Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added ability to configure timeout on JWKS endpoints instead of always being 15 seconds #6466

Open
wants to merge 5 commits into
base: dev
Choose a base branch
from

Conversation

andrewmcgivery
Copy link
Contributor

@andrewmcgivery andrewmcgivery commented Dec 16, 2024

Added ability to configure timeout on JWKS endpoints instead of always being 15 seconds


Checklist

Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review.

  • Changes are compatible1
  • Documentation2 completed
  • Performance impact assessed and acceptable
  • Tests added and passing3
    • Unit Tests
    • Integration Tests
    • Manual Tests

Exceptions

Note any exceptions here

Notes

Footnotes

  1. It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this.

  2. Configuration is an important part of many changes. Where applicable please try to document configuration examples.

  3. Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions.

@svc-apollo-docs
Copy link
Collaborator

svc-apollo-docs commented Dec 16, 2024

✅ Docs Preview Ready

No new or changed pages found.

@router-perf
Copy link

router-perf bot commented Dec 16, 2024

CI performance tests

  • connectors-const - Connectors stress test that runs with a constant number of users
  • const - Basic stress test that runs with a constant number of users
  • demand-control-instrumented - A copy of the step test, but with demand control monitoring and metrics enabled
  • demand-control-uninstrumented - A copy of the step test, but with demand control monitoring enabled
  • enhanced-signature - Enhanced signature enabled
  • events - Stress test for events with a lot of users and deduplication ENABLED
  • events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
  • events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
  • events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
  • events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
  • events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
  • extended-reference-mode - Extended reference mode enabled
  • large-request - Stress test with a 1 MB request payload
  • no-tracing - Basic stress test, no tracing
  • reload - Reload test over a long period of time at a constant rate of users
  • step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
  • step-local-metrics - Field stats that are generated from the router rather than FTV1
  • step-with-prometheus - A copy of the step test with the Prometheus metrics exporter enabled
  • step - Basic stress test that steps up the number of users over time
  • xlarge-request - Stress test with 10 MB request payload
  • xxlarge-request - Stress test with 100 MB request payload

@andrewmcgivery andrewmcgivery marked this pull request as ready for review December 16, 2024 20:24
@andrewmcgivery andrewmcgivery requested review from a team as code owners December 16, 2024 20:24
Copy link
Contributor

@BrynCooke BrynCooke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please can you add a changelog and an integration test to show timeout happening?

Make sure to pull before adding an integration test as the API for the integration tester has changed a bit.

@andrewmcgivery
Copy link
Contributor Author

andrewmcgivery commented Jan 6, 2025

Please can you add a changelog and an integration test to show timeout happening?

Make sure to pull before adding an integration test as the API for the integration tester has changed a bit.

I'm struggling a bit with how to test this.

I saw some other tests that would in theory be similar (in traffic shaping) and used that as a starting point:

#[tokio::test(flavor = "multi_thread")]
async fn test_jwks_timeout() -> Result<(), BoxError> {
    let mut router = IntegrationTest::builder()
        .config(format!(
            r#"
            {PROMETHEUS_CONFIG}
            authentication:
                router:
                    jwt:
                      jwks:
                          - url: https://dev-zzp5enui.us.auth0.com/.well-known/jwks.json
                            timeout: 1ns
            "#
        ))
        .responder(ResponseTemplate::new(500).set_delay(Duration::from_millis(20)))
        .build()
        .await;

    router.start().await;
    router.assert_not_started().await;

    router.graceful_shutdown().await;
    Ok(())
}

But it's unclear to me how to specifically simulate the jwks timing out as opposed to a subgraph call, which I think is what the above is doing, and also unclear what I should be asserting, given it will be a startup error and not an error from a subgraph call.

I also can't seem to find any existing authentication integration tests either 😓

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants