Adding sendVariableValues and sendHeaders parameters and specifications to engine #2847
Conversation
|
@helenwh: Thank you for submitting a pull request! Before we can merge it, you'll need to sign the Meteor Contributor Agreement here: https://contribute.meteor.com/ |
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
from
8fc0a03
to
7ed6bf6
Compare
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
from
7ed6bf6
to
dbce299
Compare
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
3 times, most recently
from
7d557c1
to
c5895c6
Compare
|
UPDATE:
TODO:
Things to consider:
|
packages/apollo-engine-reporting/src/__tests__/extension.test.ts
Outdated
Show resolved
Hide resolved
…kVariableValues), but this is still TBD - use the same helper for both the deprecated privateVariable option and the new option, since the logic is (basically) the same - added helper (and tests) to enforce that originalVariables.keys == modifiedVariables.keys - updated documentation
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
from
8e30644
to
1ebc472
Compare
|
@glasser @zionts I made some fixes with your feedback! I meant to push another commit with just the changes, but somewhere along the way I squashed too many... The diff from the last change can be viewed here, sorry!! TODO: I think we still need to decide on an option name and default value, but as a placeholder for now I just used an alternative suggestion from @glasser. |
…s, and the subsequent tests/docs
|
Update: Going to make parallel changes to the option
To think about:
|
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
from
bbebd83
to
896c311
Compare
|
|
||
| // Helper for makeTraceDetails() to enforce that the keys of a modified 'variables' | ||
| // matches that of the original 'variables' | ||
| function cleanModifiedVariables( |
There was a problem hiding this comment.
I dunno that this is particularly necessary (if people want to send us weird data, they can send us weird data) but I'm not opposed to it.
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
4 times, most recently
from
96d0038
to
203e7fa
Compare
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
3 times, most recently
from
48c4b06
to
e04a997
Compare
… fixing test cases
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
from
e04a997
to
8f9bbaf
Compare
helenwh
changed the title
|
THINGS LEFT TODO:
|
helenwh
force-pushed
the
EnforcingPrivateVariables
branch
from
2981485
to
09946ae
Compare
docs/source/api/apollo-server.md
Outdated
|
|
||
| NOTE: An error will be thrown if both this deprecated option and its replacement, `sendVariableValues` are defined. | ||
|
|
||
| * `sendHeaders`: { exceptNames: Array<String> } | { includeNames: Array<String> } | { sendAll: boolean } | { sendNone: boolean } |
There was a problem hiding this comment.
Seems a little surprising to not include transform here too, though I suppose the main use case of transform is to tweak nested values which isn't relevant here.
There was a problem hiding this comment.
I didn't include that option because I wasn't sure there was a need for it, maybe this is something that we could get feedback on? But otherwise I think this would be a relatively simple extension to make!
CHANGELOG.md
Outdated
| @@ -1,6 +1,8 @@ | |||
| # Changelog | |||
|
|
|||
| ### vNext | |||
| - `apollo-engine-reporting`: BREAKING CHANGE: By default, send no GraphQL variable values to Apollo's servers instead of sending all variable values. Use the new EngineReportingOption `sendVariableValues` to send some or all variable values, possibly after transforming them. | |||
There was a problem hiding this comment.
I think to @glasser's point in #2472 (comment), we could give guidance to users on how to migrate to the new API without it being a breaking change if they're using the defaults.
There was a problem hiding this comment.
Yeah I think Adam's right: this should explicitly say that this is a breaking change only if you don't currently specify privateVariables at all, and to preserve the old default, you'll want to pass new ApolloServer({engine: {sendVariableValues: {sendAll: true}}}). (I do think it's good to put it in the context of new ApolloServer since that's where people will actually write it.)
Hmm, is it odd that the top option name starts with send and some but not all of the sub-option names do? Should they be all and none instead?
There was a problem hiding this comment.
I'll update the CHANGELOG to be more specific! Do you think it would be worth noting this in the docs specific to the deprecated options (privateVariables, privateHeaders) as well?
I think since the new option names already begin with send..., that the suboptions all and none should be clear enough. Will also make that change!
CHANGELOG.md
Outdated
| @@ -1,6 +1,8 @@ | |||
| # Changelog | |||
|
|
|||
| ### vNext | |||
| - `apollo-engine-reporting`: BREAKING CHANGE: By default, send no GraphQL variable values to Apollo's servers instead of sending all variable values. Use the new EngineReportingOption `sendVariableValues` to send some or all variable values, possibly after transforming them. | |||
There was a problem hiding this comment.
Yeah I think Adam's right: this should explicitly say that this is a breaking change only if you don't currently specify privateVariables at all, and to preserve the old default, you'll want to pass new ApolloServer({engine: {sendVariableValues: {sendAll: true}}}). (I do think it's good to put it in the context of new ApolloServer since that's where people will actually write it.)
Hmm, is it odd that the top option name starts with send and some but not all of the sub-option names do? Should they be all and none instead?
|
Looks great! |
Addressing the issues in: https://apollographql.atlassian.net/browse/BE-93
And a followup to this PR: #2472
Adding a new EngineReportingOptions parameter,
sendVariableValues, that accepts custom functions for modifying private or sensitive variable values in addition to the booleans/arrays previously supported by the privateVariables option. Defaults to blocklisting all values.DEPRECATING
privateVariablesAdding a new parameter,
sendHeaders, which defaults to a blocklist as well, but otherwise preserves properties ofprivateHeadersDEPRECATING
privateHeaders[Question/Discussion] I am thinking about including a VariableModificationType in the messaging for a later PR, but it might be unnecessary; I would need to make changes in the UI for it to be used, and I'm not sure if users care/want to know how their variables are being modified?
(https://apollographql.quip.com/KfS7AWThfQau)