From 0435431ae9250b0cd742d86f03cd34eccd5e380e Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Tue, 10 Oct 2023 09:06:54 -0400 Subject: [PATCH] feat: can delete via cron job if global flag set (#14398) # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added/updated tests --------- Co-authored-by: Lucas Rodriguez --- cmd/fleet/cron.go | 14 ++++++++++++++ server/datastore/mysql/queries.go | 10 ++++++++++ server/fleet/datastore.go | 2 ++ server/mock/datastore_mock.go | 12 ++++++++++++ 4 files changed, 38 insertions(+) diff --git a/cmd/fleet/cron.go b/cmd/fleet/cron.go index 4835eb3e19..99f448c5da 100644 --- a/cmd/fleet/cron.go +++ b/cmd/fleet/cron.go @@ -803,6 +803,20 @@ func newCleanupsAndAggregationSchedule( return verifyDiskEncryptionKeys(ctx, logger, ds, config) }, ), + schedule.WithJob("query_results_cleanup", func(ctx context.Context) error { + config, err := ds.AppConfig(ctx) + if err != nil { + return err + } + + if config.ServerSettings.QueryReportsDisabled { + if err = ds.CleanupGlobalDiscardQueryResults(ctx); err != nil { + return err + } + } + + return nil + }), ) return s, nil diff --git a/server/datastore/mysql/queries.go b/server/datastore/mysql/queries.go index 94b92497bd..c52c3fc400 100644 --- a/server/datastore/mysql/queries.go +++ b/server/datastore/mysql/queries.go @@ -566,3 +566,13 @@ func (ds *Datastore) ListScheduledQueriesForAgents(ctx context.Context, teamID * return results, nil } + +func (ds *Datastore) CleanupGlobalDiscardQueryResults(ctx context.Context) error { + deleteStmt := "DELETE FROM query_results" + _, err := ds.writer(ctx).ExecContext(ctx, deleteStmt) + if err != nil { + return ctxerr.Wrapf(ctx, err, "delete all from query_result") + } + + return nil +} diff --git a/server/fleet/datastore.go b/server/fleet/datastore.go index 447fecdddc..3dc7c90383 100644 --- a/server/fleet/datastore.go +++ b/server/fleet/datastore.go @@ -91,6 +91,8 @@ type Datastore interface { // ObserverCanRunQuery returns whether a user with an observer role is permitted to run the // identified query ObserverCanRunQuery(ctx context.Context, queryID uint) (bool, error) + // CleanupGlobalDiscardQueryResults deletes all cached query results. Used in cleanups_then_aggregation cron. + CleanupGlobalDiscardQueryResults(ctx context.Context) error /////////////////////////////////////////////////////////////////////////////// // CampaignStore defines the distributed query campaign related datastore methods diff --git a/server/mock/datastore_mock.go b/server/mock/datastore_mock.go index 89a41b413e..7a3afc3823 100644 --- a/server/mock/datastore_mock.go +++ b/server/mock/datastore_mock.go @@ -76,6 +76,8 @@ type QueryByNameFunc func(ctx context.Context, teamID *uint, name string, opts . type ObserverCanRunQueryFunc func(ctx context.Context, queryID uint) (bool, error) +type CleanupGlobalDiscardQueryResultsFunc func(ctx context.Context) error + type NewDistributedQueryCampaignFunc func(ctx context.Context, camp *fleet.DistributedQueryCampaign) (*fleet.DistributedQueryCampaign, error) type DistributedQueryCampaignFunc func(ctx context.Context, id uint) (*fleet.DistributedQueryCampaign, error) @@ -778,6 +780,9 @@ type DataStore struct { ObserverCanRunQueryFunc ObserverCanRunQueryFunc ObserverCanRunQueryFuncInvoked bool + CleanupGlobalDiscardQueryResultsFunc CleanupGlobalDiscardQueryResultsFunc + CleanupGlobalDiscardQueryResultsFuncInvoked bool + NewDistributedQueryCampaignFunc NewDistributedQueryCampaignFunc NewDistributedQueryCampaignFuncInvoked bool @@ -1905,6 +1910,13 @@ func (s *DataStore) ObserverCanRunQuery(ctx context.Context, queryID uint) (bool return s.ObserverCanRunQueryFunc(ctx, queryID) } +func (s *DataStore) CleanupGlobalDiscardQueryResults(ctx context.Context) error { + s.mu.Lock() + s.CleanupGlobalDiscardQueryResultsFuncInvoked = true + s.mu.Unlock() + return s.CleanupGlobalDiscardQueryResultsFunc(ctx) +} + func (s *DataStore) NewDistributedQueryCampaign(ctx context.Context, camp *fleet.DistributedQueryCampaign) (*fleet.DistributedQueryCampaign, error) { s.mu.Lock() s.NewDistributedQueryCampaignFuncInvoked = true