Ability to skip safelisting enforcement via plugin

[glasser]

If safelisting is enabled, a router_service plugin can skip enforcement of the safelist (including the require_id check) by adding the key apollo_persisted_queries::safelist::skip_enforcement with value true to the request context.

(This does not affect the logging of unknown operations by the persisted_queries.log_unknown option.)

In cases where an operation would have been denied but is allowed due to the context key existing, the attribute
persisted_queries.safelist.enforcement_skipped is set on the apollo.router.operations.persisted_queries metric with value true.

This PR improves the testing of that metric as well.

When writing the tests, I discovered that the
persisted_queries.safelist.rejected.unknown attribute had its value set to false when the operation is denied but not logged, and to true when denied and logged. (You can also tell whether it is logged via the persisted_queries.logged attribute.) This dated to the creation of this metric in #3609 and seems to be a mistake. This PR normalizes this attribute to always be true if it is set. The metric was described as unstable when released in v1.28.1, so this seems reasonable.

[svc-apollo-docs]

✅ Docs Preview Ready

Configuration

{
  "repoOverrides": {
    "apollographql/router@main": {
      "remote": {
        "owner": "apollographql",
        "repo": "router",
        "branch": "glasser/pq-safelist-override"
      }
    }
  }
}

Name	Link
Commit	8b1fe2a
Preview	https://www.apollographql.com/docs/deploy-preview/b0f4e84dbdf840deb24c
Build ID	b0f4e84dbdf840deb24c
File Changes	0 new, 9 changed, 0 removed * graphos/reference/router/telemetry/instrumentation/standard-attributes.mdx * graphos/reference/router/telemetry/instrumentation/standard-instruments.mdx * graphos/reference/router/telemetry/instrumentation/selectors.mdx * graphos/reference/router/telemetry/metrics-exporters/datadog.mdx * graphos/reference/router/telemetry/trace-exporters/datadog.mdx * graphos/reference/router/configuration.mdx * graphos/routing/observability/client-awareness.mdx * graphos/routing/security/persisted-queries.mdx * graphos/routing/configure-your-router.mdx
Pages	9

---

9 pages published. Build will be available for 30 days.

[glasser]

(PR still needs a small doc update and changeset, but otherwise should be good. Note that this is built on top of #6198.)

[router-perf]

CI performance tests

• connectors-const - Connectors stress test that runs with a constant number of users
• const - Basic stress test that runs with a constant number of users
• demand-control-instrumented - A copy of the step test, but with demand control monitoring and metrics enabled
• demand-control-uninstrumented - A copy of the step test, but with demand control monitoring enabled
• enhanced-signature - Enhanced signature enabled
• events - Stress test for events with a lot of users and deduplication ENABLED
• events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
• events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
• events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
• events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
• events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
• extended-reference-mode - Extended reference mode enabled
• large-request - Stress test with a 1 MB request payload
• no-tracing - Basic stress test, no tracing
• reload - Reload test over a long period of time at a constant rate of users
• step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
• step-local-metrics - Field stats that are generated from the router rather than FTV1
• step-with-prometheus - A copy of the step test with the Prometheus metrics exporter enabled
• step - Basic stress test that steps up the number of users over time
• xlarge-request - Stress test with 10 MB request payload
• xxlarge-request - Stress test with 100 MB request payload

[glasser]

Note that I wrote and tested all the assert_counter calls on a clean checkout before I rewrote the u64_counter calls to use the attributes vector because I was a bit paranoid that I would do something accidental like change bool true to string "true".

[glasser]

Oops this is a typo I should revert I think

[glasser]

Despite my need to make minor tweaks I really appreciated both of these dev docs!

[glasser]

!docs preview main

[BlenderDude]

!docs preview main

[glasser]

!docs preview main

[glasser]

!docs preview main

[glasser]

(btw this !docs preview main thing is a brand-new feature from @BlenderDude which pretty soon won't need to be re-run every time you push)

[glasser]

!docs preview main

[glasser]

OK, this one is ready for review as well. Docs and changesets should be done. This merges into #6198.

[glasser]

!docs preview main

[BrynCooke]

Wonderful! One callsite for metrics.