Stricter defaults for plugin types: `Plugin` and `CoreSetup` now have
empty objects as defaults instead of `object` which is assignable to
anything basically. This catches some type errors, but my motivation for
this is to allow something like:
```ts
function createPlugin ():Plugin<MySetupContract, MyStartContract, MySetupDependencies, MyStartDependencies> {
return {
// look ma, no additional typing necessary
setup ( coreSetup, pluginsSetup ) {
},
start ( coreStart, pluginsStart ) {
}
}
}
```
Closes#156023
## Summary
ESO = Encrypted Saved Object(s)
This PR modifies the `EncryptedSavedObjectTypeRegistration` definition,
replacing the `attributesToExcludeFromAAD` property with a
`attributesToIncludeInAAD` property. The purpose is to alter the default
inclusion of new SO attributes, which will help to resolve potential
decryption issues with serverless zero downtime upgrades (see
https://github.com/elastic/kibana/issues/156023).
NOTE: nested fields are included when the parent field is added to the
include list. In this way the include list behaves just as the exclude
list did.
#### Attention Code Owners:
I attempted to create the include list for existing ESOs by comparing
the exclude list to the full list of attributes, ~~however, I am sure
this is either incomplete or partially incorrect~~ UPDATE: new tests
have been created to validate the include list (see the **Testing**
section). These changes will need to be carefully audited by the owning
teams during the review process. This PR will not merge until all code
owners have reviewed and approved the changes. If your team is a
consumer of ESOs, please see the **Testing** section below.
## Testing
Automated test suites have been updated to account for the changes to
ESO registration. The riskier part of this PR are the changes to
existing ESOs, and validating that they are effectively identical to
their previous implementations. I have used main branch Kibana to
generate several ESOs - one of each type, then saved those raw encrypted
objects to an esArchiver JSON file. New functional tests, in the
`encrypted_saved_objects_api_integration` suite, have been created to
verify that those objects can be successfully decrypted using the new
ESO definitions containing the AAD include list.
### ESO Types to Validate
See
`x-pack/test/encrypted_saved_objects_api_integration/tests/encrypted_saved_objects_aad_include_list.ts`
- [x] ACTION_SAVED_OBJECT_TYPE/'action'
- [x] ACTION_TASK_PARAMS_SAVED_OBJECT_TYPE/'action_task_params'
- [x] CONNECTOR_TOKEN_SAVED_OBJECT_TYPE/'connector_token'
- [x] RULE_SAVED_OBJECT_TYPE/'alert'
- [x] 'api_key_pending_invalidation'
- [x] OUTPUT_SAVED_OBJECT_TYPE/'ingest-outputs
- [x] MESSAGE_SIGNING_KEYS_SAVED_OBJECT_TYPE/'fleet-message-signing-keys
- [x] UNINSTALL_TOKENS_SAVED_OBJECT_TYPE/'fleet-uninstall-tokens'
- [x] syntheticsApiKeyObjectType/'uptime-synthetics-api-key'
- [x] syntheticsMonitorType/'synthetics-monitor'
- [x] syntheticsParamType/'synthetics-param'
### Flaky Test Runner
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5419
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com>
Closes#161002Closes#170073
## Summary
This PR implements a createModelVersion API in the Encrypted Saved
Objects plugin to support upward migrations for model version encrypted
saved objects.
Much like how the `createMigration` API provided a way to wrap migration
functions to support migration of encrypted saved objects prior to the
model version paradigm, the new `createModelVersion` API provides a way
to wrap a model version definition for the same purpose.
`createModelVersion` manipulates the changes defined for a model version
('unsafe_transform', 'data_backfill', 'data_removal'), merging them into
a single transform function in which the saved object document is
decrypted, transformed, and then encrypted again. The document is
decrypted with the `encrypted saved object type registration` provided
by the required `inputType` parameter. Similarly, the document is by
encrypted with the `encrypted saved object type registration` provided
by the required `outputType` parameter.
An example plugin (`examples/eso_model_version_example`) provides a
demonstration of how the createModelVersion API should be used. The UI
of the example plugin gives an idea of what the encrypted saved objects
look like before and after the model version changes are applied.
## Testing
### Manual Testing
- Modify the example plugin implementation in
`examples/eso_model_version_example` to include different changes or
additional model versions.
### Unit Tests
-
`x-pack/plugins/encrypted_saved_objects/server/create_model_version.test.ts`
### Functional Tests
-
`x-pack/test/encrypted_saved_objects_api_integration/tests/encrypted_saved_objects_api.ts`
-
`x-pack/test/encrypted_saved_objects_api_integration/tests/encrypted_saved_objects_decryption.ts`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
