<!-- The PR description should answer 2 important questions: -->
### What
<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->
<!-- Consider: do we need to add a changelog entry? -->
<!-- Does this PR introduce new validation that might break old builds?
-->
<!-- Consider: do we need to put new checks behind a flag? -->
This PR removes the pre-route plugin from the user-facing changelog and
adds it to the internal changelog.
### How
<!-- How is it trying to accomplish it (what are the implementation
steps)? -->
V3_GIT_ORIGIN_REV_ID: d1a1b8d9964267b931e48053d7529f9a52e43bd2
<!-- The PR description should answer 2 important questions: -->
### What
It turns out `v3-engine` isn't the thing we run in Docker anymore. This
PR fixes a problem I introduced in the other PR for exposing the client
IP to plugins.
### How
We call `into_make_service_with_connect_info` in the
`ddn-engine-local-dev` package now as well.
V3_GIT_ORIGIN_REV_ID: d7787a5b50f223ec8e174b599736582bb7561f03
<!-- The PR description should answer 2 important questions: -->
### What
This PR adds an extra header to the request to plugins:
[`X-Forwarded-For`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For).
This allows the plugin to see the IP of the original requester, meaning
we can implement things like rate limiting and IP allow lists.
For example, here's a postbin excerpt from a plugin request with this
PR.
```
URL: /
TIMESTAMP
2024-12-09 14:24:33 +0100
HEADERS
VERSION: HTTP/1.1
TRACEPARENT: 00-6f06be5323ae4727001080c903dce087-bf7aadeecc079c4b-01
TRACESTATE:
X_B3_TRACEID: 6f06be5323ae4727001080c903dce087
X_B3_SPANID: bf7aadeecc079c4b
X_B3_SAMPLED: 1
TRACERESPONSE: 00-6f06be5323ae4727001080c903dce087-bf7aadeecc079c4b-01
X_FORWARDED_FOR: ::1
ACCEPT: */*
HOST: 127.0.0.1:6969
```
### How
We pass the IP through from the client request down to the plugin code.
It's almost entirely just adding parameters to functions.
V3_GIT_ORIGIN_REV_ID: 63a44e45082035ba8213e79829281fe369ff95d1
<!-- The PR description should answer 2 important questions: -->
### What
While generating the json:api catalog for a given role, include
relationships for an object type only if the relationship's output type
is accessible to the role. This would enable proper open api schema
generation and permission check during json:api validation phase.
### How
<!-- How is it trying to accomplish it (what are the implementation
steps)? -->
Include the relationship in the map after checking the role's
accessibility to the type.
V3_GIT_ORIGIN_REV_ID: 5c7b95d7118a665783d1b765198648d876ad684a
### What
This PR updates the MBS JSON Schema so that its definition of
CompatibilityDate contains a list of known compatibility dates. The type
still allows any date as well.
This change ensures that every time a new CompatibilityDate is added,
the JSON Schema changes, which automatically creates a PR to the CLI
repo, so they know a new date has been added, so that they can evaluate
and respond to that.
### How
The code that maps OpenDD `Flag`s to `CompatibilityDate`s was moved from
MBS to the `compatibility` crate, and then used during JSON Schema
formation to generate the JSON Schema enum list of dates.
V3_GIT_ORIGIN_REV_ID: e67dad2aa10e5e74613aa1f80c3972753bc9a576
<!-- The PR description should answer 2 important questions: -->
### What
<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->
<!-- Consider: do we need to add a changelog entry? -->
<!-- Does this PR introduce new validation that might break old builds?
-->
<!-- Consider: do we need to put new checks behind a flag? -->
This PR introduces pre-route plugins. A pre-route plugin sits at the
router level. It will catch all the OTHER routes (other than existing
routes like `/graphql`, `/v1/explain`, etc.) and, based on the
configuration, call some external webhook to handle the request.
Currently, we can configure the following:
- The regex for the URL to match on
- The request to the webhook:
- headers
- method
- raw query
The feature is currently hidden behind a flag.
In case of multiple pre-route plugins, the first matching pre-route
plugin will handle the request.
Currently, the pre-route plugin can handle only GET requests to the
engine, but we can easily expand this to handle other requests.
A sample request being handled by the preroute plugin:
### How
<!-- How is it trying to accomplish it (what are the implementation
steps)? -->
We have made the following changes:
- Make our tracing library more lenient for trace span names.
- Implement the middleware.
V3_GIT_ORIGIN_REV_ID: cc9913c7071a65c2da545f11909f72fccd798862
<!-- The PR description should answer 2 important questions: -->
### What
<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->
<!-- Consider: do we need to add a changelog entry? -->
<!-- Does this PR introduce new validation that might break old builds?
-->
<!-- Consider: do we need to put new checks behind a flag? -->
This PR makes the trace span names less strict. This will allow us to
use variables in the span names.
### How
<!-- How is it trying to accomplish it (what are the implementation
steps)? -->
Previously, we were using `static str`; we have swapped it for `N:
Into<Cow<'static, str>>`.
The underlying library uses the same type for span names.
V3_GIT_ORIGIN_REV_ID: fa9f479171545903f11ca839f895a3bcb90afb4a
<!-- The PR description should answer 2 important questions: -->
### What
I forget to take these out sometimes, let's make the tooling help us.
V3_GIT_ORIGIN_REV_ID: a82a01fcc9fea096c065fbc2312823d46ec5ce4c
<!-- The PR description should answer 2 important questions: -->
### What
We now have a distinction between the OSS engine (does not contain
`sql`) and local dev engine (does contains `sql`), so we make a separate
target, and build the `v3-engine` Docker image from
`ddn-engine-local-dev` instead.
`sql` is still open source at this point - we still need to move it and
make the tests work.
### How
Add a new package, build and publish it with Nix.
V3_GIT_ORIGIN_REV_ID: 3bac9005a5698a44b1121a56e3c5a88bd3f5aef4
Bumps [tokio-util](https://github.com/tokio-rs/tokio) from 0.7.12 to
0.7.13.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b31c2f73d"><code>0b31c2f</code></a>
chore: prepare tokio-util v0.7.13 (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7012">#7012</a>)</li>
<li><a
href="129f9fc0c8"><code>129f9fc</code></a>
codec: fix incorrect handling of invalid utf-8 in
<code>LinesCodec::decode_eof</code> (#...</li>
<li><a
href="b5c227d51f"><code>b5c227d</code></a>
tracing: move tracing instrumentation tests into tokio tests (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7007">#7007</a>)</li>
<li><a
href="dcae2b9eb8"><code>dcae2b9</code></a>
ci: unfreeze FreeBSD from rustc 1.81 (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7009">#7009</a>)</li>
<li><a
href="bb9d57017e"><code>bb9d570</code></a>
chore: prepare Tokio v1.42.0 (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7005">#7005</a>)</li>
<li><a
href="af9c683d52"><code>af9c683</code></a>
tests: fix typo in build test instructions (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7004">#7004</a>)</li>
<li><a
href="4bc5a1a058"><code>4bc5a1a</code></a>
ci: allow Unicode-3.0 license for unicode-ident (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7006">#7006</a>)</li>
<li><a
href="f8948ea021"><code>f8948ea</code></a>
runtime: do not defer <code>yield_now</code> inside
<code>block_in_place</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6999">#6999</a>)</li>
<li><a
href="bce9780dd3"><code>bce9780</code></a>
time: use <code>array::from_fn</code> instead of manually creating array
(<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7000">#7000</a>)</li>
<li><a
href="38151f30cb"><code>38151f3</code></a>
readme: unlist 1.32.x as LTS release (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6997">#6997</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tokio-rs/tokio/compare/tokio-util-0.7.12...tokio-util-0.7.13">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 905ade8e57dc1b991bfa579632cdda7f9edad5ae
<!-- The PR description should answer 2 important questions: -->
### What
Final part of execution plan changes. There was a bunch of code and
types shared between `graphql_ir` and `plan`. They were in `graphql_ir`
but now they're in `plan`, flipping the dependency.
There is other stuff in `graphql_ir` which will end up in `plan` in due
course as more features are implemented in the new pipeline.
Functional no-op.
V3_GIT_ORIGIN_REV_ID: 05dd50e75aeb681be329dd7d6061f4258459fbfb
Bumps [graphql-parser](https://github.com/graphql-rust/graphql-parser)
from 0.4.0 to 0.4.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fbdfb6cf63"><code>fbdfb6c</code></a>
Release graphql-parser v0.4.1</li>
<li><a
href="f75d96f1e0"><code>f75d96f</code></a>
Make block strings parsing conform to GraphQL spec. (<a
href="https://redirect.github.com/graphql-rust/graphql-parser/issues/75">#75</a>)</li>
<li><a
href="b2f6debdd7"><code>b2f6deb</code></a>
Upgrade to latest combine version to support new rust versions (<a
href="https://redirect.github.com/graphql-rust/graphql-parser/issues/73">#73</a>)</li>
<li><a
href="8d76425d83"><code>8d76425</code></a>
Add VARIABLE_DEFINITION directive location (<a
href="https://redirect.github.com/graphql-rust/graphql-parser/issues/66">#66</a>)</li>
<li><a
href="0d93ac9310"><code>0d93ac9</code></a>
Introduce minify_query (<a
href="https://redirect.github.com/graphql-rust/graphql-parser/issues/67">#67</a>)</li>
<li><a
href="64fb5af1ac"><code>64fb5af</code></a>
Merge pull request <a
href="https://redirect.github.com/graphql-rust/graphql-parser/issues/62">#62</a>
from saihaj/ci</li>
<li><a
href="07c557b534"><code>07c557b</code></a>
ci: setup GH actions for tests</li>
<li>See full diff in <a
href="https://github.com/graphql-rust/graphql-parser/compare/v0.4.0...v0.4.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 68e5e7abcadc5d89550f2cec1f24051f5e39c108
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.93 to 1.0.94.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/anyhow/releases">anyhow's
releases</a>.</em></p>
<blockquote>
<h2>1.0.94</h2>
<ul>
<li>Documentation improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8ceb5e988f"><code>8ceb5e9</code></a>
Release 1.0.94</li>
<li><a
href="b9009abc16"><code>b9009ab</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/399">#399</a>
from dtolnay/okvalue</li>
<li><a
href="863791a66d"><code>863791a</code></a>
Align naming between Ok function argument and its documentation</li>
<li><a
href="2081692170"><code>2081692</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/398">#398</a>
from zertosh/ok_doc_format</li>
<li><a
href="cc2cecb428"><code>cc2cecb</code></a>
Fix anyhow::Ok rustdoc code formatting</li>
<li><a
href="8852dc3218"><code>8852dc3</code></a>
Prevent upload-artifact from causing CI failure</li>
<li>See full diff in <a
href="https://github.com/dtolnay/anyhow/compare/1.0.93...1.0.94">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: e4b3f4cea3cf113841342150b6b3da30977f041f
### What
OpenDD flags are now stored as a Set of a new Flag enum type. This
allows us to enumerate the flags easily (via the `IntoEnumIterator`
trait), which will be useful in the future to generate a list of
compatibility dates. The new OpenDdFlags set type deserializes to
exactly the same JSON as before, with one exception: any "false" flags
(ie. flags not in the set) are not serialized. This should help newer
MBS build metadata that is compatible with older engine versions that
don't understand newer flags that are disabled and therefore irrelevant.
### How
The main change is in `crates/open-dds/src/flags.rs` where a new
OpenDdFlags type has been created. It is just a wrapper around a
`BTreeSet` of our new `Flag` enum. It has a custom `Serialize`,
`Deserialize` and `JsonSchema` implementation that performs the
serialization we want, and also manually creates the same JsonSchema as
we previously had that matches the serialization.
Unit tests at the bottom of that file perform roundtrip tests and check
that the serialization does what we want.
Now that the flags are not a struct and are instead a set, all usages
change to using `.contains`. You can see this peppered through
metadata_resolve.
In MBS,
`crates/cloud/v3-metadata-build-service/src/build/compatibility/flags.rs`
is where we rework the compatibility date handling to leverage the enum.
We perform a pattern match on it to ensure there's a compatibility date
added for new flags and we now automatically compute the correct flags
to set based on the date using that match and iterating over the flags.
V3_GIT_ORIGIN_REV_ID: 284529db3f346e8eb635a47c9a8fa19d4b8ad207
<!-- The PR description should answer 2 important questions: -->
### What
When an array return type was used in a command that we using in type
mappings we panicked, however this should be allowed. Return a proper
error if a Predicate is used as a command return type though, as that is
not allowed.
This fixes the immediate error in the ticket, but the reproducer throws
another one - I think this is because the reproduction is so minimal
though. Worth testing with the full reproduction before merging
@jberryman .
V3_GIT_ORIGIN_REV_ID: ae0a2f0a6fe83c82e5ab01adaba9b317743688ba
<!-- The PR description should answer 2 important questions: -->
### What
`cargo audit` found a security issue, this fixes it.
V3_GIT_ORIGIN_REV_ID: 93d3ac0be4f4197e6319b8dd6647db06f15d5d88
### What
This PR adds support for nested relationships (ie a relationship that
starts from a field that is nested) to boolean expression types.
### How
The implementation in engine is fairly straightforward.
First, in `metadata_resolve` we only block nested relationships in
boolexps if the connector doesn't support them (via capabilities):
`crates/metadata-resolve/src/helpers/boolean_expression.rs`
Then, we simply pass the field_path that tracks the nestedness through
from the GraphQL IR into our plan types
(`crates/graphql/ir/src/filter.rs`) and eventually into our NDC request
(`crates/execute/src/execute/ndc_request/v02.rs`).
The more complex changes are actually adding support for nested
relationships to the custom connector. A lot of the logic was borrowed
from the ndc reference connector that the custom connector is based on.
The institutions collection needed to be extended so that it contained a
object-nested FK (`institution.location.country_id`) that links to a new
collection `countries`. This enabled a new test to be written to
exercise this functionality, given that no real connector (eg. postgres)
implements it yet.
The custom connector's `.json` data files were renamed to `.jsonl` files
since they are actually JSON Lines files, not JSON files. This helps
with editor syntax validation and highlighting.
Most of the custom_connector changes are in
`crates/custom-connector/src/query.rs`. `eval_path_element` now takes a
field path that it is able to traverse in order to drill down into a
nested field before performing a join to another table.
The changes to aggregates are mainly just re-implementing ordering by
aggregates in terms of the existing aggregates logic instead of
reimplementing it specifically for ordering. This means it can benefit
from and reuse the field path support added.
V3_GIT_ORIGIN_REV_ID: 28a99dac60fae55c6293137aaf3f2b14fb5c2df8
<!-- The PR description should answer 2 important questions: -->
### What
This incremental PR introduces support for defining relationships with
commands as the target in the JSON:API `include` query parameter.
However, these queries won't function yet, as resolving such
relationships during OpenDD query planning is still pending. This will
be addressed in the next incremental PR.
V3_GIT_ORIGIN_REV_ID: 119141587689f76664cfd841df1aaf59401784f5
### What
This PR fixes the problem when the following GraphQL query is
incorrectly allowed:
```graphql
query Test {
Tracks(order_by: {Album: { ArtistId: Asc, Title: Asc }}) {
TrackId
AlbumId
Name
}
}
```
You should not be able to specify multiple properties on an input
object, because the ordering is undefined. Instead, you need to write it
like this:
```graphql
query Test {
Tracks(order_by: [{ Album: { ArtistId: Asc } }, { Album: { Title: Asc } }]) {
TrackId
AlbumId
Name
}
}
```
Additionally, there was a mistake in the generated GraphQL schema that
allowed a list where ordering by nested objects, for example:
```graphql
query Test {
Tracks(order_by: {NestedAlbum: [{ ArtistId: Asc}, { Title: Asc }]}) {
TrackId
AlbumId
Name
}
}
```
This should not be allowed as it is inconsistent with the way
relationships are handled (not an array). The only array is at the top
level of the order_by, which is the list of ordered sorting dimensions.
### How
A new flag `disallow_multiple_input_object_fields_in_graphql_order_by`
has been added with compatibility date `2024-12-10`. When it is enabled,
we now perform additional validation that prevents multiple input object
properties from being used. We also modify the graphql schema so it
doesn't use lists for nested fields.
Metadata resolve plumbs the flag through in
`crates/metadata-resolve/src/stages/graphql_config/mod.rs`. GraphQL
schema has been updated to put this into the GraphQL annotations and
also modify the GraphQL schema to not use that list type with nested
fields (`crates/graphql/schema/src/model_order_by.rs`). GraphQL IR then
looks at these new annotations to determine whether or not to block
multiple input properties and whether or not to expect that list type:
`crates/graphql/ir/src/order_by.rs`.
V3_GIT_ORIGIN_REV_ID: e0d1fe1220bc75e281396926ccd69aeed9398c71
<!-- The PR description should answer 2 important questions: -->
### What
We want to decompose the engine routes so we can split `sql` out, so
first we need to remove this abstraction, so instead the app is in
charge of manually adding the routes it wants.
Functional no-op.
V3_GIT_ORIGIN_REV_ID: 1e1ea4f3797d289c91299765a7285c423fef00a3
<!-- The PR description should answer 2 important questions: -->
### What
Left over from when we executed remote predicates in planning.
Functional no-op.
V3_GIT_ORIGIN_REV_ID: 4fe71a64cd6f237dfd87423f7e3e0d49f6a50fb8
### What
Update the compatibility date to a later date given we missed the
window. Also bump back the release date.
V3_GIT_ORIGIN_REV_ID: 55ad1bb9676b5c61a3422d8269c68f4b150d5b24
<!-- The PR description should answer 2 important questions: -->
### What
Did not add `cacerts` to `multitenant-engine` as it already worked
before we added said package. However, in retrospect, I believe we were
still building `multitenant-engine` with a `Dockerfile` before and so
getting `cacerts` from `apt install` or something. Anyhow, this
rectifies said omission.
V3_GIT_ORIGIN_REV_ID: 7fc5dc37a8847d1ad1990712c14a3234a61754d1
<!-- The PR description should answer 2 important questions: -->
### What
Reuse the `resolve_field_selection` function in command planning to
resolve the selection set. This automatically takes care of relationship
fields in command requests.
### How
<!-- How is it trying to accomplish it (what are the implementation
steps)? -->
- Refactor the `resolve_field_selection` fn code path by removing the
model_source reference and replacing with `type_permissions` and
`data_connector`.
- Reuse the function in command query planning.
- Update the error messages in test cases.
V3_GIT_ORIGIN_REV_ID: 6042b15c20347bf4147202dbd34e5397b73f8a8d
<!-- The PR description should answer 2 important questions: -->
### What
Bump to Rust 1.83: https://releases.rs/docs/1.83.0/
Fixes new clippy issues. The main one recommends changing `&Option<T>`
to `Option<&T>`, which it turns out leads to calling `.as_ref()` a
million times.
V3_GIT_ORIGIN_REV_ID: 2f90cfca00e235738f98341f45638b7f8961dd62
<!-- The PR description should answer 2 important questions: -->
### What
Previously the OpenDD pipeline only planned one query at a time. There
was no reason for this restriction, so now we make it calculate
multiple, updating the GraphQL test snapshots.
V3_GIT_ORIGIN_REV_ID: 9f1a4b886db37e86ed07521ebe9af3dedc7378d0
<!-- The PR description should answer 2 important questions: -->
### What
Updated changelog for release `v2024.12.03`
V3_GIT_ORIGIN_REV_ID: 77e0aceb7294cb9006b429dcc70c2626c1078a91
<!-- The PR description should answer 2 important questions: -->
### What
This PR corrects an issue where model permissions are not applied to
models used via relationships in order by expressions.
### How
The permissions are now correctly read out of the GraphQL schema
annotations and applied it to the predicate inside the relationship path
in order by targets in `crates/graphql/ir/src/order_by.rs`.
Because there are now predicates inside order by expressions, the
execution pipeline had to be updated to handle evaluating remote
predicates inside order by expressions too.
The tests in
`crates/engine/tests/execute/models/select_many/order_by/relationships/`
have been updated to test applied model permissions affecting ordering.
V3_GIT_ORIGIN_REV_ID: 783c204c44099e5319580e51e7549527d7a56245
### What
Enforce type permissions while building sub-selection for a nested field
in OpenDD query planning.
### How
<!-- How is it trying to accomplish it (what are the implementation
steps)? -->
- While populating sub-selection for a nested field, include only
accessible fields to the role.
- Raise permission exception if the type is not accessible to the role.
V3_GIT_ORIGIN_REV_ID: 86f81f469627ca6bcb2f34878dfb80baab02af73
<!-- The PR description should answer 2 important questions: -->
### What
Clean up after remote predicates changes.
- Make OpenDD pipeline use new planning / execution, and remove a lot of
unnecessary `async`.
- Fix benchmarks to use new code.
- Move lots of GraphQL-only concerns from `execute` to
`graphql-frontend`.
Functional no-op.
V3_GIT_ORIGIN_REV_ID: b4631cfb0d6ab18f201a59189f460977bbda5d07
<!-- The PR description should answer 2 important questions: -->
### What
Historically we've had a few extra deps we've needed in our Docker
containers, and they've been added to all of them. However we now need
to add `curl` to the artifact server, which somewhat increases the
capacities of any attacker, so let's be more granular and only add the
extra packages each image needs.
### How
Some (hopefully reasonably self-explanatory) Nix.
V3_GIT_ORIGIN_REV_ID: 0b5dd6bda92223c9c2261b47fda7773d19ccfe79
<!-- The PR description should answer 2 important questions: -->
### What
Stacks on top of #1393
This makes GraphQL explain use the new execution pipeline.
### How
For each remote predicate, we run them twice, once in execute mode, as
we need the results to fill in the main query. The second time is run in
explain mode so we can return that information to the user.
They were being run implicitly when resolving them previously, now
`explain` steps must do this explicitly.
V3_GIT_ORIGIN_REV_ID: 3fde7f3804b5024e3ac460228f962d39649b71c2
<!-- The PR description should answer 2 important questions: -->
### What
We need a unique identifier for remote predicates, and used `uuid`.
However this makes snapshot tests of `explain` unstable because the
ordering changes all the time, so we switch it for a counter, threaded
through the planning code.
### How
Make a counter with a private inner value that we pass around, that
provides a fresh `u64` when required.
V3_GIT_ORIGIN_REV_ID: 386c6d47935b8da497e1471a3ca44bd52a12f72a
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.89 to 2.0.90.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/syn/releases">syn's
releases</a>.</em></p>
<blockquote>
<h2>2.0.90</h2>
<ul>
<li>Fix automatic parenthesization of subexpressions containing outer
attributes, such as <code>(#[attr] thing).field</code> (<a
href="https://redirect.github.com/dtolnay/syn/issues/1785">#1785</a>)</li>
<li>Fix automatic parenthesization of function calls via a struct field,
such as <code>(thing.field)()</code> and <code>thing.0()</code> (<a
href="https://redirect.github.com/dtolnay/syn/issues/1786">#1786</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ac5b41c852"><code>ac5b41c</code></a>
Release 2.0.90</li>
<li><a
href="9037abbef0"><code>9037abb</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1787">#1787</a>
from dtolnay/unparenthesizetest</li>
<li><a
href="1a549c0772"><code>1a549c0</code></a>
Improve test_unparenthesize to catch more false negatives</li>
<li><a
href="f9aa20671b"><code>f9aa206</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1786">#1786</a>
from dtolnay/fieldcall</li>
<li><a
href="1445ccf586"><code>1445ccf</code></a>
Do not parenthesize unnamed tuple struct fields in call</li>
<li><a
href="48d0101557"><code>48d0101</code></a>
Fix parenthesization of field expressions in function calls</li>
<li><a
href="0e5c568650"><code>0e5c568</code></a>
Add test of parentheses needed in call of field</li>
<li><a
href="1cf735ef91"><code>1cf735e</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1785">#1785</a>
from dtolnay/attrprecedence</li>
<li><a
href="204c1556e4"><code>204c155</code></a>
Lower precedence of expressions containing outer attrs</li>
<li><a
href="401399fbb6"><code>401399f</code></a>
Add test of attr precedence inside subexpression</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/syn/compare/2.0.89...2.0.90">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: d19bb92683949c94fa8b9db17117603abe3c539a
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.8.0 to 1.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/bytes/releases">bytes's
releases</a>.</em></p>
<blockquote>
<h2>Bytes v1.9.0</h2>
<h1>1.9.0 (November 27, 2024)</h1>
<h3>Added</h3>
<ul>
<li>Add <code>Bytes::from_owner</code> to enable externally-allocated
memory (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/742">#742</a>)</li>
</ul>
<h3>Documented</h3>
<ul>
<li>Fix typo in Buf::chunk() comment (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/744">#744</a>)</li>
</ul>
<h3>Internal changes</h3>
<ul>
<li>Replace BufMut::put with BufMut::put_slice in Writer impl (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/745">#745</a>)</li>
<li>Rename hex_impl! to fmt_impl! and reuse it for fmt::Debug (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/743">#743</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md">bytes's
changelog</a>.</em></p>
<blockquote>
<h1>1.9.0 (November 27, 2024)</h1>
<h3>Added</h3>
<ul>
<li>Add <code>Bytes::from_owner</code> to enable externally-allocated
memory (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/742">#742</a>)</li>
</ul>
<h3>Documented</h3>
<ul>
<li>Fix typo in Buf::chunk() comment (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/744">#744</a>)</li>
</ul>
<h3>Internal changes</h3>
<ul>
<li>Replace BufMut::put with BufMut::put_slice in Writer impl (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/745">#745</a>)</li>
<li>Rename hex_impl! to fmt_impl! and reuse it for fmt::Debug (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/743">#743</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d0a14deeb5"><code>d0a14de</code></a>
chore: prepare bytes v1.9.0 (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/748">#748</a>)</li>
<li><a
href="54f1c26f69"><code>54f1c26</code></a>
Rename hex_impl! to fmt_impl! and reuse it for fmt::Debug (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/743">#743</a>)</li>
<li><a
href="4cd8969e85"><code>4cd8969</code></a>
Replace <code>BufMut::put</code> with <code>BufMut::put_slice</code> in
Writer impl (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/745">#745</a>)</li>
<li><a
href="2d996a2b41"><code>2d996a2</code></a>
Fix typo in <code>Buf::chunk()</code> comment (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/744">#744</a>)</li>
<li><a
href="30ee8e9cba"><code>30ee8e9</code></a>
Add <code>Bytes::from_owner</code> (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/742">#742</a>)</li>
<li>See full diff in <a
href="https://github.com/tokio-rs/bytes/compare/v1.8.0...v1.9.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: ca797909524a0ba6402e5c71f0476d9e275c04ff
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.6.0 to
2.7.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/indexmap-rs/indexmap/blob/master/RELEASES.md">indexmap's
changelog</a>.</em></p>
<blockquote>
<h2>2.7.0 (2024-11-30)</h2>
<ul>
<li>Added methods <code>Entry::insert_entry</code> and
<code>VacantEntry::insert_entry</code>, returning
an <code>OccupiedEntry</code> after insertion.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="539b401151"><code>539b401</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/361">#361</a>
from cuviper/insert_entry</li>
<li><a
href="998edb12fe"><code>998edb1</code></a>
Release 2.7.0</li>
<li><a
href="2a0ca97417"><code>2a0ca97</code></a>
Add <code>{Entry,VacantEntry}::insert_entry</code></li>
<li><a
href="dceb0f0598"><code>dceb0f0</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/360">#360</a>
from cuviper/collect_vec_list</li>
<li><a
href="c095322249"><code>c095322</code></a>
ci: downgrade hashbrown for 1.63</li>
<li><a
href="7d8cef8b4b"><code>7d8cef8</code></a>
Use rayon-1.9.0's <code>collect_vec_list</code></li>
<li>See full diff in <a
href="https://github.com/indexmap-rs/indexmap/compare/2.6.0...2.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 3b27a7e567ef5bc1021625413c4c3cbff62ee6da
<!-- The PR description should answer 2 important questions: -->
### What
Stacks on top of #1392
Make subscriptions use new execution steps. Functional no-op. We don't
delete much yet because we need to move `explain` over first.
V3_GIT_ORIGIN_REV_ID: acd88105599953b377225542eea6e4518e1501d0
<!-- The PR description should answer 2 important questions: -->
### What
This PR completes the new code paths in `execute` for running remote
predicates during execution rather than during a resolve stage. All of
the tests pass, so we switch it on. We do not delete the old code yet as
it's still used by `explain` and `subscriptions`.
### How
We do the following:
- make sure we thread all generated remote predicates through planning
in `graphql_ir`
- run all the generated remote predicates in the new
`execute/src/execute.rs`
- convert the results into `ResolvedFilterExpression` (this code already
existed)
- traverse the `QueryExecutionPlan`s, replacing the placeholder `uuid`
values with the results of remote predicates
- run the `QueryExecutionPlan`s
V3_GIT_ORIGIN_REV_ID: 6dbee497addd6c871e89f73737d5f1659c92dbd5
<!-- The PR description should answer 2 important questions: -->
### What
<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->
<!-- Consider: do we need to add a changelog entry? -->
<!-- Does this PR introduce new validation that might break old builds?
-->
<!-- Consider: do we need to put new checks behind a flag? -->
This PR add support for sparse fieldset parameter for the object types
of nested fields. Specify the fields to fetch using
`fields[NestedObjectType]` query parameter.
E.g:
```http
GET /v1/rest/default/institutions?fields[institution]=name,location,staff&fields[location]=city,country&fields[staff_member]=first_name,specialities&page[limit]=5
```
In the above example, `location` and `staff_member` are nested object
types of `location` and `staff` fields respectively.
### How
- Resolve the nested fields while building OpenDD query IR for a
json:api request.
- During planning, always resolve nested selection, if exists, instead
of selecting all available fields from the nested type. (This is only
applicable for model selection, the commands are still using older
approach for nested fields. This will be fixed in the future
iterations).
- Resolve sub-selections of graphql fields in opendd pipeline. Related
test snaps are corrected.
- Include sparse fieldset parameters for nested types in the openapi
schema
<!-- How is it trying to accomplish it (what are the implementation
steps)? -->
V3_GIT_ORIGIN_REV_ID: 587eecb79b6b8fac45f2eb6ffb37bf5fdcc7e374
### What
This PR corrects an issue where model permissions are not applied to
models used via relationships in boolean expressions.
### How
The permissions are now correctly read out of the GraphQL schema
annotations and combined with the query's predicate in
`crates/graphql/ir/src/filter.rs`.
Existing tests that test relationships in boolean expressions have been
updated to test this scenario.
V3_GIT_ORIGIN_REV_ID: a6b39ec81695dcfe5a84b40369d04ac26acad7fb
