From a57181ad1e26cbb5ee55d98fe2abe6875e4c3ee5 Mon Sep 17 00:00:00 2001
From: Jill Guyonnet <jill.guyonnet@elastic.co>
Date: Fri, 30 Aug 2024 15:48:47 +0100
Subject: [PATCH] [Fleet] Allow exclamation mark in enrollment token name
 (#191807)

## Summary

Closes https://github.com/elastic/kibana/issues/191719

Attempting to generate a Fleet enrollment token with a name that ends
with `!` produces a malformed ES query which causes `POST
agents/enrollment_api_keys` to fail with 500.

This PR adds a narrow fix by escaping question marks (which is a
`query_string` [special
character](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax)).

Note: this query probably wouldn't be necessary if we removed the
constraint of unique name, as discussed in
https://github.com/elastic/kibana/issues/155550.

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 .../server/services/api_keys/enrollment_api_key.ts    | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts b/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts
index d7b75071201d2..66fbba2f44c94 100644
--- a/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts
+++ b/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts
@@ -218,7 +218,7 @@ export async function generateEnrollmentAPIKey(
   const id = uuidv4();
   const { name: providedKeyName, forceRecreate, agentPolicyId } = data;
   const logger = appContextService.getLogger();
-  logger.debug(`Creating enrollment API key ${data}`);
+  logger.debug(`Creating enrollment API key ${JSON.stringify(data)}`);
 
   const agentPolicy = await retrieveAgentPolicyId(soClient, agentPolicyId);
 
@@ -360,7 +360,14 @@ function getQueryForExistingKeyNameOnPolicy(agentPolicyId: string, providedKeyNa
         },
         {
           bool: {
-            should: [{ query_string: { fields: ['name'], query: `(${providedKeyName}) *` } }],
+            should: [
+              {
+                query_string: {
+                  fields: ['name'],
+                  query: `(${providedKeyName.replace('!', '\\!')}) *`,
+                },
+              },
+            ],
             minimum_should_match: 1,
           },
         },