[Backend] Enhance retention policy deletion performances / speed (#4864) #8569
Conversation
github-actions
bot
added
the
filigran team
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #8569 +/- ##
==========================================
+ Coverage 66.22% 66.24% +0.02%
==========================================
Files 597 597
Lines 60433 60428 -5
Branches 6202 6212 +10
==========================================
+ Hits 40022 40032 +10
+ Misses 20411 20396 -15 ☔ View full report in Codecov by Sentry. |
| logApp.error(e, { id: node.id, manager: 'RETENTION_MANAGER' }); | ||
| } | ||
| }; | ||
| await BluePromise.map(elements, deleteFn, { concurrency: RETENTION_MAX_CONCURRENCY }); |
There was a problem hiding this comment.
Just for my understanding: if we batch elements that are interdependent, the first one might take a lock on another one in the concurrent batch, and when release, the second element to delete might already be deleted (for instance if it's a relationship). Am I right ?
If so, not harmful but we'll end up with a bunch of error logs.
There was a problem hiding this comment.
Add code to prevent logging for an already deleted error
|
I created a retention policy with no filters and with retention = 1 day. It should delete all the entities of my platform. And if I restart my platform : I think it's due to this modification : |
| @@ -42,7 +45,7 @@ export const getElementsToDelete = async (context: AuthContext, scope: string, b | |||
| if (scope === 'knowledge') { | |||
| const jsonFilters = filters ? JSON.parse(filters) : null; | |||
| const queryOptions = await convertFiltersToQueryOptions(jsonFilters, { before }); | |||
| result = await elPaginate(context, RETENTION_MANAGER_USER, READ_STIX_INDICES, { ...queryOptions, first: RETENTION_BATCH_SIZE }); | |||
| result = await elPaginate(context, RETENTION_MANAGER_USER, READ_ENTITIES_INDICES_WITHOUT_INFERRED, { ...queryOptions, first: RETENTION_BATCH_SIZE }); | |||
There was a problem hiding this comment.
Nice catch, it was a test. Will rollback
Archidoit
dismissed
labo-flg’s stale review
retention rule also deletes internal objects
|
I created a retention policy on everything (Knowledge). It's indicating 512 elements will be deleting. The retention rules is launched every 30s. This didn't happen for a retention policy with a filter, and so targeting less elements (exemple done with 2 reports to delete: the reports where deleted). |
|
The 'remaining' attribute seems not correct. |
|
Behavior ok 👍 Small question: With a retention rule on Knowledge with no filters, organizations are also deleted (because they are stix domain objects)... Is it a problem? |
|
I don't really agree with the last commit that prevents empty filters for several reasons :
--> I think that if we don't want to delete organizations we should think about it a bit more, maybe add a warning if a retention rule may delete organizations... |
Since it is not the scope, I reverted the last commit and created an issue for the organization deletion issue : #8606 |
See #4864