fix(dataset): add service to remove policy from dataset when it gets …

…invalid because of a policy deletion (#1063)

policies/mocks/policies.go

@@ -294,3 +294,14 @@ func (m *mockPoliciesRepository) DeleteAgentGroupFromAllDatasets(ctx context.Con
 	}
 	return nil
 }
+
+func (m *mockPoliciesRepository) DeletePolicyFromAllDatasets(ctx context.Context, policyID string, ownerID string) error {
+	for _, ds := range m.ddb{
+		if ds.MFOwnerID == ownerID{
+			if ds.PolicyID == policyID {
+				ds.PolicyID = ""
+			}
+		}
+	}
+	return nil
+}

policies/policies.go

@@ -171,4 +171,7 @@ type Repository interface {
 
 	// DeleteAgentGroupFromAllDatasets removes agent group from a dataset
 	DeleteAgentGroupFromAllDatasets(ctx context.Context, groupID string, ownerID string) error
+
+	// DeletePolicyFromAllDatasets removes policy from a dataset
+	DeletePolicyFromAllDatasets(ctx context.Context, policyID string, ownerID string) error
 }

policies/policy_service.go

@@ -178,6 +178,11 @@ func (s policiesService) RemovePolicy(ctx context.Context, token string, policyI
 		return err
 	}
 
+	err = s.repo.DeletePolicyFromAllDatasets(ctx, policyID, ownerID)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 

policies/postgres/datasets_test.go

@@ -1009,6 +1009,111 @@ func TestDeleteAgentGroupFromDataset(t *testing.T) {
 	}
 }
 
+func TestDeletePolicyFromDataset(t *testing.T) {
+	dbMiddleware := postgres.NewDatabase(db)
+	repo := postgres.NewPoliciesRepository(dbMiddleware, logger)
+
+	oID, err := uuid.NewV4()
+	require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
+
+	oID2, err := uuid.NewV4()
+	require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
+
+	wrongPolicyID, err := uuid.NewV4()
+	require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
+
+	groupID, err := uuid.NewV4()
+	require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
+
+	policyID, err := uuid.NewV4()
+	require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
+
+	sinkIDs := make([]string, 2)
+	for i := 0; i < 2; i++ {
+		sinkID, err := uuid.NewV4()
+		require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
+		sinkIDs[i] = sinkID.String()
+	}
+
+	nameID, err := types.NewIdentifier("mydataset")
+	require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
+
+	nameID2, err := types.NewIdentifier("mydataset")
+	require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
+
+	dataset := policies.Dataset{
+		Name:         nameID,
+		MFOwnerID:    oID.String(),
+		Valid:        true,
+		AgentGroupID: groupID.String(),
+		PolicyID:     policyID.String(),
+		SinkIDs:      sinkIDs,
+		Metadata:     types.Metadata{"testkey": "testvalue"},
+		Created:      time.Time{},
+	}
+
+	dataset2 := dataset
+	dataset2.Name = nameID2
+	dataset2.MFOwnerID = oID2.String()
+
+	dsID, err := repo.SaveDataset(context.Background(), dataset)
+	require.Nil(t, err, fmt.Sprintf("Unexpected error: %s", err))
+
+	dataset.ID = dsID
+
+	dsID2, err := repo.SaveDataset(context.Background(), dataset2)
+	require.Nil(t, err, fmt.Sprintf("Unexpected error: %s", err))
+
+	dataset2.ID = dsID2
+
+	cases := map[string]struct {
+		owner    string
+		policyID string
+		contains bool
+		dataset  policies.Dataset
+		err      error
+	}{
+		"delete a policy from existing dataset": {
+			owner:    dataset.MFOwnerID,
+			policyID: dataset.PolicyID,
+			contains: false,
+			dataset:  dataset,
+			err:      nil,
+		},
+		"delete a non-existing policy from a dataset": {
+			owner:    dataset.MFOwnerID,
+			policyID: wrongPolicyID.String(),
+			contains: false,
+			dataset:  dataset,
+			err:      nil,
+		},
+		"delete a policy from a dataset with an invalid ownerID": {
+			policyID: dataset2.PolicyID,
+			owner:    "",
+			contains: true,
+			dataset:  dataset2,
+			err:      errors.ErrMalformedEntity,
+		},
+	}
+
+	for desc, tc := range cases {
+		t.Run(desc, func(t *testing.T) {
+			err := repo.DeletePolicyFromAllDatasets(context.Background(), tc.policyID, tc.owner)
+			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected '%s' got '%s'", desc, tc.err, err))
+
+			d, err := repo.RetrieveDatasetByID(context.Background(), tc.dataset.ID, tc.dataset.MFOwnerID)
+			require.Nil(t, err, fmt.Sprintf("Unexpected error: %s", err))
+
+			switch tc.contains {
+			case false:
+				assert.NotEqual(t, d.PolicyID, tc.policyID, fmt.Sprintf("%s: expected '%s' to not contains '%s'", desc, d.PolicyID, tc.policyID))
+			case true:
+				assert.Equal(t, d.PolicyID, tc.policyID, fmt.Sprintf("%s: expected '%s' to contains '%s'", desc, d.PolicyID, tc.policyID))
+			}
+		})
+	}
+}
+
 func testSortDataset(t *testing.T, pm policies.PageMetadata, ags []policies.Dataset) {
 	t.Helper()
 	switch pm.Order {

policies/postgres/policies.go

@@ -623,6 +623,35 @@ func (r policiesRepository) DeleteAgentGroupFromAllDatasets(ctx context.Context,
 	return nil
 }
 
+func (r policiesRepository) DeletePolicyFromAllDatasets(ctx context.Context, policyID string, ownerID string) error {
+	q := `UPDATE datasets SET agent_policy_id = null WHERE mf_owner_id = :mf_owner_id AND agent_policy_id = :agent_policy_id`
+
+	if ownerID == "" {
+		return errors.ErrMalformedEntity
+	}
+
+	params := map[string]interface{}{
+		"mf_owner_id":     ownerID,
+		"agent_policy_id": policyID,
+	}
+
+	res, err := r.db.NamedQueryContext(ctx, q, params)
+	if err != nil {
+		pqErr, ok := err.(*pq.Error)
+		if ok {
+			switch pqErr.Code.Name() {
+			case db.ErrInvalid, db.ErrTruncation:
+				return errors.Wrap(policies.ErrMalformedEntity, err)
+			}
+		}
+		return errors.Wrap(errors.ErrSelectEntity, err)
+	}
+
+	defer res.Close()
+
+	return nil
+}
+
 type dbPolicy struct {
 	ID            string           `db:"id"`
 	Name          types.Identifier `db:"name"`