Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove credentials from data source object when exported #6892

Closed
Tracked by #6600
BionIT opened this issue Jun 3, 2024 · 2 comments
Closed
Tracked by #6600

Remove credentials from data source object when exported #6892

BionIT opened this issue Jun 3, 2024 · 2 comments
Assignees
@zhongnansu
Labels
enhancement New feature or request multiple datasource multiple datasource project v2.15.0

Comments

@BionIT
Copy link
Collaborator

BionIT commented Jun 3, 2024

Is your feature request related to a problem? Please describe.

Remove credentials from data source object when exported

Describe the solution you'd like

Remove credentials from data source object when exported

Describe alternatives you've considered

A clear and concise description of any alternative solutions or features you've considered.

Additional context

Add any other context or screenshots about the feature request here.
@BionIT BionIT added the enhancement New feature or request label Jun 3, 2024
@BionIT BionIT added v2.15.0 multiple datasource multiple datasource project labels Jun 3, 2024
@BionIT BionIT mentioned this issue Jun 3, 2024
Closed
45 tasks
@zhongnansu
Copy link
Member

adding related issue
#1728
#4529

@zhongnansu
Copy link
Member

zhongnansu commented Jun 4, 2024
edited
Loading

Importing a data source object with credential field dropped will fail, because it fails basic input field validation. E.g.

        if (!username) {
          throw SavedObjectsErrorHelpers.createBadRequestError(
            '"auth.credentials.username" attribute is required'
          );
        }

We don't want to remove server side validation, just for this use case, and we also want to avoid exporting the hashed credential. After discussion with team, we decide to use a place holder value when exporting. cc: @BionIT @zengyan-amazon

current and expected behavior

Currently, data source saved object is exported as below

{
  "attributes": {
    "auth": {
      "credentials": {
        "password": "xxxxxxx(encrypted value)",
        "username": "any"
      },
      "type": "username_password"
    },
    "dataSourceVersion": "",
    "description": "",
    "endpoint": "https://search-new-m6-nbkrrsakxmzqk3oay3olromnzi.us-west-2.es.amazonaws.com/",
    "installedPlugins": [],
    "title": "test1"
  },
  "id": "18abe7e0-2297-11ef-b143-fdc11e1ac86d",
  "migrationVersion": {
    "data-source": "2.4.0"
  },
  "references": [],
  "type": "data-source",
  "updated_at": "2024-06-04T17:23:02.110Z",
  "version": "WzQsMV0="
}

We want to overwrite the credentials to use place holder value when exporting, so it will look like:

{
  "attributes": {
    "auth": {
      "type": "username_password",
        "credentials": {
            "password": "NEED_UPDATE_CREDENTIAL",
            "username": "NEED_UPDATE_CREDENTIAL"
      },
    },
    "dataSourceVersion": "",
    "description": "",
    "endpoint": "https://search-new-m6-nbkrrsakxmzqk3oay3olromnzi.us-west-2.es.amazonaws.com/",
    "installedPlugins": [],
    "title": "test1"
  },
  "id": "18abe7e0-2297-11ef-b143-fdc11e1ac86d",
  "migrationVersion": {
    "data-source": "2.4.0"
  },
  "references": [],
  "type": "data-source",
  "updated_at": "2024-06-04T17:23:02.110Z",
  "version": "WzQsMV0="
}

@zhongnansu zhongnansu mentioned this issue Jun 5, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zhongnansu zhongnansu

Labels
enhancement New feature or request multiple datasource multiple datasource project v2.15.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BionIT @zhongnansu