Fix date formatting in Fleet agent policy yaml

[jeramysoucy]

Closes #265167

Summary

Fixes a regression introduced in #252345 (js-yaml → yaml migration) where date-only strings (e.g. `2021-06-01`) in agent policy YAML were being interpreted as timestamps by the Elastic Agent, causing them to be converted to RFC3339 format (`2021-06-01T00:00:00.000Z`).

Root cause

The old `js-yaml` library used a YAML 1.1 schema by default, which recognises bare `YYYY-MM-DD` values as timestamps. When dumping a plain string that looks like a date (e.g. an Azure API version), `js-yaml` automatically added protective quotes (`'2021-06-01'`), so the Elastic Agent's YAML 1.1 parser read it as a string. Likewise, `js-yaml.load` parsed unquoted `YYYY-MM-DD` values as JavaScript `Date` objects, and `js-yaml.dump` round-tripped them as YAML 1.1 timestamps — never as RFC3339.

The new `yaml` package uses a YAML 1.2 Core schema by default, which has no timestamp type. It therefore:

• parsed `2021-06-01` as a plain string (dropping the Date round-trip)
• serialized that plain string without quotes

The Elastic Agent's Go-based YAML parser (YAML 1.1 compatible) then interprets the unquoted value as a timestamp and converts it to RFC3339 when used as a string (e.g. as an Azure API version in an HTTP request).

Fix

Added `schema: 'yaml-1.1'` in three places to restore the original behaviour end-to-end:

Parsing the compiled template (server/services/epm/agent/agent.ts):

• `parse(compiledTemplate, { schema: 'yaml-1.1' })` — unquoted `YYYY-MM-DD` values in a compiled stream template are now parsed back to `Date` objects, matching the original `js-yaml.load` behaviour.

Serializing the agent policy YAML (common/services/full_agent_policy_to_yaml.ts, common/services/agent_cm_to_yaml.ts):

• `schema: 'yaml-1.1'` added to the `Document` options in `fullAgentPolicyToYaml` and `fullAgentConfigMapToYaml`. This ensures that `Date` objects are emitted as proper YAML 1.1 timestamps (`2021-06-01`) and plain strings that look like dates are quoted (`"2021-06-01"`), so the Elastic Agent's YAML 1.1 parser always reads them as strings — never as RFC3339.

All other value types (booleans, numbers, null, strings with suffixes like `2019-01-01-preview`) are unaffected.

This PR was created with Claude Code.

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[nchaulet]

I think it will make sense to add the version to the place where parse yaml to just to be safe https://github.com/elastic/kibana/blob/main/x-pack/platform/plugins/shared/fleet/server/services/epm/agent/agent.ts#L131

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[macroscopeapp]

Approvability

Verdict: Needs human review

This bug fix adds the schema: 'yaml-1.1' option to ensure date strings are properly quoted in Fleet agent policy YAML output. While the change is small and well-tested, all modified files are owned by @elastic/fleet, and designated code owners should review changes to their YAML serialization logic.

^{You can customize Macroscope's approvability policy. Learn more.}

[nchaulet]

I think it will make sense to add the version to the place where parse yaml to just to be safe https://github.com/elastic/kibana/blob/main/x-pack/platform/plugins/shared/fleet/server/services/epm/agent/agent.ts#L131

Actually adding 1.1 to parse seems not a good idea as it will parse date as object

[jeramysoucy]

Actually adding 1.1 to parse seems not a good idea as it will parse date as object

Whoops, missed this. I'll revert the last commit.