Fix issue where --insecure didn't propogate to Fleet Server ES connec…

…tion (#27969) * Fix issue where --insecure didn't propogate to Fleet Server ES connection. * Add changelog.
elastic · Sep 16, 2021 · cbbe8c2 · cbbe8c2
1 parent 455a733
commit cbbe8c2
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc
@@ -87,6 +87,7 @@
 - Add "_monitoring" suffix to monitoring instance names to remove ambiguity with the status command. {issue}25449[25449]
 - Ignore ErrNotExists when fixing permissions. {issue}27836[27836] {pull}27846[27846]
 - Snapshot artifact lookup will use agent.download proxy settings. {issue}27903[27903] {pull}27904[27904]
+- Fix issue where --insecure didn't propogate to Fleet Server ES connection. {pull}27969[27969]
 
 ==== New features
 

diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go
@@ -299,6 +299,7 @@ func (c *enrollCmd) fleetServerBootstrap(ctx context.Context) (string, error) {
 		c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken,
 		c.options.FleetServer.PolicyID,
 		c.options.FleetServer.Host, c.options.FleetServer.Port,
+		c.options.Insecure,
 		c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA,
 		c.options.FleetServer.Headers,
 		c.options.ProxyURL,
@@ -495,6 +496,7 @@ func (c *enrollCmd) enroll(ctx context.Context, persistentConfig map[string]inte
 			c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken,
 			c.options.FleetServer.PolicyID,
 			c.options.FleetServer.Host, c.options.FleetServer.Port,
+			c.options.Insecure,
 			c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA,
 			c.options.FleetServer.Headers,
 			c.options.ProxyURL, c.options.ProxyDisabled, c.options.ProxyHeaders)
@@ -800,7 +802,7 @@ func storeAgentInfo(s saver, reader io.Reader) error {
 
 func createFleetServerBootstrapConfig(
 	connStr, serviceToken, policyID, host string,
-	port uint16,
+	port uint16, insecure bool,
 	cert, key, esCA string,
 	headers map[string]string,
 	proxyURL string,
@@ -858,6 +860,12 @@ func createFleetServerBootstrapConfig(
 			},
 		}
 	}
+	if insecure {
+		if cfg.Server.TLS == nil {
+			cfg.Server.TLS = &tlscommon.Config{}
+		}
+		cfg.Server.TLS.VerificationMode = tlscommon.VerifyNone
+	}
 
 	if localFleetServer {
 		cfg.Client.Transport.Proxy.Disable = true