Page MenuHomePhabricator
Create Task
Maniphest T333131

Page analytics Implement header function
Closed, ResolvedPublic
Actions

Description

Ke task of Epic Page Analytics service - T288296
Background/Goal

Read T325827 for context

When executed locally, the new AQS 2.0 services are currently not sending the same response headers as the existing production service are when executed from our production infrastructure. Notably, there are differences in security- and caching-related headers, as well as some others. So as a part the above mentioned task a function has been created in aqassist to return some of these headers from code>

Acceptance Criteria
The service should be updated to implement the aqassist function, unit tests for the same should be added

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
unit tests and some other improvements: This MR includes unit tests and some other improvements (more details here: https://phabricator.wikimedia.org/T342028):generated-data-platform/aqs/page-analyticsmain+5 K -1 K
Test: fixes failing test issue regarding data typegenerated-data-platform/aqs/page-analyticsmain+6 -3
Request headers: add relevant data to security header in accordance with previous APIgenerated-data-platform/aqs/page-analyticsmain+35 -16
Customize query in gerrit

Related Objects
Search...

Event Timeline

SGupta-WMF created this task.Mar 27 2023, 9:13 AM
SGupta-WMF removed SGupta-WMF as the assignee of this task.Mar 27 2023, 9:17 AM
JArguello-WMF removed a project: API Platform (Sprint 06).Mar 28 2023, 6:42 PM
JArguello-WMF moved this task from Incoming to AQS 2.0 Backlog on the AQS2.0 board.May 1 2023, 1:28 PM
SGupta-WMF edited projects, added AQS2.0 (Sprint 10); removed AQS2.0.May 5 2023, 4:26 AM
FGoodwin claimed this task.May 9 2023, 1:46 PM
Emeka-okechukwu unsubscribed.May 9 2023, 3:45 PM
Emeka-okechukwu subscribed.
Emeka-okechukwu unsubscribed.
FGoodwin moved this task from Next Up to In Progress on the AQS2.0 (Sprint 10) board.May 9 2023, 4:30 PM
Sfaci added a parent task: T288296: AQS 2.0: Page Analytics Service.May 11 2023, 8:49 AM
gerritbot added a comment.May 11 2023, 1:43 PM

Change 918553 had a related patch set uploaded (by Fgoodwin; author: Fgoodwin):

[generated-data-platform/aqs/page-analytics@main] Request headers: add relevant data to security header in accordance with previous API

https://gerrit.wikimedia.org/r/918553

gerritbot added a project: Patch-For-Review.May 11 2023, 1:43 PM
gerritbot added a comment.May 13 2023, 12:51 AM

Change 918553 merged by Santiago Faci:

[generated-data-platform/aqs/page-analytics@main] Request headers: add relevant data to security header in accordance with previous API

https://gerrit.wikimedia.org/r/918553

Sfaci moved this task from In Progress to In code Review/ Tech Input on the AQS2.0 (Sprint 10) board.May 13 2023, 12:54 AM
FGoodwin moved this task from In code Review/ Tech Input to Done on the AQS2.0 (Sprint 10) board.May 13 2023, 12:59 AM
Maintenance_bot removed a project: Patch-For-Review.May 13 2023, 1:11 AM
Sfaci moved this task from Done to Ready for Testing on the AQS2.0 (Sprint 10) board.May 15 2023, 11:07 AM
Sfaci moved this task from Ready for Testing to In Progress on the AQS2.0 (Sprint 10) board.May 15 2023, 4:17 PM
Sfaci subscribed.EditedMay 16 2023, 9:53 AM

Once security headers are set, we have found some errors that we should fix before moving on this ticket. Some of them were already present and some others are new because some data has changed in the last version of the aqs-docker-test-env:

  1. There are some errors related to some data that is currently missing in the new version of aqs-docker-test-env. Some specific dates are not valid and we should use new ones for some unit tests
    • To fix that, we should look for date values that provides data and use them in the URL we are using for the use case
  2. There are some errors related to a structure (httperr) where detail field is declared as an array. But the actual response body for these errors is returning an string to provide the detail
    • In some of the test files there are two structures (httperr and httperrA). All tests are using httperr where detail is declared as an array but in these cases we should use httperrA because it's the one that declares detail as a string. We can also remove the unused httperr structure because it's something we won't need anymore.
  3. There are one error related to some specific data that never existed in the aqs-docker-test-env. We should add it.
    • For this case we need to add some data with monthly granularity to the local_group_default_T_pageviews_per_article_flat dataset. It would be enough if we add a set of similar data with monthly granularity because it's what this test case try to test.
SGupta-WMF added a comment.May 22 2023, 10:53 AM

@FGoodwin @Sfaci I have made some changes for

here are some errors related to a structure (httperr) where detail field is declared as an array. But the actual response body for these errors is returning an string to provide the detail
In some of the test files there are two structures (httperr and httperrA). All tests are using httperr where detail is declared as an array but in these cases we should use httperrA because it's the one that declares detail as a string. We can also remove the unused httperr structure because it's something we won't need anymore.

in my MR
https://gerrit.wikimedia.org/r/c/generated-data-platform/aqs/page-analytics/+/919472

BPirkle added a comment.May 22 2023, 3:47 PM

I just merged the MR that @SGupta-WMF mentioned, so if you rebase you'll get those changes.

gerritbot added a comment.May 26 2023, 2:20 PM

Change 923569 had a related patch set uploaded (by Fgoodwin; author: Fgoodwin):

[generated-data-platform/aqs/page-analytics@main] Test: fixes failing test issue regarding data type

https://gerrit.wikimedia.org/r/923569

gerritbot added a project: Patch-For-Review.May 26 2023, 2:20 PM
SGupta-WMF added a comment.May 29 2023, 9:06 AM

HI @FGoodwin Please confirm if this is ready for code review.

JArguello-WMF reassigned this task from FGoodwin to Atieno.Jun 7 2023, 2:15 PM
JArguello-WMF added a subscriber: FGoodwin.
JArguello-WMF updated the task description. (Show Details)Jun 8 2023, 12:26 PM
JArguello-WMF mentioned this in T288296: AQS 2.0: Page Analytics Service.Jun 8 2023, 12:29 PM
Sfaci moved this task from In Progress to Ready for Code Review/ Ready for Tech input on the AQS2.0 (Sprint 10) board.Jul 17 2023, 9:09 AM
gerritbot added a comment.Jul 17 2023, 9:11 AM

Change 923569 abandoned by Sg912:

[generated-data-platform/aqs/page-analytics@main] Test: fixes failing test issue regarding data type

Reason:

https://gerrit.wikimedia.org/r/923569

Sfaci moved this task from Ready for Code Review/ Ready for Tech input to In Progress on the AQS2.0 (Sprint 10) board.Jul 17 2023, 9:15 AM
Sfaci moved this task from In Progress to Ready for Testing on the AQS2.0 (Sprint 10) board.Jul 17 2023, 9:18 AM
Maintenance_bot removed a project: Patch-For-Review.Jul 17 2023, 9:32 AM
Sfaci reassigned this task from Atieno to EChukwukere-WMF.Jul 19 2023, 10:47 AM
Sfaci added a subscriber: Atieno.
EChukwukere-WMF moved this task from Ready for Testing to In Testing on the AQS2.0 (Sprint 10) board.Jul 27 2023, 10:29 PM
EChukwukere-WMF added a comment.Aug 7 2023, 3:59 AM

I do believe my repo is updated for page analytics

@Sfaci according to T325827 the below are the header keys to be added:

  • accept-ch
  • accept-ranges
  • access-control-allow-headers
  • access-control-allow-methods
  • access-control-allow-origin
  • access-control-expose-headers
  • cache-control
  • content-security-policy
  • nel
  • permissions-policy
  • referrer-policy
  • report-to
  • strict-transport-security
  • vary
  • x-content-type-options
  • x-frame-options
  • x-xss-protection

When I check page analytics locally I see the below in the header

{
   "Access-Control-Allow-Headers":"accept, content-type, content-length, cache-control, accept-language, api-user-agent, if-match, if-modified-since, if-none-match, dnt, accept-encoding",
   "Access-Control-Allow-Methods":"GET,HEAD",
   "Access-Control-Allow-Origin":"*",
   "Access-Control-Expose-Headers":"etag",
   "Cache-Control":"s-maxage=14400, max-age=14400",
   "Content-Security-Policy":"default-src 'none'; frame-ancestors 'none'",
   "Content-Type":"application/json; charset=utf-8",
   "Referrer-Policy":"origin-when-cross-origin",
   "X-Content-Type-Options":"nosniff",
   "X-Frame-Options":"deny",
   "X-Xss-Protection":"1; mode=block",
   "Date":"Mon, 07 Aug 2023 03:46:47 GMT",
   "Transfer-Encoding":"chunked"
}

I want to confirm if the missing header keys from the list not necessary ?

EChukwukere-WMF added a subscriber: WDoranWMF.Aug 7 2023, 4:04 AM
Sfaci added a comment.Aug 7 2023, 7:58 AM

As far as I know, that full headers list doesn't mean "all the headers we have to add locally". I think it means something like "all the header that every service has to have". Some of them has to be added locally and others by the rest of the software layers.

In the task you mentioned T325827: AQS 2.0 Response Headers - resolve differences with production, a lot of headers are mentioned in the description but, during the conversation, for example Hugh commented that some of these headers are provided for the ATS Edge (Apache Traffic Server?). Later Surbhi list all the headers we have to add locally. What we did was to create a aqsassist function to provide all these local headers.

At this moment, that function is adding the following ones:

var HeadersToAdd = map[string]string{
	"access-control-allow-headers":  "accept, content-type, content-length, cache-control, accept-language, api-user-agent, if-match, if-modified-since, if-none-match, dnt, accept-encoding",
	"access-control-allow-methods":  "GET,HEAD",
	"access-control-allow-origin":   "*",
	"access-control-expose-headers": "etag",
	"cache-control":                 "s-maxage=14400, max-age=14400",
	"referrer-policy":               "origin-when-cross-origin",
	"x-content-type-options":        "nosniff",
	"x-xss-protection":              "1; mode=block",
	"x-frame-options":               "deny",
	"content-type":                  "application/json; charset=utf-8",
	"content-security-policy":       "default-src 'none'; frame-ancestors 'none'",
}

And we are adding 'Etag' header as well but maybe that improvement is not ready in the code that is available in the page-analytics' repo (we are currently working on this service). That was added later and didn't exist when this task was created, and maybe page-analytics is using a previous version of the aqsassist function.

That's why the acceptance criteria for this task is:

Acceptance Criteria
The service should be updated to implement the aqassist function, unit tests for the same should be added

And that is done, so I think the task can be considered as done as well. Anyway, if you prefer, we can keep this task until the entire service is ready. That way, when we push all the code, you could test it properly even with the new 'Etag' header.

Sfaci added a comment.Aug 7 2023, 9:07 AM

@SGupta-WMF could you please review my previous comment and correct me if I'm wrong? You probably have more context about this topic

SGupta-WMF added a comment.Aug 7 2023, 9:14 AM

Hi @Sfaci @EChukwukere-WMF So as a part of header implementation , some of the headers come from code and others from infrastructure ( which can be anything ATS edge / API gateway ) . Since we are testing locally these headers should be present (coming from code base)
access-control-allow-headers
access-control-allow-methods
access-control-allow-origin
access-control-expose-headers
content-security-policy
referrer-policy
x-content-type-options
x-frame-options
x-xss-protection
cache-control
content-type
etag

The other headers are not to be tested on local

EChukwukere-WMF added a comment.Aug 7 2023, 2:55 PM

@SGupta-WMF @Sfaci thanks for the clarification.

Hence from my local it seems the etag key is missing in the headers,, unless there is an update I am not aware of

{
   "Access-Control-Allow-Headers":"accept, content-type, content-length, cache-control, accept-language, api-user-agent, if-match, if-modified-since, if-none-match, dnt, accept-encoding",
   "Access-Control-Allow-Methods":"GET,HEAD",
   "Access-Control-Allow-Origin":"*",
   "Access-Control-Expose-Headers":"etag",
   "Cache-Control":"s-maxage=14400, max-age=14400",
   "Content-Security-Policy":"default-src 'none'; frame-ancestors 'none'",
   "Content-Type":"application/json; charset=utf-8",
   "Referrer-Policy":"origin-when-cross-origin",
   "X-Content-Type-Options":"nosniff",
   "X-Frame-Options":"deny",
   "X-Xss-Protection":"1; mode=block",
   "Date":"Mon, 07 Aug 2023 03:46:47 GMT",
   "Transfer-Encoding":"chunked"
}
Sfaci added a comment.Aug 7 2023, 5:08 PM

"Etag" header is not added yet in the code that is available in the repo. It's already added in the code I'm working on but I had to pause some related task to prioritize the test environments.

In a few days I hope to push an interesting MR with this and other improvements for page-analytics.

EChukwukere-WMF added a comment.Aug 7 2023, 5:12 PM

Ok I will put this back in progress then.

EChukwukere-WMF reassigned this task from EChukwukere-WMF to Sfaci.Aug 7 2023, 5:13 PM
EChukwukere-WMF moved this task from In Testing to In Progress on the AQS2.0 (Sprint 10) board.
Sfaci moved this task from In Progress to Blocked/Paused on the AQS2.0 (Sprint 10) board.Aug 8 2023, 8:22 AM
gerritbot added a comment.Aug 9 2023, 12:37 PM

Change 947334 had a related patch set uploaded (by Santiago Faci; author: Santiago Faci):

[generated-data-platform/aqs/page-analytics@main] unit tests and some other improvements: This MR includes unit tests and some other improvements (more details here: https://phabricator.wikimedia.org/T342028):

https://gerrit.wikimedia.org/r/947334

gerritbot added a project: Patch-For-Review.Aug 9 2023, 12:37 PM
Sfaci reassigned this task from Sfaci to SGupta-WMF.Aug 9 2023, 12:41 PM
Sfaci moved this task from Blocked/Paused to Ready for Code Review/ Ready for Tech input on the AQS2.0 (Sprint 10) board.
SGupta-WMF moved this task from Ready for Code Review/ Ready for Tech input to In code Review/ Tech Input on the AQS2.0 (Sprint 10) board.Aug 14 2023, 11:43 AM
Sfaci added a project: Test Kitchen (Sprint 00).Aug 23 2023, 1:03 PM
Sfaci moved this task from Sprint Backlog to In code review / Tech Input on the Test Kitchen (Sprint 00) board.Aug 23 2023, 1:08 PM
Sfaci moved this task from In code review / Tech Input to Paused on the Test Kitchen (Sprint 00) board.Aug 23 2023, 1:58 PM
Sfaci moved this task from Paused to BLOCKED on the Test Kitchen (Sprint 00) board.Aug 23 2023, 2:06 PM
SGupta-WMF reassigned this task from SGupta-WMF to Sfaci.Aug 25 2023, 11:06 AM
SGupta-WMF moved this task from BLOCKED to In Process on the Test Kitchen (Sprint 00) board.
Sfaci moved this task from In Process to BLOCKED on the Test Kitchen (Sprint 00) board.Aug 25 2023, 3:36 PM
Sfaci moved this task from BLOCKED to Paused on the Test Kitchen (Sprint 00) board.Aug 25 2023, 4:31 PM
Sfaci removed a project: AQS2.0 (Sprint 10).Aug 25 2023, 4:34 PM
Sfaci moved this task from Paused to In Process on the Test Kitchen (Sprint 00) board.Sep 4 2023, 8:43 AM
Sfaci moved this task from In Process to Ready for Code Review on the Test Kitchen (Sprint 00) board.Sep 4 2023, 2:35 PM
Sfaci reassigned this task from Sfaci to SGupta-WMF.Sep 4 2023, 2:37 PM
gerritbot added a comment.Sep 6 2023, 11:47 AM

Change 947334 merged by Santiago Faci:

[generated-data-platform/aqs/page-analytics@main] unit tests and some other improvements: This MR includes unit tests and some other improvements (more details here: https://phabricator.wikimedia.org/T342028):

https://gerrit.wikimedia.org/r/947334

Sfaci reassigned this task from SGupta-WMF to EChukwukere-WMF.Sep 6 2023, 11:48 AM
Sfaci moved this task from Ready for Code Review to Ready for Testing on the Test Kitchen (Sprint 00) board.
Maintenance_bot removed a project: Patch-For-Review.Sep 6 2023, 12:10 PM
Sfaci edited projects, added Test Kitchen (Sprint 01); removed Test Kitchen (Sprint 00).Sep 12 2023, 2:17 PM
Sfaci removed subscribers: Atieno, FGoodwin, BPirkle.
Sfaci moved this task from Sprint Backlog to Ready for Testing on the Test Kitchen (Sprint 01) board.Sep 12 2023, 2:20 PM
EChukwukere-WMF moved this task from Ready for Testing to In Testing on the Test Kitchen (Sprint 01) board.Sep 14 2023, 7:26 PM
EChukwukere-WMF added a comment.Sep 14 2023, 7:32 PM

Test status : QA PASS

code level headers from aqassist code :-

access-control-allow-headers
access-control-allow-methods
access-control-allow-origin
access-control-expose-headers
content-security-policy
referrer-policy
x-content-type-options
x-frame-options
x-xss-protection
cache-control
content-type

header from page analytics service:

{
   "Access-Control-Allow-Headers":"accept, content-type, content-length, cache-control, accept-language, api-user-agent, if-match, if-modified-since, if-none-match, dnt, accept-encoding",
   "Access-Control-Allow-Methods":"GET,HEAD",
   "Access-Control-Allow-Origin":"*",
   "Access-Control-Expose-Headers":"etag",
   "Cache-Control":"s-maxage=14400, max-age=14400",
   "Content-Security-Policy":"default-src 'none'; frame-ancestors 'none'",
   "Content-Type":"application/json; charset=utf-8",
   "Etag":"W/\"20-da39a3ee5e6b4b0d3255bfef95601890afd80709\"",
   "Referrer-Policy":"origin-when-cross-origin",
   "X-Content-Type-Options":"nosniff",
   "X-Frame-Options":"deny",
   "X-Xss-Protection":"1; mode=block",
   "Date":"Thu, 14 Sep 2023 19:22:45 GMT",
   "Transfer-Encoding":"chunked"
}

This matches what is expected from the headers keys for the Page analytics service

EChukwukere-WMF moved this task from In Testing to Done on the Test Kitchen (Sprint 01) board.Sep 14 2023, 7:32 PM
WDoranWMF closed this task as Resolved.Nov 20 2023, 6:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits