CR GraphQL

The CR GraphQL allows referencing a GraphQL schema resource. The schema of this ConfigMap resource must be compatible with GraphQL schema definition (Oct. 2021). Introspection and mutation queries are supported.

  • GraphQL queries, variables and operation names can be extracted from different sources:
  • HTTP query parameters
  • JSON bodies

Queries from both sources can be identified and parsed as described in the CR Parser article.

The threatHandlingMode setting in this CR is limited to the configurable features in this CR. It is not related to the CR DenyRules threatHandlingMode configuration.

Additional configuration aspects

Not all configurational aspects of GraphQL-related traffic are configured in the CR GraphQL. Even without a referenced schema, CR DenyRules and CR Limits settings are applied to query requests and can be configured to block or restrict them.

GraphQL queries are identified with parameters and keys and must match the parser's requirements as stated in the article CR Parser.

Logging

In case of a problem, such as an error in the referenced GraphQL schema, Airlock Microgateway logs information in the application log.

Example:

[2024-06-12 14:08:43.436][125742][critical][main] [external/envoy/source/server/server.cc:414] error initializing config '  /home/mgw/airlock/airlock-microgateway-engine/config/graphql.yaml': Failed to parse GraphQL configuration "graphql_config": schema parse error: Parse error at 1:16 
Unexpected `abc[Name]` 
Expected `:`