feat(trusted documents): Add failure modes for loading trusted docume… (#156)

…nts, to allow for always starting an instance, even with a partial set
of documents

Author: ldebruijn

cmd/serve.go

@@ -5,11 +5,11 @@ import (
 	"fmt"
 	"github.com/ldebruijn/graphql-protect/internal/app/config"
 	"github.com/ldebruijn/graphql-protect/internal/app/otel"
-	"github.com/ldebruijn/graphql-protect/internal/business/persistedoperations"
 	"github.com/ldebruijn/graphql-protect/internal/business/protect"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/block_field_suggestions"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/obfuscate_upstream_errors"
 	"github.com/ldebruijn/graphql-protect/internal/business/schema"
+	"github.com/ldebruijn/graphql-protect/internal/business/trusteddocuments"
 	"github.com/ldebruijn/graphql-protect/internal/http/middleware"
 	"github.com/ldebruijn/graphql-protect/internal/http/proxy"
 	"github.com/ldebruijn/graphql-protect/internal/http/readiness"
@@ -40,13 +40,13 @@ func httpServer(log *slog.Logger, cfg *config.Config, shutdown chan os.Signal) e
 		return nil
 	}
 
-	loader, err := persistedoperations.NewLoaderFromConfig(cfg.PersistedOperations, log)
+	loader, err := trusteddocuments.NewLoaderFromConfig(cfg.PersistedOperations, log)
 	if err != nil {
 		log.Error("Error initializing persisted operations loader", "err", err)
 		return err
 	}
 
-	po, err := persistedoperations.NewPersistedOperations(log, cfg.PersistedOperations, loader)
+	po, err := trusteddocuments.NewPersistedOperations(log, cfg.PersistedOperations, loader)
 	if err != nil {
 		log.Error("Error initializing Persisted Operations", "err", err)
 		return nil

cmd/validate.go

@@ -5,9 +5,9 @@ import (
 	"fmt"
 	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/ldebruijn/graphql-protect/internal/app/config"
-	"github.com/ldebruijn/graphql-protect/internal/business/persistedoperations"
 	"github.com/ldebruijn/graphql-protect/internal/business/protect"
 	"github.com/ldebruijn/graphql-protect/internal/business/schema"
+	"github.com/ldebruijn/graphql-protect/internal/business/trusteddocuments"
 	"github.com/ldebruijn/graphql-protect/internal/business/validation"
 	"io"
 	"log/slog"
@@ -17,15 +17,15 @@ import (
 var ErrValidationErrorsFound = errors.New("errors found during validation")
 
 func validate(log *slog.Logger, cfg *config.Config, _ chan os.Signal) error {
-	loader, err := persistedoperations.NewLoaderFromConfig(cfg.PersistedOperations, log)
+	loader, err := trusteddocuments.NewLoaderFromConfig(cfg.PersistedOperations, log)
 	if err != nil {
 		err := fmt.Errorf("store must be defined to have files to validate")
 		log.Error("Error running validations", "err", err)
 		return err
 	}
 
 	// Load the persisted operations from the local dir into memory
-	persistedOperations, err := persistedoperations.NewPersistedOperations(log, cfg.PersistedOperations, loader)
+	persistedOperations, err := trusteddocuments.NewPersistedOperations(log, cfg.PersistedOperations, loader)
 	if err != nil {
 		log.Error("Error initializing Persisted Operations", "err", err)
 		return nil

internal/app/config/config.go

@@ -4,7 +4,6 @@ import (
 	"errors"
 	"github.com/ldebruijn/graphql-protect/internal/app/http"
 	"github.com/ldebruijn/graphql-protect/internal/app/log"
-	"github.com/ldebruijn/graphql-protect/internal/business/persistedoperations"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/accesslogging"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/aliases"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/batch"
@@ -13,6 +12,7 @@ import (
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/max_depth"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/tokens"
 	"github.com/ldebruijn/graphql-protect/internal/business/schema"
+	"github.com/ldebruijn/graphql-protect/internal/business/trusteddocuments"
 	"github.com/ldebruijn/graphql-protect/internal/http/proxy"
 	y "gopkg.in/yaml.v3"
 	"os"
@@ -24,7 +24,7 @@ type Config struct {
 	Web                       http.Config                    `yaml:"web"`
 	Schema                    schema.Config                  `yaml:"schema"`
 	Target                    proxy.Config                   `yaml:"target"`
-	PersistedOperations       persistedoperations.Config     `yaml:"persisted_operations"`
+	PersistedOperations       trusteddocuments.Config        `yaml:"persisted_operations"`
 	ObfuscateValidationErrors bool                           `yaml:"obfuscate_validation_errors"`
 	ObfuscateUpstreamErrors   bool                           `yaml:"obfuscate_upstream_errors"`
 	BlockFieldSuggestions     block_field_suggestions.Config `yaml:"block_field_suggestions"`
@@ -72,7 +72,7 @@ func defaults() Config {
 		Web:                       http.DefaultConfig(),
 		Schema:                    schema.DefaultConfig(),
 		Target:                    proxy.DefaultConfig(),
-		PersistedOperations:       persistedoperations.DefaultConfig(),
+		PersistedOperations:       trusteddocuments.DefaultConfig(),
 		ObfuscateValidationErrors: false,
 		ObfuscateUpstreamErrors:   true,
 		BlockFieldSuggestions:     block_field_suggestions.DefaultConfig(),

internal/app/config/config_test.go

@@ -3,7 +3,6 @@ package config
 import (
 	"github.com/ldebruijn/graphql-protect/internal/app/http"
 	"github.com/ldebruijn/graphql-protect/internal/app/log"
-	"github.com/ldebruijn/graphql-protect/internal/business/persistedoperations"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/accesslogging"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/aliases"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/batch"
@@ -12,6 +11,7 @@ import (
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/max_depth"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/tokens"
 	"github.com/ldebruijn/graphql-protect/internal/business/schema"
+	"github.com/ldebruijn/graphql-protect/internal/business/trusteddocuments"
 	"github.com/ldebruijn/graphql-protect/internal/http/proxy"
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/yaml.v3"
@@ -151,9 +151,9 @@ log:
 					KeepAlive: 1 * time.Second,
 					Host:      "host",
 				},
-				PersistedOperations: persistedoperations.Config{
+				PersistedOperations: trusteddocuments.Config{
 					Enabled: true,
-					Loader: persistedoperations.LoaderConfig{
+					Loader: trusteddocuments.LoaderConfig{
 						Type:     "gcp",
 						Location: "some-bucket",
 						Reload: struct {

internal/business/protect/protect.go

@@ -5,14 +5,14 @@ import (
 	"errors"
 	"github.com/ldebruijn/graphql-protect/internal/app/config"
 	"github.com/ldebruijn/graphql-protect/internal/business/gql"
-	"github.com/ldebruijn/graphql-protect/internal/business/persistedoperations"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/accesslogging"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/aliases"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/batch"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/enforce_post"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/max_depth"
 	"github.com/ldebruijn/graphql-protect/internal/business/rules/tokens"
 	"github.com/ldebruijn/graphql-protect/internal/business/schema"
+	"github.com/ldebruijn/graphql-protect/internal/business/trusteddocuments"
 	"github.com/vektah/gqlparser/v2/ast"
 	"github.com/vektah/gqlparser/v2/gqlerror"
 	"github.com/vektah/gqlparser/v2/parser"
@@ -39,7 +39,7 @@ type GraphQLProtect struct {
 	preFilterChain func(handler http.Handler) http.Handler
 }
 
-func NewGraphQLProtect(log *slog.Logger, cfg *config.Config, po *persistedoperations.Handler, schema *schema.Provider, upstreamHandler http.Handler) (*GraphQLProtect, error) {
+func NewGraphQLProtect(log *slog.Logger, cfg *config.Config, po *trusteddocuments.Handler, schema *schema.Provider, upstreamHandler http.Handler) (*GraphQLProtect, error) {
 	aliases.NewMaxAliasesRule(cfg.MaxAliases)
 	max_depth.NewMaxDepthRule(log, cfg.MaxDepth)
 	maxBatch, err := batch.NewMaxBatch(cfg.MaxBatch)

internal/business/persistedoperations/dir_loader.go renamed to internal/business/trusteddocuments/dir_loader.go

@@ -1,4 +1,4 @@
-package persistedoperations // nolint:revive
+package trusteddocuments // nolint:revive
 
 import (
 	"context"

internal/business/persistedoperations/gcp_loader.go renamed to internal/business/trusteddocuments/gcp_loader.go

@@ -1,4 +1,4 @@
-package persistedoperations // nolint:revive
+package trusteddocuments // nolint:revive
 
 import (
 	"cloud.google.com/go/storage"

internal/business/persistedoperations/loader.go renamed to internal/business/trusteddocuments/loader.go

@@ -1,4 +1,4 @@
-package persistedoperations // nolint:revive
+package trusteddocuments // nolint:revive
 
 import (
 	"context"

internal/business/persistedoperations/memory_loader.go renamed to internal/business/trusteddocuments/memory_loader.go

@@ -1,4 +1,4 @@
-package persistedoperations // nolint:revive
+package trusteddocuments // nolint:revive
 
 import (
 	"context"

internal/business/persistedoperations/model.go renamed to internal/business/trusteddocuments/model.go

@@ -1,4 +1,4 @@
-package persistedoperations
+package trusteddocuments
 
 import (
 	"encoding/json"

internal/business/persistedoperations/model_test.go renamed to internal/business/trusteddocuments/model_test.go

@@ -1,4 +1,4 @@
-package persistedoperations
+package trusteddocuments
 
 import (
 	"github.com/stretchr/testify/assert"

internal/business/persistedoperations/nooploader.go renamed to internal/business/trusteddocuments/nooploader.go

@@ -1,4 +1,4 @@
-package persistedoperations
+package trusteddocuments
 
 import "context"
 

internal/business/persistedoperations/persisted_operations.go renamed to internal/business/trusteddocuments/persisted_operations.go

@@ -1,4 +1,4 @@
-package persistedoperations // nolint:revive
+package trusteddocuments // nolint:revive
 
 import (
 	"bytes"
@@ -43,6 +43,11 @@ var (
 	)
 )
 
+type ReloadFailureStrategy string
+
+var ReloadFailureStrategyIgnore ReloadFailureStrategy = "ignore-failure"
+var ReloadFailureStrategyReject ReloadFailureStrategy = "reject-on-failure"
+
 type ErrorPayload struct {
 	Errors gqlerror.List `json:"errors"`
 }
@@ -145,7 +150,7 @@ func NewPersistedOperations(log *slog.Logger, cfg Config, loader Loader) (*Handl
 		refreshLock:   sync.Mutex{},
 	}
 
-	err := poh.load()
+	err := poh.load(ReloadFailureStrategyIgnore)
 	if err != nil {
 		return nil, err
 	}
@@ -257,11 +262,14 @@ func (p *Handler) Validate(validate func(operation string) gqlerror.List) []vali
 	return errs
 }
 
-func (p *Handler) load() error {
+func (p *Handler) load(failureStrategy ReloadFailureStrategy) error {
 	newState, err := p.loader.Load(context.Background())
 	if err != nil {
 		loadingResultCounter.WithLabelValues(p.loader.Type(), "failure").Inc()
-		return err
+		if failureStrategy == ReloadFailureStrategyReject {
+			return err
+		}
+		// implicit fall through for other failure types
 	}
 
 	p.lock.Lock()
@@ -291,7 +299,7 @@ func (p *Handler) reloadProcessor() {
 					p.log.Warn("Refresh ticker still running while next tick")
 					continue
 				}
-				err := p.load()
+				err := p.load(ReloadFailureStrategyReject)
 				if err != nil {
 					continue
 				}

internal/business/persistedoperations/persisted_operations_test.go renamed to internal/business/trusteddocuments/persisted_operations_test.go

@@ -1,4 +1,4 @@
-package persistedoperations // nolint:revive
+package trusteddocuments // nolint:revive
 
 import (
 	"bytes"
@@ -265,8 +265,9 @@ func TestNewPersistedOperations(t *testing.T) {
 
 func TestLoader(t *testing.T) {
 	type args struct {
-		state  map[string]PersistedOperation
-		loader Loader
+		state           map[string]PersistedOperation
+		loader          Loader
+		failureStrategy ReloadFailureStrategy
 	}
 	tests := []struct {
 		name    string
@@ -288,7 +289,8 @@ func TestLoader(t *testing.T) {
 
 					return loader
 				}(),
-				state: map[string]PersistedOperation{},
+				state:           map[string]PersistedOperation{},
+				failureStrategy: ReloadFailureStrategyReject,
 			},
 			want: map[string]PersistedOperation{
 				"123": {
@@ -318,6 +320,7 @@ func TestLoader(t *testing.T) {
 						Name:      "i am a name that doest get deleted",
 					},
 				},
+				failureStrategy: ReloadFailureStrategyReject,
 			},
 			want: map[string]PersistedOperation{
 				"123": {
@@ -328,10 +331,10 @@ func TestLoader(t *testing.T) {
 			wantErr: nil,
 		},
 		{
-			name: "loader error does not update cache",
+			name: "loader error does not update cache with failure mode reject",
 			args: args{
 				loader: func() Loader {
-					loader := &errorLoader{
+					loader := &testLoader{
 						err:             errors.New("this is unexpected"),
 						willReturnError: false,
 					}
@@ -344,6 +347,7 @@ func TestLoader(t *testing.T) {
 						Name:      "i am a name that doest not get deleted",
 					},
 				},
+				failureStrategy: ReloadFailureStrategyReject,
 			},
 			want: map[string]PersistedOperation{
 				"456": {
@@ -353,14 +357,47 @@ func TestLoader(t *testing.T) {
 			},
 			wantErr: errors.New("this is unexpected"),
 		},
+		{
+			name: "loader error does update cache with failure mode ignore",
+			args: args{
+				loader: func() Loader {
+					loader := &testLoader{
+						err: errors.New("this is unexpected"),
+						data: map[string]PersistedOperation{
+							"123": {
+								Operation: "i am an operation",
+								Name:      "i am a name",
+							},
+						},
+						willReturnError: false,
+					}
+
+					return loader
+				}(),
+				state: map[string]PersistedOperation{
+					"456": {
+						Operation: "i am an operation that does not get deleted",
+						Name:      "i am a name that doest not get deleted",
+					},
+				},
+				failureStrategy: ReloadFailureStrategyIgnore,
+			},
+			want: map[string]PersistedOperation{
+				"123": {
+					Operation: "i am an operation",
+					Name:      "i am a name",
+				},
+			},
+			wantErr: errors.New("this is unexpected"),
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			log := slog.Default()
 			po, _ := NewPersistedOperations(log, Config{}, tt.args.loader)
 			po.cache = tt.args.state
 
-			err := po.load()
+			err := po.load(tt.args.failureStrategy)
 			if tt.wantErr != nil {
 				assert.Error(t, tt.wantErr, err)
 			}
@@ -370,28 +407,29 @@ func TestLoader(t *testing.T) {
 	}
 }
 
-var _ Loader = &errorLoader{}
+var _ Loader = &testLoader{}
 
 // ErrorLoader is a loader for testing purposes
-type errorLoader struct {
+type testLoader struct {
+	data            map[string]PersistedOperation
 	err             error
 	willReturnError bool
 }
 
-func (e *errorLoader) Type() string {
+func (e *testLoader) Type() string {
 	return "error"
 }
 
 func newPersistedOperation(query string) PersistedOperation {
 	return PersistedOperation{query, extractOperationNameFromOperation(query)}
 }
 
-func (e *errorLoader) Load(_ context.Context) (map[string]PersistedOperation, error) {
+func (e *testLoader) Load(_ context.Context) (map[string]PersistedOperation, error) {
 	if e.willReturnError {
-		return nil, e.err
+		return e.data, e.err
 	}
 	// return error after the first call
 	e.willReturnError = true
 
-	return map[string]PersistedOperation{}, nil
+	return e.data, nil
 }