in internal/pkg/agent/cmd/enroll.go [107:170]
func validateEnrollFlags(cmd *cobra.Command) error {
ca, _ := cmd.Flags().GetString("certificate-authorities")
if ca != "" && !filepath.IsAbs(ca) {
return errors.New("--certificate-authorities must be provided as an absolute path", errors.M("path", ca), errors.TypeConfig)
}
cert, _ := cmd.Flags().GetString("elastic-agent-cert")
if cert != "" && !filepath.IsAbs(cert) {
return errors.New("--elastic-agent-cert must be provided as an absolute path", errors.M("path", cert), errors.TypeConfig)
}
key, _ := cmd.Flags().GetString("elastic-agent-cert-key")
if key != "" && !filepath.IsAbs(key) {
return errors.New("--elastic-agent-cert-key must be provided as an absolute path", errors.M("path", key), errors.TypeConfig)
}
keyPassphrase, _ := cmd.Flags().GetString("elastic-agent-cert-key-passphrase")
if keyPassphrase != "" {
if !filepath.IsAbs(keyPassphrase) {
return errors.New("--elastic-agent-cert-key-passphrase must be provided as an absolute path", errors.M("path", keyPassphrase), errors.TypeConfig)
}
if cert == "" || key == "" {
return errors.New("--elastic-agent-cert and --elastic-agent-cert-key must be provided when using --elastic-agent-cert-key-passphrase", errors.M("path", keyPassphrase), errors.TypeConfig)
}
}
esCa, _ := cmd.Flags().GetString("fleet-server-es-ca")
if esCa != "" && !filepath.IsAbs(esCa) {
return errors.New("--fleet-server-es-ca must be provided as an absolute path", errors.M("path", esCa), errors.TypeConfig)
}
esCert, _ := cmd.Flags().GetString("fleet-server-es-cert")
if esCert != "" && !filepath.IsAbs(esCert) {
return errors.New("--fleet-server-es-cert must be provided as an absolute path", errors.M("path", esCert), errors.TypeConfig)
}
esCertKey, _ := cmd.Flags().GetString("fleet-server-es-cert-key")
if esCertKey != "" && !filepath.IsAbs(esCertKey) {
return errors.New("--fleet-server-es-cert-key must be provided as an absolute path", errors.M("path", esCertKey), errors.TypeConfig)
}
fCert, _ := cmd.Flags().GetString("fleet-server-cert")
if fCert != "" && !filepath.IsAbs(fCert) {
return errors.New("--fleet-server-cert must be provided as an absolute path", errors.M("path", fCert), errors.TypeConfig)
}
fCertKey, _ := cmd.Flags().GetString("fleet-server-cert-key")
if fCertKey != "" && !filepath.IsAbs(fCertKey) {
return errors.New("--fleet-server-cert-key must be provided as an absolute path", errors.M("path", fCertKey), errors.TypeConfig)
}
fTokenPath, _ := cmd.Flags().GetString("fleet-server-service-token-path")
if fTokenPath != "" && !filepath.IsAbs(fTokenPath) {
return errors.New("--fleet-server-service-token-path must be provided as an absolute path", errors.M("path", fTokenPath), errors.TypeConfig)
}
fToken, _ := cmd.Flags().GetString("fleet-server-service-token")
if fToken != "" && fTokenPath != "" {
return errors.New("--fleet-server-service-token and --fleet-server-service-token-path are mutually exclusive", errors.TypeConfig)
}
fPassphrase, _ := cmd.Flags().GetString("fleet-server-cert-key-passphrase")
if fPassphrase != "" && !filepath.IsAbs(fPassphrase) {
return errors.New("--fleet-server-cert-key-passphrase must be provided as an absolute path", errors.M("path", fPassphrase), errors.TypeConfig)
}
fClientAuth, _ := cmd.Flags().GetString("fleet-server-client-auth")
switch fClientAuth {
case "none", "optional", "required":
// NOTE we can split this case if we want to do additional checks when optional or required is passed.
default:
return errors.New("--fleet-server-client-auth must be one of [none, optional, required]")
}
return nil
}