Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ BUG ] 409 Rule group version mismatch error when updating rule group #212

Closed
scottzach1 opened this issue Oct 10, 2024 · 1 comment · Fixed by #216
Closed

[ BUG ] 409 Rule group version mismatch error when updating rule group #212

scottzach1 opened this issue Oct 10, 2024 · 1 comment · Fixed by #216
Assignees
Labels
bug 🐛 Something isn't working

Comments

@scottzach1
Copy link

Bug Report Template

Rule group version mismatch error when updating IOA rule group rules.

Describe the bug

I receive a 409 'rule group version mismatch, reload data and try again' when attempting to update existing rules for an IOA rule group.

It appears to be due to the client locally incrementing the version when submitting custom_ioa_api.update_rules().

To Reproduce

import logging
import os

import caracara

logging.basicConfig(level=logging.INFO)

client = caracara.Client(
    client_id=os.getenv('FALCON_CLIENT_ID'),
    client_secret=os.getenv('FALCON_CLIENT_SECRET'),
)

rule_group = client.custom_ioas.describe_rule_groups()["effa63e3d7ce4a95aa6abdb128225ecc"]

client.custom_ioas.update_rule_group(rule_group)
INFO:caracara.client:Setting up the Caracara client and configuring authentication
INFO:caracara.client:Client ID: XXXXX; Cloud: auto; Member CID: None
INFO:caracara.client:Base URL: US1
INFO:caracara.client:Requesting API token
INFO:caracara.client:Resolved Base URL: https://api.us-2.crowdstrike.com
INFO:caracara.client:Caracara client configured
INFO:caracara.modules.CustomIoaApiModule:Describing all Falcon IOA Rule Groups matching filter: None
INFO:caracara.modules.CustomIoaApiModule.caracara.common.pagination:Pagination Style 1: Grabbing all pages from the partial handle_errors function (limit: 100)
INFO:caracara.modules.CustomIoaApiModule.caracara.common.pagination:Grabbing first batch of items 1 to up to 100
INFO:caracara.modules.CustomIoaApiModule.caracara.common.pagination:Retrieved a batch of 3 items
INFO:caracara.modules.CustomIoaApiModule.caracara.common.pagination:Total number of resources: 3
INFO:caracara.modules.CustomIoaApiModule.caracara.common.pagination:Pagination Style 1: Grabbing all pages from the handle_errors function (limit: 100)
INFO:caracara.modules.CustomIoaApiModule.caracara.common.pagination:Grabbing first batch of items 1 to up to 100
INFO:caracara.modules.CustomIoaApiModule.caracara.common.pagination:Retrieved a batch of 9 items
INFO:caracara.modules.CustomIoaApiModule.caracara.common.pagination:Total number of resources: 9
INFO:caracara.common.batching:Batch data retrieval for handle_errors (9 items)
INFO:caracara.common.batching:Divided the item IDs into 1 batches
INFO:caracara.common.batching:ThreadPoolExecutor-0_0 | Batch worker started with a list of 9 items. Function: handle_errors
INFO:caracara.common.batching:ThreadPoolExecutor-0_0 | Retrieved 9 resources
Traceback (most recent call last):
  File "/home/zaci/PycharmProjects/Caracara-Bug/scripts/reproduce.py", line 15, in <module>
    client.custom_ioas.update_rule_group(rule_group)
  File "/home/zaci/PycharmProjects/Caracara-Bug/.venv/lib/python3.10/site-packages/caracara/modules/custom_ioa/custom_ioa.py", line 134, in update_rule_group
    new_group = self._create_update_delete_rules(new_group, comment=comment)
  File "/home/zaci/PycharmProjects/Caracara-Bug/.venv/lib/python3.10/site-packages/caracara/modules/custom_ioa/custom_ioa.py", line 183, in _create_update_delete_rules
    response = instr(self.custom_ioa_api.update_rules)(body={
  File "/home/zaci/PycharmProjects/Caracara-Bug/.venv/lib/python3.10/site-packages/caracara/modules/custom_ioa/custom_ioa.py", line 29, in handle_errors
    raise ValueError(errors)
ValueError: [{'code': 409, 'message': 'rule group version mismatch, reload data and try again'}]

image

Expected behavior

The version id should not be incremented when there are no changes to the rule group.

Environment

Operating System Version

Linux arch 6.11.2-arch1-1 #\1 SMP PREEMPT_DYNAMIC Fri, 04 Oct 2024 21:51:11 +0000 x86_64 GNU/Linux

Python Version

Python 3.10.14

Poetry Version

1.8.3

Python Package Versions

caracara==0.8.0
caracara-filters==0.2.0
crowdstrike-falconpy==1.4.5

Additional context

I am able to stop the error by removing the increment in custom_ioa.py.

"rulegroup_version": group.version + 1,

        # Update the existing rules, if there are any
        if len(existing_rules) > 0:
            response = instr(self.custom_ioa_api.update_rules)(body={
                "comment": comment,
                "rule_updates": [rule.dump_update() for rule in existing_rules],
-                "rulegroup_version": group.version + 1,
+                "rulegroup_version": group.version,
                "rulegroup_id": group.id_,
            })
            raw_group = response["body"]["resources"][0]
@scottzach1 scottzach1 added the bug 🐛 Something isn't working label Oct 10, 2024
@ChristopherHammond13 ChristopherHammond13 self-assigned this Oct 16, 2024
@ChristopherHammond13
Copy link
Member

Thank you so much for raising this! You're right that we do not handle the case where a rule is submitted but has not been changed in this library. Assigning myself because this is a case that we should handle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug 🐛 Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants