func createFleetServerBootstrapConfig()

in internal/pkg/agent/cmd/enroll_cmd.go [922:1034]


func createFleetServerBootstrapConfig(
	connStr, serviceToken, serviceTokenPath, policyID, host string,
	port uint16, internalPort uint16,
	cert, key, passphrasePath, esCA, esCASHA256 string,
	cas []string, clientAuth string,
	esClientCert, esClientCertKey string,
	headers map[string]string,
	proxyURL string,
	proxyDisabled bool,
	proxyHeaders map[string]string,
	insecure bool,
) (*configuration.FleetAgentConfig, error) {
	localFleetServer := connStr != ""

	es, err := configuration.ElasticsearchFromConnStr(connStr, serviceToken, serviceTokenPath, insecure)
	if err != nil {
		return nil, err
	}
	if esCA != "" {
		if es.TLS == nil {
			es.TLS = &tlscommon.Config{
				CAs: []string{esCA},
			}
		} else {
			es.TLS.CAs = []string{esCA}
		}
	}
	if esCASHA256 != "" {
		if es.TLS == nil {
			es.TLS = &tlscommon.Config{
				CATrustedFingerprint: esCASHA256,
			}
		} else {
			es.TLS.CATrustedFingerprint = esCASHA256
		}
	}
	if esClientCert != "" || esClientCertKey != "" {
		if es.TLS == nil {
			es.TLS = &tlscommon.Config{}
		}

		es.TLS.Certificate = tlscommon.CertificateConfig{
			Certificate: esClientCert,
			Key:         esClientCertKey,
		}
	}
	if host == "" {
		host = defaultFleetServerHost
	}
	if port == 0 {
		port = defaultFleetServerPort
	}
	if internalPort == 0 {
		internalPort = defaultFleetServerInternalPort
	}
	if len(headers) > 0 {
		if es.Headers == nil {
			es.Headers = make(map[string]string)
		}
		// overwrites previously set headers
		for k, v := range headers {
			es.Headers[k] = v
		}
	}
	es.ProxyURL = proxyURL
	es.ProxyDisable = proxyDisabled
	es.ProxyHeaders = proxyHeaders

	cfg := configuration.DefaultFleetAgentConfig()
	cfg.Enabled = true
	cfg.Server = &configuration.FleetServerConfig{
		Bootstrap: true,
		Output: configuration.FleetServerOutputConfig{
			Elasticsearch: es,
		},
		Host: host,
		Port: port,
	}

	if policyID != "" {
		cfg.Server.Policy = &configuration.FleetServerPolicyConfig{ID: policyID}
	}
	if cert != "" || key != "" {
		cfg.Server.TLS = &tlscommon.ServerConfig{
			Certificate: tlscommon.CertificateConfig{
				Certificate:    cert,
				Key:            key,
				PassphrasePath: passphrasePath,
			},
		}
		if insecure {
			cfg.Server.TLS.VerificationMode = tlscommon.VerifyNone
		}

		cfg.Server.TLS.CAs = cas

		var cAuth tlscommon.TLSClientAuth
		cfg.Server.TLS.ClientAuth = &cAuth
		if err := cfg.Server.TLS.ClientAuth.Unpack(clientAuth); err != nil {
			return nil, errors.New(err, "failed to unpack --fleet-server-client-auth", errors.TypeConfig)
		}
	}

	if localFleetServer {
		cfg.Client.Transport.Proxy.Disable = true
		cfg.Server.InternalPort = internalPort
	}

	if err := cfg.Valid(); err != nil {
		return nil, errors.New(err, "invalid enrollment options", errors.TypeConfig)
	}
	return cfg, nil
}