Warning
We have discovered an issue with comment parsing in graphql schema in this release (#3680). We will be releasing a follow up to fix this shortly. For now users should use 1.27.0.
๐ Features
Expose the stats_reports_key
hash to plugins. (Issue #2728)
This exposes a new key in the Context
, apollo_operation_id
, which identifies operation you can find in studio:
https://studio.apollographql.com/graph/<your_graph_variant>/variant/<your_graph_variant>/operations?query=<apollo_operation_id>
The apollo_operation_id
context key is exposed during:
- Execution service request
- Subgraph service request
- Subgraph service response
- Execution service response
- Supergraph service response
- Router service response
By @o0Ignition0o in #3586
Add new (unstable) metrics (PR #3609)
Many of our existing metrics are poorly and inconsistently named. In addition, they follow Prometheus style rather than Otel style.
This changeset adds some new metrics that will give us a good foundation to build upon.
New metrics are namespaced apollo.router.operations.*
.
These metrics should be treated as unstable and may change in the future.
By @BrynCooke in #3609
๐ Fixes
Flush metrics when Router reloads or shuts down (Issue #3140)
When the Router either reloads or shuts down it now flushes metrics.
Push metrics exporters, such as OTLP, would have previously missed some metrics โ in particular those related to reload events.
๐ Maintenance
Upgrade to Rust 1.71.1 (PR #3536)
This includes the fix for CVE-2023-38497.
Although Apollo was not affected, users building custom binaries should consider their own build environments to determine if they were impacted.
By @SimonSapin in #3536
Add Apollo OpenTelemetry metrics (PR #3354, PR #3651)
We've added an OpenTelemetry metrics exporter which compliments and builds upon our existing Apollo Studio Protobuf format for metric transmission.
By @BrynCooke in #3354 and #3651
๐ Documentation
Clarify that hot-reload does not affect Uplink-delivered config/schema (PR #3596)
This documentation adjustment (and small CLI help change) tries to clarify some confusion around the --hot-reload
command line argument and the scope of its operation.
Concretely, the supergraph and configuration that is delivered through a GraphOS Launch (and delivered through Uplink) is always loaded immediately and will take effect as soon as possible.
On the other hand, files that are provided locally - e.g., --config ./file.yaml
and --supergraph ./supergraph.graphql
- are only reloaded:
- If
--hot-reload
is passed (or if another flag infers--hot-reload
, as is the case with--dev
) and a supergraph or configuration is changed; or - When the router process is sent a SIGHUP.
Otherwise, files provided locally to the router are only re-reloaded if the router process is completely restarted.
๐งช Experimental
Improvements to safelisting with Persisted Queries (preview)
(The Persisted Queries feature was initially released in Router v1.25.0, as part of a private preview requiring enablement by Apollo support. The feature is now in public preview and is accessible to any enterprise GraphOS organization.)
Several improvements to safelisting behavior based on preview feedback:
-
When the safelist is enabled (but
require_id
is not), matching now ignores the order of top-level definitions (operations and fragments) and ignored tokens (whitespace, comments, commas, etc), so that differences in these purely syntactic elements do not affect whether an operation is considered to be in the safelist. -
If introspection is enabled on the server, any operation whose top-level fields are introspection fields (
__type
,__schema
, or__typename
) is considered to be in the safelist.
This special case is not applied ifrequire_id
is enabled, so that Router never parses freeform GraphQL in this mode. -
When
log_unknown
is enabled andapq
has not been disabled, the Router now logs any operation not in the safelist as unknown, even those sent via IDs if the operation was found in the APQ cache rather than the manifest. -
When
log_unknown
andrequire_id
are both enabled, the Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL).Previously, the Router only logged the operations that would have been rejected by the safelist feature with
require_id
disabled (i.e., operations sent as freeform GraphQL that do not match an operation in the manifest).
As a side effect of this change, Router now re-downloads the PQ manifest when reloading configuration dynamically rather than caching it across reloads. If this causes a notable performance regression for your use case, please file an issue.