prep release: v1.21.0

[o0Ignition0o]

Note

When approved, this PR will merge into the 1.21.0 branch which will — upon being approved itself — merge into main.

Things to review in this PR:

• Changelog correctness (There is a preview below, but it is not necessarily the most up to date. See the Files Changed for the true reality.)
• Version bumps
• That it targets the right release branch (1.21.0 in this case!).

---

🚀 Features

Query planner plugins (Issue #3150)

We may need to modify a query between query plan caching and the query planner. This leads to the requirement to provide a query planner plugin capability. This capability is private to the router for now.

The plugins need an ApolloCompiler instance to perform useful work on the query, so the caching layer, in case of cache miss, will generate a compiler instance and transmit it as part of the request going through query planner plugins. At the end of the chain, the query planner extracts the modified query from the compiler, uses it to generate a query plan, and generates the selections of both the original and filtered query for response formatting. This is done to ensure that the response does not leak data removed in the filtered query, but still keeps a shape expected by the original query, using the null propagation.

A new visitor trait helps modifying the query.

By @Geal in #3177 and #3252

Restore HTTP payload size limit, make it configurable (Issue #2000)

Early versions of Apollo Router used to rely on a part of the Axum web framework
that imposed a 2 MB limit on the size of the HTTP request body.
Version 1.7 changed to read the body directly, unintentionally removing this limit.

The limit is now restored to help protect against unbounded memory usage, but is now configurable:

preview_operation_limits:
  experimental_http_max_request_bytes: 2000000 # Default value: 2 MB

This limit is checked while reading from the network, before JSON parsing.
Both the GraphQL document and associated variables count toward it.

Before increasing this limit significantly consider testing performance
in an environment similar to your production, especially if some clients are untrusted.
Many concurrent large requests could cause the Router to run out of memory.

By @SimonSapin in #3130

Add support for empty auth prefixes (Issue #2909)

This updates the authentication.jwt plugin to support empty prefixes for the JWT header. Some companies use prefix-less headers; previously, the authentication plugin would reject requests even with an empty header explicitly set, such as:

authentication:
  jwt:
    header_value_prefix: ""

This change enables the plugin to support this.

By @lleadbet in #3206

🐛 Fixes

GraphQL introspection errors are now 400 errors (Issue #3090)

If we get an Introspection error during SupergraphService::plan_query(), then it is reported to the client as an HTTP 500 error. This change modifies the handling of errors to generate a valid GraphQL error for Introspection errors whilst also modifying the HTTP status to be 400.

The result of this change is that the client response

StatusCode:500

{"errors":[{"message":"value retrieval failed: introspection error: introspection error : Field "__schema" of type "__Schema!" must have a selection of subfields. Did you mean "__schema { ... }"?","extensions":{"code":"INTERNAL_SERVER_ERROR"}}]}

becomes:

StatusCode:400

{"errors":[{"message":"introspection error : Field "__schema" of type "__Schema!" must have a selection of subfields. Did you mean "__schema { ... }"?","extensions":{"code":"INTROSPECTION_ERROR"}}]}

By @garypen in #3122

Restore missing debug tools in "debug" Docker images (Issue #3249)

Debug Docker images were designed to make use of heaptrack for debugging memory issues. However, this functionality was inadvertently removed when we changed to multi-architecture Docker image builds.

This restores the heaptrack functionality to our debug docker images.

By @garypen in #3250

Federation v2.4.8 (Issue #3217, Issue #3227)

This release bumps the Router's Federation support from v2.4.7 to v2.4.8, which brings in notable query planner fixes from v2.4.8. Of note from those releases, this brings query planner fixes that (per that dependency's changelog):

• Fix bug in the handling of dependencies of subgraph fetches. This bug was manifesting itself as an assertion error (apollographql/federation#2622)
  thrown during query planning with a message of the form Root groups X should have no remaining groups unhandled (...).

• Fix issues in code to reuse named fragments. One of the fixed issue would manifest as an assertion error with a message (apollographql/federation#2619)
  looking like Cannot add fragment of condition X (...) to parent type Y (...). Another would manifest itself by
  generating an invalid subgraph fetch where a field conflicts with another version of that field that is in a reused
  named fragment.

These manifested as Router issues #3217 and #3227.

By @renovate and o0ignition0o in #3202

🛠 Maintenance

chore: split out router events into its own module (PR #3235)

Breaks down ./apollo-router/src/router.rs into its own module ./apollo-router/src/router/mod.rs with a sub-module ./apollo-router/src/router/event/mod.rs that contains all of the streams that we combine to start a router (entitlement, schema, reload, configuration, shutdown, more streams to be added). This change makes adding new events/modifying existing events a bit easier since it's not in one huge giant file to rule them all.

By @EverlastingBugstopper in #3235

Simplify router service tests (PR #3259)

Parts of the router service creation were generic, to allow mocking, but the TestHarness API allows us to reuse the same code in all cases. We can remove some generic types and simplify the API

By @Geal in #3259

update Rhai to 1.15.0 to fix issue with hanging example test (Issue #3213)

One of our Rhai examples' tests have been regularly hanging in the CI builds for the last couple of months. Investigation uncovered a race condition within Rhai itself. This update brings in the fixed version of Rhai and should eliminate the hanging problem and improve build stability.

By @garypen in #3273

📚 Documentation

Improve example Rhai scripts for JWT Authentication (PR #3184)

Simplify the example Rhai scripts in the JWT Authentication docs and includes a sample main.rhai file to make it more clear how to use all scripts together.

By @dbanty in #3184

🧪 Experimental

Expose the apollo compiler at the supergraph service level (PR #3200)

This adds a query analysis phase inside the router service, before sending the query through the supergraph plugins. It makes a compiler available to supergraph plugins, to perform deeper analysis of the query. That compiler is then used in the query planner to create the Query object containing selections for response formatting.

This is for internal use only for now, until we are sure we can expose the right public API.

By @o0Ignition0o and @Geal in #3200

[router-perf]

CI performance tests

• const - Basic stress test that runs with a constant number of users
• events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
• no-graphos - Basic stress test, no GraphOS.
• step - Basic stress test that steps up the number of users over time
• reload - Reload test over a long period of time at a constant rate of users
• xlarge-request - Stress test with 10 MB request payload
• events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
• large-request - Stress test with a 1 MB request payload
• events - Stress test for events with a lot of users and deduplication ENABLED
• xxlarge-request - Stress test with 100 MB request payload