[Fleet] Make Fleet agents write APIs space aware

[nchaulet]

Description

Related to https://github.com/elastic/ingest-dev/issues/2893 Similar to https://github.com/elastic/kibana/pull/184869

As part of making Fleet space aware we should make the Fleet agent APIs space aware (the read API should already be done in https://github.com/elastic/kibana/pull/184869)

Details

When the useSpaceAwareness feature flag is enabled we shoud do:

Access validation

For every API we should ensure the user only access agent in the current space, this mean:

• For individual agent actions we should validate the agent is the current space (if soClient.getCurrentNamespace() we are in the default space, we should validate namespaces:['default'] or not namespaces:*
• For action using kuery we should add the following namespaces:['default'] or not namespaces:* to the provided kuery (there is an helper _joinFilters that could help to do so.

The saved object client used in those API should be scoped to the current space (if we need an internal client we could use appContextService.getInternalUserSOClientForSpaceId(spaceId?), this should ensure we access related object like agent policy in the same space only.

Write namespaces for related action

All the .fleet-actions and .fleet-action-results should be created with the namespaces: [currentSpaceId] property

APIs

Agent Action

• [x] POST /agents/{agentId}/reassign
• [x] POST /agents/{agentId}/unenroll
• [x] POST /agents/{agentId}/request_diagnostics
• [x] POST /agents/{agentId}/upgrade

Agents Bulk API

• [x] POST /agents/bulk_reassign
• [x] POST /agents/bulk_request_diagnostics
• [x] POST /agents/bulk_unenroll
• [x] POST /agents/bulk_update_agent_tags
• [x] POST /agents/bulk_upgrade

Agent Misc

• [x] DELETE /agents/{agentId}
• [x] PUT /agents/{agentId}

Agent Actions

• [x] POST /agents/{agentId}/actions/{actionId}/cancel
• [x] GET /agents/action_status
• [x] POST /agents/{agentId}/actions

Implementation details/guideline

With a scoped saved objet client space could be retrieved with the soClient.getCurrentNamespace()

To write API integration test for this, I created a new tests suite with the space awarness flag enabled in x-pack/test/fleet_api_integration/apis/space_awarness/

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)