Add support for command line arguments

tsigouris007 · Feb 7, 2024 · 80e5bbe · 80e5bbe
1 parent 8ea817d
commit 80e5bbe
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,8 @@
 FROM --platform=linux/amd64 ubuntu:20.04
 
-ARG FALCON_CFG="cs.falconhoseclient.cfg"
+ARG CLIENT_ID=""
+ARG CLIENT_SECRET=""
+ARG API_BASE_URL=""
 
 USER root
 
@@ -24,25 +26,27 @@ WORKDIR /home/user
 COPY deb/crowdstrike-cs-falconhoseclient_2.18.0_amd64.deb ./crowdstrike.deb
 RUN dpkg -i ./crowdstrike.deb
 
+# Change user access to the configuration files (could be better)
+RUN chown -R user:user /opt/crowdstrike/etc/
+
 # Entrypoint
 COPY entrypoint.sh .
 RUN chmod +x ./entrypoint.sh
 
 # CrowdStrike configuration file
-COPY cfg/${FALCON_CFG}.template .
+COPY cfg/cs.falconhoseclient.cfg.template .
 
-# Environment setup
+# Environment setup (if defined the values are used in the entrypoint)
 COPY .env .
-RUN export $(grep -v '^#' .env | xargs) && envsubst < ./${FALCON_CFG}.template > ./${FALCON_CFG}
-
-# Move the final configuration to the proper location
-RUN mv ./${FALCON_CFG} /opt/crowdstrike/etc
 
 # Install required certificates
-# This step is not always required but we had problems
+# This step is not always required but it certainly avoids some problems
 RUN curl -s -o /etc/ssl/certs/DigiCertHighAssuranceEVRootCA.crt https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
 RUN curl -s -o /etc/ssl/certs/DigiCertAssuredIDRootCA.crt https://dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
 
+# Change owner of workdir
+RUN chown -R user:user /home/user
+
 # Change to user
 USER user
 

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,3 +1,26 @@
 #!/bin/bash
 
+CONFIG="cs.falconhoseclient.cfg"
+
+# Some conditional echoes for sanity
+if [ -n "$API_BASE_URL" ]; then 
+  echo "[*] Using arguments."
+  echo "[+] API Base URL: ${API_BASE_URL}"
+else
+  echo "[*] Using .env file."
+  URL="$(grep API_BASE_URL .env | cut -d'=' -f2)"
+  echo "[+] API Base URL: ${URL}"
+fi
+
+# Output to the .env file
+if [ -n "$CLIENT_ID" ]; then sed -i "s|CLIENT_ID=.*|CLIENT_ID=$CLIENT_ID|" .env; fi
+if [ -n "$CLIENT_SECRET" ]; then sed -i "s|CLIENT_SECRET=.*|CLIENT_SECRET=$CLIENT_SECRET|" .env; fi
+if [ -n "$API_BASE_URL" ]; then sed -i "s|API_BASE_URL=.*|API_BASE_URL=$API_BASE_URL|" .env; fi
+
+# Substitute things properly
+export $(grep -v '^#' .env | xargs) && envsubst < "./${CONFIG}.template" > "./${CONFIG}"
+
+# Copy the final config file to the proper location
+mv "./${CONFIG}" /opt/crowdstrike/etc
+
 /opt/crowdstrike/bin/cs.falconhoseclient -nodaemon -config=/opt/crowdstrike/etc/cs.falconhoseclient.cfg 2>&1