[Response Ops] Fix single file connector auth type on edit

[jcger]

Summary

Closes #244390

QA

0. Create a single file connector with multiple auth types.

Webhook.patch

diff --git a/src/platform/packages/shared/kbn-connector-specs/src/all_specs.ts b/src/platform/packages/shared/kbn-connector-specs/src/all_specs.ts
index fefd2a67514e..534be6c8c3f5 100644
--- a/src/platform/packages/shared/kbn-connector-specs/src/all_specs.ts
+++ b/src/platform/packages/shared/kbn-connector-specs/src/all_specs.ts
@@ -13,3 +13,4 @@ export * from './specs/greynoise';
 export * from './specs/shodan';
 export * from './specs/urlvoid';
 export * from './specs/virustotal';
+export * from './specs/webhook';
diff --git a/src/platform/packages/shared/kbn-connector-specs/src/specs/webhook.ts b/src/platform/packages/shared/kbn-connector-specs/src/specs/webhook.ts
new file mode 100644
index 000000000000..b5f1e6375ae2
--- /dev/null
+++ b/src/platform/packages/shared/kbn-connector-specs/src/specs/webhook.ts
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import { z } from '@kbn/zod/v4';
+import type { ConnectorSpec } from '../connector_spec';
+
+export const SingleFileWebhookConnector: ConnectorSpec = {
+  metadata: {
+    id: '.sf-webhook',
+    displayName: 'Single File Webhook',
+    description: 'demo',
+    minimumLicense: 'gold',
+    supportedFeatureIds: ['workflows'],
+  },
+
+  schema: z.object({
+    method: z
+      .enum(['GET', 'POST', 'PUT', 'PATCH', 'DELETE'])
+      .meta({
+        label: 'Method',
+      })
+      .default('POST'),
+    url: z.url().meta({ label: 'URL', placeholder: 'https://...' }),
+  }),
+
+  authTypes: ['none', 'basic', 'bearer'],
+
+  actions: {
+    submit: {
+      isTool: true,
+      input: z.object({
+        body: z.string(),
+      }),
+      handler: async (ctx, input) => {
+        try {
+          ctx.client.request({
+            method,
+            url,
+            data: input.body,
+          });
+
+          return {
+            ok: true,
+            message: 'Successfully connected to Single File Webhook',
+          };
+        } catch (error) {
+          return {
+            ok: false,
+            message: `Failed to connect: ${error}`,
+          };
+        }
+      },
+    },
+  },
+
+  test: {
+    handler: async (ctx) => {
+      try {
+        await ctx.client.get('');
+        return {
+          ok: true,
+          message: 'Successfully connected to Single File Webhook',
+        };
+      } catch (error) {
+        return {
+          ok: false,
+          message: `Failed to connect: ${error}`,
+        };
+      }
+    },
+    description: 'Verifies webhook connection alive',
+  },
+};

1. Create a connector with an auth type that isn't the default one
2. Open the connector to edit
3. Check that it's selecting the the auth type the connector was created with

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)

[ymao1]

I tried it with the existing single file webhook connector I had locally and it did not seem to work 🙈. I created a webhook with basic auth and edited it and it defaulted to none.

The only difference I saw was that in your PR summary webhook definition, you have authType in the schema field:

authType: z.string().meta({ disabled: true }),

Is that a requirement for this to work?

[jcger]

@ymao1 yes, sorry, I forgot to mention that in order to make this work we need the config to return the authType. The deserializer copies this value to secrets.authType. It's just disabled here to see the value, but in prod it would also be hidden

I'll try include it automatically (done in ed26d81)

• Added authType to the config schema in the server
• The UI doesn't need it, because the serializer will handle that, it will copy secrets.authType to config.authType just before submitting

[ymao1]

LGTM. Works as described!

[ymao1]

should this test be called should overwrite existing config.authType...? the naming doesn't seem to match the outcome

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c2fa480

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
stackConnectors	501	502	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
stackConnectors	826.3KB	826.5KB	+262.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
stackConnectors	72.4KB	72.8KB	+407.0B

History

• 💔 Build #368351 failed 2c0f9cb
• 💔 Build #367725 failed 0d8c54f
• 💔 Build #367536 failed 55bd26d
• 💔 Build #367513 failed de0767c
• 💔 Build #367264 failed 43e140c