Support fleet-server-service-token (elastic#1096)

Replaces the username/password bootstrap with a fleet service token Signed-off-by: Adam Stokes <51892+adam-stokes@users.noreply.github.com>
mdelapenya · Apr 27, 2021 · 4ece966 · 4ece966
1 parent 6444331
commit 4ece966
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 2 deletions.
diff --git a/internal/kibana/fleet.go b/internal/kibana/fleet.go
@@ -21,6 +21,7 @@ type FleetConfig struct {
 	KibanaURI                string
 	FleetServerPort          int
 	FleetServerURI           string
+	FleetServerServiceToken  string
 	// server
 	BootstrapFleetServer bool
 	ServerPolicyID       string
@@ -51,7 +52,15 @@ func NewFleetConfig(token string, fleetServerHost string) (*FleetConfig, error)
 		return cfg, err
 	}
 
-	if !bootstrapFleetServer {
+	if bootstrapFleetServer {
+		// obtain a Fleet Server Service Token for bootstrap
+		serviceToken, err := client.CreateServiceToken()
+		log.WithField("serviceToken", serviceToken).Trace("Get service token")
+		if err != nil {
+			return nil, err
+		}
+		cfg.FleetServerServiceToken = serviceToken.Value
+	} else {
 		defaultFleetServerPolicy, err := client.GetDefaultPolicy(true)
 		if err != nil {
 			return nil, err
@@ -65,6 +74,7 @@ func NewFleetConfig(token string, fleetServerHost string) (*FleetConfig, error)
 			"policyID":          cfg.ServerPolicyID,
 			"token":             cfg.EnrollmentToken,
 		}).Debug("Fleet Server config created")
+
 	}
 
 	return cfg, nil
@@ -76,7 +86,8 @@ func (cfg FleetConfig) Flags() []string {
 		// TO-DO: remove all code to calculate the fleet-server policy, because it's inferred by the fleet-server
 		return []string{
 			"--force",
-			"--fleet-server-es", fmt.Sprintf("http://%s@%s:%d", cfg.ElasticsearchCredentials, cfg.ElasticsearchURI, cfg.ElasticsearchPort),
+			"--fleet-server-es", fmt.Sprintf("http://%s:%d", cfg.ElasticsearchURI, cfg.ElasticsearchPort),
+			"--fleet-server-service-token", cfg.FleetServerServiceToken,
 		}
 	}
 

diff --git a/internal/kibana/server.go b/internal/kibana/server.go
@@ -56,6 +56,38 @@ func (c *Client) CreateEnrollmentAPIKey(policy Policy) (EnrollmentAPIKey, error)
 	return resp.Enrollment, nil
 }
 
+// ServiceToken struct for holding service token
+type ServiceToken struct {
+	Name  string `json:"name"`
+	Value string `json:"value"`
+}
+
+// CreateServiceToken creates a fleet service token
+func (c *Client) CreateServiceToken() (ServiceToken, error) {
+
+	reqBody := `{}`
+	statusCode, respBody, _ := c.post(fmt.Sprintf("%s/service-tokens", FleetAPI), []byte(reqBody))
+	if statusCode != 200 {
+		jsonParsed, err := gabs.ParseJSON([]byte(respBody))
+		log.WithFields(log.Fields{
+			"body":       jsonParsed,
+			"reqBody":    reqBody,
+			"error":      err,
+			"statusCode": statusCode,
+		}).Error("Could not create service token")
+
+		return ServiceToken{}, err
+	}
+
+	var resp ServiceToken
+
+	if err := json.Unmarshal(respBody, &resp); err != nil {
+		return ServiceToken{}, errors.Wrap(err, "Unable to convert service token response to JSON")
+	}
+
+	return resp, nil
+}
+
 // DeleteEnrollmentAPIKey deletes the enrollment api key
 func (c *Client) DeleteEnrollmentAPIKey(enrollmentID string) error {
 	statusCode, respBody, err := c.delete(fmt.Sprintf("%s/enrollment-api-keys/%s", FleetAPI, enrollmentID))