Commit Graph

1163 Commits

Author SHA1 Message Date
Robert
b73ce89205 server: remove cabal flag "developer"
The only purpose was enabling the developer API by default. I don't
think that justifies a flag and CPP usage.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3820
GitOrigin-RevId: 058c9a7b03e5e164ef88e35c42f50bae3c42b5b6
2022-03-01 11:41:45 +00:00
Daniel Chambers
0f9f2192a0 server: Customize root field GraphQL schema descriptions
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3719
GitOrigin-RevId: b0a9bb6a0f65aac72ca95b66219eec16b2f5a0dd
2022-02-28 07:50:12 +00:00
Antoine Leblanc
a1886b3729 Generalize remote schemas IR
### Description

This PR is one further step towards remote joins from remote schemas. It introduces a custom partial AST to represent queries to remote schemas in the IR: we now need to augment what used to be a straightforward GraphQL AST with additional information for remote join fields.

This PR does the minimal amount of work to adjust the rest of the code accordingly, using `Void` in all places that expect a type representing remote relationships.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3794
GitOrigin-RevId: 33fc317731aace71f82ad158a1951ea93350d6cc
2022-02-25 20:38:46 +00:00
Brandon Martin
ecc9ffd070 server: Fix experimental sql optimization read
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3809
GitOrigin-RevId: 66f22ff705d22d0d9ecc7da20aac649734b41398
2022-02-25 18:43:12 +00:00
jkachmar
dc73b7b7d5 server: Renames the experimental backend modules
No logic in this PR, just tidying things up (renaming the backend from `Experimental` to `DataWrapper`).

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3779
GitOrigin-RevId: f11acf563ccd8b9f16bc23c5e92da392aa4cfb2c
2022-02-25 16:09:17 +00:00
Puru Gupta
fcef6e5cb2 server: http ip blocklist (closes #2449)
## Description

This PR is in reference to #2449 (support IP blacklisting for multitenant)

*RFC Update: Add support for IPv6 blocking*

### Solution and Design

Using [http-client-restricted](https://hackage.haskell.org/package/http-client-restricted) package, we're creating the HTTP manager with restricting capabilities. The IPs can be supplied from the CLI arguments as `--ipv4BlocklistCidrs cidr1, cidr2...` or `--disableDefaultIPv4Blocklist` for a default IP list. The new manager will block all requests to the provided CIDRs.

We are extracting the error message string to show the end-user that given IP is blocked from being set as a webhook. There are 2 ways to extract the error message "connection to IP address is blocked". Given below are the responses from event trigger to a blocked IP for these implementations:
- 6d74fde316f61e246c861befcca5059d33972fa7 - We return the error message string as a HTTPErr(HOther) from `Hasura/Eventing/HTTP.hs`.
```
{
    "data": {
        "message": "blocked connection to private IP address "
    },
    "version": "2",
    "type": "client_error"
}
```

- 88e17456345cbb449a5ecd4877c84c9f319dbc25 - We case match on HTTPExceptionContent for InternaException in `Hasura/HTTP.hs` and extract the error message string from it. (this is implemented as it handles all the cases where pro engine makes webhook requests)
```
{
  "data": {
    "message": {
      "type": "http_exception",
      "message": "blocked connection to private IP address ",
      "request": {
        "secure": false,
        "path": "/webhook",
        "responseTimeout": "ResponseTimeoutMicro 60000000",
        "queryString": "",
        "method": "POST",
        "requestHeaders": {
          "Content-Type": "application/json",
          "X-B3-ParentSpanId": "5ae6573edb2a6b36",
          "X-B3-TraceId": "29ea7bd6de6ebb8f",
          "X-B3-SpanId": "303137d9f1d4f341",
          "User-Agent": "hasura-graphql-engine/cerebushttp-ip-blacklist-a793a0e41-dirty"
        },
        "host": "139.59.90.109",
        "port": 8000
      }
    }
  },
  "version": "2",
  "type": "client_error"
}
```

### Steps to test and verify
The restricted IPs can be used as webhooks in event triggers, and hasura will return an error message in reponse.

### Limitations, known bugs & workarounds
- The `http-client-restricted` has a needlessly complex interface, and puts effort into implementing proxy support which we don't want, so we've inlined a stripped down version.
- Performance constraint: As the blocking is checked for each request, if a long list of blocked CIDRs is supplied, iterating through all of them is not what we would prefer. Using trie is suggested to overcome this. (Added to RFC)
- Calls to Lux endpoints are inconsistent: We use either the http manager from the ProServeCtx which is unrestricted, or the http manager from the ServeCtx which is restricted (the latter through the instances for MonadMetadataApiAuthorization and UserAuthentication). (The failure scenario here would be: cloud sets PRO_ENDPOINT to something that resolves to an internal address, and then restricted requests to those endpoints fail, causing auth to fail on user requests. This is about HTTP requests to lux auth endpoints.)

## Changelog

-  `CHANGELOG.md` is updated with user-facing content relevant to this PR.

## Affected components

-  Server
-  Tests

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3186
Co-authored-by: Robert <132113+robx@users.noreply.github.com>
GitOrigin-RevId: 5bd2de2d028bc416b02c99e996c7bebce56fb1e7
2022-02-25 13:30:57 +00:00
Robert
5e7018b424 server: remove redundant LANGUAGE pragmas
These are all enabled as default-extensions.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3800
GitOrigin-RevId: ab9f4b900df53d66221095c02d6b12a930ff5873
2022-02-25 12:40:00 +00:00
kodiakhq[bot]
1181625173 server: optimize collectTypeDefinitions and refactor
Numbers from CI for the new (currently noisy) `replace_metadata` adhoc benchmark:

    chinook:      0.19s  ->  0.16
    huge_schema: 36.98s  ->  29.89

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3685
GitOrigin-RevId: be79b666858b03e8407c0d89765e9aac0af8d40a
2022-02-24 18:56:22 +00:00
paritosh-08
bc74046ab2 server: case insensitive lookup in session variable
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3663
GitOrigin-RevId: b36666d8849a23dad209f9921f140390c2b57496
2022-02-24 13:08:35 +00:00
Karthikeyan Chinnakonda
bea650b3e0 server/mssql: source catalog initialization for event triggers (Incremental PR - I)
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2505
Co-authored-by: Naveen Naidu <30195193+Naveenaidu@users.noreply.github.com>
GitOrigin-RevId: 56681f90cfbfcf2f99c27f08c01d32790bd03c4d
2022-02-24 08:14:10 +00:00
Robert
91cc962e5d server: move http manager out of GlobalCtx
It was only used for one purpose. This makes the sketchy manager handling in schema cache init a bit more visible.

Should help make the change in #2449 more robust.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3677
GitOrigin-RevId: e34b990bafb4893663ae195d5bf329130056f1ff
2022-02-23 23:41:28 +00:00
Philip Lykke Carlsen
b9ad721ea6 Reduce boolean blindness by promoting data type StringifyNumbers
I discovered and removed instances of Boolean Blindness about whether json numbers should be stringified or not.

Although quite far-reaching, this is a completely mechanical change and should have no observable impact outside the server code.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3763
GitOrigin-RevId: c588891afd8a6923a135c736f6581a43a2eddbc7
2022-02-23 20:19:24 +00:00
Auke Booij
b535257251 Avoid Arrows by interpreting monads
TL;DR
---

We go from this:
```haskell
  (|
    withRecordInconsistency
      ( (|
          modifyErrA
            ( do
                (info, dependencies) <- liftEitherA -< buildRelInfo relDef
                recordDependencies -< (metadataObject, schemaObject, dependencies)
                returnA -< info
            )
        |) (addTableContext @b table . addRelationshipContext)
      )
    |) metadataObject
```
to this:
```haskell
  withRecordInconsistencyM metadataObject $ do
    modifyErr (addTableContext @b table . addRelationshipContext) $ do
      (info, dependencies) <- liftEither $ buildRelInfo relDef
      recordDependenciesM metadataObject schemaObject dependencies
      return info
```

Background
---
We use Haskell's `Arrows` language extension to gain some syntactic sugar when working with `Arrow`s. `Arrow`s are a programming abstraction comparable to `Monad`s.

Unfortunately the syntactic sugar provided by this language extension is not very sweet.

This PR shows how we can sometimes avoid using `Arrow`s altogether, without loss of functionality or correctness. It is a demo of a technique that can be used to cut down the amount of `Arrows`-based code in our codebase by about half.

Approach
---

Although _in general_ not every `Monad` is an `Arrow`, specific `Arrow` instantiations are exactly as powerful as their `Monad` equivalents. Otherwise they wouldn't be very equivalent, would they?

Just like `liftEither` interprets the `Either e` monad into an arbitrary monad implementing `MonadError e`, we add `interpA` which interprets certain concrete monads such as `Writer w` into specific arrows, e.g. ones satisfying `ArrowWriter w`. This means that the part of the code that only uses such interpretable effects can be written _monadically_, and then used in _arrow_ constructions down the line.

This approach cannot be used for arrow effects which do not have a monadic equivalent. In our codebase, the only instance of this is `ArrowCache m`, implemented by the `Rule m` arrow. So code written with `ArrowCache m` in the context cannot be rewritten monadically using this technique.

See also
---
- #1827
- #2210

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3543
Co-authored-by: jkachmar <8461423+jkachmar@users.noreply.github.com>
GitOrigin-RevId: eb79619c95f7a571bce99bc144ce42ee65d08505
2022-02-22 18:09:50 +00:00
Auke Booij
7547786b2b Build introspection Schema ad-hoc at parsing time
In order to respond to GraphQL queries that make use of the introspection fields `__type` or `__schema`, we need two things:
- an overview of the relevant GraphQL type information, stored in a `Schema` object, and
- to have included the `__type` and `__schema` fields in the `query_root` that we generate.

It used to be necessary to do the above items in that order, since the `__type` and `__schema` fields (i.e. the respective `FieldParser`s) were generated _from_ a `Schema` object.

Thanks to recent refactorings in `Hasura.GraphQL.Schema.Introspect` (see hasura/graphql-engine-mono#2835 or hasura/graphql-engine@5760d9289c), the introspection fields _themselves_ are now `Schema`-agnostic, and simply return a function that takes a `Schema` object after parsing. For instance, the type of `schema`, corresponding to the `__schema` field, has literally changed as follows:
```diff
-schema :: MonadParse n => Schema -> FieldParser n (          J.Value)
+schema :: MonadParse n =>           FieldParser n (Schema -> J.Value)
 ```

This means that the introspection fields can be included in the GraphQL schema *before* we have generated a `Schema` object. In particular, rather than the current architecture of generating `Schema` at startup time for every role, we can instead generate `Schema` ad-hoc at query parsing time, only for those queries that make use of the introspection fields. This avoids us storing a `Schema` for every role for the lifetime of the server.

However: this introduces a functional change, as the code that generates the `Schema` object, and in particular the `accumulateTypeDefinitions` method, also does certain correctness checks, to prevent exposing a spec-incompliant GraphQL schema. If these correctness checks are being done at parsing time rather than startup time, then we catch certain errors only later on. For this reason, this PR adds an explicit run of this type accumulation at startup time. For efficiency reasons, and since this correctness check is not essential for correct operation of HGE, this is done for the admin role only.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3231
GitOrigin-RevId: 23701c548b785929b28667025436b6ce60bfe1cd
2022-02-21 20:23:55 +00:00
Evie Ciobanu
b74ed10cb5 server: trivial refactor in postgres insert
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3746
GitOrigin-RevId: 3d3004862bb64bef55d2716f4c2a86f95343cab5
2022-02-21 18:22:56 +00:00
Rakesh Emmadi
e77c110927 server/bigquery: fix parsing timestamp input values
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3667
GitOrigin-RevId: b696c219f96929fa8321c1a6d04589ee8d5b0827
2022-02-21 14:48:00 +00:00
Anon Ray
e87433c2bb server: remove hdb_lib and add tests for read-only source
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3634
Co-authored-by: Philip Lykke Carlsen <358550+plcplc@users.noreply.github.com>
GitOrigin-RevId: 2db62a279496cd7e5dd57bdf02c3efa7b70042c8
2022-02-21 10:00:00 +00:00
Philip Lykke Carlsen
109a0beca8 (Fix #3456) Guard calls to JSON_QUERY on null arguments
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3655
GitOrigin-RevId: 6e0aed6e96b2995af11366676fa9c453bb44a7aa
2022-02-21 08:53:06 +00:00
Auke Booij
557a3d4b6e Derive a few Semigroup+Monoid instances
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3717
GitOrigin-RevId: 9bc7f64754a8461a006d9b633a712124f828166e
2022-02-18 14:58:04 +00:00
Auke Booij
9bb6575d60 Metadata code cleanups
There are three minor cleanups here:

- The first argument to the `setMetadataInCatalog` method is always `Just`. It is thus important to avoid `Maybe`, because this means that a crucial piece of code (saving metadata) is completely untested.
- Rather than spelling them out, we can derive the `Semigroup`/`Monoid` instances for `MetadataModifier` through the `Endo` type.
- I've renamed the name of the getter of the `MetadataModifier` newtype to **r**unMetadataModifier. Using record puns, this allows us to write:

```diff
-  putMetadata $ unMetadataModifier metadataModifier metadata
+  putMetadata $ runMetadataModifier metadata
```
which is nicer to read.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3703
GitOrigin-RevId: fd36b3c5202017f5afc943c01dfdd7c82c099bdd
2022-02-18 12:47:56 +00:00
jkachmar
d50aae87a5 Updates cabal freeze file
#### TODO

- [x] fix `hashable >= 1.3.1` serialization ordering issue [^1]
  - `test_graphql_mutations.py::TestGraphQLMutateEnums` was failing
- [x] fix `unordered-containers` serialization ordering issue [^2]
  - `test_graphql_queries.py` was failing on Citus
- [ ] verify that no new failures have been introduced
- [ ] open issues to fix the above
  - identify test cases that "leak" implementation details by depending on `hashable` instance ordering
  - bump `hashable >= 1.3.1` and update test cases with new ordering OR modify them so that ordering is stable
  - bump `unordered-containers >= 0.2.15.0` and update test cases with new ordering OR modify them so that ordering is stable
    - one of the test cases was failing on string equality comparison for a generated Citus query
    - we probably don't want to _actually_ do this unless there are _very specific_ guarantees we want to make about generated query structure
---

Just what it says on the tin.

https://github.com/hasura/graphql-engine-mono/pull/3538 updated the freeze file a few weeks ago, but it looks like the index state hadn't been updated since December so a lot of stuff that had newer versions didn't get updated.

---

EDIT: I should add, the motivation for doing this in the first place is that `hspec > 2.8.4` now supports specifying filtering spec trees based on patterns provided by the `HSPEC_MATCH` environment variable.

For example, one could have a script that executes the following:
```
HSPEC_MATCH="PostgreSQL" \
  ghcid \
    --command \
      'cabal repl graphql-engine:test:tests-hspec \
         --repl-option -O0 \
         --repl-option -fobject-code' \
    --test "main"
```
...which will loop on typechecking the `tests-hspec` component, and then as soon as it passes (i.e. no warnings or errors) will run _only_ the `PostgreSQL` sub-components.

[^1]: `hashable >= 1.3.1.0` [updated its default salts](https://github.com/haskell-unordered-containers/hashable/pull/196), which [broke serialization ordering](https://github.com/haskell/aeson/issues/837)
[^2]: `unordered-containers >= 0.2.16.0` [introduced changes to some of its internal functions](https://hackage.haskell.org/package/unordered-containers-0.2.16.0/changelog) which seem like they could have affected serialization stability

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3672
GitOrigin-RevId: bbd1d48c73db4021913f0b5345b7315a8d6525d3
2022-02-18 05:32:08 +00:00
Gil Mizrahi
69fd7449be server/mssql: Add max precision to nvarchar and varchar session variables
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3668
GitOrigin-RevId: 04de036eec00297e79d15d0b0429f9994378735a
2022-02-17 14:12:45 +00:00
Auke Booij
f026d44438 Role-invariant schema constructors
We build the GraphQL schema by combining building blocks such as `tableSelectionSet` and `columnParser`. These building blocks individually build `{InputFields,Field,}Parser` objects. Those object specify the valid GraphQL schema.

Since the GraphQL schema is role-dependent, at some point we need to know what fragment of the GraphQL schema a specific role is allowed to access, and this is stored in `{Sel,Upd,Ins,Del}PermInfo` objects.

We have passed around these permission objects as function arguments to the schema building blocks since we first started dealing with permissions during the PDV refactor - see hasura/graphql-engine@5168b99e46 in hasura/graphql-engine#4111. This means that, for instance, `tableSelectionSet` has as its type:
```haskell
tableSelectionSet ::
  forall b r m n.
  MonadBuildSchema b r m n =>
  SourceName ->
  TableInfo b ->
  SelPermInfo b ->
  m (Parser 'Output n (AnnotatedFields b))
```

There are three reasons to change this.

1. We often pass a `Maybe (xPermInfo b)` instead of a proper `xPermInfo b`, and it's not clear what the intended semantics of this is. Some potential improvements on the data types involved are discussed in issue hasura/graphql-engine-mono#3125.
2. In most cases we also already pass a `TableInfo b`, and together with the `MonadRole` that is usually also in scope, this means that we could look up the required permissions regardless: so passing the permissions explicitly undermines the "single source of truth" principle. Breaking this principle also makes the code more difficult to read.
3. We are working towards role-based parsers (see hasura/graphql-engine-mono#2711), where the `{InputFields,Field,}Parser` objects are constructed in a role-invariant way, so that we have a single object that can be used for all roles. In particular, this means that the schema building blocks _need_ to be constructed in a role-invariant way. While this PR doesn't accomplish that, it does reduce the amount of role-specific arguments being passed, thus fixing hasura/graphql-engine-mono#3068.

Concretely, this PR simply drops the `xPermInfo b` argument from almost all schema building blocks. Instead these objects are looked up from the `TableInfo b` as-needed. The resulting code is considerably simpler and shorter.

One way to interpret this change is as follows. Before this PR, we figured out permissions at the top-level in `Hasura.GraphQL.Schema`, passing down the obtained `xPermInfo` objects as required. After this PR, we have a bottom-up approach where the schema building blocks themselves decide whether they want to be included for a particular role.

So this moves some permission logic out of `Hasura.GraphQL.Schema`, which is very complex.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3608
GitOrigin-RevId: 51a744f34ec7d57bc8077667ae7f9cb9c4f6c962
2022-02-17 08:17:17 +00:00
Solomon
d1ba271c3d Feature/removable request transform body and modified request transform API
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3475
GitOrigin-RevId: bc847b18d491fe4957a190f5d0fe2ae6e6719791
2022-02-17 04:37:18 +00:00
Naveen Naidu
2e823234f9 server/remote-schema: Include OperationName in the request sent to remote schemas
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3581
Co-authored-by: Puru Gupta <32328846+purugupta99@users.noreply.github.com>
GitOrigin-RevId: 2db21d0df158a5a3229b883ee426b2f38f864f80
2022-02-16 07:55:19 +00:00
Robert
1ff3723ed8 server: assorted minor clean-up around HTTP managers
- consistent qualified imports
- less convoluted initialization of pro logging HTTP manager
- pass pro HTTP manager directly instead of via Has
- remove some dead healthcheck code

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3639
GitOrigin-RevId: dfa7b9c62d1842a07a8514cdb77f1ed86064fb06
2022-02-16 07:09:47 +00:00
Daniel Chambers
2c7a4e3a16 Customization of computed field GraphQL schema descriptions
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3615
GitOrigin-RevId: f51590d4cfc0412be9baa371353f9b9f3b908f84
2022-02-15 23:17:27 +00:00
Solomon
6c7820caa0 Bumps Kriti Version
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3625
GitOrigin-RevId: a453254ac89b470a56189e6178b2a00cf628fe63
2022-02-15 22:32:38 +00:00
Robert
ef64590985 server: remove an unused type and export
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3671
GitOrigin-RevId: 2d31c0131519be77366a7f1b761b8a07cfd36003
2022-02-15 19:56:13 +00:00
pranshi06
582d78110f server: Support returning scalar types in actions
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3453
GitOrigin-RevId: 59fee1460c5571322988b1f558a91ebeb2d55d22
2022-02-15 14:40:34 +00:00
Kirill Zaborsky
2d9387e791 Add backoff for BigQuery calls
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3344
GitOrigin-RevId: ea5bdd02522e9a89c70501d4680e8741c3c6b6fc
2022-02-14 09:46:38 +00:00
David Overton
8d0eb6b812 Use 429 error code when rate limit exceeded
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3628
GitOrigin-RevId: f5ae470b4036961e906125ef1a8446f0d48b39b1
2022-02-14 05:13:46 +00:00
Lyndon Maydwell
ff6aac31b8 Adding multiple jwt secrets (incorporating provenance requirements)
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3173
Co-authored-by: Solomon <24038+solomon-b@users.noreply.github.com>
Co-authored-by: Daniel Chambers <1214352+daniel-chambers@users.noreply.github.com>
GitOrigin-RevId: 395a5d5854896f866b612895d6f41e29376c2caa
2022-02-13 23:34:39 +00:00
Auke Booij
47315b78d6 Add Note explaining type collection
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3588
GitOrigin-RevId: f46d06e9476b22fe7abc699a5236ffefd23c1935
2022-02-10 18:14:01 +00:00
Daniel Chambers
dd403f92e2 Customization of table GraphQL schema descriptions
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3570
GitOrigin-RevId: f642a4d9efdd26a344951fcab6c1bbbc1253dfa3
2022-02-10 06:32:44 +00:00
Kirill Zaborsky
773870f443 BigQuery hspec tests
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3435
Co-authored-by: Vishnu Bharathi <4211715+scriptnull@users.noreply.github.com>
GitOrigin-RevId: 78f698becb83bd9732eddbe419361aff2799dd2c
2022-02-09 15:30:13 +00:00
paritosh-08
4d2a5dba51 server: fix multiple calls to database on startup
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3569
GitOrigin-RevId: 820d56a7af7faa05292ef65734d5d40fe3dd4641
2022-02-09 05:14:29 +00:00
Gil Mizrahi
efec0bf9ca server/postgres: LIMIT 1 on object relationships
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3489
Co-authored-by: Abby Sassel <3883855+sassela@users.noreply.github.com>
GitOrigin-RevId: f09a75508545cdbc34cf8728fad95bbb00bde018
2022-02-08 17:40:24 +00:00
Swann Moreau
8bd34b4a51 server, pro: add support for per-role allowlists
spec: https://github.com/hasura/graphql-engine-mono/pull/2278

Briefly:
- extend metadata so that allowlist entries get a new scope field
- update `add_collection_to_allowlist` to accept this new scope field,
  and adds `update_scope_of_collection_in_allowlist` to change the scope
- scope can be global or role-based; a collection is available for every
  role if it is global, and available to every listed role if it is role-based
- graphql-engine-oss is aware of role-based allowlist metadata; collections
  with non-global scope are treated as if they weren't in the allowlist

To run the tests:
- `cabal run graphql-engine-tests -- unit --match Allowlist`
- py-tests against pro:
  - launch `graphql-engine-pro` with `HASURA_GRAPHQL_ADMIN_SECRET` and `HASURA_GRAPHQL_ENABLE_ALLOWLIST`
  - `pytest test_allowlist_queries.py --hge-urls=... --pg-urls=... --hge-key=... --test-allowlist-queries --pro-tests`

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2477
Co-authored-by: Anon Ray <616387+ecthiender@users.noreply.github.com>
Co-authored-by: Robert <132113+robx@users.noreply.github.com>
GitOrigin-RevId: 01f8026fbe59d8701e2de30986511a452fce1a99
2022-02-08 16:54:49 +00:00
Evie Ciobanu
9337edf096 Evie/postgres/module docs
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3563
GitOrigin-RevId: e35aafbd210d526ed53db7088e1a47f89f0b9c44
2022-02-08 09:25:35 +00:00
Karthikeyan Chinnakonda
8d2acc833d server: add a note about experimental features
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3598
GitOrigin-RevId: e7f8d2f8d1b9490f0e28e59073f7b6a62447c04c
2022-02-08 07:52:24 +00:00
paritosh-08
b75706dd12 server: validate REST endpoint queries after metadata change
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2338
Co-authored-by: Sameer Kolhar <6604943+kolharsam@users.noreply.github.com>
GitOrigin-RevId: 9cd6bb940ba74fe41bdf2db3c4f35e89c4fb0577
2022-02-08 04:47:52 +00:00
Auke Booij
c4ef2d21f8 Make optimize_permission_filters an --experimental-features flag
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3589
GitOrigin-RevId: 5e102e5dd348e170ebe10f04ff9598fdc4167522
2022-02-07 18:05:39 +00:00
Rakesh Emmadi
793aede022 server/mssql: improve database exception handling and better API errors
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3487
GitOrigin-RevId: d3f696072e8290b45c2f81509ce31cb5c13a4aef
2022-02-07 14:12:55 +00:00
Antoine Leblanc
aaadd2c81f Build schema cache for relationships from remote schemas
## Description

This PR is a subset of #3069, that does roughly that #3031 was aiming to do: add the schema cache building phase for relationships from remote servers. This PR does not change any of the code that *uses* remote relationships, meaning we ignore the added schema cache information. It also contains dependency-tracking code, which was originally missing from #3031; in turn, this pulls some of the metadata API as well, since we identify remote relationships by how they were created.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3540
GitOrigin-RevId: ed962b6d07fd4adbf0a71e0d79736a4e8b422fea
2022-02-03 18:59:32 +00:00
Auke Booij
c4cdacf989 First attempt at deduplicating permission filters
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3362
Co-authored-by: Chris Parks <592078+cdparks@users.noreply.github.com>
GitOrigin-RevId: 802c099c26ff024e6cf594ea0317480e260486e9
2022-02-03 16:14:44 +00:00
Solomon
9d78ba5ddd Fixes env var error reporting in Webhook Debug Endpoint
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3549
GitOrigin-RevId: c0b48735ea50bf3782bfdcab2a1eeaa582f0c3b6
2022-02-03 14:57:30 +00:00
Philip Lykke Carlsen
e1918adb52 Replace "identity column" with "column mutability" data for all backends
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3373
GitOrigin-RevId: bf08cc9008a4b0b3ece4952528c15c45e57fc74c
2022-02-03 14:15:35 +00:00
Antoine Leblanc
bd2fce3691 Stable sort of extracted notes
## Description

This PR updates the notes-extracting script, to allow for a stable sort across runs:
- files are now treated in alphabetical order of the full file name:
  - within a file, notes are treated in order
  - that order is reflected in the generated index file
- within a note, references are sorted by file, then by line number

Additionally it fixes(?) a note whose format was unexpected.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3352
GitOrigin-RevId: 2b2b57ec0aa2657d75a88e4951e6b19bb2d665e3
2022-02-03 13:33:09 +00:00
Auke Booij
b4c56f26e1 Derive a few instances for PGMetadataStorageAppT
Use GHC's "deriving via" mechanism to obtain a few type class instances for free.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3382
GitOrigin-RevId: 43df1e2e3f770d07f8bc7101cc47b80fc7a34915
2022-02-02 17:26:27 +00:00