Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip some supergraph validations in production by default #2657

Merged
merged 5 commits into from
Jul 13, 2023
Merged

Skip some supergraph validations in production by default #2657

merged 5 commits into from
Jul 13, 2023

Conversation

pcmanus
Copy link
Contributor

@pcmanus pcmanus commented Jul 5, 2023

When receiving a supergraph, we were always running all the graphQL validations on both the supergraph itslef, and on each of the subgraphs we extract from it.

This is useful for us when doing dev, as it allows to get decent error message when we break the supergraph generation process or the subgraph extraction process, but this is of very limited value otherwise: even if we don't run those full validations, the supergraph still has to be valid graphQL syntax to parse in the first place, and the subgraph extraction will still throw if the supergraph is not essentially a valid supergraph (and note that the code checking that the join spec version is valid, or that the supergraph does not use non-supported feature for SECURITY or EXECUTION is not disabled by this).

Besides, it's not like uplink will send basically-valid-but-slightly-corrupted supergraphs, and when using IntrospectAndCompose there isn't really room for the supergraph to be corrupted.

And those validations are actually not super cheap, especially on large supergraphs, so running them feels wasteful.

This commit thus disable those validation in production environment (when NODE_ENV === "production") by default. It keeps those validation during dev mainly for 2 reasons:

  1. as mentioned above, so that those validate are run when we run our own unit tests, to help catch/identify any subtle mistake we would introduce in the supergraph generation and extaction codes.
  2. when debugging something, it can happens that one start a gateway from a statically provided supergraph SDL, SDL that one may have manually edited for some reason (testing something, playing with it, ...). In that case, the validation can provide nicer errors if the manual edits are invalid.

The commit also introduce a validateReceivedSupergraphs in the gateway config to allows overriding the default behaviour described above.

@pcmanus pcmanus requested a review from a team as a code owner July 5, 2023 13:50
@netlify
Copy link

netlify bot commented Jul 5, 2023
edited
Loading

‼️ Deploy request for apollo-federation-docs rejected.

Name Link
🔨 Latest commit 2d543e90693c6066bebb2ea3b085d58f4742db2d

@changeset-bot
Copy link

changeset-bot bot commented Jul 5, 2023
edited
Loading

🦋 Changeset detected

Latest commit: 387d2c5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 7 packages
Name Type
@apollo/query-planner Minor
@apollo/query-graphs Minor
@apollo/composition Minor
@apollo/federation-internals Minor
@apollo/gateway Minor
@apollo/subgraph Minor
apollo-federation-integration-testsuite Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@codesandbox-ci
Copy link

codesandbox-ci bot commented Jul 5, 2023
edited
Loading

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

@pcmanus
Copy link
Contributor Author

pcmanus commented Jul 5, 2023

Note that this PR is currently on top of #2655 because it uses the refactor done in that PR to be able to pass the argument to disable validation cleanly.

@pcmanus pcmanus force-pushed the disable-validation branch 2 times, most recently from 15ca882 to 2d543e9 Compare July 10, 2023 12:58
@pcmanus pcmanus requested a review from a team as a code owner July 10, 2023 12:58
@pcmanus pcmanus changed the base branch from main to next July 10, 2023 12:58
@pcmanus
Skip supergraph validations in production by default
5b39d5b 
When receiving a supergraph, we were always running all the graphQL
validations on both the supergraph itslef, and on each of the subgraphs
we extract from it.

This is useful for us when doing dev, as it allows to get decent error
message when we break the supergraph generation process or the subgraph
extraction process, but this is of very limited value otherwise: even if
we don't run those full validations, the supergraph still has to be
valid graphQL syntax to parse in the first place, and the subgraph
extraction will still throw if the supergraph is not essentially a valid
supergraph (and note that the code checking that the `join` spec version
is valid, or that the supergraph does not use non-supported feature for
`SECURITY` or `EXECUTION` is *not* disabled by this).

Besides, it's not like uplink will send basically-valid-but-slightly-corrupted
supergraphs, and when using `IntrospectAndCompose` there isn't really
room for the supergraph to be corrupted.

And those validations are actually not super cheap, especially on large
supergraphs, so running them feels wasteful.

This commit thus disable those validation in production environment
(when `NODE_ENV === "production"`) by default. It keeps those validation
during dev mainly for 2 reasons:
1. as mentioned above, so that those validate are run when we run our
  own unit tests, to help catch/identify any subtle mistake we would
  introduce in the supergraph generation and extaction codes.
2. when debugging something, it can happens that one start a gateway
  from a statically provided supergraph SDL, SDL that one may have
  manually edited for some reason (testing something, playing with it,
  ...). In that case, the validation can provide nicer errors if
  the manual edits are invalid.

The commit also introduce a `validateReceivedSupergraphs` in the
gateway config to allows overriding the default behaviour described
above.
trevor-scheer
trevor-scheer approved these changes Jul 13, 2023
View reviewed changes
Copy link
Member

@trevor-scheer trevor-scheer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes lgtm. Maybe we should add some tests around the assumeValid behavior? I think it would be fine to follow up with those later, just to preserve the behavior we expect going forward.

.changeset/dull-lamps-invent.md Outdated Show resolved Hide resolved
gateway-js/src/config.ts Outdated
* for development (mostly to provide better error messages when provided with an incorrect
* supergraph).
*/
validateReceivedSupergraphs?: boolean;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small naming nitpick, not a big deal though. validateSupergraph(s) maybe? "received" seems extraneous. I can see the argument to keep it plural but it doesn't seem necessary, fine either way.

clenfest
clenfest reviewed Jul 13, 2023
View reviewed changes
gateway-js/src/config.ts Outdated Show resolved Hide resolved
internals-js/src/supergraphs.ts Outdated
@@ -118,7 +123,7 @@ export class Supergraph {
// Note that `extractSubgraphsFromSupergraph` redo a little bit of work we're already one, like validating
// the supergraph. We could refactor things to avoid it, but it's completely negligible in practice so we
// can leave that to "some day, maybe".
this._subgraphs = extractSubgraphsFromSupergraph(this.schema);
this._subgraphs = extractSubgraphsFromSupergraph(this.schema, !this.assumeValid);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't love that we start with validateReceivedSupergraphs then go to assumeValid then back to validateExtractedSubgraphs. It would be nice to not keep negating the poor boolean.

clenfest
clenfest reviewed Jul 13, 2023
View reviewed changes
gateway-js/src/index.ts
@@ -634,8 +634,8 @@ export class ApolloGateway implements GatewayInterface {
}

private createSchemaFromSupergraphSdl(supergraphSdl: string) {
const assumeValid = !(this.config.validateReceivedSupergraphs ?? process.env.NODE_ENV !== 'production');
const supergraph = Supergraph.build(supergraphSdl, { assumeValid });
const validateSupergraph = this.config.validateSupergraph ?? process.env.NODE_ENV !== 'production';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is wrong. If they explicitly set validateSupergraph to false, we should probably honor that, no?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

false ?? true equates to false, unlike false || true, so I think this is doing what we want.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, of course. Clearly been doing too much rust lately. ship it.

@trevor-scheer trevor-scheer merged commit fe1e3d7 into apollographql:next Jul 13, 2023
@github-actions github-actions bot mentioned this pull request Jul 13, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trevor-scheer trevor-scheer trevor-scheer approved these changes

@clenfest clenfest clenfest left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pcmanus @clenfest @trevor-scheer