graphql-engine
graphql-engine copied to clipboard
Published
20 hours ago •
hasura
hasura
'_exists' permission does not work on remote database/schema
Version Information
Server Version:v2.40.2-ce.cli-migrations-v3 CLI Version (for CLI related issue):
Environment
OSS
What is the current behaviour?
I have a postgres database and a clickhouse database.
tables involved:
- postgres
- public.user (auth_id)
- public.device (belana_uid, serial_number)
- clickhouse
- device_performance -> serial_number relates to public.device.serial_number
In the clickhouse database I want to check if a user in the postgres db is a super user. I am able to select the public.user table but it does not show any fields
from the postgres database this work fine.
When I try to add a permission on a tables that has a relationship iI can set it up in the console, but saving failed with the message
"Error when parsing command create_select_permission. See our documentation at https://hasura.io/docs/latest/graphql/core/api-reference/metadata-api/index.html#metadata-apis. Internal error message: parsing TableName failed, expected String, but encountered Object"
I see the same behaviour if I try to add the filter/permission in the meta-data directly
According to the documentation this should work?
https://hasura.io/docs/latest/auth/authorization/permissions/row-level-permissions/#remote-relationships-in-permission
What is the expected behaviour?
being able to add permissions linking to other databases
How to reproduce the issue?
postgres:
CREATE TABLE IF NOT EXISTS public.device
(
id uuid NOT NULL DEFAULT gen_random_uuid(),
balena_uid text COLLATE pg_catalog."default",
serial_number text COLLATE pg_catalog."default"
)
CREATE TABLE IF NOT EXISTS public."user"
(
id uuid NOT NULL DEFAULT gen_random_uuid(),
auth_uid text COLLATE pg_catalog."default",
is_super_user boolean NOT NULL DEFAULT false
)
clickhouse create table
CREATE TABLE device_performance
(
`id` UUID,
`serial_number` String,
`start_at` DateTime,
`performance` Bool
)
ENGINE = ReplacingMergeTree
PRIMARY KEY (id)
PARTITION BY toYYYYMM(start_at);
setup relation between device_performanceand public device
Screenshots or Screencast
see above
Please provide any traces or logs that could help here.
output graphql server
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"get_source_kind_capabilities"},"query_execution_time":3.3907833e-2,"request_id":"9550b367-d35d-4fdd-aebe-f32d57604d0d","request_mode":"non-graphql","request_read_time":2.075e-5,"response_size":1536,"uncompressed_response_size":11464,"user_vars":{"x-hasura-role":"admin"}},"request_id":"9550b367-d35d-4fdd-aebe-f32d57604d0d"},"level":"info","span_id":"fb243242ccec9d59","timestamp":"2024-07-16T09:09:21.824+0000","trace_id":"88a73f4cfb708c82fe0ea88ca0260072","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":5.2649875e-2,"request_id":"40ac46fe-56d5-4cf2-8569-114c39dc61df","request_mode":"non-graphql","request_read_time":4.417e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"40ac46fe-56d5-4cf2-8569-114c39dc61df"},"level":"info","span_id":"731508b8d50591a0","timestamp":"2024-07-16T09:09:21.824+0000","trace_id":"65759d1f25c0a7d565421ba95512a7f0","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":5.356292e-3,"request_id":"dc64d359-3661-4549-85ac-f7fff4c6f1a6","request_mode":"non-graphql","request_read_time":4.042e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"dc64d359-3661-4549-85ac-f7fff4c6f1a6"},"level":"info","span_id":"d98b21f15930a269","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"af2c10013d6b87a38f54ccc3a8646811","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":6.496709e-3,"request_id":"6013af97-5ccb-4098-af5e-1f28f7e09f20","request_mode":"non-graphql","request_read_time":3.208e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"6013af97-5ccb-4098-af5e-1f28f7e09f20"},"level":"info","span_id":"3e3d0dcb6bd864a0","timestamp":"2024-07-16T09:09:21.824+0000","trace_id":"de1520f9d2cbdf616ddef40f6fe9e196","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":2.3851166e-2,"request_id":"ac512155-6c72-4d95-accf-9849abe2b4a8","request_mode":"non-graphql","request_read_time":1.375e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"ac512155-6c72-4d95-accf-9849abe2b4a8"},"level":"info","span_id":"fe67c274b9db4ab4","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"1e04c9a70ebe31aa582dedbd92bf2847","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":2.3432583e-2,"request_id":"4d6a6e3b-d690-4a48-a307-774b6c067b70","request_mode":"non-graphql","request_read_time":4.334e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"4d6a6e3b-d690-4a48-a307-774b6c067b70"},"level":"info","span_id":"844c0ab0df51c299","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"af773ac81df7befa5e066ec9c7d57825","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":1.1262917e-2,"request_id":"b118ceaf-c166-4b2c-9d59-111493e22d26","request_mode":"non-graphql","request_read_time":4.084e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"b118ceaf-c166-4b2c-9d59-111493e22d26"},"level":"info","span_id":"343f80ad43743fe1","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"56872814bb74d3ecf7d9d00951e2334d","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"generated_sql":null,"kind":"introspection","query":{"operationName":"IntrospectionQuery","query":"query IntrospectionQuery {\n __schema {\n queryType {\n name\n }\n mutationType {\n name\n }\n subscriptionType {\n name\n }\n types {\n ...FullType\n }\n directives {\n name\n description\n locations\n args {\n ...InputValue\n }\n }\n }\n }\n fragment FullType on __Type {\n kind\n name\n description\n fields(includeDeprecated: true) {\n name\n description\n args {\n ...InputValue\n }\n type {\n ...TypeRef\n }\n isDeprecated\n deprecationReason\n }\n inputFields {\n ...InputValue\n }\n interfaces {\n ...TypeRef\n }\n enumValues(includeDeprecated: true) {\n name\n description\n isDeprecated\n deprecationReason\n }\n possibleTypes {\n ...TypeRef\n }\n }\n fragment InputValue on __InputValue {\n name\n description\n type {\n ...TypeRef\n }\n defaultValue\n }\n fragment TypeRef on __Type {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n }\n }\n }\n }\n }\n }\n }\n }"},"request_id":"d17a0e47-f861-4bd1-926c-9bbf450ea798"},"level":"info","span_id":"9359e6e3c110ef36","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"cdb33de29324269fef6e3d176c16a64e","type":"query-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":1.1625333e-2,"request_id":"5d4e456f-b5d9-4dbc-ac3e-cf933b474bf9","request_mode":"non-graphql","request_read_time":3.041e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"5d4e456f-b5d9-4dbc-ac3e-cf933b474bf9"},"level":"info","span_id":"38fac8908f6fd8d5","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"38c5373811c57c731ed101fbd5dcfd5b","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":1.3877584e-2,"request_id":"43a9e978-cf39-4107-b7b6-358577bf9fdc","request_mode":"non-graphql","request_read_time":4.667e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"43a9e978-cf39-4107-b7b6-358577bf9fdc"},"level":"info","span_id":"0485ad190cade0ec","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"4cfb25de0ef1b036e473223d0ae36742","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":null,"http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":400,"url":"/v1/metadata"},"operation":{"error":{"code":"parse-failed","error":"Error when parsing command create_select_permission.\nSee our documentation at https://hasura.io/docs/latest/graphql/core/api-reference/metadata-api/index.html#metadata-apis.\nInternal error message: parsing TableName failed, expected String, but encountered Object","path":"$.args[1].args.permission.filter._exists._table"},"query":{"type":null},"request_id":"5ecd7e54-6bbe-4b75-b7b8-e7b2ceff2ebb","request_mode":"error","response_size":356,"uncompressed_response_size":356,"user_vars":{"x-hasura-role":"admin"}},"request_id":"5ecd7e54-6bbe-4b75-b7b8-e7b2ceff2ebb"},"level":"error","span_id":"db249df2e98819d0","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"bd90b26010b1c3c19872bbee905853f2","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":6.155791e-3,"request_id":"3b971cd5-bb5a-4545-8043-84c2be57b81c","request_mode":"non-graphql","request_read_time":1.5917e-5,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"3b971cd5-bb5a-4545-8043-84c2be57b81c"},"level":"info","span_id":"848cad1356a7e12f","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"6678913f0343d8009386f5ff251cb70b","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":4.2917791e-2,"request_id":"11bc9617-2dda-429c-8f3f-827e62597526","request_mode":"non-graphql","request_read_time":2.583e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"11bc9617-2dda-429c-8f3f-827e62597526"},"level":"info","span_id":"65bd367726a28234","timestamp":"2024-07-16T09:09:21.824+0000","trace_id":"d34af0903d4ae48b8cf7aa78804e0c81","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/graphql"},"operation":{"query":{"operationName":"IntrospectionQuery","query":"query IntrospectionQuery {\n __schema {\n queryType {\n name\n }\n mutationType {\n name\n }\n subscriptionType {\n name\n }\n types {\n ...FullType\n }\n directives {\n name\n description\n locations\n args {\n ...InputValue\n }\n }\n }\n }\n fragment FullType on __Type {\n kind\n name\n description\n fields(includeDeprecated: true) {\n name\n description\n args {\n ...InputValue\n }\n type {\n ...TypeRef\n }\n isDeprecated\n deprecationReason\n }\n inputFields {\n ...InputValue\n }\n interfaces {\n ...TypeRef\n }\n enumValues(includeDeprecated: true) {\n name\n description\n isDeprecated\n deprecationReason\n }\n possibleTypes {\n ...TypeRef\n }\n }\n fragment InputValue on __InputValue {\n name\n description\n type {\n ...TypeRef\n }\n defaultValue\n }\n fragment TypeRef on __Type {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n ofType {\n kind\n name\n }\n }\n }\n }\n }\n }\n }\n }"},"query_execution_time":3.810042e-3,"request_id":"d17a0e47-f861-4bd1-926c-9bbf450ea798","request_mode":"single","request_read_time":2.917e-6,"response_size":74467,"uncompressed_response_size":1707776,"user_vars":{"x-hasura-role":"admin"}},"request_id":"d17a0e47-f861-4bd1-926c-9bbf450ea798"},"level":"info","span_id":"9359e6e3c110ef36","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"cdb33de29324269fef6e3d176c16a64e","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"export_metadata"},"query_execution_time":1.754725e-2,"request_id":"12af1bf6-b6ca-49a2-b3bd-65741bd7f564","request_mode":"non-graphql","request_read_time":3.042e-6,"response_size":7207,"uncompressed_response_size":77675,"user_vars":{"x-hasura-role":"admin"}},"request_id":"12af1bf6-b6ca-49a2-b3bd-65741bd7f564"},"level":"info","span_id":"ec8c2c13a124cd9c","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"f8c015e02e04ae09e2a8a4405b4c88de","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":"gzip","http_version":"HTTP/1.1","ip":"192.168.65.1","method":"POST","status":200,"url":"/v1/metadata"},"operation":{"query":{"type":"get_table_info"},"query_execution_time":5.513167e-3,"request_id":"7ddf530b-e2a3-4abf-8cb6-cec410e60ddb","request_mode":"non-graphql","request_read_time":4.208e-6,"response_size":220,"uncompressed_response_size":973,"user_vars":{"x-hasura-role":"admin"}},"request_id":"7ddf530b-e2a3-4abf-8cb6-cec410e60ddb"},"level":"info","span_id":"b35b421e9c2f061f","timestamp":"2024-07-16T09:09:22.826+0000","trace_id":"867075ad080f76e1dd32fe8cf4f9b5d4","type":"http-log"}
cloud-core-graphql-engine-1 | {"detail":{"http_info":{"content_encoding":null,"http_version":"HTTP/1.1","ip":"127.0.0.1","method":"GET","status":200,"url":"/healthz"},"operation":{"request_id":"c9fba4f7-8ba0-47ba-b977-21f469f44b4d","request_mode":"non-graphql","response_size":2,"uncompressed_response_size":2},"request_id":"c9fba4f7-8ba0-47ba-b977-21f469f44b4d"},"level":"info","timestamp":"2024-07-16T09:09:44.876+0000","type":"http-log"}
Any possible solutions/workarounds you're aware of?
I'm considering to add a copy of the user table in clickhouse
Keywords
cross database permissions, clickhouse, data-connector-agent
