Disable cross-cluster functionality for _fleet/_fleet_search (#136039)

As part of the CPS requirement S2D47, this PR disables
cross-cluster functionality for the `_fleet/_fleet_search` endpoint.

Author: pawankartik-elastic

docs/changelog/136039.yaml

@@ -0,0 +1,18 @@
+pr: 136039
+summary: Disable cross-cluster functionality for `_fleet/_fleet_search`
+area: Search
+type: breaking
+issues: []
+breaking:
+  title: Disable cross-cluster functionality for `_fleet/_fleet_search`
+  area: Search
+  details: |-
+    This endpoint is largely used for local searches only and is not compatible with true cross-cluster searches where
+    arbitrary number of indices and remotes can be specified. Although it is meant to accept an index parameter that
+    denotes a single searchable target, such a limitation can be bypassed through various means.
+
+    Keeping in view this endpoint's stated intent and future scope, cross-cluster functionality is being explicitly disabled.
+  impact: |-
+    This endpoint will no longer accept remote indices. Should one be provided, a top-level error is returned with
+    an appropriate explanation.
+  notable: false

x-pack/plugin/fleet/src/internalClusterTest/java/org/elasticsearch/xpack/fleet/action/FleetSearchRemoteIndicesDisallowedIT.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+package org.elasticsearch.xpack.fleet.action;
+
+import org.elasticsearch.client.Request;
+import org.elasticsearch.client.ResponseException;
+import org.elasticsearch.plugins.Plugin;
+import org.elasticsearch.test.ESIntegTestCase;
+import org.elasticsearch.xpack.core.LocalStateCompositeXPackPlugin;
+import org.elasticsearch.xpack.fleet.Fleet;
+import org.elasticsearch.xpack.ilm.IndexLifecycle;
+import org.hamcrest.Matchers;
+
+import java.util.Collection;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+public class FleetSearchRemoteIndicesDisallowedIT extends ESIntegTestCase {
+    @Override
+    protected boolean addMockHttpTransport() {
+        return false;
+    }
+
+    @Override
+    protected Collection<Class<? extends Plugin>> nodePlugins() {
+        return Stream.of(Fleet.class, LocalStateCompositeXPackPlugin.class, IndexLifecycle.class).collect(Collectors.toList());
+    }
+
+    public void testEndpointsShouldRejectRemoteIndices() {
+        String remoteIndex = randomAlphaOfLength(randomIntBetween(2, 10)) + ":" + randomAlphaOfLength(randomIntBetween(2, 10));
+        {
+            Request request = new Request("GET", "/" + remoteIndex + "/_fleet/_fleet_search");
+            ResponseException responseException = expectThrows(ResponseException.class, () -> getRestClient().performRequest(request));
+            assertThat(
+                responseException.getMessage(),
+                Matchers.containsString("Fleet search API does not support remote indices. Found: [" + remoteIndex + "]")
+            );
+        }
+    }
+}

x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/rest/RestFleetSearchAction.java

@@ -20,6 +20,7 @@
 import org.elasticsearch.rest.action.RestCancellableNodeClient;
 import org.elasticsearch.rest.action.RestRefCountedChunkedToXContentListener;
 import org.elasticsearch.rest.action.search.RestSearchAction;
+import org.elasticsearch.transport.RemoteClusterService;
 import org.elasticsearch.usage.SearchUsageHolder;
 
 import java.io.IOException;
@@ -82,6 +83,9 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
                     "Fleet search API only supports searching a single index. Found: [" + Arrays.toString(indices1) + "]."
                 );
             }
+            if (RemoteClusterService.isRemoteIndexName(indices1[0])) {
+                throw new IllegalArgumentException("Fleet search API does not support remote indices. Found: [" + indices1[0] + "].");
+            }
             if (waitForCheckpoints.length != 0) {
                 searchRequest.setWaitForCheckpoints(Collections.singletonMap(indices1[0], waitForCheckpoints));
             }