super-graph 配置

super-graph 的配置可以通过yaml 以及json格式,同时提供了基于环境变量的管理(以GO_ENV开头)
比如GP_ENV=prod 使用prod.yaml 对于GO_ENV-dev 的使用dev.yaml ,配置文件也可以通过-path <folder>
指定

完整配置

  • 参考配置文件
 
# Inherit config from this other config file
# so I only need to overwrite some values
inherits: base
app_name: "Super Graph Development"
host_port: 0.0.0.0:8080
web_ui: true
# debug, error, warn, info
log_level: "debug"
# enable or disable http compression (uses gzip)
http_compress: true
# When production mode is 'true' only queries
# from the allow list are permitted.
# When it's 'false' all queries are saved to the
# the allow list in ./config/allow.list
production: false
# Throw a 401 on auth failure for queries that need auth
auth_fail_block: false
# Latency tracing for database queries and remote joins
# the resulting latency information is returned with the
# response
enable_tracing: true
# Watch the config folder and reload Super Graph
# with the new configs when a change is detected
reload_on_config_change: true
# File that points to the database seeding script
# seed_file: seed.js
# Path pointing to where the migrations can be found
migrations_path: ./migrations
# Postgres related environment Variables
# SG_DATABASE_HOST
# SG_DATABASE_PORT
# SG_DATABASE_USER
# SG_DATABASE_PASSWORD
# Auth related environment Variables
# SG_AUTH_RAILS_COOKIE_SECRET_KEY_BASE
# SG_AUTH_RAILS_REDIS_URL
# SG_AUTH_RAILS_REDIS_PASSWORD
# SG_AUTH_JWT_PUBLIC_KEY_FILE
# inflections:
#   person: people
#   sheep: sheep
auth:
  # Can be 'rails' or 'jwt'
  type: rails
  cookie: _app_session
  # Comment this out if you want to disable setting
  # the user_id via a header for testing.
  # Disable in production
  creds_in_header: true
  rails:
    # Rails version this is used for reading the
    # various cookies formats.
    version: 5.2
    # Found in 'Rails.application.config.secret_key_base'
    secret_key_base: 0a248500a64c01184edb4d7ad3a805488f8097ac761b76aaa6c17c01dcb7af03a2f18ba61b2868134b9c7b79a122bc0dadff4367414a2d173297bfea92be5566
    # Remote cookie store. (memcache or redis)
    # url: redis://redis:6379
    # password: ""
    # max_idle: 80
    # max_active: 12000
    # In most cases you don't need these
    # salt: "encrypted cookie"
    # sign_salt: "signed encrypted cookie"
    # auth_salt: "authenticated encrypted cookie"
  # jwt:
  #   provider: auth0
  #   secret: abc335bfcfdb04e50db5bb0a4d67ab9
  #   public_key_file: /secrets/public_key.pem
  #   public_key_type: ecdsa #rsa
  # header:
  #   name: dnt
  #   exists: true
  #   value: localhost:8080
# You can add additional named auths to use with actions
# In this example actions using this auth can only be
# called from the Google Appengine Cron service that
# sets a special header to all it's requests
auths:
  - name: from_taskqueue
    type: header
    header:
      name: X-Appengine-Cron
      exists: true
database:
  type: postgres
  host: db
  port: 5432
  dbname: app_development
  user: postgres
  password: postgres
  #schema: "public"
  #pool_size: 10
  #max_retries: 0
  #log_level: "debug"
  # Set session variable "user.id" to the user id
  # Enable this if you need the user id in triggers, etc
  set_user_id: false
  # database ping timeout is used for db health checking
  ping_timeout: 1m
  # Set up an secure tls encrypted db connection
  enable_tls: false
  # Required for tls. For example with Google Cloud SQL it's
  # <gcp-project-id>:<cloud-sql-instance>"
  # server_name: blah
  # Required for tls. Can be a file path or the contents of the pem file
  # server_cert: ./server-ca.pem
  # Required for tls. Can be a file path or the contents of the pem file
  # client_cert: ./client-cert.pem
  # Required for tls. Can be a file path or the contents of the pem file
  # client_key: ./client-key.pem
# Define additional variables here to be used with filters
variables:
  admin_account_id: "5"
# Field and table names that you wish to block
blocklist:
  - ar_internal_metadata
  - schema_migrations
  - secret
  - password
  - encrypted
  - token
# Create custom actions with their own api endpoints
# For example the below action will be available at /api/v1/actions/refresh_leaderboard_users
# A request to this url will execute the configured SQL query
# which in this case refreshes a materialized view in the database.
# The auth_name is from one of the configured auths
actions:
  - name: refresh_leaderboard_users
    sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
    auth_name: from_taskqueue
tables:
  - name: customers
    remotes:
      - name: payments
        id: stripe_id
        url: http://rails_app:3000/stripe/$id
        path: data
        # debug: true
        pass_headers:
          - cookie
        set_headers:
          - name: Host
            value: 0.0.0.0
          # - name: Authorization
          #   value: Bearer <stripe_api_key>
  - # You can create new fields that have a
    # real db table backing them
    name: me
    table: users
roles_query: "SELECT * FROM users WHERE id = $user_id"
roles:
  - name: anon
    tables:
      - name: products
        limit: 10
        query:
          columns: ["id", "name", "description"]
          aggregation: false
        insert:
          allow: false
        update:
          allow: false
        delete:
          allow: false
  - name: user
    tables:
      - name: users
        query:
          filters: ["{ id: { _eq: $user_id } }"]
      - name: products
        query:
          limit: 50
          filters: ["{ user_id: { eq: $user_id } }"]
          columns: ["id", "name", "description"]
          disable_functions: false
        insert:
          filters: ["{ user_id: { eq: $user_id } }"]
          columns: ["id", "name", "description"]
          set:
            - created_at: "now"
        update:
          filters: ["{ user_id: { eq: $user_id } }"]
          columns:
            - id
            - name
          set:
            - updated_at: "now"
        delete:
          block: true
  - name: admin
    match: id = 1000
    tables:
      - name: users
        filters: []
  • 环境变量
    pg
 
SG_DATABASE_HOST
SG_DATABASE_PORT
SG_DATABASE_USER
SG_DATABASE_PASSWORD
 

auth 变量

SG_AUTH_RAILS_COOKIE_SECRET_KEY_BASE
SG_AUTH_RAILS_REDIS_URL
SG_AUTH_RAILS_REDIS_PASSWORD
SG_AUTH_JWT_PUBLIC_KEY_FILE

yugabytedb 支持

当然因为yugabytedb的核心是基于pg的所以兼容比较好

  • 参考配置
# Postgres DB
  # db:
  #   image: postgres:latest
  #   ports:
  #     - "5432:5432"
  #Standard config to run a single node of Yugabyte
  yb-master:
    image: yugabytedb/yugabyte:latest
    container_name: yb-master-n1
    command: [ "/home/yugabyte/bin/yb-master",
              "--fs_data_dirs=/mnt/disk0,/mnt/disk1",
              "--master_addresses=yb-master-n1:7100",
              "--replication_factor=1",
              "--enable_ysql=true"]
    ports:
      - "7000:7000"
    environment:
      SERVICE_7000_NAME: yb-master
  db:
    image: yugabytedb/yugabyte:latest
    container_name: yb-tserver-n1
    command: [ "/home/yugabyte/bin/yb-tserver",
              "--fs_data_dirs=/mnt/disk0,/mnt/disk1",
              "--start_pgsql_proxy",
              "--tserver_master_addrs=yb-master-n1:7100"]
    ports:
      - "9042:9042"
      - "6379:6379"
      - "5433:5433"
      - "9000:9000"
    environment:
      SERVICE_5433_NAME: ysql
      SERVICE_9042_NAME: ycql
      SERVICE_6379_NAME: yedis
      SERVICE_9000_NAME: yb-tserver
    depends_on:
      - yb-master
  # Environment variables to point Super Graph to Yugabyte
  # This is required since it uses a different user and port number
  yourapp_api:
    image: dosco/super-graph:latest
    environment:
      GO_ENV: "development"
      Uncomment below for Yugabyte DB
      SG_DATABASE_PORT: 5433
      SG_DATABASE_USER: yugabyte
      SG_DATABASE_PASSWORD: yugabyte
    volumes:
     - ./config:/config
    ports:
      - "8080:8080"
    depends_on:
      - db

参考资料

https://supergraph.dev/docs/config

posted on 2020-05-23 17:17  荣锋亮  阅读(385)  评论(0编辑  收藏  举报

导航