Skip to content

Commit

Permalink
Get image repository and latest tag without downloading image (#253)
Browse files Browse the repository at this point in the history 
* get image repository and latest tag without downloading image or listing all tags

* chore: update var name

* docs: update readme with new var name

* docs: update table in readme

---------

Co-authored-by: Falcon Pioupiou <[email protected]>
Co-authored-by: Carlos Matos <[email protected]>
  • Loading branch information
@falcon-pioupiou @carlosmmatos
3 people authored Jan 29, 2024
1 parent 8af135f commit 05e2838
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 3 deletions.
18 changes: 16 additions & 2 deletions bash/containers/falcon-container-sensor-pull/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ Optional Flags:
--runtime use a different container runtime [docker, podman, skopeo]. Default is docker.
--dump-credentials print registry credentials to stdout to copy/paste into container tools.
--get-image-path Get the full image path including the registry, repository, and latest tag for the specified SENSOR_TYPE.
--get-pull-token get the pull token of the selected SENSOR_TYPE for Kubernetes.
--get-cid Get the CID assigned to the API Credentials.
--list-tags list all tags available for the selected sensor
Expand All @@ -80,10 +81,11 @@ Help Options:
| `-c`, `--copy <REGISTRY/NAMESPACE>` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace` |
| `-v`, `--version <SENSOR_VERSION>` | `$SENSOR_VERSION` | `None` (Optional) | Specify sensor version to retrieve from the registry |
| `-p`, `--platform <SENSOR_PLATFORM>` | `$SENSOR_PLATFORM` | `None` (Optional) | Specify sensor platform to retrieve from the registry |
| `-t`, `--type <SENSOR_TYPE>` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `kpagent`] ([see more details below](#sensor-types)) |
| `-t`, `--type <SENSOR_TYPE>` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `kpagent`] ([see more details below](#sensor-types)) |
| `--runtime` | `$CONTAINER_TOOL` | `docker` (Optional) | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**. |
| `--dump-credentials` | `$CREDS` | `False` (Optional) | Print registry credentials to stdout to copy/paste into container tools |
| `--get-pull-token` | N/A | `None` | Get the pull token of the selected SENSOR_TYPE for Kubernetes. |
| `--get-image-path` | N/A | `None` | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`. |
| `--get-pull-token` | N/A | `None` | Get the pull token of the selected `SENSOR_TYPE` for Kubernetes. |
| `--get-cid` | N/A | `None` | Get the CID assigned to the API Credentials. |
| `--list-tags` | `$LISTTAGS` | `False` (Optional) | List all tags available for the selected sensor |
| `--allow-legacy-curl` | `$ALLOW_LEGACY_CURL` | `False` (Optional) | Allow the script to run with an older version of cURL |
Expand Down Expand Up @@ -114,6 +116,18 @@ The following example will attempt to autodiscover the region and download the l
--type falcon-kac
```

#### Example getting the full image path for the Falcon DaemonSet sensor

The following example will print the image repository path with the latest image tag of the Falcon DaemonSet sensor.

```shell
./falcon-container-sensor-pull.sh \
--client-id <FALCON_CLIENT_ID> \
--client-secret <FALCON_CLIENT_SECRET> \
--type falcon-sensor \
--get-image-path
```

#### Example downloading the Falcon DaemonSet sensor

The following example will download the latest version of the Falcon DaemonSet sensor container image and copy it to another registry.
Expand Down
13 changes: 12 additions & 1 deletion bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ Optional Flags:
--runtime use a different container runtime [docker, podman, skopeo]. Default is docker.
--dump-credentials print registry credentials to stdout to copy/paste into container tools.
--get-image-path Get the full image path including the registry, repository, and latest tag for the specified SENSOR_TYPE.
--get-pull-token Get the pull token of the selected SENSOR_TYPE for Kubernetes.
--get-cid Get the CID assigned to the API Credentials.
--list-tags list all tags available for the selected sensor type and platform(optional)
Expand Down Expand Up @@ -115,6 +116,11 @@ while [ $# != 0 ]; do
CREDS=true
fi
;;
--get-image-path)
if [ -n "${1}" ]; then
GETIMAGEPATH=true
fi
;;
--get-pull-token)
if [ -n "${1}" ]; then
PULLTOKEN=true
Expand Down Expand Up @@ -418,7 +424,7 @@ if [ "$GETCID" ]; then
exit 0
fi

if [ ! "$LISTTAGS" ] && [ ! "$PULLTOKEN" ] && [ ! "$GETIMAGEREPOTAG" ]; then
if [ ! "$LISTTAGS" ] && [ ! "$PULLTOKEN" ] && [ ! "$GETIMAGEPATH" ]; then
echo "Using the following settings:"
echo "Falcon Region: $(cs_cloud)"
echo "Falcon Registry: ${cs_registry}"
Expand Down Expand Up @@ -512,6 +518,11 @@ LATESTSENSOR=$(list_tags | awk -v RS=" " '{print}' | grep "$SENSOR_VERSION" | gr
#Construct full image path
FULLIMAGEPATH="$cs_registry/$registry_opts/$repository_name:${LATESTSENSOR}"

if [ "$GETIMAGEPATH" ]; then
echo "${FULLIMAGEPATH}"
exit 0
fi

if grep -qw "skopeo" "$CONTAINER_TOOL"; then
"$CONTAINER_TOOL" copy "docker://$FULLIMAGEPATH" "docker://$COPY/$repository_name:$LATESTSENSOR"
else
Expand Down

0 comments on commit 05e2838

Please sign in to comment.