Same issue here on self-managed ECK 9.4.2.
We’re trying to use Synthetics private locations for internal HTTPS / certificate monitoring. My understanding is that this should be possible without Fleet Space Awareness / Enterprise, because we only need a private location on our own Elastic Agent in the default space.
We have:
-
Fleet Server running
-
Elastic Agent enrolled and online
-
Agent assigned to the intended policy
-
Synthetics available in Kibana
The blocker is creating the private location.
Based on the error message, POST /api/private_locations seems to validate that the requested private location's spaces are contained within the selected Fleet agent policy’s space_ids.
The problem is that on our 9.4.2 deployment, newly created Fleet policies don't get useful space_ids.
In the Fleet API they appear as null (effectively []), even when you specify space_ids in the create request.
That seems to match your other thread.
@leandrojmp mentions there that this is expected unless Fleet Space Awareness is enabled. But Fleet Space Awareness requires Enterprise, which we do not have.
That leaves us stuck:
- Creating a private location with
spaces: ["default"]fails with:
Invalid spaces. Private location spaces [default] must be fully contained within agent policy <policy-id> spaces [].
- Creating a private location with
spacesomitted fails with:
options.namespaces cannot be an empty array
The second case also seems to contradict the API docs, which say of the spaces parameter:
If it is not provided, the private location is available in all spaces.
So it looks like private locations may currently be blocked on upgraded, non-space-aware Fleet deployments: the Synthetics API requires space alignment, but the Fleet policy has no usable space_ids, and enabling Fleet Space Awareness is not available on Basic.
Is this expected behaviour in 9.4.2, or a bug/regression in the private location validation for non-space-aware Fleet policies?
Happy to share the exact API payloads, Fleet policy response, Kibana logs etc if useful.