这是indexloc提供的服务,不要输入任何密码
Skip to content

option to disable metadata and graphql apis (close #1088) #1650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Feb 28, 2019
Merged

option to disable metadata and graphql apis (close #1088) #1650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
7a1f3f5
Add flag/EnvVar to enable/disable RQL/GraphQL interfaces
nizar-m Feb 21, 2019
4e0a20f
Tests for enabling/disabling RQL/GraphQL interfaces
nizar-m Feb 22, 2019
2c21e00
`Merge branch 'master' of github.com:hasura/graphql-engine into issue…
nizar-m Feb 22, 2019
97e4081
Fix test-server.sh: Kill GraphQL after rql disabled test
nizar-m Feb 22, 2019
1e334ff
Add docs for server interfaces flag/envVar
nizar-m Feb 22, 2019
f79043f
Change `allowed interfaces` to `enabled APIs`
nizar-m Feb 26, 2019
beed128
Move all enableRQL queries to one block
nizar-m Feb 26, 2019
676f21f
Change RQL To METADATA
nizar-m Feb 26, 2019
fb27d8e
Merge branch 'master' of github.com:hasura/graphql-engine into issue-…
nizar-m Feb 26, 2019
6a59b02
Merge branch 'master' into issue-1088
0x777 Feb 28, 2019
0e9ec4d
Show the allowed values for API in docs
nizar-m Feb 28, 2019
acb56cc
Merge branch 'master' into issue-1088
shahidhk Feb 28, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 58 additions & 25 deletions .circleci/test-server.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,12 @@ combine_hpc_reports() {
rm graphql-engine.tix || true
}

kill_hge_and_combine_hpc_reports() {
kill -INT $PID
wait $PID || true
combine_hpc_reports
}

if [ -z "${HASURA_GRAPHQL_DATABASE_URL:-}" ] ; then
echo "Env var HASURA_GRAPHQL_DATABASE_URL is not set"
exit 1
Expand Down Expand Up @@ -147,9 +153,7 @@ wait_for_port 8080

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET"

kill -INT $PID
sleep 4
combine_hpc_reports
kill_hge_and_combine_hpc_reports

##########
echo -e "\n<########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT #####################################>\n"
Expand All @@ -162,9 +166,7 @@ export HASURA_GRAPHQL_JWT_SECRET="$(jq -n --arg key "$(cat $OUTPUT_FOLDER/ssl/jw

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --hge-jwt-key-file="$OUTPUT_FOLDER/ssl/jwt_private.key" --hge-jwt-conf="$HASURA_GRAPHQL_JWT_SECRET"

kill -INT $PID
sleep 4
combine_hpc_reports
kill_hge_and_combine_hpc_reports

unset HASURA_GRAPHQL_JWT_SECRET

Expand All @@ -176,9 +178,7 @@ export HASURA_GRAPHQL_JWT_SECRET="$(jq -n --arg key "$(cat $OUTPUT_FOLDER/ssl/jw

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --hge-jwt-key-file="$OUTPUT_FOLDER/ssl/jwt_private.key" --hge-jwt-conf="$HASURA_GRAPHQL_JWT_SECRET" test_jwt.py

kill -INT $PID
sleep 4
combine_hpc_reports
kill_hge_and_combine_hpc_reports

unset HASURA_GRAPHQL_JWT_SECRET

Expand All @@ -193,11 +193,52 @@ wait_for_port 8080

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --test-cors test_cors.py

kill -INT $PID
sleep 4
combine_hpc_reports
kill_hge_and_combine_hpc_reports

unset HASURA_GRAPHQL_CORS_DOMAIN

echo -e "\n<########## TEST GRAPHQL-ENGINE WITH GRAPHQL DISABLED ########>\n"

export HASURA_GRAPHQL_ENABLED_APIS="metadata"

"$GRAPHQL_ENGINE" serve >> "$OUTPUT_FOLDER/graphql-engine.log" 2>&1 & PID=$!

wait_for_port 8080

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --test-graphql-disabled test_apis_disabled.py

kill_hge_and_combine_hpc_reports

unset HASURA_GRAPHQL_ENABLED_APIS

"$GRAPHQL_ENGINE" serve --enabled-apis metadata >> "$OUTPUT_FOLDER/graphql-engine.log" 2>&1 & PID=$!

wait_for_port 8080

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --test-graphql-disabled test_apis_disabled.py

kill_hge_and_combine_hpc_reports

echo -e "\n<########## TEST GRAPHQL-ENGINE WITH METADATA DISABLED ########>\n"

export HASURA_GRAPHQL_ENABLED_APIS="graphql"

"$GRAPHQL_ENGINE" serve >> "$OUTPUT_FOLDER/graphql-engine.log" 2>&1 & PID=$!

wait_for_port 8080

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --test-metadata-disabled test_apis_disabled.py

kill_hge_and_combine_hpc_reports
unset HASURA_GRAPHQL_ENABLED_APIS

"$GRAPHQL_ENGINE" serve --enabled-apis graphql >> "$OUTPUT_FOLDER/graphql-engine.log" 2>&1 & PID=$!

wait_for_port 8080

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --test-metadata-disabled test_apis_disabled.py

kill_hge_and_combine_hpc_reports

# webhook tests

Expand All @@ -223,25 +264,21 @@ if [ "$RUN_WEBHOOK_TESTS" == "true" ] ; then

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --hge-webhook="$HASURA_GRAPHQL_AUTH_HOOK"

kill -INT $PID
sleep 4
combine_hpc_reports
kill_hge_and_combine_hpc_reports

echo -e "\n<########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET & WEBHOOK (POST) #########################>\n"
export HASURA_GRAPHQL_AUTH_HOOK_MODE="POST"

"$GRAPHQL_ENGINE" serve >> "$OUTPUT_FOLDER/graphql-engine.log" 2>&1 & PID=$!

wait_for_port 8080
wait_for_port 8080

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --hge-webhook="$HASURA_GRAPHQL_AUTH_HOOK"

rm /etc/ssl/certs/webhook.crt
update-ca-certificates

kill -INT $PID
sleep 4
combine_hpc_reports
kill_hge_and_combine_hpc_reports

echo -e "\n<########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET & HTTPS INSECURE WEBHOOK (GET) ########>\n"
export HASURA_GRAPHQL_AUTH_HOOK_MODE="GET"
Expand All @@ -252,9 +289,7 @@ if [ "$RUN_WEBHOOK_TESTS" == "true" ] ; then

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --hge-webhook="$HASURA_GRAPHQL_AUTH_HOOK" --test-webhook-insecure test_webhook_insecure.py

kill -INT $PID
sleep 4
combine_hpc_reports
kill_hge_and_combine_hpc_reports

echo -e "\n<########## TEST GRAPHQL-ENGINE WITH ADMIN_SECRET & HTTPS INSECURE WEBHOOK (POST) ########>\n"
export HASURA_GRAPHQL_AUTH_HOOK_MODE="POST"
Expand All @@ -265,9 +300,7 @@ if [ "$RUN_WEBHOOK_TESTS" == "true" ] ; then

pytest -vv --hge-url="$HGE_URL" --pg-url="$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --hge-webhook="$HASURA_GRAPHQL_AUTH_HOOK" --test-webhook-insecure test_webhook_insecure.py

kill -INT $PID
sleep 4
combine_hpc_reports
kill_hge_and_combine_hpc_reports

kill $WH_PID

Expand Down
3 changes: 3 additions & 0 deletions docs/graphql/manual/deployment/graphql-engine-flags/reference.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,9 @@ For ``serve`` sub-command these are the flags and ENV variables available:
- ``HASURA_GRAPHQL_TX_ISOLATION``
- transaction isolation. read-committed / repeatable-read / serializable (default: read-commited)

* - ``--enabled-apis <APIS>``
- ``HASURA_GRAPHQL_ENABLED_APIS``
- Comma separated list of APIs (metadata & graphql) to be enabled. (default: ``metadata,graphql``)

.. note::
When the equivalent flags for environment variables are used, the flags will take precedence.
5 changes: 3 additions & 2 deletions server/src-exec/Main.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ parseHGECommand =
<*> parseCorsConfig
<*> parseEnableConsole
<*> parseEnableTelemetry
<*> parseEnabledAPIs

parseArgs :: IO HGEOptions
parseArgs = do
Expand Down Expand Up @@ -101,7 +102,7 @@ main = do
let logger = mkLogger loggerCtx
case hgeCmd of
HCServe so@(ServeOptions port host cp isoL mAdminSecret mAuthHook mJwtSecret
mUnAuthRole corsCfg enableConsole enableTelemetry) -> do
mUnAuthRole corsCfg enableConsole enableTelemetry enabledAPIs) -> do
-- log serve options
unLogger logger $ serveOptsToLog so
hloggerCtx <- mkLoggerCtx $ defaultLoggerSettings False
Expand All @@ -123,7 +124,7 @@ main = do

pool <- Q.initPGPool ci cp
(app, cacheRef) <- mkWaiApp isoL loggerCtx pool httpManager
am corsCfg enableConsole enableTelemetry
am corsCfg enableConsole enableTelemetry enabledAPIs

let warpSettings = Warp.setPort port $ Warp.setHost host Warp.defaultSettings

Expand Down
71 changes: 42 additions & 29 deletions server/src-lib/Hasura/Server/App.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import qualified Data.ByteString.Lazy as BL
import qualified Data.FileEmbed as FE
#endif
import qualified Data.HashMap.Strict as M
import qualified Data.HashSet as S
import qualified Data.Text as T
import qualified Network.HTTP.Client as HTTP
import qualified Network.HTTP.Types as N
Expand Down Expand Up @@ -89,13 +90,14 @@ mkConsoleHTML path authMode enableTelemetry =

data ServerCtx
= ServerCtx
{ scIsolation :: Q.TxIsolation
, scPGPool :: Q.PGPool
, scLogger :: L.Logger
, scCacheRef :: IORef SchemaCache
, scCacheLock :: MVar ()
, scAuthMode :: AuthMode
, scManager :: HTTP.Manager
{ scIsolation :: Q.TxIsolation
, scPGPool :: Q.PGPool
, scLogger :: L.Logger
, scCacheRef :: IORef SchemaCache
, scCacheLock :: MVar ()
, scAuthMode :: AuthMode
, scManager :: HTTP.Manager
, scEnabledAPIs :: S.HashSet API
}

data HandlerCtx
Expand All @@ -108,6 +110,12 @@ data HandlerCtx

type Handler = ExceptT QErr (ReaderT HandlerCtx IO)

isMetadataEnabled :: ServerCtx -> Bool
isMetadataEnabled sc = S.member METADATA $ scEnabledAPIs sc

isGraphQLEnabled :: ServerCtx -> Bool
isGraphQLEnabled sc = S.member GRAPHQL $ scEnabledAPIs sc

-- {-# SCC parseBody #-}
parseBody :: (FromJSON a) => Handler a
parseBody = do
Expand Down Expand Up @@ -289,8 +297,9 @@ mkWaiApp
-> CorsConfig
-> Bool
-> Bool
-> S.HashSet API
-> IO (Wai.Application, IORef SchemaCache)
mkWaiApp isoLevel loggerCtx pool httpManager mode corsCfg enableConsole enableTelemetry = do
mkWaiApp isoLevel loggerCtx pool httpManager mode corsCfg enableConsole enableTelemetry apis = do
cacheRef <- do
pgResp <- runExceptT $ peelRun emptySchemaCache adminUserInfo
httpManager pool Q.Serializable buildSchemaCache
Expand All @@ -300,7 +309,7 @@ mkWaiApp isoLevel loggerCtx pool httpManager mode corsCfg enableConsole enableTe

let serverCtx =
ServerCtx isoLevel pool (L.mkLogger loggerCtx) cacheRef
cacheLock mode httpManager
cacheLock mode httpManager apis

spockApp <- spockAsApp $ spockT id $
httpApp corsCfg serverCtx enableConsole enableTelemetry
Expand All @@ -318,41 +327,45 @@ httpApp corsCfg serverCtx enableConsole enableTelemetry = do
middleware $ corsMiddleware (mkDefaultCorsPolicy corsCfg)

-- API Console and Root Dir
when enableConsole serveApiConsole
when (enableConsole && enableMetadata) serveApiConsole

get "v1/version" $ do
uncurry setHeader jsonHeader
lazyBytes $ encode $ object [ "version" .= currentVersion ]

get ("v1/template" <//> var) tmpltGetOrDeleteH
post ("v1/template" <//> var) tmpltPutOrPostH
put ("v1/template" <//> var) tmpltPutOrPostH
delete ("v1/template" <//> var) tmpltGetOrDeleteH
when enableMetadata $ do
get ("v1/template" <//> var) tmpltGetOrDeleteH
post ("v1/template" <//> var) tmpltPutOrPostH
put ("v1/template" <//> var) tmpltPutOrPostH
delete ("v1/template" <//> var) tmpltGetOrDeleteH

post "v1/query" $ mkSpockAction encodeQErr serverCtx $ do
query <- parseBody
v1QueryHandler query
post "v1/query" $ mkSpockAction encodeQErr serverCtx $ do
query <- parseBody
v1QueryHandler query

post "v1alpha1/graphql/explain" $ mkSpockAction encodeQErr serverCtx $ do
expQuery <- parseBody
gqlExplainHandler expQuery
post ("api/1/table" <//> var <//> var) $ \tableName queryType ->
mkSpockAction encodeQErr serverCtx $
legacyQueryHandler (TableName tableName) queryType

post "v1alpha1/graphql" $ mkSpockAction GH.encodeGQErr serverCtx $ do
query <- parseBody
v1Alpha1GQHandler query
when enableGraphQL $ do
post "v1alpha1/graphql/explain" $ mkSpockAction encodeQErr serverCtx $ do
expQuery <- parseBody
gqlExplainHandler expQuery

-- get "v1alpha1/graphql/schema" $
-- mkSpockAction encodeQErr serverCtx v1Alpha1GQSchemaHandler
post "v1alpha1/graphql" $ mkSpockAction GH.encodeGQErr serverCtx $ do
query <- parseBody
v1Alpha1GQHandler query

post ("api/1/table" <//> var <//> var) $ \tableName queryType ->
mkSpockAction encodeQErr serverCtx $
legacyQueryHandler (TableName tableName) queryType
-- get "v1alpha1/graphql/schema" $
-- mkSpockAction encodeQErr serverCtx v1Alpha1GQSchemaHandler

hookAny GET $ \_ -> do
forM_ [GET,POST] $ \m -> hookAny m $ \_ -> do
let qErr = err404 NotFound "resource does not exist"
raiseGenericApiError qErr

where
enableGraphQL = isGraphQLEnabled serverCtx
enableMetadata = isMetadataEnabled serverCtx
tmpltGetOrDeleteH tmpltName = do
tmpltArgs <- tmpltArgsFromQueryParams
mkSpockAction encodeQErr serverCtx $ mkQTemplateAction tmpltName tmpltArgs
Expand Down
Loading