graphql-engine/server/src-lib/Hasura/RemoteSchema/Metadata/Core.hs
Vamshi Surabhi a01d1188f2 scaffolding for remote-schemas module
The main aim of the PR is:

1. To set up a module structure for 'remote-schemas' package.
2. Move parts by the remote schema codebase into the new module structure to validate it.

## Notes to the reviewer

Why a PR with large-ish diff?

1. We've been making progress on the MM project but we don't yet know long it is going to take us to get to the first milestone. To understand this better, we need to figure out the unknowns as soon as possible. Hence I've taken a stab at the first two items in the [end-state](https://gist.github.com/0x777/ca2bdc4284d21c3eec153b51dea255c9) document to figure out the unknowns. Unsurprisingly, there are a bunch of issues that we haven't discussed earlier. These are documented in the 'open questions' section.

1. The diff is large but that is only code moved around and I've added a section that documents how things are moved. In addition, there are fair number of PR comments to help with the review process.

## Changes in the PR

### Module structure

Sets up the module structure as follows:

```
Hasura/
  RemoteSchema/
    Metadata/
      Types.hs
    SchemaCache/
      Types.hs
      Permission.hs
      RemoteRelationship.hs
      Build.hs
    MetadataAPI/
      Types.hs
      Execute.hs
```

### 1. Types representing metadata are moved

Types that capture metadata information (currently scattered across several RQL modules) are moved into `Hasura.RemoteSchema.Metadata.Types`.

- This new module only depends on very 'core' modules such as
  `Hasura.Session` for the notion of roles and `Hasura.Incremental` for `Cacheable` typeclass.

- The requirement on database modules is avoided by generalizing the remote schemas metadata to accept an arbitrary 'r' for a remote relationship
  definition.

### 2. SchemaCache related types and build logic have been moved

Types that represent remote schemas information in SchemaCache are moved into `Hasura.RemoteSchema.SchemaCache.Types`.

Similar to `H.RS.Metadata.Types`, this module depends on 'core' modules except for `Hasura.GraphQL.Parser.Variable`. It has something to do with remote relationships but I haven't spent time looking into it. The validation of 'remote relationships to remote schema' is also something that needs to be looked at.

Rips out the logic that builds remote schema's SchemaCache information from the monolithic `buildSchemaCacheRule` and moves it into `Hasura.RemoteSchema.SchemaCache.Build`. Further, the `.SchemaCache.Permission` and `.SchemaCache.RemoteRelationship` have been created from existing modules that capture schema cache building logic for those two components.

This was a fair amount of work. On main, currently remote schema's SchemaCache information is built in two phases - in the first phase, 'permissions' and 'remote relationships' are ignored and in the second phase they are filled in.

While remote relationships can only be resolved after partially resolving sources and other remote schemas, the same isn't true for permissions. Further, most of the work that is done to resolve remote relationships can be moved to the first phase so that the second phase can be a very simple traversal.

This is the approach that was taken - resolve permissions and as much as remote relationships information in the first phase.

### 3. Metadata APIs related types and build logic have been moved

The types that represent remote schema related metadata APIs and the execution logic have been moved to `Hasura.RemoteSchema.MetadataAPI.Types` and `.Execute` modules respectively.

## Open questions:

1. `Hasura.RemoteSchema.Metadata.Types` is so called because I was hoping that all of the metadata related APIs of remote schema can be brought in at `Hasura.RemoteSchema.Metadata.API`. However, as metadata APIs depended on functions from `SchemaCache` module (see [1](ceba6d6226/server/src-lib/Hasura/RQL/DDL/RemoteSchema.hs (L55)) and [2](ceba6d6226/server/src-lib/Hasura/RQL/DDL/RemoteSchema.hs (L91)), it made more sense to create a separate top-level module for `MetadataAPI`s.

   Maybe we can just have `Hasura.RemoteSchema.Metadata` and get rid of the extra nesting or have `Hasura.RemoteSchema.Metadata.{Core,Permission,RemoteRelationship}` if we want to break them down further.

1. `buildRemoteSchemas` in `H.RS.SchemaCache.Build` has the following type:

   ```haskell
   buildRemoteSchemas ::
     ( ArrowChoice arr,
       Inc.ArrowDistribute arr,
       ArrowWriter (Seq CollectedInfo) arr,
       Inc.ArrowCache m arr,
       MonadIO m,
       HasHttpManagerM m,
       Inc.Cacheable remoteRelationshipDefinition,
       ToJSON remoteRelationshipDefinition,
       MonadError QErr m
     ) =>
     Env.Environment ->
     ( (Inc.Dependency (HashMap RemoteSchemaName Inc.InvalidationKey), OrderedRoles),
       [RemoteSchemaMetadataG remoteRelationshipDefinition]
     )
       `arr` HashMap RemoteSchemaName (PartiallyResolvedRemoteSchemaCtxG remoteRelationshipDefinition, MetadataObject)
   ```

   Note the dependence on `CollectedInfo` which is defined as

   ```haskell
   data CollectedInfo
     = CIInconsistency InconsistentMetadata
     | CIDependency
         MetadataObject
         -- ^ for error reporting on missing dependencies
         SchemaObjId
         SchemaDependency
     deriving (Eq)
   ```

   this pretty much means that remote schemas is dependent on types from databases, actions, ....

   How do we fix this? Maybe introduce a typeclass such as `ArrowCollectRemoteSchemaDependencies` which is defined in `Hasura.RemoteSchema` and then implemented in graphql-engine?

1. The dependency on `buildSchemaCacheFor` in `.MetadataAPI.Execute` which has the following signature:

   ```haskell
   buildSchemaCacheFor ::
     (QErrM m, CacheRWM m, MetadataM m) =>
     MetadataObjId ->
     MetadataModifier ->
   ```

   This can be easily resolved if we restrict what the metadata APIs are allowed to do. Currently, they operate in an unfettered access to modify SchemaCache (the `CacheRWM` constraint):

   ```haskell
   runAddRemoteSchema ::
     ( QErrM m,
       CacheRWM m,
       MonadIO m,
       HasHttpManagerM m,
       MetadataM m,
       Tracing.MonadTrace m
     ) =>
     Env.Environment ->
     AddRemoteSchemaQuery ->
     m EncJSON
   ```

   This should instead be changed to restrict remote schema APIs to only modify remote schema metadata (but has access to the remote schemas part of the schema cache), this dependency is completely removed.

   ```haskell
   runAddRemoteSchema ::
     ( QErrM m,
       MonadIO m,
       HasHttpManagerM m,
       MonadReader RemoteSchemasSchemaCache m,
       MonadState RemoteSchemaMetadata m,
       Tracing.MonadTrace m
     ) =>
     Env.Environment ->
     AddRemoteSchemaQuery ->
     m RemoteSchemeMetadataObjId
   ```

   The idea is that the core graphql-engine would call these functions and then call
   `buildSchemaCacheFor`.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/6291
GitOrigin-RevId: 51357148c6404afe70219afa71bd1d59bdf4ffc6
2022-10-21 03:15:04 +00:00

113 lines
3.8 KiB
Haskell

{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE UndecidableInstances #-}
{-# LANGUAGE ViewPatterns #-}
module Hasura.RemoteSchema.Metadata.Core
( RemoteSchemaDef (..),
RemoteSchemaName (..),
UrlFromEnv,
getUrlFromEnv,
RemoteSchemaMetadataG (..),
rsmComment,
rsmDefinition,
rsmName,
rsmPermissions,
rsmRemoteRelationships,
)
where
import Control.Lens (makeLenses)
import Data.Aeson qualified as J
import Data.Aeson.TH qualified as J
import Data.Environment qualified as Env
import Data.HashMap.Strict.InsOrd.Extended qualified as OM
import Data.Text qualified as T
import Hasura.Base.Error
import Hasura.Incremental (Cacheable)
import Hasura.Prelude
import Hasura.RQL.DDL.Headers (HeaderConf (..))
import Hasura.RQL.Types.Common
import Hasura.RemoteSchema.Metadata.Base
import Hasura.RemoteSchema.Metadata.Customization
import Hasura.RemoteSchema.Metadata.Permission
import Hasura.RemoteSchema.Metadata.RemoteRelationship
import Network.URI.Extended qualified as N
type UrlFromEnv = Text
-- | Unvalidated remote schema config, from the user's API request
data RemoteSchemaDef = RemoteSchemaDef
{ _rsdUrl :: Maybe InputWebhook,
_rsdUrlFromEnv :: Maybe UrlFromEnv,
_rsdHeaders :: Maybe [HeaderConf],
_rsdForwardClientHeaders :: Bool,
_rsdTimeoutSeconds :: Maybe Int,
_rsdCustomization :: Maybe RemoteSchemaCustomization
-- NOTE: In the future we might extend this API to support a small DSL of
-- name transformations; this might live at a different layer, and be part of
-- the schema customization story.
--
-- See: https://github.com/hasura/graphql-engine-mono/issues/144
-- TODO we probably want to move this into a sub-field "transformations"?
}
deriving (Show, Eq, Generic)
instance NFData RemoteSchemaDef
instance Cacheable RemoteSchemaDef
$(J.deriveToJSON hasuraJSON {J.omitNothingFields = True} ''RemoteSchemaDef)
instance J.FromJSON RemoteSchemaDef where
parseJSON = J.withObject "Object" $ \o ->
RemoteSchemaDef
<$> o J..:? "url"
<*> o J..:? "url_from_env"
<*> o J..:? "headers"
<*> o J..:? "forward_client_headers" J..!= False
<*> o J..:? "timeout_seconds"
<*> o J..:? "customization"
getUrlFromEnv :: (MonadIO m, MonadError QErr m) => Env.Environment -> Text -> m (EnvRecord N.URI)
getUrlFromEnv env urlFromEnv = do
let mEnv = Env.lookupEnv env $ T.unpack urlFromEnv
uri <- onNothing mEnv (throw400 InvalidParams $ envNotFoundMsg urlFromEnv)
case (N.parseURI uri) of
Just uri' -> pure $ EnvRecord urlFromEnv uri'
Nothing -> throw400 InvalidParams $ invalidUri urlFromEnv
where
invalidUri x = "not a valid URI in environment variable: " <> x
envNotFoundMsg e = "environment variable '" <> e <> "' not set"
data RemoteSchemaMetadataG r = RemoteSchemaMetadata
{ _rsmName :: RemoteSchemaName,
_rsmDefinition :: RemoteSchemaDef,
_rsmComment :: Maybe Text,
_rsmPermissions :: [RemoteSchemaPermissionMetadata],
_rsmRemoteRelationships :: (SchemaRemoteRelationships r)
}
deriving (Show, Eq, Generic)
instance Cacheable r => Cacheable (RemoteSchemaMetadataG r)
instance J.FromJSON (RemoteRelationshipG r) => J.FromJSON (RemoteSchemaMetadataG r) where
parseJSON = J.withObject "RemoteSchemaMetadata" \obj ->
RemoteSchemaMetadata
<$> obj J..: "name"
<*> obj J..: "definition"
<*> obj J..:? "comment"
<*> obj J..:? "permissions" J..!= mempty
<*> (oMapFromL _rstrsName <$> obj J..:? "remote_relationships" J..!= [])
instance J.ToJSON (RemoteRelationshipG r) => J.ToJSON (RemoteSchemaMetadataG r) where
toJSON RemoteSchemaMetadata {..} =
J.object
[ "name" J..= _rsmName,
"definition" J..= _rsmDefinition,
"comment" J..= _rsmComment,
"permissions" J..= _rsmPermissions,
"remote_relationships" J..= OM.elems _rsmRemoteRelationships
]
$(makeLenses ''RemoteSchemaMetadataG)