Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote Schema Permissions: field not found in type query_root #6892

Open
ntx-ben opened this issue May 10, 2021 · 5 comments
Open

Remote Schema Permissions: field not found in type query_root #6892

ntx-ben opened this issue May 10, 2021 · 5 comments

Comments

@ntx-ben
Copy link

ntx-ben commented May 10, 2021

Using the latest Hasura v2.0.0-alpha.10 and trying out Remote Schema Permissions. Test environment is docker-compose on Windows 10 using latest Docker Desktop for Windows.

We added a few remote schemas to services running Hasura 1.3.2, and configured permissions for a role named visitor. In this case, we only configured one permission for one query, system_legacy_migration_logs to a specific remote schema. All related types are also selected for that role.

When trying to issue a simple query, we receive an error as follows:

image

As you can see, we can select the query on the left, and it also shows up in the Docs, however the message seems to indicate that there is some permission issue? However as stated, all related types were automatically selected.

Do the remote schema services also need to run on Hasura v2.0.0-alpha.10? Is this a bug?

Also note that remote permissions work on public remote schemas not running Hasura (i.e. Apollo server).

Thanks
@ntx-ben
Copy link
Author

ntx-ben commented Jun 20, 2021

Can still reproduce this issue on beta.2

Anyone?

@ntx-ben
Copy link
Author

ntx-ben commented Jun 20, 2021

Upon further investigation I found the issue.

It seems that the x-hasura-role header is sent to the remote schema regardless of the settings to not forward all headers. So when the Hasura remote schema receives the query with the role header, it returns an error since it is not configured with that role's permissions.

The workaround is to add a forwarded header of x-hasura-role = admin in the remote schema settings.

Is this normal behavior?

@bjewkes
Copy link

bjewkes commented Jun 30, 2021

I am also experiencing this on v2.0.1 with both instances on v2.0.1. @ntx-ben thanks for your post - that workaround fixed it for me. The role was being forwarded to the other server still until I forced an override.

Were you using the HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS flag? I had that flag set to true so the Hasura instance fetching the remote schema could handle authorization and permissions. I used the admin secret for the authentication with the other Hasura instance.

@ntx-ben
Copy link
Author

ntx-ben commented Jul 6, 2021

@bjewkes Yes I had that flag enabled.

@ntx-ben ntx-ben mentioned this issue Jan 18, 2022
Open
@ntx-ben
Copy link
Author

ntx-ben commented Jan 18, 2022

Still experiencing this on v2.1.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bjewkes @ntx-ben