From 3130d3ef6c737ffc2f0d8b010fcbed213a6105c1 Mon Sep 17 00:00:00 2001 From: Blake Rouse Date: Thu, 16 Sep 2021 13:49:19 -0400 Subject: [PATCH] Fix issue where --insecure didn't propogate to Fleet Server ES connection (#27969) * Fix issue where --insecure didn't propogate to Fleet Server ES connection. * Add changelog. --- x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index 9bcda5fe195a..b3ca84d195fb 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -87,6 +87,7 @@ - Add "_monitoring" suffix to monitoring instance names to remove ambiguity with the status command. {issue}25449[25449] - Ignore ErrNotExists when fixing permissions. {issue}27836[27836] {pull}27846[27846] - Snapshot artifact lookup will use agent.download proxy settings. {issue}27903[27903] {pull}27904[27904] +- Fix issue where --insecure didn't propogate to Fleet Server ES connection. {pull}27969[27969] ==== New features diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go index 8d18bf6ef9ad..c57f77bbb11c 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go @@ -299,6 +299,7 @@ func (c *enrollCmd) fleetServerBootstrap(ctx context.Context) (string, error) { c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken, c.options.FleetServer.PolicyID, c.options.FleetServer.Host, c.options.FleetServer.Port, + c.options.Insecure, c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA, c.options.FleetServer.Headers, c.options.ProxyURL, @@ -495,6 +496,7 @@ func (c *enrollCmd) enroll(ctx context.Context, persistentConfig map[string]inte c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken, c.options.FleetServer.PolicyID, c.options.FleetServer.Host, c.options.FleetServer.Port, + c.options.Insecure, c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA, c.options.FleetServer.Headers, c.options.ProxyURL, c.options.ProxyDisabled, c.options.ProxyHeaders) @@ -800,7 +802,7 @@ func storeAgentInfo(s saver, reader io.Reader) error { func createFleetServerBootstrapConfig( connStr, serviceToken, policyID, host string, - port uint16, + port uint16, insecure bool, cert, key, esCA string, headers map[string]string, proxyURL string, @@ -858,6 +860,12 @@ func createFleetServerBootstrapConfig( }, } } + if insecure { + if cfg.Server.TLS == nil { + cfg.Server.TLS = &tlscommon.Config{} + } + cfg.Server.TLS.VerificationMode = tlscommon.VerifyNone + } if localFleetServer { cfg.Client.Transport.Proxy.Disable = true