Deletion of Stale Data

[bbernays]

Overview:

In v1 CloudQuery never deletes any data. This means that resources that have been deleted in the source are never updated or removed. This negatively impacts users in a few ways:

• Deleted resources that fail policy evaluations will always be marked as failed
• Users must manually access the CQ database and identify which tables/rows they want to delete

So overall CloudQuery needs a mechanism for indicating to users that a resource no longer is present in the source. This can be either be marking a resource as deleted via a boolean/timestamp column or by actually deleting the record. During this process CloudQuery should only interact with resources that were fetched.

Cases:
All examples are for AWS, but apply to any resource that supports dynamic multiplexing

1. Single Config File hard coded accounts
   • At the end of fetch the only resources that should be left are those resources that existed in the source accounts
2. Single Config File multiple concurrent triggers + overlapping accounts and resources
   • Case does not need to be supported
3. Single Config File dynamic accounts (via Orgs)
   • At the end of the fetch, for each multiplexed resource that was successfully fetched we should delete records that were not present in the source
4. Multiple Config files and triggers: Same hard coded accounts + unique resources
   • At the end of the fetch, for each multiplexed resource that was successfully fetched we should delete records that were not present in the source
5. Multiple Config files and triggers: Different hard coded accounts + overlapping resources
   • At the end of the fetch, for each multiplexed resource that was successfully fetched we should delete records that were not present in the source
6. Multiple Config files and concurrent triggers: Same dynamic accounts + unique resources
   • At the end of the fetch, for each multiplexed resource that was successfully fetched we should delete records that were not present in the source
7. Multiple Config files and concurrent triggers: Same dynamic accounts + overlapping resources
   • Case does not need to be supported

Biggest Take Aways:

1. Deletion of deleted resources is required
2. Fetching of concurrent non overlapping resources is required
3. Resources should only be deleted if the list was successful

Open Question:

1. If a dynamic multiplexing returns different data or if hard coded accounts change should CloudQuery assume the data changed because resources were deleted?
   • Permissions might have changed so that CQ is not able to fetch them
   • Configuration might have changed to narrow the data being fetched

Notes:
When referring to CQ deleting records that have been removed from the source, I am not saying that CQ must delete from DB, only that the records need to easily be identified

[yevgenypats]

This should be solved with:

• feat!: Add overwrite-delete-stale mode for destination plugins plugin-sdk#224
• feat(postgresql): Add support for overwrite-delete-stale #2220

As discussed last week there are two new columns (some which exists and/or were requested already):
sync_time (i.e previously fetch time)
source_name - this is the name that is presented in the source spec. When running locally CloudQuery ensures those are unique if there are multiple sources but if the user is a using an orchastrator which is not controlled by CloudQuery they needs to make sure every config for the same source plugin has a unique name for the deletion to work appropriately.

This will solve the following issues:

• delete any projects, accounts that are not present and in general it wont mix between SDK and application level data so the logic will be very simple and the source plugin shouldn't be aware of anything for this feature to work nor to implement anything special.

Open questions: Default mode? imo we shouldn't use it by default as deleting data is quite forceful operation.

There is no other feasible way to delete stale data in a more consistent way without mixing between SDK and plugin logic/information and implementing logic and error handling for every single use-case - The 10 listed use-cases that you are 100% correct but there are infinite number of those including undetectable race conditions that are not controlled by the SDK but rather the plugin level.

[yevgenypats]

This is now solved with overwrite-delete-stale