Skip to content

Latest commit

 

History

History
436 lines (319 loc) · 29.8 KB

CHANGELOG.md

File metadata and controls

436 lines (319 loc) · 29.8 KB
Raw

Riposte Changelog / Release Notes

All notable changes to Riposte will be documented in this file. Riposte adheres to Semantic Versioning.

Why pre-1.0 releases?

Riposte is used heavily and is stable internally at Nike, however the wider community may have needs or use cases that we haven't considered. Therefore Riposte will live at a sub-1.0 version for a short time after its initial open source release to give it time to respond quickly to the open source community without ballooning the version numbers. Once its public APIs have stabilized again as an open source project it will be switched to the normal post-1.0 semantic versioning system.

0.x Releases

0.14.0

Released on 2018-11-06.

Updated

  • Updated Riposte to use Netty 4.1.30.Final (up from 4.0.52.Final). Although this is a Netty 4.0 -> 4.1 jump, it should be an invisible upgrade for most Riposte users.

0.13.1

Released on 2018-11-06.

Fixed

  • Fixed the default error response body serializer to not attempt to serialize bodies that are already raw CharSequences. This allows you to output HTML pages for error responses (for example), rather than being forced to use an object that is serialized to JSON.

0.13.0

Released on 2018-04-26.

Potentially breaking changes

Some of the changes in version 0.13.0 can affect what is returned to the caller in some situations. Although these changes are effectively bug fixes that bring Riposte more in line with the HTTP specification, and therefore should be invisible and fully backwards compatible changes for most Riposte users, they can technically change what callers have been receiving for some requests/responses, so it is strongly advised that you look over the changes below to determine what impact updating to 0.13.0 might have for your services.

Fixed

  • Fixed StandardEndpoint responses to force-remove payloads for situations where the HTTP specification forbids returning a payload, including HTTP status code 204, 205, and 304 responses, and responses to HEAD requests (see RFC 2616 Section 4.4 and RFC 2616 Section 10.2.6). Some of these were already being handled by Netty (204, 304), but now 205 and HEAD requests are included.
  • Fixed StandardEndpoints to allow you to specify a non-zero content-length header for HEAD or 304 responses even though the actual payload is empty. See RFC 7230 Section 3.3.2. If you explicitly specify a content-length header in your ResponseInfo then that will be honored, otherwise Riposte will calculate content-length from whatever payload you provide (serialized the same way Riposte would serialize a normal GET 200 response) before dropping the payload for the actual response. This allows you to simply add the HEAD method to the Matcher for your GET endpoint and you will have proper HEAD support without any further changes.
  • Fixed a bug where ProxyRouterEndpoint responses were adding a default application/json content-type header if the downstream system wasn't returning a content-type. ProxyRouterEndpoints will no longer do this.
  • Fixed ProxyRouterEndpoint responses to not force chunked transfer-encoding. After this change, if the downstream returns a content-length and the payload has no chunked transfer encoding applied then that's what will reach the caller. This allows callers to know how big the payload is before it arrives, enabling progress bars (for example). Between this and the previous fix for content-type, Riposte no longer makes any changes to the ProxyRouterEndpoint response from the downstream.

Added

  • Added DelegatedErrorResponseBody - a simple implementation of ErrorResponseBody that allows you to delegate serialization of the error contract to a different object.

Changed

  • Changed the Netty pipeline used by Riposte to use a combined HttpServerCodec handler rather than separate HttpRequestDecoder and HttpResponseEncoder handlers. This allows Netty to detect and fix more HTTP specification violations (e.g. forcing empty payloads on responses to HEAD requests) but is otherwise equivalent. You should not notice any difference with this change unless your service uses a PipelineCreateHook that expects to find a HttpRequestDecoder or HttpResponseEncoder handler in the pipeline - you would need to adjust it to look for the new HttpServerCodec instead.

0.12.2

Released on 2018-04-18.

Changed

  • Changed error handling system to allow you to specify blank response payloads or delegate serialization to an object other than the ErrorResponseBody impl when using custom RiposteErrorHandler and/or RiposteUnhandledErrorHandler impls (specified via your ServerConfig). See the javadocs and source for ErrorResponseBody.bodyToSerialize(), and then RiposteApiExceptionHandler.prepareFrameworkRepresentation(...) and RiposteUnhandledExceptionHandler.prepareFrameworkRepresentation(...) for where you'd hook in.

0.12.1

Released on 2018-02-27.

Changed

  • Changed TypesafeConfigServer to allow you to override the appId and/or environment that are used to load the properties files: see the new overridable TypesafeConfigServer.getAppIdAndEnvironmentPair() method.

0.12.0

Released on 2018-02-14.

Potentially breaking changes

  • StandardEndpoint<InputType, OutputType>s have been adjusted to throw a "missing expected content" HTTP status code 400 error when the caller does not send a payload and InputType is anything other than Void. Previously the endpoint would be executed and you'd have to check RequestInfo.getContent() manually to see if the caller had sent a payload and throw an error yourself to indicate a missing required payload. This change could result in endpoints throwing 400s to callers when they previously did not. Please double-check your StandardEndpoints - if they have a non-Void input type but you want payloads to be optional then you can override the new isRequireRequestContent() endpoint method to return false to keep the previous behavior of the endpoint allowing missing payloads for non-Void input types. More details about this change can be found below.

Added

  • Added EurekaVipAddressRoundRobinWithAzAffinityService to the riposte-service-registration-eureka module. This service will round-robin requests to instances in the same availability zone as the current server. If there are no instances in the current availability zone, it will round-robin instances in all availability zones. Routing requests this way has the advantage of lower response times and lower data transfer costs.
    • Added by cjha in pull request #77.
  • StandardEndpoint<InputType, OutputType>s will now throw a "missing expected content" HTTP status code 400 error if the InputType is not Void (or more specifically, if the requestContentType() method returns something besides null or Void). This means you no longer have to check if RequestInfo.getContent() is null for endpoints that specify an input type. i.e. after this feature addition if a caller does not send a payload to a StandardEndpoint<SomeObject, _> endpoint then they would receive a "missing expected content" 400 error, but if the endpoint was defined StandardEndpoint<Void, _> then the endpoint would be executed normally. If you need to change this behavior for endpoints where the payload is truly optional you can override the endpoint's isRequireRequestContent() method to return false.
  • Added ability to use byte[] as an input type for StandardEndpoint, e.g. StandardEndpoint<byte[], OutputType>. This allows you to specify that you require a payload (see previous change) but that you don't want any deserialization done, i.e. you want to handle the raw payload bytes in the endpoint yourself rather than have Riposte try to interpret it. Previously specifying byte[] as an input type would result in a deserialization error.
  • Added support for automatic gzip/deflate decompression on incoming requests. This defaults to off for ProxyRouterEndpoint so that proxies don't modify payloads as they pass through, but defaults to on for all other endpoint types so that payloads are decompressed before StandardEndpoints execute and payloads deserialized into whatever input type is needed for the endpoint. If you want to change the default decompression behavior for a given endpoint you can override Endpoint.isDecompressRequestPayloadAllowed() to return whatever you need.
  • Added ServerConfig.responseCompressionThresholdBytes() to allow you to specify the payload size threshold after which response payloads will be automatically gzip/deflate compressed (assuming the caller supports compressed responses). This feature already existed but was previously hardcoded to 500 bytes.
  • ProxyRouterEndpoints now have the ability to turn off the automatic subspan around the downstream call (using the new DownstreamRequestFirstChunkInfo.withPerformSubSpanAroundDownstreamCall(boolean) method), and you can now indicate that you do not want tracing headers set on the downstream call (using the new DownstreamRequestFirstChunkInfo.withAddTracingHeadersToDownstreamCall(boolean) method). Previously Riposte would always surround the downstream call with a subspan, and would always set tracing headers. These new options default to the previous behavior, but you can override them with the new behavior methods.
  • Added options to ServerConfig for specifying the max initial line length, max combined header line length, and max chunk size values used when decoding incoming HTTP requests. See ServerConfig.httpRequestDecoderConfig() for details.
  • Added a RequestInfo.addRequestAttribute(...) that exposes how much time was spent waiting for the request payload to arrive (time from first chunk to last chunk), and another for how much time was spent waiting for a connection to be established to the downstream system for a ProxyRouterEndpoint request. Refer to AccessLogStartHandler.REQUEST_PAYLOAD_TRANSFER_TIME_NANOS_REQUEST_ATTR_KEY and ProxyRouterEndpointExecutionHandler.DOWNSTREAM_CALL_CONNECTION_SETUP_TIME_NANOS_REQUEST_ATTR_KEY in your code for the request attribute keys. You may want to consider adding these to your access logs to help diagnose intermittent slow requests.

Fixed

  • Fixed ResponseInfo.withCookies(...) handling when sending responses to serialize the entire Netty Cookie object rather than just name and value. This means the other cookie parameters/properties are now honored and sent as expected, e.g. Max-Age and HTTPOnly. Previously any extra properties beyond cookie name and value were not being sent.
  • Fixed Riposte interaction with Netty ByteBuf when reading incoming request content to use the ByteBuf.readerIndex() rather than assuming index 0. This should have no effect currently but is the correct way to read content from ByteBuf (future-proofing).
  • Fixed some corner cases where server request/response metrics were not being updated (e.g. caller dropping their connection in the middle of the request). In particular this was causing the inflight_requests metric to grow over time if these corner case calls were occurring.
  • Fixed some corner cases where access logs were not being output (e.g. caller dropping their connection in the middle of the request).
    • Also removed span name from access logger output defaults - callers shouldn't be sending this and it's a waste of characters in the log message.
    • Fixed by Nic Munroe in pull request #93.
  • Fixed ProxyRouterEndpoint to no longer send a X-B3-SpanName on downstream calls. Sending that header is not best practice.
  • Fixed the Backstopper Riposte framework listener to detect exceptions for requests that have too-long headers and map them to a 431 HTTP status code rather than a 400. Also adjusted the error messages and metadata sent to the user in the response when HTTP decoding issues like too-long headers are encountered to be more informative.

Updated

Project Build

  • Updated to Kotlin 1.2.21. Doesn't affect anything except the Kotlin sample.

0.11.2

Released on 2017-10-26.

Updated

  • Updated Netty to version 4.0.52.Final.

0.11.1

Released on 2017-10-26.

Added

  • Added the ability to set a default SignatureCalculator through AsyncHttpClientHelper. A SignatureCalculator is executed immediately before the HTTP request is fired, allowing last-second adjustments like creating a request signature header for auth purposes.
  • Added fluent style setters to AsyncHttpClientHelper for a default SignatureCalculator and performSubSpanAroundDownstreamCalls value.
  • Added utility methods to AsyncNettyHelper to enable easily creating CompletableFutures with distributed tracing support built-in (with optional subspans) and optional circuit breaker protection.

0.11.0

Released on 2017-08-11.

Added

  • Added helper methods to SignalFxAwareCodahaleMetricsCollector for easily creating dimensioned metrics.
  • Added Kotlin-based sample (see samples/sample-2-kotlin-todoservice).

Updated

  • Updated Jackson dependency version to 2.8.9.

Project Build

  • Upgraded to Gradle 4.1.

0.10.1

Released on 2017-07-19.

Fixed

  • Fixed ProxyRouterEndpoint processing to include the port in the Host header for the downstream call if the port is not the default for the scheme as per the HTTP spec.

Added

  • Added SignalFxAwareCodahaleMetricsCollector - a CodahaleMetricsCollector that uses SignalFx mechanisms for creating metrics so that they will be tagged with the appropriate global/unique dimensions for your application.

Project Build

  • Upgraded to Gradle 4.0.1.

0.10.0

Released on 2017-06-12.

Fixed

  • Fail-fast on too-big request sizes when possible. If content-length header is larger than the configured max request size we will fail immediately without processing the full request payload.
  • Added methods to RequestBuilderWrapper to enable a user to set the wrapped content (url and method) and then subsequently updated the wrapped AsyncHttpClient.BoundRequestBuilder to keep the two in sync. This removed public fields and now they need to be accessed through getter/setter instead.
  • Fixed more corner-case error handling related to ProxyRouterEndpoint endpoints.
  • Improved handling of invalid HTTP calls - they will now show up in access logs and metrics.

Added

  • Added getPathTemplate method to RequestInfo to enable users to get the matching path template used for the request

0.9.4

Released on 2017-04-26.

Fixed

  • Removed usage of Netty internal class (io.netty.util.internal.OneTimeTask). This prevented use of newer versions of Netty where that class no longer existed.

0.9.3

Released on 2017-04-20.

Fixed

  • Fixed distributed tracing headers for the downstream call when handling ProxyRouterEndpoints. The parent span's information was being passed downstream rather than the sub-span created for the downstream call. The trace ID was correct, but if the downstream call continued the trace then its span would be pointing at the wrong parent. This was fixed to correctly use the sub-span.
  • Fixed several issues related to ProxyRouterEndpoint handling:
    • Fixed incorrect Netty reference counting handling. This could lead to leaks or incorrect over-decrementing. If you saw LEAK: ByteBuf.release() was not called before it's garbage-collected or IllegalReferenceCountExceptions in your logs for data handled by Riposte (i.e. not your application-specific code) then this should now be fixed.
    • Fixed some race conditions that could lead to requests not being processed correctly.
    • Better internal corner-case error handling, leading to less log spam warnings.
    • Improved logging when corner case errors do pop up. If a request is handled in an unexpected way and you have the trace ID from the response headers, then the logs should give you better insight into what happened (e.g. the caller or downstream system dropping connection partway through a request).
    • Fixed by Nic Munroe in pull request #48

0.9.2

Released on 2017-04-18.

Added

  • Refactored the Codahale/Dropwizard metrics system (see CodahaleMetricsListener, CodahaleMetricsListener.Builder, EndpointMetricsHandler, and SignalFxEndpointMetricsHandler for details on the following):
    • You can now set custom metric names and customize Timer/Histogram creation (e.g. so you can use different Reservoirs).
    • Endpoint metrics handling has been split out into a EndpointMetricsHandler interface, allowing you full flexibility for handling endpoint-specific metrics related to requests and responses. A default impl (EndpointMetricsHandlerDefaultImpl) is used for Graphite-style conventions if you don't specify a different impl.
    • SignalFx support has been added via the riposte-metrics-codahale-signalfx module. Wire it up using SignalFxReporterFactory and SignalFxEndpointMetricsHandler.
    • All of this should be opt-in only, i.e. existing Riposte projects using the Codahale metrics system should continue to behave the same way.
    • Added by Nic Munroe in pull request #42.

0.9.1

Released on 2017-03-17.

Fixed

  • Fixed Riposte to honor the ServerConfig.maxRequestSizeInBytes() setting. You can use this to limit incoming request payload size at a global level, with the option to override on a per-endpoint basis via Endpoint.maxRequestSizeInBytesOverride(). Previously this ServerConfig setting existed but was ignored and had no effect.
  • Fixed ProxyRouterEndpoints so that they will honor any incoming content-length header rather than the previous behavior of removing content-length and replacing it with transfer-encoding=chunked.
  • Fixed request handling to detect when Netty marks a request chunk as a decoder failure (i.e. bad/non-HTTP spec requests). These errors will now be mapped to an appropriate HTTP status code 400 response for the caller. Previously this was incorrectly resulting in a 404-not-found response.

0.9.0

Released on 2017-02-28.

Added

  • Added ability for RequestAndResponseFilter to be executed before or after security validation depending on the value of RequestAndResponseFilter.shouldExecuteBeforeSecurityValidation().
  • Added functionality to detect bad or incomplete HTTP calls and return an appropriate error to the caller in those cases. Timeout value controlled via the new ServerConfig.incompleteHttpCallTimeoutMillis() config option.

Updated

  • Updated Backstopper dependency version to 0.11.1. This version added convenience constructor to ApiErrorWithMetadata that takes a vararg of Pair<String, Object> so that you can inline the extra metadata without having to create and populate a Map separately.

0.8.3

Released on 2017-02-15.

Updated

  • Updated Fastbreak dependency version to 0.10.0. This should be an invisible update for most users, however it might require a minor refactor if you used Fastbreak's manual/callback mode in your code. Now, instead of calling throwExceptionIfCircuitBreakerIsOpen(), handleEvent(...), and handleException(...) directly on CircuitBreaker you must first call CircuitBreaker.newManualModeTask() which will return a ManualModeTask interface. That ManualModeTask interface now contains the methods that were moved out of CircuitBreaker.

0.8.2

Released on 2016-12-12.

Added

  • Added Forbidden403Exception typed exception for 403/forbidden responses.

Fixed

  • Fixed request path to be URL decoded by default. This also fixes path parameters so they are URL decoded by default as well.
  • Fixed CodahaleMetricsListener to support short circuiting non-endpoint calls (e.g. short circuiting request filters).

Updated

0.8.1

Released on 2016-11-04.

Updated

  • Updated Backstopper dependency version to 0.9.2.

0.8.0

Released on 2016-11-03.

Added

  • Initial open source code drop for Riposte.