Enforcing allowed features - config

[DMallare]

---

• This is a poc for updates to license enforcement, specifically enforcing allowed features in config
• Enforcing allowed features as plugins is addressed in poc: enforcing allowed features #7917
• This is based on the content in this doc
• Tests have not been added yet but will be once we agree on the general direction this poc and the doc proposes
  Checklist

Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review.

• PR description explains the motivation for the change and relevant context for reviewing
• PR description links appropriate GitHub/Jira tickets (creating when necessary)
• Changeset is included for user-facing changes
• Changes are compatible¹
• Documentation² completed
• Performance impact assessed and acceptable
• Metrics and logs are added³ and documented
• Tests added and passing⁴
  • Unit tests
  • Integration tests
  • Manual tests, as necessary

Exceptions

Note any exceptions here

Notes

Footnotes

1. It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this. ↩

2. Configuration is an important part of many changes. Where applicable please try to document configuration examples. ↩

3. A lot of (if not most) features benefit from built-in observability and debug-level logs. Please read this guidance on metrics best-practices. ↩

4. Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions. ↩

[apollo-librarian]

⚠️ Docs preview not attached to branch

The preview was not built because the PR's base branch dmallare/enforcing-allowed-features-plugins is not in the list of sources.

An Apollo team member can comment one of the following commands to dictate which branch to attach the preview to:

• !docs set-base-branch 1.x
• !docs set-base-branch dev

Build ID: 27ab07a639952ed069c2a34e

[github-actions]

@DMallare, please consider creating a changeset entry in /.changesets/. These instructions describe the process and tooling.

[lrlna]

I think we need to figure out the data structure / state for allowed_features. It's state change is not super clear. I left a comment on it in the license_enforcement.rs file. That's probably the only thing to nail down across these two PRs. And again, this will need a bunch of tests, especially integration tests. Otherwise, the direction seems good to me.

[lrlna]

A more philosophical question - if the pricing plan should have all plugins enabled, shouldn't their allowed features just have all the features? It's a bit of strange state as it reads for me right now:

• None - all features are allowed and all plugins should be enabled
• Some(vec![]) - (empty vec) no features are allowed (?)
• Some(vec![AllowedFeature::PersistedQueries]) - only persisted queries are allowed

[DMallare]

Yes, your understanding is correct and I see why it looks strange. The reasoning behind what we have currently has to do with the fact that we are only adding the allowed_features claim to developer/standard licenses for now. In the future, I see us adding this to all types of licenses and then an Enterprise license, for example, would have all allowed features in their claim or maybe even something like ENABLE_ALL - we can discuss once a design for that comes up.

With the current work that is being done without adding the allowed_features claim to Enterprise licenses, having None mean no features enabled would disable everything for Enterprise licenses.