-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding sendVariableValues and sendHeaders parameters and specifications to engine #2847
Conversation
@helenwh: Thank you for submitting a pull request! Before we can merge it, you'll need to sign the Meteor Contributor Agreement here: https://contribute.meteor.com/ |
8fc0a03
to
7ed6bf6
Compare
7ed6bf6
to
dbce299
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this looks great! The main thing that's missing is an update to the release notes of Apollo Server, and maybe a parallel PR to the docs! I also brought up some open questions for discussion.
7d557c1
to
c5895c6
Compare
UPDATE:
TODO:
Things to consider:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm really excited this change is happening!
packages/apollo-engine-reporting/src/__tests__/extension.test.ts
Outdated
Show resolved
Hide resolved
…kVariableValues), but this is still TBD - use the same helper for both the deprecated privateVariable option and the new option, since the logic is (basically) the same - added helper (and tests) to enforce that originalVariables.keys == modifiedVariables.keys - updated documentation
8e30644
to
1ebc472
Compare
@glasser @zionts I made some fixes with your feedback! I meant to push another commit with just the changes, but somewhere along the way I squashed too many... The diff from the last change can be viewed here, sorry!! TODO: I think we still need to decide on an option name and default value, but as a placeholder for now I just used an alternative suggestion from @glasser. |
…s, and the subsequent tests/docs
Update: Going to make parallel changes to the option
To think about:
|
bbebd83
to
896c311
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am a bit behind in my individual contributor work and probably can't take another look tomorrow.
|
||
// Helper for makeTraceDetails() to enforce that the keys of a modified 'variables' | ||
// matches that of the original 'variables' | ||
function cleanModifiedVariables( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dunno that this is particularly necessary (if people want to send us weird data, they can send us weird data) but I'm not opposed to it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
96d0038
to
203e7fa
Compare
48c4b06
to
e04a997
Compare
… fixing test cases
e04a997
to
8f9bbaf
Compare
THINGS LEFT TODO:
|
2981485
to
09946ae
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking great. Just a few tweaks left. I'm really impressed by your tests!
docs/source/api/apollo-server.md
Outdated
|
||
NOTE: An error will be thrown if both this deprecated option and its replacement, `sendVariableValues` are defined. | ||
|
||
* `sendHeaders`: { exceptNames: Array<String> } | { includeNames: Array<String> } | { sendAll: boolean } | { sendNone: boolean } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems a little surprising to not include transform
here too, though I suppose the main use case of transform is to tweak nested values which isn't relevant here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't include that option because I wasn't sure there was a need for it, maybe this is something that we could get feedback on? But otherwise I think this would be a relatively simple extension to make!
CHANGELOG.md
Outdated
@@ -1,6 +1,8 @@ | |||
# Changelog | |||
|
|||
### vNext | |||
- `apollo-engine-reporting`: BREAKING CHANGE: By default, send no GraphQL variable values to Apollo's servers instead of sending all variable values. Use the new EngineReportingOption `sendVariableValues` to send some or all variable values, possibly after transforming them. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think to @glasser's point in #2472 (comment), we could give guidance to users on how to migrate to the new API without it being a breaking change if they're using the defaults.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I think Adam's right: this should explicitly say that this is a breaking change only if you don't currently specify privateVariables
at all, and to preserve the old default, you'll want to pass new ApolloServer({engine: {sendVariableValues: {sendAll: true}}})
. (I do think it's good to put it in the context of new ApolloServer
since that's where people will actually write it.)
Hmm, is it odd that the top option name starts with send
and some but not all of the sub-option names do? Should they be all
and none
instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll update the CHANGELOG to be more specific! Do you think it would be worth noting this in the docs specific to the deprecated options (privateVariables
, privateHeaders
) as well?
I think since the new option names already begin with send...
, that the suboptions all
and none
should be clear enough. Will also make that change!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
other than the last comment, lgtm! sorry for the delay.
CHANGELOG.md
Outdated
@@ -1,6 +1,8 @@ | |||
# Changelog | |||
|
|||
### vNext | |||
- `apollo-engine-reporting`: BREAKING CHANGE: By default, send no GraphQL variable values to Apollo's servers instead of sending all variable values. Use the new EngineReportingOption `sendVariableValues` to send some or all variable values, possibly after transforming them. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I think Adam's right: this should explicitly say that this is a breaking change only if you don't currently specify privateVariables
at all, and to preserve the old default, you'll want to pass new ApolloServer({engine: {sendVariableValues: {sendAll: true}}})
. (I do think it's good to put it in the context of new ApolloServer
since that's where people will actually write it.)
Hmm, is it odd that the top option name starts with send
and some but not all of the sub-option names do? Should they be all
and none
instead?
Looks great! |
Addressing the issues in: https://apollographql.atlassian.net/browse/BE-93
And a followup to this PR: #2472
Adding a new EngineReportingOptions parameter,
sendVariableValues
, that accepts custom functions for modifying private or sensitive variable values in addition to the booleans/arrays previously supported by the privateVariables option. Defaults to blocklisting all values.DEPRECATING
privateVariables
Adding a new parameter,
sendHeaders
, which defaults to a blocklist as well, but otherwise preserves properties ofprivateHeaders
DEPRECATING
privateHeaders
[Question/Discussion] I am thinking about including a VariableModificationType in the messaging for a later PR, but it might be unnecessary; I would need to make changes in the UI for it to be used, and I'm not sure if users care/want to know how their variables are being modified?
(https://apollographql.quip.com/KfS7AWThfQau)