- Adding the param to get the base64 encoded Kubernetes image pull to…

…ken for a specific sensor (#201) - fixing multi-os (mac and linux) base64 command - fixing shellcheck issue the double quote can't be added here as it's part of a command line. Co-authored-by: Falcon Pioupiou <[email protected]>
CrowdStrike · Nov 7, 2023 · 50d8539 · 50d8539
1 parent 4cdba48
commit 50d8539
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh
@@ -25,6 +25,7 @@ Optional Flags:
 
     --runtime                         use a different container runtime [docker, podman, skopeo]. Default is docker.
     --dump-credentials                print registry credentials to stdout to copy/paste into container tools.
+    --get-pull-token                  Get the pull token of the selected SENSOR_TYPE for Kubernetes.
     --list-tags                       list all tags available for the selected sensor type and platform(optional)
     --allow-legacy-curl               allow the script to run with an older version of curl
 
@@ -124,6 +125,11 @@ case "$1" in
         CREDS=true
     fi
     ;;
+    --get-pull-token)
+    if [ -n "${1}" ]; then
+        PULLTOKEN=true
+    fi
+    ;;
     --list-tags)
     if [ -n "${1}" ]; then
         LISTTAGS=true
@@ -314,7 +320,7 @@ cs_falcon_cid=$(
     fi
 )
 
-if [ ! "$LISTTAGS" ] ; then
+if [ ! "$LISTTAGS" ] && [ ! "$PULLTOKEN" ]; then
     echo "Using the following settings:"
     echo "Falcon Region:   $(cs_cloud)"
     echo "Falcon Registry: ${cs_registry}"
@@ -344,6 +350,21 @@ else
 fi
 ART_PASSWORD=$(echo "$docker_api_token" | sed 's/ *$//g' | sed 's/^ *//g')
 
+if [ "$PULLTOKEN" ]; then
+    # Determine if base64 supports the -w option
+    BASE64_OPT=""
+    if base64 --help 2>&1 | grep -q "\-w"; then
+        BASE64_OPT="-w 0"
+    fi
+    # shellcheck disable=SC2086
+    PARTIALPULLTOKEN=$(printf "%s:%s" "$ART_USERNAME" "$ART_PASSWORD" | base64 $BASE64_OPT)
+    # Generate and display token
+    # shellcheck disable=SC2086
+    IMAGE_PULL_TOKEN=$(printf '{"auths": { "registry.crowdstrike.com": { "auth": "%s" } } }' "$PARTIALPULLTOKEN" | base64 $BASE64_OPT)
+    echo "Image Pull Token: ${IMAGE_PULL_TOKEN}"
+    exit 0
+fi
+
 #Set container login
 error_message=$(echo "$ART_PASSWORD" | "$CONTAINER_TOOL" login --username "$ART_USERNAME" "$cs_registry" --password-stdin 2>&1 >/dev/null) || ERROR=true
 if [ "${ERROR}" = "true" ]; then