elastic · georgianaonoleata1904 · May 6, 2026 · Apr 24, 2026 · Apr 24, 2026 · Apr 24, 2026
@@ -7,26 +7,28 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance } from 'axios';
 import { isString } from 'lodash';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
 
 const HEADER_FIELD_DEFAULT = 'Api-Key';
-const authSchema = z
-  .object({
-    headerField: z
-      .string()
-      .min(1, { message: i18n.HEADER_AUTH_REQUIRED_MESSAGE })
-      .default(HEADER_FIELD_DEFAULT)
-      .meta({ label: i18n.HEADER_AUTH_LABEL, sensitive: true }),
-    apiKey: z
-      .string()
-      .min(1, { message: i18n.API_KEY_AUTH_REQUIRED_MESSAGE })
-      .meta({ label: i18n.API_KEY_AUTH_LABEL, sensitive: true }),
-  })
-  .meta({ label: i18n.API_KEY_HEADER_AUTHENTICATION_LABEL });
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      headerField: z
+        .string()
+        .min(1, { message: i18n.HEADER_AUTH_REQUIRED_MESSAGE })
+        .default(HEADER_FIELD_DEFAULT)
+        .meta({ label: i18n.HEADER_AUTH_LABEL, sensitive: true }),
+      apiKey: z
+        .string()
+        .min(1, { message: i18n.API_KEY_AUTH_REQUIRED_MESSAGE })
+        .meta({ label: i18n.API_KEY_AUTH_LABEL, sensitive: true }),
+    })
+    .meta({ label: i18n.API_KEY_HEADER_AUTHENTICATION_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 type NormalizedAuthSchemaType = Record<string, string>;

@@ -7,7 +7,7 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance, InternalAxiosRequestConfig } from 'axios';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
@@ -17,18 +17,20 @@ import { parseAwsHost, signRequest } from './aws_credential_helpers';
 // Auth Type Definition
 // ============================================================================
 
-const authSchema = z
-  .object({
-    accessKeyId: z
-      .string()
-      .min(1, { message: i18n.AWS_ACCESS_KEY_ID_REQUIRED_MESSAGE })
-      .meta({ sensitive: true, label: i18n.AWS_ACCESS_KEY_ID_LABEL }),
-    secretAccessKey: z
-      .string()
-      .min(1, { message: i18n.AWS_SECRET_ACCESS_KEY_REQUIRED_MESSAGE })
-      .meta({ sensitive: true, label: i18n.AWS_SECRET_ACCESS_KEY_LABEL }),
-  })
-  .meta({ label: i18n.AWS_CREDENTIALS_LABEL });
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      accessKeyId: z
+        .string()
+        .min(1, { message: i18n.AWS_ACCESS_KEY_ID_REQUIRED_MESSAGE })
+        .meta({ sensitive: true, label: i18n.AWS_ACCESS_KEY_ID_LABEL }),
+      secretAccessKey: z
+        .string()
+        .min(1, { message: i18n.AWS_SECRET_ACCESS_KEY_REQUIRED_MESSAGE })
+        .meta({ sensitive: true, label: i18n.AWS_SECRET_ACCESS_KEY_LABEL }),
+    })
+    .meta({ label: i18n.AWS_CREDENTIALS_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 

@@ -7,24 +7,26 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance, InternalAxiosRequestConfig } from 'axios';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
 import { computeSignature } from './azure_shared_key_crypto';
 
-const authSchema = z
-  .object({
-    accountName: z
-      .string()
-      .min(1, { message: i18n.AZURE_SHARED_KEY_ACCOUNT_NAME_REQUIRED_MESSAGE })
-      .meta({ label: i18n.AZURE_SHARED_KEY_ACCOUNT_NAME_LABEL }),
-    accountKey: z
-      .string()
-      .min(1, { message: i18n.AZURE_SHARED_KEY_ACCOUNT_KEY_REQUIRED_MESSAGE })
-      .meta({ sensitive: true, label: i18n.AZURE_SHARED_KEY_ACCOUNT_KEY_LABEL }),
-  })
-  .meta({ label: i18n.AZURE_SHARED_KEY_AUTH_LABEL });
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      accountName: z
+        .string()
+        .min(1, { message: i18n.AZURE_SHARED_KEY_ACCOUNT_NAME_REQUIRED_MESSAGE })
+        .meta({ label: i18n.AZURE_SHARED_KEY_ACCOUNT_NAME_LABEL }),
+      accountKey: z
+        .string()
+        .min(1, { message: i18n.AZURE_SHARED_KEY_ACCOUNT_KEY_REQUIRED_MESSAGE })
+        .meta({ sensitive: true, label: i18n.AZURE_SHARED_KEY_ACCOUNT_KEY_LABEL }),
+    })
+    .meta({ label: i18n.AZURE_SHARED_KEY_AUTH_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 

@@ -7,23 +7,25 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance } from 'axios';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
 
-const authSchema = z
-  .object({
-    username: z
-      .string()
-      .min(1, { message: i18n.BASIC_AUTH_USERNAME_REQUIRED_MESSAGE })
-      .meta({ label: i18n.BASIC_AUTH_USERNAME_LABEL }),
-    password: z
-      .string()
-      .min(1, { message: i18n.BASIC_AUTH_PASSWORD_REQUIRED_MESSAGE })
-      .meta({ sensitive: true, label: i18n.BASIC_AUTH_PASSWORD_LABEL }),
-  })
-  .meta({ label: i18n.BASIC_AUTH_LABEL });
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      username: z
+        .string()
+        .min(1, { message: i18n.BASIC_AUTH_USERNAME_REQUIRED_MESSAGE })
+        .meta({ label: i18n.BASIC_AUTH_USERNAME_LABEL }),
+      password: z
+        .string()
+        .min(1, { message: i18n.BASIC_AUTH_PASSWORD_REQUIRED_MESSAGE })
+        .meta({ sensitive: true, label: i18n.BASIC_AUTH_PASSWORD_LABEL }),
+    })
+    .meta({ label: i18n.BASIC_AUTH_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 

@@ -7,19 +7,21 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance } from 'axios';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
 
-const authSchema = z
-  .object({
-    token: z
-      .string()
-      .min(1, { message: i18n.BEARER_AUTH_REQUIRED_MESSAGE })
-      .meta({ sensitive: true, label: i18n.BEARER_TOKEN_LABEL }),
-  })
-  .meta({ label: i18n.BEARER_AUTH_LABEL });
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      token: z
+        .string()
+        .min(1, { message: i18n.BEARER_AUTH_REQUIRED_MESSAGE })
+        .meta({ sensitive: true, label: i18n.BEARER_TOKEN_LABEL }),
+    })
+    .meta({ label: i18n.BEARER_AUTH_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 

@@ -7,29 +7,31 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance } from 'axios';
 import { isString } from 'lodash';
 import type { SSLSettings } from '@kbn/actions-utils';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
 import { configureAxiosInstanceWithSsl } from '../lib';
 
-const authSchema = z
-  .object({
-    crt: z.string().meta({ label: i18n.CRT_AUTH_CERT_LABEL }),
-    key: z.string().meta({ label: i18n.CRT_AUTH_KEY_LABEL, sensitive: true }),
-    passphrase: z
-      .string()
-      .meta({ label: i18n.CRT_AUTH_PASSPHRASE_LABEL, sensitive: true })
-      .optional(),
-    ca: z.string().meta({ label: i18n.CRT_AUTH_CA_LABEL }).optional(),
-    verificationMode: z
-      .enum(['none', 'certificate', 'full'])
-      .meta({ label: i18n.CRT_AUTH_VERIFICATION_MODE_LABEL })
-      .optional(),
-  })
-  .meta({ label: i18n.CRT_AUTH_LABEL });
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      crt: z.string().meta({ label: i18n.CRT_AUTH_CERT_LABEL }),
+      key: z.string().meta({ label: i18n.CRT_AUTH_KEY_LABEL, sensitive: true }),
+      passphrase: z
+        .string()
+        .meta({ label: i18n.CRT_AUTH_PASSPHRASE_LABEL, sensitive: true })
+        .optional(),
+      ca: z.string().meta({ label: i18n.CRT_AUTH_CA_LABEL }).optional(),
+      verificationMode: z
+        .enum(['none', 'certificate', 'full'])
+        .meta({ label: i18n.CRT_AUTH_VERIFICATION_MODE_LABEL })
+        .optional(),
+    })
+    .meta({ label: i18n.CRT_AUTH_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 

@@ -7,7 +7,7 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance } from 'axios';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import { isConnectorAuthorizationError } from '../errors/connector_authorization_error';
@@ -17,12 +17,14 @@ import * as i18n from './translations';
 export const EARS_AUTH_ID = 'ears';
 export const EARS_PROVIDERS = ['google', 'microsoft', 'slack'] as const;
 
-const authSchema = z
-  .object({
-    provider: z.enum(EARS_PROVIDERS).meta({ hidden: true }),
-    scope: z.string().meta({ label: i18n.OAUTH_SCOPE_LABEL }).optional(),
-  })
-  .meta({ label: i18n.EARS_LABEL });
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      provider: z.enum(EARS_PROVIDERS).meta({ hidden: true }),
+      scope: z.string().meta({ label: i18n.OAUTH_SCOPE_LABEL }).optional(),
+    })
+    .meta({ label: i18n.EARS_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 

@@ -7,33 +7,35 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance } from 'axios';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
 import { getGcpAccessToken, parseServiceAccountKey } from './gcp_jwt_helpers';
 
 const DEFAULT_SCOPE = 'https://www.googleapis.com/auth/cloud-platform';
 
-const authSchema = z
-  .object({
-    serviceAccountJson: z
-      .string()
-      .min(1, { message: i18n.GCP_SERVICE_ACCOUNT_JSON_REQUIRED_MESSAGE })
-      .meta({
-        sensitive: true,
-        widget: 'fileUpload',
-        widgetOptions: { accept: '.json' },
-        label: i18n.GCP_SERVICE_ACCOUNT_JSON_LABEL,
-        helpText: i18n.GCP_SERVICE_ACCOUNT_JSON_HELP_TEXT,
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      serviceAccountJson: z
+        .string()
+        .min(1, { message: i18n.GCP_SERVICE_ACCOUNT_JSON_REQUIRED_MESSAGE })
+        .meta({
+          sensitive: true,
+          widget: 'fileUpload',
+          widgetOptions: { accept: '.json' },
+          label: i18n.GCP_SERVICE_ACCOUNT_JSON_LABEL,
+          helpText: i18n.GCP_SERVICE_ACCOUNT_JSON_HELP_TEXT,
+        }),
+      scope: z.string().optional().meta({
+        label: i18n.GCP_SERVICE_ACCOUNT_SCOPE_LABEL,
+        helpText: i18n.GCP_SERVICE_ACCOUNT_SCOPE_HELP_TEXT,
+        hidden: true,
       }),
-    scope: z.string().optional().meta({
-      label: i18n.GCP_SERVICE_ACCOUNT_SCOPE_LABEL,
-      helpText: i18n.GCP_SERVICE_ACCOUNT_SCOPE_HELP_TEXT,
-      hidden: true,
-    }),
-  })
-  .meta({ label: i18n.GCP_SERVICE_ACCOUNT_LABEL });
+    })
+    .meta({ label: i18n.GCP_SERVICE_ACCOUNT_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 

@@ -7,12 +7,12 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance } from 'axios';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
 
-const authSchema = z.object({}).meta({ label: i18n.NO_AUTH_LABEL });
+const authSchema = lazySchema(() => z.object({}).meta({ label: i18n.NO_AUTH_LABEL }));
 
 type AuthSchemaType = z.infer<typeof authSchema>;
 

@@ -7,29 +7,33 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { z } from '@kbn/zod/v4';
+import { z, lazySchema } from '@kbn/zod/v4';
 import type { AxiosInstance } from 'axios';
 import type { AuthContext, AuthTypeSpec } from '../connector_spec';
 import * as i18n from './translations';
 
-const authSchema = z
-  .object({
-    tokenUrl: z.url().meta({ label: i18n.OAUTH_TOKEN_URL_LABEL, validate: { allowedHosts: true } }),
-    clientId: z
-      .string()
-      .min(1, { message: i18n.OAUTH_CLIENT_ID_REQUIRED_MESSAGE })
-      .meta({ label: i18n.OAUTH_CLIENT_ID_LABEL }),
-    scope: z.string().meta({ label: i18n.OAUTH_SCOPE_LABEL }).optional(),
-    clientSecret: z
-      .string()
-      .min(1, { message: i18n.OAUTH_CLIENT_SECRET_REQUIRED_MESSAGE })
-      .meta({ label: i18n.OAUTH_CLIENT_SECRET_LABEL, sensitive: true }),
-    tokenEndpointAuthMethod: z
-      .enum(['client_secret_post', 'client_secret_basic'])
-      .meta({ label: i18n.OAUTH_TOKEN_ENDPOINT_AUTH_METHOD_LABEL, hidden: true })
-      .optional(),
-  })
-  .meta({ label: i18n.OAUTH_LABEL });
+const authSchema = lazySchema(() =>
+  z
+    .object({
+      tokenUrl: z
+        .url()
+        .meta({ label: i18n.OAUTH_TOKEN_URL_LABEL, validate: { allowedHosts: true } }),
+      clientId: z
+        .string()
+        .min(1, { message: i18n.OAUTH_CLIENT_ID_REQUIRED_MESSAGE })
+        .meta({ label: i18n.OAUTH_CLIENT_ID_LABEL }),
+      scope: z.string().meta({ label: i18n.OAUTH_SCOPE_LABEL }).optional(),
+      clientSecret: z
+        .string()
+        .min(1, { message: i18n.OAUTH_CLIENT_SECRET_REQUIRED_MESSAGE })
+        .meta({ label: i18n.OAUTH_CLIENT_SECRET_LABEL, sensitive: true }),
+      tokenEndpointAuthMethod: z
+        .enum(['client_secret_post', 'client_secret_basic'])
+        .meta({ label: i18n.OAUTH_TOKEN_ENDPOINT_AUTH_METHOD_LABEL, hidden: true })
+        .optional(),
+    })
+    .meta({ label: i18n.OAUTH_LABEL })
+);
 
 type AuthSchemaType = z.infer<typeof authSchema>;