From 96689fa50a0b8a2d51698be4b799ca8ad60dbcf8 Mon Sep 17 00:00:00 2001
From: Gidi Meir Morris <github@gidi.io>
Date: Fri, 21 Aug 2020 19:11:57 +0100
Subject: [PATCH] added comment about allowing id

---
 .../saved_objects/encrypted_saved_objects_client_wrapper.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts
index 81acc8de7454c..6f6abd6bd41d8 100644
--- a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts
+++ b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts
@@ -60,6 +60,10 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
     // Saved objects with encrypted attributes should have IDs that are hard to guess especially
     // since IDs are part of the AAD used during encryption, that's why we control them within this
     // wrapper and don't allow consumers to specify their own IDs directly.
+
+    // only allow a specified ID if we're overwriting an existing ESO with a Version
+    // this helps us ensure that the document really was previously created using ESO
+    // and not being used to get around the specified ID limitation
     const canSpecifyID = options.overwrite && options.version;
     if (options.id && !canSpecifyID) {
       throw new Error(
@@ -111,7 +115,7 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
           );
         }
 
-        const id = object?.id ?? generateID();
+        const id = object.id ?? generateID();
         const namespace = getDescriptorNamespace(
           this.options.baseTypeRegistry,
           object.type,