feat(container-pull): add unified sensor support for falcon-container and falcon-kac images

.gitignore

@@ -11,3 +11,21 @@ Vagrantfile
 
 # local testing
 tests/
+.env
+# AI Assistants
+#  Various AI coding assistants create local cache, settings, and conversation history
+#  These contain user-specific data and should not be committed to version control
+.cursorignore
+.cursorindexingignore
+.claude/
+CLAUDE.md
+.anthropic/
+.openai/
+.codeium/
+.tabnine/
+.github-copilot/
+.roo/
+.aider/
+.aider*
+.clinerules/
+memory-bank/

bash/containers/falcon-container-sensor-pull/README.md

@@ -36,14 +36,16 @@ Refer to the [examples](#examples) section for more information on how to use th
 > [!NOTE]
 > While we do support copying the multi-arch image to a different registry using Podman, Docker, or Skopeo, we recommend using Skopeo for this purpose. Skopeo is a tool specifically designed for copying container images between registries and supports multi-arch images.
 
-## Unified Falcon Sensor Image Support
+## Unified Image Support
 
-Starting with Falcon sensor for Linux version 7.31 and above, CrowdStrike has introduced a new unified Falcon sensor that utilizes a single container image as opposed to the regional based sensors.
+CrowdStrike now provides unified images that work across all regions:
 
-For additional context and information, please see the [Tech Alert](https://supportportal.crowdstrike.com/s/article/Tech-Alert-60-day-notice-Unified-installer-image-for-Falcon-sensor-for-Linux).
+- **`falcon-sensor`** (unified) - Single sensor image for version 7.31+
+- **`falcon-container`** (unified) - Single container image for version 7.33+
+- **`falcon-kac`** (unified) - Single KAC image for version 7.33+
 
 > [!IMPORTANT]
-> **Backward Compatibility**: Existing users of the `falcon-sensor` type will now automatically receive the new unified sensor. If you need to maintain the traditional regional sensor for any reason, simply change `-t falcon-sensor` to `-t falcon-sensor-regional` in your commands. No other changes to your scripts or workflows are required.
+> **Backward Compatibility**: Existing users automatically receive unified images. For regional images, use `-t falcon-sensor-regional`, `-t falcon-container-regional`, or `-t falcon-kac-regional`.
 
 ## Security recommendations
 
@@ -65,7 +67,7 @@ To check your version of cURL, run the following command: `curl --version`
 > [!IMPORTANT]
 > The following API scopes are the minimum required to retrieve the images. If you need to perform other operations post-retrieval, please refer to the CrowdStrike documentation to identify any additional scopes that may be required.
 
-- **falcon-sensor | falcon-sensor-regional | falcon-container | falcon-kac | falcon-imageanalyzer | falcon-jobcontroller | falcon-registryassessmentexecutor**
+- **falcon-sensor | falcon-sensor-regional | falcon-container | falcon-container-regional | falcon-kac | falcon-kac-regional | falcon-imageanalyzer | falcon-jobcontroller | falcon-registryassessmentexecutor**
   - `Sensor Download (read)`
   - `Falcon Images Download (read)`
 - **kpagent**

bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh

@@ -29,9 +29,11 @@ Optional Flags:
                                                    Available sensor types:
                                                    -----------------------
                                                    falcon-container
+                                                   falcon-container-regional
                                                    falcon-sensor
                                                    falcon-sensor-regional
                                                    falcon-kac
+                                                   falcon-kac-regional
                                                    falcon-snapshot
                                                    falcon-imageanalyzer
                                                    kpagent
@@ -444,7 +446,7 @@ detect_container_tool() {
 display_api_scopes() {
     local sensor_type=$1
     case "${sensor_type}" in
-        falcon-sensor | falcon-sensor-regional | falcon-container | falcon-kac | falcon-imageanalyzer | falcon-jobcontroller | falcon-registryassessmentexecutor)
+        falcon-sensor | falcon-sensor-regional | falcon-container | falcon-container-regional | falcon-kac | falcon-kac-regional | falcon-imageanalyzer | falcon-jobcontroller | falcon-registryassessmentexecutor)
             echo "Sensor Download [read], Falcon Images Download [read]"
             ;;
         kpagent)
@@ -552,14 +554,16 @@ fi
 
 # Check if SENSOR_TYPE is set to a valid value
 case "${SENSOR_TYPE}" in
-    falcon-container | falcon-sensor | falcon-sensor-regional | falcon-kac | falcon-snapshot | falcon-imageanalyzer | kpagent | fcs | falcon-jobcontroller | falcon-registryassessmentexecutor) ;;
+    falcon-container | falcon-container-regional | falcon-sensor | falcon-sensor-regional | falcon-kac | falcon-kac-regional | falcon-snapshot | falcon-imageanalyzer | kpagent | fcs | falcon-jobcontroller | falcon-registryassessmentexecutor) ;;
     *) die """
     Unrecognized sensor type: ${SENSOR_TYPE}
     Valid values are:
         falcon-container
+        falcon-container-regional
         falcon-sensor
         falcon-sensor-regional
         falcon-kac
+        falcon-kac-regional
         falcon-snapshot
         falcon-imageanalyzer
         kpagent
@@ -573,6 +577,16 @@ if [ "${SENSOR_TYPE}" = "falcon-sensor-regional" ]; then
     echo "WARNING: Use 'falcon-sensor' for the new unified sensor image as the regional sensor images will eventually be EOL."
 fi
 
+# Add deprecation warning for falcon-container-regional
+if [ "${SENSOR_TYPE}" = "falcon-container-regional" ]; then
+    echo "WARNING: Use 'falcon-container' for the new unified container image as the regional container images will eventually be EOL."
+fi
+
+# Add deprecation warning for falcon-kac-regional
+if [ "${SENSOR_TYPE}" = "falcon-kac-regional" ]; then
+    echo "WARNING: Use 'falcon-kac' for the new unified KAC image as the regional KAC images will eventually be EOL."
+fi
+
 #Check all mandatory variables set
 VARIABLES="FALCON_CLIENT_ID FALCON_CLIENT_SECRET"
 {
@@ -625,18 +639,37 @@ registry_opts=$(
         else
             echo "falcon-sensor/$FALCON_CLOUD"
         fi
+    # Handle unified falcon-container format (no region)
+    elif [ "${SENSOR_TYPE}" = "falcon-container" ]; then
+        echo "falcon-container"
+    # Handle falcon-container-regional with traditional regional paths
+    elif [ "${SENSOR_TYPE}" = "falcon-container-regional" ]; then
+        if [ "${FALCON_CLOUD}" = "us-gov-1" ]; then
+            echo "falcon-container/gov1"
+        elif [ "${FALCON_CLOUD}" = "us-gov-2" ]; then
+            echo "falcon-container/gov2"
+        else
+            echo "falcon-container/$FALCON_CLOUD"
+        fi
+    # Handle unified falcon-kac format (no region)
+    elif [ "${SENSOR_TYPE}" = "falcon-kac" ]; then
+        echo "falcon-kac"
+    # Handle falcon-kac-regional with traditional regional paths
+    elif [ "${SENSOR_TYPE}" = "falcon-kac-regional" ]; then
+        if [ "${FALCON_CLOUD}" = "us-gov-1" ]; then
+            echo "falcon-kac/gov1"
+        elif [ "${FALCON_CLOUD}" = "us-gov-2" ]; then
+            echo "falcon-kac/gov2"
+        else
+            echo "falcon-kac/$FALCON_CLOUD"
+        fi
     # Account for govcloud api mismatch for other sensor types
     elif [ "${FALCON_CLOUD}" = "us-gov-1" ]; then
         echo "$SENSOR_TYPE/gov1"
     elif [ "${FALCON_CLOUD}" = "us-gov-2" ]; then
         echo "$SENSOR_TYPE/gov2"
     else
-        if [ "${SENSOR_TYPE}" = "falcon-container" ] && [ "${BUILD_STAGE}" = "stage" ]; then
-            falcon_stage_cloud=$(echo "$FALCON_CLOUD" | tr -d '-')
-            echo "$SENSOR_TYPE/$falcon_stage_cloud"
-        else
-            echo "$SENSOR_TYPE/$FALCON_CLOUD"
-        fi
+        echo "$SENSOR_TYPE/$FALCON_CLOUD"
     fi
 )
 
@@ -686,8 +719,20 @@ IMAGE_NAME="falcon-sensor"
 repository_name="$BUILD_STAGE/falcon-sensor"
 registry_type="container-security"
 
-if [ "${SENSOR_TYPE}" = "falcon-kac" ]; then
-    # overrides for KAC
+if [ "${SENSOR_TYPE}" = "falcon-container" ]; then
+    # Unified format: use falcon-container image name
+    IMAGE_NAME="falcon-container"
+    repository_name="$BUILD_STAGE/falcon-container"
+elif [ "${SENSOR_TYPE}" = "falcon-container-regional" ]; then
+    # Regional format: use falcon-sensor image name (current behavior)
+    IMAGE_NAME="falcon-sensor"
+    repository_name="$BUILD_STAGE/falcon-sensor"
+elif [ "${SENSOR_TYPE}" = "falcon-kac" ]; then
+    # Unified format: use falcon-kac image name
+    IMAGE_NAME="falcon-kac"
+    repository_name="$BUILD_STAGE/falcon-kac"
+elif [ "${SENSOR_TYPE}" = "falcon-kac-regional" ]; then
+    # Regional format: use falcon-kac image name (same as unified)
     IMAGE_NAME="falcon-kac"
     repository_name="$BUILD_STAGE/falcon-kac"
 elif [ "${SENSOR_TYPE}" = "falcon-snapshot" ]; then