[8.12] [Endpoint][Uninstall Tokens] Fixes duplicate cloud policy uninstall token (#173126) (#173551)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Endpoint][Uninstall Tokens] Fixes duplicate cloud policy uninstall
token (#173126)](https://github.com/elastic/kibana/pull/173126)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Candace
Park","email":"56409205+parkiino@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-12-18T16:54:17Z","message":"[Endpoint][Uninstall
Tokens] Fixes duplicate cloud policy uninstall token (#173126)\n\n##
Summary\r\n\r\n- [x] Temporary fix to prevent duplicate uninstall tokens
from being\r\ngenerated in cloud policies\r\n\r\n#
Screenshot\r\n\r\n![quickfix](2115df01-610c-4a72-82e3-ed5b4e4e26ef)\r\n\r\n---------\r\n\r\nCo-authored-by:
Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Gergő Ábrahám
<gergo.abraham@elastic.co>","sha":"5a8c3d1d757480d059050c67891d9b2d2c19e327","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","Team:Defend
Workflows","v8.12.0","v8.13.0"],"number":173126,"url":"https://github.com/elastic/kibana/pull/173126","mergeCommit":{"message":"[Endpoint][Uninstall
Tokens] Fixes duplicate cloud policy uninstall token (#173126)\n\n##
Summary\r\n\r\n- [x] Temporary fix to prevent duplicate uninstall tokens
from being\r\ngenerated in cloud policies\r\n\r\n#
Screenshot\r\n\r\n![quickfix](2115df01-610c-4a72-82e3-ed5b4e4e26ef)\r\n\r\n---------\r\n\r\nCo-authored-by:
Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Gergő Ábrahám
<gergo.abraham@elastic.co>","sha":"5a8c3d1d757480d059050c67891d9b2d2c19e327"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/173126","number":173126,"mergeCommit":{"message":"[Endpoint][Uninstall
Tokens] Fixes duplicate cloud policy uninstall token (#173126)\n\n##
Summary\r\n\r\n- [x] Temporary fix to prevent duplicate uninstall tokens
from being\r\ngenerated in cloud policies\r\n\r\n#
Screenshot\r\n\r\n![quickfix](2115df01-610c-4a72-82e3-ed5b4e4e26ef)\r\n\r\n---------\r\n\r\nCo-authored-by:
Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Gergő Ábrahám
<gergo.abraham@elastic.co>","sha":"5a8c3d1d757480d059050c67891d9b2d2c19e327"}}]}]
BACKPORT-->

Co-authored-by: Candace Park <56409205+parkiino@users.noreply.github.com>

x-pack/plugins/fleet/server/routes/uninstall_token/handlers.ts

@@ -34,7 +34,12 @@ export const getUninstallTokensMetadataHandler: FleetRequestHandler<
   try {
     const { page = 1, perPage = 20, policyId } = request.query;
 
-    const body = await uninstallTokenService.getTokenMetadata(policyId?.trim(), page, perPage);
+    const body = await uninstallTokenService.getTokenMetadata(
+      policyId?.trim(),
+      page,
+      perPage,
+      'policy-elastic-agent-on-cloud'
+    );
 
     return response.ok({ body });
   } catch (error) {

x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts

@@ -25,7 +25,10 @@ import type { KibanaRequest } from '@kbn/core-http-server';
 import { SECURITY_EXTENSION_ID } from '@kbn/core-saved-objects-server';
 import { asyncForEach } from '@kbn/std';
 
-import type { AggregationsTermsInclude } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
+import type {
+  AggregationsTermsInclude,
+  AggregationsTermsExclude,
+} from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 
 import { UninstallTokenError } from '../../../../common/errors';
 
@@ -74,12 +77,14 @@ export interface UninstallTokenServiceInterface {
    * @param policyIdFilter a string for partial matching the policyId
    * @param page
    * @param perPage
+   * @param policyIdExcludeFilter
    * @returns Uninstall Tokens Metadata Response
    */
   getTokenMetadata(
     policyIdFilter?: string,
     page?: number,
-    perPage?: number
+    perPage?: number,
+    policyIdExcludeFilter?: string
   ): Promise<GetUninstallTokensMetadataResponse>;
 
   /**
@@ -170,11 +175,15 @@ export class UninstallTokenService implements UninstallTokenServiceInterface {
   public async getTokenMetadata(
     policyIdFilter?: string,
     page = 1,
-    perPage = 20
+    perPage = 20,
+    policyIdExcludeFilter?: string
   ): Promise<GetUninstallTokensMetadataResponse> {
     const includeFilter = policyIdFilter ? `.*${policyIdFilter}.*` : undefined;
 
-    const tokenObjects = await this.getTokenObjectsByIncludeFilter(includeFilter);
+    const tokenObjects = await this.getTokenObjectsByIncludeFilter(
+      includeFilter,
+      policyIdExcludeFilter
+    );
 
     const items: UninstallTokenMetadata[] = tokenObjects
       .slice((page - 1) * perPage, page * perPage)
@@ -250,7 +259,8 @@ export class UninstallTokenService implements UninstallTokenServiceInterface {
   };
 
   private async getTokenObjectsByIncludeFilter(
-    include?: AggregationsTermsInclude
+    include?: AggregationsTermsInclude,
+    exclude?: AggregationsTermsExclude
   ): Promise<Array<SearchHit<any>>> {
     const bucketSize = 10000;
 
@@ -263,7 +273,7 @@ export class UninstallTokenService implements UninstallTokenServiceInterface {
             field: `${UNINSTALL_TOKENS_SAVED_OBJECT_TYPE}.attributes.policy_id`,
             size: bucketSize,
             include,
-            exclude: 'policy-elastic-agent-on-cloud', // todo: find a better way to not return or even generate token for managed policies
+            exclude,
           },
           aggs: {
             latest: {