Skip to content

Latest commit

 

History

History
139 lines (114 loc) · 5.78 KB

File metadata and controls

139 lines (114 loc) · 5.78 KB

ElasticGraph::QueryRegistry

ElasticGraph::QueryRegistry provides a simple source-controlled query registry for ElasticGraph applications. This is designed for cases where the clients of your application are other internal teams in your organization, who are willing to register their queries before using them.

Query registration provides a few key benefits:

  • It gives you as the application owner the chance to vet queries and give feedback to your clients. Queries may not initially be written in the most optimal way (e.g. leveraging your sharding strategy), so the review process gives you a chance to provide feedback.
  • It allows you to provide stronger guarantees around schema changes. Tooling is included that will validate each and every registered query against your schema as part of your CI build, allowing you to quickly iterate on your schema without needing to check if you'll break clients.
  • It allows you to control the data clients have access to. When a client attempts to register a query accessing fields they aren't allowed to, you can choose not to approve the query. Once setup and configured, this library will block clients from submitting queries that have not been registered.
  • Your GraphQL endpoint will be a bit more efficient. Parsing large GraphQL queries can be a bit slow (in our testing, a 10 KB query string takes about ~10ms to parse), and the registry will cache and reuse the parsed form of registered queries.

Importantly, once installed, registered clients who send unregistered queries will get errors. Unregistered clients can similarly be blocked if desired based on a configuration setting.

Query Verification Guarantees

The query verification provided by this library is limited in scope. It only checks to see if the queries and schema are compatible (in the sense that the ElasticGraph endpoint will be able to successfully respond to the queries). It does not give any guarantee that a schema change is 100% safe for clients. For example, if you change a non-null field to be nullable, it has no impact on ElasticGraph's ability to respond to a query (and the verification performed by this library will allow it), but it may break the client (e.g. if the client's usage of the response assumes non-null field values).

When changing the GraphQL schema of an ElasticGraph application, you will still need to consider how it may impact clients, but you won't need to worry about ElasticGraph beginning to return errors to any existing queries.

Directory Structure

This library uses a directory as the registry. Conventionally, this would go in config/queries but it can really go anywhere. The directory structure will look like this:

config
└── queries
    ├── client1
    │   ├── query1.graphql
    │   └── query2.graphql
    ├── client2
    └── client3
        └── query1.graphql

Within the registry directory, there is a subdirectory for each registered client. Each client directory contains that client's registered queries as a set of *.graphql files (the extension is required). Note that a client can be registered with no associated queries (such as client2, above). This can be important when you have configured allow_unregistered_clients: true. With this setup, client2 will not be able to submit any queries, but a completely unregistered client (say, client4) will be able to execute any query.

Setup

First, add elasticgraph-query_registry to your Gemfile:

gem "elasticgraph-query_registry"

Next, configure this library in your ElasticGraph config YAML files:

graphql:
  extension_modules:
  - require_path: elastic_graph/query_registry/graphql_extension
    extension_name: ElasticGraph::QueryRegistry::GraphQLExtension
query_registry:
  allow_unregistered_clients: false
  allow_any_query_for_clients:
  - adhoc_client
  path_to_registry: config/queries

Next, load the ElasticGraph::QueryRegistry rake tasks in your Rakefile:

require "elastic_graph/query_registry/rake_tasks"

ElasticGraph::QueryRegistry::RakeTasks.from_yaml_file(
  "path/to/settings.yaml",
  "config/queries",
  require_eg_latency_slo_directive: true
)

You'll want to add rake query_registry:validate_queries to your CI build so that every registered query is validated as part of every build.

Finally, your application needs to include a client: when submitting each GraphQL query for execution. The client name should match the name of one of the registry client subdirectories. If you are using elasticgraph-lambda, note that it does this automatically, but you may need to configure aws_arn_client_name_extraction_regex so that it is able to extract the client_name from the IAM ARN correctly.

Important note: if your application fails to identify clients properly, and allow_unregistered_clients is set to true, then all clients will be allowed to execute all queries! We recommend you set allow_unregistered_clients to false unless you specifically need to allow unregistered clients. For specific clients that need to be allowed to run any query, you can list them in allow_any_query_for_clients.

Workflow

This library also uses some generated artifacts (*.variables.yaml files) so it can detect when a change to the structure or type of a variable is backward-incompatible. For this to work, it requires that the generated variables files are kept up-to-date. Any time a change impacts the structure of any variables used by any queries, you'll need to run a task like query_registry:dump_variables[client_name, query_name] (or query_registry:dump_variables:all) to update the artifacts.

Don't worry about if you forget this, though--the query_registry:validate_queries task will also fail and give you instructions anytime a variables file is not up-to-date.