From 38505cc3122abbfed0583435e532eb5081bac26d Mon Sep 17 00:00:00 2001 From: Ian Scott Date: Mon, 28 Aug 2023 10:24:45 -0500 Subject: [PATCH] update documenation --- plugins/modules/ece_cluster_alias.py | 39 ++++- plugins/modules/ece_cluster_info.py | 10 +- .../modules/ece_cluster_logs_and_metrics.py | 53 +++++-- plugins/modules/ece_cluster_tag.py | 10 +- plugins/modules/ece_facts.py | 36 +++++ plugins/modules/elastic_agentlist_info.py | 10 +- plugins/modules/elastic_agentpolicy.py | 10 +- plugins/modules/elastic_agentpolicy_info.py | 10 +- plugins/modules/elastic_detection_rule.py | 10 +- .../modules/elastic_expedient_pkgpolicy.py | 32 ++-- .../elastic_expedient_security_rules.py | 136 +++++++++-------- plugins/modules/elastic_fleet_agent_report.py | 10 +- .../modules/elastic_index_lifecycle_policy.py | 34 ++--- .../elastic_index_lifecycle_policy_info.py | 14 +- plugins/modules/elastic_integration_info.py | 19 ++- plugins/modules/elastic_kibana_settings.py | 16 +- .../modules/elastic_kibana_settings_info.py | 10 +- plugins/modules/elastic_pipeline.py | 45 +++++- plugins/modules/elastic_pkgpolicy.py | 47 ++++-- plugins/modules/elastic_pkgpolicy_info.py | 14 +- plugins/modules/elastic_role_mapping.py | 10 +- .../modules/elastic_role_mapping_create.py | 10 +- plugins/modules/elastic_savedobject.py | 45 ++++-- plugins/modules/elastic_savedobject_info.py | 28 ++-- plugins/modules/elastic_security_rule.py | 67 +++++++++ plugins/modules/elastic_settings.py | 27 +++- plugins/modules/elastic_space.py | 34 +++-- plugins/modules/elastic_user.py | 35 +++++ plugins/modules/elastic_userrole.py | 21 ++- plugins/modules/elastic_userrole_info.py | 10 +- plugins/modules/kibana_action.py | 27 +++- plugins/modules/kibana_alert.py | 93 ++++++------ plugins/modules/kibana_alert_facts.py | 10 +- plugins/modules/kibana_fleet_host.py | 142 +++++++++--------- 34 files changed, 763 insertions(+), 361 deletions(-) diff --git a/plugins/modules/ece_cluster_alias.py b/plugins/modules/ece_cluster_alias.py index 2b05fcd..7827320 100644 --- a/plugins/modules/ece_cluster_alias.py +++ b/plugins/modules/ece_cluster_alias.py @@ -27,12 +27,39 @@ - python3 options: - host: ECE Host - port: ECE Port - deployment_name or deployment_id - username: ECE Username - password: ECE Password - alias_name: Deployment Alias String + + host: + description: ECE Host + type: str + + port: + description: ECE Port + type: str + + deployment_name: + description: + - Name of Deployment + - Required if deployment_id is blank + type: str + + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + + username: + description: ECE Username + type: str + + password: + description: ECE Password + type: str + + alias_name: + description: Deployment Alias String + type: str + ''' from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/ece_cluster_info.py b/plugins/modules/ece_cluster_info.py index a823235..7a46d44 100644 --- a/plugins/modules/ece_cluster_info.py +++ b/plugins/modules/ece_cluster_info.py @@ -35,8 +35,16 @@ description: ECE Port type: str + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + deployment_name: - description: Name of Deployment + description: + - Name of Deployment + - Required if deployment_id is blank type: str username: diff --git a/plugins/modules/ece_cluster_logs_and_metrics.py b/plugins/modules/ece_cluster_logs_and_metrics.py index 668c67e..cb600a1 100644 --- a/plugins/modules/ece_cluster_logs_and_metrics.py +++ b/plugins/modules/ece_cluster_logs_and_metrics.py @@ -27,16 +27,51 @@ - python3 options: - host: ECE Host - port: ECE Port - deployment_name or deployment_id - username: ECE Username - password: ECE Password - logging_dest: Destination Deployment name for Logging - metrics_dest: Destination Deployment name for Metrics - logging_ref_id: Reference ID for Logging - metrics_ref_id: Reference ID for Metrics + host: + description: ECE Host + type: str + + port: + description: ECE Port + type: str + + deployment_name: + description: + - Name of Deployment + - Required if deployment_id is blank + type: str + + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + + username: + description: ECE Username + type: str + + password: + description: ECE Password + type: str + + no_cluster_object: + description: Sometimes it is not neccesary to return all the data of a deployment + type: bool + + logging_dest: + description: Destination Deployment name for Logging + type: str + metrics_dest: + description: Destination Deployment name for Metrics + type: str + logging_ref_id: + description: Reference ID for Logging + type: str + metrics_ref_id: + description: Reference ID for Metrics + type: str ''' from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/ece_cluster_tag.py b/plugins/modules/ece_cluster_tag.py index f4f5c87..85c721a 100644 --- a/plugins/modules/ece_cluster_tag.py +++ b/plugins/modules/ece_cluster_tag.py @@ -35,8 +35,16 @@ description: ECE Port type: str + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + deployment_name: - description: Name of Deployment + description: + - Name of Deployment + - Required if deployment_id is blank type: str username: diff --git a/plugins/modules/ece_facts.py b/plugins/modules/ece_facts.py index 4652406..d6fe4c9 100644 --- a/plugins/modules/ece_facts.py +++ b/plugins/modules/ece_facts.py @@ -20,6 +20,42 @@ 'supported_by': 'community' } +DOCUMENTATION=''' +--- +module: ece_facts + +short_description: Get ECE facts + +version_added: '2.9' + +author: Ian Scott + +requirements: + - python3 + +description: + - Get ECE facts + +options: + host: + description: ECE Host + type: str + + port: + description: ECE Port + type: int + + username: + description: ECE Username + type: str + + password: + description: ECE Password + type: str + + +''' + ## need to support both loading as part of a collection and running in test/debug mode try: from ansible_collections.expedient.elastic.plugins.module_utils.ece import ECE diff --git a/plugins/modules/elastic_agentlist_info.py b/plugins/modules/elastic_agentlist_info.py index 982d7c9..9cfeb2a 100644 --- a/plugins/modules/elastic_agentlist_info.py +++ b/plugins/modules/elastic_agentlist_info.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/elastic_agentpolicy.py b/plugins/modules/elastic_agentpolicy.py index 5a2c62f..a9071e4 100644 --- a/plugins/modules/elastic_agentpolicy.py +++ b/plugins/modules/elastic_agentpolicy.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/elastic_agentpolicy_info.py b/plugins/modules/elastic_agentpolicy_info.py index f331ad5..e2e1231 100644 --- a/plugins/modules/elastic_agentpolicy_info.py +++ b/plugins/modules/elastic_agentpolicy_info.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/elastic_detection_rule.py b/plugins/modules/elastic_detection_rule.py index fbe1a75..9418953 100644 --- a/plugins/modules/elastic_detection_rule.py +++ b/plugins/modules/elastic_detection_rule.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/elastic_expedient_pkgpolicy.py b/plugins/modules/elastic_expedient_pkgpolicy.py index 9afbe7e..30d3f6f 100644 --- a/plugins/modules/elastic_expedient_pkgpolicy.py +++ b/plugins/modules/elastic_expedient_pkgpolicy.py @@ -45,12 +45,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -71,13 +73,23 @@ description: Title of Integration type: str integration_ver: - description: Title of Integration + description: Version of Integration + type: str + integration_name: + description: Integration Name + type: str + pkg_policy_name: + description: Package Policy Name type: str - integration_name=dict(type='str'), - pkg_policy_name=dict(type='str', required=True), - pkg_policy_desc=dict(type='str'), - pkg_policy_vars=dict(type='json'), - integration_settings=dict(type='dict'), + pkg_policy_desc: + description: Package Policy Description + type: str + pkg_policy_vars: + description: Package policy vars + type: json + integration_settings: + description: Integration Settings + type: dict ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule diff --git a/plugins/modules/elastic_expedient_security_rules.py b/plugins/modules/elastic_expedient_security_rules.py index 5953dc8..be82480 100644 --- a/plugins/modules/elastic_expedient_security_rules.py +++ b/plugins/modules/elastic_expedient_security_rules.py @@ -1,18 +1,18 @@ #!/usr/bin/python # Copyright 2021 Expedient -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -DOCUMENTATION=''' +DOCUMENTATION = """ module: elastic_expedient_security_rules @@ -47,14 +47,16 @@ description: - (when using ECE host:port and credentials) required: true - deployment_id: - description: - - ECE Deployment ID - required: true - deployment_name: - description: - - ECE Deployment Name - required: true + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + deployment_name: + description: + - Name of Deployment + - Required if deployment_id is blank + type: str resource_type: description: - kibana @@ -71,75 +73,89 @@ description: - List of Endpoint Exceptions in JSON format required: true -''' +""" from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana + from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana + import sys + import os + + util_path = new_path = f"{os.getcwd()}/plugins/module_utils" + sys.path.append(util_path) + from kibana import Kibana results = {} -def main(): - module_args=dict( - host=dict(type='str',required=True), - port=dict(type='int', default=9243), - username=dict(type='str', required=True), - password=dict(type='str', no_log=True, required=True), - verify_ssl_cert=dict(type='bool', default=True), - deployment_info=dict(type='dict', default=None), - security_rule_items=dict(type='list', default=None), +def main(): + module_args = dict( + host=dict(type="str", required=True), + port=dict(type="int", default=9243), + username=dict(type="str", required=True), + password=dict(type="str", no_log=True, required=True), + verify_ssl_cert=dict(type="bool", default=True), + deployment_info=dict(type="dict", default=None), + security_rule_items=dict(type="list", default=None), ) argument_dependencies = [] - #('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), - #('alert-type', 'metrics_threshold', ('conditions')) - + # ('state', 'present', ('enabled', 'alert_type', 'conditions', 'actions')), + # ('alert-type', 'metrics_threshold', ('conditions')) + module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - results['changed'] = False - security_rule_exception_items = module.params.get('security_rule_items') - + results["changed"] = False + security_rule_exception_items = module.params.get("security_rule_items") + kibana = Kibana(module) - + exception_lists = kibana.get_security_exception_list() target_object = None - + for exception_list in exception_lists: - if exception_list['list_id'] == 'endpoint_list': - target_object = exception_list - break - + if exception_list["list_id"] == "endpoint_list": + target_object = exception_list + break + if not target_object: - results['exception_list_status'] = 'endpoint_list was not found' - results['changed'] = False - module.fail_json(**results) - + results["exception_list_status"] = "endpoint_list was not found" + results["changed"] = False + module.fail_json(**results) + if target_object: - results['exception_list_status'] = "endpoint_list found" - results['exception_list_object'] = target_object - endpoint_list_items = kibana.get_security_exception_list_item() - results['exception_list_item_object'] = endpoint_list_items - + results["exception_list_status"] = "endpoint_list found" + results["exception_list_object"] = target_object + endpoint_list_items = kibana.get_security_exception_list_item() + results["exception_list_item_object"] = endpoint_list_items + if not endpoint_list_items: - results['exception_list_item_status'] = "INFO: Endpoint Security has no entries, that's ok, we will create one" + results[ + "exception_list_item_status" + ] = "INFO: Endpoint Security has no entries, that's ok, we will create one" else: - for security_rule_exception_item in security_rule_exception_items: - for endpoint_list_item in endpoint_list_items: - if endpoint_list_item['name'].upper() == security_rule_exception_item['name'].upper(): - endpoint_list_item_delete = kibana.delete_security_exception_list_items(item_id = endpoint_list_item['item_id']) - results['endpoint_list_item_delete'] = endpoint_list_item_delete - endpoint_list_item_update = kibana.create_security_exception_list_items(id = 'endpoint_list', body = security_rule_exception_item) - results['endpoint_list_item_update_object_' + security_rule_exception_item['name']] = endpoint_list_item_update - + for security_rule_exception_item in security_rule_exception_items: + for endpoint_list_item in endpoint_list_items: + if ( + endpoint_list_item["name"].upper() + == security_rule_exception_item["name"].upper() + ): + endpoint_list_item_delete = ( + kibana.delete_security_exception_list_items( + item_id=endpoint_list_item["item_id"] + ) + ) + results["endpoint_list_item_delete"] = endpoint_list_item_delete + endpoint_list_item_update = kibana.create_security_exception_list_items( + id="endpoint_list", body=security_rule_exception_item + ) + results[ + "endpoint_list_item_update_object_" + + security_rule_exception_item["name"] + ] = endpoint_list_item_update + module.exit_json(**results) + if __name__ == "__main__": main() - - diff --git a/plugins/modules/elastic_fleet_agent_report.py b/plugins/modules/elastic_fleet_agent_report.py index 49e56d8..c2b924c 100644 --- a/plugins/modules/elastic_fleet_agent_report.py +++ b/plugins/modules/elastic_fleet_agent_report.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/elastic_index_lifecycle_policy.py b/plugins/modules/elastic_index_lifecycle_policy.py index 1283640..d7988bd 100644 --- a/plugins/modules/elastic_index_lifecycle_policy.py +++ b/plugins/modules/elastic_index_lifecycle_policy.py @@ -45,12 +45,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -61,23 +63,13 @@ version: description: Deployment Kibana Version type: str - index_lifecycle_policy_name: Name of lifecycle policy - settings: (Example) - policy: - phases: - hot: - min_age: 0ms - actions: - rollover: - max_size: 100gb - max_primary_shard_size: 50gb - max_age: 7d - delete: - min_age: 30d - actions: - delete: - delete_searchable_snapshot: true - + index_lifecycle_policy_name: + description: Name of lifecycle policy + type: str + settings: + description: lifecycle policy settings + type: dict + ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule diff --git a/plugins/modules/elastic_index_lifecycle_policy_info.py b/plugins/modules/elastic_index_lifecycle_policy_info.py index a7436ce..0ad3f0a 100644 --- a/plugins/modules/elastic_index_lifecycle_policy_info.py +++ b/plugins/modules/elastic_index_lifecycle_policy_info.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,7 +62,9 @@ version: description: Deployment Kibana Version type: str - index_lifecycle_policy_name: Name of lifecycle policy + index_lifecycle_policy_name: + description: Name of lifecycle policy + type: str ''' diff --git a/plugins/modules/elastic_integration_info.py b/plugins/modules/elastic_integration_info.py index fcbab31..bd50306 100644 --- a/plugins/modules/elastic_integration_info.py +++ b/plugins/modules/elastic_integration_info.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,8 +62,13 @@ version: description: Deployment Kibana Version type: str - integration_title: Title or Label of intregration (seems to change between versions on occasion, but name does not) - integration_name: Name of intregration + integration_title: + description: Title of intregration. seems to change between versions on occasion, but name does not + type: str + integration_name: + description: Name of intregration + type: str + ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule diff --git a/plugins/modules/elastic_kibana_settings.py b/plugins/modules/elastic_kibana_settings.py index 6c8d5fe..4ebf3a7 100644 --- a/plugins/modules/elastic_kibana_settings.py +++ b/plugins/modules/elastic_kibana_settings.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,6 +62,12 @@ version: description: Deployment Kibana Version type: str + space_id: + description: Space ID + type: str + settings: + description: Kibana Settings + type: dict ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * diff --git a/plugins/modules/elastic_kibana_settings_info.py b/plugins/modules/elastic_kibana_settings_info.py index bf9e602..31f9d44 100644 --- a/plugins/modules/elastic_kibana_settings_info.py +++ b/plugins/modules/elastic_kibana_settings_info.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/elastic_pipeline.py b/plugins/modules/elastic_pipeline.py index 93c6f1f..652258e 100644 --- a/plugins/modules/elastic_pipeline.py +++ b/plugins/modules/elastic_pipeline.py @@ -38,9 +38,48 @@ - This module creates or deletes ingest pipeline options: - pipeline_object - pipeline_name - + host: + description: ECE Host + type: str + port: + description: ECE Port + type: str + username: + description: ECE Username + type: str + password: + description: ECE Password + type: str + deployment_info: + description: Deployment Information + type: dict + suboptions: + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + deployment_name: + description: + - Name of Deployment + - Required if deployment_id is blank + type: str + resource_type: + description: "Type or Resource, most likely kibana" + type: str + ref_id: + description: "REF ID for kibana cluster, most likely main-kibana" + type: str + version: + description: Deployment Kibana Version + type: str + pipeline_name: + description: Pipeline Name + type: str + pipeline_object: + description: Pipeline Object + type: dict + extends_documentation_fragment: - expedient.elastic.elastic_auth_options ''' diff --git a/plugins/modules/elastic_pkgpolicy.py b/plugins/modules/elastic_pkgpolicy.py index ba262ba..d1d70ac 100644 --- a/plugins/modules/elastic_pkgpolicy.py +++ b/plugins/modules/elastic_pkgpolicy.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,16 +62,33 @@ version: description: Deployment Kibana Version type: str - pkg_policy_name: Package Policy name (Required) - pkg_policy_desc: Package Policy description - agent_policy_id: Agent Policy ID. (Required if agent_policy_name is not present) - agent_policy_name: Agent Policy Name. (Required if agent_policy_id is not present) - integration_title: Integration Title/Label (Required) - integration_name: Integration Name - integration_ver: Integration Version. The version will determine what integration settings are valid - namespace: Elastic namespace, always default for now (Optional) - integration_settings: Integration settings (Optional) - + pkg_policy_name: + description: Package Policy name + type: str + pkg_policy_desc: + description: Package Policy description + type: str + agent_policy_id: + description: Agent Policy ID + type: str + agent_policy_name: + description: Agent Policy Name + type: str + integration_title: + description: "Integration Title/Label" + type: str + integration_name: + description: Integration Name + type: str + integration_ver: + description: "Integration Version. The version will determine what integration settings are valid" + type: str + namespace: + description: Elastic namespace, always default for now + type: str + integration_settings: + description: Integration settings + type: dict ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule #from ansible.module_utils.basic import * diff --git a/plugins/modules/elastic_pkgpolicy_info.py b/plugins/modules/elastic_pkgpolicy_info.py index 8201e1e..b0a3493 100644 --- a/plugins/modules/elastic_pkgpolicy_info.py +++ b/plugins/modules/elastic_pkgpolicy_info.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,7 +62,9 @@ version: description: Deployment Kibana Version type: str - pkg_policy_name: Package Policy name + pkg_policy_name: + description: Package Policy name + type: str ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule diff --git a/plugins/modules/elastic_role_mapping.py b/plugins/modules/elastic_role_mapping.py index 2ecf263..e166ff2 100644 --- a/plugins/modules/elastic_role_mapping.py +++ b/plugins/modules/elastic_role_mapping.py @@ -53,12 +53,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/elastic_role_mapping_create.py b/plugins/modules/elastic_role_mapping_create.py index 562fb23..148ba60 100644 --- a/plugins/modules/elastic_role_mapping_create.py +++ b/plugins/modules/elastic_role_mapping_create.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/elastic_savedobject.py b/plugins/modules/elastic_savedobject.py index 62f2898..dc42260 100644 --- a/plugins/modules/elastic_savedobject.py +++ b/plugins/modules/elastic_savedobject.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,14 +62,33 @@ version: description: Deployment Kibana Version type: str - object_name: Saved Object name - object_id: Saved Object ID - object_type: Type of Object - search_string: Saved Object Search String - object_attributes: Object Attributes. These vary widely based on the object to create. - space_id: Space to search for the Saved Object List or create the Saved Object in - overwrite: True/False When Importing, if a Saved Object is found with the same ID whether or not to overwrite that object - createNewCopies: True/False When Importing, Whether or not to create a new copy + object_name: + description: Saved Object name + type: str + object_id: + description: Saved Object ID + type: str + object_type: + description: Type of Object + type: str + search_string: + description: Saved Object Search String + type: str + object_attributes: + description: Object Attributes. These vary widely based on the object to create. + type: str + space_id: + description: Space to search for the Saved Object List or create the Saved Object in + type: str + default: default + overwrite: + description: If a Saved Object is found with the same ID whether or not to overwrite that object + type: bool + default: True + createNewCopies: + description: Whether or not to create a new copy + type: bool + default: False ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule diff --git a/plugins/modules/elastic_savedobject_info.py b/plugins/modules/elastic_savedobject_info.py index e0cd2b8..ffe12b3 100644 --- a/plugins/modules/elastic_savedobject_info.py +++ b/plugins/modules/elastic_savedobject_info.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,11 +62,19 @@ version: description: Deployment Kibana Version type: str - object_name: Saved Object name (Required) - object_type: Type of Object - space_id: Name of Space the Object is in - -''' + + object_name: + description: Saved Object name + type: str + object_type: + description: Type of Object + type: str + space_id: + description: Name of Space the Object is in + type: str + default: default +''' + from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule try: diff --git a/plugins/modules/elastic_security_rule.py b/plugins/modules/elastic_security_rule.py index 38a6357..668181c 100644 --- a/plugins/modules/elastic_security_rule.py +++ b/plugins/modules/elastic_security_rule.py @@ -12,7 +12,74 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +DOCUMENTATION=''' +module: elastic_savedobject + +author: Ian Scott + +short_description: Get Elastic Saved Object List or Create Saved Object. + +description: + - Get Elastic Saved Object List or Create Saved Object. + +requirements: + - python3 + +options: + host: + description: ECE Host + type: str + port: + description: ECE Port + type: str + username: + description: ECE Username + type: str + password: + description: ECE Password + type: str + deployment_info: + description: Deployment Information + type: dict + suboptions: + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + deployment_name: + description: + - Name of Deployment + - Required if deployment_id is blank + type: str + resource_type: + description: "Type or Resource, most likely kibana" + type: str + ref_id: + description: "REF ID for kibana cluster, most likely main-kibana" + type: str + version: + description: Deployment Kibana Version + type: str + connector_name: + description: The name of the connector + type: str + rule_name: + description: The name of the Rule + type: str + action_body: + description: Action Body + type: str + action_group: + description: Action Group + type: str + replace_or_append: + description: Replace or Append Action + type: str + + +''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule import json diff --git a/plugins/modules/elastic_settings.py b/plugins/modules/elastic_settings.py index b256416..5759ab6 100644 --- a/plugins/modules/elastic_settings.py +++ b/plugins/modules/elastic_settings.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,10 +62,19 @@ version: description: Deployment Kibana Version type: str - elastic_setting: - state: persistent or transient - var: elastic var name - value: elastic var value + elastic_settings: + description: Elastic Settings info + type: dict + suboptions: + state: + description: State persistent or transient + type: str + var: + description: elastic var name + type: str + value: + description: elastic var value + type: str ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule diff --git a/plugins/modules/elastic_space.py b/plugins/modules/elastic_space.py index 7ff1b77..a1b70ac 100644 --- a/plugins/modules/elastic_space.py +++ b/plugins/modules/elastic_space.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -60,12 +62,24 @@ version: description: Deployment Kibana Version type: str - space_name: Space name - space_description: Description of Space - space_id: Space ID. Used in urls. - disabledFeatures: List of Features to be disabled within this space - initials: Initials of Space - color: Color of Space Icon Background + space_name: + description: Space name + type: str + space_description: + description: Description of Space + type: str + space_id: + description: "Space ID. Used in urls." + type: str + disabledFeatures: + description: List of Features to be disabled within this space + type: list + initials: + description: Initials of Space + type: str + color: + description: Color of Space Icon Background + type: str ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule diff --git a/plugins/modules/elastic_user.py b/plugins/modules/elastic_user.py index 48674ff..c8176d2 100644 --- a/plugins/modules/elastic_user.py +++ b/plugins/modules/elastic_user.py @@ -39,6 +39,41 @@ - Update state not yet implemented options: + host: + description: ECE Host + type: str + port: + description: ECE Port + type: str + username: + description: ECE Username + type: str + password: + description: ECE Password + type: str + deployment_info: + description: Deployment Information + type: dict + suboptions: + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + deployment_name: + description: + - Name of Deployment + - Required if deployment_id is blank + type: str + resource_type: + description: "Type or Resource, most likely kibana" + type: str + ref_id: + description: "REF ID for kibana cluster, most likely main-kibana" + type: str + version: + description: Deployment Kibana Version + type: str state: description: - The desired state for the user diff --git a/plugins/modules/elastic_userrole.py b/plugins/modules/elastic_userrole.py index 7346555..e0f74d9 100644 --- a/plugins/modules/elastic_userrole.py +++ b/plugins/modules/elastic_userrole.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -63,14 +65,9 @@ role_name: description: User Role name type: str - body: - metadata: - elasticsearch: - Role Permission Data - kibana: - Role Permission Data - spaces: - List of spaces for the role + body: + description: Role Object + type: dict ''' from ansible.module_utils.basic import _ANSIBLE_ARGS, AnsibleModule diff --git a/plugins/modules/elastic_userrole_info.py b/plugins/modules/elastic_userrole_info.py index a9b6820..e7d899b 100644 --- a/plugins/modules/elastic_userrole_info.py +++ b/plugins/modules/elastic_userrole_info.py @@ -44,12 +44,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/kibana_action.py b/plugins/modules/kibana_action.py index 05f0a13..29e39ca 100644 --- a/plugins/modules/kibana_action.py +++ b/plugins/modules/kibana_action.py @@ -46,12 +46,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" @@ -62,10 +64,19 @@ version: description: Deployment Kibana Version type: str - action_name: Name of Action to be Created - action_type: Tyep of Action - config: Changes based on type of action - secrets: Secrets for the Action + action_name: + description: Name of Action to be Created + type: str + action_type: + description: Type of Action + type: str + choices: ['EMail', 'Webhook'] + config: + description: Changes based on type of action + type: str + secrets: + description: Secrets for the Action + type: str ''' from ansible.module_utils.six import assertRaisesRegex diff --git a/plugins/modules/kibana_alert.py b/plugins/modules/kibana_alert.py index eeecece..8b27c52 100644 --- a/plugins/modules/kibana_alert.py +++ b/plugins/modules/kibana_alert.py @@ -43,38 +43,40 @@ options: state: - description: - - setting whether alert should be created or deleted - choices: ['present', 'absent'] + description: + setting whether alert should be created or deleted + choices: + - present + - absent default: present type: str alert_name: - description: - - name of the alert to create + description: + name of the alert to create required: True type: str enabled: - description: - - whether to enable the alert when creating + description: + whether to enable the alert when creating default: True type: bool alert_type: - description: - - type of alert to create + description: + type of alert to create choices: - metrics_threshold tags: - description: - - metadata tags to attach to the alert + description: + metadata tags to attach to the alert type: str check_every: - description: - - frequency to check the alert on + description: + frequency to check the alert on default: 1m type: str notify_on: - description: - - when to send the alert + description: + when to send the alert default: status_change choices: - status_change @@ -82,7 +84,7 @@ conditions: description: - dictionary defining which conditions to alert on - - only used for metrics threshold alerts. + - "only used for metrics threshold alerts." - see examples for details type: dict availability: @@ -92,71 +94,64 @@ - see examples for details type: dict numTimes: - description: - - The number of times a monitor can go down within a specified - time range (timerangeCount, timerangeUnit) before an alert is - triggered. - default: 5 - type: int + description: + - "The number of times a monitor can go down within a specified time range (timerangeCount, timerangeUnit) before an alert is triggered." + default: 5 + type: int search: - description: - - The default term that appears in the filter search bar - when manually editing the rule. + description: + - "The default term that appears in the filter search bar when manually editing the rule." type: str - default: "" shouldcheckAvailability: - description: - - whether or not the uptime monitor should check availability + description: + - whether or not the uptime monitor should check availability type: bool default: True shouldCheckStatus: - description: - - whether or not the uptime monitor should check status + description: + - whether or not the uptime monitor should check status type: bool default: True timerangeCount: - description: - - The number of timerangeUnits in which a monitor can go down - in which a monitor can go down up to numTimes. + description: + "The number of timerangeUnits in which a monitor can go down in which a monitor can go down up to numTimes." default: 15 type: int timerangeUnit: - description: - - The unit coinciding with timerangeCount (minute, day, week, etc.) + description: + "The unit coinciding with timerangeCount (minute, day, week, etc.)" default: "minute" choices: ['second', 'seconds', 'minute', 'minutes', 'hour', 'hours', 'day', 'days'] filter: - description: - - kql filter to apply to the conditions + description: kql filter to apply to the conditions type: str filter_query: description: - lucence query to apply to the conditions - - at this time both this and "filter" are required for proper functioning of the module + - "at this time both this and filter are required for proper functioning of the module" - easiest way to get this is to do a kibana_alert_facts on an existing alert with the correct config - alternatively can view the request in the discover tab of kibana alert_on_no_data: - description: + description: whether to alert if there is no data available in the check period type: bool alert_on_group_disappear: - description: - whether to alert if data stops being received for a group identified by the 'group_by' - settings + description: + "whether to alert if data stops being received for a group identified by the group_by settings" type: bool group_by: description: - - defines the "alert for every" field in the Kibana alert - - generally the sensible default is host.name - default: host.name + - "defines the alert for every field in the Kibana alert" + - "generally the sensible default is host.name" + default: "host.name" type: str actions: - description: - - actions to run when alert conditions are triggered + description: + actions to run when alert conditions are triggered type: dict consumer: - description: - - name of the application that owns the alert + description: + name of the application that owns the alert default: alerts type: str diff --git a/plugins/modules/kibana_alert_facts.py b/plugins/modules/kibana_alert_facts.py index b52efa3..fe72e95 100644 --- a/plugins/modules/kibana_alert_facts.py +++ b/plugins/modules/kibana_alert_facts.py @@ -58,12 +58,14 @@ type: dict suboptions: deployment_id: - required: False - description: ECE Deployment ID + description: + - Deployment ID + - Required if deployment_name is blank type: str deployment_name: - required: False - description: ECE Deployment Name + description: + - Name of Deployment + - Required if deployment_id is blank type: str resource_type: description: "Type or Resource, most likely kibana" diff --git a/plugins/modules/kibana_fleet_host.py b/plugins/modules/kibana_fleet_host.py index b6daf92..5b86115 100644 --- a/plugins/modules/kibana_fleet_host.py +++ b/plugins/modules/kibana_fleet_host.py @@ -1,12 +1,12 @@ #!/usr/bin/python # Copyright 2021 Expedient -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -15,16 +15,16 @@ # -*- coding: utf-8 -*- -#from plugins.modules.ece_cluster import DOCUMENTATION +# from plugins.modules.ece_cluster import DOCUMENTATION ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", } -DOCUMENTATION = r''' +DOCUMENTATION = r""" --- module: kibana_fleet_host @@ -57,103 +57,107 @@ description: Deployment Information type: dict suboptions: - deployment_id: - required: False - description: ECE Deployment ID - type: str - deployment_name: - required: False - description: ECE Deployment Name - type: str - resource_type: - description: "Type or Resource, most likely kibana" - type: str - ref_id: - description: "REF ID for kibana cluster, most likely main-kibana" - type: str - version: - description: Deployment Kibana Version - type: str + deployment_id: + description: + - Deployment ID + - Required if deployment_name is blank + type: str + deployment_name: + description: + - Name of Deployment + - Required if deployment_id is blank + type: str + resource_type: + description: "Type or Resource, most likely kibana" + type: str + ref_id: + description: "REF ID for kibana cluster, most likely main-kibana" + type: str + version: + description: Deployment Kibana Version + type: str urls: description: - List of urls that you want to apply as a fleet server host or an elasticsearch host type: list element type: str url_type: + type: str description: - The url type that you want to set for the fleet - "'server' sets the fleet server host" - "'elasticsearch' sets the fleet elasticsearch host" - options: + choices: - fleet_server - elasticsearch action: + type: str description: - The action that you want the module to take against the fleet server - "Add: Add the provided urls to the fleet" - "Remove: Remove the provided urls from the fleet" - "Overwrite: Replace the urls in the fleet with the provided urls" - options: + choices: - Add - Remove - Overwrite extends_documentation_fragment: - expedient.elastic.elastic_auth_options.documentation -''' +""" from ansible.module_utils.basic import AnsibleModule try: - from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana + from ansible_collections.expedient.elastic.plugins.module_utils.kibana import Kibana except: - import sys - import os - util_path = new_path = f'{os.getcwd()}/plugins/module_utils' - sys.path.append(util_path) - from kibana import Kibana + import sys + import os + + util_path = new_path = f"{os.getcwd()}/plugins/module_utils" + sys.path.append(util_path) + from kibana import Kibana + def main(): - module_args=dict( - host=dict(type='str'), - port=dict(type='int', default=12443), - username=dict(type='str', required=True), - password=dict(type='str', required=True, no_log=True), - verify_ssl_cert=dict(type='bool', default=True), - url_type=dict(type='str', choices=['fleet_server', 'elasticsearch'], required=True), - urls=dict(type='list', elements='str', required=True), - action=dict(type='str', choices=['add', 'overwrite', 'remove'], default='add'), - deployment_info=dict(type='dict', default=None) + module_args = dict( + host=dict(type="str"), + port=dict(type="int", default=12443), + username=dict(type="str", required=True), + password=dict(type="str", required=True, no_log=True), + verify_ssl_cert=dict(type="bool", default=True), + url_type=dict( + type="str", choices=["fleet_server", "elasticsearch"], required=True + ), + urls=dict(type="list", elements="str", required=True), + action=dict(type="str", choices=["add", "overwrite", "remove"], default="add"), + deployment_info=dict(type="dict", default=None), ) - results = { - 'changed': False, - 'msg': '' - } + results = {"changed": False, "msg": ""} module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) kibana = Kibana(module) - - action = module.params.get('action') - url_type = module.params.get('url_type') - provided_urls = module.params.get('urls') # Urls provided by the user + + action = module.params.get("action") + url_type = module.params.get("url_type") + provided_urls = module.params.get("urls") # Urls provided by the user # final_urls is a list that gets calculated depending on the provided action. final_urls = [] current_urls = kibana.get_fleet_server_hosts() - if action == 'add': - + if action == "add": final_urls.extend(current_urls) for item in provided_urls: if item in current_urls: - results['msg'] += f"\n{item} already exists in Kibana" + results["msg"] += f"\n{item} already exists in Kibana" else: final_urls.append(item) - if action == 'overwrite': + if action == "overwrite": final_urls.extend(provided_urls) - if action == 'remove': + if action == "remove": for item in current_urls: if item in provided_urls: continue @@ -162,24 +166,26 @@ def main(): # Converting lists to sets for comparison if set(current_urls) == set(final_urls): - results['msg'] += "\n No action needed" + results["msg"] += "\n No action needed" else: - if url_type == 'fleet_server': + if url_type == "fleet_server": send_url_result = kibana.set_fleet_server_hosts(provided_urls) - if url_type == 'elasticsearch': + if url_type == "elasticsearch": send_url_result = kibana.set_fleet_elasticsearch_hosts(provided_urls) - - if 'message' in send_url_result: - module.fail_json(f"Unable to {action} urls. Error: {send_url_result['message']}") + + if "message" in send_url_result: + module.fail_json( + f"Unable to {action} urls. Error: {send_url_result['message']}" + ) else: - results['changed'] = True - results['msg'] += f"\nSuccessful {action}" - results['fleet_server_urls'] = kibana.get_fleet_server_hosts() - results['fleet_elasticsearch_urls'] = kibana.get_fleet_elasticsearch_hosts() + results["changed"] = True + results["msg"] += f"\nSuccessful {action}" + results["fleet_server_urls"] = kibana.get_fleet_server_hosts() + results["fleet_elasticsearch_urls"] = kibana.get_fleet_elasticsearch_hosts() module.exit_json(**results) -if __name__ == '__main__': +if __name__ == "__main__": main()