SPIKE - Initial registration system design

[Selutario]

Epic
#22677

Description

We intend to replace the current agent registration system as part of #22677. The new system should rely on the Wazuh indexer to perform this task, thus getting rid of the current plain text registry keys (client.keys). Since all agent information will be stored in the indexer, global.db will also disappear. All Server management API endpoints that use global.db must be reviewed.

The registration information should now be stored in an index, which will be populated by the Server management API and later queried by the Agent comms API service during agent connection.

The Server management API should take care of:

1. Accept a UUID.
2. In addition to the ID, the API must generate credentials for the client (possibly a token), insert them into the indexer and wait until a response is obtained.
3. The API must send the generated credentials to the client.

This spike is a research issue to identify what components and endpoints will be affected by the changes, and how.

Implementation restrictions

• The accepted UUID must be generated using UUID v7.
• The opensearch-py library should be considered for API-Indexer communication.
• There must be a new default user containing the unique and essential permissions to perform registration.
• The request should not be canceled halfway (for example, credentials are inserted into the indexer but not returned to the user due to timeout). We must try to turn it into an atomic operation.

Plan

• New registration system.
  • List all endpoints in the current API that will be affected by the new registration system.
  • Research, define and design the changes that should be made to each of the identified endpoints.
• Removal of wazuh-db.
  • List all endpoints and components that will be affected by the removal of wazuh-db (RBAC, fleet management, etc.).
  • Research, define and design the necessary changes for them to keep working.