[data.search] Server-side background session service

[lukasolson]

Summary

Adds the server-side background session service, allowing background search sessions to be created, deleted, listed, and restored. It also adds support to the client-side session service for accessing these methods.

The basic flow is as follows:

// Initialize the session:
const sessionId = data.search.session.start();

// Search using the given session (works the same pre/post-restore):
data.search.session.search(searchRequest, {
  sessionId,
  isStored: data.search.session.isStored(), // Has this session already been saved?
  isRestore: data.search.session.isRestore(), // Has this session been restored?
});

// When sending to background:
data.search.session.save('background session name', `/restore_url?sessionId=${sessionId}`);

// When restoring:
data.search.session.restore(sessionId);

(See the search example plugin for an example of how to use.)

Checklist

Delete any items that are not applicable to this PR.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[Dosant]

Seems there is already a trimmed down version of exactly what we need in core: src/core/public/utils/crypto/sha256.ts

Since this code is in /common and has a risk of getting into UI, should we consider using a trimmed down version from core now?
(Small caveat is that we will need to move that util to common first: src/core/public/utils/crypto/sha256.ts -> src/core/common/utils/crypto/sha256.ts)

[Dosant]

LGTM.

Using it in #83073 and in general seem to be working well.

Some remarks, don't think we need to fix it in this pr as can be done in parallel and unblock client side reviews:

1. Client side session service will be improved. (observables, missing methods, types, etc..)
2. In some places error handling needs to be improved. I often noticed "500 Internal service error" while testing. For example, when trying to restore searches and hash mismatches
3. Bumped couple times into race condition: ResponseError: [background-session:63112a17-1f82-4711-ab7d-6b2d2e974ae4]: version conflict, required seqNo [379], primary term [1]. current document has seqNo [380] and primary term [1]: version_conflict_engine_exception. I think this is happening when you get back to inactive tab.
4. Multi-tenant Kibana use-case
5. For some reason kibana complained about missing userId in background search SO mapping. Maybe I had some stale data?

[Dosant]

Suggested change

	return this.http!.delete(`/internal/session/${encodeURIComponent(sessionId)}}`);
	return this.http!.delete(`/internal/session/${encodeURIComponent(sessionId)}`);

[Dosant]

Suggested change

	return this.http!.put(`/internal/session/${encodeURIComponent(sessionId)}}`, {
	return this.http!.put(`/internal/session/${encodeURIComponent(sessionId)}`, {

[lukasolson]

Good catch

[Dosant]

Suggested change

	return this.http!.get(`/internal/session/${encodeURIComponent(sessionId)}}`);
	return this.http!.get(`/internal/session/${encodeURIComponent(sessionId)}`);

[Dosant]

Would would be the proper return types for this CRUD methods?
I can add in follow up client side PR, just not sure what are those.

[lizozom]

This is an intermediate review, Ill add some more after testing

[lizozom]

I thing we shouldn't have a URL, but an app name and two sets of parameters generated using the URL Generator (original and restore URLs)

[lukasolson]

Are you okay with leaving this to the PR that integrates with the URL generator? If you prefer, I can leave out the url portion altogether from this PR

[lizozom]

Lets leave it out then

[lizozom]

Why do you set this to true?

[lukasolson]

Should be false, not sure how that got through

[lizozom]

Maybe instead define private http!: HttpStart; and then we won't have to check all the time?

[lukasolson]

Didn't even know that was a thing

[lizozom]

• I'd add a creation time, or all SOs have one?
• We need the appId, and two sets of URL params (restore and original)
• I think we also should save the status (we want to filter by it)

[lukasolson]

SOs will have updated_at but I'm not seeing a creation time. I'll add that and the status

[lizozom]

// nit
Why use POST for find?
Sounds like a classic GET to me.

[lukasolson]

Yeah, that's what I thought initially too, but we need to send the FindOptions. I guess we could send them in as query parameters instead of inside the body. Thoughts?

[Dosant]

I'd just do the same thing that core does with their client

[lizozom]

Maybe we could get a util for the error format? I see this block everywhere (npt necessarily in this PR)

[lizozom]

Could we use a schema.conditional here?

[lizozom]

Why did we add this? Sounds like a serious overhead to the system, that applies even if we dont save a single session

[lukasolson]

We need to ensure that all requests generate IDs and return them. Otherwise, how will we get back the original data when the session is restored?

[lukasolson]

For some reason kibana complained about missing userId in background search SO mapping. Maybe I had some stale data?

Yeah, that is probably the case. I removed it for now and will re-add in a follow-up PR.

[lizozom]

@elasticmachine merge upstream

[lizozom]

Added a few more comments
Overall LGTM

[lizozom]

//nit IN_PROGRESS?

[lizozom]

Returns Promise<boolean>?

[lukasolson]

Hmm, probably Promise<void> since an unsuccessful delete will throw.

[lizozom]

Lets leave it out then

[lizozom]

If I'm not mistaken, the actual expiration is returned with each async search response, maybe we could use that?

[lukasolson]

There could be multiple requests/responses for a single session. What we should actually probably be doing here is actually calling the extend function (when it is implemented) to set the expires in each search to this value, rather than the other way around. Thoughts?

[lizozom]

Doesn't savedObjectClient already do that, as it's scoped?

[lukasolson]

If two users are in the same space, they can read/write each other's objects without errors, which is expected. Here we need to enforce that even if a user is in the same space, they can't access another user's session.

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: a3dc0d8

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
data	597	599	+2

Distributable file count

id	before	after	diff
default	42853	42860	+7
oss	22474	22481	+7

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
data	965.9KB	970.5KB	+4.5KB
dataEnhanced	36.1KB	36.3KB	+206.0B
total			+4.8KB

Saved Objects .kibana field count

Every field in each saved object type adds overhead to Elasticsearch. Kibana needs to keep the total field count below Elasticsearch's default limit of 1000 fields. Only specify field mappings for the fields you wish to search on or query. See https://www.elastic.co/guide/en/kibana/master/development-plugin-saved-objects.html#_mappings

id	before	after	diff
background-session	-	5	+5

History

• 💔 Build #88798 failed 9bbfa3a
• 💚 Build #88754 succeeded 8d81f39
• 💔 Build #88724 failed dc6104c
• 💔 Build #88505 failed 645146b
• 💔 Build #88488 failed 967214d

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream