params.get('agent_policy_desc') agent_policy_id = module.params.get('agent_policy_id') monitoring = module.params.get('monitoring') + namespace = module.params.get('namespace') if module.check_mode: results['changed'] = False diff --git a/plugins/modules/elastic_expedient_pkgpolicy.py b/plugins/modules/elastic_expedient_pkgpolicy.py index 59e14be..46d9afb 100644 --- a/plugins/modules/elastic_expedient_pkgpolicy.py +++ b/plugins/modules/elastic_expedient_pkgpolicy.py @@ -281,9 +281,12 @@ def main(): if pkg_policy_object['package']['name'] == 'osquery_manager': i = 0 for policy_input in pkg_policy_object['inputs']: + applied_defaults = True pkg_policy_object['inputs'][i]['streams'] = [] - pkg_policy_object['inputs'][i].pop('vars') - pkg_policy_object['inputs'][i].pop('config') + if 'vars' in pkg_policy_object['inputs'][i]: + pkg_policy_object['inputs'][i].pop('vars') + if 'config' in pkg_policy_object['inputs'][i]: + pkg_policy_object['inputs'][i].pop('config') i = i+1 if pkg_policy_object['package']['name'] == 'system': From 7a32934a740869fd732602544c3b9ca28c5da49d Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Mon, 3 Apr 2023 14:29:19 -0500 Subject: [PATCH 3/8] add documentation --- galaxy.yml | 4 +- plugins/module_utils/ece_apiproxy.py | 4 +- plugins/module_utils/kibana.py | 26 ++++---- plugins/modules/elastic_fleet_agent_report.py | 26 ++++++++ .../modules/elastic_index_lifecycle_policy.py | 36 ++++++---- .../elastic_index_lifecycle_policy_info.py | 28 ++++++++ plugins/modules/elastic_integration_info.py | 28 ++++++++ plugins/modules/elastic_kibana_settings.py | 25 +++++++ .../modules/elastic_kibana_settings_info.py | 25 +++++++ plugins/modules/elastic_pkgpolicy.py | 35 ++++++++++ plugins/modules/elastic_pkgpolicy_info.py | 27 ++++++++ .../modules/elastic_role_mapping_create.py | 35 ++++++++++ plugins/modules/elastic_savedobject.py | 65 +++++++++++++++++-- plugins/modules/elastic_savedobject_info.py | 39 +++++++++-- plugins/modules/elastic_space.py | 31 +++++++++ plugins/modules/elastic_userrole.py | 34 ++++++++++ plugins/modules/elastic_userrole_info.py | 26 ++++++++ plugins/modules/kibana_action.py | 32 ++++++++- 18 files changed, 484 insertions(+), 42 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index b95067e..8071856 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,7 +13,7 @@ # limitations under the License. --- -version: 2.3.25-dev3 +version: 2.3.26 namespace: expedient name: elastic readme: README.md @@ -26,4 +26,4 @@ tags: dependencies: {} repository: https://github.com/Expedient/ansible-collection-elastic homepage: https://github.com/Expedient/ansible-collection-elastic -issues: https://github.com/Expedient/ansible-collection-elastic/issues +issues: https://github.com/Expedient/ansible-collection-elastic/issues \ No newline at end of file diff --git a/plugins/module_utils/ece_apiproxy.py b/plugins/module_utils/ece_apiproxy.py index 91d82ff..83a387d 100644 --- a/plugins/module_utils/ece_apiproxy.py +++ b/plugins/module_utils/ece_apiproxy.py @@ -47,7 +47,7 @@ def __init__(self, module): self.ece_auth = ECE(module) - def send_api_request(self, endpoint, method, data=None, headers={}, timeout=300, space_id='default', no_kbnver=False, version=None): + def send_api_request(self, endpoint, method, data=None, headers={}, timeout=600, space_id='default', no_kbnver=False, version=None): if endpoint.startswith('_'): url = f'https://{self.host}:{self.port}/api/v1/deployments/{self.deployment_id}/{self.resource_type}/{self.ref_id}/proxy/{endpoint}' @@ -78,7 +78,7 @@ def send_api_request(self, endpoint, method, data=None, headers={}, timeout=300, content = '' return content - def send_file_api_request(self, endpoint, method, data=None, headers={}, file=None, timeout=300, space_id = "default", no_kbnver=False, version=None, *args, **kwargs): + def send_file_api_request(self, endpoint, method, data=None, headers={}, file=None, timeout=600, space_id = "default", no_kbnver=False, version=None, *args, **kwargs): url = f'https://{self.host}:{self.port}/api/v1/deployments/{self.deployment_id}/{self.resource_type}/{self.ref_id}/proxy/s/{space_id}/api/{endpoint}' diff --git a/plugins/module_utils/kibana.py b/plugins/module_utils/kibana.py index 9394d1d..9f386c6 100644 --- a/plugins/module_utils/kibana.py +++ b/plugins/module_utils/kibana.py @@ -55,7 +55,7 @@ def __init__(self, module): self.version = self.get_cluster_version() self.major_version,self.minor_version,self.patch_version = self.version.split(".") - def send_api_request(self, endpoint, method, data = None, headers = {}, timeout = 300, space_id = "default", no_kbnver = False,*args, **kwargs): + def send_api_request(self, endpoint, method, data = None, headers = {}, timeout = 600, space_id = "default", no_kbnver = False,*args, **kwargs): if self.deployment_info: result = self.ece_api_proxy.send_api_request(endpoint, method, data, headers, timeout, space_id, no_kbnver) @@ -63,7 +63,7 @@ def send_api_request(self, endpoint, method, data = None, headers = {}, timeout result = self.send_kibana_api_request(endpoint, method, data, headers, timeout, space_id, no_kbnver) return result - def send_kibana_api_request(self, endpoint, method, data=None, headers={}, timeout=300, space_id = "default", no_kbnver = False, *args, **kwargs): + def send_kibana_api_request(self, endpoint, method, data=None, headers={}, timeout = 600, space_id = "default", no_kbnver = False, *args, **kwargs): if space_id != "default": url = f'https://{self.host}:{self.port}/s/{space_id}/api/{endpoint}' @@ -104,7 +104,7 @@ def send_kibana_api_request(self, endpoint, method, data=None, headers={}, timeo else: return response_list[0] - def send_epr_api_request(self, endpoint, method, data=None, headers={}, timeout=300): + def send_epr_api_request(self, endpoint, method, data=None, headers={}, timeout=600): url = f'https://epr.elastic.co/{endpoint}' payload = None if data: @@ -119,7 +119,7 @@ def send_epr_api_request(self, endpoint, method, data=None, headers={}, timeout= raise e ## This allows errors raised during the request to be inspected while debugging return loads(response.read()) - def send_file_api_request(self, endpoint, method, data = None, headers = {}, file = None, timeout = 300, space_id = "default", no_kbnver = False,*args, **kwargs): + def send_file_api_request(self, endpoint, method, data = None, headers = {}, file = None, timeout = 600, space_id = "default", no_kbnver = False,*args, **kwargs): if self.deployment_info: result = self.ece_api_proxy.send_file_api_request(endpoint, method, data, headers, file, timeout, space_id, no_kbnver) @@ -127,7 +127,7 @@ def send_file_api_request(self, endpoint, method, data = None, headers = {}, fi result = self.send_kibana_file_api_request(endpoint, method, data, headers, file, space_id, timeout ) return result - def send_kibana_file_api_request(self, endpoint, method, data=None, headers={}, file=None, space_id = "default", timeout = 300, *args, **kwargs): + def send_kibana_file_api_request(self, endpoint, method, data=None, headers={}, file=None, space_id = "default", timeout = 600, *args, **kwargs): if space_id != "default": url = f'https://{self.host}:{self.port}/s/{space_id}/api/{endpoint}' @@ -558,7 +558,7 @@ def update_pkg_policy(self,pkgpolicy_id,body): input_no = input_no + 1 if not self.module.check_mode: endpoint = "fleet/package_policies/" + pkgpolicy_id - pkg_policy_update = self.send_api_request(endpoint, 'PUT', data=body, timeout=300) + pkg_policy_update = self.send_api_request(endpoint, 'PUT', data=body) else: pkg_policy_update = "Cannot proceed with check_mode set to " + self.module.check_mode return pkg_policy_update @@ -574,10 +574,10 @@ def get_pkg_policy(self,pkg_policy_name): def get_elatic_package_repository_package_info(self, package_name, package_version): endpoint = "package/" + package_name + "/" + package_version - epr_object = self.send_epr_api_request(endpoint, 'GET', timeout=300) + epr_object = self.send_epr_api_request(endpoint, 'GET') return epr_object - def create_pkg_policy(self,pkg_policy_name, pkg_policy_desc, agent_policy_id, integration_object, namespace="default", var_list=None): + def create_pkg_policy(self,pkg_policy_name, pkg_policy_desc, agent_policy_id, integration_object, space_id="default", var_list=None): pkg_policy_object = self.get_pkg_policy(pkg_policy_name) epr_object = self.get_elatic_package_repository_package_info(integration_object['name'], integration_object['version']) @@ -663,7 +663,7 @@ def create_pkg_policy(self,pkg_policy_name, pkg_policy_desc, agent_policy_id, in body = { "name": pkg_policy_name, - "namespace": namespace.lower(), + "namespace": space_id.lower(), "description": pkg_policy_desc, "force": True, "enabled": True, @@ -679,7 +679,7 @@ def create_pkg_policy(self,pkg_policy_name, pkg_policy_desc, agent_policy_id, in body_JSON = dumps(body) endpoint = 'fleet/package_policies' if not self.module.check_mode: - pkg_policy_object = self.send_api_request(endpoint, 'POST', data=body_JSON, timeout=300) + pkg_policy_object = self.send_api_request(endpoint, 'POST', data=body_JSON) else: pkg_policy_object = "Cannot proceed with check_mode set to " + self.module.check_mode @@ -720,7 +720,7 @@ def get_all_agent_policys(self, perPage = 500): agent_policy_objects = self.send_api_request(endpoint, 'GET') return agent_policy_objects - def create_agent_policy(self, agent_policy_id, agent_policy_name, agent_policy_desc, namespace="default", monitoring=[]): + def create_agent_policy(self, agent_policy_id, agent_policy_name, agent_policy_desc, space_id="default", monitoring=[]): if agent_policy_id: agent_policy_object = self.get_agent_policy_byid(agent_policy_id) else: @@ -729,7 +729,7 @@ def create_agent_policy(self, agent_policy_id, agent_policy_name, agent_policy_d if not agent_policy_object: body = { "name": agent_policy_name, - "namespace": namespace.lower(), + "namespace": space_id.lower(), "description": agent_policy_desc, "monitoring_enabled": monitoring } @@ -840,7 +840,7 @@ def update_saved_object(self, saved_object, object_type, object_id, object_attri def export_saved_object(self, object_type, object_id, - space_id, + space_id = "default", includeReferencesDeep = True, excludeExportDetails = True, *args, diff --git a/plugins/modules/elastic_fleet_agent_report.py b/plugins/modules/elastic_fleet_agent_report.py index 2cc308a..ef490a3 100644 --- a/plugins/modules/elastic_fleet_agent_report.py +++ b/plugins/modules/elastic_fleet_agent_report.py @@ -12,7 +12,33 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_fleet_agent_report + +author: Ian Scott + +short_description: Create a Fleet Agent Report for a Deployment + +description: + - Create a Fleet Agent Report for a Deployment + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule import json diff --git a/plugins/modules/elastic_index_lifecycle_policy.py b/plugins/modules/elastic_index_lifecycle_policy.py index 50cb726..0506f19 100644 --- a/plugins/modules/elastic_index_lifecycle_policy.py +++ b/plugins/modules/elastic_index_lifecycle_policy.py @@ -15,23 +15,31 @@ DOCUMENTATION=''' -Add an elasticseach data lifecycle policy to deployment +module: elastic_index_lifecycle_policy -Input example: +author: Ian Scott -elastic_deployment_info: - deployment_id: "{{ deployment_id }}" - deployment_name: "{{ deployment_name }}" - resource_type: elasticsearch - ref_id: "{{ cluster_kibana_info.deployment_object.resources.elasticsearch[0].ref_id }}" +short_description: Add an elasticseach data lifecycle policy to deployment - host: "{{ ece_host }}" - port: "{{ ece_port }}" - username: "{{ ece_username }}" - password: "{{ ece_password }}" - deployment_info: "{{ elastic_deployment_info }}" - index_lifecycle_policy_name: logs - settings: +description: + - Add an elasticseach data lifecycle policy to deployment + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + index_lifecycle_policy_name: Name of lifecycle policy + settings: (Example) policy: phases: hot: diff --git a/plugins/modules/elastic_index_lifecycle_policy_info.py b/plugins/modules/elastic_index_lifecycle_policy_info.py index 2910dcf..c193159 100644 --- a/plugins/modules/elastic_index_lifecycle_policy_info.py +++ b/plugins/modules/elastic_index_lifecycle_policy_info.py @@ -12,6 +12,34 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' + +module: elastic_index_lifecycle_policy_info + +author: Ian Scott + +short_description: Get information on an Elastic LifeCycle Policy + +description: + - Get information on an Elastic LifeCycle Policy + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + index_lifecycle_policy_name: Name of lifecycle policy + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * diff --git a/plugins/modules/elastic_integration_info.py b/plugins/modules/elastic_integration_info.py index 5addc31..1bfc5b2 100644 --- a/plugins/modules/elastic_integration_info.py +++ b/plugins/modules/elastic_integration_info.py @@ -12,7 +12,35 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_integration_info + +author: Ian Scott + +short_description: Get information on an Elastic Integration + +description: + - Get information on an Elastic Integration + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + integration_title: Title or Label of intregration (seems to change between versions on occasion, but name does not) + integration_name: Name of intregration + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: diff --git a/plugins/modules/elastic_kibana_settings.py b/plugins/modules/elastic_kibana_settings.py index fe53bce..b1eb738 100644 --- a/plugins/modules/elastic_kibana_settings.py +++ b/plugins/modules/elastic_kibana_settings.py @@ -12,7 +12,32 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_kibana_settings + +author: Ian Scott + +short_description: Set Elastic Kibana Settings + +description: + - Set Elastic Kibana Settings + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * diff --git a/plugins/modules/elastic_kibana_settings_info.py b/plugins/modules/elastic_kibana_settings_info.py index dba4a5d..d418c07 100644 --- a/plugins/modules/elastic_kibana_settings_info.py +++ b/plugins/modules/elastic_kibana_settings_info.py @@ -12,7 +12,32 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_kibana_settings_info + +author: Ian Scott + +short_description: Get Elastic Kibana Settings + +description: + - Get Elastic Kibana Settings + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * diff --git a/plugins/modules/elastic_pkgpolicy.py b/plugins/modules/elastic_pkgpolicy.py index 0485e22..38f426d 100644 --- a/plugins/modules/elastic_pkgpolicy.py +++ b/plugins/modules/elastic_pkgpolicy.py @@ -12,7 +12,42 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_pkgpolicy + +author: Ian Scott + +short_description: Create an Elastic Package Policy. + +description: + - Create an Elastic Package Policy. A Package Policy is an instance of an Integration in an Agent Policy + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + pkg_policy_name: Package Policy name (Required) + pkg_policy_desc: Package Policy description + agent_policy_id: Agent Policy ID. (Required if agent_policy_name is not present) + agent_policy_name: Agent Policy Name. (Required if agent_policy_id is not present) + integration_title: Integration Title/Label (Required) + integration_name: Integration Name + integration_ver: Integration Version. The version will determine what integration settings are valid + namespace: Elastic namespace, always default for now (Optional) + integration_settings: Integration settings (Optional) + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * diff --git a/plugins/modules/elastic_pkgpolicy_info.py b/plugins/modules/elastic_pkgpolicy_info.py index 788cf05..e05ff97 100644 --- a/plugins/modules/elastic_pkgpolicy_info.py +++ b/plugins/modules/elastic_pkgpolicy_info.py @@ -12,6 +12,33 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' + +module: elastic_pkgpolicy_info + +author: Ian Scott + +short_description: Get Elastic Package Policy Information. + +description: + - Get Elastic Package Policy Information. A Package Policy is an instance of an Integration in an Agent Policy + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + pkg_policy_name: Package Policy name +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * diff --git a/plugins/modules/elastic_role_mapping_create.py b/plugins/modules/elastic_role_mapping_create.py index 14de822..4a08ab9 100644 --- a/plugins/modules/elastic_role_mapping_create.py +++ b/plugins/modules/elastic_role_mapping_create.py @@ -12,7 +12,42 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_pkgpolicy + +author: Ian Scott + +short_description: Create an Elastic Package Policy. + +description: + - Create an Elastic Package Policy. A Package Policy is an instance of an Integration in an Agent Policy + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + role_mapping_name: Role Mapping name (Required) + enable_mapping: True/False + assigned_roles: List of assigned roles + role_mapping_rules: + all: + - field: + realm.name: Realm Name + - field: + groups: User Group + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: diff --git a/plugins/modules/elastic_savedobject.py b/plugins/modules/elastic_savedobject.py index de79414..51800ad 100644 --- a/plugins/modules/elastic_savedobject.py +++ b/plugins/modules/elastic_savedobject.py @@ -12,7 +12,40 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_savedobject + +author: Ian Scott + +short_description: Get Elastic Saved Object List or Create Saved Object. + +description: + - Get Elastic Saved Object List or Create Saved Object. + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + object_name: Saved Object name + object_id: Saved Object ID + object_type: Type of Object + search_string: Saved Object Search String + object_attributes: Object Attributes. These vary widely based on the object to create. + space_id: Space to search for the Saved Object List or create the Saved Object in + overwrite: True/False When Importing, if a Saved Object is found with the same ID whether or not to overwrite that object + createNewCopies: True/False When Importing, Whether or not to create a new copy +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: @@ -38,10 +71,10 @@ def main(): verify_ssl_cert=dict(type='bool', default=True), object_name=dict(type='str'), object_id=dict(type='str', default=None), + object_type=dict(type='str'), search_string=dict(type='str'), object_attributes=dict(type='str'), space_id=dict(type='str', default="default"), - object_type=dict(type='str', default="default"), overwrite=dict(type='bool', default=True), deployment_info=dict(type='dict', default=None), createNewCopies=dict(type='bool', default=False), @@ -72,8 +105,15 @@ def main(): saved_object = None if (object_name or object_id) and state == "present": - saved_object_info = kibana.get_saved_object(object_type = object_type, object_id = object_id, object_name = object_name, space_id = space_id) - saved_object = kibana.export_saved_object(object_type = object_type, object_id = saved_object_info['id'], space_id = space_id) + saved_object_info = kibana.get_saved_object( + object_type = object_type, + object_id = object_id, + object_name = object_name, + space_id = space_id) + saved_object = kibana.export_saved_object( + object_type = object_type, + object_id = saved_object_info['id'], + space_id = space_id) if search_string and state == "present": if search_string == "None": @@ -82,12 +122,25 @@ def main(): if object_attributes and state == "absent": - saved_object = kibana.import_saved_object(object_attributes, space_id = space_id, createNewCopies=createNewCopies, overwrite=overwrite) + saved_object = kibana.import_saved_object( + object_attributes, + space_id = space_id, + createNewCopies=createNewCopies, + overwrite=overwrite) if object_attributes and state == "update": - saved_object_info = kibana.get_saved_object(object_type = object_type, object_id = object_id, object_name = object_name, space_id = space_id) + saved_object_info = kibana.get_saved_object( + object_type = object_type, + object_id = object_id, + object_name = object_name, + space_id = space_id) saved_object_id = saved_object_info['id'] - saved_object = kibana.update_saved_object(object_type = object_type, object_id = saved_object_id, object_name = object_name, space_id = space_id, object_attributes = object_attributes) + saved_object = kibana.update_saved_object( + object_type = object_type, + object_id = saved_object_id, + object_name = object_name, + space_id = space_id, + object_attributes = object_attributes) if saved_object != "": results['object_status'] = "Saved Object Found" diff --git a/plugins/modules/elastic_savedobject_info.py b/plugins/modules/elastic_savedobject_info.py index 1d9799c..4651366 100644 --- a/plugins/modules/elastic_savedobject_info.py +++ b/plugins/modules/elastic_savedobject_info.py @@ -12,7 +12,36 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_savedobject_info + +author: Ian Scott + +short_description: Get Elastic Saved Object Information. + +description: + - Get Elastic Saved Object Information. + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + object_name: Saved Object name (Required) + object_type: Type of Object + space_id: Name of Space the Object is in + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: @@ -36,9 +65,10 @@ def main(): username=dict(type='str', required=True), password=dict(type='str', no_log=True, required=True), verify_ssl_cert=dict(type='bool', default=True), - object_name=dict(type='str'), - space=dict(type='str', default='default'), - object_type=dict(type='str', default="default") + object_name=dict(type='str', required=True), + object_type=dict(type='str', required=True), + space_id=dict(type='str', default='default'), + deployment_info=dict(type='dict', default=None), ) argument_dependencies = [] @@ -54,9 +84,10 @@ def main(): results['changed'] = False object_name = module.params.get('object_name') object_type = module.params.get('object_type') + space_id = module.params.get('space_id') if module.params.get('object_name'): - saved_object = kibana.get_saved_object(object_type, object_name) + saved_object = kibana.get_saved_object(object_type, object_name, space_id = space_id) if saved_object: results['object_status'] = "Saved Object Found" diff --git a/plugins/modules/elastic_space.py b/plugins/modules/elastic_space.py index b66ea4e..c7a27e6 100644 --- a/plugins/modules/elastic_space.py +++ b/plugins/modules/elastic_space.py @@ -12,7 +12,38 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_space + +author: Ian Scott + +short_description: Create an Elastic Space. + +description: + - Create an Elastic Space. + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + space_name: Space name + space_description: Description of Space + space_id: Space ID. Used in urls. + disabledFeatures: List of Features to be disabled within this space + initials: Initials of Space + color: Color of Space Icon Background +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: diff --git a/plugins/modules/elastic_userrole.py b/plugins/modules/elastic_userrole.py index d5d9dce..8c6c22b 100644 --- a/plugins/modules/elastic_userrole.py +++ b/plugins/modules/elastic_userrole.py @@ -12,7 +12,41 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_userrole + +author: Ian Scott + +short_description: Create User Role + +description: + - Create User Role + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + role_name: User Role name + body: + metadata: + elasticsearch: + Role Permission Data + kibana: + Role Permission Data + spaces: + List of spaces for the role +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: diff --git a/plugins/modules/elastic_userrole_info.py b/plugins/modules/elastic_userrole_info.py index d6f7f15..6d04b4d 100644 --- a/plugins/modules/elastic_userrole_info.py +++ b/plugins/modules/elastic_userrole_info.py @@ -12,7 +12,33 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_userrole_info + +author: Ian Scott + +short_description: Get Information about a User Role + +description: + - Get Information about a User Role + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + role_name: User Role name +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: diff --git a/plugins/modules/kibana_action.py b/plugins/modules/kibana_action.py index 47b437a..3094caf 100644 --- a/plugins/modules/kibana_action.py +++ b/plugins/modules/kibana_action.py @@ -14,6 +14,36 @@ # limitations under the License. # -*- coding: utf-8 -*- +DOCUMENTATION=''' + +module: kibana_action + +author: Ian Scott + +short_description: Create Kibana Action + +description: + - Create Kibana Action + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version + action_name: Name of Action to be Created + action_type: Tyep of Action + config: Changes based on type of action + secrets: Secrets for the Action +''' from ansible.module_utils.six import assertRaisesRegex #from plugins.modules.ece_cluster import DOCUMENTATION @@ -39,7 +69,7 @@ def main(): module_args=dict( host=dict(type='str'), - port=dict(type='int', default=12443), + port=dict(type='int'), username=dict(type='str', required=True), password=dict(type='str', required=True, no_log=True), verify_ssl_cert=dict(type='bool', default=True), From 3425504032938bdcbbcfec030a2c077465caf68a Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Mon, 3 Apr 2023 16:52:12 -0500 Subject: [PATCH 4/8] fix fleet vars --- plugins/modules/elastic_fleet_agent_report.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/modules/elastic_fleet_agent_report.py b/plugins/modules/elastic_fleet_agent_report.py index ef490a3..51fcccf 100644 --- a/plugins/modules/elastic_fleet_agent_report.py +++ b/plugins/modules/elastic_fleet_agent_report.py @@ -60,7 +60,6 @@ def main(): port=dict(type='int', default=9243), username=dict(type='str', required=True), password=dict(type='str', no_log=True, required=True), - deployment_info=dict(type='dict', default=None), verify_ssl_cert=dict(type='bool', default=True), deployment_info=dict(type='dict', default=None) ) From 5d6f8f158e5a8647cc4c2c267155098b77ac12c7 Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Tue, 4 Apr 2023 09:24:36 -0500 Subject: [PATCH 5/8] Add SMC ID to Deploy Info, flag unhealthy --- plugins/modules/ece_cluster_info.py | 141 ++++++++++++++++------------ 1 file changed, 80 insertions(+), 61 deletions(-) diff --git a/plugins/modules/ece_cluster_info.py b/plugins/modules/ece_cluster_info.py index 9026b14..b1f1bf4 100644 --- a/plugins/modules/ece_cluster_info.py +++ b/plugins/modules/ece_cluster_info.py @@ -88,6 +88,7 @@ def main(): deployment_apm_https_port = None deployment_apm_service_url = None deployment_fleet_service_url = None + smc_id = None if deployment_id: deployment_objects = [ElasticDeployments.get_deployment_byid(deployment_id)] @@ -101,68 +102,86 @@ def main(): if len(deployment_objects) == 1: kibana_info = deployment_objects[0]['resources']['kibana'] - for i in kibana_info: - if i['ref_id'] == "kibana" or i['ref_id'] == "main-kibana": - deployment_kibana_endpoint = i['info']['metadata'].get('aliased_endpoint') or i['info']['metadata']['endpoint'] - deployment_kibana_http_port = i['info']['metadata']['ports'].get('http') - deployment_kibana_https_port = i['info']['metadata']['ports'].get('https') - deployment_kibana_service_url = i['info']['metadata'].get('service_url') - deployment_kibana_url = i['info']['metadata'].get('aliased_endpoint') - elasticsearch_info = deployment_objects[0]['resources']['elasticsearch'] - for i in elasticsearch_info: - if i['ref_id'] == "elasticsearch" or i['ref_id'] == "main-elasticsearch": - deployment_elasticsearch_endpoint = i['info']['metadata'].get('aliased_endpoint') or i['info']['metadata']['endpoint'] - deployment_elasticsearch_http_port = i['info']['metadata']['ports'].get('http') - deployment_elasticsearch_https_port = i['info']['metadata']['ports'].get('https') - deployment_elasticsearch_service_url = i['info']['metadata'].get('service_url') - deployment_elasticsearch_url = i['info']['metadata'].get('aliased_endpoint') - deployment_elasticsearch_version = i['info']['plan_info']['current']['plan']['elasticsearch'].get('version') - apm_info = deployment_objects[0]['resources']['apm'] - for i in apm_info: - if i['ref_id'] == "apm" or i['ref_id'] == "main-apm": - deployment_apm_http_port = i['info']['metadata']['ports'].get('http') - deployment_apm_https_port = i['info']['metadata']['ports'].get('https') - if 'services_urls' in i['info']['metadata']: - for j in i['info']['metadata']['services_urls']: - if j['service'] == "apm": - deployment_apm_service_url = j.get('url') - if j['service'] == "fleet": - deployment_fleet_service_url = j.get('url') - results['deployment_info'] = { - "deployment_id": deployment_objects[0]['id'], - "deployment_name": deployment_objects[0]['name'], - "resource_type": "kibana", - "ref_id": deployment_objects[0]['resources']['kibana'][0]['ref_id'], - "version": deployment_objects[0]['resources']['kibana'][0]['info']['plan_info']['current']['plan']['kibana']['version'] - } - results['elastic_deployment_info'] = { - "deployment_id": deployment_objects[0]['id'], - "deployment_name": deployment_objects[0]['name'], - "resource_type": "elasticsearch", - "ref_id": deployment_objects[0]['resources']['elasticsearch'][0]['ref_id'], - "version": deployment_objects[0]['resources']['elasticsearch'][0]['info']['plan_info']['current']['plan']['elasticsearch']['version'] - } - results['deployment_id'] = deployment_objects[0]['id'] - results['deployment_elasticsearch_version'] = deployment_elasticsearch_version - results['deployment_kibana_endpoint'] = deployment_kibana_endpoint - results['deployment_kibana_http_port'] = deployment_kibana_http_port - results['deployment_kibana_https_port'] = deployment_kibana_https_port - results['deployment_kibana_service_url'] = deployment_kibana_service_url - results['deployment_kibana_url'] = deployment_kibana_url - results['deployment_elasticsearch_endpoint'] = deployment_elasticsearch_endpoint - results['deployment_elasticsearch_http_port'] = deployment_elasticsearch_http_port - results['deployment_elasticsearch_https_port'] = deployment_elasticsearch_https_port - results['deployment_elasticsearch_service_url'] = deployment_elasticsearch_service_url - results['deployment_elasticsearch_url'] = deployment_elasticsearch_url - results['deployment_apm_http_port'] = deployment_apm_http_port - results['deployment_apm_https_port'] = deployment_apm_https_port - results['deployment_apm_service_url'] = deployment_apm_service_url - results['deployment_fleet_service_url'] = deployment_fleet_service_url - if no_cluster_object == False: - results['deployment_object'] = deployment_objects[0] + if deployment_objects[0]['resources']['kibana'][0]['info']['status'] != "stopped": + if 'tags' in deployment_objects[0]['metadata']: + for tag in deployment_objects[0]['metadata']['tags']: + if tag['key'] == 'SMC_ID': + smc_id = tag['value'] + for i in kibana_info: + if i['ref_id'] == "kibana" or i['ref_id'] == "main-kibana": + deployment_kibana_endpoint = i['info']['metadata'].get('aliased_endpoint') or i['info']['metadata']['endpoint'] + deployment_kibana_http_port = i['info']['metadata']['ports'].get('http') + deployment_kibana_https_port = i['info']['metadata']['ports'].get('https') + deployment_kibana_service_url = i['info']['metadata'].get('service_url') + deployment_kibana_url = i['info']['metadata'].get('aliased_endpoint') + elasticsearch_info = deployment_objects[0]['resources']['elasticsearch'] + for i in elasticsearch_info: + if i['ref_id'] == "elasticsearch" or i['ref_id'] == "main-elasticsearch": + deployment_elasticsearch_endpoint = i['info']['metadata'].get('aliased_endpoint') or i['info']['metadata']['endpoint'] + deployment_elasticsearch_http_port = i['info']['metadata']['ports'].get('http') + deployment_elasticsearch_https_port = i['info']['metadata']['ports'].get('https') + deployment_elasticsearch_service_url = i['info']['metadata'].get('service_url') + deployment_elasticsearch_url = i['info']['metadata'].get('aliased_endpoint') + deployment_elasticsearch_version = i['info']['plan_info']['current']['plan']['elasticsearch'].get('version') + apm_info = deployment_objects[0]['resources']['apm'] + for i in apm_info: + if i['ref_id'] == "apm" or i['ref_id'] == "main-apm": + deployment_apm_http_port = i['info']['metadata']['ports'].get('http') + deployment_apm_https_port = i['info']['metadata']['ports'].get('https') + if 'services_urls' in i['info']['metadata']: + for j in i['info']['metadata']['services_urls']: + if j['service'] == "apm": + deployment_apm_service_url = j.get('url') + if j['service'] == "fleet": + deployment_fleet_service_url = j.get('url') + results['deployment_info'] = { + "deployment_id": deployment_objects[0]['id'], + "deployment_name": deployment_objects[0]['name'], + "resource_type": "kibana", + "ref_id": deployment_objects[0]['resources']['kibana'][0]['ref_id'], + "version": deployment_objects[0]['resources']['kibana'][0]['info']['plan_info']['current']['plan']['kibana']['version'] + } + results['elastic_deployment_info'] = { + "deployment_id": deployment_objects[0]['id'], + "deployment_name": deployment_objects[0]['name'], + "resource_type": "elasticsearch", + "ref_id": deployment_objects[0]['resources']['elasticsearch'][0]['ref_id'], + "version": deployment_objects[0]['resources']['elasticsearch'][0]['info']['plan_info']['current']['plan']['elasticsearch']['version'] + } + results['SMC_ID'] = smc_id + results['deployment_id'] = deployment_objects[0]['id'] + results['deployment_elasticsearch_version'] = deployment_elasticsearch_version + results['deployment_kibana_endpoint'] = deployment_kibana_endpoint + results['deployment_kibana_http_port'] = deployment_kibana_http_port + results['deployment_kibana_https_port'] = deployment_kibana_https_port + results['deployment_kibana_service_url'] = deployment_kibana_service_url + results['deployment_kibana_url'] = deployment_kibana_url + results['deployment_elasticsearch_endpoint'] = deployment_elasticsearch_endpoint + results['deployment_elasticsearch_http_port'] = deployment_elasticsearch_http_port + results['deployment_elasticsearch_https_port'] = deployment_elasticsearch_https_port + results['deployment_elasticsearch_service_url'] = deployment_elasticsearch_service_url + results['deployment_elasticsearch_url'] = deployment_elasticsearch_url + results['deployment_apm_http_port'] = deployment_apm_http_port + results['deployment_apm_https_port'] = deployment_apm_https_port + results['deployment_apm_service_url'] = deployment_apm_service_url + results['deployment_fleet_service_url'] = deployment_fleet_service_url + if no_cluster_object == False: + results['deployment_object'] = deployment_objects[0] + else: + results['deployment_object'] = "No Cluster Object is True by default to reduce output" + results['deployment_kibana_info'] = "Deployment was returned sucessfully" else: - results['deployment_object'] = "No Cluster Object is True by default to reduce output" - results['deployment_kibana_info'] = "Deployment was returned sucessfully" + results['deployment_kibana_info'] = "Unhealthy Deployment Returned" + results['deployment_kibana_endpoint'] = None + results['deployment_kibana_http_port'] = None + results['deployment_kibana_https_port'] = None + results['deployment_kibana_url'] = None + results['deployment_kibana_service_url'] = None + results['deployment_elasticsearch_url'] = None + results['deployment_elasticsearch_service_url'] = None + results['deployment_apm_service_url'] = None + results['deployment_fleet_service_url'] = None + results['deployment_objects'] = deployment_objects elif len(deployment_objects) == 0: results['deployment_kibana_info'] = "No deployment was returned, check your deployment name" results['deployment_kibana_endpoint'] = None From 6eff7ac6990bf4ce05934a9483bd0bedc7eaaf0e Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Tue, 4 Apr 2023 15:04:12 -0500 Subject: [PATCH 6/8] update galaxy --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 8071856..1396c22 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,7 +13,7 @@ # limitations under the License. --- -version: 2.3.26 +version: 2.3.27 namespace: expedient name: elastic readme: README.md From 9e3e3479fdfa48b145f375f84e5a1a03d77d4482 Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Mon, 10 Apr 2023 14:19:13 -0500 Subject: [PATCH 7/8] combine to be properties --- plugins/module_utils/ece.py | 2 +- plugins/module_utils/kibana.py | 37 +- plugins/modules/ece_cluster.py | 321 ++++++++++++++++-- plugins/modules/ece_cluster_alias.py | 129 ------- plugins/modules/ece_cluster_info.py | 216 ------------ .../modules/ece_cluster_logs_and_metrics.py | 136 -------- plugins/modules/ece_cluster_tag.py | 116 ------- ...olicy_info.py => elastic_configuration.py} | 56 ++- .../modules/elastic_expedient_pkgpolicy.py | 55 --- .../modules/elastic_index_lifecycle_policy.py | 112 ------ plugins/modules/elastic_kibana_settings.py | 92 ----- .../modules/elastic_kibana_settings_info.py | 91 ----- plugins/modules/elastic_pkgpolicy.py | 253 -------------- plugins/modules/elastic_pkgpolicy_info.py | 94 ----- plugins/modules/elastic_role_mapping.py | 90 ----- .../modules/elastic_role_mapping_create.py | 109 ------ plugins/modules/elastic_space.py | 109 ------ plugins/modules/elastic_userrole.py | 102 ------ plugins/modules/elastic_userrole_info.py | 92 ----- plugins/modules/kibana_configuration.py | 246 ++++++++++++++ 20 files changed, 597 insertions(+), 1861 deletions(-) delete mode 100644 plugins/modules/ece_cluster_alias.py delete mode 100644 plugins/modules/ece_cluster_info.py delete mode 100644 plugins/modules/ece_cluster_logs_and_metrics.py delete mode 100644 plugins/modules/ece_cluster_tag.py rename plugins/modules/{elastic_index_lifecycle_policy_info.py => elastic_configuration.py} (53%) delete mode 100644 plugins/modules/elastic_index_lifecycle_policy.py delete mode 100644 plugins/modules/elastic_kibana_settings.py delete mode 100644 plugins/modules/elastic_kibana_settings_info.py delete mode 100644 plugins/modules/elastic_pkgpolicy.py delete mode 100644 plugins/modules/elastic_pkgpolicy_info.py delete mode 100644 plugins/modules/elastic_role_mapping.py delete mode 100644 plugins/modules/elastic_role_mapping_create.py delete mode 100644 plugins/modules/elastic_space.py delete mode 100644 plugins/modules/elastic_userrole.py delete mode 100644 plugins/modules/elastic_userrole_info.py create mode 100644 plugins/modules/kibana_configuration.py diff --git a/plugins/module_utils/ece.py b/plugins/module_utils/ece.py index e73c12e..7c5eacc 100644 --- a/plugins/module_utils/ece.py +++ b/plugins/module_utils/ece.py @@ -38,7 +38,7 @@ def __init__(self, module): } payload = dumps(data) headers = {'Content-Type': 'application/json'} - response = open_url(url, data=payload, headers=headers, method='POST', validate_certs=self.validate_certs, timeout=120) + response = open_url(url, data=payload, headers=headers, method='POST', validate_certs=self.validate_certs, timeout=300) content = loads(response.read()) self.token = content['token'] diff --git a/plugins/module_utils/kibana.py b/plugins/module_utils/kibana.py index 9f386c6..cc2ed94 100644 --- a/plugins/module_utils/kibana.py +++ b/plugins/module_utils/kibana.py @@ -390,9 +390,8 @@ def get_security_rules(self, page_size, page_no): rules = self.send_api_request(endpoint, 'GET') return rules - def get_security_rules_byfilter(self, rule_name): + def get_security_rules_byfilter(self, rule_name, page_size = 500): page_no = 1 - page_size = 100 filter_scrubbed = urllib.parse.quote(str(rule_name)) endpoint = "detection_engine/rules/_find?page=" + str(page_no) + "&per_page=" + str(page_size) + "&filter=alert.attributes.name:" + filter_scrubbed rules = self.send_api_request(endpoint, 'GET') @@ -865,18 +864,16 @@ def export_saved_object(self, export_object = self.send_api_request(endpoint, 'POST', data=body_JSON, headers = headers, space_id = space_id, no_kbnver = True) return export_object - def import_saved_object(self, object_attributes, space_id = "default", overwrite = False, createNewCopies = True): - importObjectJSON = tempfile.NamedTemporaryFile(delete=False,suffix='.ndjson', prefix='saved_object_') - #object_attributes_json = loads(object_attributes) - import_file = open(importObjectJSON.name, 'a') - #for i in object_attributes_json: - # import_file.write(dumps(i) + '\n') - import_file.write(object_attributes) - import_file.close() - importObjectJSON.close() - endpoint = f'saved_objects/_import?createNewCopies={createNewCopies}&overwrite={overwrite}' - import_object = self.send_file_api_request(endpoint, 'POST', file=importObjectJSON.name, space_id = space_id) - os.remove(importObjectJSON.name) + def import_saved_object(self, object_attributes = [], space_id = "default", overwrite = False, createNewCopies = True): + for object_attribute in object_attributes: + importObjectJSON = tempfile.NamedTemporaryFile(delete=False,suffix='.ndjson', prefix='saved_object_') + import_file = open(importObjectJSON.name, 'a') + import_file.write(object_attribute) + import_file.close() + importObjectJSON.close() + endpoint = f'saved_objects/_import?createNewCopies={createNewCopies}&overwrite={overwrite}' + import_object = self.send_file_api_request(endpoint, 'POST', file=importObjectJSON.name, space_id = space_id) + os.remove(importObjectJSON.name) return import_object def get_fleet_server_hosts(self): @@ -956,12 +953,16 @@ def create_space( result = self.send_api_request(endpoint, 'POST', data = body_json) return result -# Elastic User Role +# User Role def get_userrole(self, name): - endpoint = f'security/role/{name}' - userrole_object = self.send_api_request(endpoint, 'GET') - return userrole_object + endpoint = f'security/role' + userrole_objects = self.send_api_request(endpoint, 'GET') + target_userrole = None + for userrole_object in userrole_objects: + if userrole_object['name'].lower() == name.lower(): + target_userrole = userrole_object + return target_userrole def create_userrole(self, name, diff --git a/plugins/modules/ece_cluster.py b/plugins/modules/ece_cluster.py index 53b5923..3870157 100644 --- a/plugins/modules/ece_cluster.py +++ b/plugins/modules/ece_cluster.py @@ -46,7 +46,7 @@ choices: ['present', 'absent'] default: present type: str - cluster_name: + deployment_name: description: - Name for the cluster to create or modify required: True @@ -183,6 +183,15 @@ - number of zones to deploy Kibana into default: 1 type: int + logs_and_metric_settings: + logging_dest: Destination Deployment name for Logging + metrics_dest: Destination Deployment name for Metrics + logging_ref_id: Reference ID for Logging + metrics_ref_id: Reference ID for Metrics + alias_name: Deployment Alias String + tag_settings: + - tag_label: Name of tag + tag_value: Value of tag wait_for_completion: description: - Whether to wait for the completion of the cluster operations before exiting the module @@ -242,7 +251,16 @@ def main(): instance_config=dict(type='str', default='ml'), zone_count=dict(type='int', default=1), ) - + logs_and_metric_spec=dict( + logging_dest=dict(type='str', required=True), + metrics_dest=dict(type='str', required=True), + logging_ref_id=dict(type='str', default="elasticsearch"), + metrics_ref_id=dict(type='str', default="elasticsearch") + ) + tags_spec=dict( + tag_label=dict(type='str', required=True), + tag_value=dict(type='str', required=True), + ) module_args = dict( host=dict(type='str', required=True), port=dict(type='int', default=12443), @@ -250,7 +268,9 @@ def main(): password=dict(type='str', required=True, no_log=True), verify_ssl_cert=dict(type='bool', default=True), state=dict(type='str', default='present'), - cluster_name=dict(type='str', required=True), + no_cluster_object=dict(type='bool', default=True), + customers_only=dict(type='bool', required=False), + deployment_name=dict(type='str', required=False), elastic_settings=dict(type='list', required=False, elements='dict', options=elastic_settings_spec), elastic_user_settings=dict(type='dict', default={}), # does not have sub-options defined as there are far too many elastic options to capture here snapshot_settings=dict(type='dict', required=False, options=snapshot_settings_spec), @@ -258,8 +278,11 @@ def main(): kibana_settings=dict(type='dict', required=False, options=kibana_settings_spec), apm_settings=dict(type='dict', required=False, options=apm_settings_spec), ml_settings=dict(type='dict', required=False, options=ml_settings_spec), - version=dict(type='str', default='8.3.3'), - deployment_template=dict(type='str', required=True), + logs_and_metric_settings=dict(type='dict', required=False, options=logs_and_metric_spec), + alias_name=dict(type='str', required=False), + tag_settings=dict(type='list', required=False, elements='dict', options=tags_spec), + version=dict(type='str', default='8.6.0'), + deployment_template=dict(type='str', required=False), wait_for_completion=dict(type='bool', default=False), completion_timeout=dict(type='int', default=600), ) @@ -269,7 +292,7 @@ def main(): module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) state = module.params.get('state') - cluster_name = module.params.get('cluster_name') + deployment_name = module.params.get('deployment_name') version = module.params.get('version') elastic_settings = module.params.get('elastic_settings') elastic_user_settings = module.params.get('elastic_user_settings') @@ -278,40 +301,163 @@ def main(): kibana_settings = module.params.get('kibana_settings') apm_settings = module.params.get('apm_settings') ml_settings = module.params.get('ml_settings') + logs_and_metric_settings = module.params.get('logs_and_metric_settings') + alias_name = module.params.get('alias_name') + tag_settings = module.params.get('tag_settings') deployment_template = module.params.get('deployment_template') wait_for_completion = module.params.get('wait_for_completion') completion_timeout = module.params.get('completion_timeout') ece_cluster = ECE(module) - - matching_clusters = ece_cluster.get_matching_clusters(cluster_name) + deployment_object = ece_cluster.get_deployment_info(deployment_name) #if len(matching_clusters) > 1: - if matching_clusters: - #results['msg'] = f'found multiple clusters matching name {module.params.get("cluster_name")}' - results['msg'] = f'found cluster matching name {module.params.get("cluster_name")}' - #module.fail_json(**results) + if deployment_object: + deployment_name = module.params.get('deployment_name') + deployment_id = module.params.get('deployment_id') + no_cluster_object = module.params.get('no_cluster_object') + + ElasticDeployments = ECE(module) + deployment_objects = [] + deployment_kibana_endpoint = None + deployment_kibana_http_port = None + deployment_kibana_https_port = None + deployment_kibana_url = None + deployment_kibana_service_url = None + deployment_elasticsearch_endpoint = None + deployment_elasticsearch_http_port = None + deployment_elasticsearch_https_port = None + deployment_elasticsearch_service_url = None + deployment_elasticsearch_url = None + deployment_apm_http_port = None + deployment_apm_https_port = None + deployment_apm_service_url = None + deployment_fleet_service_url = None + smc_id = None + + if deployment_id: + deployment_objects = [ElasticDeployments.get_deployment_byid(deployment_id)] + elif deployment_name: + deployment_objects_results = ElasticDeployments.get_deployment_info(deployment_name) + if deployment_objects_results != None: + deployment_objects = [ElasticDeployments.get_deployment_info(deployment_name)] + else: + deployment_objects = ElasticDeployments.get_deployment_info() + deployment_objects = deployment_objects['deployments'] + + if len(deployment_objects) == 1: + kibana_info = deployment_objects[0]['resources']['kibana'] + if deployment_objects[0]['resources']['kibana'][0]['info']['status'] != "stopped": + if 'tags' in deployment_objects[0]['metadata']: + for tag in deployment_objects[0]['metadata']['tags']: + if tag['key'] == 'SMC_ID': + smc_id = tag['value'] + for i in kibana_info: + if i['ref_id'] == "kibana" or i['ref_id'] == "main-kibana": + deployment_kibana_endpoint = i['info']['metadata'].get('aliased_endpoint') or i['info']['metadata']['endpoint'] + deployment_kibana_http_port = i['info']['metadata']['ports'].get('http') + deployment_kibana_https_port = i['info']['metadata']['ports'].get('https') + deployment_kibana_service_url = i['info']['metadata'].get('service_url') + deployment_kibana_url = i['info']['metadata'].get('aliased_endpoint') + elasticsearch_info = deployment_objects[0]['resources']['elasticsearch'] + for i in elasticsearch_info: + if i['ref_id'] == "elasticsearch" or i['ref_id'] == "main-elasticsearch": + deployment_elasticsearch_endpoint = i['info']['metadata'].get('aliased_endpoint') or i['info']['metadata']['endpoint'] + deployment_elasticsearch_http_port = i['info']['metadata']['ports'].get('http') + deployment_elasticsearch_https_port = i['info']['metadata']['ports'].get('https') + deployment_elasticsearch_service_url = i['info']['metadata'].get('service_url') + deployment_elasticsearch_url = i['info']['metadata'].get('aliased_endpoint') + deployment_elasticsearch_version = i['info']['plan_info']['current']['plan']['elasticsearch'].get('version') + apm_info = deployment_objects[0]['resources']['apm'] + for i in apm_info: + if i['ref_id'] == "apm" or i['ref_id'] == "main-apm": + deployment_apm_http_port = i['info']['metadata']['ports'].get('http') + deployment_apm_https_port = i['info']['metadata']['ports'].get('https') + if 'services_urls' in i['info']['metadata']: + for j in i['info']['metadata']['services_urls']: + if j['service'] == "apm": + deployment_apm_service_url = j.get('url') + if j['service'] == "fleet": + deployment_fleet_service_url = j.get('url') + results['deployment_info'] = { + "deployment_id": deployment_objects[0]['id'], + "deployment_name": deployment_objects[0]['name'], + "resource_type": "kibana", + "ref_id": deployment_objects[0]['resources']['kibana'][0]['ref_id'], + "version": deployment_objects[0]['resources']['kibana'][0]['info']['plan_info']['current']['plan']['kibana']['version'] + } + results['elastic_deployment_info'] = { + "deployment_id": deployment_objects[0]['id'], + "deployment_name": deployment_objects[0]['name'], + "resource_type": "elasticsearch", + "ref_id": deployment_objects[0]['resources']['elasticsearch'][0]['ref_id'], + "version": deployment_objects[0]['resources']['elasticsearch'][0]['info']['plan_info']['current']['plan']['elasticsearch']['version'] + } + results['SMC_ID'] = smc_id + results['deployment_id'] = deployment_objects[0]['id'] + results['deployment_elasticsearch_version'] = deployment_elasticsearch_version + results['deployment_kibana_endpoint'] = deployment_kibana_endpoint + results['deployment_kibana_http_port'] = deployment_kibana_http_port + results['deployment_kibana_https_port'] = deployment_kibana_https_port + results['deployment_kibana_service_url'] = deployment_kibana_service_url + results['deployment_kibana_url'] = deployment_kibana_url + results['deployment_elasticsearch_endpoint'] = deployment_elasticsearch_endpoint + results['deployment_elasticsearch_http_port'] = deployment_elasticsearch_http_port + results['deployment_elasticsearch_https_port'] = deployment_elasticsearch_https_port + results['deployment_elasticsearch_service_url'] = deployment_elasticsearch_service_url + results['deployment_elasticsearch_url'] = deployment_elasticsearch_url + results['deployment_apm_http_port'] = deployment_apm_http_port + results['deployment_apm_https_port'] = deployment_apm_https_port + results['deployment_apm_service_url'] = deployment_apm_service_url + results['deployment_fleet_service_url'] = deployment_fleet_service_url + if no_cluster_object == False: + results['deployment_object'] = deployment_objects[0] + else: + results['deployment_object'] = "No Cluster Object is True by default to reduce output" + results['deployment_kibana_info'] = "Deployment was returned sucessfully" + else: + results['deployment_kibana_info'] = "Unhealthy Deployment Returned" + results['deployment_kibana_endpoint'] = None + results['deployment_kibana_http_port'] = None + results['deployment_kibana_https_port'] = None + results['deployment_kibana_url'] = None + results['deployment_kibana_service_url'] = None + results['deployment_elasticsearch_url'] = None + results['deployment_elasticsearch_service_url'] = None + results['deployment_apm_service_url'] = None + results['deployment_fleet_service_url'] = None + results['deployment_objects'] = deployment_objects + elif len(deployment_objects) == 0: + results['deployment_kibana_info'] = "No deployment was returned, check your deployment name" + results['deployment_kibana_endpoint'] = None + results['deployment_kibana_http_port'] = None + results['deployment_kibana_https_port'] = None + results['deployment_kibana_url'] = None + results['deployment_kibana_service_url'] = None + results['deployment_elasticsearch_url'] = None + results['deployment_elasticsearch_service_url'] = None + results['deployment_apm_service_url'] = None + results['deployment_fleet_service_url'] = None + else: + results['deployment_objects'] = deployment_objects if state == 'present': #if len(matching_clusters) > 0: - if matching_clusters: + if deployment_object and (elastic_settings or kibana_settings or apm_settings): results['msg'] = 'cluster exists' - ## This code handles edge cases poorly, in the interest of being able to match the data format of the cluster creation result - elastic_creds = ece_cluster.set_elastic_user_password(matching_clusters['id']) results['cluster_data'] = { - 'elasticsearch_cluster_id': matching_clusters['resources']['elasticsearch'][0]['id'], - 'kibana_cluster_id': matching_clusters['resources']['kibana'][0]['id'], - 'credentials': elastic_creds + 'elasticsearch_cluster_id': deployment_object['resources']['elasticsearch'][0]['id'], + 'kibana_cluster_id': deployment_object['resources']['kibana'][0]['id'] } - if len( matching_clusters['resources']['apm']) > 0: - results['cluster_data']['apm_id'] = matching_clusters['resources']['apm'][0]['id'] + if len( deployment_object['resources']['apm']) > 0: + results['cluster_data']['apm_id'] = deployment_object['resources']['apm'][0]['id'] module.exit_json(**results) results['changed'] = True - results['msg'] = f'cluster {module.params.get("cluster_name")} will be created' - if not module.check_mode: + results['msg'] = f'cluster {module.params.get("deployment_name")} will be created and/or updated' + if not module.check_mode and (elastic_settings or kibana_settings or apm_settings): cluster_data = ece_cluster.create_cluster( - cluster_name, + deployment_name, version, deployment_template, elastic_settings, @@ -349,19 +495,136 @@ def main(): results['cluster_data'][service_url['service'] + '_cluster_url'] = service_url['url'] elif 'service_url' in kind_object['info']['metadata']: results['cluster_data'][kind_object_name + '_cluster_url'] = kind_object['info']['metadata']['service_url'] - results['msg'] = f'cluster {module.params.get("cluster_name")} created' + results['msg'] = f'cluster {module.params.get("deployment_name")} created' + + update_body = {} + + if logs_and_metric_settings: + + logging_object = [ece_cluster.get_deployment_info(logs_and_metric_settings['logging_dest'])] + metrics_object = [ece_cluster.get_deployment_info(logs_and_metric_settings['metrics_dest'])] + logging_ref_id = logs_and_metric_settings['logging_ref_id'] + metrics_ref_id = logs_and_metric_settings['metrics_ref_id'] + + if deployment_object: + logs_update_body = { + 'logging': { + 'destination': { + 'deployment_id': logging_object[0]['resources'][logging_ref_id][0]['id'], + 'ref_id': logging_ref_id + } + }, + 'metrics': { + 'destination': { + 'deployment_id': metrics_object[0]['resources'][metrics_ref_id][0]['id'], + 'ref_id': metrics_ref_id + } + } + } + + body = { + 'settings': { + 'observability': logs_update_body + }, + 'prune_orphans': False + } + update_body.update(body) + + if tag_settings: + tag_list = [] + + if 'tags' in deployment_object['metadata']: + for tag in deployment_object['metadata']['tags']: + tag_list.append(tag) + + for each_tag in tag_settings: + if 'tag_label' in each_tag and 'tag_value' in each_tag: + tag_body = { + "key": each_tag['tag_label'], + "value": each_tag['tag_value'] + } + tag_list.append(tag_body) + + tag_list_next = tag_list + + for each_orig_tag in tag_list: + match = 0 + for each_updated_tag in tag_list_next: + if each_updated_tag['key'] == each_orig_tag['key']: + match = match + 1 + if match > 1: + tag_list.remove(each_updated_tag) + + tag_update_body = { + "metadata": { + "tags": tag_list + }, + "prune_orphans": False + } + + update_body.update(tag_update_body) + + if alias_name: + + if alias_name == 'default': + if tag_update_body: + tag_body = tag_update_body + else: + tag_body = deployment_object + if tag_body: + for tag in tag_body['metadata']['tags']: + if tag['key'] == "SMC_ID": + SMC_ID = tag['value'] + if alias_name == 'default': + alias_name = 'elastic-' + deployment_object['id'] + '-' + SMC_ID + + alias_update_body = { + 'alias': alias_name, + 'prune_orphans': False, + 'resources': { + 'elasticsearch': [ + { + 'region': deployment_object['resources']['elasticsearch'][0]['region'], + 'ref_id': deployment_object['resources']['elasticsearch'][0]['ref_id'], + 'plan': deployment_object['resources']['elasticsearch'][0]['info']['plan_info']['current']['plan'] + } + ], + 'kibana': [ + { + 'region': deployment_object['resources']['kibana'][0]['region'], + 'ref_id': deployment_object['resources']['kibana'][0]['ref_id'], + 'elasticsearch_cluster_ref_id': deployment_object['resources']['elasticsearch'][0]['ref_id'], + 'plan': deployment_object['resources']['kibana'][0]['info']['plan_info']['current']['plan'] + } + ] + } + } + update_body.update(alias_update_body) + + if update_body: + + ece_cluster.update_deployment_byid(deployment_object['id'], update_body) + ece_cluster.wait_for_cluster_state(deployment_object['id'], "elasticsearch" ) # Wait for ElasticSearch + ece_cluster.wait_for_cluster_state(deployment_object['id'], "kibana" ) # Wait for Kibana + deployment_healthy = ece_cluster.wait_for_cluster_state(deployment_object['id'], "kibana","main-apm") # If APM is healthy then the deployment is healthy since apm is last to come up + + if deployment_healthy == False: + results['cluster_alias_status'] = "Cluster information may be incomplete because the cluster is not healthy" + else: + time.sleep(30) + module.exit_json(**results) if state == 'absent': - if len(matching_clusters) == 0: - results['msg'] = f'cluster {module.params.get("cluster_name")} does not exist' + if len(deployment_object) == 0: + results['msg'] = f'cluster {module.params.get("deployment_name")} does not exist' module.exit_json(**results) - results['msg'] = f'cluster {module.params.get("cluster_name")} will be deleted' + results['msg'] = f'cluster {module.params.get("deployment_name")} will be deleted' if not module.check_mode: results['changed'] = True - ece_cluster.delete_cluster(matching_clusters['id']) - results['msg'] = f'cluster {module.params.get("cluster_name")} deleted' + ece_cluster.delete_cluster(deployment_object['id']) + results['msg'] = f'cluster {module.params.get("deployment_name")} deleted' module.exit_json(**results) if __name__ == '__main__': diff --git a/plugins/modules/ece_cluster_alias.py b/plugins/modules/ece_cluster_alias.py deleted file mode 100644 index 2b05fcd..0000000 --- a/plugins/modules/ece_cluster_alias.py +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: ece_cluster_alias - -author: Ian Scott - -short_description: Create Elastic Deployment Alias from ECE - -description: - - Create Elastic Deployment Alias from ECE - -requirements: - - python3 - -options: - host: ECE Host - port: ECE Port - deployment_name or deployment_id - username: ECE Username - password: ECE Password - alias_name: Deployment Alias String - -''' -from ansible.module_utils.basic import AnsibleModule - -import time - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.ece import ECE -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from ece import ECE - -import json - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - deployment_name=dict(type='str'), - deployment_id=dict(type='str', default=None), - alias_name=dict(type='str', required=True) - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, required_if=argument_dependencies, supports_check_mode=True) - - deployment_name = module.params.get('deployment_name') - deployment_id = module.params.get('deployment_id') - alias_name = module.params.get('alias_name') - results = { 'changed': True } - - ElasticDeployments = ECE(module) - - if deployment_id: - deployment_object = [ElasticDeployments.get_deployment_byid(deployment_id)] - elif deployment_name: - deployment_object = [ElasticDeployments.get_deployment_info(deployment_name)] - - if len(deployment_object) == 1: - deployment_object = deployment_object[0] - update_body = { - 'alias': alias_name, - 'prune_orphans': False, - 'resources': { - 'elasticsearch': [ - { - 'region': deployment_object['resources']['elasticsearch'][0]['region'], - 'ref_id': deployment_object['resources']['elasticsearch'][0]['ref_id'], - 'plan': deployment_object['resources']['elasticsearch'][0]['info']['plan_info']['current']['plan'] - } - ], - 'kibana': [ - { - 'region': deployment_object['resources']['kibana'][0]['region'], - 'ref_id': deployment_object['resources']['kibana'][0]['ref_id'], - 'elasticsearch_cluster_ref_id': deployment_object['resources']['elasticsearch'][0]['ref_id'], - 'plan': deployment_object['resources']['kibana'][0]['info']['plan_info']['current']['plan'] - } - ] - } - } - - ElasticDeployments.update_deployment_byid(deployment_object['id'], update_body) - - ElasticDeployments.wait_for_cluster_state(deployment_object['id'], "elasticsearch" ) # Wait for ElasticSearch - ElasticDeployments.wait_for_cluster_state(deployment_object['id'], "kibana" ) # Wait for Kibana - deployment_healthy = ElasticDeployments.wait_for_cluster_state(deployment_object['id'], "kibana","main-apm") # If APM is healthy then the deployment is healthy since apm is last to come up - - if deployment_healthy == False: - results['cluster_alias_status'] = "Cluster information may be incomplete because the cluster is not healthy" - else: - time.sleep(30) - - results['changed'] = True - else: - results['changed'] = False - results['cluster_alias_status'] = "0 or more than 1 deployment was matched with the name " + deployment_name + " or id " + deployment_id - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/ece_cluster_info.py b/plugins/modules/ece_cluster_info.py deleted file mode 100644 index b1f1bf4..0000000 --- a/plugins/modules/ece_cluster_info.py +++ /dev/null @@ -1,216 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: ece_cluster_info - -author: Ian Scott - -short_description: Get Elastic Deployment from ECE - -description: - - Get Elastic Deployment from ECE - -requirements: - - python3 - -options: - host: ECE Host - port: ECE Port - deployment_name or deployment_id - username: ECE Username - password: ECE Password - no_cluster_object: True/False # Sometimes it is not neccesary to return all the data of a deployment - -''' -from ansible.module_utils.basic import AnsibleModule - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.ece import ECE -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from ece import ECE - -import json - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - deployment_name=dict(type='str'), - deployment_id=dict(type='str', default=None), - no_cluster_object=dict(type='bool', default=True) - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, required_if=argument_dependencies, supports_check_mode=True) - - deployment_name = module.params.get('deployment_name') - deployment_id = module.params.get('deployment_id') - no_cluster_object = module.params.get('no_cluster_object') - - ElasticDeployments = ECE(module) - deployment_objects = [] - deployment_kibana_endpoint = None - deployment_kibana_http_port = None - deployment_kibana_https_port = None - deployment_kibana_url = None - deployment_kibana_service_url = None - deployment_elasticsearch_endpoint = None - deployment_elasticsearch_http_port = None - deployment_elasticsearch_https_port = None - deployment_elasticsearch_service_url = None - deployment_elasticsearch_url = None - deployment_apm_http_port = None - deployment_apm_https_port = None - deployment_apm_service_url = None - deployment_fleet_service_url = None - smc_id = None - - if deployment_id: - deployment_objects = [ElasticDeployments.get_deployment_byid(deployment_id)] - elif deployment_name: - deployment_objects_results = ElasticDeployments.get_deployment_info(deployment_name) - if deployment_objects_results != None: - deployment_objects = [ElasticDeployments.get_deployment_info(deployment_name)] - else: - deployment_objects = ElasticDeployments.get_deployment_info() - deployment_objects = deployment_objects['deployments'] - - if len(deployment_objects) == 1: - kibana_info = deployment_objects[0]['resources']['kibana'] - if deployment_objects[0]['resources']['kibana'][0]['info']['status'] != "stopped": - if 'tags' in deployment_objects[0]['metadata']: - for tag in deployment_objects[0]['metadata']['tags']: - if tag['key'] == 'SMC_ID': - smc_id = tag['value'] - for i in kibana_info: - if i['ref_id'] == "kibana" or i['ref_id'] == "main-kibana": - deployment_kibana_endpoint = i['info']['metadata'].get('aliased_endpoint') or i['info']['metadata']['endpoint'] - deployment_kibana_http_port = i['info']['metadata']['ports'].get('http') - deployment_kibana_https_port = i['info']['metadata']['ports'].get('https') - deployment_kibana_service_url = i['info']['metadata'].get('service_url') - deployment_kibana_url = i['info']['metadata'].get('aliased_endpoint') - elasticsearch_info = deployment_objects[0]['resources']['elasticsearch'] - for i in elasticsearch_info: - if i['ref_id'] == "elasticsearch" or i['ref_id'] == "main-elasticsearch": - deployment_elasticsearch_endpoint = i['info']['metadata'].get('aliased_endpoint') or i['info']['metadata']['endpoint'] - deployment_elasticsearch_http_port = i['info']['metadata']['ports'].get('http') - deployment_elasticsearch_https_port = i['info']['metadata']['ports'].get('https') - deployment_elasticsearch_service_url = i['info']['metadata'].get('service_url') - deployment_elasticsearch_url = i['info']['metadata'].get('aliased_endpoint') - deployment_elasticsearch_version = i['info']['plan_info']['current']['plan']['elasticsearch'].get('version') - apm_info = deployment_objects[0]['resources']['apm'] - for i in apm_info: - if i['ref_id'] == "apm" or i['ref_id'] == "main-apm": - deployment_apm_http_port = i['info']['metadata']['ports'].get('http') - deployment_apm_https_port = i['info']['metadata']['ports'].get('https') - if 'services_urls' in i['info']['metadata']: - for j in i['info']['metadata']['services_urls']: - if j['service'] == "apm": - deployment_apm_service_url = j.get('url') - if j['service'] == "fleet": - deployment_fleet_service_url = j.get('url') - results['deployment_info'] = { - "deployment_id": deployment_objects[0]['id'], - "deployment_name": deployment_objects[0]['name'], - "resource_type": "kibana", - "ref_id": deployment_objects[0]['resources']['kibana'][0]['ref_id'], - "version": deployment_objects[0]['resources']['kibana'][0]['info']['plan_info']['current']['plan']['kibana']['version'] - } - results['elastic_deployment_info'] = { - "deployment_id": deployment_objects[0]['id'], - "deployment_name": deployment_objects[0]['name'], - "resource_type": "elasticsearch", - "ref_id": deployment_objects[0]['resources']['elasticsearch'][0]['ref_id'], - "version": deployment_objects[0]['resources']['elasticsearch'][0]['info']['plan_info']['current']['plan']['elasticsearch']['version'] - } - results['SMC_ID'] = smc_id - results['deployment_id'] = deployment_objects[0]['id'] - results['deployment_elasticsearch_version'] = deployment_elasticsearch_version - results['deployment_kibana_endpoint'] = deployment_kibana_endpoint - results['deployment_kibana_http_port'] = deployment_kibana_http_port - results['deployment_kibana_https_port'] = deployment_kibana_https_port - results['deployment_kibana_service_url'] = deployment_kibana_service_url - results['deployment_kibana_url'] = deployment_kibana_url - results['deployment_elasticsearch_endpoint'] = deployment_elasticsearch_endpoint - results['deployment_elasticsearch_http_port'] = deployment_elasticsearch_http_port - results['deployment_elasticsearch_https_port'] = deployment_elasticsearch_https_port - results['deployment_elasticsearch_service_url'] = deployment_elasticsearch_service_url - results['deployment_elasticsearch_url'] = deployment_elasticsearch_url - results['deployment_apm_http_port'] = deployment_apm_http_port - results['deployment_apm_https_port'] = deployment_apm_https_port - results['deployment_apm_service_url'] = deployment_apm_service_url - results['deployment_fleet_service_url'] = deployment_fleet_service_url - if no_cluster_object == False: - results['deployment_object'] = deployment_objects[0] - else: - results['deployment_object'] = "No Cluster Object is True by default to reduce output" - results['deployment_kibana_info'] = "Deployment was returned sucessfully" - else: - results['deployment_kibana_info'] = "Unhealthy Deployment Returned" - results['deployment_kibana_endpoint'] = None - results['deployment_kibana_http_port'] = None - results['deployment_kibana_https_port'] = None - results['deployment_kibana_url'] = None - results['deployment_kibana_service_url'] = None - results['deployment_elasticsearch_url'] = None - results['deployment_elasticsearch_service_url'] = None - results['deployment_apm_service_url'] = None - results['deployment_fleet_service_url'] = None - results['deployment_objects'] = deployment_objects - elif len(deployment_objects) == 0: - results['deployment_kibana_info'] = "No deployment was returned, check your deployment name" - results['deployment_kibana_endpoint'] = None - results['deployment_kibana_http_port'] = None - results['deployment_kibana_https_port'] = None - results['deployment_kibana_url'] = None - results['deployment_kibana_service_url'] = None - results['deployment_elasticsearch_url'] = None - results['deployment_elasticsearch_service_url'] = None - results['deployment_apm_service_url'] = None - results['deployment_fleet_service_url'] = None - else: - results['deployment_objects'] = deployment_objects - - - - #results['deployment_kibana_info'] = deployment_kibana_info - #try: - # results['deployment_kibana_endpoint'] = deployment_kibana_info['info']['metadata']['aliased_endpoint'] - # results['deployment_kibana_url'] = deployment_kibana_info['info']['metadata']['aliased_url'] - #except: - # results['deployment_kibana_endpoint'] = deployment_kibana_info['info']['metadata']['endpoint'] - # results['deployment_kibana_service_url'] = deployment_kibana_info['info']['metadata']['service_url'] - # results['deployment_kibana_url'] = deployment_kibana_info['info']['metadata']['aliased_url'] - - results['changed'] = False - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/ece_cluster_logs_and_metrics.py b/plugins/modules/ece_cluster_logs_and_metrics.py deleted file mode 100644 index 058a23b..0000000 --- a/plugins/modules/ece_cluster_logs_and_metrics.py +++ /dev/null @@ -1,136 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: ece_cluster_logs_and_metrics - -author: Ian Scott - -short_description: Update Elastic Deployment Logging and Metrics Settings - -description: - - Update Elastic Deployment Logging and Metrics Settings - -requirements: - - python3 - -options: - host: ECE Host - port: ECE Port - deployment_name or deployment_id - username: ECE Username - password: ECE Password - logging_dest: Destination Deployment name for Logging - metrics_dest: Destination Deployment name for Metrics - logging_ref_id: Reference ID for Logging - metrics_ref_id: Reference ID for Metrics - -''' -from ansible.module_utils.basic import AnsibleModule - -import time - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.ece import ECE -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from ece import ECE - -import json - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - deployment_name=dict(type='str'), - deployment_id=dict(type='str', default=None), - logging_dest=dict(type='str', required=True), - metrics_dest=dict(type='str', required=True), - logging_ref_id=dict(type='str', default="elasticsearch"), - metrics_ref_id=dict(type='str', default="elasticsearch") - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, required_if=argument_dependencies, supports_check_mode=True) - - deployment_name = module.params.get('deployment_name') - deployment_id = module.params.get('deployment_id') - logging_dest = module.params.get('logging_dest') - metrics_dest = module.params.get('metrics_dest') - logging_ref_id = module.params.get('logging_ref_id') - metrics_ref_id = module.params.get('metrics_ref_id') - results = { 'changed': True } - - ElasticDeployments = ECE(module) - - if deployment_id: - deployment_object = [ElasticDeployments.get_deployment_byid(deployment_id)] - elif deployment_name: - deployment_object = [ElasticDeployments.get_deployment_info(deployment_name)] - - logging_object = [ElasticDeployments.get_deployment_info(logging_dest)] - metrics_object = [ElasticDeployments.get_deployment_info(metrics_dest)] - - if deployment_object: - update_body = { - 'logging': { - 'destination': { - 'deployment_id': logging_object[0]['resources'][logging_ref_id][0]['id'], - 'ref_id': logging_ref_id - } - }, - 'metrics': { - 'destination': { - 'deployment_id': metrics_object[0]['resources'][metrics_ref_id][0]['id'], - 'ref_id': metrics_ref_id - } - } - } - - body = { - 'settings': { - 'observability': update_body - }, - 'prune_orphans': False - } - ElasticDeployments.update_deployment_byid(deployment_object[0]['id'], body) - - deployment_healthy = ElasticDeployments.wait_for_cluster_state(deployment_object[0]['id'], "elasticsearch" ) - deployment_healthy = ElasticDeployments.wait_for_cluster_state(deployment_object[0]['id'], "kibana" ) - deployment_healthy = ElasticDeployments.wait_for_cluster_state(deployment_object[0]['id'], "kibana","main-apm") - - if deployment_healthy == False: - results['cluster_data']['msg'] = "Cluster information may be incomplete because the cluster is not healthy" - else: - time.sleep(30) - - results['changed'] = True - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/ece_cluster_tag.py b/plugins/modules/ece_cluster_tag.py deleted file mode 100644 index 5cf6ee6..0000000 --- a/plugins/modules/ece_cluster_tag.py +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: ece_cluster_tag - -author: Ian Scott - -short_description: Create or Update Elastic Deployment Tag - -description: - - Create or Update Elastic Deployment Tag - -requirements: - - python3 - -options: - host: ECE Host - port: ECE Port - deployment_name or deployment_id - username: ECE Username - password: ECE Password - tag_label: ECE Deployment Tag Label - tag_value: ECE Deployment Tag Value - -''' -from ansible.module_utils.basic import AnsibleModule - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.ece import ECE -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from ece import ECE - -import json - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - deployment_name=dict(type='str'), - deployment_id=dict(type='str', default=None), - tag_label=dict(type='str'), - tag_value=dict(type='str') - - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, required_if=argument_dependencies, supports_check_mode=True) - - deployment_name = module.params.get('deployment_name') - deployment_id = module.params.get('deployment_id') - tag_label = module.params.get('tag_label') - tag_value = module.params.get('tag_value') - results = { 'changed': True } - - ElasticDeployments = ECE(module) - - if deployment_id: - deployment_object = [ElasticDeployments.get_deployment_byid(deployment_id)] - elif deployment_name: - deployment_object = [ElasticDeployments.get_deployment_info(deployment_name)] - - if deployment_object: - tag_body = { - "key": tag_label, - "value": tag_value - } - if 'tags' not in deployment_object[0]['metadata']: - deployment_object[0]['metadata']['tags'] = [] - - i = 0 - tag_list = [] - for tag in deployment_object[0]['metadata']['tags']: - if deployment_object[0]['metadata']['tags'][i]['key'] != tag_body['key']: - tag_list.append(tag) - i = i + 1 - tag_list.append(tag_body) - - body = { - "metadata": { - "tags": tag_list - }, - "prune_orphans": False - } - ElasticDeployments.update_deployment_byid(deployment_object[0]['id'], body) - results['changed'] = False - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/elastic_index_lifecycle_policy_info.py b/plugins/modules/elastic_configuration.py similarity index 53% rename from plugins/modules/elastic_index_lifecycle_policy_info.py rename to plugins/modules/elastic_configuration.py index c193159..0c28046 100644 --- a/plugins/modules/elastic_index_lifecycle_policy_info.py +++ b/plugins/modules/elastic_configuration.py @@ -14,14 +14,14 @@ # limitations under the License. DOCUMENTATION=''' -module: elastic_index_lifecycle_policy_info +module: elastic_kibana_settings author: Ian Scott -short_description: Get information on an Elastic LifeCycle Policy +short_description: Set Elastic Kibana Settings description: - - Get information on an Elastic LifeCycle Policy + - Set Elastic Kibana Settings requirements: - python3 @@ -37,10 +37,7 @@ resource_type: kibana ref_id: REF ID for kibana cluster, most likely main-kibana version: Deployment Kibana Version - index_lifecycle_policy_name: Name of lifecycle policy - ''' - from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * @@ -57,14 +54,27 @@ def main(): + elastic_index_lifecycle_policy_spec=dict( + index_lifecycle_policy_name=dict(type='str', required=True), + settings=dict(type='dict', default="None") + ) + elastic_role_mapping_spec=dict( + role_mapping_name=dict(type='str', required=True), + enable_mapping=dict(type='bool', default=True), + assigned_roles=dict(type='list', required=True), + role_mapping_rules=dict(type='dict', required=True), + metadata=dict(type='dict') + ) + module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), + host=dict(type='str',required=True), + port=dict(type='int', default=9243), username=dict(type='str', required=True), password=dict(type='str', no_log=True, required=True), verify_ssl_cert=dict(type='bool', default=True), - index_lifecycle_policy_name=dict(type='str'), - #settings=dict(type='dict'), + elastic_index_lifecycle_policy_settings=dict(type='list', required=False, options=elastic_index_lifecycle_policy_spec), + elastic_role_mapping_settings=dict(type='list', required=False, options=elastic_role_mapping_spec), + state=dict(type='str', default='present'), deployment_info=dict(type='dict', default=None) ) argument_dependencies = [] @@ -76,15 +86,27 @@ def main(): results['changed'] = False elastic = Elastic(module) - index_lifecycle_policy_name = module.params.get('index_lifecycle_policy_name') - - if index_lifecycle_policy_name: + + elastic_index_lifecycle_policy_settings = module.params.get('kibana_index_lifecycle_policy_settings') + elastic_role_mapping_settings = module.params.get('elastic_role_mapping_settings') + + if elastic_index_lifecycle_policy_settings: results['elastic_index_lifecycle_status'] = "Elastic Index Lifecycle Policy found" - elastic_index_lifecycle_policy_object = elastic.get_index_lifecycle_policy(index_lifecycle_policy_name) + elastic_index_lifecycle_policy_object = elastic.get_index_lifecycle_policy(elastic_index_lifecycle_policy_settings['index_lifecycle_policy_name']) results['index_lifecycle_policy_object'] = elastic_index_lifecycle_policy_object - else: - results['elastic_index_lifecycle_status'] = "Elastic Index Lifecycle Policy NOT found" - results['index_lifecycle_policy_object'] = "" + if not module.check_mode: + elastic_index_lifecycle_policy_object = elastic.update_index_lifecycle_policy(elastic_index_lifecycle_policy_settings['index_lifecycle_policy_name'], elastic_index_lifecycle_policy_settings['settings']) + results['index_lifecycle_policy_object'] = elastic_index_lifecycle_policy_object + results['changed'] = True + if elastic_role_mapping_settings: + role_mapping_object = elastic.create_role_mapping( + elastic_role_mapping_settings['role_mapping_name'], + elastic_role_mapping_settings['assigned_roles'], + elastic_role_mapping_settings['role_mapping_rules'], + elastic_role_mapping_settings['metadata'], + elastic_role_mapping_settings['enable_mapping']) + results['userrole_status'] = "Role Mapping Created" + results['role_mapping_object'] = role_mapping_object module.exit_json(**results) diff --git a/plugins/modules/elastic_expedient_pkgpolicy.py b/plugins/modules/elastic_expedient_pkgpolicy.py index 46d9afb..8a5d461 100644 --- a/plugins/modules/elastic_expedient_pkgpolicy.py +++ b/plugins/modules/elastic_expedient_pkgpolicy.py @@ -56,61 +56,6 @@ results = {} -def deep_update(original, updated): - """ - Attempts to update deeply nested dictionaries + lists - :param original/the object to be updated: - :param updated/changes to be applied: - :return: - """ - - def match_shallow_structure(dictionary_1, dictionary_2): - """ - utility function to check if all the non-dictionary keys and values in a - dictionary match those of the other - :param dictionary_1: - :param dictionary_2: - :return: - """ - shallow_1 = { - key: value for key, value in dictionary_1.items() if - not isinstance(value, dict) - } - shallow_2 = { - key: value for key, value in dictionary_2.items() if - not isinstance(value, dict) - } - return shallow_1 == shallow_2 - - if isinstance(updated, dict): - for key, value in updated.items(): - if (isinstance(value, dict) or isinstance(value, list)) and original.get( - key - ) is not None: - deep_update(original.get(key), updated[key]) - else: - original.update({key: updated[key]}) - elif isinstance(updated, list) and isinstance(original, list): - if all([isinstance(item, dict) for item in updated]): - for updated_dictionary_list_item in updated: - try: - deep_update( - next( - original_dictionary_list_item - for original_dictionary_list_item in original - if match_shallow_structure( - updated_dictionary_list_item, - original_dictionary_list_item, - ) - ), - updated_dictionary_list_item, - ) - except StopIteration: - original.append(updated_dictionary_list_item) - else: - original += [i for i in updated if i not in original] - return - def main(): module_args=dict( diff --git a/plugins/modules/elastic_index_lifecycle_policy.py b/plugins/modules/elastic_index_lifecycle_policy.py deleted file mode 100644 index 0506f19..0000000 --- a/plugins/modules/elastic_index_lifecycle_policy.py +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -DOCUMENTATION=''' - -module: elastic_index_lifecycle_policy - -author: Ian Scott - -short_description: Add an elasticseach data lifecycle policy to deployment - -description: - - Add an elasticseach data lifecycle policy to deployment - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version - index_lifecycle_policy_name: Name of lifecycle policy - settings: (Example) - policy: - phases: - hot: - min_age: 0ms - actions: - rollover: - max_size: 100gb - max_primary_shard_size: 50gb - max_age: 7d - delete: - min_age: 30d - actions: - delete: - delete_searchable_snapshot: true - -''' - -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule -#from ansible.module_utils.basic import * - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.elastic import Elastic -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from elastic import Elastic - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - index_lifecycle_policy_name=dict(type='str'), - settings=dict(type='dict'), - deployment_info=dict(type='dict', default=None) - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - - results['changed'] = False - - elastic = Elastic(module) - index_lifecycle_policy_name = module.params.get('index_lifecycle_policy_name') - new_settings = module.params.get('settings') - - if index_lifecycle_policy_name and new_settings: - results['elastic_index_lifecycle_status'] = "Elastic Index Lifecycle Policy found" - elastic_index_lifecycle_policy_object = elastic.update_index_lifecycle_policy(index_lifecycle_policy_name, new_settings) - results['index_lifecycle_policy_object'] = elastic_index_lifecycle_policy_object - results['changed'] = True - else: - results['elastic_index_lifecycle_status'] = "Elastic Index Lifecycle Policy NOT found" - results['index_lifecycle_policy_object'] = "" - - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/elastic_kibana_settings.py b/plugins/modules/elastic_kibana_settings.py deleted file mode 100644 index b1eb738..0000000 --- a/plugins/modules/elastic_kibana_settings.py +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: elastic_kibana_settings - -author: Ian Scott - -short_description: Set Elastic Kibana Settings - -description: - - Set Elastic Kibana Settings - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version -''' -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule -#from ansible.module_utils.basic import * - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str',required=True), - port=dict(type='int', default=9243), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - space_id=dict(type='str', default='default'), - settings=dict(type='dict'), - deployment_info=dict(type='dict', default=None) - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - - results['changed'] = False - - kibana = Kibana(module) - space_id = module.params.get('space_id') - new_settings = module.params.get('settings') - - if new_settings: - results['kibana_settings_status'] = "Kibana Settings found" - kibana_settings = kibana.update_kibana_settings(new_settings, space_id = space_id) - results['kibana_settings_object'] = kibana_settings - else: - results['kibana_settings_status'] = "Integration Package NOT found" - results['kibana_settings_object'] = "" - - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/elastic_kibana_settings_info.py b/plugins/modules/elastic_kibana_settings_info.py deleted file mode 100644 index d418c07..0000000 --- a/plugins/modules/elastic_kibana_settings_info.py +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: elastic_kibana_settings_info - -author: Ian Scott - -short_description: Get Elastic Kibana Settings - -description: - - Get Elastic Kibana Settings - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version -''' -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule -#from ansible.module_utils.basic import * - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str',required=True), - port=dict(type='int', default=9243), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - space_id=dict(type='str', default='default'), - deployment_info=dict(type='dict', default=None) - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - - results['changed'] = False - - kibana = Kibana(module) - space_id = module.params.get('space_id') - - kibana_settings = kibana.get_kibana_settings(space_id) - - if kibana_settings: - results['kibana_settings_status'] = "Kibana Settings found" - results['kibana_settings_object'] = kibana_settings - else: - results['kibana_settings_status'] = "Integration Package NOT found" - results['kibana_settings_object'] = "" - - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/elastic_pkgpolicy.py b/plugins/modules/elastic_pkgpolicy.py deleted file mode 100644 index 38f426d..0000000 --- a/plugins/modules/elastic_pkgpolicy.py +++ /dev/null @@ -1,253 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: elastic_pkgpolicy - -author: Ian Scott - -short_description: Create an Elastic Package Policy. - -description: - - Create an Elastic Package Policy. A Package Policy is an instance of an Integration in an Agent Policy - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version - pkg_policy_name: Package Policy name (Required) - pkg_policy_desc: Package Policy description - agent_policy_id: Agent Policy ID. (Required if agent_policy_name is not present) - agent_policy_name: Agent Policy Name. (Required if agent_policy_id is not present) - integration_title: Integration Title/Label (Required) - integration_name: Integration Name - integration_ver: Integration Version. The version will determine what integration settings are valid - namespace: Elastic namespace, always default for now (Optional) - integration_settings: Integration settings (Optional) - -''' -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule -#from ansible.module_utils.basic import * - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana - -results = {} - -def deep_update(original, updated): - """ - Attempts to update deeply nested dictionaries + lists - :param original/the object to be updated: - :param updated/changes to be applied: - :return: - """ - - def match_shallow_structure(dictionary_1, dictionary_2): - """ - utility function to check if all the non-dictionary keys and values in a - dictionary match those of the other - :param dictionary_1: - :param dictionary_2: - :return: - """ - shallow_1 = { - key: value for key, value in dictionary_1.items() if - not isinstance(value, dict) - } - shallow_2 = { - key: value for key, value in dictionary_2.items() if - not isinstance(value, dict) - } - return shallow_1 == shallow_2 - - if isinstance(updated, dict): - for key, value in updated.items(): - if (isinstance(value, dict) or isinstance(value, list)) and original.get( - key - ) is not None: - deep_update(original.get(key), updated[key]) - else: - original.update({key: updated[key]}) - elif isinstance(updated, list) and isinstance(original, list): - if all([isinstance(item, dict) for item in updated]): - for updated_dictionary_list_item in updated: - try: - deep_update( - next( - original_dictionary_list_item - for original_dictionary_list_item in original - if match_shallow_structure( - updated_dictionary_list_item, - original_dictionary_list_item, - ) - ), - updated_dictionary_list_item, - ) - except StopIteration: - original.append(updated_dictionary_list_item) - else: - original += [i for i in updated if i not in original] - return - -def main(): - - module_args=dict( - host=dict(type='str',required=True), - port=dict(type='int', default=9243), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - agent_policy_id=dict(type='str'), - agent_policy_name=dict(type='str'), - integration_title=dict(type='str', required=True), - integration_ver=dict(type='str'), - integration_name=dict(type='str'), - pkg_policy_name=dict(type='str', required=True), - pkg_policy_desc=dict(type='str'), - namespace=dict(type='str', default='default'), - state=dict(type='str', default='present'), - integration_settings=dict(type='dict'), - deployment_info=dict(type='dict', default=None) - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True, - mutually_exclusive=[('agent_policy_name', 'agent_policy_id')], - required_one_of=[('agent_policy_name', 'agent_policy_id')], - required_together=[('integration_ver','integration_name')]) - - state = module.params.get('state') - agent_policy_name = module.params.get('agent_policy_name') - agent_policy_id = module.params.get('agent_policy_id') - integration_title = module.params.get('integration_title') - integration_ver = module.params.get('integration_ver') - integration_name = module.params.get('integration_name') - pkg_policy_name = module.params.get('pkg_policy_name') - pkg_policy_desc = module.params.get('pkg_policy_desc') - namespace = module.params.get('namespace') - integration_settings = module.params.get('integration_settings') # inputs policy settings only, aka Defaults - - if module.check_mode: - results['changed'] = False - else: - results['changed'] = True - - kibana = Kibana(module) - - if module.params.get('agent_policy_id'): - agency_policy_object = kibana.get_agent_policy_byid(agent_policy_id) - else: - agency_policy_object = kibana.get_agent_policy_byname(agent_policy_name) - try: - agent_policy_id = agency_policy_object['id'] - results['agent_policy_status'] = "Agent Policy found." - except: - results['agent_policy_status'] = "Agent Policy was not found. Cannot continue without valid Agent Policy Name or ID" - results['changed'] = False - module.exit_json(**results) - - if module.params.get('integration_title'): - integration_object = kibana.check_integration(integration_title) - else: - results['integration_status'] = "No Integration Name provided to get the integration object" - results['changed'] = False - module.exit_json(**results) - - if ( integration_name and integration_ver and integration_name) and not integration_object: - results['integration_status'] = "No integration found, but Integration Name, Version, and Title found" - integration_object = { - 'name': integration_name, - 'title': integration_title, - 'version': integration_ver - } - elif not integration_object and not ( integration_title and integration_ver and integration_name): - results['integration_status'] = 'Integration Title is not valid and integration name and integration version are not found' - results['changed'] = False - module.exit_json(**results) - - if state == "present": - pkg_policy_object = kibana.get_pkg_policy(pkg_policy_name) - if 'item' in pkg_policy_object: - pkg_policy_object = pkg_policy_object['item'] - if pkg_policy_object: - results['pkg_policy_status'] = "Integration Package found, No package created" - results['changed'] = False - else: - if module.check_mode == False: - pkg_policy_object = kibana.create_pkg_policy(pkg_policy_name, pkg_policy_desc, agent_policy_id, integration_object, namespace) - if 'item' in pkg_policy_object: - pkg_policy_object = pkg_policy_object['item'] - #pkg_policy_object = kibana.upgrade_pkg_policy(pkg_policy_object['id']) - results['pkg_policy_status'] = "No Integration Package found, Package Policy created" - results['pkg_policy_object'] = pkg_policy_object - results['changed'] = True - else: - results['pkg_policy_status'] = "No Integration Package found, Package Policy not created because check_mode is set to true" - results['pkg_policy_object'] = "" - results['changed'] = False - - if integration_settings and pkg_policy_object: - input_no = 0 - for orig_input in pkg_policy_object['inputs']: - for update_input in integration_settings['inputs']: - if orig_input['type'] == update_input['type']: - if 'config' in orig_input: - if 'artifact_manifest' in orig_input['config']: - integration_settings['inputs'][input_no]['config']['artifact_manifest'] = orig_input['config']['artifact_manifest'] - input_no = input_no + 1 - pkg_policy_object['inputs'] = integration_settings['inputs'] - pkg_policy_object_id = pkg_policy_object['id'] - - results['passed_integration_settings'] = integration_settings - - ''' - for current_setting in integration_settings: - if current_setting == 'inputs': - for new_entry in integration_settings[current_setting]: - a = 0 - for exist_entry in pkg_policy_object[current_setting]: - if new_entry['type'] == exist_entry['type']: - #pkg_policy_object[current_setting][a]['config']['policy'] = new_entry['config']['policy'] - deep_update(pkg_policy_object['inputs'][a], integration_settings['inputs'][a]) - a = a +1 - ''' - - pkg_policy_info = kibana.update_pkg_policy(pkg_policy_object_id, pkg_policy_object) - results['pkg_policy_object_update'] = pkg_policy_info - - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/elastic_pkgpolicy_info.py b/plugins/modules/elastic_pkgpolicy_info.py deleted file mode 100644 index e05ff97..0000000 --- a/plugins/modules/elastic_pkgpolicy_info.py +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: elastic_pkgpolicy_info - -author: Ian Scott - -short_description: Get Elastic Package Policy Information. - -description: - - Get Elastic Package Policy Information. A Package Policy is an instance of an Integration in an Agent Policy - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version - pkg_policy_name: Package Policy name -''' - -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule -#from ansible.module_utils.basic import * - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str',required=True), - port=dict(type='int', default=9243), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - pkg_policy_name=dict(type='str'), - deployment_info=dict(type='dict', default=None) - ) - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - - results['changed'] = False - - kibana = Kibana(module) - pkg_policy_name = module.params.get('pkg_policy_name') - - pkg_policy_object = kibana.get_pkg_policy(pkg_policy_name) - - if pkg_policy_object: - results['pkg_policy_status'] = "Integration Package found" - results['pkg_policy_object'] = pkg_policy_object - else: - results['pkg_policy_status'] = "Integration Package NOT found" - - results['pkg_policy_object'] = pkg_policy_object - - module.exit_json(**results) - -if __name__ == "__main__": - main() - - diff --git a/plugins/modules/elastic_role_mapping.py b/plugins/modules/elastic_role_mapping.py deleted file mode 100644 index 28fc8e7..0000000 --- a/plugins/modules/elastic_role_mapping.py +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -*- coding: utf-8 -*- - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.elastic import Elastic -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from elastic import Elastic - -from ansible.module_utils.basic import AnsibleModule - - -class ElasticRoleMapping(Elastic): - def __init__(self, module): - super().__init__(module) - self.role_mapping_name = self.module.params.get('name') - self.enabled = self.module.params.get('enabled') - self.roles = self.module.params.get('roles') - self.rules = self.module.params.get('rules') - try: - self.role_mapping = self.get_role_mapping(self.role_mapping_name) - except: - self.role_mapping = None - - def create_role_mapping(self): - endpoint = f'_security/role_mapping/{self.role_mapping_name}' - data = { - 'enabled': self.enabled, - 'roles': self.roles, - 'rules': self.rules, - 'metadata': self.metadata - } - self.send_api_request(endpoint, data=data, method='POST') - - - -def main(): - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', required=True, no_log=True), - verify_ssl_cert=dict(type='bool', default=True), - state=dict(type='str', default='present'), - name=dict(type='str', required=True), - enabled=dict(type='bool', default=True), - roles=dict(type='list', required=True), - rules=dict(type='dict', required=True), - metadata=dict(type='dict', default={}), - deployment_info=dict(type='dict') - ) - - results = {'changed': False} - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=False) - state = module.params.get('state') - role_mapping = ElasticRoleMapping(module) - - if state == 'present': - if role_mapping.role_mapping: - results['msg'] = f'role mapping {role_mapping.role_mapping_name} exists' - module.exit_json(**results) - - - -if __name__ == '__main__': - main() \ No newline at end of file diff --git a/plugins/modules/elastic_role_mapping_create.py b/plugins/modules/elastic_role_mapping_create.py deleted file mode 100644 index 4a08ab9..0000000 --- a/plugins/modules/elastic_role_mapping_create.py +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: elastic_pkgpolicy - -author: Ian Scott - -short_description: Create an Elastic Package Policy. - -description: - - Create an Elastic Package Policy. A Package Policy is an instance of an Integration in an Agent Policy - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version - role_mapping_name: Role Mapping name (Required) - enable_mapping: True/False - assigned_roles: List of assigned roles - role_mapping_rules: - all: - - field: - realm.name: Realm Name - - field: - groups: User Group - -''' -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.elastic import Elastic -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from elastic import Elastic - -results = {} - -import json - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - role_mapping_name=dict(type='str', required=True), - enable_mapping=dict(type='bool', default=True), - assigned_roles=dict(type='list', required=True), - role_mapping_rules=dict(type='dict', required=True), - metadata=dict(type='dict'), - state=dict(type='str', default='present'), - deployment_info=dict(type='dict', default=None) - ) - - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True - ) - - elastic = Elastic(module) - results['changed'] = False - role_mapping_name = module.params.get('role_mapping_name') - enable_mapping = module.params.get('enable_mapping') - assigned_roles = module.params.get('assigned_roles') - role_mapping_rules = module.params.get('role_mapping_rules') - metadata = module.params.get('metadata') - state = module.params.get('state') - - if role_mapping_name and state == "present": - - role_mapping_object = elastic.create_role_mapping(role_mapping_name, assigned_roles, role_mapping_rules, metadata, enable_mapping) - results['userrole_status'] = "Role Mapping Created" - - results['role_mapping_object'] = role_mapping_object - - module.exit_json(**results) - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/plugins/modules/elastic_space.py b/plugins/modules/elastic_space.py deleted file mode 100644 index c7a27e6..0000000 --- a/plugins/modules/elastic_space.py +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: elastic_space - -author: Ian Scott - -short_description: Create an Elastic Space. - -description: - - Create an Elastic Space. - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version - space_name: Space name - space_description: Description of Space - space_id: Space ID. Used in urls. - disabledFeatures: List of Features to be disabled within this space - initials: Initials of Space - color: Color of Space Icon Background -''' -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana - -results = {} - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - space_name=dict(type='str', required=True), - space_description=dict(type='str', default="None"), - space_id=dict(type='str', required=True), - disabledFeatures=dict(type='list'), - initials=dict(type='str', default=None), - color=dict(type='str', default=None), - deployment_info=dict(type='dict', default=None), - state=dict(type='str', default='present') - ) - - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True - ) - - kibana = Kibana(module) - results['changed'] = False - space_name = module.params.get('space_name') - space_description = module.params.get('space_description') - space_id = module.params.get('space_id') - disabledFeatures = module.params.get('disabledFeatures') - initials = module.params.get('initials') - color = module.params.get('color') - state = module.params.get('state') - - space_object = None - - if space_id and state == "present": - - space_object = kibana.get_space(space_id) - results['space_status'] = "Space Object Found" - - if space_object == None: - space_object = kibana.create_space(space_id, space_name, space_description, disabledFeatures, initials, color) - results['space_status'] = "Space Object Created" - - module.exit_json(**results) - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/plugins/modules/elastic_userrole.py b/plugins/modules/elastic_userrole.py deleted file mode 100644 index 8c6c22b..0000000 --- a/plugins/modules/elastic_userrole.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: elastic_userrole - -author: Ian Scott - -short_description: Create User Role - -description: - - Create User Role - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version - role_name: User Role name - body: - metadata: - elasticsearch: - Role Permission Data - kibana: - Role Permission Data - spaces: - List of spaces for the role -''' -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana - -results = {} - -import json - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - role_name=dict(type='str', required=True), - body=dict(type='dict'), - state=dict(type='str', default='present'), - deployment_info=dict(type='dict', default=None) - ) - - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True - ) - - kibana = Kibana(module) - results['changed'] = False - role_name = module.params.get('role_name') - body = module.params.get('body') - state = module.params.get('state') - - if role_name and state == "present": - - userrole_object = kibana.create_userrole(role_name, body) - results['userrole_status'] = "User Role Object Created" - - results['userrole_object'] = userrole_object - - module.exit_json(**results) - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/plugins/modules/elastic_userrole_info.py b/plugins/modules/elastic_userrole_info.py deleted file mode 100644 index 6d04b4d..0000000 --- a/plugins/modules/elastic_userrole_info.py +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Expedient -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DOCUMENTATION=''' - -module: elastic_userrole_info - -author: Ian Scott - -short_description: Get Information about a User Role - -description: - - Get Information about a User Role - -requirements: - - python3 - -options: - host: ECE Host or Deployment Host - port: ECE Port or Deployment Port - username: ECE Username or Deployment Username - password: ECE Password or Deployment Password - deployment_info: (when using ECE host:port and credentials) - deployment_id: ECE Deployment ID - deployment_name: ECE Deployment Name - resource_type: kibana - ref_id: REF ID for kibana cluster, most likely main-kibana - version: Deployment Kibana Version - role_name: User Role name -''' -from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule - -try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana -except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana - -results = {} - -import json - -def main(): - - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - role_name=dict(type='str', required=True), - state=dict(type='str', default='present'), - deployment_info=dict(type='dict', default=None) - ) - - argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True - ) - - kibana = Kibana(module) - results['changed'] = False - role_name = module.params.get('role_name') - state = module.params.get('state') - - if role_name and state == "present": - - userrole_object = kibana.get_userrole(role_name) - results['userrole_status'] = "User Role Object Created" - - results['userrole_object'] = userrole_object - - module.exit_json(**results) - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/plugins/modules/kibana_configuration.py b/plugins/modules/kibana_configuration.py new file mode 100644 index 0000000..d8c5bba --- /dev/null +++ b/plugins/modules/kibana_configuration.py @@ -0,0 +1,246 @@ +#!/usr/bin/python +# Copyright 2021 Expedient +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +DOCUMENTATION=''' + +module: elastic_kibana_settings + +author: Ian Scott + +short_description: Set Elastic Kibana Settings + +description: + - Set Elastic Kibana Settings + +requirements: + - python3 + +options: + host: ECE Host or Deployment Host + port: ECE Port or Deployment Port + username: ECE Username or Deployment Username + password: ECE Password or Deployment Password + deployment_info: (when using ECE host:port and credentials) + deployment_id: ECE Deployment ID + deployment_name: ECE Deployment Name + resource_type: kibana + ref_id: REF ID for kibana cluster, most likely main-kibana + version: Deployment Kibana Version +''' +from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule +#from ansible.module_utils.basic import * + +try: + from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana +except: + import sys + import os + util_path = new_path = f'{os.getcwd()}/plugins/module_utils' + sys.path.append(util_path) + from kibana import Kibana + +results = {} + +def main(): + + kibana_space_adv_settings_spec=dict( + space_id=dict(type='str', default='default'), + settings=dict(type='dict'), + ) + + kibana_userrole_settings_spec=dict( + role_name=dict(type='str', default='default'), + body=dict(type='dict', default=1), + ) + + kibana_space_spec=dict( + space_name=dict(type='str', required=True), + space_description=dict(type='str', default="None"), + space_id=dict(type='str', required=True), + disabledFeatures=dict(type='list'), + initials=dict(type='str', default=None), + color=dict(type='str', default=None), + ) + + kibana_fleet_pkg_policy_spec=dict( + pkg_policy_name=dict(type='str', required=True), + pkg_policy_desc=dict(type='str', default='N/A'), + integration_name=dict(type='str', required=True), + integration_title=dict(type='dict', default="None"), + integration_ver=dict(type='dict', required=True), + integration_settings=dict(type='dict', required=False,options=dict( + integration_vars=dict(type=dict, options=dict( + service=dict(type='str') + )) + )) + ) + + kibana_fleet_agent_policy_spec=dict( + agent_policy_name=dict(type='str', required=True), + agent_policy_desc=dict(type='dict', default="None"), + monitoring=dict(type='list'), + space_id=dict(type='str', default='default'), + kibana_fleet_pkg_policy_settings=dict(type='list', required=False, options=kibana_fleet_pkg_policy_spec), + ) + + kibana_savedobject_specs=dict( + object_name=dict(type='str'), + object_id=dict(type='str'), + action=dict(type='str', required=True), #import, export, ... + overwrite=dict(type='bool', default=True), + createNewCopies=dict(type='bool', default=False), + space_id=dict(type='str', default='default'), + ) + + kibana_default_dashboard_specs=dict( + object_attributes=dict(type='list'), + overwrite=dict(type='bool', default=True), + createNewCopies=dict(type='bool', default=False), + space_id=dict(type='str', default='default'), + ) + + module_args=dict( + host=dict(type='str', required=True), + port=dict(type='int', default=9243), + username=dict(type='str', required=True), + password=dict(type='str', no_log=True, required=True), + verify_ssl_cert=dict(type='bool', default=True), + kibana_space_adv_settings=dict(type='dict', required=False, options=kibana_space_adv_settings_spec), + kibana_userrole_settings=dict(type='dict', required=False, options=kibana_userrole_settings_spec), + kibana_space_settings=dict(type='dict', required=False, options=kibana_space_spec), + kibana_fleet_agent_policies=dict(type='list', required=False, options=kibana_fleet_agent_policy_spec), + kibana_savedobject_settings=dict(type='list', required=False, options=kibana_savedobject_specs), + kibana_default_dashboards=dict(type='dict', required=False, options=kibana_default_dashboard_specs), + state=dict(type='str', default='present'), # present, absent + deployment_info=dict(type='dict', default=None) + ) + + argument_dependencies = [] + #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), + #('alert-type', 'metrics_threshold', ('conditions')) + + module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) + + results['changed'] = False + + kibana = Kibana(module) + kibana_space_adv_settings = module.params.get('kibana_space_adv_settings') + kibana_userrole_settings = module.params.get('kibana_userrole_settings') + kibana_space_settings = module.params.get('kibana_space_settings') + kibana_savedobject_settings = module.params.get('kibana_savedobject_settings') + kibana_default_dashboards = module.params.get('kibana_default_dashboards') + kibana_fleet_agent_policies = module.params.get('kibana_fleet_agent_policies') + state = module.params.get('state') + + if kibana_space_settings: + space_object = kibana.get_space(kibana_space_settings['space_id']) + if space_object != None: + results['space_status'] = "Space Object Found" + if space_object == None and not module.check_mode: + space_object = kibana.create_space( + kibana_space_settings.get('space_id'), + kibana_space_settings.get('space_name'), + kibana_space_settings.get('space_description'), + kibana_space_settings.get('disabledFeatures'), + kibana_space_settings.get('initials'), + kibana_space_settings.get('color') + ) + results['space_status'] = "Space Object Created" + results['space_object'] = space_object + if kibana_space_adv_settings: + kibana_settings = kibana.update_kibana_settings( + kibana_space_adv_settings.get('settings'), + space_id = kibana_space_adv_settings.get('space_id') + ) + results['kibana_settings_object'] = kibana_settings + if kibana_userrole_settings: + userrole_object = kibana.get_userrole(kibana_userrole_settings.get('role_name')) + results['userrole_status'] = "User Role Object Info" + results['userrole_object'] = userrole_object + if userrole_object == None and not module.check_mode: + userrole_object = kibana.create_userrole( + kibana_userrole_settings.get('role_name'), + kibana_userrole_settings.get('body')) + results['userrole_status'] = "User Role Object Created" + results['userrole_object'] = userrole_object + if kibana_default_dashboards: + saved_object = None + if kibana_default_dashboards['object_attributes'] \ + and state == "present": + + saved_object = kibana.import_saved_object( + kibana_default_dashboards['object_attributes'], + space_id = kibana_default_dashboards['space_id'], + createNewCopies = kibana_default_dashboards['createNewCopies'], + overwrite = kibana_default_dashboards['overwrite']) + + if kibana_savedobject_settings: + saved_object = None + + if (kibana_savedobject_settings['object_name'] or kibana_savedobject_settings['object_id']) \ + and kibana_savedobject_settings['state'] == "present": + saved_object_info = kibana.get_saved_object( + object_type = kibana_savedobject_settings['object_type'], + object_id = kibana_savedobject_settings['object_id'], + object_name = kibana_savedobject_settings['object_name'], + space_id = kibana_savedobject_settings['space_id']) + saved_object = kibana.export_saved_object( + object_type = kibana_savedobject_settings['object_type'], + object_id = saved_object_info['id'], + space_id = kibana_savedobject_settings['space_id']) + + if kibana_savedobject_settings['search_string'] \ + and state == "present": + if kibana_savedobject_settings['search_string'] == "None": + kibana_savedobject_settings['search_string'] == "" + saved_object = kibana.get_saved_objects_list( + kibana_savedobject_settings['search_string'], + kibana_savedobject_settings['object_type'], + space_id = kibana_savedobject_settings['space_id']) + + if kibana_savedobject_settings['object_attributes'] \ + and state == "update": + saved_object_info = kibana.get_saved_object( + object_type = kibana_savedobject_settings['object_type'], + object_id = kibana_savedobject_settings['object_id'], + object_name = kibana_savedobject_settings['object_name'], + space_id = kibana_savedobject_settings['space_id']) + saved_object_id = saved_object_info['id'] + saved_object = kibana.update_saved_object( + object_type = kibana_savedobject_settings['object_type'], + object_id = saved_object_id, + object_name = kibana_savedobject_settings['object_name'], + space_id = kibana_savedobject_settings['space_id'], + object_attributes = kibana_savedobject_settings['object_attributes']) + + if saved_object != "": + results['object_status'] = "Saved Object Found" + results['saved_object'] = saved_object + else: + results['object_status'] = "No Saved Object was returned, check your Saved Object Info" + results['saved_object'] = None + + if kibana_fleet_agent_policies: + if state == "present": + for agent_policy in kibana_fleet_agent_policies: + agent_policy_object = kibana.create_agent_policy() + + + + module.exit_json(**results) + +if __name__ == "__main__": + main() + + From e48ca05d99c913a1a56c7de89f7c7162b04e6102 Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Tue, 11 Apr 2023 16:10:01 -0500 Subject: [PATCH 8/8] updates --- plugins/module_utils/ece_apiproxy.py | 7 ++-- plugins/module_utils/kibana.py | 12 +++---- plugins/modules/kibana_fleet_host.py | 48 +++++++++------------------- 3 files changed, 24 insertions(+), 43 deletions(-) diff --git a/plugins/module_utils/ece_apiproxy.py b/plugins/module_utils/ece_apiproxy.py index 83a387d..e044e5f 100644 --- a/plugins/module_utils/ece_apiproxy.py +++ b/plugins/module_utils/ece_apiproxy.py @@ -47,15 +47,15 @@ def __init__(self, module): self.ece_auth = ECE(module) - def send_api_request(self, endpoint, method, data=None, headers={}, timeout=600, space_id='default', no_kbnver=False, version=None): + def send_api_request(self, endpoint, method, data=None, headers=[{}], timeout=600, space_id='default', no_kbnver=False, version=None): if endpoint.startswith('_'): url = f'https://{self.host}:{self.port}/api/v1/deployments/{self.deployment_id}/{self.resource_type}/{self.ref_id}/proxy/{endpoint}' else: url = f'https://{self.host}:{self.port}/api/v1/deployments/{self.deployment_id}/{self.resource_type}/{self.ref_id}/proxy/s/{space_id}/api/{endpoint}' - headers = {'Authorization': f'Bearer {self.ece_auth.token}'} payload = None + headers['Authorization'] = f'Bearer {self.ece_auth.token}' headers['Content-Type'] = 'application/json' headers['X-Management-Request'] = 'True' @@ -78,12 +78,11 @@ def send_api_request(self, endpoint, method, data=None, headers={}, timeout=600, content = '' return content - def send_file_api_request(self, endpoint, method, data=None, headers={}, file=None, timeout=600, space_id = "default", no_kbnver=False, version=None, *args, **kwargs): + def send_file_api_request(self, endpoint, method, data=None, headers=[{}], file=None, timeout=600, space_id = "default", no_kbnver=False, version=None, *args, **kwargs): url = f'https://{self.host}:{self.port}/api/v1/deployments/{self.deployment_id}/{self.resource_type}/{self.ref_id}/proxy/s/{space_id}/api/{endpoint}' response = None - headers = {} headers['Authorization'] = f'Bearer {self.ece_auth.token}' headers['X-Management-Request'] = 'True' #headers['Content-Type'] = 'application/json' diff --git a/plugins/module_utils/kibana.py b/plugins/module_utils/kibana.py index cc2ed94..47bbd4b 100644 --- a/plugins/module_utils/kibana.py +++ b/plugins/module_utils/kibana.py @@ -881,16 +881,16 @@ def get_fleet_server_hosts(self): result = self.send_api_request(endpoint, 'GET') return result['item']['fleet_server_hosts'] - def set_fleet_server_hosts(self, hosts: list): - endpoint = 'fleet/settings' + def set_fleet_server_hosts(self, hosts: list, name='Default', default=True): + endpoint = 'fleet/fleet_server_hosts/fleet-default-fleet-server-host' headers = {'kbn-xsrf': True} body = { - 'fleet_server_hosts': hosts + 'is_default': default, + 'name': name, + 'host_urls': hosts } - body_json = dumps(body) - - result = self.send_api_request(endpoint, 'PUT', headers=headers, data=body_json) + result = self.send_api_request(endpoint, 'PUT', headers=headers, data=body) return result def get_fleet_elasticsearch_hosts(self): diff --git a/plugins/modules/kibana_fleet_host.py b/plugins/modules/kibana_fleet_host.py index ab86045..f759daf 100644 --- a/plugins/modules/kibana_fleet_host.py +++ b/plugins/modules/kibana_fleet_host.py @@ -85,10 +85,10 @@ - expedient.elastic.elastic_auth_options.documentation ''' +from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana - import ansible_collections.expedient.elastic.plugins.module_utils.lookups except: import sys import os @@ -96,31 +96,6 @@ sys.path.append(util_path) from kibana import Kibana -from ansible.module_utils.basic import AnsibleModule -from json import dumps - -class KibanaFleet(Kibana): - def __init__(self, module): - super().__init__(module) - self.url_type = self.module.params.get('url_type') - - def get_current_urls(self): - if self.url_type == 'fleet_server': - current_urls = self.get_fleet_server_hosts() - if self.url_type == 'elasticsearch': - current_urls = self.get_fleet_elasticsearch_hosts() - return current_urls - - def send_urls(self, urls: list): - if self.url_type == 'fleet_server': - result = self.set_fleet_server_hosts(urls) - - if self.url_type == 'elasticsearch': - result = self.set_fleet_elasticsearch_hosts(urls) - - return result - - def main(): module_args=dict( host=dict(type='str'), @@ -140,15 +115,17 @@ def main(): } module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - kibana_fleet = KibanaFleet(module) + kibana = Kibana(module) + action = module.params.get('action') - current_urls = kibana_fleet.get_current_urls() # The urls as they exist in kibana at start + url_type = module.params.get('url_type') provided_urls = module.params.get('urls') # Urls provided by the user # final_urls is a list that gets calculated depending on the provided action. final_urls = [] - + current_urls = kibana.get_fleet_server_hosts() if action == 'add': + final_urls.extend(current_urls) for item in provided_urls: if item in current_urls: @@ -170,17 +147,22 @@ def main(): if set(current_urls) == set(final_urls): results['msg'] += "\n No action needed" else: - send_url_result = kibana_fleet.send_urls(final_urls) + if url_type == 'fleet_server': + send_url_result = kibana.set_fleet_server_hosts(provided_urls) + + if url_type == 'elasticsearch': + send_url_result = kibana.set_fleet_elasticsearch_hosts(provided_urls) + if 'message' in send_url_result: module.fail_json(f"Unable to {action} urls. Error: {send_url_result['message']}") else: results['changed'] = True results['msg'] += f"\nSuccessful {action}" - results['fleet_server_urls'] = kibana_fleet.get_fleet_server_hosts() - results['fleet_elasticsearch_urls'] = kibana_fleet.get_fleet_elasticsearch_hosts() + results['fleet_server_urls'] = kibana.get_fleet_server_hosts() + results['fleet_elasticsearch_urls'] = kibana.get_fleet_elasticsearch_hosts() module.exit_json(**results) if __name__ == '__main__': - main() + main() \ No newline at end of file