[One Workflow] Add force-delete (hard delete) option for workflows#260391
Merged
talboren merged 6 commits intoelastic:mainfrom Mar 31, 2026
Merged
[One Workflow] Add force-delete (hard delete) option for workflows#260391talboren merged 6 commits intoelastic:mainfrom
talboren merged 6 commits intoelastic:mainfrom
Conversation
Adds a `?force=true` query parameter to both `DELETE /api/workflows/workflow/{id}`
and `DELETE /api/workflows` (bulk) endpoints. When set, the workflow document is
permanently removed from Elasticsearch (instead of soft-deleted), and all related
executions and step executions are purged via `deleteByQuery`. This frees the
workflow UUID for reuse, enabling deterministic ID workflows to be uninstalled
and reinstalled.
Default behavior (soft delete) is unchanged.
Closes elastic/security-team#16577
Made-with: Cursor
yngrdyn
reviewed
Mar 31, 2026
src/platform/plugins/shared/workflows_management/server/api/workflows_management_service.ts
Show resolved
Hide resolved
yngrdyn
reviewed
Mar 31, 2026
src/platform/plugins/shared/workflows_management/server/api/workflows_management_service.ts
Show resolved
Hide resolved
yngrdyn
reviewed
Mar 31, 2026
src/platform/plugins/shared/workflows_management/server/api/workflows_management_service.ts
Outdated
Show resolved
Hide resolved
yngrdyn
reviewed
Mar 31, 2026
...platform/plugins/shared/workflows_management/server/api/workflows_management_service.test.ts
Show resolved
Hide resolved
Addresses PR review feedback: - deleteByQuery for executions and step executions now includes a spaceId term filter to prevent cross-space data deletion - Removed per-document `wait_for` refresh on individual workflow deletes; the subsequent deleteByQuery calls already refresh - Added test asserting space-scoped purge isolation Made-with: Cursor
…ibana into force-delete-workflow
Checks for non-terminal executions before hard-deleting, returning 409 Conflict if any are still running. Leverages the existing searchWorkflowExecutions utility for the check. Made-with: Cursor
mbondyra
added a commit
to mbondyra/kibana
that referenced
this pull request
Mar 31, 2026
…hanges * commit 'd0e62a657916e84694a93983e513ce9e34e0b635': (27 commits) [Agent Builder] Agent overview page design updates (elastic#260468) [Inference UI] Add model detail flyout with endpoint management (elastic#260307) [Fleet] Update doc links in agent policy settings (elastic#260245) [Security Solution] show risk score in new flyout header (elastic#260187) Replace deprecated EUI icons in files owned by @elastic/kibana-security (elastic#255636) [Cases][Templates] Add DATE_PICKER field control type (elastic#260209) [SharedUX] Get spaces callout on each solution nav (elastic#259723) [SharedUX] Preserve feature visibility on solution change (elastic#259316) [CI] Increase investigations cypress disks to 110G (elastic#260423) [Agent Builder] Expose read-only conversations on plugin start contract (elastic#260435) [dasboards as code] drop panels with server errors (elastic#260073) [One Workflow] Add force-delete (hard delete) option for workflows (elastic#260391) [Agent Builder] Fix sidebar error handling error (elastic#260446) [Agent Builder] Add attachment origin to Converse API (elastic#259043) [Alerting v2] Fix rule results preview chart responsiveness (elastic#260444) [Streams] Processing error panel UI improvements (elastic#260028) fix flaky test: alert details error page timeout (elastic#260302) [Agent Builder] Add attachment origin to Converse API (elastic#259043) [One Workflow] Add more unit tests to workflows_extensions plugin (elastic#260384) [ResponseOps] Split alerting security_and_spaces group8 FTR config to fix CI timeout (elastic#260029) ...
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Apr 1, 2026
…lastic#260391) ## Summary - Adds a `?force=true` query parameter to both single (`DELETE /api/workflows/workflow/{id}`) and bulk (`DELETE /api/workflows`) delete endpoints - When `force=true`, the workflow document is **permanently removed** from Elasticsearch (hard delete) instead of being soft-deleted, and all related execution history and step executions are purged - This frees the workflow UUID for reuse, unblocking deterministic-ID workflows (install → delete → reinstall cycles) - Default behavior (soft delete with `deleted_at` + `enabled: false`) is unchanged - **Force-delete is blocked when workflows have running executions**, returning a `409 Conflict` with a clear error message listing the affected workflow IDs ## Validation Manually tested the full lifecycle against a local Kibana instance: | Step | Result | |---|---| | Workflow with 2 executions exists | Confirmed | | Soft delete (default) | 200 OK — document still in ES with `deleted_at` | | Re-create with same ID | **409 Conflict** — UUID is poisoned (the bug) | | Hard delete with `?force=true` | 200 OK — document removed from ES | | Verify workflow gone | **404 Not Found** | | Verify executions purged | **total: 0** | | Re-create with same ID | **Success** — fresh workflow created | | Verify clean slate | **0 executions** — no orphaned history | | Force-delete a **running** workflow | **409 Conflict** — `Cannot force-delete workflows with running executions: [workflow-1ce959e9-...]` | | Force-delete after execution completes | **200 OK** — workflow removed successfully | ## References Closes elastic/security-team#16577 Made with [Cursor](https://cursor.com) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this pull request
Apr 2, 2026
…lastic#260391) ## Summary - Adds a `?force=true` query parameter to both single (`DELETE /api/workflows/workflow/{id}`) and bulk (`DELETE /api/workflows`) delete endpoints - When `force=true`, the workflow document is **permanently removed** from Elasticsearch (hard delete) instead of being soft-deleted, and all related execution history and step executions are purged - This frees the workflow UUID for reuse, unblocking deterministic-ID workflows (install → delete → reinstall cycles) - Default behavior (soft delete with `deleted_at` + `enabled: false`) is unchanged - **Force-delete is blocked when workflows have running executions**, returning a `409 Conflict` with a clear error message listing the affected workflow IDs ## Validation Manually tested the full lifecycle against a local Kibana instance: | Step | Result | |---|---| | Workflow with 2 executions exists | Confirmed | | Soft delete (default) | 200 OK — document still in ES with `deleted_at` | | Re-create with same ID | **409 Conflict** — UUID is poisoned (the bug) | | Hard delete with `?force=true` | 200 OK — document removed from ES | | Verify workflow gone | **404 Not Found** | | Verify executions purged | **total: 0** | | Re-create with same ID | **Success** — fresh workflow created | | Verify clean slate | **0 executions** — no orphaned history | | Force-delete a **running** workflow | **409 Conflict** — `Cannot force-delete workflows with running executions: [workflow-1ce959e9-...]` | | Force-delete after execution completes | **200 OK** — workflow removed successfully | ## References Closes elastic/security-team#16577 Made with [Cursor](https://cursor.com) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
?force=truequery parameter to both single (DELETE /api/workflows/workflow/{id}) and bulk (DELETE /api/workflows) delete endpointsforce=true, the workflow document is permanently removed from Elasticsearch (hard delete) instead of being soft-deleted, and all related execution history and step executions are purgeddeleted_at+enabled: false) is unchanged409 Conflictwith a clear error message listing the affected workflow IDsValidation
Manually tested the full lifecycle against a local Kibana instance:
deleted_at?force=trueCannot force-delete workflows with running executions: [workflow-1ce959e9-...]References
Closes elastic/security-team#16577
Made with Cursor