From 96dc5d849929898829cdab5675ada46ecd52ecc4 Mon Sep 17 00:00:00 2001
From: Gabe Alford <redhatrises@gmail.com>
Date: Mon, 2 Dec 2024 14:50:54 -0700
Subject: [PATCH 1/3] chore: prefer host retention policies over hide_host

---
 README.md                                     | 2 +-
 changelogs/prefer-host-retention-policies.yml | 2 ++
 plugins/lookup/host_ids.py                    | 7 -------
 plugins/modules/host_hide.py                  | 4 ++++
 roles/falcon_uninstall/README.md              | 2 ++
 roles/falcon_uninstall/tasks/main.yml         | 1 +
 6 files changed, 10 insertions(+), 8 deletions(-)
 create mode 100644 changelogs/prefer-host-retention-policies.yml

diff --git a/README.md b/README.md
index 9a3407fe..a7bf496c 100644
--- a/README.md
+++ b/README.md
@@ -53,7 +53,7 @@ Name | Description
 [crowdstrike.falcon.auth](https://crowdstrike.github.io/ansible_collection_falcon/auth_module.html)|Manage Authentication with Falcon API
 [crowdstrike.falcon.cid_info](https://crowdstrike.github.io/ansible_collection_falcon/cid_info_module.html)|Get CID with checksum
 [crowdstrike.falcon.host_contain](https://crowdstrike.github.io/ansible_collection_falcon/host_contain_module.html)|Network contain hosts in Falcon
-[crowdstrike.falcon.host_hide](https://crowdstrike.github.io/ansible_collection_falcon/host_hide_module.html)|Hide/Unhide hosts from the Falcon console
+[crowdstrike.falcon.host_hide](https://crowdstrike.github.io/ansible_collection_falcon/host_hide_module.html)|Hide/Unhide hosts from the Falcon console. Preference should be given to using `Host Retention Policies` under `Host Management` in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead.
 [crowdstrike.falcon.host_info](https://crowdstrike.github.io/ansible_collection_falcon/host_info_module.html)|Get information about Falcon hosts
 [crowdstrike.falcon.kernel_support_info](https://crowdstrike.github.io/ansible_collection_falcon/kernel_support_info_module.html)|Get information about kernels supported by the Falcon Sensor for Linux
 [crowdstrike.falcon.sensor_download](https://crowdstrike.github.io/ansible_collection_falcon/sensor_download_module.html)|Download Falcon Sensor Installer
diff --git a/changelogs/prefer-host-retention-policies.yml b/changelogs/prefer-host-retention-policies.yml
new file mode 100644
index 00000000..110612da
--- /dev/null
+++ b/changelogs/prefer-host-retention-policies.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - Preference should be given to using Host Retention Policies under Host Management in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead.
diff --git a/plugins/lookup/host_ids.py b/plugins/lookup/host_ids.py
index 99d031f6..000ec08c 100644
--- a/plugins/lookup/host_ids.py
+++ b/plugins/lookup/host_ids.py
@@ -59,13 +59,6 @@
           'platform_name:"Linux"
           + reduced_functionality_mode:"yes"')
       }}
-
-- name: Hide stale devices that haven't been seen in 15 days (using a filter variable)
-  crowdstrike.falcon.host_hide:
-    hidden: true
-    hosts: "{{ lookup('crowdstrike.falcon.host_ids', stale_filter) }}"
-  vars:
-    stale_filter: 'last_seen:<="now-15d"'
 """
 
 RETURN = r"""
diff --git a/plugins/modules/host_hide.py b/plugins/modules/host_hide.py
index c9a0659f..e7ed1f87 100644
--- a/plugins/modules/host_hide.py
+++ b/plugins/modules/host_hide.py
@@ -44,6 +44,10 @@
   - crowdstrike.falcon.credentials.auth
 
 notes:
+  - While you can use this module to hide or unhide hosts, it is recommended to
+    use the B(Host Retention Policies) in the Falcon console to create policies to
+    manage automatically hiding and deleting hosts in the console instead of using
+    this module.
   - This module handles the 100 hosts per request limit by the Falcon API. This
     means that if more than 100 hosts are passed to the module, it will process
     them in batches of 100 automatically.
diff --git a/roles/falcon_uninstall/README.md b/roles/falcon_uninstall/README.md
index 9988faf5..b891f11c 100644
--- a/roles/falcon_uninstall/README.md
+++ b/roles/falcon_uninstall/README.md
@@ -23,6 +23,8 @@ Uninstalls the CrowdStrike Falcon Sensor.
     - **eu-1** -> api.eu-1.crowdstrike.com
 - `falcon_api_enable_no_log` - Whether to enable or disable the logging of sensitive data being exposed in API calls (bool, default: ***true***)
 - `falcon_remove_host` - Whether to hide/remove the host from the CrowdStrike console (bool, default: false)
+   > `WARNING`:
+   > Please use `Host Retention Policies` under `Host Management` in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead.
 
 ### Windows Specific Variables
 
diff --git a/roles/falcon_uninstall/tasks/main.yml b/roles/falcon_uninstall/tasks/main.yml
index ddb7aaa0..78bf175c 100644
--- a/roles/falcon_uninstall/tasks/main.yml
+++ b/roles/falcon_uninstall/tasks/main.yml
@@ -46,6 +46,7 @@
 - name: Hide host
   when:
     - falcon.auth is defined
+    - falcon_remove_host
     - falcon_uninstall_remove_aid is defined
   block:
     - ansible.builtin.include_tasks: hide_host.yml

From f273d4beb9e7718c3a37ed39e5a3ced3f5b225e9 Mon Sep 17 00:00:00 2001
From: Carlos Matos <carlos.matos@crowdstrike.com>
Date: Tue, 3 Dec 2024 09:59:31 -0500
Subject: [PATCH 2/3] chore: pr review updates

---
 changelogs/fragments/prefer-host-retention-policies.yml | 6 ++++++
 changelogs/prefer-host-retention-policies.yml           | 2 --
 roles/falcon_uninstall/README.md                        | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)
 create mode 100644 changelogs/fragments/prefer-host-retention-policies.yml
 delete mode 100644 changelogs/prefer-host-retention-policies.yml

diff --git a/changelogs/fragments/prefer-host-retention-policies.yml b/changelogs/fragments/prefer-host-retention-policies.yml
new file mode 100644
index 00000000..318f2267
--- /dev/null
+++ b/changelogs/fragments/prefer-host-retention-policies.yml
@@ -0,0 +1,6 @@
+trivial:
+  - host_hide - Preference should be given to using Host Retention Policies under Host Management in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead (https://github.com/CrowdStrike/ansible_collection_falcon/pull/582)
+  - host_ids - Preference should be given to using Host Retention Policies under Host Management in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead (https://github.com/CrowdStrike/ansible_collection_falcon/pull/582)
+
+bugfixes:
+  - falcon_uninstall - add missing when clause for removing host from UI (https://github.com/CrowdStrike/ansible_collection_falcon/pull/582)
diff --git a/changelogs/prefer-host-retention-policies.yml b/changelogs/prefer-host-retention-policies.yml
deleted file mode 100644
index 110612da..00000000
--- a/changelogs/prefer-host-retention-policies.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-minor_changes:
-  - Preference should be given to using Host Retention Policies under Host Management in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead.
diff --git a/roles/falcon_uninstall/README.md b/roles/falcon_uninstall/README.md
index b891f11c..25c00fc2 100644
--- a/roles/falcon_uninstall/README.md
+++ b/roles/falcon_uninstall/README.md
@@ -23,7 +23,7 @@ Uninstalls the CrowdStrike Falcon Sensor.
     - **eu-1** -> api.eu-1.crowdstrike.com
 - `falcon_api_enable_no_log` - Whether to enable or disable the logging of sensitive data being exposed in API calls (bool, default: ***true***)
 - `falcon_remove_host` - Whether to hide/remove the host from the CrowdStrike console (bool, default: false)
-   > `WARNING`:
+   > :warning:
    > Please use `Host Retention Policies` under `Host Management` in the Falcon console which provides more flexibility and customization for automatically hiding and deleting hosts instead.
 
 ### Windows Specific Variables

From 544386b54265c2bb772a73a927091740800b6efd Mon Sep 17 00:00:00 2001
From: Carlos Matos <carlos.matos@crowdstrike.com>
Date: Tue, 3 Dec 2024 12:47:21 -0500
Subject: [PATCH 3/3] ci: remove idempotence as we're more interested in first
 failures

---
 molecule/falcon_uninstall/molecule.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/molecule/falcon_uninstall/molecule.yml b/molecule/falcon_uninstall/molecule.yml
index cc91a7be..8731f2ed 100644
--- a/molecule/falcon_uninstall/molecule.yml
+++ b/molecule/falcon_uninstall/molecule.yml
@@ -34,7 +34,5 @@ scenario:
     - create
     - prepare
     - converge
-    - idempotence
-    - side_effect
     - verify
     - destroy