835d4aff4c
Closes #161002 Closes #170073 ## Summary This PR implements a createModelVersion API in the Encrypted Saved Objects plugin to support upward migrations for model version encrypted saved objects. Much like how the `createMigration` API provided a way to wrap migration functions to support migration of encrypted saved objects prior to the model version paradigm, the new `createModelVersion` API provides a way to wrap a model version definition for the same purpose. `createModelVersion` manipulates the changes defined for a model version ('unsafe_transform', 'data_backfill', 'data_removal'), merging them into a single transform function in which the saved object document is decrypted, transformed, and then encrypted again. The document is decrypted with the `encrypted saved object type registration` provided by the required `inputType` parameter. Similarly, the document is by encrypted with the `encrypted saved object type registration` provided by the required `outputType` parameter. An example plugin (`examples/eso_model_version_example`) provides a demonstration of how the createModelVersion API should be used. The UI of the example plugin gives an idea of what the encrypted saved objects look like before and after the model version changes are applied. ## Testing ### Manual Testing - Modify the example plugin implementation in `examples/eso_model_version_example` to include different changes or additional model versions. ### Unit Tests - `x-pack/plugins/encrypted_saved_objects/server/create_model_version.test.ts` ### Functional Tests - `x-pack/test/encrypted_saved_objects_api_integration/tests/encrypted_saved_objects_api.ts` - `x-pack/test/encrypted_saved_objects_api_integration/tests/encrypted_saved_objects_decryption.ts` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| common | ||
| public | ||
| server | ||
| kibana.jsonc | ||
| README.md | ||
| tsconfig.json | ||
Encrypted Saved Object Model Version Example
This plugin provides a simple use case demonstration of:
- How to organize versioned saved object and encryption registration definitions
- How to use the createModelVersion wrapper function of the Encrypted Saved Objects plugin
- How/when encrypted model versions are migrated and what to expect when they are queried
This is an example plugin to demonstrate implementation of an encrypted saved object with model versions using the new encryptedSavedObjectsPlugin.createModelVersion API.
A good place to start is by reviewing the definitions in examples/eso_model_version_example/server/types. This is where the interfaces and constants that for the example saved object are defined.
In examples/eso_model_version_example/server/plugin.ts the model versions are defined, which include typical changes you might see in a saved object over time only in this case the model version definitions are wrapped by the new createModelVersion API.
Lastly, use the plugin UI to get a sense for how the objects are migrated - you can query the raw documents and then decrypted the migrated objects.
To run this example, use the command yarn start --run-examples.