-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for sharing saved objects to all spaces #76132
Merged
jportner
merged 29 commits into
elastic:master
from
jportner:issue-69808-share-to-all-spaces
Oct 5, 2020
Merged
Changes from 14 commits
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
8cdf171
Change `delete` to always delete the object
jportner d978bce
Change `SavedObjectsRepository` to support `'*'` namespace string
jportner 966f826
Small refactor for SecureSavedObjectsClientWrapper unit tests
jportner 69f6491
Change `create` and `bulkCreate` to allow initial namespaces
jportner 2e1dabb
Change "share to space" initial warning callout
jportner 6012e05
Clean up "Shared spaces" column code, add unit tests
jportner 87ed4e8
Change "Shared spaces" column to display "All spaces" badge
jportner 8385cdb
Clean up "Share to space" routes, add unit tests
jportner b79aff1
Remove dead code
jportner 1deac86
Clean up saved object authorization unit tests / errors
jportner a15abff
Change "Share to space" flyout to support sharing to all spaces
jportner e68ecc4
Change saved objects table to use force-delete
jportner f855fcd
Fix "Copy to space" functional test
jportner 1761d87
Fix unit tests that broke due to e68ecc4
jportner 42b6541
Merge branch 'master' into issue-69808-share-to-all-spaces
jportner ebf7da0
PR review feedback
jportner 48f0698
Tweak "no spaces available" text
jportner ebea8e4
Changes for additional PR review feedback
jportner bc9a57b
Address nits with SSOTAS authz
legrego c55dca3
Change `addToNamespaces` and `deleteFromNamespaces` authZ check
jportner 64a5b84
Don't pass start services to all share-to-space components
jportner c95bd93
Fix type check
jportner cb006b1
Merge branch 'master' into issue-69808-share-to-all-spaces
jportner 08eaf51
Fix API integration tests
jportner bdcf5fe
Merge branch 'master' into issue-69808-share-to-all-spaces
jportner e0ad362
More changes for PR review feedback
jportner 790a437
Rename `initialNamespaces` to `namespaces`
jportner 57ad704
Merge branch 'master' into issue-69808-share-to-all-spaces
jportner 3c0aa6b
Fix API integration tests
jportner File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
...ver/kibana-plugin-core-server.savedobjectsbulkcreateobject.initialnamespaces.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [SavedObjectsBulkCreateObject](./kibana-plugin-core-server.savedobjectsbulkcreateobject.md) > [initialNamespaces](./kibana-plugin-core-server.savedobjectsbulkcreateobject.initialnamespaces.md) | ||
|
||
## SavedObjectsBulkCreateObject.initialNamespaces property | ||
|
||
Optional initial namespaces for the object to be created in. If this is defined, it will supersede the namespace ID that is in [SavedObjectsCreateOptions](./kibana-plugin-core-server.savedobjectscreateoptions.md)<!-- -->. | ||
|
||
Note: this can only be used for multi-namespace object types. | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
initialNamespaces?: string[]; | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
...server/kibana-plugin-core-server.savedobjectscreateoptions.initialnamespaces.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [SavedObjectsCreateOptions](./kibana-plugin-core-server.savedobjectscreateoptions.md) > [initialNamespaces](./kibana-plugin-core-server.savedobjectscreateoptions.initialnamespaces.md) | ||
|
||
## SavedObjectsCreateOptions.initialNamespaces property | ||
|
||
Optional initial namespaces for the object to be created in. If this is defined, it will supersede the namespace ID that is in [SavedObjectsCreateOptions](./kibana-plugin-core-server.savedobjectscreateoptions.md)<!-- -->. | ||
|
||
Note: this can only be used for multi-namespace object types. | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
initialNamespaces?: string[]; | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
...opment/core/server/kibana-plugin-core-server.savedobjectsdeleteoptions.force.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [SavedObjectsDeleteOptions](./kibana-plugin-core-server.savedobjectsdeleteoptions.md) > [force](./kibana-plugin-core-server.savedobjectsdeleteoptions.force.md) | ||
|
||
## SavedObjectsDeleteOptions.force property | ||
|
||
Force deletion of an object that exists in multiple namespaces | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
force?: boolean; | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question For searching across spaces, the
/api/saved_objects/_find
API accepts an array of namespace strings via thenamespaces
query parameter.What do you think about using
namespces
here instead ofinitialNamespaces
so that the APIs are a bit more consistent?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, everywhere else that we use the
namespace
ornamespaces
field, we are specifying what namespace(s) to search for an object in.It seems to me that we should make this distinct, since this is what namespace(s) to create this object in. I know this is only used for the "create" and "bulkCreate" methods, but still.
I lean towards leaving it as-is, maybe @pgayvallet has an opinion to share?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I had [somehow] forgotten about the
bulk_update
changes we just made where we usenamespace
to denote where to locate the object, as opposed to listing the namespaces the updated object should be included in.I'll buy that argument, but also happy to defer to platform since they own the APIs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I get the distinction between namespaces parameters that are used to locate the object(s) and parameters that are used to define the values to set, but as adding/removing namespaces is done with specific APIs. I doubt we will ever have two 'namespaces' parameters in a route / so API, so I would just use the
namespaces
name for create/bulkCreate.But that's not a strong opinion. @rudolf, WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the behaviour of setting something on create and finding inside a namespace on get is intuitive enough.
But it seems like we can delete an object from an existing namespace when you set
initialNamespaces: 'new space'
andnamespace: 'the space the object exists in'
withoverwrite=true
.I find it difficult to think what the behaviour of initialNamespaces with overwrite=true should be. It feels like you should only be able to overwrite if you're not touching the namespaces (initialNamespaces = []). I can't remember, why did we want to restrict namespace operations to namespace-specific methods like deleteFromNamespace? It feels like similar reasoning should apply to bulkCreate (even with overwrite=true)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough!
Yes you can overwrite an object and change its namespace by using overwrite=true. This is by design.
Well, Elasticsearch treats a create+overwrite as if you're creating a new document and blowing the old one away, so my opinion is we shouldn't artificially limit the behavior here -- there are potentially valid use cases where we might want to recreate an existing object in "all spaces", for instance.
This could result in a scenario that's a bit counter-intuitive: If I am a user who can only access the "Foo" space, I can overwrite a saved object that exists in the "Foo" and "Bar" spaces using
initialNamespaces: ['foo']
(effectively unsharing it from the "Bar" space). But this outcome is no different than deleting and recreating the object, which the user is also allowed to do.Several reasons: 1. At the time,
namespace
/namespaces
was an implementation detail that was completely hidden from consumers, 2. I didn't think it was a good idea to conflate the concept of a namespace with normal object attributes that can be changed via an "update" operation, 3. Having dedicated "addToNamespaces" and "deleteFromNamespaces" APIs for this makes authorization checks a lot simpler to implement and easier to test / reason about, and 4. We may eventually want to allow creation of roles that are not allowed to share/unshare objects. (I guess we'd have to revisit the create+overwrite situation if we wanted to actually implement this)Edit: renamed this field in 790a437.
Edit 2: opened a PR to undo this rename in #79682.