to update exclusions do put-request

before we did delete and create new add API url to error_msg when api_call fails
svalabs · Feb 19, 2025 · 848a80f · 848a80f
1 parent bdd1a04
commit 848a80f
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 8 deletions.
diff --git a/plugins/module_utils/sentinelone/sentinelone_base.py b/plugins/module_utils/sentinelone/sentinelone_base.py
@@ -120,7 +120,7 @@ def api_call(self, module: AnsibleModule, api_endpoint: str, http_method: str =
 
         body = kwargs.get("body", {})
 
-        error_msg = kwargs.get("error_msg", "API call failed.")
+        error_msg = f'{kwargs.get("error_msg", "API call failed.")} API-Endpoint: {api_endpoint}'
 
         retry_count = 0
         try:

diff --git a/plugins/modules/sentinelone_path_exclusions.py b/plugins/modules/sentinelone_path_exclusions.py
@@ -371,7 +371,10 @@ def get_current_exclusions(self, current_group_ids: list, exclusion_path: str, m
         """
 
         api_url = self.api_endpoint_exclusions + (f"?siteIds={quote_plus(self.site_id)}&"
-                                                  f"value={quote_plus(exclusion_path)}&type=path")
+                                                  f"value={quote_plus(exclusion_path)}&"
+                                                  f"osTypes={quote_plus(self.os_type)}&"
+                                                  f"type=path"
+                                                  )
         if current_group_ids:
             # Scope is group level
             api_url += f"&groupIds={quote_plus(','.join(current_group_ids))}"
@@ -404,6 +407,26 @@ def delete_exclusions(self, module: AnsibleModule):
 
         return response
 
+    def update_exclusions(self, module: AnsibleModule, exclusion_id):
+        """
+        Update exclusions
+
+        :param module: Ansible module for error handling
+        :type module: AnsibleModule
+        :return: API response of the create query
+        :rtype: dict
+        """
+        api_url = self.api_endpoint_exclusions
+        update_body = self.get_desired_state_exclusion_body()
+        update_body['data']['id'] = exclusion_id
+        error_msg = "Failed to update exclusions."
+        response = self.api_call(module, api_url, "PUT", body=update_body, error_msg=error_msg)
+
+        if len(response['data']) == 0:
+            module.fail_json(msg="Exclusions could not be updated - API result was empty")
+
+        return response
+
     def create_exclusions(self, module: AnsibleModule):
         """
         Create exclusions
@@ -504,7 +527,7 @@ def run_module():
                         # Get name for group with group_id
                         group_name = list(filter(lambda filterobj: filterobj[0] == group_id,
                                                  current_group_ids_names))[0][1]
-                        diffs.append({'changes': dict(diff), 'groupId': group_id})
+                        diffs.append({'changes': dict(diff), 'groupId': group_id, "exclusion_id": current_exclusion['id']})
                         basic_message.append(f"Exclusion exists in group {group_name} but is not up-to-date. "
                                              f"Updating exclusion.")
             else:
@@ -524,22 +547,32 @@ def run_module():
                 current_exclusion = current_exclusions['data'][0]
                 diff = exclusion_obj.merge_compare(current_exclusion, desired_state_exclusion['data'])[0]
                 if diff:
-                    diffs.append({'changes': dict(diff), 'siteId': current_exclusion['scope']['siteIds']})
+                    diffs.append({'changes': dict(diff),
+                                  'siteId': current_exclusion['scope']['siteIds'],
+                                  'exclusion_id': current_exclusion['id']
+                                  })
                     basic_message.append(f"Exclusion exists in site {site_name} but is not up-to-date. "
                                          f"Updating exclusion.")
 
         if diffs:
-            # Delete Exclusions
-            exclusion_obj.delete_exclusions(module)
+            if diffs[0].get('exclusion_id'):
+                # Update Exclusions
+                exclusion_obj.update_exclusions(module, exclusion_id=diffs[0]['exclusion_id'])
 
-            # Create Exclusions
-            exclusion_obj.create_exclusions(module)
+            else:
+                # Create Exclusions
+                exclusion_obj.create_exclusions(module)
+
+        else:
+            basic_message.append(f"Nothing to change, all desired changes are already set")
 
     else:
         if current_exclusions['pagination']['totalItems'] != 0:
             # Exclusions should be deleted
             exclusion_obj.delete_exclusions(module)
             diffs.append({'changes': 'Deleted all exclusions in Scope'})
+        else:
+            basic_message.append(f"Nothing to change, exclusion does not exist")
 
     result = dict(
         changed=False,