[Security Solution][Endpoint] Update additional endpoint management APIs to support spaces (#224141)

paul-tavares · web-flow · commit 6300b14aa44c · 2025-06-17T09:55:41.000-04:00
## Summary



- Update the Action Status summary api to validate that agent IDs
provided on the request are accessible from the space
diff --git a/x-pack/solutions/security/plugins/security_solution/server/endpoint/routes/actions/status.test.ts b/x-pack/solutions/security/plugins/security_solution/server/endpoint/routes/actions/status.test.ts
@@ -36,6 +36,7 @@ import type {
 import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator';
 import { ActionStatusRequestSchema } from '../../../../common/api/endpoint';
 import { AGENT_ACTIONS_RESULTS_INDEX } from '@kbn/fleet-plugin/common';
+import { AgentNotFoundError } from '@kbn/fleet-plugin/server';
 
 describe('Endpoint Pending Action Summary API', () => {
   let endpointAppContextService: EndpointAppContextService;
@@ -395,4 +396,17 @@ describe('Endpoint Pending Action Summary API', () => {
       },
     });
   });
+
+  it('should return 404 when spaces is enabled and agent id is not accessible in space', async () => {
+    // @ts-expect-error
+    endpointAppContextService.experimentalFeatures.endpointManagementSpaceAwarenessEnabled = true;
+    (
+      endpointAppContextService.getInternalFleetServices().agent.getByIds as jest.Mock
+    ).mockRejectedValue(new AgentNotFoundError('agent not found'));
+    const response = await getPendingStatus({
+      query: { agent_ids: ['123'] },
+    });
+
+    expect(response.notFound).toHaveBeenCalled();
+  });
 });
diff --git a/x-pack/solutions/security/plugins/security_solution/server/endpoint/routes/actions/status.ts b/x-pack/solutions/security/plugins/security_solution/server/endpoint/routes/actions/status.ts
@@ -72,6 +72,12 @@ export const actionStatusRequestHandler = function (
         ? [...new Set(req.query.agent_ids)]
         : [req.query.agent_ids];
 
+      if (endpointContext.service.experimentalFeatures.endpointManagementSpaceAwarenessEnabled) {
+        await endpointContext.service
+          .getInternalFleetServices(spaceId)
+          .ensureInCurrentSpace({ agentIds: agentIDs });
+      }
+
       const response = await getPendingActionsSummary(endpointContext.service, spaceId, agentIDs);
 
       return res.ok({
