Skip to content

Commit

Permalink
[Elastic-Agent] Modify output to be insecure if flag is provided (#28007
Browse files Browse the repository at this point in the history
)

[Elastic-Agent] Modify output to be insecure if flag is provided (#28007)

(cherry picked from commit 62d84db)

# Conflicts:
#	x-pack/elastic-agent/pkg/agent/cmd/enroll.go
#	x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go
  • Loading branch information
michalpristas authored and mergify-bot committed Oct 13, 2021
1 parent abb76c1 commit b83ee02
Show file tree
Hide file tree
Showing 7 changed files with 86 additions and 4 deletions.
4 changes: 4 additions & 0 deletions x-pack/elastic-agent/pkg/agent/cmd/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ The following actions are possible and grouped based on the actions.
FLEET_SERVER_ELASTICSEARCH_USERNAME - elasticsearch username for Fleet Server [$ELASTICSEARCH_USERNAME]
FLEET_SERVER_ELASTICSEARCH_PASSWORD - elasticsearch password for Fleet Server [$ELASTICSEARCH_PASSWORD]
FLEET_SERVER_ELASTICSEARCH_CA - path to certificate authority to use with communicate with elasticsearch [$ELASTICSEARCH_CA]
FLEET_SERVER_ELASTICSEARCH_INSECURE - disables cert validation for communication with Elasticsearch
FLEET_SERVER_SERVICE_TOKEN - service token to use for communication with elasticsearch
FLEET_SERVER_POLICY_ID - policy ID for Fleet Server to use for itself ("Default Fleet Server policy" used when undefined)
FLEET_SERVER_HOST - binding host for Fleet Server HTTP (overrides the policy). By default this is 0.0.0.0.
Expand Down Expand Up @@ -378,6 +379,9 @@ func buildEnrollArgs(cfg setupConfig, token string, policyID string) ([]string,
if cfg.FleetServer.InsecureHTTP || cfg.Fleet.Insecure {
args = append(args, "--insecure")
}
if cfg.FleetServer.Elasticsearch.Insecure {
args = append(args, "--fleet-server-es-insecure")
}
} else {
if cfg.Fleet.URL == "" {
return nil, errors.New("FLEET_URL is required when FLEET_ENROLL is true without FLEET_SERVER_ENABLE")
Expand Down
29 changes: 29 additions & 0 deletions x-pack/elastic-agent/pkg/agent/cmd/enroll.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ func addEnrollFlags(cmd *cobra.Command) {
cmd.Flags().StringP("enrollment-token", "t", "", "Enrollment token to use to enroll Agent into Fleet")
cmd.Flags().StringP("fleet-server-es", "", "", "Start and run a Fleet Server along side this Elastic Agent connecting to the provided elasticsearch")
cmd.Flags().StringP("fleet-server-es-ca", "", "", "Path to certificate authority to use with communicate with elasticsearch")
cmd.Flags().BoolP("fleet-server-es-insecure", "", false, "Disables validation of certificates")
cmd.Flags().StringP("fleet-server-service-token", "", "", "Service token to use for communication with elasticsearch")
cmd.Flags().StringP("fleet-server-policy", "", "", "Start and run a Fleet Server on this specific policy")
cmd.Flags().StringP("fleet-server-host", "", "", "Fleet Server HTTP binding host (overrides the policy)")
Expand All @@ -79,6 +80,7 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string
}
fServer, _ := cmd.Flags().GetString("fleet-server-es")
fElasticSearchCA, _ := cmd.Flags().GetString("fleet-server-es-ca")
fElasticSearchInsecure, _ := cmd.Flags().GetBool("fleet-server-es-insecure")
fServiceToken, _ := cmd.Flags().GetString("fleet-server-service-token")
fPolicy, _ := cmd.Flags().GetString("fleet-server-policy")
fHost, _ := cmd.Flags().GetString("fleet-server-host")
Expand Down Expand Up @@ -174,6 +176,17 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string
args = append(args, k+"="+v)
}

<<<<<<< HEAD
=======
if delayEnroll {
args = append(args, "--delay-enroll")
}

if fElasticSearchInsecure {
args = append(args, "--fleet-server-es-insecure")
}

>>>>>>> 62d84db2a4 ([Elastic-Agent] Modify output to be insecure if flag is provided (#28007))
return args
}

Expand Down Expand Up @@ -236,6 +249,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, args []string) error {
enrollmentToken, _ := cmd.Flags().GetString("enrollment-token")
fServer, _ := cmd.Flags().GetString("fleet-server-es")
fElasticSearchCA, _ := cmd.Flags().GetString("fleet-server-es-ca")
fElasticSearchInsecure, _ := cmd.Flags().GetBool("fleet-server-es-insecure")
fHeaders, _ := cmd.Flags().GetStringSlice("header")
fServiceToken, _ := cmd.Flags().GetString("fleet-server-service-token")
fPolicy, _ := cmd.Flags().GetString("fleet-server-policy")
Expand Down Expand Up @@ -266,6 +280,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, args []string) error {
Staging: staging,
FixPermissions: fromInstall,
FleetServer: enrollCmdFleetServerOption{
<<<<<<< HEAD
ConnStr: fServer,
ElasticsearchCA: fElasticSearchCA,
ServiceToken: fServiceToken,
Expand All @@ -280,6 +295,20 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, args []string) error {
ProxyURL: fProxyURL,
ProxyDisabled: fProxyDisabled,
ProxyHeaders: mapFromEnvList(fProxyHeaders),
=======
ConnStr: fServer,
ElasticsearchCA: fElasticSearchCA,
ElasticsearchInsecure: fElasticSearchInsecure,
ServiceToken: fServiceToken,
PolicyID: fPolicy,
Host: fHost,
Port: fPort,
Cert: fCert,
CertKey: fCertKey,
Insecure: fInsecure,
SpawnAgent: !fromInstall,
Headers: mapFromEnvList(fHeaders),
>>>>>>> 62d84db2a4 ([Elastic-Agent] Modify output to be insecure if flag is provided (#28007))
},
}

Expand Down
42 changes: 39 additions & 3 deletions x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ type enrollCmd struct {

// enrollCmdFleetServerOption define all the supported enrollment options for bootstrapping with Fleet Server.
type enrollCmdFleetServerOption struct {
<<<<<<< HEAD
ConnStr string
ElasticsearchCA string
ServiceToken string
Expand All @@ -85,6 +86,20 @@ type enrollCmdFleetServerOption struct {
ProxyURL string
ProxyDisabled bool
ProxyHeaders map[string]string
=======
ConnStr string
ElasticsearchCA string
ElasticsearchInsecure bool
ServiceToken string
PolicyID string
Host string
Port uint16
Cert string
CertKey string
Insecure bool
SpawnAgent bool
Headers map[string]string
>>>>>>> 62d84db2a4 ([Elastic-Agent] Modify output to be insecure if flag is provided (#28007))
}

// enrollCmdOption define all the supported enrollment option.
Expand Down Expand Up @@ -265,9 +280,16 @@ func (c *enrollCmd) fleetServerBootstrap(ctx context.Context) (string, error) {
c.options.FleetServer.Host, c.options.FleetServer.Port,
c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA,
c.options.FleetServer.Headers,
<<<<<<< HEAD
c.options.FleetServer.ProxyURL,
c.options.FleetServer.ProxyDisabled,
c.options.FleetServer.ProxyHeaders,
=======
c.options.ProxyURL,
c.options.ProxyDisabled,
c.options.ProxyHeaders,
c.options.FleetServer.ElasticsearchInsecure,
>>>>>>> 62d84db2a4 ([Elastic-Agent] Modify output to be insecure if flag is provided (#28007))
)
if err != nil {
return "", err
Expand Down Expand Up @@ -462,7 +484,13 @@ func (c *enrollCmd) enroll(ctx context.Context, persistentConfig map[string]inte
c.options.FleetServer.Host, c.options.FleetServer.Port,
c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA,
c.options.FleetServer.Headers,
<<<<<<< HEAD
c.options.FleetServer.ProxyURL, c.options.FleetServer.ProxyDisabled, c.options.FleetServer.ProxyHeaders)
=======
c.options.ProxyURL, c.options.ProxyDisabled, c.options.ProxyHeaders,
c.options.FleetServer.ElasticsearchInsecure,
)
>>>>>>> 62d84db2a4 ([Elastic-Agent] Modify output to be insecure if flag is provided (#28007))
if err != nil {
return err
}
Expand Down Expand Up @@ -765,16 +793,21 @@ func createFleetServerBootstrapConfig(
proxyURL string,
proxyDisabled bool,
proxyHeaders map[string]string,
insecure bool,
) (*configuration.FleetAgentConfig, error) {
localFleetServer := connStr != ""

es, err := configuration.ElasticsearchFromConnStr(connStr, serviceToken)
es, err := configuration.ElasticsearchFromConnStr(connStr, serviceToken, insecure)
if err != nil {
return nil, err
}
if esCA != "" {
es.TLS = &tlscommon.Config{
CAs: []string{esCA},
if es.TLS == nil {
es.TLS = &tlscommon.Config{
CAs: []string{esCA},
}
} else {
es.TLS.CAs = []string{esCA}
}
}
if host == "" {
Expand Down Expand Up @@ -816,6 +849,9 @@ func createFleetServerBootstrapConfig(
Key: key,
},
}
if insecure {
cfg.Server.TLS.VerificationMode = tlscommon.VerifyNone
}
}

if localFleetServer {
Expand Down
1 change: 1 addition & 0 deletions x-pack/elastic-agent/pkg/agent/cmd/inspect.go
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,7 @@ func getProgramsFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, cfg *c
if err != nil {
return nil, err
}

composableWaiter := newWaitForCompose(composableCtrl)
configModifiers := &pipeline.ConfigModifiers{
Decorators: []pipeline.DecoratorFunc{modifiers.InjectMonitoring},
Expand Down
2 changes: 2 additions & 0 deletions x-pack/elastic-agent/pkg/agent/cmd/setup_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ type elasticsearchConfig struct {
Username string `config:"username"`
Password string `config:"password"`
ServiceToken string `config:"service_token"`
Insecure bool `config:"insecure"`
}

type kibanaConfig struct {
Expand Down Expand Up @@ -91,6 +92,7 @@ func defaultAccessConfig() (setupConfig, error) {
Password: envWithDefault("changeme", "FLEET_SERVER_ELASTICSEARCH_PASSWORD", "ELASTICSEARCH_PASSWORD"),
ServiceToken: envWithDefault("", "FLEET_SERVER_SERVICE_TOKEN"),
CA: envWithDefault("", "FLEET_SERVER_ELASTICSEARCH_CA", "ELASTICSEARCH_CA"),
Insecure: envBool("FLEET_SERVER_ELASTICSEARCH_INSECURE"),
},
Enable: envBool("FLEET_SERVER_ENABLE"),
Host: envWithDefault("", "FLEET_SERVER_HOST"),
Expand Down
7 changes: 6 additions & 1 deletion x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ type Elasticsearch struct {
}

// ElasticsearchFromConnStr returns an Elasticsearch configuration from the connection string.
func ElasticsearchFromConnStr(conn string, serviceToken string) (Elasticsearch, error) {
func ElasticsearchFromConnStr(conn string, serviceToken string, insecure bool) (Elasticsearch, error) {
u, err := url.Parse(conn)
if err != nil {
return Elasticsearch{}, err
Expand All @@ -64,6 +64,11 @@ func ElasticsearchFromConnStr(conn string, serviceToken string) (Elasticsearch,
Path: u.Path,
TLS: nil,
}
if insecure {
cfg.TLS = &tlscommon.Config{
VerificationMode: tlscommon.VerifyNone,
}
}
if serviceToken != "" {
cfg.ServiceToken = serviceToken
return cfg, nil
Expand Down
5 changes: 5 additions & 0 deletions x-pack/elastic-agent/pkg/agent/transpiler/ast.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,11 @@ func (d *Dict) Find(key string) (Node, bool) {
return nil, false
}

// Insert inserts a value into a collection.
func (d *Dict) Insert(node Node) {
d.value = append(d.value, node)
}

func (d *Dict) String() string {
var sb strings.Builder
for i := 0; i < len(d.value); i++ {
Expand Down

0 comments on commit b83ee02

Please sign in to comment.