Fix issue where --insecure didn't propogate to Fleet Server ES connec…

…tion (elastic#27969) (elastic#27978) * Fix issue where --insecure didn't propogate to Fleet Server ES connection. * Add changelog. (cherry picked from commit 576be96) Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
leweafan · Sep 16, 2021 · cb4ecaa · cb4ecaa
1 parent 4205e94
commit cb4ecaa
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc
@@ -82,6 +82,7 @@
 - Add validation for certificate flags to ensure they are absolute paths. {pull}27779[27779]
 - Migrate state on upgrade {pull}27825[27825]
 - Snapshot artifact lookup will use agent.download proxy settings. {issue}27903[27903] {pull}27904[27904]
+- Fix issue where --insecure didn't propogate to Fleet Server ES connection. {pull}27969[27969]
 
 ==== New features
 

diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go
@@ -263,6 +263,7 @@ func (c *enrollCmd) fleetServerBootstrap(ctx context.Context) (string, error) {
 		c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken,
 		c.options.FleetServer.PolicyID,
 		c.options.FleetServer.Host, c.options.FleetServer.Port,
+		c.options.Insecure,
 		c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA,
 		c.options.FleetServer.Headers,
 		c.options.FleetServer.ProxyURL,
@@ -460,6 +461,7 @@ func (c *enrollCmd) enroll(ctx context.Context, persistentConfig map[string]inte
 			c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken,
 			c.options.FleetServer.PolicyID,
 			c.options.FleetServer.Host, c.options.FleetServer.Port,
+			c.options.Insecure,
 			c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA,
 			c.options.FleetServer.Headers,
 			c.options.FleetServer.ProxyURL, c.options.FleetServer.ProxyDisabled, c.options.FleetServer.ProxyHeaders)
@@ -759,7 +761,7 @@ func storeAgentInfo(s saver, reader io.Reader) error {
 
 func createFleetServerBootstrapConfig(
 	connStr, serviceToken, policyID, host string,
-	port uint16,
+	port uint16, insecure bool,
 	cert, key, esCA string,
 	headers map[string]string,
 	proxyURL string,
@@ -817,6 +819,12 @@ func createFleetServerBootstrapConfig(
 			},
 		}
 	}
+	if insecure {
+		if cfg.Server.TLS == nil {
+			cfg.Server.TLS = &tlscommon.Config{}
+		}
+		cfg.Server.TLS.VerificationMode = tlscommon.VerifyNone
+	}
 
 	if localFleetServer {
 		cfg.Client.Transport.Proxy.Disable = true