[Fleet] Investigate side-effect of a space deletion about kibana HOT 8 OPEN

Ideally we can detect that an agent policy is associated with the space being deleted and block the space deletion until all agent policies are moved out of the space or deleted. I think the admin who has the right access to delete the space then could make a decision on what should happen to the agent policies.

+1 this seems like the best way to deal with this, but reading the prior discussion I don't think there is a way to implement this today.

The core problem is there are Elastic Agents that continue to exist outside of a deleted space that become unmanageable or in the case of Defend potentially uninstallable if the uninstall token was deleted along with the space (CC @ferullo).

from kibana.

Pinging @elastic/fleet (Team:Fleet)

from kibana.

@elastic/kibana-security is there any hook available to react on a space deletion? maybe to clean things or to prevent if there enrolled fleet-agents

We do not expose a hook today, but we can explore adding one (or something like it) if you can provide a set of detailed requirements.

For reference, the logic to delete a space is defined here:

This delegates to the deleteByNamespace function of the Saved Objects repository, which deletes saved objects belonging to the space, or "unshares" objects from the space if an object exists in multiple spaces:
https://github.com/elastic/kibana/blob/c89ee65c7034ba26006e2d426156a6de11b3505f/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/delete_by_namespace.ts#L25-L83

from kibana.

Thanks @legrego the issue for us is we are introducing space to non saved object documents, and those document will become orphans if the space is deleted.

@nimarezainia what will be the ideal behavior here? a way to block space deletion when we have active agents in that space? some migration to the default space?

from kibana.

@legrego would you know what happens to other kibana assets in a space when that space is deleted? is there a warning of any sorts?

@nchaulet I don't know if we should make a decision on user's behalf in this regard (as in moving all to default space) Ideally we can detect that an agent policy is associated with the space being deleted and block the space deletion until all agent policies are moved out of the space or deleted. I think the admin who has the right access to delete the space then could make a decision on what should happen to the agent policies. Presumably this persona has a higher level of access.

from kibana.

would you know what happens to other kibana assets in a space when that space is deleted? is there a warning of any sorts?

All saved objects within the space are deleted, or removed from the space. Any other assets are left untouched. We show a warning when deleting a space that all saved objects will be removed.

from kibana.

@legrego Looks like ideally we would need a hook in that space deletion path. Perhaps a way for other users (such as Fleet) to register their dependency on Spaces. Also the deletion to be halted if any of the registered functions indicate it shouldn't be deleted. What would you need from us on this to move forward? I'd imagine this affects almost everyone who has Space dependency.

@kpollich @nchaulet this is probably a blocker for our project. What do you think?

from kibana.

Looks like ideally we would need a hook in that space deletion path. Perhaps a way for other users (such as Fleet) to register their dependency on Spaces.

Is this solely in support of the Also the deletion... clause below, or is there other functionality that you need this registration to support?

Also the deletion to be halted if any of the registered functions indicate it shouldn't be deleted.

Preventing space deletion is an aggressive measure and isn't something I can agree to without broader consideration (cc @rayafratkina @mwtyang @azasypkin @lukeelmers). I see benefit to warning users if Fleet indicates that other assets are impacted/degraded by the operation, but I'm not yet sold on preventing deletion.

we are introducing space to non saved object documents, and those document will become orphans if the space is deleted.

Is there a list of these non-SO assets that we can see to help guide our decision making? It would be helpful to understand:

1. How these assets are created
2. Who/what creates these assets
3. What privileges are required to CRUD these assets
4. Where these assets reside (e.g if someting is stored in a Fleet system index, Kibana system index, or is an implementation detail of ES, etc.)

from kibana.