-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor Saved Object Client wrappers #133835
Labels
chore
Feature:Saved Objects
Feature:Security/Object Level Security
Feature:Security/Sharing Saved Objects
Platform Security - Sharing Saved Objects feature
Meta
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
jportner
added
chore
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Feature:Saved Objects
Feature:Security/Sharing Saved Objects
Platform Security - Sharing Saved Objects feature
Feature:Security/Object Level Security
labels
Jun 7, 2022
Pinging @elastic/kibana-security (Team:Security) |
jeramysoucy
added a commit
that referenced
this issue
Nov 18, 2022
Merges the changes of #134395 into the new packages structure. Resolves #133835 ### Description This PR represents a fully manual merge of the saved objects refactor of client wrapper system into repository extensions. These changes are being manually merged due to significant changes of the saved objects implementation in the main branch, specifically the migration to the new packages structure. ### Other changes - Bulk Delete: bulk delete was implemented in parallel to #134395 being completed and this PR will refactor that API to utilize the new extensions Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com>
Hello ! I created some plugins that use SOC wrapper in order to change some visualization references, namespaces, patching visualization attributes, ... I want to know the best way for me to migrate my SOC wrappers knowing that the bespoke functions are already implemented by x-pack :-( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
chore
Feature:Saved Objects
Feature:Security/Object Level Security
Feature:Security/Sharing Saved Objects
Platform Security - Sharing Saved Objects feature
Meta
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Overview
The current architecture of the Saved Object Client doesn't meet the needs we have in upcoming enhancement requests.
Today, any plugin can register a Saved Objects Client (SOC) wrapper and specify the priority in which it should be applied. In practice, this is only used by the Platform Security team. The wrapper can modify both the input and the output of a given API call.
Consumers can either get an instance of the raw Saved Objects Repository (SOR), or they can get a scoped Saved Objects Client (and optionally omit any individual wrappers). Here's what the sequence looks like today when a consumer calls a SOC API:
source
It's also important to know that the introduction of the Spaces SOC wrapper was intentionally designed to be transparent to the consumer, and thus any scoped API call within a given space was intended to only function on objects that exist in that space. For example, if "dashboard 123" existed in Space A, but you are using the client in Space B, any searches or other API actions should not turn up that object.
This paradigm served us well in the past, but several things have changed:
spaces
,security
, andencryptedSavedObjects
) can no longer be disabled as of the 8.0 release (By default, a plugin should not be disable-able #89584).We would be better served by moving away from the generic "wrapper"-style design pattern and implementing a bespoke model like this -- note this diagram includes future enhancements for OLS (3 above) but it does not include changes for space-agnostic SOC (4 above):
source
Technical changes
To implement this, we would need to make the following changes:
they should not need to be changed)The text was updated successfully, but these errors were encountered: