API Key Permissions/Scopes not specified in Falcon Sensor documentation

[tvetere-active]

Hello,

I am following the instructions provided here: https://github.com/CrowdStrike/Cloud-GCP/blob/main/container/gke-implementation-guide.md in order to install a Falcon Sensor on GKE. Everything works until I get to the step

falcon-container-sensor-push $FALCON_IMAGE_URI

I have created an API key, I have a client id and secret which I am passing to the tooling container. I also am authenticated to GCP and made sure I was able to push to the GCP container registry. However, the above command throws permissions errors when trying to download the falcon sensor image from CrowdStrike. The first permission error was related to a failure to retrieve the CCID (by adding the "Sensor Download" role I was able to fix this) but now I am seeing this error:

I noticed this particular call is to the API endpoint /container-security/entities/image-registry-credentials/v1

I found this page after talking with CrowdStrike support https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#api-scopes but none of these role descriptions seem to fit this particular endpoint.

It would be helpful if this documentation included the roles necessary in order to run these commands.

[isimluk]

Hello @tvetere-active,

The error you are seeing is indeed related to API scopes.

Required API scopes for that script you are running are:

• Falcon Images Download: Read
• Sensor Download: Read

I will update the documentation with this information. I am sorry for the inconvenience and grateful for your ticket.

Further, please let me drive your attention to another two projects we have that may be instrumental in installing the sensor to the cluster. This guide you are following is predating the existence of the said projects.

• https://github.com/CrowdStrike/falcon-operator/ - Falcon Operator allows you to deploy the sensor only using two commands: one to deploy the operator, second one to deploy the sensor. If your organisation has already adopted concept of kubernetes operators OR if you are just trying to install on a throw away cluster, I would highly recommend going this route. Mainly for its ease.

• https://github.com/CrowdStrike/falcon-helm - helm chart to deploy the sensor. If you organization has adopted concept of the helm packaging system on kubernetes, you may find it easier to use falcon-helm chart to deploy the sensor.