Allow the GraphQL controller to whitelist some expensive queries
What does this MR do?
We have some large central GraphQL types in our schema which have become difficult to test thoroughly. Selecting all fields of a merge request creates queries which when run exceed our per-request DB query limit (130 queries, the limit is 100).
These queries exceed our complexity threshold, so would be denied in production, but we need to be able to run these very expensive requests in tests in order to exhaustively test every field in the GraphQL schema.
We cannot do the whitelisting in the test code, due to the controller API boundary (the request transaction has not even started when the test is called) - we have to do this in the controller.
To handle this, we allow the controller to accept a custom header, which we use to disable the transaction limit.
This limit is disabled in production, so this only has an effect on tests, and there is no scope for abuse by attackers.
Does this MR meet the acceptance criteria?
As a developer facing unit testing focused change, this does not require a changelog entry.
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.