Skip to content

Allow predefined ids for encrypted saved objects #83482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 23, 2020
Merged

Allow predefined ids for encrypted saved objects #83482

merged 8 commits into from
Nov 23, 2020

Conversation

@thomheymann
Copy link
Contributor

@thomheymann thomheymann commented Nov 16, 2020

Summary

Re-Implementation of #42762 for 8.x.

Task Manager would like to use predefined IDs with encrypted saved objects. We were previously insisting on generating the ID within the EncryptedSavedObjectsClientWrapper so that we could use a UUID v4. This restriction was put in place because generally some other saved object has a reference to an "encrypted saved object" and we wanted to reduce the likelihood of someone potentially being able to guess the reference ID and use it for a nefarious purpose. Instead of relaxing this constraint for all saved object types used with the encrypted saved objects plugin, this PR allows certain saved object types to opt-out of this protection.

Resolves: #42688

Checklist

For maintainers

"Release Note: Consumers of the Encrypted Saved Objects plugin can register types which allow predefined IDs to be specified"

@thomheymann thomheymann added Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v8.0.0 v7.11.0 labels Nov 16, 2020
@thomheymann thomheymann requested a review from a team as a code owner November 16, 2020 20:36
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 16, 2020

Pinging @elastic/kibana-security (Team:Security)

@thomheymann thomheymann added the release_note:plugin_api_changes Contains a Plugin API changes section for the breaking plugin API changes section. label Nov 16, 2020
@azasypkin
Copy link
Member

azasypkin commented Nov 18, 2020

ACK: will review today

azasypkin
azasypkin approved these changes Nov 18, 2020
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kibanamachine
Copy link
Contributor

kibanamachine commented Nov 23, 2020

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@thomheymann thomheymann merged commit 7d929fe into master Nov 23, 2020
@thomheymann thomheymann mentioned this pull request Nov 23, 2020
Merged
@mikecote mikecote mentioned this pull request Nov 23, 2020
Closed
@thomheymann thomheymann mentioned this pull request Nov 23, 2020
Merged
3 tasks
thomheymann added a commit that referenced this pull request Nov 24, 2020
@thomheymann
Allow predefined ids for encrypted saved objects (#83482) (#84095)
8f73e56 
* Allow predefined ids for encrypted saved objects

* Fix mock

* fix tests

* Added suggestions from code review

* added jsdocs params

* Fixed jsdocs
@thomheymann thomheymann deleted the eso/predefined-ids branch November 24, 2020 09:02
thomheymann added a commit that referenced this pull request Nov 30, 2020
@thomheymann
Revert "Allow predefined ids for encrypted saved objects (#83482)"
5f598d1 
This reverts commit 7d929fe.
@gchaps
Copy link
Contributor

gchaps commented Dec 3, 2020
edited
Loading

@thomheymann Please add a section labelled "Dev Docs" in the summary of this PR and include content that we can pull for the API plugin changes doc.

@kobelb
Copy link
Contributor

kobelb commented Dec 3, 2020

/cc @mikecote your wish has been granted!!!

@kobelb kobelb mentioned this pull request Dec 4, 2020
Closed
@mikecote
Copy link
Contributor

mikecote commented Dec 4, 2020

This is great, it will make #50210 much easier! ❤️

thomheymann added a commit that referenced this pull request Dec 4, 2020
@thomheymann @kibanamachine
ECS audit events for alerting (#84113)
f413957 
* ECS audit events for alerts plugin

* added api changes

* fixed linting and testing errors

* fix test

* Fixed linting errors after prettier update

* Revert "Allow predefined ids for encrypted saved objects (#83482)"

This reverts commit 7d929fe.

* Added suggestions from code review

* Fixed unit tests

* Added suggestions from code review

* Changed names of alert events

* Changed naming as suggested in code review

* Added suggestions from PR

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
thomheymann added a commit that referenced this pull request Dec 5, 2020
@thomheymann @kibanamachine
ECS audit events for alerting (#84113) (#85093)
9ef4d22 
* ECS audit events for alerts plugin

* added api changes

* fixed linting and testing errors

* fix test

* Fixed linting errors after prettier update

* Revert "Allow predefined ids for encrypted saved objects (#83482)"

This reverts commit 7d929fe.

* Added suggestions from code review

* Fixed unit tests

* Added suggestions from code review

* Changed names of alert events

* Changed naming as suggested in code review

* Added suggestions from PR

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azasypkin azasypkin azasypkin approved these changes

Assignees

No one assigned

Labels

release_note:plugin_api_changes Contains a Plugin API changes section for the breaking plugin API changes section. Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v7.11.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Encrypted saved objects plugin to allow specifying a custom id on create

8 participants

@thomheymann @elasticmachine @azasypkin @kibanamachine @gchaps @kobelb @mikecote