From b295c103dd86c57c848397d32e8094edfa8502aa Mon Sep 17 00:00:00 2001 From: Jeremy Lempereur Date: Mon, 4 Sep 2023 18:20:45 +0200 Subject: [PATCH 1/4] Subscriptions: Correct v1.28.x regression allowing panic via un-named subscription operation (#3738) ### Subscriptions: Correct v1.28.x regression allowing panic via un-named subscription operation Correct a regression that was introduced in Router v1.28.0 which made a Router **panic** possible when the following _three_ conditions are _all_ met: 1. When sending an un-named (i.e., "anonymous") `subscription` operation (e.g., `subscription { ... }`); **and**; 2. The Router has a `subscription` type defined in the Supergraph schema; **and** 3. Have subscriptions enabled (they are disabled by default) in the Router's YAML configuration, either by setting `enabled: true` _or_ by setting a `mode` within the `subscriptions` object (as seen in [the subscriptions documentation] --- .changesets/fix_dragonfly_ship_win_folder.md | 9 +++++++++ apollo-router/src/context/mod.rs | 7 ------- apollo-router/src/services/subgraph_service.rs | 8 +++++++- 3 files changed, 16 insertions(+), 8 deletions(-) create mode 100644 .changesets/fix_dragonfly_ship_win_folder.md diff --git a/.changesets/fix_dragonfly_ship_win_folder.md b/.changesets/fix_dragonfly_ship_win_folder.md new file mode 100644 index 0000000000..892df67579 --- /dev/null +++ b/.changesets/fix_dragonfly_ship_win_folder.md @@ -0,0 +1,9 @@ +### Subscriptions: Correct v1.28.x regression allowing panic via un-named subscription operation + +Correct a regression that was introduced in Router v1.28.0 which made a Router **panic** possible when the following _three_ conditions are _all_ met: + +1. When sending an un-named (i.e., "anonymous") `subscription` operation (e.g., `subscription { ... }`); **and**; +2. The Router has a `subscription` type defined in the Supergraph schema; **and** +3. Have subscriptions enabled (they are disabled by default) in the Router's YAML configuration, either by setting `enabled: true` _or_ by setting a `mode` within the `subscriptions` object (as seen in [the subscriptions documentation](https://www.apollographql.com/docs/router/executing-operations/subscription-support/#router-setup). + +By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/3738 diff --git a/apollo-router/src/context/mod.rs b/apollo-router/src/context/mod.rs index 07042e08a8..83bdb2bc80 100644 --- a/apollo-router/src/context/mod.rs +++ b/apollo-router/src/context/mod.rs @@ -70,13 +70,6 @@ impl Context { } impl Context { - pub(crate) fn operation_name(&self) -> Option { - // This method should be removed once we have a proper way to get the operation name. - self.entries - .get(OPERATION_NAME) - .map(|v| v.value().as_str().unwrap().to_string()) - } - /// Returns true if the context contains a value for the specified key. pub fn contains_key(&self, key: K) -> bool where diff --git a/apollo-router/src/services/subgraph_service.rs b/apollo-router/src/services/subgraph_service.rs index e137177a7c..c99e482786 100644 --- a/apollo-router/src/services/subgraph_service.rs +++ b/apollo-router/src/services/subgraph_service.rs @@ -431,6 +431,13 @@ async fn call_websocket( subgraph_cfg: &WebSocketConfiguration, subscription_hash: String, ) -> Result { + let operation_name = request + .subgraph_request + .body() + .operation_name + .clone() + .unwrap_or_default(); + let SubgraphRequest { subgraph_request, subscription_stream, @@ -445,7 +452,6 @@ async fn call_websocket( let (handle, created) = notify .create_or_subscribe(subscription_hash.clone(), false) .await?; - let operation_name = context.operation_name().unwrap_or_default(); tracing::info!( monotonic_counter.apollo.router.operations.subscriptions = 1u64, subscriptions.mode = %"passthrough", From 00a8dad00c0b919f0e394e2bcbd734b41ee94d2d Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Mon, 4 Sep 2023 16:39:23 +0000 Subject: [PATCH 2/4] prep release: v1.29.1 --- .changesets/fix_dragonfly_ship_win_folder.md | 9 ------ CHANGELOG.md | 16 +++++++++++ Cargo.lock | 6 ++-- apollo-router-benchmarks/Cargo.toml | 2 +- apollo-router-scaffold/Cargo.toml | 2 +- .../templates/base/Cargo.toml | 2 +- .../templates/base/xtask/Cargo.toml | 2 +- apollo-router/Cargo.toml | 2 +- .../tracing/docker-compose.datadog.yml | 2 +- dockerfiles/tracing/docker-compose.jaeger.yml | 2 +- dockerfiles/tracing/docker-compose.zipkin.yml | 2 +- docs/source/containerization/docker.mdx | 2 +- docs/source/containerization/kubernetes.mdx | 28 +++++++++---------- helm/chart/router/Chart.yaml | 4 +-- helm/chart/router/README.md | 9 ++++-- licenses.html | 2 +- scripts/install.sh | 2 +- 17 files changed, 52 insertions(+), 42 deletions(-) delete mode 100644 .changesets/fix_dragonfly_ship_win_folder.md diff --git a/.changesets/fix_dragonfly_ship_win_folder.md b/.changesets/fix_dragonfly_ship_win_folder.md deleted file mode 100644 index 892df67579..0000000000 --- a/.changesets/fix_dragonfly_ship_win_folder.md +++ /dev/null @@ -1,9 +0,0 @@ -### Subscriptions: Correct v1.28.x regression allowing panic via un-named subscription operation - -Correct a regression that was introduced in Router v1.28.0 which made a Router **panic** possible when the following _three_ conditions are _all_ met: - -1. When sending an un-named (i.e., "anonymous") `subscription` operation (e.g., `subscription { ... }`); **and**; -2. The Router has a `subscription` type defined in the Supergraph schema; **and** -3. Have subscriptions enabled (they are disabled by default) in the Router's YAML configuration, either by setting `enabled: true` _or_ by setting a `mode` within the `subscriptions` object (as seen in [the subscriptions documentation](https://www.apollographql.com/docs/router/executing-operations/subscription-support/#router-setup). - -By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/3738 diff --git a/CHANGELOG.md b/CHANGELOG.md index 24b7c15460..c81ea7fb0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,22 @@ All notable changes to Router will be documented in this file. This project adheres to [Semantic Versioning v2.0.0](https://semver.org/spec/v2.0.0.html). +# [1.29.1] - 2023-09-04 + +## 🐛 Fixes + +### Subscriptions: Correct v1.28.x regression allowing panic via un-named subscription operation + +Correct a regression that was introduced in Router v1.28.0 which made a Router **panic** possible when the following _three_ conditions are _all_ met: + +1. When sending an un-named (i.e., "anonymous") `subscription` operation (e.g., `subscription { ... }`); **and**; +2. The Router has a `subscription` type defined in the Supergraph schema; **and** +3. Have subscriptions enabled (they are disabled by default) in the Router's YAML configuration, either by setting `enabled: true` _or_ by setting a `mode` within the `subscriptions` object (as seen in [the subscriptions documentation](https://www.apollographql.com/docs/router/executing-operations/subscription-support/#router-setup). + +By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/3738 + + + # [1.29.0] - 2023-09-04 ## 🚀 Features diff --git a/Cargo.lock b/Cargo.lock index 2b4f51ce6a..922f8c26ed 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -273,7 +273,7 @@ dependencies = [ [[package]] name = "apollo-router" -version = "1.29.0" +version = "1.29.1" dependencies = [ "access-json", "anyhow", @@ -419,7 +419,7 @@ dependencies = [ [[package]] name = "apollo-router-benchmarks" -version = "1.29.0" +version = "1.29.1" dependencies = [ "apollo-parser 0.6.1", "apollo-router", @@ -435,7 +435,7 @@ dependencies = [ [[package]] name = "apollo-router-scaffold" -version = "1.29.0" +version = "1.29.1" dependencies = [ "anyhow", "cargo-scaffold", diff --git a/apollo-router-benchmarks/Cargo.toml b/apollo-router-benchmarks/Cargo.toml index f9cfc72f03..b0a6f0cf9e 100644 --- a/apollo-router-benchmarks/Cargo.toml +++ b/apollo-router-benchmarks/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "apollo-router-benchmarks" -version = "1.29.0" +version = "1.29.1" authors = ["Apollo Graph, Inc. "] edition = "2021" license = "Elastic-2.0" diff --git a/apollo-router-scaffold/Cargo.toml b/apollo-router-scaffold/Cargo.toml index 2c006fa9b9..9a6031ec2d 100644 --- a/apollo-router-scaffold/Cargo.toml +++ b/apollo-router-scaffold/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "apollo-router-scaffold" -version = "1.29.0" +version = "1.29.1" authors = ["Apollo Graph, Inc. "] edition = "2021" license = "Elastic-2.0" diff --git a/apollo-router-scaffold/templates/base/Cargo.toml b/apollo-router-scaffold/templates/base/Cargo.toml index f327476570..0181336ac6 100644 --- a/apollo-router-scaffold/templates/base/Cargo.toml +++ b/apollo-router-scaffold/templates/base/Cargo.toml @@ -22,7 +22,7 @@ apollo-router = { path ="{{integration_test}}apollo-router" } apollo-router = { git="https://github.com/apollographql/router.git", branch="{{branch}}" } {{else}} # Note if you update these dependencies then also update xtask/Cargo.toml -apollo-router = "1.29.0" +apollo-router = "1.29.1" {{/if}} {{/if}} async-trait = "0.1.52" diff --git a/apollo-router-scaffold/templates/base/xtask/Cargo.toml b/apollo-router-scaffold/templates/base/xtask/Cargo.toml index 167ef3c605..080ab782cb 100644 --- a/apollo-router-scaffold/templates/base/xtask/Cargo.toml +++ b/apollo-router-scaffold/templates/base/xtask/Cargo.toml @@ -13,7 +13,7 @@ apollo-router-scaffold = { path ="{{integration_test}}apollo-router-scaffold" } {{#if branch}} apollo-router-scaffold = { git="https://github.com/apollographql/router.git", branch="{{branch}}" } {{else}} -apollo-router-scaffold = { git = "https://github.com/apollographql/router.git", tag = "v1.29.0" } +apollo-router-scaffold = { git = "https://github.com/apollographql/router.git", tag = "v1.29.1" } {{/if}} {{/if}} anyhow = "1.0.58" diff --git a/apollo-router/Cargo.toml b/apollo-router/Cargo.toml index ed1262cbe5..a1966272ce 100644 --- a/apollo-router/Cargo.toml +++ b/apollo-router/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "apollo-router" -version = "1.29.0" +version = "1.29.1" authors = ["Apollo Graph, Inc. "] repository = "https://github.com/apollographql/router/" documentation = "https://docs.rs/apollo-router" diff --git a/dockerfiles/tracing/docker-compose.datadog.yml b/dockerfiles/tracing/docker-compose.datadog.yml index 59c3ddf255..512b2ddceb 100644 --- a/dockerfiles/tracing/docker-compose.datadog.yml +++ b/dockerfiles/tracing/docker-compose.datadog.yml @@ -3,7 +3,7 @@ services: apollo-router: container_name: apollo-router - image: ghcr.io/apollographql/router:v1.29.0 + image: ghcr.io/apollographql/router:v1.29.1 volumes: - ./supergraph.graphql:/etc/config/supergraph.graphql - ./router/datadog.router.yaml:/etc/config/configuration.yaml diff --git a/dockerfiles/tracing/docker-compose.jaeger.yml b/dockerfiles/tracing/docker-compose.jaeger.yml index 0de6214836..e2053883b7 100644 --- a/dockerfiles/tracing/docker-compose.jaeger.yml +++ b/dockerfiles/tracing/docker-compose.jaeger.yml @@ -4,7 +4,7 @@ services: apollo-router: container_name: apollo-router #build: ./router - image: ghcr.io/apollographql/router:v1.29.0 + image: ghcr.io/apollographql/router:v1.29.1 volumes: - ./supergraph.graphql:/etc/config/supergraph.graphql - ./router/jaeger.router.yaml:/etc/config/configuration.yaml diff --git a/dockerfiles/tracing/docker-compose.zipkin.yml b/dockerfiles/tracing/docker-compose.zipkin.yml index 60f98be281..89539bc852 100644 --- a/dockerfiles/tracing/docker-compose.zipkin.yml +++ b/dockerfiles/tracing/docker-compose.zipkin.yml @@ -4,7 +4,7 @@ services: apollo-router: container_name: apollo-router build: ./router - image: ghcr.io/apollographql/router:v1.29.0 + image: ghcr.io/apollographql/router:v1.29.1 volumes: - ./supergraph.graphql:/etc/config/supergraph.graphql - ./router/zipkin.router.yaml:/etc/config/configuration.yaml diff --git a/docs/source/containerization/docker.mdx b/docs/source/containerization/docker.mdx index b985e69b33..ebcb148767 100644 --- a/docs/source/containerization/docker.mdx +++ b/docs/source/containerization/docker.mdx @@ -11,7 +11,7 @@ The default behaviour of the router images is suitable for a quickstart or devel Note: The [docker documentation](https://docs.docker.com/engine/reference/run/) for the run command may be helpful when reading through the examples. -Note: The exact image version to use is your choice depending on which release you wish to use. In the following examples, replace `` with your chosen version. e.g.: `v1.29.0` +Note: The exact image version to use is your choice depending on which release you wish to use. In the following examples, replace `` with your chosen version. e.g.: `v1.29.1` ## Override the configuration diff --git a/docs/source/containerization/kubernetes.mdx b/docs/source/containerization/kubernetes.mdx index 35d620c49a..c61cdea299 100644 --- a/docs/source/containerization/kubernetes.mdx +++ b/docs/source/containerization/kubernetes.mdx @@ -13,7 +13,7 @@ import { Link } from 'gatsby'; [Helm](https://helm.sh) is the package manager for kubernetes. -There is a complete [helm chart definition](https://github.com/apollographql/router/tree/v1.29.0/helm/chart/router) in the repo which illustrates how to use helm to deploy the router in kubernetes. +There is a complete [helm chart definition](https://github.com/apollographql/router/tree/v1.29.1/helm/chart/router) in the repo which illustrates how to use helm to deploy the router in kubernetes. In both the following examples, we are using helm to install the router: - into namespace "router-deploy" (create namespace if it doesn't exist) @@ -64,10 +64,10 @@ kind: ServiceAccount metadata: name: release-name-router labels: - helm.sh/chart: router-1.29.0 + helm.sh/chart: router-1.29.1 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.29.0" + app.kubernetes.io/version: "v1.29.1" app.kubernetes.io/managed-by: Helm --- # Source: router/templates/secret.yaml @@ -76,10 +76,10 @@ kind: Secret metadata: name: "release-name-router" labels: - helm.sh/chart: router-1.29.0 + helm.sh/chart: router-1.29.1 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.29.0" + app.kubernetes.io/version: "v1.29.1" app.kubernetes.io/managed-by: Helm data: managedFederationApiKey: "UkVEQUNURUQ=" @@ -90,10 +90,10 @@ kind: ConfigMap metadata: name: release-name-router labels: - helm.sh/chart: router-1.29.0 + helm.sh/chart: router-1.29.1 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.29.0" + app.kubernetes.io/version: "v1.29.1" app.kubernetes.io/managed-by: Helm data: configuration.yaml: | @@ -117,10 +117,10 @@ kind: Service metadata: name: release-name-router labels: - helm.sh/chart: router-1.29.0 + helm.sh/chart: router-1.29.1 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.29.0" + app.kubernetes.io/version: "v1.29.1" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -143,10 +143,10 @@ kind: Deployment metadata: name: release-name-router labels: - helm.sh/chart: router-1.29.0 + helm.sh/chart: router-1.29.1 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.29.0" + app.kubernetes.io/version: "v1.29.1" app.kubernetes.io/managed-by: Helm annotations: @@ -174,7 +174,7 @@ spec: - name: router securityContext: {} - image: "ghcr.io/apollographql/router:v1.29.0" + image: "ghcr.io/apollographql/router:v1.29.1" imagePullPolicy: IfNotPresent args: - --hot-reload @@ -226,10 +226,10 @@ kind: Pod metadata: name: "release-name-router-test-connection" labels: - helm.sh/chart: router-1.29.0 + helm.sh/chart: router-1.29.1 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.29.0" + app.kubernetes.io/version: "v1.29.1" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": test diff --git a/helm/chart/router/Chart.yaml b/helm/chart/router/Chart.yaml index 222941405c..69bdb630a8 100644 --- a/helm/chart/router/Chart.yaml +++ b/helm/chart/router/Chart.yaml @@ -20,10 +20,10 @@ type: application # so it matches the shape of our release process and release automation. # By proxy of that decision, this version uses SemVer 2.0.0, though the prefix # of "v" is not included. -version: 1.29.0 +version: 1.29.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v1.29.0" \ No newline at end of file +appVersion: "v1.29.1" \ No newline at end of file diff --git a/helm/chart/router/README.md b/helm/chart/router/README.md index 399399a4ce..983969d7a9 100644 --- a/helm/chart/router/README.md +++ b/helm/chart/router/README.md @@ -2,7 +2,7 @@ [router](https://github.com/apollographql/router) Rust Graph Routing runtime for Apollo Federation -![Version: 1.29.0](https://img.shields.io/badge/Version-1.29.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.29.0](https://img.shields.io/badge/AppVersion-v1.29.0-informational?style=flat-square) +![Version: 1.29.1](https://img.shields.io/badge/Version-1.29.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.29.1](https://img.shields.io/badge/AppVersion-v1.29.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ ## Get Repo Info ```console -helm pull oci://ghcr.io/apollographql/helm-charts/router --version 1.29.0 +helm pull oci://ghcr.io/apollographql/helm-charts/router --version 1.29.1 ``` ## Install Chart @@ -19,7 +19,7 @@ helm pull oci://ghcr.io/apollographql/helm-charts/router --version 1.29.0 **Important:** only helm3 is supported ```console -helm upgrade --install [RELEASE_NAME] oci://ghcr.io/apollographql/helm-charts/router --version 1.29.0 --values my-values.yaml +helm upgrade --install [RELEASE_NAME] oci://ghcr.io/apollographql/helm-charts/router --version 1.29.1 --values my-values.yaml ``` _See [configuration](#configuration) below._ @@ -92,3 +92,6 @@ helm show values oci://ghcr.io/apollographql/helm-charts/router | terminationGracePeriodSeconds | int | `30` | Sets the [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution) for Deployment pods | | tolerations | list | `[]` | | | virtualservice.enabled | bool | `false` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/licenses.html b/licenses.html index 7bd8e2bc23..bbaf4cfa5a 100644 --- a/licenses.html +++ b/licenses.html @@ -7157,6 +7157,7 @@

Used by:

  • bytes-utils
  • cc
  • cfg-if
  • +
  • ci_info
  • cmake
  • concurrent-queue
  • const-random
  • @@ -10723,7 +10724,6 @@

    Used by:

    Apache License 2.0

    Used by:

    diff --git a/scripts/install.sh b/scripts/install.sh index 6e3758cff5..47dc365d05 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -11,7 +11,7 @@ BINARY_DOWNLOAD_PREFIX="https://github.com/apollographql/router/releases/downloa # Router version defined in apollo-router's Cargo.toml # Note: Change this line manually during the release steps. -PACKAGE_VERSION="v1.29.0" +PACKAGE_VERSION="v1.29.1" download_binary() { downloader --check From 61030196292a53dedab2a7f7b09fcab086f794f2 Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Mon, 4 Sep 2023 16:45:40 +0000 Subject: [PATCH 3/4] CHANGELOG edits for v1.28.x and v1.29.0 warnings --- CHANGELOG.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c81ea7fb0a..220c940a7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,34 @@ This project adheres to [Semantic Versioning v2.0.0](https://semver.org/spec/v2. # [1.29.1] - 2023-09-04 +## 🚀 Features + +### GraphOS Enterprise: Authorization ([PR #3397](https://github.com/apollographql/router/pull/3397), [PR #3662](https://github.com/apollographql/router/pull/3662)) + +> ⚠️ This is an [Enterprise feature](https://www.apollographql.com/blog/platform/evaluating-apollo-router-understanding-free-and-open-vs-commercial-features/) of the Apollo Router. It requires an organization with a [GraphOS Enterprise plan](https://www.apollographql.com/pricing/). + +If your organization doesn't currently have an Enterprise plan, you can test out this functionality by signing up for a free [Enterprise trial](https://www.apollographql.com/docs/graphos/org/plans/#enterprise-trials). +We introduce two new directives, `@requiresScopes` and `@authenticated`, that define authorization policies for fields and types in the supergraph schema, composed with Federation version 2.5.3 or higher. + +They are defined as follows: + +```graphql +scalar federation__Scope +directive @requiresScopes(scopes: [[federation__Scope!]!]!) on OBJECT | FIELD_DEFINITION | INTERFACE | SCALAR | ENUM +``` + +This directive allows granular access control through user-defined scopes. + +```graphql +directive @authenticated on OBJECT | FIELD_DEFINITION | INTERFACE | SCALAR | ENUM +``` + +This directive allows access to the annotated field or type for authenticated requests only. +For more information on how to use these directives, please read Apollo Router [docs](https://www.apollographql.com/docs/router/configuration/authorization) +``` + +By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/3397 https://github.com/apollographql/router/pull/3662 + ## 🐛 Fixes ### Subscriptions: Correct v1.28.x regression allowing panic via un-named subscription operation @@ -19,9 +47,38 @@ Correct a regression that was introduced in Router v1.28.0 which made a Router * By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/3738 +### Update Deno to resolve Rust Docs generation failure ([Issue #3305](https://github.com/apollographql/router/issues/3305)) + +We've updated to the latest version of Deno (0.200) to fix errors when generating [docs.rs/apollo-router](https://docs.rs/crate/apollo-router/latest). + +By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/3626 + +### GraphQL response processing is now captured under the execution span ([PR #3732](https://github.com/apollographql/router/pull/3732)) + +Ensure processing is captured under the "execution" span. Previously, events would be reported under the supergraph span or — even more arbitrarily — any plugin's span (e.g., Rhai). + +By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/3732 + +## 🛠 Maintenance + +### Apollo Uplink connections re-use the existing HTTP client ([Issue #3333](https://github.com/apollographql/router/issues/3333)) + +A single HTTP client will now be shared between requests of the same type when making requests to [Apollo Uplink](https://www.apollographql.com/docs/federation/managed-federation/uplink/) to fetch supergraphs, licenses and configuration from Studio. Previously, such requests created a new HTTP client on each periodic fetch which occasionally resulted in CPU spikes, especially on macOS. + +By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/3703 + +### Remove unneeded schema parsing steps ([PR #3547](https://github.com/apollographql/router/pull/3547)) + +Access to a parsed schema is required in various parts of the Router. Previously were were parsing the schema multiple times, but this is now fixed. + +By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/3547 # [1.29.0] - 2023-09-04 +> **Warning** +> +> **This version has a critical bug impacting anyone using subscriptions. See the _Fixes_ in [v1.29.1](https://github.com/apollographql/router/releases/tag/v1.29.1) for details. We highly recommend using v1.29.1 over v1.29.0 when using subscriptions.** + ## 🚀 Features ### GraphOS Enterprise: Authorization ([PR #3397](https://github.com/apollographql/router/pull/3397), [PR #3662](https://github.com/apollographql/router/pull/3662)) @@ -48,7 +105,6 @@ This directive allows access to the annotated field or type for authenticated re For more information on how to use these directives, please read Apollo Router [docs](https://www.apollographql.com/docs/router/configuration/authorization) ``` - By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/3397 https://github.com/apollographql/router/pull/3662 ## 🐛 Fixes @@ -79,10 +135,12 @@ Access to a parsed schema is required in various parts of the Router. Previously By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/3547 - - # [1.28.1] - 2023-08-28 +> **Warning** +> +> **This version has a critical bug impacting anyone using subscriptions. See the _Fixes_ in [v1.29.1](https://github.com/apollographql/router/releases/tag/v1.29.1) for details. We highly recommend using v1.29.1 over any v1.28.x version when using subscriptions.** + ## 🚀 Features ### Expose the `stats_reports_key` hash to plugins. ([Issue #2728](https://github.com/apollographql/router/issues/2728)) From b17018be5c0552b9de57f767189f9a02dd2a7799 Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Mon, 4 Sep 2023 16:52:11 +0000 Subject: [PATCH 4/4] Remove invalid formatting of MD code-fence and trailing newlines. --- CHANGELOG.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 220c940a7f..f6b1d21712 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -103,7 +103,6 @@ directive @authenticated on OBJECT | FIELD_DEFINITION | INTERFACE | SCALAR | ENU This directive allows access to the annotated field or type for authenticated requests only. For more information on how to use these directives, please read Apollo Router [docs](https://www.apollographql.com/docs/router/configuration/authorization) -``` By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/3397 https://github.com/apollographql/router/pull/3662 @@ -267,7 +266,7 @@ Several improvements to safelisting behavior based on preview feedback: * If introspection is enabled on the server, any operation whose top-level fields are introspection fields (`__type`, `__schema`, or `__typename`) is considered to be in the safelist. This special case is not applied if `require_id` is enabled, so that Router never parses freeform GraphQL in this mode. * When `log_unknown` is enabled and `apq` has not been disabled, the Router now logs any operation not in the safelist as unknown, even those sent via IDs if the operation was found in the APQ cache rather than the manifest. -* When `log_unknown` and `require_id` are both enabled, the Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL). +* When `log_unknown` and `require_id` are both enabled, the Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL). Previously, the Router only logged the operations that would have been rejected by the safelist feature with `require_id` disabled (i.e., operations sent as freeform GraphQL that do not match an operation in the manifest). @@ -681,7 +680,7 @@ By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollo # [1.24.0] - 2023-07-13 -***Note that this release contains a bug in query planning around query fragment reuse and should not be used. If upgrading, consider going straight to 1.25.0.*** +***Note that this release contains a bug in query planning around query fragment reuse and should not be used. If upgrading, consider going straight to 1.25.0.*** ## 🚀 Features @@ -705,7 +704,7 @@ By [@garypen](https://github.com/garypen) in https://github.com/apollographql/ro The GraphQL spec is rather light on what should happen when we process responses from subgraphs. The current behaviour within the Router was inconsistently short circuiting response processing and this producing confusing errors. > #### Processing the response -> +> > If the response uses a non-200 status code and the media type of the response payload is application/json then the client MUST NOT rely on the body to be a well-formed GraphQL response since the source of the response may not be the server but instead some intermediary such as API gateways, proxies, firewalls, etc. The logic has been simplified and made consistent using the following rules: @@ -919,7 +918,7 @@ By [@garypen](https://github.com/garypen) in https://github.com/apollographql/ro Root span name has changed from `request` to ` ` -[Open Telemetry graphql semantic conventions](https://opentelemetry.io/docs/specs/otel/trace/semantic_conventions/instrumentation/graphql/) specify that the root span name must match the operation kind and name. +[Open Telemetry graphql semantic conventions](https://opentelemetry.io/docs/specs/otel/trace/semantic_conventions/instrumentation/graphql/) specify that the root span name must match the operation kind and name. Many tracing providers don't have good support for filtering traces via attribute, so changing this significantly enhances the tracing experience. @@ -1018,7 +1017,7 @@ By [@EverlastingBugstopper](https://github.com/EverlastingBugstopper) in https:/ ### Add security-related warnings to JWT auth docs ([PR #3299](https://github.com/apollographql/router/pull/3299)) -There are a couple potential security pitfalls when leveraging the router for JWT authentication. These are now documented in [the relevant section of the docs](https://www.apollographql.com/docs/router/configuration/authn-jwt). If you are currently using JWT authentication in the router, be sure to [secure your subgraphs](https://www.apollographql.com/docs/federation/building-supergraphs/subgraphs-overview#securing-your-subgraphs) and [use care when propagating headers](https://www.apollographql.com/docs/router/configuration/authn-jwt#example-forwarding-claims-to-subgraphs). +There are a couple potential security pitfalls when leveraging the router for JWT authentication. These are now documented in [the relevant section of the docs](https://www.apollographql.com/docs/router/configuration/authn-jwt). If you are currently using JWT authentication in the router, be sure to [secure your subgraphs](https://www.apollographql.com/docs/federation/building-supergraphs/subgraphs-overview#securing-your-subgraphs) and [use care when propagating headers](https://www.apollographql.com/docs/router/configuration/authn-jwt#example-forwarding-claims-to-subgraphs). By [@dbanty](https://github.com/dbanty) in https://github.com/apollographql/router/pull/3299 @@ -1262,7 +1261,7 @@ This PR includes the following configurable performance optimizations. - Instead of sending subscription data between a Router and subgraph over an open WebSocket, the Router can be configured to send the subgraph a callback URL that will then be used to receive all source stream events - Subscription enabled subgraphs send source stream events (subscription updates) back to the callback URL by making HTTP POST requests - Refer to the [callback mode documentation](https://github.com/apollographql/router/blob/dev/dev-docs/callback_protocol.md) for more details, including an explanation of the callback URL request/response payload format -- This feature is still experimental and needs to be enabled explicitly in the Router config file +- This feature is still experimental and needs to be enabled explicitly in the Router config file By [@bnjjj](https://github.com/bnjjj) and [@o0Ignition0o](https://github.com/o0ignition0o) in https://github.com/apollographql/router/pull/3285 @@ -1296,9 +1295,9 @@ By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollograp ### Add support for empty auth prefixes ([Issue #2909](https://github.com/apollographql/router/issues/2909)) -The `authentication.jwt` plugin now supports empty prefixes for the JWT header. Some companies use prefix-less headers; previously, the authentication plugin rejected requests even with an empty header explicitly set, such as: +The `authentication.jwt` plugin now supports empty prefixes for the JWT header. Some companies use prefix-less headers; previously, the authentication plugin rejected requests even with an empty header explicitly set, such as: -```yml +```yml authentication: jwt: header_value_prefix: ""