falcon-self-hosted-registry-assessment secret not found

[hrbasic]

Hi, during the falcon-self-hosted-registry-assessment deployment, when I'm using an existing secret for the registry, I'm getting an error:

time=2025-02-25T12:24:25.358701Z name=registryassessmentexecutor.sqlite level=Info legacy_level=[INFO] caller=sqlite/sqlite.go:79 msg="running migrations"
time=2025-02-25T12:24:25.360957Z name=registryassessmentexecutor.sqlite level=Info legacy_level=[INFO] caller=sqlite/sqlite.go:104 msg="migrations completed successfully"
time=2025-02-25T12:24:25.36102Z name=registryassessmentexecutor.sqlite level=Info legacy_level=[INFO] caller=sqlite/sqlite.go:79 msg="running migrations"
time=2025-02-25T12:24:25.361367Z name=registryassessmentexecutor.sqlite level=Info legacy_level=[INFO] caller=sqlite/sqlite.go:104 msg="migrations completed successfully"
time=2025-02-25T12:24:25.386734Z name=registryassessmentexecutor.kubernetes_client level=Info legacy_level=[INFO] caller=client/k8s.go:98 msg="Read registry credential secret success" kubernetes_server_version=v1.29.7 secret_name=docker-ib
time=2025-02-25T12:24:25.387223Z name=registryassessmentexecutor level=Error legacy_level=[ERROR] caller=./main.go:41 msg="existing main" error="Secret not found for named secret and registry" errorVerbose="Secret not found for named secret and registry\ngo.crwd.dev/cloudsec/registryassessmentexecutor/internal/registryassessmentexecutor/client.(*Client).GetCredFromNamedSecret\n\tgo.crwd.dev/cloudsec/registryassessmentexecutor/internal/registryassessmentexecutor/client/k8s.go:180\ngo.crwd.dev/cloudsec/registryassessmentexecutor/internal/registryassessmentexecutor/credentials.NewCredentials\n\tgo.crwd.dev/cloudsec/registryassessmentexecutor/internal/registryassessmentexecutor/credentials/credentials.go:128\ngo.crwd.dev/cloudsec/registryassessmentexecutor/internal/registryassessmentexecutor.Initialize\n\tgo.crwd.dev/cloudsec/registryassessmentexecutor/internal/registryassessmentexecutor/run.go:54\nmain.main\n\t./main.go:35\nruntime.main\n\truntime/proc.go:271\nruntime.goexit\n\truntime/asm_amd64.s:1695"

Values file example:

registryConfigs:
  - type: artifactory
    credentials:
      kubernetesSecretName: "docker-ib"
      kubernetesSecretNamespace: "crowdstrike-falcon-io-shra"

I'm using kubernetes.io/dockerconfigjson secret, e.g:

NAME        TYPE                             DATA   AGE
docker-ib   kubernetes.io/dockerconfigjson   1      27m

If I specify username and password directly in Values file if works fine:

registryConfigs:
  - type: artifactory
    credentials:
         username: "myusername"
         password: "mypass"

Another thing that concerns me: when the service is deployed manually using username and password, the secret is stored in a ConfigMap. Shouldn't we use a Secret instead?

apiVersion: v1
data:
  REGISTRY_CREDENTIALS: |-
    [
      {
        "credential": {
          "details": {
            "password": "mypass",
            "username": "myusername"
          }
        },
        "credential_type": null,
        "registry_host": "https://my-artifactory",
        "registry_id": "my-id",
        "registry_port": "443",
        "registry_type": "artifactory"
      }
    ]
kind: ConfigMap

Additional information

Secret created using command: kubectl create secret docker-registry docker-ib --docker-server="myrepo" --docker-username=myusernanme --docker-password="mypassword"

Chart version: 1.2.0
App version: 1.2.0

[hrbasic]

It looks like this problem with secret not found is fixed in the latest release 1.3.0:

Fixed
  Registry credentials are now consistently retrieved from Kubernetes secrets.