feat(replays): Reject replay envelopes if any item contained within is invalid #3201
Conversation
| if dropped_item { | ||
| state | ||
| .managed_envelope | ||
| .reject(Outcome::Invalid(DiscardReason::ReplayRejected)); | ||
| } |
There was a problem hiding this comment.
This leads to different behavior depending on the order of items:
- If the first item is dropped with an outcome, all subsequent items are dropped silently (one outcome in total).
- If the second item is dropped with an outcome, the first outcome will still be in the envelope after
retain_items. In that case, the first item will be rejected withReplayRejectedoutcome (two outcomes in total).
Maybe we can replace retain_items with a simple for loop that breaks on the first failure, and then rejects the envelope with the outcome of the first failure.
There was a problem hiding this comment.
@jjbayer I thought reject logged and emitted no outcomes? This is what I was referencing when writing the PR.
There was a problem hiding this comment.
reject does log outcomes (the Handling is only used to decide whether or not to log an error). But it turns out we don't log outcomes for replays in reject, which is probably just oversight:
relay/relay-server/src/utils/managed_envelope.rs
Lines 433 to 468 in 8eff863
Not sure what the best way forward is here, maybe the best would be to return a ProcessingError, which is then automatically reported as an outcome via ProcessingError::to_outcome.
There was a problem hiding this comment.
I've added retain_or_reject_all methods to ManagedEnvelope and Envelope. It guarantees one outcome is emitted, breaks early on processing error, ensures the envelope is empty after error, and uses all of the familiar APIs replay is accustomed to.
There was a problem hiding this comment.
I looked into the code some more, I'm convinced now that the cleanest way to reject an entire envelope is to raise a ProcessingError and let it bubble up, because that's API that already exists for this purpose. And to make sure that ManagedEnvelope::reject emits outcomes for replays.
For the test, you can add the outcomes_consumer fixture in existing replay integration tests for that, or add new tests in test_outcome.py.
|
Is the goal to have a single outcome per replay? IIRC, in the past replays were split into two envelopes; how would outcome generation behave in that situation? |
|
@iker-barriocanal This change doesn't handle that case but its not a common path. It might not be used any more. |
|
@iker-barriocanal @jjbayer Adding test coverage for this. I'm seeing in the logs |
|
@cmanallen Relay doesn't infer event categories for replays, see relay/relay-server/src/utils/rate_limits.rs Lines 110 to 112 in 912a697 I believe updating the applicable cases should populate the envelope context. Edit: actually, this could have bad side-effects. |
|
@iker-barriocanal I updated those locally and it didn't change the test failure :\ |
|
@cmanallen I added the missing replay rejection to The quantity of the outcome will still be the number of items, because that is consistent with how we count replays for rate limiting purposes. |
|
@jjbayer Updated test coverage and changed quantity to only emit one outcome. This should be ready. |
cmanallen
deleted the
cmanallen/replays-drop-envelope-if-any-item-is-invalid
branch
Closes: #3180
Drop the envelope in its entirety if any component fails validation. This prevents confusing states where is shown a replay which was never ingested.