hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-17 20:41:49 +03:00
Code Issues Projects Releases Wiki Activity
a01d1188f2
graphql-engine/server/src-lib/Hasura/GraphQL/Execute/RemoteJoin/Join.hs
Vamshi Surabhi a01d1188f2 scaffolding for remote-schemas module 
The main aim of the PR is:

1. To set up a module structure for 'remote-schemas' package.
2. Move parts by the remote schema codebase into the new module structure to validate it.

## Notes to the reviewer

Why a PR with large-ish diff?

1. We've been making progress on the MM project but we don't yet know long it is going to take us to get to the first milestone. To understand this better, we need to figure out the unknowns as soon as possible. Hence I've taken a stab at the first two items in the [end-state](https://gist.github.com/0x777/ca2bdc4284d21c3eec153b51dea255c9) document to figure out the unknowns. Unsurprisingly, there are a bunch of issues that we haven't discussed earlier. These are documented in the 'open questions' section.

1. The diff is large but that is only code moved around and I've added a section that documents how things are moved. In addition, there are fair number of PR comments to help with the review process.

## Changes in the PR

### Module structure

Sets up the module structure as follows:

```
Hasura/
  RemoteSchema/
    Metadata/
      Types.hs
    SchemaCache/
      Types.hs
      Permission.hs
      RemoteRelationship.hs
      Build.hs
    MetadataAPI/
      Types.hs
      Execute.hs
```

### 1. Types representing metadata are moved

Types that capture metadata information (currently scattered across several RQL modules) are moved into `Hasura.RemoteSchema.Metadata.Types`.

- This new module only depends on very 'core' modules such as
  `Hasura.Session` for the notion of roles and `Hasura.Incremental` for `Cacheable` typeclass.

- The requirement on database modules is avoided by generalizing the remote schemas metadata to accept an arbitrary 'r' for a remote relationship
  definition.

### 2. SchemaCache related types and build logic have been moved

Types that represent remote schemas information in SchemaCache are moved into `Hasura.RemoteSchema.SchemaCache.Types`.

Similar to `H.RS.Metadata.Types`, this module depends on 'core' modules except for `Hasura.GraphQL.Parser.Variable`. It has something to do with remote relationships but I haven't spent time looking into it. The validation of 'remote relationships to remote schema' is also something that needs to be looked at.

Rips out the logic that builds remote schema's SchemaCache information from the monolithic `buildSchemaCacheRule` and moves it into `Hasura.RemoteSchema.SchemaCache.Build`. Further, the `.SchemaCache.Permission` and `.SchemaCache.RemoteRelationship` have been created from existing modules that capture schema cache building logic for those two components.

This was a fair amount of work. On main, currently remote schema's SchemaCache information is built in two phases - in the first phase, 'permissions' and 'remote relationships' are ignored and in the second phase they are filled in.

While remote relationships can only be resolved after partially resolving sources and other remote schemas, the same isn't true for permissions. Further, most of the work that is done to resolve remote relationships can be moved to the first phase so that the second phase can be a very simple traversal.

This is the approach that was taken - resolve permissions and as much as remote relationships information in the first phase.

### 3. Metadata APIs related types and build logic have been moved

The types that represent remote schema related metadata APIs and the execution logic have been moved to `Hasura.RemoteSchema.MetadataAPI.Types` and `.Execute` modules respectively.

## Open questions:

1. `Hasura.RemoteSchema.Metadata.Types` is so called because I was hoping that all of the metadata related APIs of remote schema can be brought in at `Hasura.RemoteSchema.Metadata.API`. However, as metadata APIs depended on functions from `SchemaCache` module (see [1](ceba6d6226/server/src-lib/Hasura/RQL/DDL/RemoteSchema.hs (L55)) and [2](ceba6d6226/server/src-lib/Hasura/RQL/DDL/RemoteSchema.hs (L91)), it made more sense to create a separate top-level module for `MetadataAPI`s.

   Maybe we can just have `Hasura.RemoteSchema.Metadata` and get rid of the extra nesting or have `Hasura.RemoteSchema.Metadata.{Core,Permission,RemoteRelationship}` if we want to break them down further.

1. `buildRemoteSchemas` in `H.RS.SchemaCache.Build` has the following type:

   ```haskell
   buildRemoteSchemas ::
     ( ArrowChoice arr,
       Inc.ArrowDistribute arr,
       ArrowWriter (Seq CollectedInfo) arr,
       Inc.ArrowCache m arr,
       MonadIO m,
       HasHttpManagerM m,
       Inc.Cacheable remoteRelationshipDefinition,
       ToJSON remoteRelationshipDefinition,
       MonadError QErr m
     ) =>
     Env.Environment ->
     ( (Inc.Dependency (HashMap RemoteSchemaName Inc.InvalidationKey), OrderedRoles),
       [RemoteSchemaMetadataG remoteRelationshipDefinition]
     )
       `arr` HashMap RemoteSchemaName (PartiallyResolvedRemoteSchemaCtxG remoteRelationshipDefinition, MetadataObject)
   ```

   Note the dependence on `CollectedInfo` which is defined as

   ```haskell
   data CollectedInfo
     = CIInconsistency InconsistentMetadata
     | CIDependency
         MetadataObject
         -- ^ for error reporting on missing dependencies
         SchemaObjId
         SchemaDependency
     deriving (Eq)
   ```

   this pretty much means that remote schemas is dependent on types from databases, actions, ....

   How do we fix this? Maybe introduce a typeclass such as `ArrowCollectRemoteSchemaDependencies` which is defined in `Hasura.RemoteSchema` and then implemented in graphql-engine?

1. The dependency on `buildSchemaCacheFor` in `.MetadataAPI.Execute` which has the following signature:

   ```haskell
   buildSchemaCacheFor ::
     (QErrM m, CacheRWM m, MetadataM m) =>
     MetadataObjId ->
     MetadataModifier ->
   ```

   This can be easily resolved if we restrict what the metadata APIs are allowed to do. Currently, they operate in an unfettered access to modify SchemaCache (the `CacheRWM` constraint):

   ```haskell
   runAddRemoteSchema ::
     ( QErrM m,
       CacheRWM m,
       MonadIO m,
       HasHttpManagerM m,
       MetadataM m,
       Tracing.MonadTrace m
     ) =>
     Env.Environment ->
     AddRemoteSchemaQuery ->
     m EncJSON
   ```

   This should instead be changed to restrict remote schema APIs to only modify remote schema metadata (but has access to the remote schemas part of the schema cache), this dependency is completely removed.

   ```haskell
   runAddRemoteSchema ::
     ( QErrM m,
       MonadIO m,
       HasHttpManagerM m,
       MonadReader RemoteSchemasSchemaCache m,
       MonadState RemoteSchemaMetadata m,
       Tracing.MonadTrace m
     ) =>
     Env.Environment ->
     AddRemoteSchemaQuery ->
     m RemoteSchemeMetadataObjId
   ```

   The idea is that the core graphql-engine would call these functions and then call
   `buildSchemaCacheFor`.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/6291
GitOrigin-RevId: 51357148c6404afe70219afa71bd1d59bdf4ffc6
2022-10-21 03:15:04 +00:00

388 lines
15 KiB
Haskell
Raw Blame History

module Hasura.GraphQL.Execute.RemoteJoin.Join
( processRemoteJoins,
foldJoinTreeWith,
)
where
import Control.Lens (view, _3)
import Data.Aeson.Ordered qualified as JO
import Data.ByteString.Lazy qualified as BL
import Data.Environment qualified as Env
import Data.HashMap.Strict.Extended qualified as Map
import Data.HashMap.Strict.InsOrd qualified as OMap
import Data.HashMap.Strict.NonEmpty qualified as NEMap
import Data.HashSet qualified as HS
import Data.IntMap.Strict qualified as IntMap
import Data.Text qualified as T
import Data.Tuple (swap)
import Hasura.Base.Error
import Hasura.EncJSON
import Hasura.GraphQL.Execute.Backend qualified as EB
import Hasura.GraphQL.Execute.Instances ()
import Hasura.GraphQL.Execute.RemoteJoin.RemoteSchema qualified as RS
import Hasura.GraphQL.Execute.RemoteJoin.Source qualified as S
import Hasura.GraphQL.Execute.RemoteJoin.Types
import Hasura.GraphQL.Logging (MonadQueryLog)
import Hasura.GraphQL.RemoteServer (execRemoteGQ)
import Hasura.GraphQL.Transport.Backend qualified as TB
import Hasura.GraphQL.Transport.HTTP.Protocol (GQLReqOutgoing, GQLReqUnparsed)
import Hasura.GraphQL.Transport.Instances ()
import Hasura.Logging qualified as L
import Hasura.Prelude
import Hasura.RQL.Types.Common
import Hasura.RemoteSchema.SchemaCache
import Hasura.SQL.AnyBackend qualified as AB
import Hasura.Server.Types (RequestId)
import Hasura.Session
import Hasura.Tracing qualified as Tracing
import Network.HTTP.Client qualified as HTTP
import Network.HTTP.Types qualified as HTTP
-------------------------------------------------------------------------------
-- | Process all remote joins, recursively.
--
-- Given the result of the first step of an execution and its associated remote
-- joins, process all joins recursively to build the resulting JSON object.
--
-- This function is a thin wrapper around 'processRemoteJoinsWith', and starts
-- the join tree traversal process by re-parsing the 'EncJSON' value into an
-- introspectable JSON 'Value', and "injects" the required functions to process
-- each join over the network.
processRemoteJoins ::
forall m.
( MonadError QErr m,
MonadIO m,
EB.MonadQueryTags m,
MonadQueryLog m,
Tracing.MonadTrace m
) =>
RequestId ->
L.Logger L.Hasura ->
Env.Environment ->
HTTP.Manager ->
[HTTP.Header] ->
UserInfo ->
EncJSON ->
Maybe RemoteJoins ->
GQLReqUnparsed ->
m EncJSON
processRemoteJoins requestId logger env manager requestHeaders userInfo lhs maybeJoinTree gqlreq =
forRemoteJoins maybeJoinTree lhs \joinTree -> do
lhsParsed <-
JO.eitherDecode (encJToLBS lhs)
`onLeft` (throw500 . T.pack)
jsonResult <-
foldJoinTreeWith
callSource
callRemoteServer
userInfo
(Identity lhsParsed)
joinTree
pure $ encJFromOrderedValue $ runIdentity jsonResult
where
-- How to process a source join call over the network.
callSource ::
-- Generated information about the step
AB.AnyBackend S.SourceJoinCall ->
-- Resulting JSON object, as a 'ByteString'.
m BL.ByteString
callSource sourceJoinCall =
AB.dispatchAnyBackend @TB.BackendTransport sourceJoinCall \(S.SourceJoinCall {..} :: S.SourceJoinCall b) -> do
response <-
TB.runDBQuery @b
requestId
gqlreq
_sjcRootFieldAlias
userInfo
logger
_sjcSourceConfig
(EB.dbsiAction _sjcStepInfo)
(EB.dbsiPreparedQuery _sjcStepInfo)
pure $ encJToLBS $ snd response
-- How to process a remote schema join call over the network.
callRemoteServer ::
-- Information about the remote schema
ValidatedRemoteSchemaDef ->
-- Generated GraphQL request
GQLReqOutgoing ->
-- Resulting JSON object, as a 'ByteString'.
m BL.ByteString
callRemoteServer remoteSchemaInfo request =
fmap (view _3) $
execRemoteGQ env manager userInfo requestHeaders remoteSchemaInfo request
-- | Fold the join tree.
--
-- This function takes as an argument the functions that will be used to do the
-- actual network calls; this allows this function not to require 'MonadIO',
-- allowing it to be used in tests.
foldJoinTreeWith ::
( MonadError QErr m,
EB.MonadQueryTags m,
Traversable f
) =>
-- | How to process a call to a source.
(AB.AnyBackend S.SourceJoinCall -> m BL.ByteString) ->
-- | How to process a call to a remote schema.
(ValidatedRemoteSchemaDef -> GQLReqOutgoing -> m BL.ByteString) ->
-- | User information.
UserInfo ->
-- | Initial accumulator; the LHS of this join tree.
(f JO.Value) ->
RemoteJoins ->
m (f JO.Value)
foldJoinTreeWith callSource callRemoteSchema userInfo lhs joinTree = do
(compositeValue, joins) <- collectJoinArguments (assignJoinIds joinTree) lhs
joinIndices <- fmap catMaybes $
for joins $ \JoinArguments {..} -> do
let joinArguments = IntMap.fromList $ map swap $ Map.toList _jalArguments
previousStep <- case _jalJoin of
RemoteJoinRemoteSchema remoteSchemaJoin childJoinTree -> do
let remoteSchemaInfo = rsDef $ _rsjRemoteSchema remoteSchemaJoin
maybeJoinIndex <- RS.makeRemoteSchemaJoinCall (callRemoteSchema remoteSchemaInfo) userInfo remoteSchemaJoin joinArguments
pure $ fmap (childJoinTree,) maybeJoinIndex
RemoteJoinSource sourceJoin childJoinTree -> do
maybeJoinIndex <- S.makeSourceJoinCall callSource userInfo sourceJoin _jalFieldName joinArguments
pure $ fmap (childJoinTree,) maybeJoinIndex
for previousStep $ \(childJoinTree, joinIndex) -> do
forRemoteJoins childJoinTree joinIndex $ \childRemoteJoins -> do
results <-
foldJoinTreeWith
callSource
callRemoteSchema
userInfo
(IntMap.elems joinIndex)
childRemoteJoins
pure $ IntMap.fromAscList $ zip (IntMap.keys joinIndex) results
joinResults joinIndices compositeValue
-------------------------------------------------------------------------------
-- | Simple convenient wrapper around @Maybe RemoteJoins@.
forRemoteJoins ::
(Applicative f) =>
Maybe RemoteJoins ->
a ->
(RemoteJoins -> f a) ->
f a
forRemoteJoins remoteJoins onNoJoins f =
maybe (pure onNoJoins) f remoteJoins
-- | When traversing a responses's json, wherever the join columns of a remote
-- join are expected, we want to collect these arguments.
--
-- However looking up by a remote join's definition to collect these arguments
-- does not work because we don't have an 'Ord' or a 'Hashable' instance (it
-- would be a bit of work).
--
-- So this assigned each remote join a unique integer ID by using just the 'Eq'
-- instance. This ID then can be used for the collection of arguments (which
-- should also be faster).
--
-- TODO(nicuveo): https://github.com/hasura/graphql-engine-mono/issues/3891.
assignJoinIds :: JoinTree RemoteJoin -> JoinTree (JoinCallId, RemoteJoin)
assignJoinIds joinTree =
evalState (traverse assignId joinTree) (0, [])
where
assignId ::
RemoteJoin ->
State (JoinCallId, [(JoinCallId, RemoteJoin)]) (JoinCallId, RemoteJoin)
assignId remoteJoin = do
(joinCallId, joinIds) <- get
let mJoinId = joinIds & find \(_, j) -> j == remoteJoin
mJoinId `onNothing` do
put (joinCallId + 1, (joinCallId, remoteJoin) : joinIds)
pure (joinCallId, remoteJoin)
collectJoinArguments ::
forall f m.
(MonadError QErr m, Traversable f) =>
JoinTree (JoinCallId, RemoteJoin) ->
f JO.Value ->
m (f (CompositeValue ReplacementToken), IntMap.IntMap JoinArguments)
collectJoinArguments joinTree lhs = do
result <- flip runStateT (0, mempty) $ traverse (traverseValue joinTree) lhs
-- Discard the 'JoinArgumentId' from the intermediate state transformation.
pure $ second snd result
where
getReplacementToken ::
IntMap.Key ->
RemoteJoin ->
JoinArgument ->
FieldName ->
StateT
(JoinArgumentId, IntMap.IntMap JoinArguments)
m
ReplacementToken
getReplacementToken joinId remoteJoin argument fieldName = do
(counter, joins) <- get
case IntMap.lookup joinId joins of
-- XXX: We're making an explicit decision to ignore the existing
-- 'fieldName' and replace it with the argument provided to this
-- function.
--
-- This needs to be tested so we can verify that the result of this
-- function call is reasonable.
Just (JoinArguments _remoteJoin arguments _fieldName) ->
case Map.lookup argument arguments of
Just argumentId -> pure $ ReplacementToken joinId argumentId
Nothing -> addNewArgument counter joins arguments
Nothing -> addNewArgument counter joins mempty
where
addNewArgument counter joins arguments = do
let argumentId = counter
newArguments =
JoinArguments
remoteJoin
(Map.insert argument argumentId arguments)
fieldName
put (counter + 1, IntMap.insert joinId newArguments joins)
pure $ ReplacementToken joinId argumentId
traverseValue ::
JoinTree (IntMap.Key, RemoteJoin) ->
JO.Value ->
StateT
(JoinArgumentId, IntMap.IntMap JoinArguments)
m
(CompositeValue ReplacementToken)
traverseValue joinTree_ = \case
-- 'JO.Null' is a special case of scalar value here, which indicates that
-- the previous step did not return enough data for us to continue
-- traversing down this path.
--
-- This can occur in the following cases:
-- * Permission errors; when the user joins on a value they are not
-- allowed to access
-- * Queries with remote sources that resolve to null, for example:
-- {
-- q {
-- user_by_pk() {
-- id
-- name
-- r {
-- }
-- address {
-- r_geo {
-- }
-- }
-- }
-- }
-- }
JO.Null -> pure $ CVOrdValue JO.Null
JO.Object object -> CVObject <$> traverseObject joinTree_ object
JO.Array array -> CVObjectArray <$> mapM (traverseValue joinTree_) (toList array)
_ -> throw500 "found a scalar value when traversing with a non-empty join tree"
traverseObject ::
JoinTree (IntMap.Key, RemoteJoin) ->
JO.Object ->
StateT
(JoinArgumentId, IntMap.IntMap JoinArguments)
m
(InsOrdHashMap Text (CompositeValue ReplacementToken))
traverseObject joinTree_ object = do
let joinTreeNodes = unJoinTree joinTree_
phantomFields =
HS.fromList $
map getFieldNameTxt $
concatMap (getPhantomFields . snd) $ toList joinTree_
-- If we need the typename to disambiguate branches in the join tree, it
-- will be present in the answer as a placeholder internal field.
--
-- We currently have no way of checking whether we explicitly requested
-- that field, and it would be possible for a malicious user to attempt to
-- spoof that value by explicitly requesting a value they control.
-- However, there's no actual risk: we only use that value for lookups
-- inside the join tree, and if we didn't request this field, the keys in
-- the join tree map will explicitly require a typename NOT to be
-- provided. Meaning that any spoofing attempt will just, at worst, result
-- in remote joins not being performed.
--
-- We always remove that key from the resulting object.
joinTypeName <- case JO.lookup "__hasura_internal_typename" object of
Nothing -> pure Nothing
Just (JO.String typename) -> pure $ Just typename
Just value -> throw500 $ "The reserved __hasura_internal_typename field contains an unexpected value: " <> tshow value
-- during this traversal we assume that the remote join column has some
-- placeholder value in the response. If this weren't present it would
-- involve a lot more book-keeping to preserve the order of the original
-- selection set in the response
compositeObject <- for (JO.toList object) $ \(fieldName, value_) ->
(fieldName,) <$> case NEMap.lookup (QualifiedFieldName joinTypeName fieldName) joinTreeNodes of
Just (Leaf (joinId, remoteJoin)) -> do
joinArgument <- forM (getJoinColumnMapping remoteJoin) $ \alias -> do
let aliasTxt = getFieldNameTxt $ getAliasFieldName alias
onNothing (JO.lookup aliasTxt object) $
throw500 $ "a join column is missing from the response: " <> aliasTxt
if Map.null (Map.filter (== JO.Null) joinArgument)
then
Just . CVFromRemote
<$> getReplacementToken joinId remoteJoin (JoinArgument joinArgument) (FieldName fieldName)
else -- we do not join with the remote field if any of the leaves of
-- the join argument are null
pure $ Just $ CVOrdValue JO.Null
Just (Tree joinSubTree) ->
Just <$> traverseValue joinSubTree value_
Nothing ->
if HS.member fieldName phantomFields || fieldName == "__hasura_internal_typename"
then pure Nothing
else pure $ Just $ CVOrdValue value_
pure . OMap.fromList $
-- filter out the Nothings
mapMaybe sequenceA compositeObject
joinResults ::
forall f m.
(MonadError QErr m, Traversable f) =>
IntMap.IntMap (IntMap.IntMap JO.Value) ->
f (CompositeValue ReplacementToken) ->
m (f JO.Value)
joinResults remoteResults compositeValues = do
traverse (fmap compositeValueToJSON . traverse replaceToken) compositeValues
where
replaceToken :: ReplacementToken -> m JO.Value
replaceToken (ReplacementToken joinCallId argumentId) = do
joinCallResults <-
onNothing (IntMap.lookup joinCallId remoteResults) $
throw500 $
"couldn't find results for the join with id: "
<> tshow joinCallId
onNothing (IntMap.lookup argumentId joinCallResults) $
throw500 $
"couldn't find a value for argument id in the join results: "
<> tshow (argumentId, joinCallId)
-------------------------------------------------------------------------------
type CompositeObject a = OMap.InsOrdHashMap Text (CompositeValue a)
-- | A hybrid JSON value representation which captures the context of remote join field in type parameter.
data CompositeValue a
= CVOrdValue !JO.Value
| CVObject !(CompositeObject a)
| CVObjectArray ![CompositeValue a]
| CVFromRemote !a
deriving (Show, Eq, Functor, Foldable, Traversable)
compositeValueToJSON :: CompositeValue JO.Value -> JO.Value
compositeValueToJSON = \case
CVOrdValue v -> v
CVObject obj -> JO.object $ OMap.toList $ OMap.map compositeValueToJSON obj
CVObjectArray vals -> JO.array $ map compositeValueToJSON vals
CVFromRemote v -> v
-- | A token used to uniquely identify the results within a join call that are
-- associated with a particular argument.
data ReplacementToken = ReplacementToken
{ -- | Unique identifier for a remote join call.
_rtCallId :: !JoinCallId,
-- | Unique identifier for an argument to some remote join.
_rtArgumentId :: !JoinArgumentId
}
Reference in New Issue View Git Blame Copy Permalink