search

falcon-pioupiou / sync-docker-images

3 stars 1 forks source link

Props Authentication Token not found #1

Closed notdodo closed 1 year ago

notdodo commented 1 year ago

Hi!

following the usage of this GHA workflow I was able to automatically and successfully pull the latest images from registry.crowdstrike.com (EU-1) but it seems that from a couple of days the steps performed in the scripts are not valid anymore since I get the following error:

{
    "errors" : [ {
        "status" : 401,
        "message" : "Props Authentication Token not found"
    } ]
}

I've also double checked the API permissions are correct (CrowdStrike API Client created with Falcon Images Download (read) AND Sensor Download (read) scope assigned).

Bonus question: what is the difference between Falcon Kubernetes Protection and Falcon sensor - DaemonSet?

falcon-pioupiou commented 1 year ago

Just looked at it, the sync is working (just tested it on US-1 not EU-1), couple of days ago an issue was fixed, could you please try again ?

what is the difference between Falcon Kubernetes Protection and Falcon sensor - DaemonSet?

Falcon sensor - DaemonSet is the agent that will provide telemetry/detection/prevention at host level (process behaviors monitoring). On a worker node is node the agent is not aware about the pod name, namespace,....

Falcon Kubernetes Protection is the agent that will collect additional data (k8s level data) to provide a full picture from the falcon-console.

notdodo commented 1 year ago

Thank you for the response and the tests. re-triggered again the sync and it fails with the same error. Also using ./falcon-container-sensor-pull.sh --dump-credentials --region eu-1 fails with:

Fatal error: ERROR: /usr/bin/docker login failed. Error message: Error response from daemon: Get "https://registry.crowdstrike.com/v2/": unknown: Props Authentication Token not found debugging the script I see that the ART_PASSWORD is correctly generated

EDIT: screen of success/fails Screenshot_20230728_134100

falcon-pioupiou commented 1 year ago

trying on eu-1

falcon-pioupiou commented 1 year ago

if you have your FALCON_ART_PASSWORD then you should be able to test :

echo $FALCON_ART_PASSWORD | docker login -u $FALCON_ART_USERNAME --password-stdin registry.crowdstrike.com

notdodo commented 1 year ago

echo $FALCON_ART_PASSWORD | docker login -u $FALCON_ART_USERNAME --password-stdin registry.crowdstrike.com

same result Fatal error: ERROR: /usr/bin/docker login failed. Error message: Error response from daemon: Get "https://registry.crowdstrike.com/v2/": unknown: Props Authentication Token not found

also tried with another API key pairs with much more permissions: same result.

falcon-pioupiou commented 1 year ago

I'm able to reproduce the issue as well - will update you quickly

falcon-pioupiou commented 1 year ago

Something happened on your are you able to open a support ticket please including the error and your cid please ? (if you can also share the link to this issue so I could find you easily), thank you. We were able to fix my user account so yours will be able to be re-configured correctly

notdodo commented 1 year ago

01134443 case opened