Added legacy sentinelone_agent role to colleciton

.gitignore

@@ -1,2 +1,3 @@
 tests/output/
 .idea/
+.vscode/

README.md

@@ -22,6 +22,7 @@ It provides several modules which helps to configure and manage SentinelOne Mana
 
 - **Roles:**
   - [install_agent](roles/install_agent/README.md)
+  - [sentinelone_client_legacy](roles/sentinelone_client_legacy/README.md)
 
 ## Requirements
 ### Ansible

roles/sentinelone_client

@@ -0,0 +1 @@
+sentinelone_client_legacy

roles/sentinelone_client_legacy/.config/ansible-lint.yml

@@ -0,0 +1,5 @@
+---
+skip_list:
+  - fqcn-builtins
+  - command-instead-of-module
+  - no-changed-when

roles/sentinelone_client_legacy/.gitignore

@@ -0,0 +1,3 @@
+*.rpm
+*.deb
+__pycache__

roles/sentinelone_client_legacy/.markdownlint.yml

@@ -0,0 +1,9 @@
+---
+"MD013": false  # line-length
+"MD014": false  # show commands output
+"MD024": false  # duplicate headings
+"MD025": false  # multiple top-level headings in the same document
+"MD026": false  # no trailing punction (? at the end)
+"MD033": false  # inline HTML
+"MD036": true   # no emphasis as heading (command descriptions)
+"MD041": false  # leading comments (beginning not heading)

roles/sentinelone_client_legacy/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+      - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

roles/sentinelone_client_legacy/.yamllint

@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable

roles/sentinelone_client_legacy/README.md

@@ -0,0 +1,61 @@
+# sentinelone_client_legacy (Alias: sentinelone_client)
+
+**This role was merged to this collection from the Ansible role [sentinelone_client](https://github.com/stdevel/ansible-sentinelone_client) by [@stdevel](https://github.com/stdevel).**
+
+For greater flexibility, it’s recommended to use the install_agent role if you have access to both the management console and an API access token. However, if you don’t have console access and need to install the agent packages from an alternate source, this role is designed for that scenario. Please note that the agent package must be accessible via a web server to use this role.
+
+Installs and registers the SentinelOne Endpoint agent with provided os packages (linux only).
+
+## Requirements
+
+No requirements.
+
+## Role Variables
+
+| Variable | Default | Description |
+| -------- | ------- | ----------- |
+| `sentinelone_client_filename` | *(empty)* | Package file to install |
+| `sentinelone_client_token` | *(empty)* | Group/Site token |
+| `sentinelone_client_gpgkey` | *(empty)* | GPG signing key to import |
+
+## Dependencies
+
+No dependencies.
+
+## Example Playbook
+
+```yml
+- hosts: clients
+  roles:
+    - role: sva.sentinelone.sentinelone_client_legacy
+      sentinelone_client_filename: SentinelAgent_linux_v21_10_3_3.rpm
+      sentinelone_client_token: trustno1
+```
+
+Repository installation:
+
+```yml
+- hosts: clients
+  roles:
+    - role: sva.sentinelone.sentinelone_client_legacy
+      sentinelone_client_filename: https://simone.giertz.dev/SentinelAgent_linux_v13_37.deb
+      sentinelone_client_token: trustno1
+```
+
+## Development / testing
+
+Use [Ansible Molecule](https://molecule.readthedocs.io/en/latest/index.html) for running tests:
+
+```shell
+$ molecule create
+$ molecule converge
+$ molecule verify
+```
+
+## License
+
+BSD
+
+## Author Information
+
+Christian Stankowic

roles/sentinelone_client_legacy/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+sentinelone_client_token: ''
+sentinelone_client_gpgkey: ''

roles/sentinelone_client_legacy/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Create initialization file
+  ansible.builtin.file:
+    path: /opt/sentinelone/.INITIALIZATION_COMPLETE
+    owner: root
+    group: root
+    mode: '0644'
+    state: touch
+  become: true

roles/sentinelone_client_legacy/meta/main.yml

@@ -0,0 +1,33 @@
+galaxy_info:
+  role_name: sentinelone_client
+  author: Christian Stankowic
+  description: Installs the SentinelOne agent on linux
+  license: BSD-3-Clause
+
+  min_ansible_version: '2.10'
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: Ubuntu
+    - name: Fedora
+    - name: Debian
+    - name: EL
+      versions:
+        - '8'
+
+
+  galaxy_tags:
+    - sentinelone
+    - sentinel
+    - antivirus
+    - legacy
+
+dependencies: []

roles/sentinelone_client_legacy/molecule/default/INSTALL.rst

@@ -0,0 +1,23 @@
+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule_vagrant'

roles/sentinelone_client_legacy/molecule/default/README.md

@@ -0,0 +1,16 @@
+# Testing
+
+In order to test the role you'll need Ansible, Molecule and a supported provider such as Vagrant.
+
+If you also want to test registration, add the following line to [`converge.yml`](converge.yml):
+
+```yml
+sentinelone_client_token: "..."
+```
+
+Copy the SentinelONE installation files (`sentinelone_latest.deb`, `sentinelone_latest.rpm`) into this directory and run `molecule`:
+
+```shell
+$ molecule create
+$ molecule converge
+```

roles/sentinelone_client_legacy/molecule/default/converge.yml

@@ -0,0 +1,24 @@
+---
+- name: Converge
+  hosts: all
+  pre_tasks:
+    - name: Set SentinelONE client installation file (Debian)
+      ansible.builtin.set_fact:
+        file_sentinelone: sentinelone_latest.deb
+      when: ansible_os_family == 'Debian'
+
+    - name: Set SentinelONE client installation file (Red Hat)
+      ansible.builtin.set_fact:
+        file_sentinelone: sentinelone_latest.rpm
+      when: ansible_os_family == 'RedHat'
+
+    - name: Set SentinelONE client installation file (SUSE)
+      ansible.builtin.set_fact:
+        file_sentinelone: sentinelone_latest.rpm
+      when: ansible_os_family == 'Suse'
+
+  roles:
+    - role: sva.sentinelone.sentinelone_client_legacy
+      sentinelone_client_filename: "{{ file_sentinelone }}"
+      # sentinelone_client_token: '...'
+      # sentinelone_client_gpgkey: '...'

roles/sentinelone_client_legacy/molecule/default/molecule.yml

@@ -0,0 +1,22 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: vagrant
+platforms:
+  - name: s1-ubuntu
+    box: generic/ubuntu2204
+  - name: s1-fedora
+    box: generic/fedora38
+  - name: s1-almalinux
+    box: almalinux/9
+  - name: s1-opensuse
+    box: opensuse/Tumbleweed.x86_64
+provisioner:
+  name: ansible
+verifier:
+  name: testinfra
+lint: |
+  yamllint .
+  ansible-lint
+  flake8

roles/sentinelone_client_legacy/molecule/default/tests/conftest.py

@@ -0,0 +1,23 @@
+"""PyTest Fixtures."""
+from __future__ import absolute_import
+
+import os
+
+import pytest
+
+
+def pytest_runtest_setup(item):
+    """Run tests only when under molecule with testinfra installed."""
+    try:
+        import testinfra
+    except ImportError:
+        pytest.skip("Test requires testinfra", allow_module_level=True)
+    if "MOLECULE_INVENTORY_FILE" in os.environ:
+        pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+            os.environ["MOLECULE_INVENTORY_FILE"]
+        ).get_hosts("all")
+    else:
+        pytest.skip(
+            "Test should run only from inside molecule.",
+            allow_module_level=True
+        )

roles/sentinelone_client_legacy/molecule/default/tests/test_default.py

@@ -0,0 +1,42 @@
+"""
+Role unit tests
+"""
+
+
+def test_packages(host):
+    """
+    Ensure that packages are installed
+    """
+    os = host.ansible("setup")["ansible_facts"]["ansible_os_family"].lower()
+    if os == "debian":
+        pkg = 'sentinelagent'
+    else:
+        pkg = 'SentinelAgent'
+    assert host.package(pkg).is_installed
+
+
+def test_service(host):
+    """
+    Ensure that service is enabled and running
+    """
+    srv = 'sentinelone.service'
+    _srv = host.service(srv)
+    assert _srv.is_enabled
+    assert _srv.is_running
+
+
+def test_registration(host):
+    """
+    Ensure that registration has succeeded
+    """
+    with host.sudo():
+        cmd = host.run(
+            "sentinelctl management status"
+        ).stdout.strip().split("\n")
+        # check that URL and UUID are not undefined
+        _url = [x for x in cmd if "URL" in x]
+        _uuid = [x for x in cmd if "UUID" in x]
+        _connect = [x for x in cmd if "Connectivity" in x]
+        assert "undefined" not in _url[0]
+        assert "undefined" not in _uuid[0]
+        assert "Off" not in _connect[0]

roles/sentinelone_client_legacy/tasks/digest.yml

@@ -0,0 +1,11 @@
+---
+- name: Gather RPM package version
+  ansible.builtin.command: "rpm -qp --queryformat '%{VERSION}' /tmp/{{ sentinelone_client_filename | basename }}"
+  register: sentinelone_client_rpm_version
+  changed_when: false
+
+- name: Set nodigest flag, if required
+  ansible.builtin.set_fact:
+    sentinelone_client_digest: '--nodigest'
+  when:
+    - "sentinelone_client_rpm_version.stdout is version('23.3.2.12', '<')"

roles/sentinelone_client_legacy/tasks/install_debian.yml

@@ -0,0 +1,12 @@
+---
+- name: Import GPG key
+  ansible.builtin.apt_key:
+    url: "{{ sentinelone_client_gpgkey }}"
+  become: true
+  when: sentinelone_client_gpgkey
+
+- name: Install package
+  ansible.builtin.apt:
+    deb: "/tmp/{{ sentinelone_client_filename | basename }}"
+    update_cache: true
+  become: true