Skip to content

Commit 20ccd16

Browse files
carlosmmatoscarlosmmatos
authored
feat(container-image-pull): add override ability to copy operation for destination path (#400)
1 parent a49f2c7 commit 20ccd16

File tree

2 files changed

+40
-4
lines changed

2 files changed

+40
-4
lines changed

bash/containers/falcon-container-sensor-pull/README.md

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,7 @@ Optional Flags:
8181
-f, --cid <FALCON_CID> Falcon Customer ID
8282
-r, --region <FALCON_CLOUD> Falcon Cloud Region [us-1|us-2|eu-1|us-gov-1] (Default: us-1)
8383
-c, --copy <REGISTRY/NAMESPACE> Registry to copy the image to, e.g., myregistry.com/mynamespace
84+
By default, the image name is appended. Use --copy-omit-image-name to override behavior.
8485
-v, --version <SENSOR_VERSION> Specify sensor version to retrieve from the registry
8586
-p, --platform <SENSOR_PLATFORM> Specify sensor platform to retrieve, e.g., x86_64, aarch64
8687
-t, --type <SENSOR_TYPE> Specify which sensor to download (Default: falcon-container)
@@ -99,6 +100,7 @@ Optional Flags:
99100
100101
--runtime <RUNTIME> Use a different container runtime [docker, podman, skopeo] (Default: docker)
101102
--dump-credentials Print registry credentials to stdout to copy/paste into container tools
103+
--copy-omit-image-name Omit the image name from the destination path when copying
102104
--get-image-path Get the full image path including the registry, repository, and latest tag for the specified SENSOR_TYPE
103105
--get-pull-token Get the pull token of the selected SENSOR_TYPE for Kubernetes
104106
--get-cid Get the CID assigned to the API Credentials
@@ -121,14 +123,15 @@ Help Options:
121123
| `-f`, `--cid <FALCON_CID>` | `$FALCON_CID` | `None` (Optional) | CrowdStrike Customer ID (CID). *If not provided, CID will be auto-detected.* |
122124
| `-u`, `--client-id <FALCON_CLIENT_ID>` | `$FALCON_CLIENT_ID` | `None` (Required) | CrowdStrike API Client ID |
123125
| `-s`, `--client-secret <FALCON_CLIENT_SECRET>` | `$FALCON_CLIENT_SECRET` | `None` (Required) | CrowdStrike API Client Secret |
124-
| `-r`, `--region <FALCON_CLOUD>` | `$FALCON_CLOUD` | `us-1` (Optional) | CrowdStrike Region. \**Auto-discovery is only available for [`us-1, us-2, eu-1`] regions.* |
125-
| `-c`, `--copy <REGISTRY/NAMESPACE>` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace` |
126+
| `-r`, `--region <FALCON_CLOUD>` | `$FALCON_CLOUD` | `us-1` (Optional) | CrowdStrike Region. <br>\**Auto-discovery is only available for [`us-1, us-2, eu-1`] regions.* |
127+
| `-c`, `--copy <REGISTRY/NAMESPACE>` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace`. <br> *\*By default, the image name is appended. Use `--copy-omit-image-name` to override behavior.* |
126128
| `-v`, `--version <SENSOR_VERSION>` | `$SENSOR_VERSION` | `None` (Optional) | Specify sensor version to retrieve from the registry |
127129
| `-p`, `--platform <SENSOR_PLATFORM>` | `$SENSOR_PLATFORM` | `None` (Optional) | Specify sensor platform to retrieve from the registry |
128130
| `-t`, `--type <SENSOR_TYPE>` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `falcon-imageanalyzer`, `kpagent`, `fcs`, `falcon-jobcontroller`, `falcon-registryassessmentexecutor`] ([see more details below](#sensor-types)) |
129131
| `--runtime` | `$CONTAINER_TOOL` | `docker` (Optional) | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**. |
130132
| `--dump-credentials` | `$CREDS` | `False` (Optional) | Print registry credentials to stdout to copy/paste into container tools |
131133
| `--get-image-path` | N/A | `None` | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`. |
134+
| `--copy-omit-image-name` | N/A | `None` | Omit the image name from the destination path when copying |
132135
| `--get-pull-token` | N/A | `None` | Get the pull token of the selected `SENSOR_TYPE` for Kubernetes. |
133136
| `--get-cid` | N/A | `None` | Get the CID assigned to the API Credentials. |
134137
| `--list-tags` | `$LISTTAGS` | `False` (Optional) | List all tags available for the selected sensor |
@@ -237,15 +240,33 @@ The following example will dump the credentials to stdout to copy/paste into con
237240

238241
The following example will copy the `falcon-sensor` multi-arch image to a different registry using Skopeo.
239242

243+
> Default behavior (appends image name to destination):
244+
240245
```shell
241246
./falcon-container-sensor-pull.sh \
242247
--client-id <FALCON_CLIENT_ID> \
243248
--client-secret <FALCON_CLIENT_SECRET> \
244249
--type falcon-sensor \
245-
--copy myregistry.com/mynamespace
250+
--copy myregistry.com/mynamespace \
246251
--runtime skopeo
247252
```
248253

254+
Results in: `myregistry.com/mynamespace/falcon-sensor:<tag>`
255+
256+
> To copy to an exact destination path without appending the sensor type image name:
257+
258+
```shell
259+
./falcon-container-sensor-pull.sh \
260+
--client-id <FALCON_CLIENT_ID> \
261+
--client-secret <FALCON_CLIENT_SECRET> \
262+
--type falcon-sensor \
263+
--copy myregistry.com/mynamespace/myfalcon-sensor \
264+
--copy-omit-image-name \
265+
--runtime skopeo
266+
```
267+
268+
Results in: `myregistry.com/mynamespace/myfalcon-sensor:<tag>`
269+
249270
#### Example copying multi-arch image for a specific platform
250271

251272
The following example will copy the `falcon-sensor` multi-arch image for the `aarch64` platform to a different registry using Skopeo.

bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ Optional Flags:
2020
-f, --cid <FALCON_CID> Falcon Customer ID
2121
-r, --region <FALCON_CLOUD> Falcon Cloud Region [us-1|us-2|eu-1|us-gov-1] (Default: us-1)
2222
-c, --copy <REGISTRY/NAMESPACE> Registry to copy the image to, e.g., myregistry.com/mynamespace
23+
By default, the image name is appended. Use --copy-omit-image-name to override behavior.
2324
-v, --version <SENSOR_VERSION> Specify sensor version to retrieve from the registry
2425
-p, --platform <SENSOR_PLATFORM> Specify sensor platform to retrieve, e.g., x86_64, aarch64
2526
-t, --type <SENSOR_TYPE> Specify which sensor to download (Default: falcon-container)
@@ -38,6 +39,7 @@ Optional Flags:
3839
3940
--runtime <RUNTIME> Use a different container runtime [docker, podman, skopeo] (Default: docker)
4041
--dump-credentials Print registry credentials to stdout to copy/paste into container tools
42+
--copy-omit-image-name Omit the image name from the destination path when copying
4143
--get-image-path Get the full image path including the registry, repository, and latest tag for the specified SENSOR_TYPE
4244
--get-pull-token Get the pull token of the selected SENSOR_TYPE for Kubernetes
4345
--get-cid Get the CID assigned to the API Credentials
@@ -138,6 +140,11 @@ while [ $# != 0 ]; do
138140
GETIMAGEPATH=true
139141
fi
140142
;;
143+
--copy-omit-image-name)
144+
if [ -n "${1}" ]; then
145+
COPY_OMIT_IMAGE_NAME=true
146+
fi
147+
;;
141148
--get-pull-token)
142149
if [ -n "${1}" ]; then
143150
PULLTOKEN=true
@@ -719,8 +726,16 @@ if [ "$GETIMAGEPATH" ]; then
719726
exit 0
720727
fi
721728

729+
if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ] && [ -z "${COPY}" ]; then
730+
die "--copy-omit-image-name requires -c, --copy to be specified"
731+
fi
732+
722733
# Construct destination path
723-
COPYPATH="$COPY/$IMAGE_NAME:$LATESTSENSOR"
734+
if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ]; then
735+
COPYPATH="$COPY:$LATESTSENSOR"
736+
else
737+
COPYPATH="$COPY/$IMAGE_NAME:$LATESTSENSOR"
738+
fi
724739

725740
# Handle multi-arch images first
726741
if [ "$(is_multi_arch "$FULLIMAGEPATH")" = "true" ]; then

0 commit comments

Comments
 (0)