Remove secrets from the connectors before validating in actionsClient getAll (#179837)

Fixes: #179480 ## To verify: Please follow the steps described in the issue.
2025-04-24 01:38:56 -04:00 · 2024-04-05 18:26:46 +02:00 · 2024-04-05 18:26:46 +02:00 · 2005cefab5
commit 2005cefab5
parent 0fe636f745
2 changed files with 62 additions and 6 deletions
--- a/x-pack/plugins/actions/server/application/connector/methods/get_all/get_all.test.ts
+++ b/x-pack/plugins/actions/server/application/connector/methods/get_all/get_all.test.ts
@ -557,6 +557,60 @@ describe('getAll()', () => {
        'Error validating connector: 1, Error: [actionTypeId]: expected value of type [string] but got [undefined]'
      );
    });
+
+    test('removes secrets before validation', async () => {
+      const expectedResult = {
+        total: 1,
+        per_page: 10,
+        page: 1,
+        saved_objects: [
+          {
+            id: '1',
+            type: 'type',
+            attributes: {
+              name: 'test',
+              actionTypeId: 'test',
+              isMissingSecrets: false,
+              config: {
+                foo: 'bar',
+              },
+              secrets: { foo: 'bar' },
+            },
+            score: 1,
+            references: [],
+          },
+        ],
+      };
+      unsecuredSavedObjectsClient.find.mockResolvedValueOnce(expectedResult);
+      scopedClusterClient.asInternalUser.search.mockResponse(
+        // @ts-expect-error not full search response
+        {
+          aggregations: {
+            '1': { doc_count: 6 },
+          },
+        }
+      );
+
+      actionsClient = new ActionsClient({
+        logger,
+        actionTypeRegistry,
+        unsecuredSavedObjectsClient,
+        scopedClusterClient,
+        kibanaIndices,
+        actionExecutor,
+        ephemeralExecutionEnqueuer,
+        bulkExecutionEnqueuer,
+        request,
+        authorization: authorization as unknown as ActionsAuthorization,
+        inMemoryConnectors: [],
+        connectorTokenClient: connectorTokenClientMock.create(),
+        getEventLogClient,
+      });
+
+      await actionsClient.getAll();
+
+      expect(logger.warn).not.toHaveBeenCalled();
+    });
  });

  describe('getAllSystemConnectors()', () => {
--- a/x-pack/plugins/actions/server/application/connector/methods/get_all/get_all.ts
+++ b/x-pack/plugins/actions/server/application/connector/methods/get_all/get_all.ts
@ -70,7 +70,7 @@ export async function getAllUnsecured({
 }: GetAllUnsecuredParams): Promise<ConnectorWithExtraFindData[]> {
  const namespace = spaceId && spaceId !== 'default' ? spaceId : undefined;

-  const connectors = await getAllHelper({
+  return await getAllHelper({
    esClient,
    // Unsecured execution does not currently support system actions so we filter them out
    inMemoryConnectors: inMemoryConnectors.filter((connector) => !connector.isSystemAction),
@ -79,8 +79,6 @@ export async function getAllUnsecured({
    namespace,
    savedObjectsClient: internalSavedObjectsRepository,
  });
-
-  return connectors.map((connector) => omit(connector, 'secrets'));
 }

 async function getAllHelper({
@ -94,9 +92,13 @@ async function getAllHelper({
 }: GetAllHelperOpts): Promise<ConnectorWithExtraFindData[]> {
  const savedObjectsActions = (
    await findConnectorsSo({ savedObjectsClient, namespace })
-  ).saved_objects.map((rawAction) =>
-    connectorFromSavedObject(rawAction, isConnectorDeprecated(rawAction.attributes))
-  );
+  ).saved_objects.map((rawAction) => {
+    const connector = connectorFromSavedObject(
+      rawAction,
+      isConnectorDeprecated(rawAction.attributes)
+    );
+    return omit(connector, 'secrets');
+  });

  if (auditLogger) {
    savedObjectsActions.forEach(({ id }) =>