Handle deleted streams in dependent dashboards

[ryan-carroll-graylog]

If a dashboard is scoped to a stream and then that stream is deleted, the dashboard still references the deleted streams ID. This causes issues for shared entities when for instance the dashboard and stream have been shared with another user, the shared too user can no longer view the dashboard due to missing permissions for the deleted stream. See https://github.com/Graylog2/support/issues/38 for customer issue related to this.

Additionally it is unknown how this affects search results.

Expected Behavior

• A user should be able to view entities shared with them if all existing dependent entities have also been shared with them.
• Deleted streams should probably be removed from dependent entities.

Current Behavior

See description.

Possible Solution

• Remove deleted streams from dashboards, possibly utilizing the StreamDeletedEvent event bus event. Or
• Update permissions checks to ignore deleted entities.

Steps to Reproduce (for bugs)

1. Create a new stream and create a new dashboard which uses this new stream

2. Create a new user, give this user access to the dashboard and stream created on step 1.

3. Delete the stream

4. Now the user cannot use the dashboard

5. Trying to change the permissions to the dashboard as admin does not work due to unknown dependencies (i.e. the missing stream) screenshots attached bellow

Context

Your Environment

Happens currently in all tested GL versions (6.1 and below)

Customer Environment Graylog Version: Graylog 5.2.6+5296b15

[luk-kaminski]

Hi @ryan-carroll-graylog! Thanks a lot for a detailed description.

AFAIK, when you delete the stream, the old messages in the search engine still contain deleted stream ID. Because of that, the search/dashboard should work as it did before the stream deletion, which should be an answer to your question - Additionally it is unknown how this affects search results.

My personal opinion is that both proposed solutions to this problem have some flaws.

It might have been very important that a stream was hidden behind certain permission. If you remove the permission check, someone may see old data from that deleted stream, which they should not be able to do.

The stream might have been important for a dashboard. If you remove it automatically, the whole dashboard may lose its meaning.

So IMHO it should be a decision of an admin (that can see all streams anyway) and his manual job to solve this problem, by removing a dashboard if it has no sense after stream deletion, removing the stream if the dashboard can live without it, recreating the deleted stream if it was important...

It may be a per-case decision, different each time.

But it is only my opinion, maybe we should bring @Graylog2/architecture to the discussion?

[ryan-carroll-graylog]

So IMHO it should be a decision of an admin (that can see all streams anyway) and his manual job to solve this problem, by removing a dashboard if it has no sense after stream deletion, removing the stream if the dashboard can live without it, recreating the deleted stream if it was important...

It may be a per-case decision, different each time.

But it is only my opinion, maybe we should bring @Graylog2/architecture to the discussion?

These are all very good points so I can definitely see the merit in leaving the resolution to an admin instead of us trying to guess the intended behavior.

I have no real preference and my main intent was just to convey the customer issue in https://github.com/Graylog2/support/issues/38, but @BBruce-Graylog and @StefanTheGerman may have an opinion on this.