From 74b6e5e4a96d06b08549878a467151af033c7c2b Mon Sep 17 00:00:00 2001 From: Blake Rouse Date: Tue, 23 Feb 2021 13:34:54 -0500 Subject: [PATCH] [Elastic Agent] Add options to bootstrap Fleet Server with TLS (#24142) * Add support for SSL with bootstraping fleet-server. * Run mage fmt. * Fix issues with enrollment w/ fleet-server. * Add changelog. --- x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + .../pkg/agent/application/config.go | 13 +- .../pkg/agent/application/enroll_cmd.go | 142 +++++++++++++----- x-pack/elastic-agent/pkg/agent/cmd/enroll.go | 40 +++++ .../pkg/agent/configuration/fleet_server.go | 3 + .../pkg/agent/program/supported.go | 2 +- x-pack/elastic-agent/spec/fleet-server.yml | 7 + 7 files changed, 167 insertions(+), 41 deletions(-) diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index cb53ef11824..eaf03707867 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -71,3 +71,4 @@ - Add metrics collection for Agent {pull}22793[22793] - Add support for Fleet Server {pull}23736[23736] - Add support for enrollment with local bootstrap of Fleet Server {pull}23865[23865] +- Add TLS support for Fleet Server {pull}24142[24142] diff --git a/x-pack/elastic-agent/pkg/agent/application/config.go b/x-pack/elastic-agent/pkg/agent/application/config.go index d0eb80449a2..6c74b251ca0 100644 --- a/x-pack/elastic-agent/pkg/agent/application/config.go +++ b/x-pack/elastic-agent/pkg/agent/application/config.go @@ -5,6 +5,7 @@ package application import ( + "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/kibana" @@ -27,7 +28,7 @@ func createFleetConfigFromEnroll(accessAPIKey string, kbn *kibana.Config) (*conf return cfg, nil } -func createFleetServerBootstrapConfig(connStr string, policyID string) (*configuration.FleetAgentConfig, error) { +func createFleetServerBootstrapConfig(connStr string, policyID string, host string, port uint16, cert string, key string) (*configuration.FleetAgentConfig, error) { es, err := configuration.ElasticsearchFromConnStr(connStr) if err != nil { return nil, err @@ -39,10 +40,20 @@ func createFleetServerBootstrapConfig(connStr string, policyID string) (*configu Output: configuration.FleetServerOutputConfig{ Elasticsearch: es, }, + Host: host, + Port: port, } if policyID != "" { cfg.Server.Policy = &configuration.FleetServerPolicyConfig{ID: policyID} } + if cert != "" || key != "" { + cfg.Server.TLS = &tlscommon.Config{ + Certificate: tlscommon.CertificateConfig{ + Certificate: cert, + Key: key, + }, + } + } if err := cfg.Valid(); err != nil { return nil, errors.New(err, "invalid enrollment options", errors.TypeConfig) diff --git a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go index 22d3f8625d0..ca77dc0140e 100644 --- a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go @@ -15,16 +15,17 @@ import ( "os" "time" - "github.com/elastic/beats/v7/libbeat/common/backoff" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/proto" - "gopkg.in/yaml.v2" + "github.com/elastic/beats/v7/libbeat/common/backoff" + "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/proto" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/authority" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/kibana" @@ -32,8 +33,9 @@ import ( ) const ( - waitingForAgent = "waiting for Elastic Agent to start" - waitingForFleetServer = "waiting for Elastic Agent to start Fleet Server" + waitingForAgent = "waiting for Elastic Agent to start" + waitingForFleetServer = "waiting for Elastic Agent to start Fleet Server" + defaultFleetServerPort = 8220 ) var ( @@ -84,6 +86,11 @@ type EnrollCmdOption struct { Staging string FleetServerConnStr string FleetServerPolicyID string + FleetServerHost string + FleetServerPort uint16 + FleetServerCert string + FleetServerCertKey string + FleetServerInsecure bool } func (e *EnrollCmdOption) kibanaConfig() (*kibana.Config, error) { @@ -140,46 +147,40 @@ func NewEnrollCmdWithStore( configPath string, store store, ) (*EnrollCmd, error) { - - cfg, err := options.kibanaConfig() - if err != nil { - return nil, errors.New( - err, "Error", - errors.TypeConfig, - errors.M(errors.MetaKeyURI, options.URL)) - } - - client, err := fleetapi.NewWithConfig(log, cfg) - if err != nil { - return nil, errors.New( - err, "Error", - errors.TypeNetwork, - errors.M(errors.MetaKeyURI, options.URL)) - } - return &EnrollCmd{ - log: log, - client: client, - options: options, - kibanaConfig: cfg, - configStore: store, + log: log, + options: options, + configStore: store, }, nil } // Execute tries to enroll the agent into Fleet. func (c *EnrollCmd) Execute(ctx context.Context) error { + var err error if c.options.FleetServerConnStr != "" { - err := c.fleetServerBootstrap(ctx) + err = c.fleetServerBootstrap(ctx) if err != nil { return err } + } + + c.kibanaConfig, err = c.options.kibanaConfig() + if err != nil { + return errors.New( + err, "Error", + errors.TypeConfig, + errors.M(errors.MetaKeyURI, c.options.URL)) + } - // enroll should use localhost as fleet-server is now running - // it must also restart - c.options.URL = "http://localhost:8000" + c.client, err = fleetapi.NewWithConfig(c.log, c.kibanaConfig) + if err != nil { + return errors.New( + err, "Error", + errors.TypeNetwork, + errors.M(errors.MetaKeyURI, c.options.URL)) } - err := c.enrollWithBackoff(ctx) + err = c.enrollWithBackoff(ctx) if err != nil { return errors.New(err, "fail to enroll") } @@ -198,7 +199,15 @@ func (c *EnrollCmd) fleetServerBootstrap(ctx context.Context) error { return errors.New("failed to communicate with elastic-agent daemon; is elastic-agent running?") } - fleetConfig, err := createFleetServerBootstrapConfig(c.options.FleetServerConnStr, c.options.FleetServerPolicyID) + err = c.prepareFleetTLS() + if err != nil { + return err + } + + fleetConfig, err := createFleetServerBootstrapConfig( + c.options.FleetServerConnStr, c.options.FleetServerPolicyID, + c.options.FleetServerHost, c.options.FleetServerPort, + c.options.FleetServerCert, c.options.FleetServerCertKey) configToStore := map[string]interface{}{ "fleet": fleetConfig, } @@ -222,6 +231,53 @@ func (c *EnrollCmd) fleetServerBootstrap(ctx context.Context) error { return nil } +func (c *EnrollCmd) prepareFleetTLS() error { + host := c.options.FleetServerHost + if host == "" { + host = "localhost" + } + port := c.options.FleetServerPort + if port == 0 { + port = defaultFleetServerPort + } + if c.options.FleetServerCert != "" && c.options.FleetServerCertKey == "" { + return errors.New("certificate private key is required when certificate provided") + } + if c.options.FleetServerCertKey != "" && c.options.FleetServerCert == "" { + return errors.New("certificate is required when certificate private key is provided") + } + if c.options.FleetServerCert == "" && c.options.FleetServerCertKey == "" { + if c.options.FleetServerInsecure { + // running insecure, force the binding to localhost (unless specified) + if c.options.FleetServerHost == "" { + c.options.FleetServerHost = "localhost" + } + c.options.URL = fmt.Sprintf("http://%s:%d", host, port) + c.options.Insecure = true + return nil + } + + c.log.Info("Generating self-signed certificate for Fleet Server") + hostname, err := os.Hostname() + if err != nil { + return err + } + ca, err := authority.NewCA() + if err != nil { + return err + } + pair, err := ca.GeneratePairWithName(hostname) + if err != nil { + return err + } + c.options.FleetServerCert = string(pair.Crt) + c.options.FleetServerCertKey = string(pair.Key) + c.options.URL = fmt.Sprintf("https://%s:%d", hostname, port) + c.options.CAs = []string{string(ca.Crt())} + } + return nil +} + func (c *EnrollCmd) daemonReload(ctx context.Context) error { daemon := client.New() err := daemon.Connect(ctx) @@ -276,6 +332,9 @@ func (c *EnrollCmd) enroll(ctx context.Context) error { } fleetConfig, err := createFleetConfigFromEnroll(resp.Item.AccessAPIKey, c.kibanaConfig) + if err != nil { + return err + } agentConfig := map[string]interface{}{ "id": resp.Item.ID, } @@ -286,7 +345,10 @@ func (c *EnrollCmd) enroll(ctx context.Context) error { } } if c.options.FleetServerConnStr != "" { - serverConfig, err := createFleetServerBootstrapConfig(c.options.FleetServerConnStr, c.options.FleetServerPolicyID) + serverConfig, err := createFleetServerBootstrapConfig( + c.options.FleetServerConnStr, c.options.FleetServerPolicyID, + c.options.FleetServerHost, c.options.FleetServerPort, + c.options.FleetServerCert, c.options.FleetServerCertKey) if err != nil { return err } @@ -400,10 +462,12 @@ func waitForFleetServer(ctx context.Context, log *logger.Logger) error { resChan <- waitResult{} break } - appMsg := fmt.Sprintf("Fleet Server - %s", app.Message) - if msg != appMsg { - msg = appMsg - log.Info(appMsg) + if app.Message != "" { + appMsg := fmt.Sprintf("Fleet Server - %s", app.Message) + if msg != appMsg { + msg = appMsg + log.Info(appMsg) + } } } }() diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go index cd4b12ef422..32201329fc1 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go @@ -9,6 +9,7 @@ import ( "fmt" "os" "os/signal" + "strconv" "syscall" "github.com/spf13/cobra" @@ -52,6 +53,11 @@ func addEnrollFlags(cmd *cobra.Command) { cmd.Flags().StringP("enrollment-token", "t", "", "Enrollment token to use to enroll Agent into Fleet") cmd.Flags().StringP("fleet-server", "", "", "Start and run a Fleet Server along side this Elastic Agent") cmd.Flags().StringP("fleet-server-policy", "", "", "Start and run a Fleet Server on this specific policy") + cmd.Flags().StringP("fleet-server-host", "", "", "Fleet Server HTTP binding host (overrides the policy)") + cmd.Flags().Uint16P("fleet-server-port", "", 0, "Fleet Server HTTP binding port (overrides the policy)") + cmd.Flags().StringP("fleet-server-cert", "", "", "Certificate to use for exposed Fleet Server HTTPS endpoint") + cmd.Flags().StringP("fleet-server-cert-key", "", "", "Private key to use for exposed Fleet Server HTTPS endpoint") + cmd.Flags().BoolP("fleet-server-insecure-http", "", false, "Expose Fleet Server over HTTP (not recommended; insecure)") cmd.Flags().StringP("certificate-authorities", "a", "", "Comma separated list of root certificate for server verifications") cmd.Flags().StringP("ca-sha256", "p", "", "Comma separated list of certificate authorities hash pins used for certificate verifications") cmd.Flags().BoolP("insecure", "i", false, "Allow insecure connection to Kibana") @@ -70,6 +76,11 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string } fServer, _ := cmd.Flags().GetString("fleet-server") fPolicy, _ := cmd.Flags().GetString("fleet-server-policy") + fHost, _ := cmd.Flags().GetString("fleet-server-host") + fPort, _ := cmd.Flags().GetUint16("fleet-server-port") + fCert, _ := cmd.Flags().GetString("fleet-server-cert") + fCertKey, _ := cmd.Flags().GetString("fleet-server-cert-key") + fInsecure, _ := cmd.Flags().GetBool("fleet-server-insecure-http") ca, _ := cmd.Flags().GetString("certificate-authorities") sha256, _ := cmd.Flags().GetString("ca-sha256") insecure, _ := cmd.Flags().GetBool("insecure") @@ -92,6 +103,25 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string args = append(args, "--fleet-server-policy") args = append(args, fPolicy) } + if fHost != "" { + args = append(args, "--fleet-server-host") + args = append(args, fHost) + } + if fPort > 0 { + args = append(args, "--fleet-server-port") + args = append(args, strconv.Itoa(int(fPort))) + } + if fCert != "" { + args = append(args, "--fleet-server-cert") + args = append(args, fCert) + } + if fCertKey != "" { + args = append(args, "--fleet-server-cert-key") + args = append(args, fCertKey) + } + if fInsecure { + args = append(args, "--fleet-server-insecure-http") + } if ca != "" { args = append(args, "--certificate-authorities") args = append(args, ca) @@ -170,6 +200,11 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args enrollmentToken, _ := cmd.Flags().GetString("enrollment-token") fServer, _ := cmd.Flags().GetString("fleet-server") fPolicy, _ := cmd.Flags().GetString("fleet-server-policy") + fHost, _ := cmd.Flags().GetString("fleet-server-host") + fPort, _ := cmd.Flags().GetUint16("fleet-server-port") + fCert, _ := cmd.Flags().GetString("fleet-server-cert") + fCertKey, _ := cmd.Flags().GetString("fleet-server-cert-key") + fInsecure, _ := cmd.Flags().GetBool("fleet-server-insecure-http") caStr, _ := cmd.Flags().GetString("certificate-authorities") CAs := cli.StringToSlice(caStr) @@ -189,6 +224,11 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args Staging: staging, FleetServerConnStr: fServer, FleetServerPolicyID: fPolicy, + FleetServerHost: fHost, + FleetServerPort: fPort, + FleetServerCert: fCert, + FleetServerCertKey: fCertKey, + FleetServerInsecure: fInsecure, } c, err := application.NewEnrollCmd( diff --git a/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go b/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go index 3ff7ad91b2e..939fb550482 100644 --- a/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go +++ b/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go @@ -16,6 +16,9 @@ type FleetServerConfig struct { Bootstrap bool `config:"bootstrap" yaml:"bootstrap,omitempty"` Policy *FleetServerPolicyConfig `config:"policy" yaml:"policy,omitempty"` Output FleetServerOutputConfig `config:"output" yaml:"output,omitempty"` + Host string `config:"host" yaml:"host,omitempty"` + Port uint16 `config:"port" yaml:"port,omitempty"` + TLS *tlscommon.Config `config:"ssl" yaml:"ssl,omitempty"` } // FleetServerPolicyConfig is the configuration for the policy Fleet Server should run on. diff --git a/x-pack/elastic-agent/pkg/agent/program/supported.go b/x-pack/elastic-agent/pkg/agent/program/supported.go index 85522517c16..a6189687b2d 100644 --- a/x-pack/elastic-agent/pkg/agent/program/supported.go +++ b/x-pack/elastic-agent/pkg/agent/program/supported.go @@ -24,7 +24,7 @@ func init() { // spec/heartbeat.yml // spec/metricbeat.yml // spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzMeluXorq69v33M+bttw8cylqLPca6EGsRQIuaYhcJuSOJAhrQ1YKKe+z/vkfCQUCrq7vnHD33RQ2tGHJ48x6e5wn//dvxsKb/GR2yfz+uv57WX/+jyvhv//UbyawCf9nHy8D0FoHHaY45jQ9bApfPDrDOZKVeMXI1jJx5iFwlgjgJ9Ye/5fS6j2HlFP7KOToztwjhJMFaUGA4URZZUIbQPWK4NJjtqlj2+aivesLg3VjP1HMIva8LiI8YBoqTnmMnVS35mQ3mLzGwlDAwrsx2eQjV6/18LpvlrkpAcH2L97EzU+JQM87rwFCIahwj5Cl1+zR2ZuaBgaB4S82MgICzadeukOs+juDkzJB/naXTuh0YJdK8E8nwMYKe8paaJdGMs/h9sTKLEE2fu762mTAQPzug3tOtvb+2pm2mxDQLCqJjjrSCr7/s57ff6r9ICyZvqZmEmsep7m1CZB5k3+VPjVNhZJ5o7h9IRvt9Csd2OYGGhgPjK0a7237aPyDHjUPIOMmXc/kMwIe11Z6J8uzYhdHYJIvgRcHI3bDMOjLY37d5xfDCQ90/0e0jW9fzMJufcbdHUwvhRcXodbCuxcpMKFC6tRDb53R72zvVgiOGnkJ0987ud/PW450Y8s8MLYe2ac8yZ3sMn54dcOEkY0o0i3drjZfUDhSqKwfn5Sl+nZkJyZZxBKzrSgsm85n/N6IHiuizWZ1jVwuOIfKUCHpXDK0q1OJ8vtz/47d/qwN4nbPDPs2LUfj6cLKjwDiQfBm/a8GWIffA7N081NTdW2pykvlnovGSzdQrhp5KM66sl4dEHDXOrC172cf4NkaBQaDNcpkODqH2/uy8hPrbSzwnwMiRLlw4qU0G/ITm7EC2+9hJjdcIulWI3MlCabfxeuqt7UR1P2Hg/STGWWhBiW3zFImQX+1L0ebIMS8HkgdPb+k0XWjGmc0MiwDrygDfLpTeM7qnhMjnC+1ywpXR26Pyr0Um2py5MzP1CE52RGdXMd7yeqDIMiuisSqESuxn/IiRR9E/O7OL790cyLpcGbAUHFyo3Lt1eThPqCU81IpNBCei/5G87OeLlcnXINgiDR8IeG9c0zyHyN+LtfTtTW9nljb9Epqxzi0Xq2nKsqCKIJ44TRsDvMDQUMXZvV6ncwqMK7PEeJ4SwsvxLd4XDgieMPQ2WOyzDfs2Bc3cx36xcup+wKqw3oVU4czcbmynt67FSlUpEPb0+ai9wsg7MeRuMXpNe+N8MO+gf7nO+PnRXr3t9DzLzQoHhkoyXgqfIuD8PEuVGKOEh6oh0gtvbUeBpUQv+9jJer6DPB7qQRUhv7NnU8Lmt3CfpgxO7vZ8v5YudT9OeU27TD/cGKWqb6U7U6Zax/YnFLw3Z4cTYgf8tk6lH7dzaYOMHxkIKqSP+toeJyDYMmBUb6l5ILmpMvt13k+rGE6SMLtw3JS8cXperEyF5gGXe2rHkz7nnzp799NqahIsxkPLMoTeFiPvijTrHNVl5NimzkVWHMLMKsNAmT8qk4vMOkdLGVO9ctrG0rBM0zw49krBN0vXZ+VzsTIrDNUTy4KN7NsvE43NIo2nAr78wHwdbOqf10P73ew+2ONiNTq/mRK3ZaS/DpbxawSNchYf9AgE5VtqHjGc5AzEe9cu6jHtYWkiICix7u9FaWr9cbPaxb+n07MDrBLPzH2IvAVGOzFGUxJ9YzGb5hheEqr7h1D3eIjcbTSjh1nmnUQM0cwSfiLy8G6tuyoRMAO+l7KfrcTOFyV2NasiX0LFPd9K3ibla7KO7kqeSGnQ5SFatmVOhn2YBQmbHur0mZqkQ4y5x5kdnBcZP5LVhJPMSgkIdr9DESYeH6DLtm/uc4LMoywzPUSJM+tItfd0MZumi/f6k0CrlOgHBiWbTQqi+fx3FBcUWNuoUmtTz76Fer+JkI9EY3kEJ/kiu3CWBcffoc/DPMgdroyQubCJf13IshOkGFrKpykqlYjnX8LtkMZLDIKn1vUk0vqyj0X5o2cZggeSHUTK2lDdrzC0CqSLkipD6NQhrHtULFIpp7m/CSFWhPvXoS7Tm0BNJ6y/ypAg0DqP0/coNVYMXgZpsEHzCQGXDQPGhgB+ZS99pFuj93bN9NwP5Y8RfNsHo2SLkalIn5LuHCQEvcqzj+BSfnbpU56ze6aZIVOeCGVxTqO1PmAeYi1cwfJcejbNX392HzebZ0FGdLdJ3aIEyzhqzgpXRFOeHdCg1XNb6v5+a9O7Pc+bUitCWqR/uQekiXWr14/ObbzeCPmcfLnfx2DO84cpf5j+RuxJlqnMKql2EXBzkILbdQ0ZhLCBmlDbHDCEuv1ywg2Ek9/79pZ+gQXjOTUQS8bJkB2ZIl5LNjOuDPgSKlPd30XwaTRPoMk8oPtbKtYHvPMH46jYnj47drCj0+Faaljtn0KtEPuIMTC2kRZUo3GORKMnmgW7CHkbql1OTEBo4VOy7fV+/5VxXSNPPPfs2N5EPNPa4XtKJEMeR5qhMttUeyXs0+eGrP4WPx+z2QYyAUEzrC4/LbJJQmBwFbkY/0BpH81fqwzIE2V4/i0Weyvhzl1MNRBAWSOTNz49Zq+FAyydVuqWAHHWLGHA249+u77e7J+s86DCK7X2D5Co4S0O6jEAPjEBE/NdPweVDFgHknX+UTig8Z3b83moTwtqBynVgxuEB4nCbHPTh54dc7Z9hYLDlWhPtzbNyiLtnzeocouRwgHqhdm350kWKDi7nNhtf6fXa6iGSPjmsu8DPV9VRjEl/ufXwTy2v6U33xMx1PUVMH99+01QRuHrvxZOA15GmYTTAhOUElZn+PSWmn/b1NB3S3Sz81OcuyeRP0d1UdYG3MNGPwIxb/hp/4HioUj/pYKuZO9zpiVc5LM+ZOzNXf4J8PHozFiFoX+gFT2KPbpakeCsSNzqHLsiD0kZwNu71W7eQUa+XhePhU6/ZiPxuxZUglHPMq/AL8Jksl0w8aa9Zr+OdRRMtj6SmSph3T3kalgK6gTUPjz5iBXW7O0j9/okjTxkhw9crGOJ4/39WfODDrZ+ugYJa5eNTT5iSU3odGymWWe7FgFPBUS4Cae3MKwF6IYpzSadONyOtcjuxLUY3UTEFlp0Lt+IlS1D30RwIsLrsYAoYGHrB3njB+nkTLTLIdR3ZQSXj+Zq00b5Ouv6zn+hcNzRoJHQ+XFpHJy9tQ214EpVI6GAy74/N07D/v8i0XocE3368SHkvFcafmzPdnDFgfFYUP7OdT+GR39ojFLmSeSdQ+jxnzvLMfSS/1/xT+6xRw9+Sshv8t5IsB/nsulQQfkr1ZL4H53ykayjr8UD6WMFgoTmfk3tm/oVDdp6tauRJ6gWKAxNywheis+kjLYvA0FBgaRQZQdlXtQshJfrH7/AUxOSWTmGqqBP/fElJBr2FRSMifguiaRJZwODIGWQpmh0iyHhi/16GthjdPGHM/6EWjr7ZR+v9dElUafSehumcSWyjApDxtf29K5OjS6iKnE+KPcmJPf3GImzfT0t0uN31NS/pBYP5n14CZff5be7PFjbbkjvvhcu/lUQMVsXX1P6ILi+wEChGd82OmJzE65yZruHUGv0xvvb7itGvkpnkwMBymfB0vZVMFTPBFgK/kyPHAULgcYOf1GfFshMQu1YNEnuW3rkbXzkVwyOtEtg5FjjJa4mR6lnvKg7DF0VVy4TyYQBnoW1niQDilZGgZFfRdBrAsw80RogdddfDbeTBWNw/TS4klFP2JZFtMQzqTEoGCrlGqrddYvgNMLeGC2fRaIhmi+DeZEtT4LjiSS1yHlBZpNdhLxWf5vfivPjgO/rmBGc7DCKW41JcvO31Gz3eB3xs/Ytgw213ZMEQJrRBQ/RJhvBrXEmwNyyDlYBMASvy/2OW3e6auNvjdZVCd8hsLsuzGhmFPd6l3+6tXndWw/1OtWEvoyu+h5oeI/AY8sxkWYdifWBPlnPfZuzlxzu9z45EX3a12f4Gnic2ktZnLriXsm4ODS6aeertRY/0EFTtBytVfdPSLscqL4cXrW0+mLvjAYF/4f20Z1hiiGWyewXa6B3WhPS2YGBZEOzIMco6QDrA32pLkrp09eF1uQx/XX3zevHP3plOS5ED64tWzL4x/Xd4OMi/S2913ZFjK/nL8by95pE//9Fejzc26gppGKOl33sDgi3JCllCFU+1A8bPX1Ezlt9RuRvBi+8p4ElkRZsQuRW4fjKsPGRLk9oPfLX+Uq7Zo/3rwQ/10l7z/2ILjvStX6tljsmFL9ODx7p2IMaUr/5JGtJJs5Y1BiRI+Rdz3fdswwxhnh27Fut5kf6GEVgjvva0NXJQSxv77XLfkwOxv1ODfDxW0+DvZStv/+Rt6AWcj03oOfM2NcQ4q/hSn4/Eo0J7HEdk6hDRHfrRyzqHVjbSAuUAdCzBaAqOANjoEcLv57oE6An+tz1/SbQkyi1Uq0arX4X0MsFEl68v8vPT4DesO+HQI99BPQkg8PoQyb1S9RL2pxVq9DcLquFrSb1pXX294fK6p/Eav5PsBfp2P/z//43AAD//+9xxHg=") + unpacked := packer.MustUnpack("eJzMWltz6jqWfp+fcV57Lr6EdHuq+gGTtrAhzsEklqw3SwLbIBs62ICZmv8+JfmCbUiys8+p3fOQgsiypLW0Lt/6Fv/z22G/ov8V7tP/OKzej6v3/yxT/tt//0ZSK8evu2jhm+7cdznNMKfRfkPg4tEG1oks1QtGjoaRPQuQo4QQx4F+91lGL7sIlnbuLe2DPXHyAI5irPk5hiNlnvpFAJ0DhguDTR0VyzkfzVWPGLwZq4l6CqD7Pof4gKGv2MkpshPVkp9pb/8CA0sJfOPCpg4PoHq53c9hk8xRCfAvL9EusidKFGjGaeUbClGNQ4hcpRofR/bE3DPg5y+JmRLgczZuxxVy2UUhHJ0Y8i6TZFyNA6NAmnskKT6E0FVeErMgmnESz+dLMw/Q+LGdOzVjBqJHG1QyXce7Z6vHJkpEUz8nOuZIy/nqdTe7Pqv+Qs0fvSRmHGgup7q7DpC5l3MXP7VOiZF5pJm3JyntzsntqcMJNDTsG+8Yba/yNH9ArhsFkHGSLWbyHYD3K6u5E+XRnuZGrZM0hGcFI2fNUuvAYFdu84LhmQe6d6Sbe7qu9mFTfsKtjKYWwLOK0XPvXPOlGVOgtGchU4/TzVV2qvkHDF2F6M6N3m/2rdY7MuSdGFr0ddPcZcZ2GD482uDMScqUcBJtVxov6NRXqK7s7aeH6HlixiRdRCGwLkvNH80m3l+J7itiznp5ihzNPwTIVULoXjC0ykCLstli9/ff/r1y4FXG9rskywfu68HRlgJjT7JF9Kb5G4acPZtuZ4Gmbl8Sk5PUOxGNF2yiXjB0VZpyZbXYx+KqcWpt2NMuwtc1cgx8bZLJcLAPtLdH+ynQX56iGQFGhnRhwnGlMuDFNGN7stlFdmI8h9ApA+SM5kojxvOxc7Yj1b2YgbejWGeu+QWemsdQuPxyV4gxW6553pPMf3hJxslcM05sYlgEWBcG+GaudN7RXSVAHp9r5yMujY6Myj/nqRizZ/bE1EM42hKdXcR6i8ueIsssicbKACqRl/IDRi5F/2jVLr63eyDrfGHAUrB/plJ263x3n0CLeaDl6xCOxPwDedrN5kuTr4C/QRreE/BWm6Z5CpC3E2fp6pte7yyp58U0Za1ZzpfjhKV+GUI8susxBniOoaGKu3u+jGcUGBdmifVcJYDnw0u0y23gP2DorrGQs3H7JgRNnPt2sbSrecAqsd66VG5PnHZtu3Ou+VJVKRD69PhgvMTIPTLkbDB6TjrrfLBvb36xSvnpnqzuZnyaZGaJfUMlKS+ETRFwepwkSoRRzAPVEOGFN7qjwFLCp11kpx3bQS4PdL8Mkdfqs05hs6u7jxMGRzcy356lDd33Q149LsMPNwah6rNwZ8pQa0+9EQVv9d3hmEx9fj2n0vXbmdRByg8M+CXSB3OnLifA3zBglC+JuSeZqbLp86wbVjEcxUF65rhOecPwPF+aCs18LmVq1pM25x1bfXfDamISLNZDiyKA7gYj94I06xRWaeTQhM55mu+D1CoCX5ndS5Pz1DqFC+lTnXTa+FI/TdPMP3RSwaep66v0OV+aJYbqkaX+Ws7tpolaZ6HGEwFfvrFfC5u693VXf1e992ScLwf3N1GiJo10z8FSfgmhUUyivR4Cv3hJzAOGo4yBaOdM82rNaT81EeAXWPd2IjU19rhebqPfk/HJBlaBJ+YuQO4co61Yo06JnjGfjDMMzzHVvX2guzxAziac0P0kdY/Ch2hqCTsRcXi70h2VCJgB3wo5b6pE9qsSOZpVktdAcU7XlLdO+IqswpuUJ0IadHiAFk2ak24fpH7MxvsqfCYmaRFj5nI29U/zlB/IcsRJaiUE+NvfoXATl/fQZTM38zhB5kGmmQ6ixKl1oNpbMp+Mk/lb9UmgVUj0A/2CTUY50Tz+O4pyCqxNWKqVqiefod5PEfKBaCwL4Sibp2fOUv/wO/R4kPmZzZUBMhc68S5zmXb8BENL+TJEJRLx/FOYHdJ4gYH/0JieRFqvu0ikP3qSLrgn6V6ErDXVvRJDK0e6SKnShY4twrpFxSKUcpp56wBiRZh/5eoyvAnUdMT6s3QJAq3TMHwPQmPJ4LkXBms0HxNwXjNgrAngF/bURboVem/OTE9dV/4YwTdzMIo3GJmKtClpzn5M0LO8+xAu5GcbPuU9OyeaGjLkCVcW9zQ4653KQ5yFK1jeS0en2fPPynHVeeqnRHfq0C1SsPSj+q5wSTTl0QY1Wj01qe5v1zG9lXlWp1rh0iL8SxmQJs6tXj66t+F5Q+Rx8norR2/P04chvx/+BtWTTFOpVVDtLOBmLwQ35+pXEEIHakynZq9CqMbPR1xDOPm9q29pF1hUPMcaYkk/6VdHpvDXgk2MCwOehMpU97YhfBjs42syDujehorzAff0wToqno4f7am/peP+WSpY7R0DLRdyRBgYm1Dzy8E6B6LRI039bYjcNdXORyYgtLApOfZ8K39pXFbIFe892lN3JN5p9PAjKZIhlyPNUNnUVDsp7Mv3+lX91X8+rmZryAREmWG18WmejmIC/YuIxfgbqX2wf8UyIFek4dlnVew1hds3PlVDAGWFTF7b9LB6zW1g6bRUNwSIu2YxA+5u8OzyfNV/vMr8Ei/Vyj5ArAZXP6jWAPjIBEzMtt0YVDBg7Una2kdug9p2ru9ngT7O6dRPqO5fITyIFTY1113o2VbOU0+hYH8h2sN1TLPSUPvHFapcfSS3gXpm0+v7JPUVnJ6P7Crf8fkSqAEStrno2kDHVpWBT4n/+aW3z9Tb0KvtCR9q5wqYv7o+EyWjsPVfC6cBL8JUwmmBCQoJq1N8fEnMv64r6LshutnaKc6co4ifg7wocwPuYKPvQMwrftp9wHgo0n6pKFfStxnTYi7iWRcydvYu/gT4eLAnrMTQ29OSHoSMjpbHOM1jpzxFjohDkgZwd065nbWQka9W+X2i06uqkehN80tRUU9SN8dPQmVyXFTi9XhV/drWQVSy1ZVMVAnrbiFXXaWglkDtwpOPqsKqevvIvL4II3erwzsm1laJQ/n+rP1BC1u/PIOEtYtaJx9VSbXrtNVMfc7mLAKeCohwJU6vblgR0HWlNBm15HCz1jy9IdcidCURG2jRmnxNVjYV+jqEI+Fe9wlEAQsbO8hqO0hGJ6Kd94G+LUK4uLdXEzaK50k793v73r/nornneRofqX6fsOydU3eUAdl5o0equ4dbIru2i/Lh1K4XNXavxrQDwRvoVZ/xOt6v2L9Oz1/Y3/cI6xtW4qfWGbAA35Nh6nAKjJIBXvTh5Q8T9x1G4bOmw40PD8qo78l8D9Z989zbAHkxakqLn2ta9NdYjooAqpzqZhxobz8l1yew76fupmlKDWPu3aZHduMHgybU+IcaFPebEZXfD9JxlxGq45FrzJbjv9hP4yiAo60N4pgqOV8txRr1fU8VkZp5w8xTzY9p2k/D8Sp8z+9QN0vgxzTzKmqizr9hb6yTe2t6hWq+wtC4COE5/4qKaeYy4OcUyBKwaKHYk5oG8Hz54w1INSaplWGoivKvu76EdP25ooRke5LSgsgy72Rg4CcM0gQNujASfk2fjz19DBqXOOUPrb2/7qKVPmhytSyzu2YaV0LLKDFkfDUd3+TZQSOtFPeDMndEMm+HkYBiz8d5cvgBTPAvwRI/408D5rTJiffj2Fdw918FcdNV/p7QO871Cn2FpnxT86B1J1/lbOrsA63mS2+79ReMPJVORnsClK+cpZmrYKieCLAU/BWfOnAWAo0tflUf5kgE6UNeA4LP+NTr+sgrGRxwr8DIsMYLXI4Oko95UrcYOiouHSaCCQM8DSo+TDoULY0cI68MoVs7mHmkFdBq23c1gJHJu9c+67WU1COeSvBS4InkSBQMlWIF1bZdJGoyoW+MFo8i0BDNk848TxdHUaOKIDXPeE4mo22I3IY/nF1B0X2H7/KwIRxtMYoajkxyCy+J2ch4GdSXTUJa06lzDDT/QjWjdR6ijdaBZhQ4FWB0UTmrAJOiLs28lhtoeeHa3mqurhS2Q2Db7kxpauS3fJ13vI653QTZB41D4NLhIKvnN7yfrJGRZh2I9QG/Wu193bMTHG5lHx2JPu7yS3wFXE6nC5mcWu6ylH6xr3nf1larXkKPx03QYnBW3Tsi7byn+qLfKmr40c4d9bjeb8nR3mGCIZbB7BdzuDdcGdLZnoF4TVM/wyhu+f47/FiVlJKH97lWxzH9eftp+/SPtlyHiehO27UpZv84P+1/nKQ/46unjvDx1ezJWPxekQB/mSeH/a2O6kQq9njaRU6PMJAgVgLmPv9Z9wMG5ELDL4n4LQqHDocXh5q/DpBTBsOWZ20jbZzQ/F6hWdlKc2aXd1uaX/O8nfe+wysPeLlfy0XL/y+4z2X+Ej57ULD1ckj1yy2ZS1JxxyLHiBghe1U/1CfqYwzx7tC2Gs6SdDGKwBy3uaHNkz1f3txyr12f7K37gxzm/UKpJ0vR2Psf+RXXXJ7nCvTsCXsPIH4PlvL7gWhMYI+LbJlHf2/b3/uQblf3qqg3YG1CzVd6QG8qAFXOGRgCPZp71UZfAD0x52bup0BPotRStSq0+kNALxNIeP72Jj+/AHr9uR8CPfYR0JMVHEYfVlK/hH2l9V01DMC12S50Naqa7unf7jLDf1JV8/+iepGG/b//9n8BAAD//+AdA+8=") SupportedMap = make(map[string]Spec) for f, v := range unpacked { diff --git a/x-pack/elastic-agent/spec/fleet-server.yml b/x-pack/elastic-agent/spec/fleet-server.yml index 167bd9f8305..50fded6ea55 100644 --- a/x-pack/elastic-agent/spec/fleet-server.yml +++ b/x-pack/elastic-agent/spec/fleet-server.yml @@ -28,6 +28,13 @@ rules: selectors: [ fleet.server.policy.id ] path: inputs.0.policy + - select_into: + selectors: + - fleet.server.host + - fleet.server.port + - fleet.server.ssl + path: inputs.0.server + - map: path: fleet rules: