Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚀 Features
Authorization: dry run option (Issue #3843)
It is now possible to execute authorization directives without modifying the query, but still return the list of affected paths as top-level errors in the response. This allows testing authorization without breaking existing traffic. See documentation for
authorization.dry_run
.By @Geal in #4079
Rhai: support alternative base64 alphabets (Issue #3783)
This adds support for alternative base64 alphabets:
STANDARD
STANDARD_NO_PAD
URL_SAFE
URL_SAFE_NO_PAD
They can be used as follows:
The default when the alphabet argument is not specified is STANDARD.
By @Geal in #3885
GraphOS authorization directives: policy directive (PR #3751)
We introduce a new GraphOS authorization directive called
@policy
, that is designed to offload authorization policy execution to a coprocessor or Rhai script. it extracts from the query the list of relevant policies, the coprocessor indicates which of those policies failed, then the router filters unauthorized fields, as it does with@authenticated
and@requiresScopes
. If you want to know more, check out the documentation.By @Geal in #3751
Add a router request builder (Issue #3267)
The builder implementation was missing on the router request side, which means that router service level plugins cannot reuse the context if they unpack the request object.
By @Geal in #3430
Authorization directives are enabled by default (Issue #3842)
If the router starts with an API key from an Enterprise account, and the schema contains the authorization directives, then they will be usable directly without further configuration.
By @Geal in #3713
Add a flag to disable authorization error logs (Issue #4077 & Issue #4116)
Authorization errors need flexible reporting depending on the use case. They can now be configured as follows:
Logging can be disabled if platform operators do not want to see the logs polluted by common authorization errors.
Errors in responses may be:
By @Geal in #4076 & #4122
Add a new studio reporting metric (Issue #3883)
Count how many reports we have submitted to studio, with a "type" attribute that indicates if reporting "traces" or "metrics".
By @garypen in #4039
🐛 Fixes
Bring Otel
service.name
into line with the Otel spec (PR #4034)Handling of Otel
service.name
has been brought into line with the Otel spec across traces and metrics.Service name discovery is handled in the following order:
OTEL_SERVICE_NAME
envOTEL_RESOURCE_ATTRIBUTES
envrouter.yaml
service_name
router.yaml
resources
(attributes)If none of the above are found then the service name will be set to
unknown_service:apollo_router
orunknown_service
if the executable name cannot be determined.Users who have not explicitly configured their service name should do so either via the yaml config file or via the
OTEL_SERVICE_NAME
environment variable.By @BrynCooke in #4034
Rename helm template from common. to apollographql. (Issue #4002)
There is a naming clash with bitnami common templates used in other charts. This is unfortunate when used in a chart which has multiple dependencies where names may clash.
The straightforward fix is to rename our templates from common to apollographql.
By @garypen in #4005
Propagate headers for source stream events with subscription (Issue #3731)
Before the headers coming from the request were not propagated to the subgraph request when configured with headers plugin on subscription events. You had to use a Rhai script as a workaround, it's not required anymore.
By @bnjjj in #4057
Fix memory issues in the apollo metrics exporter (PR #4107)
There were a number of issues with the apollo metrics exporter which meant that under load the router would look as though it was leaking memory. It isn't a leak, strictly speaking, but is in fact "lingering" memory.
The root cause was a bounded
futures
channel which did not enforce the bounds as we expected and thus could over-consume memory. We have fixed the issue by:tokio
bounded channel which enforces the bound as we originally expectedWith these changes in place we have observed that the router behaves very well with respect to memory consumption under high load.
By @garypen in #4107
Support authorization directive renaming (PR #3949)
When importing directives through the
@link
directive, they can be renamed. This makes sure that the authorization plugin can still recognize its directives when they have been renamed.By @Geal in #3949
📃 Configuration
Bring telemetry tracing config and metrics config into alignment (Issue #4043)
Configuration between tracing and metrics was inconsistent and did not align with otel spec terminology. The following changes have been made to router.yaml configuration:
telemetry.tracing.trace_config
has been renamed tocommon
telemetry.tracing.common.attributes
has been renamed toresource
telemetry.metrics.common.resources
has been renamed toresource
telemetry.tracing.propagation.awsxray
has been renamed toaws_xray
The Router will upgrade any existing configuration on startup. However, you should update your configuration to use the new format as soon as possible.
By @BrynCooke in #4044, #4050 and #4051
🛠 Maintenance
Router should respond with subscription-protocol header for callback (Issue #3929)
Callback protocol documentation specifies that router responds with
subscription-protocol: callback/1.0
header to the initialization (check) message. Currently router does not set this header on the response.By @bnjjj in #3939
Use trust dns for hyper client resolver (Issue #4030)
Investigating memory revealed that the default hyper client DNS resolver had a negative impact on the memory footprint of the router.
It may also not be respecting TTL correctly. Let's replace the default with Trust DNS.
By @garypen in #4088
📚 Documentation
Clarify and fix docs about supported WebSocket subprotocols (PR #4063)
The way we previously documented the supported websocket protocols for router to subgraph communication was confusing.
This changeset brings more clarity around how to customise the websocket protocol, including the subgraph path that exposes websocket capabilities.
By @shorgi in #4063