v3(services): delete user-provided SI (cloudfoundry#1708)

[#171726153](https://www.pivotaltracker.com/story/show/171726153)

Co-authored-by: Brian Butz <butzopower@gmail.com>
Signed-off-by: George Blue <gblue@pivotal.io>

Author: Derik Evangelista

app/actions/service_instance_delete_user_provided.rb

@@ -0,0 +1,27 @@
+module VCAP::CloudController
+  class ServiceInstanceDeleteUserProvided
+    class AssociationNotEmptyError < StandardError; end
+
+    def initialize(event_repo)
+      @service_event_repository = event_repo
+    end
+
+    def delete(service_instance)
+      association_not_empty! if service_instance.has_bindings? || service_instance.has_keys?
+
+      service_instance.db.transaction do
+        service_instance.lock!
+        service_instance.destroy
+        service_event_repository.record_user_provided_service_instance_event(:delete, service_instance, {})
+      end
+    end
+
+    private
+
+    def association_not_empty!
+      raise AssociationNotEmptyError.new
+    end
+
+    attr_reader :service_event_repository
+  end
+end

app/controllers/v3/service_instances_controller.rb

@@ -15,6 +15,7 @@
 require 'actions/service_instance_update_managed'
 require 'actions/service_instance_update_user_provided'
 require 'actions/service_instance_create_user_provided'
+require 'actions/service_instance_delete_user_provided'
 require 'actions/service_instance_create_managed'
 require 'fetchers/service_instance_list_fetcher'
 require 'decorators/field_service_instance_space_decorator'
@@ -102,6 +103,24 @@ def update
     end
   end
 
+  def destroy
+    service_instance = ServiceInstance.first(guid: hashed_params[:guid])
+    service_instance_not_found! unless service_instance && can_read_service_instance?(service_instance)
+
+    unauthorized! unless can_write_space?(service_instance.space)
+
+    case service_instance
+    when UserProvidedServiceInstance
+      service_event_repository = VCAP::CloudController::Repositories::ServiceEventRepository::WithUserActor.new(user_audit_info)
+      ServiceInstanceDeleteUserProvided.new(service_event_repository).delete(service_instance)
+      head :no_content
+    else
+      head :not_implemented
+    end
+  rescue ServiceInstanceDeleteUserProvided::AssociationNotEmptyError
+    associations_not_empty!
+  end
+
   def share_service_instance
     FeatureFlag.raise_unless_enabled!(:service_instance_sharing)
 
@@ -327,4 +346,11 @@ def broker_unavailable!
   def invalid_service_plan_relation!
     raise CloudController::Errors::ApiError.new_from_details('InvalidRelation', 'service plan relates to a different service offering')
   end
+
+  def associations_not_empty!
+    associations = 'service_bindings, service_keys, and routes'
+    raise CloudController::Errors::ApiError.
+      new_from_details('AssociationNotEmpty', associations, :service_instances).
+      with_response_code(422)
+  end
 end

app/models/services/service_instance.rb

@@ -209,6 +209,14 @@ def shared?
       shared_spaces.any?
     end
 
+    def has_bindings?
+      !service_bindings.empty?
+    end
+
+    def has_keys?
+      !service_keys.empty?
+    end
+
     def self.managed_organizations_spaces_dataset(managed_organizations_dataset)
       VCAP::CloudController::Space.dataset.filter({ organization_id: managed_organizations_dataset.select(:organization_id) })
     end

config/routes.rb

@@ -218,6 +218,7 @@
   post '/service_instances', to: 'service_instances_v3#create'
   post '/service_instances/:service_instance_guid/relationships/shared_spaces', to: 'service_instances_v3#share_service_instance'
   patch '/service_instances/:guid', to: 'service_instances_v3#update'
+  delete '/service_instances/:guid', to: 'service_instances_v3#destroy'
   delete '/service_instances/:service_instance_guid/relationships/shared_spaces/:space_guid', to: 'service_instances_v3#unshare_service_instance'
 
   # space_features

docs/v3/source/includes/experimental_resources/service_instances/_delete.md

@@ -0,0 +1,28 @@
+### Delete a service instance
+
+```
+Example Request
+```
+
+```shell
+curl "https://api.example.org/v3/service_instances/[guid]" \
+  -X DELETE \
+  -H "Authorization: bearer [token]"
+```
+
+```
+Example Response
+```
+
+```http
+HTTP/1.1 204 No Content
+```
+
+#### Definition
+`DELETE /v3/service_instances/:guid`
+
+#### Permitted Roles
+ |
+--- | ---
+Admin |
+Space Developer |

docs/v3/source/index.md

@@ -356,6 +356,7 @@ includes:
   - experimental_resources/service_instances/get
   - experimental_resources/service_instances/credentials
   - experimental_resources/service_instances/parameters
+  - experimental_resources/service_instances/delete
   - experimental_resources/sidecars/header
   - experimental_resources/sidecars/object
   - experimental_resources/sidecars/create_from_app

lib/cloud_controller/errors/api_error.rb

@@ -33,8 +33,13 @@ def name
         details.try(:name)
       end
 
+      def with_response_code(response_code)
+        @response_code = response_code
+        self
+      end
+
       def response_code
-        details.try(:response_code)
+        @response_code || details.try(:response_code)
       end
     end
   end

spec/request/service_instances_spec.rb

@@ -2143,6 +2143,66 @@ def check_filtered_instances(*instances)
     end
   end
 
+  describe 'DELETE /v3/service_instances/:guid' do
+    let(:api_call) { lambda { |user_headers| delete "/v3/service_instances/#{instance.guid}", '{}', user_headers } }
+
+    context 'user provided service instance' do
+      let!(:instance) { VCAP::CloudController::UserProvidedServiceInstance.make(space: space) }
+
+      let(:db_check) {
+        lambda do
+          get "/v3/service_instances/#{instance.guid}", {}, admin_headers
+          expect(last_response.status).to eq(404)
+
+          expect(VCAP::CloudController::ServiceInstanceLabelModel.where(service_instance: instance).all).to be_empty
+          expect(VCAP::CloudController::ServiceInstanceAnnotationModel.where(service_instance: instance).all).to be_empty
+        end
+      }
+
+      let(:expected_codes_and_responses) do
+        Hash.new(code: 403).tap do |h|
+          h['space_developer'] = { code: 204 }
+          h['admin'] = { code: 204 }
+          h['no_role'] = { code: 404 }
+          h['org_auditor'] = { code: 404 }
+          h['org_billing_manager'] = { code: 404 }
+        end
+      end
+
+      it_behaves_like 'permissions for delete endpoint', ALL_PERMISSIONS
+
+      context 'when associations are not empty' do
+        it 'returns a 422 Unprocessable Entity when there are service bindings' do
+          VCAP::CloudController::ServiceBinding.make(service_instance: instance)
+
+          api_call.call(admin_headers)
+          expect(last_response).to have_status_code(422)
+          response = parsed_response['errors'].first
+          expect(response).to include('title' => 'CF-AssociationNotEmpty')
+          expect(response).to include('detail' => 'Please delete the service_bindings, service_keys, and routes associations for your service_instances.')
+        end
+
+        it 'returns a 422 Unprocessable Entity when there are service keys' do
+          VCAP::CloudController::ServiceKey.make(service_instance: instance)
+
+          api_call.call(admin_headers)
+          expect(last_response).to have_status_code(422)
+          response = parsed_response['errors'].first
+          expect(response).to include('title' => 'CF-AssociationNotEmpty')
+          expect(response).to include('detail' => 'Please delete the service_bindings, service_keys, and routes associations for your service_instances.')
+        end
+      end
+    end
+
+    context 'when the service instance does not exist' do
+      let(:instance) { Struct.new(:guid).new('some-fake-guid') }
+      it 'returns a 404' do
+        api_call.call(admin_headers)
+        expect(last_response).to have_status_code(404)
+      end
+    end
+  end
+
   def create_managed_json(instance, labels: {}, annotations: {}, last_operation: {}, tags: [])
     {
       guid: instance.guid,

spec/unit/actions/service_instance_delete_user_provided_spec.rb

@@ -0,0 +1,83 @@
+require 'spec_helper'
+require 'actions/service_instance_delete_user_provided'
+
+module VCAP::CloudController
+  RSpec.describe ServiceInstanceDeleteUserProvided do
+    describe '#delete' do
+      subject(:action) { described_class.new(event_repository) }
+      let(:event_repository) do
+        dbl = double(Repositories::ServiceEventRepository::WithUserActor)
+        allow(dbl).to receive(:record_user_provided_service_instance_event)
+        dbl
+      end
+
+      let!(:service_instance) do
+        si = VCAP::CloudController::UserProvidedServiceInstance.make(
+          name: 'foo',
+          credentials: {
+            foo: 'bar',
+            baz: 'qux'
+          },
+          syslog_drain_url: 'https://foo.com',
+          route_service_url: 'https://bar.com',
+          tags: %w(accounting mongodb)
+        )
+        si.label_ids = [
+          VCAP::CloudController::ServiceInstanceLabelModel.make(key_prefix: 'pre.fix', key_name: 'to_delete', value: 'value'),
+          VCAP::CloudController::ServiceInstanceLabelModel.make(key_prefix: 'pre.fix', key_name: 'tail', value: 'fluffy')
+        ]
+        si.annotation_ids = [
+          VCAP::CloudController::ServiceInstanceAnnotationModel.make(key_prefix: 'pre.fix', key_name: 'to_delete', value: 'value').id,
+          VCAP::CloudController::ServiceInstanceAnnotationModel.make(key_prefix: 'pre.fix', key_name: 'fox', value: 'bushy').id
+        ]
+        si
+      end
+
+      it 'deletes the service instance from the database' do
+        subject.delete(service_instance)
+
+        expect {
+          service_instance.reload
+        }.to raise_error(Sequel::Error, 'Record not found')
+        expect(VCAP::CloudController::ServiceInstanceLabelModel.where(service_instance: service_instance)).to be_empty
+        expect(VCAP::CloudController::ServiceInstanceAnnotationModel.where(service_instance: service_instance)).to be_empty
+      end
+
+      it 'creates an audit event' do
+        subject.delete(service_instance)
+
+        expect(event_repository).
+          to have_received(:record_user_provided_service_instance_event).
+          with(:delete, instance_of(UserProvidedServiceInstance), {})
+      end
+
+      context 'when there are associated service bindings' do
+        before do
+          VCAP::CloudController::ServiceBinding.make(service_instance: service_instance)
+        end
+
+        it 'does not delete the service instance' do
+          expect {
+            subject.delete(service_instance)
+          }.to raise_error(
+            ServiceInstanceDeleteUserProvided::AssociationNotEmptyError,
+          )
+        end
+      end
+
+      context 'when there are associated service keys' do
+        before do
+          VCAP::CloudController::ServiceKey.make(service_instance: service_instance)
+        end
+
+        it 'does not delete the service instance' do
+          expect {
+            subject.delete(service_instance)
+          }.to raise_error(
+            ServiceInstanceDeleteUserProvided::AssociationNotEmptyError,
+          )
+        end
+      end
+    end
+  end
+end

spec/unit/lib/cloud_controller/errors/api_error_spec.rb

@@ -86,6 +86,11 @@ def create_details(message)
         expect(api_error.response_code).to eq(400)
       end
 
+      it 'can be set to a different http code' do
+        api_error.with_response_code(422)
+        expect(api_error.response_code).to eq(422)
+      end
+
       it 'exposes the name' do
         expect(api_error.name).to eq('ServiceInvalid')
       end