## Summary
fixes#99895
Can reproduce #99895 with something like
```shell
curl 'http://localhost:5601/api/fleet/enrollment-api-keys' \
-H 'content-type: application/json' \
-H 'kbn-version: 8.0.0' \
-u elastic:changeme \
--data-raw '{"name":"with spaces","policy_id":"d6a93200-b1bd-11eb-90ac-052b474d74cd"}'
```
Kibana logs this stack trace
```
server log [10:57:07.863] [error][fleet][plugins] KQLSyntaxError: Expected AND, OR, end of input but "\" found.
policy_id:"d6a93200-b1bd-11eb-90ac-052b474d74cd" AND name:with\ spaces*
--------------------------------------------------------------^
at Object.fromKueryExpression (/Users/jfsiii/work/kibana/src/plugins/data/common/es_query/kuery/ast/ast.ts:52:13)
at listEnrollmentApiKeys (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:37:69)
at Object.generateEnrollmentAPIKey (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:160:31)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at postEnrollmentApiKeyHandler (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/routes/enrollment_api_key/handler.ts:53:20)
at Router.handle (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:273:30)
at handler (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:228:11)
at exports.Manager.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:370:32)
at Request._execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:279:9) {
shortMessage: 'Expected AND, OR, end of input but "\\" found.'
```
the `kuery` value which causes the `KQLSyntaxError` is
```
policy_id:\"d6a93200-b1bd-11eb-90ac-052b474d74cd\" AND name:with\\ spaces*
```
a value without spaces, e.g. `no_spaces`
```
policy_id:\"d6a93200-b1bd-11eb-90ac-052b474d74cd\" AND name:no_spaces*
```
is converted to this query object
```
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"policy_id": "d6a93200-b1bd-11eb-90ac-052b474d74cd"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"query_string": {
"fields": [
"name"
],
"query": "no_spaces*"
}
}
],
"minimum_should_match": 1
}
}
]
}
```
I tried some other approaches for handling the spaces based on what I saw in the docs like `name:"\"with spaces\"` and `name:(with spaces)*`but they all failed as well, like
```
KQLSyntaxError: Expected AND, OR, end of input but "*" found.
policy_id:"d6a93200-b1bd-11eb-90ac-052b474d74cd" AND name:(with spaces)*
-----------------------------------------------------------------------^
at Object.fromKueryExpression (/Users/jfsiii/work/kibana/src/plugins/data/common/es_query/kuery/ast/ast.ts:52:13)
at listEnrollmentApiKeys (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:37:69)
at Object.generateEnrollmentAPIKey (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:166:31)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at postEnrollmentApiKeyHandler (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/routes/enrollment_api_key/handler.ts:53:20)
at Router.handle (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:273:30)
at handler (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:228:11)
at exports.Manager.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:370:32)
at Request._execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:279:9) {
shortMessage: 'Expected AND, OR, end of input but "*" found.'
```
So I logged out the query object for a successful request, and put that in a function
```
{
"query": {
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"policy_id": "d6a93200-b1bd-11eb-90ac-052b474d74cd"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"query_string": {
"fields": [
"name"
],
"query": "(with spaces) *"
}
}
],
"minimum_should_match": 1
}
}
]
}
}
}
```
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
0364e8f5aa