Skip to content

Commit

Permalink
[Elastic Agent] Add validation to ensure certificate paths are absolu…
Browse files Browse the repository at this point in the history
…te. (elastic#27779)

* Add validation to ensure certificate paths are absolute.

* Add changelog entry.
  • Loading branch information
blakerouse authored and wiwen committed Nov 1, 2021
1 parent d3323f7 commit d73407f
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 0 deletions.
1 change: 1 addition & 0 deletions x-pack/elastic-agent/CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@
- Fix issue with install directory in state path in K8s {pull}27396[27396]
- Disable monitoring during fleet-server bootstrapping. {pull}27222[27222]
- Change output.elasticsearch.proxy_disabled flag to output.elasticsearch.proxy_disable so fleet uses it. {issue}27670[27670] {pull}27671[27671]
- Add validation for certificate flags to ensure they are absolute paths. {pull}27779[27779]

==== New features

Expand Down
26 changes: 26 additions & 0 deletions x-pack/elastic-agent/pkg/agent/cmd/enroll.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"fmt"
"os"
"os/signal"
"path/filepath"
"strconv"
"strings"
"syscall"
Expand Down Expand Up @@ -71,6 +72,26 @@ func addEnrollFlags(cmd *cobra.Command) {
cmd.Flags().BoolP("delay-enroll", "", false, "Delays enrollment to occur on first start of the Elastic Agent service")
}

func validateEnrollFlags(cmd *cobra.Command) error {
ca, _ := cmd.Flags().GetString("certificate-authorities")
if ca != "" && !filepath.IsAbs(ca) {
return errors.New("--certificate-authorities must be provided as an absolute path", errors.M("path", ca), errors.TypeConfig)
}
esCa, _ := cmd.Flags().GetString("fleet-server-es-ca")
if esCa != "" && !filepath.IsAbs(esCa) {
return errors.New("--fleet-server-es-ca must be provided as an absolute path", errors.M("path", esCa), errors.TypeConfig)
}
fCert, _ := cmd.Flags().GetString("fleet-server-cert")
if fCert != "" && !filepath.IsAbs(fCert) {
return errors.New("--fleet-server-cert must be provided as an absolute path", errors.M("path", fCert), errors.TypeConfig)
}
fCertKey, _ := cmd.Flags().GetString("fleet-server-cert-key")
if fCertKey != "" && !filepath.IsAbs(fCertKey) {
return errors.New("--fleet-server-cert-key must be provided as an absolute path", errors.M("path", fCertKey), errors.TypeConfig)
}
return nil
}

func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string {
if url == "" {
url, _ = cmd.Flags().GetString("url")
Expand Down Expand Up @@ -184,6 +205,11 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string
}

func enroll(streams *cli.IOStreams, cmd *cobra.Command, args []string) error {
err := validateEnrollFlags(cmd)
if err != nil {
return err
}

fromInstall, _ := cmd.Flags().GetBool("from-install")

pathConfigFile := paths.ConfigFile()
Expand Down
5 changes: 5 additions & 0 deletions x-pack/elastic-agent/pkg/agent/cmd/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ would like the Agent to operate.
}

func installCmd(streams *cli.IOStreams, cmd *cobra.Command, args []string) error {
err := validateEnrollFlags(cmd)
if err != nil {
return err
}

isAdmin, err := install.HasRoot()
if err != nil {
return fmt.Errorf("unable to perform install command while checking for administrator rights, %v", err)
Expand Down

0 comments on commit d73407f

Please sign in to comment.