Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Status of the statement "GraphQL API Authorization with OPA is currently experimental" #6586

Open
mlcooper opened this issue Feb 12, 2024 · 7 comments
Open

Status of the statement "GraphQL API Authorization with OPA is currently experimental" #6586

mlcooper opened this issue Feb 12, 2024 · 7 comments
Labels
inactive question

Comments

@mlcooper
Copy link

What is the underlying problem you're trying to solve?

Hi OPA team, this more of a question. Does this statement still hold true on this page? Is it still officially experimental?

GraphQL API Authorization with OPA is currently experimental and the following tutorial is intended for demonstration purposes only

Describe the ideal solution

Confirm that it is still experimental, or if not, update the document to reflect what state it's in, ie alpha, beta, prod.
@ashutosh-narkar
Copy link
Member

I believe it is still experimental but @philipaconrad can you please confirm?

@anderseknert
Copy link
Member

Hi there! You're not the first one to ask, so I agree — we should probably phrase that differently. I believe the meaning of that disclaimer is more or less to say that these functions are... different from what one may be used to compared to other built-in functions, as you're basically dealing with an AST represenation. As they are published built-in functions, they're not likely to be removed or anything like that.

@ashutosh-narkar
Copy link
Member

So adding more context to that statement would be helpful then.

@mlcooper
Copy link
Author

@anderseknert thanks for the clarification. The reason why I'm asking is that we are currently planning on adopting OPA for GraphQL API Authorization, however when we found the "experimental" statement today, it gave us pause. So we wanted to inquire about the status of that statement.

@philipaconrad
Copy link
Contributor

philipaconrad commented Feb 14, 2024
edited

@mlcooper I'd characterize the graphql builtins as fairly stable (we're not going to rip it out any time soon!), but the graphql APIs aren't exactly as user-friendly as most of the other sets of builtin functions in OPA. 😅 They exist mainly to take an "impossible" situation in Rego (parsing GraphQL) and make it at least possible to do.

As @anderseknert noted, the API requires working with an Abstract Syntax Tree representation of the incoming GraphQL query, which can be inconvenient or difficult in OPA/Rego for some more complex cases.

@anderseknert
Copy link
Member

@philipaconrad as this has been raised a few times now, perhaps we should update that text somewhat? I feel like we can explain how they're different (and possibly difficult to use) without labeling them as experimental. It seems unlikely that they'd be removed at this point, or what would you say?

@stale Stale
Copy link

stale bot commented Mar 16, 2024

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue.

@stale stale bot added the inactive label Mar 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
inactive question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@anderseknert @philipaconrad @ashutosh-narkar @mlcooper