Using action type validation onExport

x-pack/plugins/actions/server/plugin.ts

@@ -181,7 +181,6 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
     }
 
     plugins.features.registerKibanaFeature(ACTIONS_FEATURE);
-    setupSavedObjects(core.savedObjects, plugins.encryptedSavedObjects);
 
     this.eventLogService = plugins.eventLog;
     plugins.eventLog.registerProviderActions(EVENT_LOG_PROVIDER, Object.values(EVENT_LOG_ACTIONS));
@@ -228,6 +227,8 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
     this.actionExecutor = actionExecutor;
     this.security = plugins.security;
 
+    setupSavedObjects(core.savedObjects, plugins.encryptedSavedObjects, this.actionTypeRegistry!);
+
     registerBuiltInActionTypes({
       logger: this.logger,
       actionTypeRegistry,

x-pack/plugins/actions/server/saved_objects/index.ts

@@ -16,14 +16,16 @@ import { getMigrations } from './migrations';
 import { RawAction } from '../types';
 import { getImportResultMessage, GO_TO_CONNECTORS_BUTTON_LABLE } from './get_import_result_message';
 import { transformConnectorsForExport } from './transform_connectors_for_export';
+import { ActionTypeRegistry } from '../action_type_registry';
 
 export const ACTION_SAVED_OBJECT_TYPE = 'action';
 export const ALERT_SAVED_OBJECT_TYPE = 'alert';
 export const ACTION_TASK_PARAMS_SAVED_OBJECT_TYPE = 'action_task_params';
 
 export function setupSavedObjects(
   savedObjects: SavedObjectsServiceSetup,
-  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup
+  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup,
+  actionTypeRegistry: ActionTypeRegistry
 ) {
   savedObjects.registerType({
     name: ACTION_SAVED_OBJECT_TYPE,
@@ -41,7 +43,7 @@ export function setupSavedObjects(
         context: SavedObjectsExportTransformContext,
         objects: Array<SavedObject<RawAction>>
       ) {
-        return transformConnectorsForExport(objects);
+        return transformConnectorsForExport(objects, actionTypeRegistry);
       },
       onImport(connectors) {
         return {

x-pack/plugins/actions/server/saved_objects/transform_connectors_for_export.test.ts

@@ -6,8 +6,32 @@
  */
 
 import { transformConnectorsForExport } from './transform_connectors_for_export';
+import { ActionTypeRegistry, ActionTypeRegistryOpts } from '../action_type_registry';
+import { loggingSystemMock } from '../../../../../src/core/server/mocks';
+import { actionsConfigMock } from '../actions_config.mock';
+import { licensingMock } from '../../../licensing/server/mocks';
+import { licenseStateMock } from '../lib/license_state.mock';
+import { taskManagerMock } from '../../../task_manager/server/mocks';
+import { ActionExecutor, TaskRunnerFactory } from '../lib';
+import { registerBuiltInActionTypes } from '../builtin_action_types';
 
 describe('transform connector for export', () => {
+  const actionTypeRegistryParams: ActionTypeRegistryOpts = {
+    licensing: licensingMock.createSetup(),
+    taskManager: taskManagerMock.createSetup(),
+    taskRunnerFactory: new TaskRunnerFactory(new ActionExecutor({ isESOCanEncrypt: true })),
+    actionsConfigUtils: actionsConfigMock.create(),
+    licenseState: licenseStateMock.create(),
+    preconfiguredActions: [],
+  };
+  const actionTypeRegistry: ActionTypeRegistry = new ActionTypeRegistry(actionTypeRegistryParams);
+
+  registerBuiltInActionTypes({
+    logger: loggingSystemMock.create().get(),
+    actionTypeRegistry,
+    actionsConfigUtils: actionsConfigMock.create(),
+  });
+
   const connectorsWithNoSecrets = [
     {
       id: '1',
@@ -210,11 +234,13 @@ describe('transform connector for export', () => {
   ];
 
   it('should not change connectors without secrets', () => {
-    expect(transformConnectorsForExport(connectorsWithNoSecrets)).toEqual(connectorsWithNoSecrets);
+    expect(transformConnectorsForExport(connectorsWithNoSecrets, actionTypeRegistry)).toEqual(
+      connectorsWithNoSecrets
+    );
   });
 
   it('should remove secrets for connectors with secrets', () => {
-    expect(transformConnectorsForExport(connectorsWithSecrets)).toEqual(
+    expect(transformConnectorsForExport(connectorsWithSecrets, actionTypeRegistry)).toEqual(
       connectorsWithSecrets.map((connector) => ({
         ...connector,
         attributes: {

x-pack/plugins/actions/server/saved_objects/transform_connectors_for_export.ts

@@ -6,43 +6,44 @@
  */
 
 import { SavedObject } from 'kibana/server';
-import { RawAction } from '../types';
-
-const CONNECTORS_WITHOUT_SECRETS = ['.index', '.server-log'];
-const CONNECTORS_CHECK_AUTH = ['.email', '.webhook'];
+import { ActionTypeRegistry } from '../action_type_registry';
+import { validateSecrets } from '../lib';
+import { RawAction, ActionType } from '../types';
 
 export function transformConnectorsForExport(
-  connectors: SavedObject[]
+  connectors: SavedObject[],
+  actionTypeRegistry: ActionTypeRegistry
 ): Array<SavedObject<RawAction>> {
-  return connectors.map((connector) =>
-    transformConnectorForExport(connector as SavedObject<RawAction>)
-  );
+  return connectors.map((c) => {
+    const connector = c as SavedObject<RawAction>;
+    return transformConnectorForExport(
+      connector,
+      actionTypeRegistry.get(connector.attributes.actionTypeId)
+    );
+  });
 }
 
 function connectorHasNoAuth(connector: SavedObject<RawAction>) {
   return connector?.attributes?.config?.hasAuth === false;
 }
 
-function transformConnectorForExport(connector: SavedObject<RawAction>): SavedObject<RawAction> {
-  // Skip connectors with no secrets
-  if (CONNECTORS_WITHOUT_SECRETS.includes(connector.attributes.actionTypeId)) {
-    return connector;
-  }
-
-  // Skip connectors where hasAuth = false
-  if (
-    CONNECTORS_CHECK_AUTH.includes(connector.attributes.actionTypeId) &&
-    connectorHasNoAuth(connector)
-  ) {
-    return connector;
+function transformConnectorForExport(
+  connector: SavedObject<RawAction>,
+  actionType: ActionType
+): SavedObject<RawAction> {
+  let isMissingSecrets = false;
+  try {
+    validateSecrets(actionType, connector.attributes.secrets);
+  } catch (err) {
+    isMissingSecrets = !connectorHasNoAuth(connector);
   }
 
   // Skip connectors
   return {
     ...connector,
     attributes: {
       ...connector.attributes,
-      isMissingSecrets: true,
+      isMissingSecrets,
     },
   };
 }