[Saved objects client - bulkUpdate] Passing the correct namespace to migrateInputDocument#222313
Conversation
cesco-f
added
release_note:fix
backport:version
github-actions
bot
added
the
author:obs-ux-management
| id, | ||
| type, | ||
| namespace, | ||
| namespace: getNamespaceId(objectNamespace), |
There was a problem hiding this comment.
This looks correct but we should not set a namespace if this is a multinamespace saved object type. So we need to do something similar to the update method where either namespace or namespaces is set depending on if this is multi/single namespace.
wdyt @TinaHeiligers
There was a problem hiding this comment.
++
May even have to look back at this section where "namespaces" is set, and adjust to account for "namespace" vs "namespaces" throughout the rest of the code.
There was a problem hiding this comment.
Hey team 😊
Can we maybe merge this to fix my use case and open another PR to fix the multinamespace saved object type?
There was a problem hiding this comment.
I can make push some changes to take care of this. I will take a look on Monday.
There was a problem hiding this comment.
Sorry for the delay. I pushed c122b83
I believe it will handle the difference between single and multi-namespace types correctly. I also officially tagged @TinaHeiligers for a review.
There was a problem hiding this comment.
I suspect this isn't a bug and could be a callee error because we haven't had any other reports of namespace issues. I'll take a look at the diffs.
There was a problem hiding this comment.
So we need to do something similar to the update method where either namespace or namespaces is set depending on if this is multi/single namespace.
If bulkUpdate now supports upsert, then probably yes. When I worked on the API making it BWC, bulkUpdate didn't support upsert, nor did it support partial updates.
Using getNamespaceId might mess with the namespaces array, so we'll need to watch the tests carefully.
rudolf
added
the
Team:Core
|
Pinging @elastic/kibana-core (Team:Core) |
rudolf
added
the
bug
cesco-f
force-pushed
the
fix-bulk-update-namespace
branch
from
d3abb6e to
791a5ee
Compare
src/core/packages/saved-objects/api-server-internal/src/lib/apis/bulk_update.test.ts
Show resolved
Hide resolved
rudolf
left a comment
rudolf
left a comment
There was a problem hiding this comment.
Just left a question to clarify what kind of namespace (string or id) we need for encryption. Otherwise lgtm
src/core/packages/saved-objects/api-server-internal/src/lib/apis/bulk_update.ts
Outdated
Show resolved
Hide resolved
| type, | ||
| namespace, | ||
| namespaces, | ||
| ...(savedObjectNamespace && { namespace: savedObjectNamespace }), |
There was a problem hiding this comment.
Can't comment on the right place, but in line 297 should we fallback to namespace or namespaceString for the encryption helper?
There was a problem hiding this comment.
It actually doesn't matter if we pass a namespace ID or a namespace string to the encryption extension - it will always get "normalized" and used appropriately. However, you brought to my attention that the parameters might have always been wrong here.
The object should be encrypted based on its descriptor, not the current namespace or the provided object namespace. So... let me think about this...
Disregard...I forgot that we do not use namespace in the descriptor for multi-namespace ESOs.
| type, | ||
| id, | ||
| objectNamespace || namespace, | ||
| savedObjectNamespaces ?? savedObjectNamespace, |
There was a problem hiding this comment.
Encryption should always be based on the object's actual namespace(s). For multi-namespace objects, we pick the first namespace to use in the encryption descriptor (we also "normalize" the parameters to handle passing an namespace vs namespace string). So because namespaces can be overridden in bulk update per object, we should be careful here not to use either the provided object namespace or the current namespace, because it might render an multi-namespace ESO undecryptable. Does this make sense?
There was a problem hiding this comment.
I also think we really need tests for this logic specifically (bulk update, object space override on a multispace encrypted object), but I have not had time to do so.
There was a problem hiding this comment.
😓 Ahhh...nevermind! No namespace is used for the ESO descriptor for multi-namespace objects. Disregard. We can revert this back to what was there.
⏳ Build in-progress, with failures
Failed CI StepsHistory
|
|
Starting backport for target branches: 8.19 |
…migrateInputDocument (elastic#222313) While working on [this PR](elastic#221515) I noticed an issue when trying to bulk update saved objects overriding the current space for the operation. --------- Co-authored-by: “jeramysoucy” <jeramy.soucy@elastic.co> Co-authored-by: Shahzad <shahzad31comp@gmail.com> Co-authored-by: Rudolf Meijering <skaapgif@gmail.com> (cherry picked from commit 9794168)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…ace to migrateInputDocument (#222313) (#224522) # Backport This will backport the following commits from `main` to `8.19`: - [[Saved objects client - bulkUpdate] Passing the correct namespace to migrateInputDocument (#222313)](#222313) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Francesco Fagnani","email":"fagnani.francesco@gmail.com"},"sourceCommit":{"committedDate":"2025-06-19T08:01:33Z","message":"[Saved objects client - bulkUpdate] Passing the correct namespace to migrateInputDocument (#222313)\n\nWhile working on [this\nPR](#221515) I noticed an issue\nwhen trying to bulk update saved objects overriding the current space\nfor the operation.\n\n---------\n\nCo-authored-by: “jeramysoucy” <jeramy.soucy@elastic.co>\nCo-authored-by: Shahzad <shahzad31comp@gmail.com>\nCo-authored-by: Rudolf Meijering <skaapgif@gmail.com>","sha":"97941682dbf5703197b5068fad4b9cb583a24631","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","Team:Core","release_note:fix","backport:version","v9.1.0","v8.19.0","author:obs-ux-management"],"title":"[Saved objects client - bulkUpdate] Passing the correct namespace to migrateInputDocument","number":222313,"url":"https://github.com/elastic/kibana/pull/222313","mergeCommit":{"message":"[Saved objects client - bulkUpdate] Passing the correct namespace to migrateInputDocument (#222313)\n\nWhile working on [this\nPR](#221515) I noticed an issue\nwhen trying to bulk update saved objects overriding the current space\nfor the operation.\n\n---------\n\nCo-authored-by: “jeramysoucy” <jeramy.soucy@elastic.co>\nCo-authored-by: Shahzad <shahzad31comp@gmail.com>\nCo-authored-by: Rudolf Meijering <skaapgif@gmail.com>","sha":"97941682dbf5703197b5068fad4b9cb583a24631"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/222313","number":222313,"mergeCommit":{"message":"[Saved objects client - bulkUpdate] Passing the correct namespace to migrateInputDocument (#222313)\n\nWhile working on [this\nPR](#221515) I noticed an issue\nwhen trying to bulk update saved objects overriding the current space\nfor the operation.\n\n---------\n\nCo-authored-by: “jeramysoucy” <jeramy.soucy@elastic.co>\nCo-authored-by: Shahzad <shahzad31comp@gmail.com>\nCo-authored-by: Rudolf Meijering <skaapgif@gmail.com>","sha":"97941682dbf5703197b5068fad4b9cb583a24631"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Francesco Fagnani <fagnani.francesco@gmail.com> Co-authored-by: “jeramysoucy” <jeramy.soucy@elastic.co> Co-authored-by: Shahzad <shahzad31comp@gmail.com> Co-authored-by: Rudolf Meijering <skaapgif@gmail.com>
…pace to migrateInputDocument (elastic#222313)" This reverts commit 9794168.
7 participants
While working on this PR I noticed an issue when trying to bulk update saved objects overriding the current space for the operation.