connnectors: feature warnings on incompatible plugins

[nicholascioli]

This commit adds a few informative warnings when using connectors with certain plugins which are currently incompatible. These warnings should better inform router operators of certain features which aren't yet supported when used in tandem with connectors.

---

Checklist

Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review.

• Changes are compatible¹
• Documentation² completed
• Performance impact assessed and acceptable
• Tests added and passing³
  • Unit Tests
  • Integration Tests
  • Manual Tests

Exceptions

Note any exceptions here

Notes

Footnotes

1. It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this. ↩

2. Configuration is an important part of many changes. Where applicable please try to document configuration examples. ↩

3. Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions. ↩

[nicholascioli]

This PR is still missing some plugin warnings and a real documentation link to explain why these incompatibilities exist, so it's a draft for now.

[router-perf]

CI performance tests

• connectors-const - Connectors stress test that runs with a constant number of users
• const - Basic stress test that runs with a constant number of users
• demand-control-instrumented - A copy of the step test, but with demand control monitoring and metrics enabled
• demand-control-uninstrumented - A copy of the step test, but with demand control monitoring enabled
• enhanced-signature - Enhanced signature enabled
• events - Stress test for events with a lot of users and deduplication ENABLED
• events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
• events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
• events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
• events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
• events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
• extended-reference-mode - Extended reference mode enabled
• large-request - Stress test with a 1 MB request payload
• no-tracing - Basic stress test, no tracing
• reload - Reload test over a long period of time at a constant rate of users
• step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
• step-local-metrics - Field stats that are generated from the router rather than FTV1
• step-with-prometheus - A copy of the step test with the Prometheus metrics exporter enabled
• step - Basic stress test that steps up the number of users over time
• xlarge-request - Stress test with 10 MB request payload
• xxlarge-request - Stress test with 100 MB request payload

[svc-apollo-docs]

✅ Docs preview has no changes

The preview was not built because there were no changes.

Build ID: d7cf1e1ac84771deeb22569f

[pubmodmatt]

It seems too broad to warn if the customer is using Rhai at all. It's not really incompatible - the only issue is that there is no way for them to hook into the connectors requests, which isn't something we need to warn about since they can't do it. They might mistakenly think that the subgraph lifecycle hook will be executed for a subgraph containing connectors, when it won't. But the other lifecycle hooks are still executed, and in fact we suggest that they use these for auth. I think warning here would be more confusing than anything.

My bar for a warning is that there should be a way for the customer to resolve the issue, or at least suppress it. Here, there isn't - if they need to use Rhai for auth or any other reason, they'd see this warning always.

[pubmodmatt]

The all case concerns me. I mentioned in another comment that for any warning we give, the customer should have a way to resolve the issue. The only way to resolve this would be to replace all with the same config copy and pasted for every single subgraph that doesn't contain connectors. In large supergraphs, that could be very unwieldy. And similar to the Rhai case, there really isn't an incompatibility with coprocessors, there just isn't a way to execute a coprocessor at the connector level - it still works for router, supergraph, etc.

[pubmodmatt]

We actually do have full support for this with connectors. It just needs to be configured at the connector source level:

authentication:
  connector:
    sources:
      aws.lambda:
        aws_sig_v4:
          default_chain:
            profile_name: "default"
            region: "us-east-1"
            service_name: "lambda"
            assume_role:
              role_arn: "arn:aws:iam::XXXXXXXXXXXX:role/helloexecute"
              session_name: "graphql"

Maybe if they have authentication settings on subgraph but don't have a connector setting, there could be an INFO level message pointing them to how to configure it?

The ideal solution would be to detect if any connector base URL points to AWS, and warn if they haven't configured the corresponding source with authentication.

[lennyburdette]

Does authentication.subgraph.all apply to connector sources as well?