Skip to content

Commit da43e37

Browse files
carlosmmatoscarlosmmatos
authored
feat(container-pull): add ability to add custom tag when copying to a registry (#406)
1 parent 86ff516 commit da43e37

File tree

2 files changed

+70
-12
lines changed

2 files changed

+70
-12
lines changed

bash/containers/falcon-container-sensor-pull/README.md

+39-5
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,8 @@ Optional Flags:
8181
-f, --cid <FALCON_CID> Falcon Customer ID
8282
-r, --region <FALCON_CLOUD> Falcon Cloud Region [us-1|us-2|eu-1|us-gov-1] (Default: us-1)
8383
-c, --copy <REGISTRY/NAMESPACE> Registry to copy the image to, e.g., myregistry.com/mynamespace
84-
By default, the image name is appended. Use --copy-omit-image-name to override behavior.
84+
By default, the image name and tag are appended. Use --copy-omit-image-name
85+
and/or --copy-custom-tag to change that behavior.
8586
-v, --version <SENSOR_VERSION> Specify sensor version to retrieve from the registry
8687
-p, --platform <SENSOR_PLATFORM> Specify sensor platform to retrieve, e.g., x86_64, aarch64
8788
-t, --type <SENSOR_TYPE> Specify which sensor to download (Default: falcon-container)
@@ -100,7 +101,8 @@ Optional Flags:
100101
101102
--runtime <RUNTIME> Use a different container runtime [docker, podman, skopeo] (Default: docker)
102103
--dump-credentials Print registry credentials to stdout to copy/paste into container tools
103-
--copy-omit-image-name Omit the image name from the destination path when copying
104+
--copy-omit-image-name Omit the image name from the destination path when copying (requires -c, --copy)
105+
--copy-custom-tag <TAG> Use custom tag when copying image (requires -c, --copy)
104106
--get-image-path Get the full image path including the registry, repository, and latest tag for the specified SENSOR_TYPE
105107
--get-pull-token Get the pull token of the selected SENSOR_TYPE for Kubernetes
106108
--get-cid Get the CID assigned to the API Credentials
@@ -123,15 +125,16 @@ Help Options:
123125
| `-f`, `--cid <FALCON_CID>` | `$FALCON_CID` | `None` (Optional) | CrowdStrike Customer ID (CID). *If not provided, CID will be auto-detected.* |
124126
| `-u`, `--client-id <FALCON_CLIENT_ID>` | `$FALCON_CLIENT_ID` | `None` (Required) | CrowdStrike API Client ID |
125127
| `-s`, `--client-secret <FALCON_CLIENT_SECRET>` | `$FALCON_CLIENT_SECRET` | `None` (Required) | CrowdStrike API Client Secret |
126-
| `-r`, `--region <FALCON_CLOUD>` | `$FALCON_CLOUD` | `us-1` (Optional) | CrowdStrike Region. <br>\**Auto-discovery is only available for [`us-1, us-2, eu-1`] regions.* |
127-
| `-c`, `--copy <REGISTRY/NAMESPACE>` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace`. <br> *\*By default, the image name is appended. Use `--copy-omit-image-name` to override behavior.* |
128+
| `-r`, `--region <FALCON_CLOUD>` | `$FALCON_CLOUD` | `us-1` (Optional) | CrowdStrike Region. <br>\**Auto-discovery is only available for [`us-1, us-2, eu-1`] regions.* |
129+
| `-c`, `--copy <REGISTRY/NAMESPACE>` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace`. <br> *\*By default, the image name and tag are appended. Use `--copy-omit-image-name` and/or `--copy-custom-tag` to change that behavior.* |
128130
| `-v`, `--version <SENSOR_VERSION>` | `$SENSOR_VERSION` | `None` (Optional) | Specify sensor version to retrieve from the registry |
129131
| `-p`, `--platform <SENSOR_PLATFORM>` | `$SENSOR_PLATFORM` | `None` (Optional) | Specify sensor platform to retrieve from the registry |
130132
| `-t`, `--type <SENSOR_TYPE>` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `falcon-imageanalyzer`, `kpagent`, `fcs`, `falcon-jobcontroller`, `falcon-registryassessmentexecutor`] ([see more details below](#sensor-types)) |
131133
| `--runtime` | `$CONTAINER_TOOL` | `docker` (Optional) | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**. |
132134
| `--dump-credentials` | `$CREDS` | `False` (Optional) | Print registry credentials to stdout to copy/paste into container tools |
133135
| `--get-image-path` | N/A | `None` | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`. |
134-
| `--copy-omit-image-name` | N/A | `None` | Omit the image name from the destination path when copying |
136+
| `--copy-omit-image-name` | N/A | `None` | Omit the image name from the destination path when copying (requires -c, --copy) |
137+
| `--copy-custom-tag <TAG>` | N/A | `None` | Use custom tag when copying image (requires -c, --copy) |
135138
| `--get-pull-token` | N/A | `None` | Get the pull token of the selected `SENSOR_TYPE` for Kubernetes. |
136139
| `--get-cid` | N/A | `None` | Get the CID assigned to the API Credentials. |
137140
| `--list-tags` | `$LISTTAGS` | `False` (Optional) | List all tags available for the selected sensor |
@@ -267,6 +270,37 @@ Results in: `myregistry.com/mynamespace/falcon-sensor:<tag>`
267270

268271
Results in: `myregistry.com/mynamespace/myfalcon-sensor:<tag>`
269272

273+
#### Example copying an image with a custom tag
274+
275+
The following example will copy the `falcon-container` image to a different registry using a custom tag instead of the default version tag:
276+
277+
```shell
278+
./falcon-container-sensor-pull.sh \
279+
--client-id <FALCON_CLIENT_ID> \
280+
--client-secret <FALCON_CLIENT_SECRET> \
281+
--type falcon-container \
282+
--copy myregistry.com/mynamespace \
283+
--copy-custom-tag v1.2.3-custom \
284+
--runtime docker
285+
```
286+
287+
Results in: `myregistry.com/mynamespace/falcon-container:latest`
288+
289+
You can also combine this with other options:
290+
291+
```shell
292+
./falcon-container-sensor-pull.sh \
293+
--client-id <FALCON_CLIENT_ID> \
294+
--client-secret <FALCON_CLIENT_SECRET> \
295+
--type falcon-sensor \
296+
--copy myregistry.com/mynamespace/custom-sensor \
297+
--copy-omit-image-name \
298+
--copy-custom-tag v1.2.3-production \
299+
--runtime skopeo
300+
```
301+
302+
Results in: `myregistry.com/mynamespace/custom-sensor:v1.2.3-production`
303+
270304
#### Example copying multi-arch image for a specific platform
271305

272306
The following example will copy the `falcon-sensor` multi-arch image for the `aarch64` platform to a different registry using Skopeo.

bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh

+31-7
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@ Optional Flags:
2020
-f, --cid <FALCON_CID> Falcon Customer ID
2121
-r, --region <FALCON_CLOUD> Falcon Cloud Region [us-1|us-2|eu-1|us-gov-1] (Default: us-1)
2222
-c, --copy <REGISTRY/NAMESPACE> Registry to copy the image to, e.g., myregistry.com/mynamespace
23-
By default, the image name is appended. Use --copy-omit-image-name to override behavior.
23+
By default, the image name and tag are appended. Use --copy-omit-image-name
24+
and/or --copy-custom-tag to change that behavior.
2425
-v, --version <SENSOR_VERSION> Specify sensor version to retrieve from the registry
2526
-p, --platform <SENSOR_PLATFORM> Specify sensor platform to retrieve, e.g., x86_64, aarch64
2627
-t, --type <SENSOR_TYPE> Specify which sensor to download (Default: falcon-container)
@@ -39,7 +40,8 @@ Optional Flags:
3940
4041
--runtime <RUNTIME> Use a different container runtime [docker, podman, skopeo] (Default: docker)
4142
--dump-credentials Print registry credentials to stdout to copy/paste into container tools
42-
--copy-omit-image-name Omit the image name from the destination path when copying
43+
--copy-omit-image-name Omit the image name from the destination path when copying (requires -c, --copy)
44+
--copy-custom-tag <TAG> Use custom tag when copying image (requires -c, --copy)
4345
--get-image-path Get the full image path including the registry, repository, and latest tag for the specified SENSOR_TYPE
4446
--get-pull-token Get the pull token of the selected SENSOR_TYPE for Kubernetes
4547
--get-cid Get the CID assigned to the API Credentials
@@ -145,6 +147,12 @@ while [ $# != 0 ]; do
145147
COPY_OMIT_IMAGE_NAME=true
146148
fi
147149
;;
150+
--copy-custom-tag)
151+
if [ -n "${1}" ]; then
152+
CUSTOM_TAG="${2}"
153+
shift
154+
fi
155+
;;
148156
--get-pull-token)
149157
if [ -n "${1}" ]; then
150158
PULLTOKEN=true
@@ -415,7 +423,6 @@ copy_image() {
415423
"$CONTAINER_TOOL" tag "$source_path" "$destination_path"
416424
"$CONTAINER_TOOL" push "$destination_path"
417425
fi
418-
echo "Image copied to: $destination_path"
419426
}
420427

421428
detect_container_tool() {
@@ -730,11 +737,24 @@ if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ] && [ -z "${COPY}" ]; then
730737
die "--copy-omit-image-name requires -c, --copy to be specified"
731738
fi
732739

740+
if [ -n "${CUSTOM_TAG}" ] && [ -z "${COPY}" ]; then
741+
die "--copy-custom-tag requires --copy to be specified"
742+
fi
743+
733744
# Construct destination path
734-
if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ]; then
735-
COPYPATH="$COPY:$LATESTSENSOR"
745+
if [ -n "${CUSTOM_TAG}" ]; then
746+
# Use custom tag if specified
747+
if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ]; then
748+
COPYPATH="$COPY:$CUSTOM_TAG"
749+
else
750+
COPYPATH="$COPY/$IMAGE_NAME:$CUSTOM_TAG"
751+
fi
736752
else
737-
COPYPATH="$COPY/$IMAGE_NAME:$LATESTSENSOR"
753+
if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ]; then
754+
COPYPATH="$COPY:$LATESTSENSOR"
755+
else
756+
COPYPATH="$COPY/$IMAGE_NAME:$LATESTSENSOR"
757+
fi
738758
fi
739759

740760
# Handle multi-arch images first
@@ -743,7 +763,7 @@ if [ "$(is_multi_arch "$FULLIMAGEPATH")" = "true" ]; then
743763
if [ -n "$SENSOR_PLATFORM" ]; then
744764
# If Skopeo is being used, the platform must be overridden
745765
if grep -qw "skopeo" "$CONTAINER_TOOL"; then
746-
"$CONTAINER_TOOL" copy --override-arch "$(platform_override)" "docker://$FULLIMAGEPATH" "docker://$COPYPATH"
766+
"$CONTAINER_TOOL" copy --override-arch "$(platform_override)" --override-os linux "docker://$FULLIMAGEPATH" "docker://$COPYPATH"
747767
else
748768
# Podman/Docker can pull the specific platform
749769
pf_override="linux/$(platform_override)"
@@ -781,3 +801,7 @@ else
781801
fi
782802
fi
783803
fi
804+
805+
if [ -n "$COPY" ]; then
806+
echo "Image copied to: $COPYPATH"
807+
fi

0 commit comments

Comments
 (0)