From b981dbf3d0c2f4bbf6d9d4b32fa7d1527054ab22 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Wed, 2 Oct 2024 10:27:26 -0400 Subject: [PATCH] fix(container-pull-script): allows list tags w/o container runtime (#370) * fix(container-pull-script): allows list tags w/o container runtime Fixes #369 This PR allows users to list tags without needed a container runtime. This use-case is valid as we don't require a container runtime to list tags since its based on an API call. * fix: move REPOSITORY prior to list_tags --- .../falcon-container-sensor-pull.sh | 61 +++++++++---------- 1 file changed, 28 insertions(+), 33 deletions(-) diff --git a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh index c5212c0..6edf8f7 100755 --- a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh +++ b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh @@ -436,19 +436,6 @@ display_api_scopes() { # shellcheck disable=SC2086 FALCON_CLOUD=$(echo ${FALCON_CLOUD:-'us-1'} | tr '[:upper:]' '[:lower:]') -# Call the function to auto-detect the container tool if not specified -if [ -z "${CONTAINER_TOOL}" ]; then - CONTAINER_TOOL=$(detect_container_tool) -else - CONTAINER_TOOL=$(echo "${CONTAINER_TOOL}" | tr '[:upper:]' '[:lower:]') -fi - -# Validate container tool -case "${CONTAINER_TOOL}" in - skopeo | docker | podman) ;; - *) die "Unrecognized container runtime: ${CONTAINER_TOOL}" ;; -esac - # shellcheck disable=SC2005,SC2001 cs_registry="registry.crowdstrike.com" if [ "${FALCON_CLOUD}" = "us-gov-1" ]; then @@ -486,18 +473,6 @@ VARIABLES="FALCON_CLIENT_ID FALCON_CLIENT_SECRET" [ -n "$VAR_UNSET" ] && usage } -if ! command -v "$CONTAINER_TOOL" >/dev/null 2>&1; then - echo "The '$CONTAINER_TOOL' command is missing or invalid. Please install it before continuing. Aborting..." - exit 2 -else - CONTAINER_TOOL=$(command -v "$CONTAINER_TOOL") -fi - -if grep -qw "skopeo" "$CONTAINER_TOOL" && [ -z "${COPY}" ] && [ -z "${LISTTAGS}" ]; then - echo "-c, --copy must also be set when using skopeo as a runtime" - exit 1 -fi - response_headers=$(mktemp) cs_falcon_oauth_token=$( if ! command -v curl >/dev/null 2>&1; then @@ -656,6 +631,34 @@ if [ "$CREDS" ]; then exit 0 fi +#Construct repository path +REPOSITORY="$cs_registry/$registry_opts/$repository_name" + +if [ "$LISTTAGS" ]; then + list_tags + exit 0 +fi + +# Call the function to auto-detect the container tool if not specified +if [ -z "${CONTAINER_TOOL}" ]; then + CONTAINER_TOOL=$(detect_container_tool) +else + CONTAINER_TOOL=$(echo "${CONTAINER_TOOL}" | tr '[:upper:]' '[:lower:]') +fi + +# Validate container tool +case "${CONTAINER_TOOL}" in + skopeo | docker | podman) ;; + *) die "Unrecognized container runtime: ${CONTAINER_TOOL}" ;; +esac + +CONTAINER_TOOL=$(command -v "$CONTAINER_TOOL") + +if grep -qw "skopeo" "$CONTAINER_TOOL" && [ -z "${COPY}" ] && [ -z "${LISTTAGS}" ]; then + echo "-c, --copy must also be set when using skopeo as a runtime" + exit 1 +fi + #Set container login error_message=$(echo "$ART_PASSWORD" | "$CONTAINER_TOOL" login --username "$ART_USERNAME" "$cs_registry" --password-stdin 2>&1 >/dev/null) || ERROR=true if [ "${ERROR}" = "true" ]; then @@ -667,14 +670,6 @@ if [ "${ERROR}" = "true" ]; then die "ERROR: ${CONTAINER_TOOL} login failed. Error message: ${error_message}" fi -#Construct repository path -REPOSITORY="$cs_registry/$registry_opts/$repository_name" - -if [ "$LISTTAGS" ]; then - list_tags - exit 0 -fi - #Get latest sensor version LATESTSENSOR=$(list_tags | awk -v RS=" " '{print}' | grep -i "$SENSOR_VERSION" | grep -o "[0-9a-zA-Z_\.\-]*" | tail -1)