Change usage reporting defaults backwards-incompatibly to send less data #6051
Assignees
Milestone
Comments
|
See also #6708. |
glasser
added a commit
that referenced
this issue
Aug 10, 2022
We replace the `rewriteError` option with `sendErrorsInTraces` (usage
reporting) and `includeErrors` (inline trace), which takes `{unmodified:
true}`, `{masked:true}`, and `{transform}` variants. This is similar to
`sendVariableValues` and `sendHeaders`.
Like those two options, this now defaults to a more redacted version:
`{masked: true}`. This will reduce unintentional reporting of PII.
Part of #6051.
Paired with @bonnici.
glasser
added a commit
that referenced
this issue
Aug 10, 2022
We replace the `rewriteError` option with `sendErrorsInTraces` (usage
reporting) and `includeErrors` (inline trace), which takes `{unmodified:
true}`, `{masked:true}`, and `{transform}` variants. This is similar to
`sendVariableValues` and `sendHeaders`.
Like those two options, this now defaults to a more redacted version:
`{masked: true}`. This will reduce unintentional reporting of PII.
Part of #6051.
Paired with @bonnici.
glasser
added a commit
that referenced
this issue
Aug 10, 2022
…#6794) We replace the `rewriteError` option with `sendErrorsInTraces` (usage reporting) and `includeErrors` (inline trace), which takes `{unmodified: true}`, `{masked:true}`, and `{transform}` variants. This is similar to `sendVariableValues` and `sendHeaders`. Like those two options, this now defaults to a more redacted version: `{masked: true}`. This will reduce unintentional reporting of PII. Part of #6051. Paired with @bonnici.
|
Hmm. If errors are masked, should we override the logic in defaultSendOperationAsTrace that treats traces with errors specially? |
We can make this change at any time without compat worries because that heuristic is deliberately unspecified. In the interest of moving this project towards finished, let's leave the defaults for "send any traces?" and "instrument fields?" at turned on. The onboarding experience is better that way (ie, no changes needed to Studio UI) and if it's a performance problem you can tweak the settings (or move to Router if you're on Gateway!). |
|
That said: |
glasser
added a commit
that referenced
this issue
Aug 26, 2022
- We've decided to leave the usage reporting defaults in AS4 as "field level instrumentation on for all operations, send some operations as traces". But we'd like to at least provide a non-experimental mechanism for entirely disabling sending traces to Studio. So there's a new ApolloServerPluginUsageReporting: `sendTraces: false`. - Rename the (new in AS4) usage reporting option `sendErrorsInTraces` to `sendErrors`, because it does also affect error statistics in stats reports if your `transform` function returns `null`. - Remove Apollo-internal `internal_includeTracesContributingToStats` option. This enabled some internal consistency monitoring which we are no longer paying attention to. - If you enable `debugPrintReports`, send the reports as `info` rather than `warn`, which primarily lets us delete some large comments (and makes sense because these debug messages are not warnings). Fixes #6051. Fixes #6078.
glasser
added a commit
that referenced
this issue
Aug 26, 2022
- We've decided to leave the usage reporting defaults in AS4 as "field level instrumentation on for all operations, send some operations as traces". But we'd like to at least provide a non-experimental mechanism for entirely disabling sending traces to Studio. So there's a new ApolloServerPluginUsageReporting: `sendTraces: false`. - Rename the (new in AS4) usage reporting option `sendErrorsInTraces` to `sendErrors`, because it does also affect error statistics in stats reports if your `transform` function returns `null`. - Remove Apollo-internal `internal_includeTracesContributingToStats` option. This enabled some internal consistency monitoring which we are no longer paying attention to. - If you enable `debugPrintReports`, send the reports as `info` rather than `warn`, which primarily lets us delete some large comments (and makes sense because these debug messages are not warnings). Fixes #6051. Fixes #6078.
glasser
added a commit
that referenced
this issue
Aug 26, 2022
- We've decided to leave the usage reporting defaults in AS4 as "field level instrumentation on for all operations, send some operations as traces". But we'd like to at least provide a non-experimental mechanism for entirely disabling sending traces to Studio. So there's a new ApolloServerPluginUsageReporting: `sendTraces: false`. - Rename the (new in AS4) usage reporting option `sendErrorsInTraces` to `sendErrors`, because it does also affect error statistics in stats reports if your `transform` function returns `null`. - Remove Apollo-internal `internal_includeTracesContributingToStats` option. This enabled some internal consistency monitoring which we are no longer paying attention to. - If you enable `debugPrintReports`, send the reports as `info` rather than `warn`, which primarily lets us delete some large comments (and makes sense because these debug messages are not warnings). Fixes #6051. Fixes #6078.
glasser
added a commit
that referenced
this issue
Aug 26, 2022
- We've decided to leave the usage reporting defaults in AS4 as "field level instrumentation on for all operations, send some operations as traces". But we'd like to at least provide a non-experimental mechanism for entirely disabling sending traces to Studio. So there's a new ApolloServerPluginUsageReporting: `sendTraces: false`. - Rename the (new in AS4) usage reporting option `sendErrorsInTraces` to `sendErrors`, because it does also affect error statistics in stats reports if your `transform` function returns `null`. - Remove Apollo-internal `internal_includeTracesContributingToStats` option. This enabled some internal consistency monitoring which we are no longer paying attention to. - If you enable `debugPrintReports`, send the reports as `info` rather than `warn`, which primarily lets us delete some large comments (and makes sense because these debug messages are not warnings). Fixes #6051. Fixes #6078.
|
Finished up in #6855. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In order to make usage reporting have better performance and less potential PII leakage by default, we should change the default usage reporting to send even less information by default. We previously changed usage reporting to make variable and HTTP header reporting opt-in. We should continue down this path to make sending error bodies in traces opt-in (though we should still probably track the number of errors by default). Furthermore, now that the Unified Reporting and referenced field usage projects are done, we can change the defaults to make traces be an opt-in feature (which gives you access to traces on the Operations page, field execution counts on the Fields page, and field latencies in Explorer and VSCode timing hints) that isn’t on by default. This would mean that by default we would only send summarized statistics of operations, not any data about individual requests, and the only user-provided strings would be operation signatures (with literals removed as always).
The text was updated successfully, but these errors were encountered: