Aperture-py

Changelog

List of aperture PRs merged since 0.11.0 release. For the full list of changes, see [list of changes][changes]

flowcontrol: Remove spammy "Running limiters with labels" log (962)



[changes]: https://github.com/fluxninja/aperture/compare/releases/aperture-controller/v0.11.0...releases/aperture-controller/v0.11.1

Changelog

List of aperture PRs merged since 0.11.0 release. For the full list of changes, see [list of changes][changes]

flowcontrol: Remove spammy "Running limiters with labels" log (962)



[changes]: https://github.com/fluxninja/aperture/compare/releases/aperture-controller/v0.11.0...releases/aperture-controller/v0.11.1-rc.1

Changelog

List of aperture PRs merged since 0.10.0 release. For the full list of changes, see [list of changes][changes]

Add GraphQL Demoapp (911)

Description of change

Update documentation in classifier.proto
- Fix links
- Format sentences

Add graphql-demoapp
- Add GraphQL based demoapp
- Add manifest files for graphql-demoapp

Add DecisionType label to rate_limit_counter metric

Update blueprints
- Add example policy for GraphQL rate limiting
- Update rate-limit lib to include classifiers

Control Point Refactor (948)

Description of change
* Control Point is now just a string.
* Remove the notion of a special traffic control point.
* Update Flow Control Concept docs
* Metric docs cleanup
* Merge flow_status and response_status labels

Alerter Component (939)

Adds new component for policy circuit that's sending alerts that are later processed by opentelemetry.

Start warning on entity lookup failure in authz and flowcontrol (943)

Added warnings on client IP retrieval failure and entity lookup failure.
Also, converted these failures to fail-early, so they're more
dicsoverable. We might lose some things (like stats) by not processing
such request further, but since we don't have any metadata about
services, such information was not too helpful.

Drive-by:
* Ripped out comments suggesting that on nil EntityCache we do some sort
of fallback service detection via Host – this logic is long gone now.
* Entity cache is assumed to be non-nil.
* Added helpers in grpc package to simplify "log and return grpc error
reusing the same message".
* Refactored if-else to switch-case in authz Check, as `DecisionType !=
REJECTED` was weird to read.
* Removed Eventually() in authz tests, it's no longer needed from some
time.

Improve visibility of sampled logs (929)

by using zerolog.BurstSampler instead of zerolog.RandomSampler. This
ensures that one-off and low-frequency events are always logged.

* Added log.NewRatelimitingSampler() helper that creates
a zerolog.BurstSampler with sane defaults.
* Added log.Autosample() that automates creation of per-message
BurstSampler variables (this is slightly less performant, so it's not
used on datapath).

Also:
* Added log.Bug(), whic is like Panic() (intended for "impossible"
cases), but for "continuable" errors. Currently it's just Autosample()
Warn() + "bug" label, but in future we should add more visibility, like
sentry reporting.

Drive-by:
* Downgraded various non-critical logs from Error to Warn.
* Removed sampling from Trace() logs, as it seems a bit contradictory.

Note: Demoapp will be changed in some subsequent commit, as it depends
on released version of aperture.

Make otel debug and healthcheck ports configurable (910)

[changes]: https://github.com/fluxninja/aperture/compare/releases/aperture-controller/v0.10.0...releases/aperture-controller/v0.11.0

Changelog

List of aperture PRs merged since 0.11.0-rc.1 release. For the full list of changes, see [list of changes][changes]

Add GraphQL Demoapp (911)

Description of change

Update documentation in classifier.proto
- Fix links
- Format sentences

Add graphql-demoapp
- Add GraphQL based demoapp
- Add manifest files for graphql-demoapp

Add DecisionType label to rate_limit_counter metric

Update blueprints
- Add example policy for GraphQL rate limiting
- Update rate-limit lib to include classifiers

Control Point Refactor (948)

Description of change
* Control Point is now just a string.
* Remove the notion of a special traffic control point.
* Update Flow Control Concept docs
* Metric docs cleanup
* Merge flow_status and response_status labels

[changes]: https://github.com/fluxninja/aperture/compare/releases/aperture-controller/v0.11.0-rc.1...releases/aperture-controller/v0.11.0-rc.2

Changelog

List of aperture PRs merged since 0.10.0 release. For the full list of changes, see [list of changes][changes]

Alerter Component (939)

Adds new component for policy circuit that's sending alerts that are later processed by opentelemetry.

Start warning on entity lookup failure in authz and flowcontrol (943)

Added warnings on client IP retrieval failure and entity lookup failure.
Also, converted these failures to fail-early, so they're more
dicsoverable. We might lose some things (like stats) by not processing
such request further, but since we don't have any metadata about
services, such information was not too helpful.

Drive-by:
* Ripped out comments suggesting that on nil EntityCache we do some sort
of fallback service detection via Host – this logic is long gone now.
* Entity cache is assumed to be non-nil.
* Added helpers in grpc package to simplify "log and return grpc error
reusing the same message".
* Refactored if-else to switch-case in authz Check, as `DecisionType !=
REJECTED` was weird to read.
* Removed Eventually() in authz tests, it's no longer needed from some
time.

Improve visibility of sampled logs (929)

by using zerolog.BurstSampler instead of zerolog.RandomSampler. This
ensures that one-off and low-frequency events are always logged.

* Added log.NewRatelimitingSampler() helper that creates
a zerolog.BurstSampler with sane defaults.
* Added log.Autosample() that automates creation of per-message
BurstSampler variables (this is slightly less performant, so it's not
used on datapath).

Also:
* Added log.Bug(), whic is like Panic() (intended for "impossible"
cases), but for "continuable" errors. Currently it's just Autosample()
Warn() + "bug" label, but in future we should add more visibility, like
sentry reporting.

Drive-by:
* Downgraded various non-critical logs from Error to Warn.
* Removed sampling from Trace() logs, as it seems a bit contradictory.

Note: Demoapp will be changed in some subsequent commit, as it depends
on released version of aperture.

Make otel debug and healthcheck ports configurable (910)



[changes]: https://github.com/fluxninja/aperture/compare/releases/aperture-controller/v0.10.0...releases/aperture-controller/v0.11.0-rc.1

Changelog

List of aperture PRs merged since 0.9.0 release. For the full list of changes, see [list of changes][changes]

Learning period via EMA warm up window (921)

Description of change
* EMA emits invalids during warm up by default.
* Increase the EMA warm period in latency gradient policy to 1 minute.
* This would ensure no actuation for at least one minute of initial
traffic while Aperture learns the latency profile of a service.

Remove unused CheckResponse.Error (906)

This field described only authz-specific errors and was filled in
envoy.Handler.Check() response when also returning non-nil error, but in
such case the grpc framework was not using the response anyway.
This field was also used for metrics, but no codepath was actually
setting them, as flowcontrol never set these.

Also:
* Create errors using grpc/status package, so that we have control on
the grpc
status.
* Add missing sampled logs for error conditions.

Drive-by:
* Remove unused error from ClassifierEngine.Classify(), as it's
infallible (all errors are reported individually per-label).
* Remove unused code from authz.go.

Aperture SDK for Javascript (817)

Co-authored-by: Hasit Mistry <hasitfluxninja.com>

Add authzHandler to sdk-validator's grpc server (797)

Description of change
Add authzHandler to sdk-validator's grpc server

- Add CommonHandler
- Refactor FlowControlHandler with CommonHandler

Alerts pipelines (893)

Description of change

This introduces basic pipelines for Alerts including the following.

`alerts.Alerter` interface
This interface is being propagated as part of the platform. It can be
used by any party interested by calling `AddAlert(*alerts.Alert)`
method. In particular, it will be used by components like
https://github.com/fluxninja/aperture/issues/863.
There are helper functions and methods provided to `alerts.Alert` struct
for easy construction of such alerts.

Alerts receiver
This receiver calls `AlertsChan()` method of `alerts.Alerter`, converts
received `alert.Alert` structs into OpenTelemetry Logs format and pushes
into the next consumer.
There are convenient functions provided for easy conversions in both
ways, to be used in the Alertmanager exporter
https://github.com/fluxninja/aperture/issues/862.

Alerts processors
Alerts processor add proper labels to the alerts i.e. `agent_group`,
`instance` and `controller_id`.

Ref: GH-861

flowcontrol: restructure codebase II (898)

Description of change
Making room for adding more APIs (adapters, previews etc) under
flowcontrol.

Document Prometheus metrics and OLAP Flow events (878)

Description of change

Closes: 720

Speed up ser/deserialization of CheckResponse in envoy authz (881)

Now CheckResponse is binary-encoded in protobuf wire format and stored
in DynamicMetadata as base64 string. This speeds up serialization, but
also deserialization (in metrics processor).

No changes in envoyfilter defition were needed as envoy's access logger passes
StringValue from dynamic meatadata as-is (previously, it was JSON-encoding a
StructValue into string)

Note: metrics processor still accepts JSON-encoding, so other SDKs should
continue working without changes.

[changes]: https://github.com/fluxninja/aperture/compare/releases/aperture-controller/v0.9.0...releases/aperture-controller/v0.10.0