[BUG]: Some internal predicates should not be exposed or exported. (ALC and GraphQL | Liveload) #8401
Closed as not planned
Description
What version of Dgraph are you using?
latest(2022)
Tell us a little more about your go-environment?
N/A
Have you tried reproducing the issue with the latest release?
Yes
What is the hardware spec (RAM, CPU, OS)?
N/A
What steps will reproduce the bug?
Start a cluster from scratch and you'll see them exposed.
Expected behavior and actual result.
This shouldn't be exposed.
<dgraph.acl.rule>: [uid] .
<dgraph.drop.op>: string .
<dgraph.graphql.p_query>: string @index(sha256) .
<dgraph.graphql.schema>: string .
<dgraph.graphql.xid>: string @index(exact) @upsert .
<dgraph.rule.permission>: int .
<dgraph.rule.predicate>: string @index(exact) @upsert .
type <dgraph.graphql> {
dgraph.graphql.schema
dgraph.graphql.xid
}
type <dgraph.graphql.persisted_query> {
dgraph.graphql.p_query
}
type <dgraph.type.Group> {
dgraph.xid
dgraph.acl.rule
}
type <dgraph.type.Rule> {
dgraph.rule.predicate
dgraph.rule.permission
}
type <dgraph.type.User> {
dgraph.xid
dgraph.password
dgraph.user.group
}
To hide only:
dgraph.acl.rule
These predicates above need to be hidden and prevented from being exported.
PS. PLEASE, check if those predicates need to be exported. If so, we only need to hide them in the schema query. So it won't appear in Ratel or when the user query for the Schema.
However, we need to check whether ACL predicates really need to be exported. If so, we need a documented method to be able to export ACL context to a new machine.
Additional information
https://discuss.dgraph.io/t/live-loader-option-to-skip-unauthorized-predicates/17929