def main():
argspec = dict(
# name=dict(required=False, type='str'),
# id=dict(required=False, type='str'),
id=dict(required=True, type="int"),
assigned_to=dict(required=False, type="str"),
closing_reason=dict(required=False, type="str"),
closing_reason_id=dict(required=False, type="int"),
follow_up=dict(required=False, type="bool"),
protected=dict(required=False, type="bool"),
status=dict(
required=False,
choices=["open", "OPEN", "hidden", "HIDDEN", "closed", "CLOSED"],
type="str",
),
)
module = AnsibleModule(
argument_spec=argspec,
# required_one_of=[
# ('name', 'id',),
# ],
mutually_exclusive=[("closing_reason", "closing_reason_id")],
supports_check_mode=True,
)
qradar_request = QRadarRequest(
module,
not_rest_data_keys=["name", "id", "assigned_to", "closing_reason"],
)
# if module.params['name']:
# # FIXME - QUERY HERE BY NAME
# found_offense = qradar_request.get('/api/siem/offenses?filter={0}'.format(module.params['name']))
found_offense = qradar_request.get("/api/siem/offenses/{0}".format(
module.params["id"]))
if found_offense:
set_offense_values(module, qradar_request)
post_strs = []
if module.params["status"] and (to_text(found_offense["status"]) !=
to_text(module.params["status"])):
post_strs.append("status={0}".format(
to_text(module.params["status"])))
if module.params["assigned_to"] and (to_text(
found_offense["assigned_to"]) != to_text(
module.params["assigned_to"])):
post_strs.append("assigned_to={0}".format(
module.params["assigned_to"]))
if module.params["closing_reason_id"] and (
found_offense["closing_reason_id"] !=
module.params["closing_reason_id"]):
post_strs.append("closing_reason_id={0}".format(
module.params["closing_reason_id"]))
if module.params["follow_up"] and (found_offense["follow_up"] !=
module.params["follow_up"]):
post_strs.append("follow_up={0}".format(
module.params["follow_up"]))
if module.params["protected"] and (found_offense["protected"] !=
module.params["protected"]):
post_strs.append("protected={0}".format(
module.params["protected"]))
if post_strs:
if module.check_mode:
module.exit_json(
msg=
"A change would have been made but was not because of Check Mode.",
changed=True,
)
qradar_return_data = qradar_request.post_by_path(
"api/siem/offenses/{0}?{1}".format(module.params["id"],
"&".join(post_strs)))
# FIXME - handle the scenario in which we can search by name and this isn't a required param anymore
module.exit_json(
msg="Successfully updated Offense ID: {0}".format(
module.params["id"]),
qradar_return_data=qradar_return_data,
changed=True,
)
else:
module.exit_json(msg="No changes necessary. Nothing to do.",
changed=False)
else:
# FIXME - handle the scenario in which we can search by name and this isn't a required param anymore
module.fail_json(
msg="Unable to find Offense ID: {0}".format(module.params["id"]))
def main():
argspec = dict(
id=dict(required=False, type="int"),
name=dict(required=False, type="str"),
assigned_to=dict(required=False, type="str"),
closing_reason=dict(required=False, type="str"),
closing_reason_id=dict(required=False, type="int"),
follow_up=dict(required=False, type="bool", default=None),
protected=dict(required=False, type="bool", default=None),
status=dict(
required=False,
choices=["open", "OPEN", "hidden", "HIDDEN", "closed", "CLOSED"],
default="open",
type="str",
),
)
module = AnsibleModule(
argument_spec=argspec,
mutually_exclusive=[("closing_reason", "closing_reason_id")],
supports_check_mode=True,
)
qradar_request = QRadarRequest(
module,
headers={
"Content-Type": "application/json",
"Version": "9.1"
},
not_rest_data_keys=["name", "id", "assigned_to", "closing_reason"],
)
# if module.params['name']:
# # FIXME - QUERY HERE BY NAME NATIVELY VIA REST API (DOESN'T EXIST YET)
# found_offense = qradar_request.get_by_path('api/siem/offenses?filter={0}'.format(module.params['name']))
set_offense_values(module, qradar_request)
if module.params["id"]:
offenses = qradar_request.get_by_path("api/siem/offenses/{0}".format(
module.params["id"]))
else:
query_strs = []
if module.params["status"]:
query_strs.append(
quote("status={0}".format(to_text(module.params["status"]))))
if module.params["assigned_to"]:
query_strs.append(
quote("assigned_to={0}".format(module.params["assigned_to"])))
if module.params["closing_reason_id"]:
query_strs.append(
quote("closing_reason_id={0}".format(
module.params["closing_reason_id"])))
if module.params["follow_up"] is not None:
query_strs.append(
quote("follow_up={0}".format(module.params["follow_up"])))
if module.params["protected"] is not None:
query_strs.append(
quote("protected={0}".format(module.params["protected"])))
if query_strs:
offenses = qradar_request.get_by_path(
"api/siem/offenses?filter={0}".format("&".join(query_strs)))
else:
offenses = qradar_request.get_by_path("api/siem/offenses")
if module.params["name"]:
named_offense = find_dict_in_list(offenses, "description",
module.params["name"])
if named_offense:
offenses = named_offense
else:
offenses = []
module.exit_json(offenses=offenses, changed=False)