ElasticGraph::QueryRegistry
ElasticGraph::QueryRegistry
provides a simple source-controlled query
registry for ElasticGraph applications. This is designed for cases where
the clients of your application are other internal teams in your organization,
who are willing to register their queries before using them.
Query registration provides a few key benefits:
- It gives you as the application owner the chance to vet queries and
give feedback to your clients. Queries may not initially be written
in the most optimal way (e.g. leveraging your sharding strategy), so
the review process gives you a chance to provide feedback.
- It allows you to provide stronger guarantees around schema changes.
Tooling is included that will validate each and every registered query
against your schema as part of your CI build, allowing you to quickly
iterate on your schema without needing to check if you'll break clients.
- It allows you to control the data clients have access to. When
a client attempts to register a query accessing fields they aren't
allowed to, you can choose not to approve the query. Once setup and
configured, this library will block clients from submitting queries
that have not been registered.
- Your GraphQL endpoint will be a bit more efficient. Parsing large
GraphQL queries can be a bit slow (in our testing, a 10 KB query
string takes about ~10ms to parse), and the registry will cache and
reuse the parsed form of registered queries.
Importantly, once installed, registered clients who send unregistered
queries will get errors. Unregistered clients can similarly be blocked
if desired based on a configuration setting.
Query Verification Guarantees
The query verification provided by this library is limited in scope. It
only checks to see if the queries and schema are compatible (in the sense
that the ElasticGraph endpoint will be able to successfully respond to
the queries). It does not give any guarantee that a schema change is
100% safe for clients. For example, if you change a non-null field to be
nullable, it has no impact on ElasticGraph's ability to respond to a query
(and the verification performed by this library will allow it), but it may
break the client (e.g. if the client's usage of the response assumes
non-null field values).
When changing the GraphQL schema of an ElasticGraph application, you
will still need to consider how it may impact clients, but you won't
need to worry about ElasticGraph beginning to return errors to any
existing queries.
Directory Structure
This library uses a directory as the registry. Conventionally, this
would go in config/queries
but it can really go anywhere. The directory
structure will look like this:
config
└── queries
├── client1
│ ├── query1.graphql
│ └── query2.graphql
├── client2
└── client3
└── query1.graphql
Within the registry directory, there is a subdirectory for each
registered client. Each client directory contains that client's
registered queries as a set of *.graphql
files (the extension is
required). Note that a client can be registered with no
associated queries (such as client2
, above). This can be important
when you have configured allow_unregistered_clients: true
. With
this setup, client2
will not be able to submit any queries, but
a completely unregistered client (say, client4
) will be able to
execute any query.
Setup
First, add elasticgraph-query_registry
to your Gemfile
:
gem "elasticgraph-query_registry"
Next, configure this library in your ElasticGraph config YAML files:
graphql:
extension_modules:
- require_path: elastic_graph/query_registry/graphql_extension
extension_name: ElasticGraph::QueryRegistry::GraphQLExtension
query_registry:
allow_unregistered_clients: false
allow_any_query_for_clients:
- adhoc_client
path_to_registry: config/queries
Next, load the ElasticGraph::QueryRegistry
rake tasks in your Rakefile
:
require "elastic_graph/query_registry/rake_tasks"
ElasticGraph::QueryRegistry::RakeTasks.from_yaml_file(
"path/to/settings.yaml",
"config/queries",
require_eg_latency_slo_directive: true
)
You'll want to add rake query_registry:validate_queries
to your CI build so
that every registered query is validated as part of every build.
Finally, your application needs to include a client:
when submitting
each GraphQL query for execution. The client name
should match the
name of one of the registry client subdirectories. If you are using
elasticgraph-lambda
, note that it does this automatically, but you may
need to configure aws_arn_client_name_extraction_regex
so that it is
able to extract the client_name
from the IAM ARN correctly.
Important note: if your application fails to identify clients properly,
and allow_unregistered_clients
is set to true
, then all clients
will be allowed to execute all queries! We recommend you set
allow_unregistered_clients
to false
unless you specifically need
to allow unregistered clients. For specific clients that need to be
allowed to run any query, you can list them in allow_any_query_for_clients
.
Workflow
This library also uses some generated artifacts (*.variables.yaml
files)
so it can detect when a change to the structure or type of a variable is
backward-incompatible. For this to work, it requires that the generated
variables files are kept up-to-date. Any time a change impacts the structure
of any variables used by any queries, you'll need to run a task like
query_registry:dump_variables[client_name, query_name]
(or
query_registry:dump_variables:all
) to update the artifacts.
Don't worry about if you forget this, though--the
query_registry:validate_queries
task will also fail and give you
instructions anytime a variables file is not up-to-date.