[Fleet] Use elastic_agent package to build monitoring permissions for elastic agent

x-pack/plugins/fleet/common/constants/agent_policy.ts

@@ -11,3 +11,17 @@ export const agentPolicyStatuses = {
   Active: 'active',
   Inactive: 'inactive',
 } as const;
+
+export const AGENT_POLICY_DEFAULT_MONITORING_DATASETS = [
+  'elastic_agent',
+  'elastic_agent.elastic_agent',
+  'elastic_agent.apm_server',
+  'elastic_agent.filebeat',
+  'elastic_agent.fleet_server',
+  'elastic_agent.metricbeat',
+  'elastic_agent.osquerybeat',
+  'elastic_agent.packetbeat',
+  'elastic_agent.endpoint_security',
+  'elastic_agent.auditbeat',
+  'elastic_agent.heartbeat',
+];

x-pack/plugins/fleet/server/constants/index.ts

@@ -50,6 +50,7 @@ export {
   DEFAULT_OUTPUT,
   DEFAULT_PACKAGES,
   PACKAGE_POLICY_DEFAULT_INDEX_PRIVILEGES,
+  AGENT_POLICY_DEFAULT_MONITORING_DATASETS,
   // Fleet Server index
   FLEET_SERVER_SERVERS_INDEX,
   ENROLLMENT_API_KEYS_INDEX,

x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.test.ts

@@ -13,7 +13,11 @@ import { agentPolicyService } from '../agent_policy';
 import { agentPolicyUpdateEventHandler } from '../agent_policy_update';
 
 import { getFullAgentPolicy } from './full_agent_policy';
+import { getMonitoringPermissions } from './monitoring_permissions';
 
+const mockedGetElasticAgentMonitoringPermissions = getMonitoringPermissions as jest.Mock<
+  ReturnType<typeof getMonitoringPermissions>
+>;
 const mockedAgentPolicyService = agentPolicyService as jest.Mocked<typeof agentPolicyService>;
 
 function mockAgentPolicy(data: Partial<AgentPolicy>) {
@@ -87,6 +91,8 @@ jest.mock('../agent_policy_update');
 jest.mock('../agents');
 jest.mock('../package_policy');
 
+jest.mock('./monitoring_permissions');
+
 function getAgentPolicyUpdateMock() {
   return agentPolicyUpdateEventHandler as unknown as jest.Mock<
     typeof agentPolicyUpdateEventHandler
@@ -97,6 +103,29 @@ describe('getFullAgentPolicy', () => {
   beforeEach(() => {
     getAgentPolicyUpdateMock().mockClear();
     mockedAgentPolicyService.get.mockReset();
+    mockedGetElasticAgentMonitoringPermissions.mockReset();
+    mockedGetElasticAgentMonitoringPermissions.mockImplementation(
+      async (soClient, { logs, metrics }, namespace) => {
+        const names: string[] = [];
+        if (logs) {
+          names.push(`logs-${namespace}`);
+        }
+        if (metrics) {
+          names.push(`metrics-${namespace}`);
+        }
+
+        return {
+          _elastic_agent_monitoring: {
+            indices: [
+              {
+                names,
+                privileges: [],
+              },
+            ],
+          },
+        };
+      }
+    );
   });
 
   it('should return a policy without monitoring if monitoring is not enabled', async () => {
@@ -200,6 +229,24 @@ describe('getFullAgentPolicy', () => {
     });
   });
 
+  it('should get the permissions for monitoring', async () => {
+    mockAgentPolicy({
+      namespace: 'testnamespace',
+      revision: 1,
+      monitoring_enabled: ['metrics'],
+    });
+    await getFullAgentPolicy(savedObjectsClientMock.create(), 'agent-policy');
+
+    expect(mockedGetElasticAgentMonitoringPermissions).toHaveBeenCalledWith(
+      expect.anything(),
+      {
+        logs: false,
+        metrics: true,
+      },
+      'testnamespace'
+    );
+  });
+
   it('should support a different monitoring output', async () => {
     mockAgentPolicy({
       namespace: 'default',