Migrate Encrypted Saved Objects plugin to the new platform.

.github/CODEOWNERS

@@ -44,7 +44,7 @@
 /x-pack/test/functional/services/ml.ts  @elastic/ml-ui
 # ML team owns the transform plugin, ES team added here for visibility
 # because the plugin lives in Kibana's Elasticsearch management section.
-/x-pack/legacy/plugins/transform/  @elastic/ml-ui @elastic/es-ui 
+/x-pack/legacy/plugins/transform/  @elastic/ml-ui @elastic/es-ui
 
 # Operations
 /renovate.json5 @elastic/kibana-operations
@@ -69,6 +69,7 @@
 /x-pack/legacy/plugins/security/  @elastic/kibana-security
 /x-pack/legacy/plugins/spaces/  @elastic/kibana-security
 /x-pack/legacy/plugins/encrypted_saved_objects/  @elastic/kibana-security
+/x-pack/plugins/encrypted_saved_objects/  @elastic/kibana-security
 /src/legacy/server/csp/ @elastic/kibana-security
 /x-pack/plugins/security/  @elastic/kibana-security
 /x-pack/test/api_integration/apis/security/ @elastic/kibana-security

x-pack/legacy/plugins/actions/index.ts

@@ -22,10 +22,10 @@ export function actions(kibana: any) {
   return new kibana.Plugin({
     id: 'actions',
     configPrefix: 'xpack.actions',
-    require: ['kibana', 'elasticsearch', 'task_manager', 'encrypted_saved_objects'],
+    require: ['kibana', 'elasticsearch', 'task_manager', 'encryptedSavedObjects'],
     isEnabled(config: Legacy.KibanaConfig) {
       return (
-        config.get('xpack.encrypted_saved_objects.enabled') === true &&
+        config.get('xpack.encryptedSavedObjects.enabled') === true &&
         config.get('xpack.actions.enabled') === true &&
         config.get('xpack.task_manager.enabled') === true
       );

x-pack/legacy/plugins/actions/server/lib/action_executor.test.ts

@@ -8,7 +8,7 @@ import Hapi from 'hapi';
 import { schema } from '@kbn/config-schema';
 import { ActionExecutor } from './action_executor';
 import { actionTypeRegistryMock } from '../action_type_registry.mock';
-import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/plugin.mock';
+import { encryptedSavedObjectsMock } from '../../../../../plugins/encrypted_saved_objects/server/mocks';
 import {
   savedObjectsClientMock,
   loggingServiceMock,
@@ -24,7 +24,7 @@ function getServices() {
     callCluster: jest.fn(),
   };
 }
-const encryptedSavedObjectsPlugin = encryptedSavedObjectsMock.create();
+const encryptedSavedObjectsPlugin = encryptedSavedObjectsMock.createStart();
 const actionTypeRegistry = actionTypeRegistryMock.create();
 
 const executeParams = {

x-pack/legacy/plugins/actions/server/lib/action_executor.ts

@@ -5,7 +5,7 @@
  */
 
 import Hapi from 'hapi';
-import { EncryptedSavedObjectsStartContract } from '../shim';
+import { PluginStartContract as EncryptedSavedObjectsStartContract } from '../../../../../plugins/encrypted_saved_objects/server';
 import { LegacySpacesPlugin as SpacesPluginStartContract } from '../../../spaces';
 import { Logger } from '../../../../../../src/core/server';
 import { validateParams, validateConfig, validateSecrets } from './validate_with_schema';

x-pack/legacy/plugins/actions/server/lib/task_runner_factory.test.ts

@@ -11,15 +11,15 @@ import { ConcreteTaskInstance, TaskStatus } from '../../../task_manager';
 import { TaskRunnerFactory } from './task_runner_factory';
 import { actionTypeRegistryMock } from '../action_type_registry.mock';
 import { actionExecutorMock } from './action_executor.mock';
-import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/plugin.mock';
+import { encryptedSavedObjectsMock } from '../../../../../plugins/encrypted_saved_objects/server/mocks';
 import {
   savedObjectsClientMock,
   loggingServiceMock,
 } from '../../../../../../src/core/server/mocks';
 
 const spaceIdToNamespace = jest.fn();
 const actionTypeRegistry = actionTypeRegistryMock.create();
-const mockedEncryptedSavedObjectsPlugin = encryptedSavedObjectsMock.create();
+const mockedEncryptedSavedObjectsPlugin = encryptedSavedObjectsMock.createStart();
 const mockedActionExecutor = actionExecutorMock.create();
 
 let fakeTimer: sinon.SinonFakeTimers;

x-pack/legacy/plugins/actions/server/lib/task_runner_factory.ts

@@ -7,7 +7,7 @@
 import { ActionExecutorContract } from './action_executor';
 import { ExecutorError } from './executor_error';
 import { RunContext } from '../../../task_manager';
-import { EncryptedSavedObjectsStartContract } from '../shim';
+import { PluginStartContract as EncryptedSavedObjectsStartContract } from '../../../../../plugins/encrypted_saved_objects/server';
 import { ActionTaskParams, GetBasePathFunction, SpaceIdToNamespaceFunction } from '../types';
 
 export interface TaskRunnerContext {

x-pack/legacy/plugins/actions/server/plugin.ts

@@ -92,12 +92,12 @@ export class Plugin {
     // - `secrets` properties will be encrypted
     // - `config` will be included in AAD
     // - everything else excluded from AAD
-    plugins.encrypted_saved_objects.registerType({
+    plugins.encryptedSavedObjects.registerType({
       type: 'action',
       attributesToEncrypt: new Set(['secrets']),
       attributesToExcludeFromAAD: new Set(['description']),
     });
-    plugins.encrypted_saved_objects.registerType({
+    plugins.encryptedSavedObjects.registerType({
       type: 'action_task_params',
       attributesToEncrypt: new Set(['apiKey']),
     });
@@ -163,11 +163,11 @@ export class Plugin {
       logger,
       spaces: plugins.spaces,
       getServices,
-      encryptedSavedObjectsPlugin: plugins.encrypted_saved_objects,
+      encryptedSavedObjectsPlugin: plugins.encryptedSavedObjects,
       actionTypeRegistry: actionTypeRegistry!,
     });
     taskRunnerFactory!.initialize({
-      encryptedSavedObjectsPlugin: plugins.encrypted_saved_objects,
+      encryptedSavedObjectsPlugin: plugins.encryptedSavedObjects,
       getBasePath,
       spaceIdToNamespace,
     });

x-pack/legacy/plugins/actions/server/routes/_mock_server.ts

@@ -8,7 +8,7 @@ import Hapi from 'hapi';
 import { savedObjectsClientMock } from '../../../../../../src/core/server/mocks';
 import { actionsClientMock } from '../actions_client.mock';
 import { actionTypeRegistryMock } from '../action_type_registry.mock';
-import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/plugin.mock';
+import { encryptedSavedObjectsMock } from '../../../../../plugins/encrypted_saved_objects/server/mocks';
 
 const defaultConfig = {
   'kibana.index': '.kibana',
@@ -22,7 +22,8 @@ export function createMockServer(config: Record<string, any> = defaultConfig) {
   const actionsClient = actionsClientMock.create();
   const actionTypeRegistry = actionTypeRegistryMock.create();
   const savedObjectsClient = savedObjectsClientMock.create();
-  const encryptedSavedObjects = encryptedSavedObjectsMock.create();
+  const encryptedSavedObjectsSetup = encryptedSavedObjectsMock.createSetup();
+  const encryptedSavedObjectsStart = encryptedSavedObjectsMock.createStart();
 
   server.config = () => {
     return {
@@ -49,21 +50,16 @@ export function createMockServer(config: Record<string, any> = defaultConfig) {
     },
   });
 
-  server.register({
-    name: 'encrypted_saved_objects',
-    register(pluginServer: Hapi.Server) {
-      pluginServer.expose('isEncryptionError', encryptedSavedObjects.isEncryptionError);
-      pluginServer.expose('registerType', encryptedSavedObjects.registerType);
-      pluginServer.expose(
-        'getDecryptedAsInternalUser',
-        encryptedSavedObjects.getDecryptedAsInternalUser
-      );
-    },
-  });
-
   server.decorate('request', 'getSavedObjectsClient', () => savedObjectsClient);
   server.decorate('request', 'getActionsClient', () => actionsClient);
   server.decorate('request', 'getBasePath', () => '/s/my-space');
 
-  return { server, savedObjectsClient, actionsClient, actionTypeRegistry, encryptedSavedObjects };
+  return {
+    server,
+    savedObjectsClient,
+    actionsClient,
+    actionTypeRegistry,
+    encryptedSavedObjectsSetup,
+    encryptedSavedObjectsStart,
+  };
 }

x-pack/legacy/plugins/actions/server/shim.ts

@@ -12,7 +12,10 @@ import { TaskManager } from '../../task_manager';
 import { XPackMainPlugin } from '../../xpack_main/xpack_main';
 import KbnServer from '../../../../../src/legacy/server/kbn_server';
 import { LegacySpacesPlugin as SpacesPluginStartContract } from '../../spaces';
-import { EncryptedSavedObjectsPlugin } from '../../encrypted_saved_objects';
+import {
+  PluginSetupContract as EncryptedSavedObjectsSetupContract,
+  PluginStartContract as EncryptedSavedObjectsStartContract,
+} from '../../../../plugins/encrypted_saved_objects/server';
 import { PluginSetupContract as SecurityPlugin } from '../../../../plugins/security/server';
 import {
   CoreSetup,
@@ -24,7 +27,6 @@ import {
 // due to being marked as dependencies
 interface Plugins extends Hapi.PluginProperties {
   task_manager: TaskManager;
-  encrypted_saved_objects: EncryptedSavedObjectsPlugin;
 }
 
 export interface Server extends Legacy.Server {
@@ -38,15 +40,10 @@ export type TaskManagerStartContract = Pick<TaskManager, 'schedule' | 'fetch' |
 export type XPackMainPluginSetupContract = Pick<XPackMainPlugin, 'registerFeature'>;
 export type SecurityPluginSetupContract = Pick<SecurityPlugin, 'config' | 'registerLegacyAPI'>;
 export type SecurityPluginStartContract = Pick<SecurityPlugin, 'authc'>;
-export type EncryptedSavedObjectsSetupContract = Pick<EncryptedSavedObjectsPlugin, 'registerType'>;
 export type TaskManagerSetupContract = Pick<
   TaskManager,
   'addMiddleware' | 'registerTaskDefinitions'
 >;
-export type EncryptedSavedObjectsStartContract = Pick<
-  EncryptedSavedObjectsPlugin,
-  'isEncryptionError' | 'getDecryptedAsInternalUser'
->;
 
 /**
  * New platform interfaces
@@ -73,12 +70,12 @@ export interface ActionsPluginsSetup {
   security?: SecurityPluginSetupContract;
   task_manager: TaskManagerSetupContract;
   xpack_main: XPackMainPluginSetupContract;
-  encrypted_saved_objects: EncryptedSavedObjectsSetupContract;
+  encryptedSavedObjects: EncryptedSavedObjectsSetupContract;
 }
 export interface ActionsPluginsStart {
   security?: SecurityPluginStartContract;
   spaces: () => SpacesPluginStartContract | undefined;
-  encrypted_saved_objects: EncryptedSavedObjectsStartContract;
+  encryptedSavedObjects: EncryptedSavedObjectsStartContract;
   task_manager: TaskManagerStartContract;
 }
 
@@ -126,15 +123,17 @@ export function shim(
     security: newPlatform.setup.plugins.security as SecurityPluginSetupContract | undefined,
     task_manager: server.plugins.task_manager,
     xpack_main: server.plugins.xpack_main,
-    encrypted_saved_objects: server.plugins.encrypted_saved_objects,
+    encryptedSavedObjects: newPlatform.setup.plugins
+      .encryptedSavedObjects as EncryptedSavedObjectsSetupContract,
   };
 
   const pluginsStart: ActionsPluginsStart = {
     security: newPlatform.setup.plugins.security as SecurityPluginStartContract | undefined,
     // TODO: Currently a function because it's an optional dependency that
     // initializes after this function is called
     spaces: () => server.plugins.spaces,
-    encrypted_saved_objects: server.plugins.encrypted_saved_objects,
+    encryptedSavedObjects: newPlatform.start.plugins
+      .encryptedSavedObjects as EncryptedSavedObjectsStartContract,
     task_manager: server.plugins.task_manager,
   };
 

x-pack/legacy/plugins/alerting/index.ts

@@ -22,12 +22,12 @@ export function alerting(kibana: any) {
   return new kibana.Plugin({
     id: 'alerting',
     configPrefix: 'xpack.alerting',
-    require: ['kibana', 'elasticsearch', 'actions', 'task_manager', 'encrypted_saved_objects'],
+    require: ['kibana', 'elasticsearch', 'actions', 'task_manager', 'encryptedSavedObjects'],
     isEnabled(config: Legacy.KibanaConfig) {
       return (
         config.get('xpack.alerting.enabled') === true &&
         config.get('xpack.actions.enabled') === true &&
-        config.get('xpack.encrypted_saved_objects.enabled') === true &&
+        config.get('xpack.encryptedSavedObjects.enabled') === true &&
         config.get('xpack.task_manager.enabled') === true
       );
     },

x-pack/legacy/plugins/alerting/server/lib/task_runner_factory.test.ts

@@ -9,7 +9,7 @@ import { schema } from '@kbn/config-schema';
 import { AlertExecutorOptions } from '../types';
 import { ConcreteTaskInstance } from '../../../task_manager';
 import { TaskRunnerContext, TaskRunnerFactory } from './task_runner_factory';
-import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/plugin.mock';
+import { encryptedSavedObjectsMock } from '../../../../../plugins/encrypted_saved_objects/server/mocks';
 import {
   savedObjectsClientMock,
   loggingServiceMock,
@@ -52,7 +52,7 @@ beforeAll(() => {
 afterAll(() => fakeTimer.restore());
 
 const savedObjectsClient = savedObjectsClientMock.create();
-const encryptedSavedObjectsPlugin = encryptedSavedObjectsMock.create();
+const encryptedSavedObjectsPlugin = encryptedSavedObjectsMock.createStart();
 const services = {
   log: jest.fn(),
   callCluster: jest.fn(),

x-pack/legacy/plugins/alerting/server/lib/task_runner_factory.ts

@@ -11,7 +11,7 @@ import { createAlertInstanceFactory } from './create_alert_instance_factory';
 import { AlertInstance } from './alert_instance';
 import { getNextRunAt } from './get_next_run_at';
 import { validateAlertTypeParams } from './validate_alert_type_params';
-import { EncryptedSavedObjectsStartContract } from '../shim';
+import { PluginStartContract as EncryptedSavedObjectsStartContract } from '../../../../../plugins/encrypted_saved_objects/server';
 import { PluginStartContract as ActionsPluginStartContract } from '../../../actions';
 import {
   AlertType,

x-pack/legacy/plugins/alerting/server/plugin.ts

@@ -85,7 +85,7 @@ export class Plugin {
     });
 
     // Encrypted attributes
-    plugins.encrypted_saved_objects.registerType({
+    plugins.encryptedSavedObjects.registerType({
       type: 'alert',
       attributesToEncrypt: new Set(['apiKey']),
       attributesToExcludeFromAAD: new Set([
@@ -147,7 +147,7 @@ export class Plugin {
         };
       },
       executeAction: plugins.actions.execute,
-      encryptedSavedObjectsPlugin: plugins.encrypted_saved_objects,
+      encryptedSavedObjectsPlugin: plugins.encryptedSavedObjects,
       spaceIdToNamespace(spaceId?: string): string | undefined {
         const spacesPlugin = plugins.spaces();
         return spacesPlugin && spaceId ? spacesPlugin.spaceIdToNamespace(spaceId) : undefined;

x-pack/legacy/plugins/alerting/server/shim.ts

@@ -10,7 +10,10 @@ import { LegacySpacesPlugin as SpacesPluginStartContract } from '../../spaces';
 import { TaskManager } from '../../task_manager';
 import { XPackMainPlugin } from '../../xpack_main/xpack_main';
 import KbnServer from '../../../../../src/legacy/server/kbn_server';
-import { EncryptedSavedObjectsPlugin } from '../../encrypted_saved_objects';
+import {
+  PluginSetupContract as EncryptedSavedObjectsSetupContract,
+  PluginStartContract as EncryptedSavedObjectsStartContract,
+} from '../../../../plugins/encrypted_saved_objects/server';
 import { PluginSetupContract as SecurityPlugin } from '../../../../plugins/security/server';
 import {
   CoreSetup,
@@ -28,7 +31,6 @@ import {
 interface Plugins extends Hapi.PluginProperties {
   actions: ActionsPlugin;
   task_manager: TaskManager;
-  encrypted_saved_objects: EncryptedSavedObjectsPlugin;
 }
 
 export interface Server extends Legacy.Server {
@@ -41,16 +43,11 @@ export interface Server extends Legacy.Server {
 export type TaskManagerStartContract = Pick<TaskManager, 'schedule' | 'fetch' | 'remove'>;
 export type SecurityPluginSetupContract = Pick<SecurityPlugin, 'config' | 'registerLegacyAPI'>;
 export type SecurityPluginStartContract = Pick<SecurityPlugin, 'authc'>;
-export type EncryptedSavedObjectsSetupContract = Pick<EncryptedSavedObjectsPlugin, 'registerType'>;
 export type XPackMainPluginSetupContract = Pick<XPackMainPlugin, 'registerFeature'>;
 export type TaskManagerSetupContract = Pick<
   TaskManager,
   'addMiddleware' | 'registerTaskDefinitions'
 >;
-export type EncryptedSavedObjectsStartContract = Pick<
-  EncryptedSavedObjectsPlugin,
-  'isEncryptionError' | 'getDecryptedAsInternalUser'
->;
 
 /**
  * New platform interfaces
@@ -75,13 +72,13 @@ export interface AlertingPluginsSetup {
   task_manager: TaskManagerSetupContract;
   actions: ActionsPluginSetupContract;
   xpack_main: XPackMainPluginSetupContract;
-  encrypted_saved_objects: EncryptedSavedObjectsSetupContract;
+  encryptedSavedObjects: EncryptedSavedObjectsSetupContract;
 }
 export interface AlertingPluginsStart {
   actions: ActionsPluginStartContract;
   security?: SecurityPluginStartContract;
   spaces: () => SpacesPluginStartContract | undefined;
-  encrypted_saved_objects: EncryptedSavedObjectsStartContract;
+  encryptedSavedObjects: EncryptedSavedObjectsStartContract;
   task_manager: TaskManagerStartContract;
 }
 
@@ -122,7 +119,8 @@ export function shim(
     task_manager: server.plugins.task_manager,
     actions: server.plugins.actions.setup,
     xpack_main: server.plugins.xpack_main,
-    encrypted_saved_objects: server.plugins.encrypted_saved_objects,
+    encryptedSavedObjects: newPlatform.setup.plugins
+      .encryptedSavedObjects as EncryptedSavedObjectsSetupContract,
   };
 
   const pluginsStart: AlertingPluginsStart = {
@@ -131,7 +129,8 @@ export function shim(
     // TODO: Currently a function because it's an optional dependency that
     // initializes after this function is called
     spaces: () => server.plugins.spaces,
-    encrypted_saved_objects: server.plugins.encrypted_saved_objects,
+    encryptedSavedObjects: newPlatform.start.plugins
+      .encryptedSavedObjects as EncryptedSavedObjectsStartContract,
     task_manager: server.plugins.task_manager,
   };