From 4f8e589ce9770008f41599cda85b7580d1d51798 Mon Sep 17 00:00:00 2001 From: Gidi Meir Morris Date: Mon, 18 May 2020 11:14:53 +0100 Subject: [PATCH] added support for including hidden types in saved objects client --- ...n-core-server.savedobjectsclientfactory.md | 3 +- ...ientprovideroptions.includedhiddentypes.md | 11 +++ ...erver.savedobjectsclientprovideroptions.md | 1 + ...ositoryfactory.createinternalrepository.md | 2 +- ...epositoryfactory.createscopedrepository.md | 2 +- ...re-server.savedobjectsrepositoryfactory.md | 4 +- ...tsservicestart.createinternalrepository.md | 2 +- ...ectsservicestart.createscopedrepository.md | 2 +- ...in-core-server.savedobjectsservicestart.md | 4 +- .../saved_objects_service.test.ts | 86 +++++++++++++++++++ .../saved_objects/saved_objects_service.ts | 38 ++++---- .../saved_objects/service/lib/repository.ts | 6 +- .../lib/scoped_client_provider.test.js | 20 +++++ .../service/lib/scoped_client_provider.ts | 8 +- src/core/server/server.api.md | 15 ++-- .../saved_objects/saved_objects_mixin.js | 6 +- .../encrypted_saved_objects/server/mocks.ts | 1 + .../server/plugin.test.ts | 14 +++ .../encrypted_saved_objects/server/plugin.ts | 20 ++--- .../server/saved_objects/index.test.ts | 34 +++++++- .../server/saved_objects/index.ts | 63 +++++++------- .../security/server/saved_objects/index.ts | 6 +- 22 files changed, 262 insertions(+), 86 deletions(-) create mode 100644 docs/development/core/server/kibana-plugin-core-server.savedobjectsclientprovideroptions.includedhiddentypes.md diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientfactory.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientfactory.md index 09c6d63f03dd79..724c1ebbeadf44 100644 --- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientfactory.md +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientfactory.md @@ -9,7 +9,8 @@ Describes the factory used to create instances of the Saved Objects Client. Signature: ```typescript -export declare type SavedObjectsClientFactory = ({ request, }: { +export declare type SavedObjectsClientFactory = ({ request, includedHiddenTypes, }: { request: KibanaRequest; + includedHiddenTypes?: string[]; }) => SavedObjectsClientContract; ``` diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientprovideroptions.includedhiddentypes.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientprovideroptions.includedhiddentypes.md new file mode 100644 index 00000000000000..a9483e34b38ced --- /dev/null +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientprovideroptions.includedhiddentypes.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [SavedObjectsClientProviderOptions](./kibana-plugin-core-server.savedobjectsclientprovideroptions.md) > [includedHiddenTypes](./kibana-plugin-core-server.savedobjectsclientprovideroptions.includedhiddentypes.md) + +## SavedObjectsClientProviderOptions.includedHiddenTypes property + +Signature: + +```typescript +includedHiddenTypes?: string[]; +``` diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientprovideroptions.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientprovideroptions.md index 4291de765fd440..be1f73f0648439 100644 --- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientprovideroptions.md +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsclientprovideroptions.md @@ -17,4 +17,5 @@ export interface SavedObjectsClientProviderOptions | Property | Type | Description | | --- | --- | --- | | [excludedWrappers](./kibana-plugin-core-server.savedobjectsclientprovideroptions.excludedwrappers.md) | string[] | | +| [includedHiddenTypes](./kibana-plugin-core-server.savedobjectsclientprovideroptions.includedhiddentypes.md) | string[] | | diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.createinternalrepository.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.createinternalrepository.md index c4b19ca15910f3..e39ce020b930cc 100644 --- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.createinternalrepository.md +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.createinternalrepository.md @@ -9,5 +9,5 @@ Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsre Signature: ```typescript -createInternalRepository: (extraTypes?: string[]) => ISavedObjectsRepository; +createInternalRepository: (includedHiddenTypes?: string[]) => ISavedObjectsRepository; ``` diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.createscopedrepository.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.createscopedrepository.md index b9007d16d0234f..9cd0df90942777 100644 --- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.createscopedrepository.md +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.createscopedrepository.md @@ -9,5 +9,5 @@ Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsre Signature: ```typescript -createScopedRepository: (req: KibanaRequest, extraTypes?: string[]) => ISavedObjectsRepository; +createScopedRepository: (req: KibanaRequest, includedHiddenTypes?: string[]) => ISavedObjectsRepository; ``` diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.md index 35b29918edced3..dec768b68cd3af 100644 --- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.md +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepositoryfactory.md @@ -16,6 +16,6 @@ export interface SavedObjectsRepositoryFactory | Property | Type | Description | | --- | --- | --- | -| [createInternalRepository](./kibana-plugin-core-server.savedobjectsrepositoryfactory.createinternalrepository.md) | (extraTypes?: string[]) => ISavedObjectsRepository | Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsrepository.md) that uses the internal Kibana user for authenticating with Elasticsearch. | -| [createScopedRepository](./kibana-plugin-core-server.savedobjectsrepositoryfactory.createscopedrepository.md) | (req: KibanaRequest, extraTypes?: string[]) => ISavedObjectsRepository | Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsrepository.md) that uses the credentials from the passed in request to authenticate with Elasticsearch. | +| [createInternalRepository](./kibana-plugin-core-server.savedobjectsrepositoryfactory.createinternalrepository.md) | (includedHiddenTypes?: string[]) => ISavedObjectsRepository | Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsrepository.md) that uses the internal Kibana user for authenticating with Elasticsearch. | +| [createScopedRepository](./kibana-plugin-core-server.savedobjectsrepositoryfactory.createscopedrepository.md) | (req: KibanaRequest, includedHiddenTypes?: string[]) => ISavedObjectsRepository | Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsrepository.md) that uses the credentials from the passed in request to authenticate with Elasticsearch. | diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.createinternalrepository.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.createinternalrepository.md index 4467dd23d87b6b..d03e9ca223c530 100644 --- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.createinternalrepository.md +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.createinternalrepository.md @@ -9,5 +9,5 @@ Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsre Signature: ```typescript -createInternalRepository: (extraTypes?: string[]) => ISavedObjectsRepository; +createInternalRepository: (includedHiddenTypes?: string[]) => ISavedObjectsRepository; ``` diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.createscopedrepository.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.createscopedrepository.md index 2840a377026e7c..762f77b98e74d3 100644 --- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.createscopedrepository.md +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.createscopedrepository.md @@ -9,7 +9,7 @@ Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsre Signature: ```typescript -createScopedRepository: (req: KibanaRequest, extraTypes?: string[]) => ISavedObjectsRepository; +createScopedRepository: (req: KibanaRequest, includedHiddenTypes?: string[]) => ISavedObjectsRepository; ``` ## Remarks diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.md index 5f592adf7acd99..17655bb4878a7d 100644 --- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.md +++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsservicestart.md @@ -16,8 +16,8 @@ export interface SavedObjectsServiceStart | Property | Type | Description | | --- | --- | --- | -| [createInternalRepository](./kibana-plugin-core-server.savedobjectsservicestart.createinternalrepository.md) | (extraTypes?: string[]) => ISavedObjectsRepository | Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsrepository.md) that uses the internal Kibana user for authenticating with Elasticsearch. | -| [createScopedRepository](./kibana-plugin-core-server.savedobjectsservicestart.createscopedrepository.md) | (req: KibanaRequest, extraTypes?: string[]) => ISavedObjectsRepository | Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsrepository.md) that uses the credentials from the passed in request to authenticate with Elasticsearch. | +| [createInternalRepository](./kibana-plugin-core-server.savedobjectsservicestart.createinternalrepository.md) | (includedHiddenTypes?: string[]) => ISavedObjectsRepository | Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsrepository.md) that uses the internal Kibana user for authenticating with Elasticsearch. | +| [createScopedRepository](./kibana-plugin-core-server.savedobjectsservicestart.createscopedrepository.md) | (req: KibanaRequest, includedHiddenTypes?: string[]) => ISavedObjectsRepository | Creates a [Saved Objects repository](./kibana-plugin-core-server.isavedobjectsrepository.md) that uses the credentials from the passed in request to authenticate with Elasticsearch. | | [createSerializer](./kibana-plugin-core-server.savedobjectsservicestart.createserializer.md) | () => SavedObjectsSerializer | Creates a [serializer](./kibana-plugin-core-server.savedobjectsserializer.md) that is aware of all registered types. | | [getScopedClient](./kibana-plugin-core-server.savedobjectsservicestart.getscopedclient.md) | (req: KibanaRequest, options?: SavedObjectsClientProviderOptions) => SavedObjectsClientContract | Creates a [Saved Objects client](./kibana-plugin-core-server.savedobjectsclientcontract.md) that uses the credentials from the passed in request to authenticate with Elasticsearch. If other plugins have registered Saved Objects client wrappers, these will be applied to extend the functionality of the client.A client that is already scoped to the incoming request is also exposed from the route handler context see [RequestHandlerContext](./kibana-plugin-core-server.requesthandlercontext.md). | | [getTypeRegistry](./kibana-plugin-core-server.savedobjectsservicestart.gettyperegistry.md) | () => ISavedObjectTypeRegistry | Returns the [registry](./kibana-plugin-core-server.isavedobjecttyperegistry.md) containing all registered [saved object types](./kibana-plugin-core-server.savedobjectstype.md) | diff --git a/src/core/server/saved_objects/saved_objects_service.test.ts b/src/core/server/saved_objects/saved_objects_service.test.ts index 819d79803f371e..1413f2e07a91f8 100644 --- a/src/core/server/saved_objects/saved_objects_service.test.ts +++ b/src/core/server/saved_objects/saved_objects_service.test.ts @@ -35,6 +35,10 @@ import { legacyServiceMock } from '../legacy/legacy_service.mock'; import { httpServiceMock } from '../http/http_service.mock'; import { SavedObjectsClientFactoryProvider } from './service/lib'; import { NodesVersionCompatibility } from '../elasticsearch/version_check/ensure_es_version'; +import { SavedObjectsRepository } from './service/lib/repository'; +import { KibanaRequest } from '../http'; + +jest.mock('./service/lib/repository'); describe('SavedObjectsService', () => { const createCoreContext = ({ @@ -269,5 +273,87 @@ describe('SavedObjectsService', () => { expect(getTypeRegistry()).toBe(typeRegistryInstanceMock); }); }); + + describe('#createScopedRepository', () => { + it('creates a respository scoped to the user', async () => { + const coreContext = createCoreContext({ skipMigration: false }); + const soService = new SavedObjectsService(coreContext); + const coreSetup = createSetupDeps(); + await soService.setup(coreSetup); + const { createScopedRepository } = await soService.start({}); + + const req = {} as KibanaRequest; + createScopedRepository(req); + + expect(coreSetup.elasticsearch.adminClient.asScoped).toHaveBeenCalledWith(req); + + const [ + { + value: { callAsCurrentUser }, + }, + ] = coreSetup.elasticsearch.adminClient.asScoped.mock.results; + + const [ + [, , , callCluster, includedHiddenTypes], + ] = (SavedObjectsRepository.createRepository as jest.Mocked).mock.calls; + + // expect(coreSetup.elasticsearch.adminClient.callAsInternalUser).toBe(callCluster); + expect(callCluster).toBe(callAsCurrentUser); + expect(includedHiddenTypes).toEqual([]); + }); + + it('creates a respository including hidden types when specified', async () => { + const coreContext = createCoreContext({ skipMigration: false }); + const soService = new SavedObjectsService(coreContext); + const coreSetup = createSetupDeps(); + await soService.setup(coreSetup); + const { createScopedRepository } = await soService.start({}); + + const req = {} as KibanaRequest; + createScopedRepository(req, ['someHiddenType']); + + const [ + [, , , , includedHiddenTypes], + ] = (SavedObjectsRepository.createRepository as jest.Mocked).mock.calls; + + expect(includedHiddenTypes).toEqual(['someHiddenType']); + }); + }); + + describe('#createInternalRepository', () => { + it('creates a respository using the admin user', async () => { + const coreContext = createCoreContext({ skipMigration: false }); + const soService = new SavedObjectsService(coreContext); + const coreSetup = createSetupDeps(); + await soService.setup(coreSetup); + const { createInternalRepository } = await soService.start({}); + + createInternalRepository(); + + const [ + [, , , callCluster, includedHiddenTypes], + ] = (SavedObjectsRepository.createRepository as jest.Mocked).mock.calls; + + expect(coreSetup.elasticsearch.adminClient.callAsInternalUser).toBe(callCluster); + expect(callCluster).toBe(coreSetup.elasticsearch.adminClient.callAsInternalUser); + expect(includedHiddenTypes).toEqual([]); + }); + + it('creates a respository including hidden types when specified', async () => { + const coreContext = createCoreContext({ skipMigration: false }); + const soService = new SavedObjectsService(coreContext); + const coreSetup = createSetupDeps(); + await soService.setup(coreSetup); + const { createInternalRepository } = await soService.start({}); + + createInternalRepository(['someHiddenType']); + + const [ + [, , , , includedHiddenTypes], + ] = (SavedObjectsRepository.createRepository as jest.Mocked).mock.calls; + + expect(includedHiddenTypes).toEqual(['someHiddenType']); + }); + }); }); }); diff --git a/src/core/server/saved_objects/saved_objects_service.ts b/src/core/server/saved_objects/saved_objects_service.ts index ed4ffef5729ab2..373b8bd1d2bc60 100644 --- a/src/core/server/saved_objects/saved_objects_service.ts +++ b/src/core/server/saved_objects/saved_objects_service.ts @@ -198,20 +198,23 @@ export interface SavedObjectsServiceStart { * Elasticsearch. * * @param req - The request to create the scoped repository from. - * @param extraTypes - A list of additional hidden types the repository should have access to. + * @param includedHiddenTypes - A list of additional hidden types the repository should have access to. * * @remarks * Prefer using `getScopedClient`. This should only be used when using methods * not exposed on {@link SavedObjectsClientContract} */ - createScopedRepository: (req: KibanaRequest, extraTypes?: string[]) => ISavedObjectsRepository; + createScopedRepository: ( + req: KibanaRequest, + includedHiddenTypes?: string[] + ) => ISavedObjectsRepository; /** * Creates a {@link ISavedObjectsRepository | Saved Objects repository} that * uses the internal Kibana user for authenticating with Elasticsearch. * - * @param extraTypes - A list of additional hidden types the repository should have access to. + * @param includedHiddenTypes - A list of additional hidden types the repository should have access to. */ - createInternalRepository: (extraTypes?: string[]) => ISavedObjectsRepository; + createInternalRepository: (includedHiddenTypes?: string[]) => ISavedObjectsRepository; /** * Creates a {@link SavedObjectsSerializer | serializer} that is aware of all registered types. */ @@ -246,16 +249,19 @@ export interface SavedObjectsRepositoryFactory { * uses the credentials from the passed in request to authenticate with * Elasticsearch. * - * @param extraTypes - A list of additional hidden types the repository should have access to. + * @param includedHiddenTypes - A list of additional hidden types the repository should have access to. */ - createScopedRepository: (req: KibanaRequest, extraTypes?: string[]) => ISavedObjectsRepository; + createScopedRepository: ( + req: KibanaRequest, + includedHiddenTypes?: string[] + ) => ISavedObjectsRepository; /** * Creates a {@link ISavedObjectsRepository | Saved Objects repository} that * uses the internal Kibana user for authenticating with Elasticsearch. * - * @param extraTypes - A list of additional hidden types the repository should have access to. + * @param includedHiddenTypes - A list of additional hidden types the repository should have access to. */ - createInternalRepository: (extraTypes?: string[]) => ISavedObjectsRepository; + createInternalRepository: (includedHiddenTypes?: string[]) => ISavedObjectsRepository; } /** @internal */ @@ -417,26 +423,26 @@ export class SavedObjectsService await migrator.runMigrations(); } - const createRepository = (callCluster: APICaller, extraTypes: string[] = []) => { + const createRepository = (callCluster: APICaller, includedHiddenTypes: string[] = []) => { return SavedObjectsRepository.createRepository( migrator, this.typeRegistry, kibanaConfig.index, callCluster, - extraTypes + includedHiddenTypes ); }; const repositoryFactory: SavedObjectsRepositoryFactory = { - createInternalRepository: (extraTypes?: string[]) => - createRepository(adminClient.callAsInternalUser, extraTypes), - createScopedRepository: (req: KibanaRequest, extraTypes?: string[]) => - createRepository(adminClient.asScoped(req).callAsCurrentUser, extraTypes), + createInternalRepository: (includedHiddenTypes?: string[]) => + createRepository(adminClient.callAsInternalUser, includedHiddenTypes), + createScopedRepository: (req: KibanaRequest, includedHiddenTypes?: string[]) => + createRepository(adminClient.asScoped(req).callAsCurrentUser, includedHiddenTypes), }; const clientProvider = new SavedObjectsClientProvider({ - defaultClientFactory({ request }) { - const repository = repositoryFactory.createScopedRepository(request); + defaultClientFactory({ request, includedHiddenTypes }) { + const repository = repositoryFactory.createScopedRepository(request, includedHiddenTypes); return new SavedObjectsClient(repository); }, typeRegistry: this.typeRegistry, diff --git a/src/core/server/saved_objects/service/lib/repository.ts b/src/core/server/saved_objects/service/lib/repository.ts index 61027130e0eb73..f76b05c4af1b92 100644 --- a/src/core/server/saved_objects/service/lib/repository.ts +++ b/src/core/server/saved_objects/service/lib/repository.ts @@ -132,7 +132,7 @@ export class SavedObjectsRepository { typeRegistry: SavedObjectTypeRegistry, indexName: string, callCluster: APICaller, - extraTypes: string[] = [], + includedHiddenTypes: string[] = [], injectedConstructor: any = SavedObjectsRepository ): ISavedObjectsRepository { const mappings = migrator.getActiveMappings(); @@ -140,14 +140,14 @@ export class SavedObjectsRepository { const serializer = new SavedObjectsSerializer(typeRegistry); const visibleTypes = allTypes.filter(type => !typeRegistry.isHidden(type)); - const missingTypeMappings = extraTypes.filter(type => !allTypes.includes(type)); + const missingTypeMappings = includedHiddenTypes.filter(type => !allTypes.includes(type)); if (missingTypeMappings.length > 0) { throw new Error( `Missing mappings for saved objects types: '${missingTypeMappings.join(', ')}'` ); } - const allowedTypes = [...new Set(visibleTypes.concat(extraTypes))]; + const allowedTypes = [...new Set(visibleTypes.concat(includedHiddenTypes))]; return new injectedConstructor({ index: indexName, diff --git a/src/core/server/saved_objects/service/lib/scoped_client_provider.test.js b/src/core/server/saved_objects/service/lib/scoped_client_provider.test.js index aa9448e61009dc..93fe3f5e796b38 100644 --- a/src/core/server/saved_objects/service/lib/scoped_client_provider.test.js +++ b/src/core/server/saved_objects/service/lib/scoped_client_provider.test.js @@ -167,3 +167,23 @@ test(`allows all wrappers to be excluded`, () => { expect(firstClientWrapperFactoryMock).not.toHaveBeenCalled(); expect(secondClientWrapperFactoryMock).not.toHaveBeenCalled(); }); + +test(`allows typed to be included`, () => { + const defaultClient = Symbol(); + const defaultClientFactoryMock = jest.fn().mockReturnValue(defaultClient); + const clientProvider = new SavedObjectsClientProvider({ + defaultClientFactory: defaultClientFactoryMock, + typeRegistry: typeRegistryMock.create(), + }); + const request = Symbol(); + + const actualClient = clientProvider.getClient(request, { + includedHiddenTypes: ['task'], + }); + + expect(actualClient).toBe(defaultClient); + expect(defaultClientFactoryMock).toHaveBeenCalledWith({ + request, + includedHiddenTypes: ['task'], + }); +}); diff --git a/src/core/server/saved_objects/service/lib/scoped_client_provider.ts b/src/core/server/saved_objects/service/lib/scoped_client_provider.ts index 24813cd8d9ab8d..3250737e1287d5 100644 --- a/src/core/server/saved_objects/service/lib/scoped_client_provider.ts +++ b/src/core/server/saved_objects/service/lib/scoped_client_provider.ts @@ -46,8 +46,10 @@ export type SavedObjectsClientWrapperFactory = ( */ export type SavedObjectsClientFactory = ({ request, + includedHiddenTypes, }: { request: KibanaRequest; + includedHiddenTypes?: string[]; }) => SavedObjectsClientContract; /** @@ -64,6 +66,7 @@ export type SavedObjectsClientFactoryProvider = ( */ export interface SavedObjectsClientProviderOptions { excludedWrappers?: string[]; + includedHiddenTypes?: string[]; } /** @@ -121,14 +124,13 @@ export class SavedObjectsClientProvider { getClient( request: KibanaRequest, - options: SavedObjectsClientProviderOptions = {} + { includedHiddenTypes, excludedWrappers = [] }: SavedObjectsClientProviderOptions = {} ): SavedObjectsClientContract { const client = this._clientFactory({ request, + includedHiddenTypes, }); - const excludedWrappers = options.excludedWrappers || []; - return this._wrapperFactories .toPrioritizedArray() .reduceRight((clientToWrap, { id, factory }) => { diff --git a/src/core/server/server.api.md b/src/core/server/server.api.md index bb8ee1d8e7a318..fcf9a9e2dedc25 100644 --- a/src/core/server/server.api.md +++ b/src/core/server/server.api.md @@ -1840,8 +1840,9 @@ export class SavedObjectsClient { export type SavedObjectsClientContract = Pick; // @public -export type SavedObjectsClientFactory = ({ request, }: { +export type SavedObjectsClientFactory = ({ request, includedHiddenTypes, }: { request: KibanaRequest; + includedHiddenTypes?: string[]; }) => SavedObjectsClientContract; // @public @@ -1851,6 +1852,8 @@ export type SavedObjectsClientFactoryProvider = (repositoryFactory: SavedObjects export interface SavedObjectsClientProviderOptions { // (undocumented) excludedWrappers?: string[]; + // (undocumented) + includedHiddenTypes?: string[]; } // @public @@ -2213,7 +2216,7 @@ export class SavedObjectsRepository { // Warning: (ae-forgotten-export) The symbol "KibanaMigrator" needs to be exported by the entry point index.d.ts // // @internal - static createRepository(migrator: KibanaMigrator, typeRegistry: SavedObjectTypeRegistry, indexName: string, callCluster: APICaller, extraTypes?: string[], injectedConstructor?: any): ISavedObjectsRepository; + static createRepository(migrator: KibanaMigrator, typeRegistry: SavedObjectTypeRegistry, indexName: string, callCluster: APICaller, includedHiddenTypes?: string[], injectedConstructor?: any): ISavedObjectsRepository; delete(type: string, id: string, options?: SavedObjectsDeleteOptions): Promise<{}>; deleteByNamespace(namespace: string, options?: SavedObjectsDeleteByNamespaceOptions): Promise; deleteFromNamespaces(type: string, id: string, namespaces: string[], options?: SavedObjectsDeleteFromNamespacesOptions): Promise<{}>; @@ -2233,8 +2236,8 @@ export class SavedObjectsRepository { // @public export interface SavedObjectsRepositoryFactory { - createInternalRepository: (extraTypes?: string[]) => ISavedObjectsRepository; - createScopedRepository: (req: KibanaRequest, extraTypes?: string[]) => ISavedObjectsRepository; + createInternalRepository: (includedHiddenTypes?: string[]) => ISavedObjectsRepository; + createScopedRepository: (req: KibanaRequest, includedHiddenTypes?: string[]) => ISavedObjectsRepository; } // @public @@ -2285,8 +2288,8 @@ export interface SavedObjectsServiceSetup { // @public export interface SavedObjectsServiceStart { - createInternalRepository: (extraTypes?: string[]) => ISavedObjectsRepository; - createScopedRepository: (req: KibanaRequest, extraTypes?: string[]) => ISavedObjectsRepository; + createInternalRepository: (includedHiddenTypes?: string[]) => ISavedObjectsRepository; + createScopedRepository: (req: KibanaRequest, includedHiddenTypes?: string[]) => ISavedObjectsRepository; createSerializer: () => SavedObjectsSerializer; getScopedClient: (req: KibanaRequest, options?: SavedObjectsClientProviderOptions) => SavedObjectsClientContract; getTypeRegistry: () => ISavedObjectTypeRegistry; diff --git a/src/legacy/server/saved_objects/saved_objects_mixin.js b/src/legacy/server/saved_objects/saved_objects_mixin.js index 3e71e1989ae7a3..26fecc68fda4bd 100644 --- a/src/legacy/server/saved_objects/saved_objects_mixin.js +++ b/src/legacy/server/saved_objects/saved_objects_mixin.js @@ -50,17 +50,17 @@ export function savedObjectsMixin(kbnServer, server) { const serializer = kbnServer.newPlatform.start.core.savedObjects.createSerializer(); - const createRepository = (callCluster, extraTypes = []) => { + const createRepository = (callCluster, includedHiddenTypes = []) => { if (typeof callCluster !== 'function') { throw new TypeError('Repository requires a "callCluster" function to be provided.'); } // throw an exception if an extraType is not defined. - extraTypes.forEach(type => { + includedHiddenTypes.forEach(type => { if (!allTypes.includes(type)) { throw new Error(`Missing mappings for saved objects type '${type}'`); } }); - const combinedTypes = visibleTypes.concat(extraTypes); + const combinedTypes = visibleTypes.concat(includedHiddenTypes); const allowedTypes = [...new Set(combinedTypes)]; const config = server.config(); diff --git a/x-pack/plugins/encrypted_saved_objects/server/mocks.ts b/x-pack/plugins/encrypted_saved_objects/server/mocks.ts index 13d7127db78353..f797b49e633703 100644 --- a/x-pack/plugins/encrypted_saved_objects/server/mocks.ts +++ b/x-pack/plugins/encrypted_saved_objects/server/mocks.ts @@ -11,6 +11,7 @@ function createEncryptedSavedObjectsSetupMock() { registerType: jest.fn(), __legacyCompat: { registerLegacyAPI: jest.fn() }, usingEphemeralEncryptionKey: true, + startWithHiddenTypes: jest.fn(), } as jest.Mocked; } diff --git a/x-pack/plugins/encrypted_saved_objects/server/plugin.test.ts b/x-pack/plugins/encrypted_saved_objects/server/plugin.test.ts index 117adba5794d7f..fdf00609097985 100644 --- a/x-pack/plugins/encrypted_saved_objects/server/plugin.test.ts +++ b/x-pack/plugins/encrypted_saved_objects/server/plugin.test.ts @@ -20,10 +20,24 @@ describe('EncryptedSavedObjects Plugin', () => { "registerLegacyAPI": [Function], }, "registerType": [Function], + "startWithHiddenTypes": [Function], "usingEphemeralEncryptionKey": true, } `); }); + + it('exposes a start contract with included hidden types', async () => { + const plugin = new Plugin(coreMock.createPluginInitializerContext()); + const startApiWithHiddenTypes = ( + await plugin.setup(coreMock.createSetup(), { security: securityMock.createSetup() }) + ).startWithHiddenTypes(['hiddenType']); + expect(startApiWithHiddenTypes).toMatchInlineSnapshot(` + Object { + "getDecryptedAsInternalUser": [Function], + "isEncryptionError": [Function], + } + `); + }); }); describe('start()', () => { diff --git a/x-pack/plugins/encrypted_saved_objects/server/plugin.ts b/x-pack/plugins/encrypted_saved_objects/server/plugin.ts index 02212f271cf839..865d678cc035e6 100644 --- a/x-pack/plugins/encrypted_saved_objects/server/plugin.ts +++ b/x-pack/plugins/encrypted_saved_objects/server/plugin.ts @@ -4,12 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { - Logger, - SavedObjectsBaseOptions, - PluginInitializerContext, - CoreSetup, -} from 'src/core/server'; +import { Logger, PluginInitializerContext, CoreSetup } from 'src/core/server'; import { first } from 'rxjs/operators'; import { SecurityPluginSetup } from '../../security/server'; import { createConfig$ } from './config'; @@ -29,9 +24,10 @@ export interface EncryptedSavedObjectsPluginSetup { registerType: (typeRegistration: EncryptedSavedObjectTypeRegistration) => void; __legacyCompat: { registerLegacyAPI: (legacyAPI: LegacyAPI) => void }; usingEphemeralEncryptionKey: boolean; + startWithHiddenTypes: (includedHiddenTypes: string[]) => EncryptedSavedObjectsPluginStart; } -export interface EncryptedSavedObjectsPluginStart extends SavedObjectsSetup { +export interface EncryptedSavedObjectsPluginStart extends ReturnType { isEncryptionError: (error: Error) => boolean; } @@ -92,17 +88,21 @@ export class Plugin { service.registerType(typeRegistration), __legacyCompat: { registerLegacyAPI: (legacyAPI: LegacyAPI) => (this.legacyAPI = legacyAPI) }, usingEphemeralEncryptionKey, + startWithHiddenTypes: (includedHiddenTypes: string[]) => + this.createStartApi(includedHiddenTypes), }; } public start() { this.logger.debug('Starting plugin'); + return this.createStartApi(); + } + private createStartApi(includedHiddenTypes?: string[]) { + const { getDecryptedAsInternalUser } = this.savedObjectsSetup(includedHiddenTypes); return { isEncryptionError: (error: Error) => error instanceof EncryptionError, - getDecryptedAsInternalUser: (type: string, id: string, options?: SavedObjectsBaseOptions) => { - return this.savedObjectsSetup.getDecryptedAsInternalUser(type, id, options); - }, + getDecryptedAsInternalUser, }; } diff --git a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.test.ts b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.test.ts index c11f6a2b2afa8b..8f0eb855676adf 100644 --- a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.test.ts +++ b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.test.ts @@ -25,12 +25,13 @@ import { EncryptedSavedObjectsService } from '../crypto'; describe('#setupSavedObjects', () => { let setupContract: SavedObjectsSetup; + let coreStartMock: ReturnType; let coreSetupMock: ReturnType; let mockSavedObjectsRepository: jest.Mocked; let mockSavedObjectTypeRegistry: jest.Mocked; let mockEncryptedSavedObjectsService: jest.Mocked; beforeEach(() => { - const coreStartMock = coreMock.createStart(); + coreStartMock = coreMock.createStart(); mockSavedObjectsRepository = savedObjectsRepositoryMock.create(); coreStartMock.savedObjects.createInternalRepository.mockReturnValue(mockSavedObjectsRepository); @@ -70,6 +71,33 @@ describe('#setupSavedObjects', () => { ).toBeInstanceOf(EncryptedSavedObjectsClientWrapper); }); + it('properly registers client wrapper factory with', () => { + expect(coreSetupMock.savedObjects.addClientWrapper).toHaveBeenCalledTimes(1); + expect(coreSetupMock.savedObjects.addClientWrapper).toHaveBeenCalledWith( + Number.MAX_SAFE_INTEGER, + 'encryptedSavedObjects', + expect.any(Function) + ); + + const [[, , clientFactory]] = coreSetupMock.savedObjects.addClientWrapper.mock.calls; + expect( + clientFactory({ + client: savedObjectsClientMock.create(), + typeRegistry: savedObjectsTypeRegistryMock.create(), + request: httpServerMock.createKibanaRequest(), + }) + ).toBeInstanceOf(EncryptedSavedObjectsClientWrapper); + }); + + describe('#setupContract', () => { + it('includes hiddenTypes when specified', async () => { + await setupContract(['hiddenType']); + expect(coreStartMock.savedObjects.createInternalRepository).toHaveBeenCalledWith([ + 'hiddenType', + ]); + }); + }); + describe('#getDecryptedAsInternalUser', () => { it('includes `namespace` for single-namespace saved objects', async () => { const mockSavedObject: SavedObject = { @@ -82,7 +110,7 @@ describe('#setupSavedObjects', () => { mockSavedObjectTypeRegistry.isSingleNamespace.mockReturnValue(true); await expect( - setupContract.getDecryptedAsInternalUser(mockSavedObject.type, mockSavedObject.id, { + setupContract().getDecryptedAsInternalUser(mockSavedObject.type, mockSavedObject.id, { namespace: 'some-ns', }) ).resolves.toEqual({ @@ -115,7 +143,7 @@ describe('#setupSavedObjects', () => { mockSavedObjectTypeRegistry.isSingleNamespace.mockReturnValue(false); await expect( - setupContract.getDecryptedAsInternalUser(mockSavedObject.type, mockSavedObject.id, { + setupContract().getDecryptedAsInternalUser(mockSavedObject.type, mockSavedObject.id, { namespace: 'some-ns', }) ).resolves.toEqual({ diff --git a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts index 9eca93ffd0b9eb..dadeaf92e145c8 100644 --- a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts +++ b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts @@ -23,13 +23,15 @@ interface SetupSavedObjectsParams { getStartServices: StartServicesAccessor; } -export interface SavedObjectsSetup { +export type SavedObjectsSetup = ( + includedHiddenTypes?: string[] +) => { getDecryptedAsInternalUser: ( type: string, id: string, options?: SavedObjectsBaseOptions ) => Promise>; -} +}; export function setupSavedObjects({ service, @@ -54,33 +56,34 @@ export function setupSavedObjects({ }) ); - const internalRepositoryAndTypeRegistryPromise = getStartServices().then( - ([core]) => - [core.savedObjects.createInternalRepository(), core.savedObjects.getTypeRegistry()] as [ - ISavedObjectsRepository, - ISavedObjectTypeRegistry - ] - ); - - return { - getDecryptedAsInternalUser: async ( - type: string, - id: string, - options?: SavedObjectsBaseOptions - ): Promise> => { - const [internalRepository, typeRegistry] = await internalRepositoryAndTypeRegistryPromise; - const savedObject = await internalRepository.get(type, id, options); - return { - ...savedObject, - attributes: (await service.decryptAttributes( - { - type, - id, - namespace: typeRegistry.isSingleNamespace(type) ? options?.namespace : undefined, - }, - savedObject.attributes as Record - )) as T, - }; - }, + return (includedHiddenTypes?: string[]) => { + const internalRepositoryAndTypeRegistryPromise = getStartServices().then( + ([core]) => + [ + core.savedObjects.createInternalRepository(includedHiddenTypes), + core.savedObjects.getTypeRegistry(), + ] as [ISavedObjectsRepository, ISavedObjectTypeRegistry] + ); + return { + getDecryptedAsInternalUser: async ( + type: string, + id: string, + options?: SavedObjectsBaseOptions + ): Promise> => { + const [internalRepository, typeRegistry] = await internalRepositoryAndTypeRegistryPromise; + const savedObject = await internalRepository.get(type, id, options); + return { + ...savedObject, + attributes: (await service.decryptAttributes( + { + type, + id, + namespace: typeRegistry.isSingleNamespace(type) ? options?.namespace : undefined, + }, + savedObject.attributes as Record + )) as T, + }; + }, + }; }; } diff --git a/x-pack/plugins/security/server/saved_objects/index.ts b/x-pack/plugins/security/server/saved_objects/index.ts index 7dac745fcf84b3..40c17e5429aa8a 100644 --- a/x-pack/plugins/security/server/saved_objects/index.ts +++ b/x-pack/plugins/security/server/saved_objects/index.ts @@ -31,12 +31,12 @@ export function setupSavedObjects({ const getKibanaRequest = (request: KibanaRequest | LegacyRequest) => request instanceof KibanaRequest ? request : KibanaRequest.from(request); - savedObjects.setClientFactoryProvider(repositoryFactory => ({ request }) => { + savedObjects.setClientFactoryProvider(repositoryFactory => ({ request, includedHiddenTypes }) => { const kibanaRequest = getKibanaRequest(request); return new SavedObjectsClient( authz.mode.useRbacForRequest(kibanaRequest) - ? repositoryFactory.createInternalRepository() - : repositoryFactory.createScopedRepository(kibanaRequest) + ? repositoryFactory.createInternalRepository(includedHiddenTypes) + : repositoryFactory.createScopedRepository(kibanaRequest, includedHiddenTypes) ); });