From e37d957051fca570d516a1554e39b9e8594cc53b Mon Sep 17 00:00:00 2001
From: Blake Rouse <blake.rouse@elastic.co>
Date: Thu, 16 Sep 2021 13:49:19 -0400
Subject: [PATCH] Fix issue where --insecure didn't propogate to Fleet Server
 ES connection (#27969)

* Fix issue where --insecure didn't propogate to Fleet Server ES connection.

* Add changelog.

(cherry picked from commit cbbe8c2a8674630f5bd9ba441c128826bc8269c5)
---
 x-pack/elastic-agent/CHANGELOG.next.asciidoc     |  1 +
 x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc
index 392179b29c84..7a1485f3cc2c 100644
--- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc
+++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc
@@ -87,6 +87,7 @@
 - Add "_monitoring" suffix to monitoring instance names to remove ambiguity with the status command. {issue}25449[25449]
 - Ignore ErrNotExists when fixing permissions. {issue}27836[27836] {pull}27846[27846]
 - Snapshot artifact lookup will use agent.download proxy settings. {issue}27903[27903] {pull}27904[27904]
+- Fix issue where --insecure didn't propogate to Fleet Server ES connection. {pull}27969[27969]
 
 ==== New features
 
diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go
index 5e3ae85728a1..63e1c9818554 100644
--- a/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go
+++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go
@@ -299,6 +299,7 @@ func (c *enrollCmd) fleetServerBootstrap(ctx context.Context) (string, error) {
 		c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken,
 		c.options.FleetServer.PolicyID,
 		c.options.FleetServer.Host, c.options.FleetServer.Port,
+		c.options.Insecure,
 		c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA,
 		c.options.FleetServer.Headers,
 		c.options.ProxyURL,
@@ -495,6 +496,7 @@ func (c *enrollCmd) enroll(ctx context.Context, persistentConfig map[string]inte
 			c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken,
 			c.options.FleetServer.PolicyID,
 			c.options.FleetServer.Host, c.options.FleetServer.Port,
+			c.options.Insecure,
 			c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA,
 			c.options.FleetServer.Headers,
 			c.options.ProxyURL, c.options.ProxyDisabled, c.options.ProxyHeaders)
@@ -800,7 +802,7 @@ func storeAgentInfo(s saver, reader io.Reader) error {
 
 func createFleetServerBootstrapConfig(
 	connStr, serviceToken, policyID, host string,
-	port uint16,
+	port uint16, insecure bool,
 	cert, key, esCA string,
 	headers map[string]string,
 	proxyURL string,
@@ -858,6 +860,12 @@ func createFleetServerBootstrapConfig(
 			},
 		}
 	}
+	if insecure {
+		if cfg.Server.TLS == nil {
+			cfg.Server.TLS = &tlscommon.Config{}
+		}
+		cfg.Server.TLS.VerificationMode = tlscommon.VerifyNone
+	}
 
 	if localFleetServer {
 		cfg.Client.Transport.Proxy.Disable = true