Stored Procedure support for new Execute operation - REST and GraphQL

[seantleonard]

Why make this change?

• Closes [REST] Update/Create is breaking with Single Permission #1070
• To meet the spec of RFC in [GraphQL] Updates to Stored Procedure support for Engine #1095, this PR is a breaking change that requires stored procedure entity permission roles to be defined with the newly introduced operation execute. The execute operation may only be assigned as an action within stored procedure entities.
• Because developers should have fine grained control over how their entities are available in both the generated GraphQL and REST endpoints, this PR also introduces new runtime config parameters that allow explicitly setting the one type of GraphQL field type that is generated for the SP (query or mutation) while separately defining which HTTP actions are allowed to execute the stored procedure.

What is this change?

• Adds the execute operation which is required to be assigned as the only operation for all roles assigned to stored procedures
• Add the GraphQLEntitySettings param operation whose value must be either mutation (implicit default) or query. The value assigned to operation is utilized in the GraphQL schema builder to determine whether to generate a mutation or query field for the stored procedure within the GraphQL schema.
• Add the RestEntitySettings->ApiSettings param methods which expects an array of HTTP verbs e.g. ["POST", "GET"] (default: implicit POST). These HTTP verbs represent the restriction placed on the REST endpoint for which actions are allowed to execute the stored procedure.

How was this tested?

• Integration Tests - Updated integration tests to be compatible with execute operation.
• Unit Tests - Updated unit tests for CLI tool to accommodate new execute permission within Config project.

Sample GraphQL Schema

Stored Procedure As Queries

type GetBooks {
  id: Int!
  title: String!
  publisher_id: Int!
}

type GetPublisher {
  id: Int!
  name: String!
}

type Query {
  """
  Execute Stored-Procedure GetBooks and get results from the database
  """
  executeGetBooks: [GetBooks!]!

  """
  Execute Stored-Procedure GetPublisher and get results from the database
  """
  executeGetPublisher(
    """
    parameters for GetPublisher stored-procedure
    """
    id: Long = 1
  ): [GetPublisher!]!
}

Sample Config

    "GetBooks": {
      "source": {
        "type": "stored-procedure",
        "object": "get_books",
        "key-fields": []
      },
      "rest": {
        "method": [ "GET" ]
      },
      "permissions": [
        {
          "role": "anonymous",
          "actions": [
            "execute"
          ]
        },
        {
          "role": "authenticated",
          "actions": [
            "execute"
          ]
        }
      ],
      "graphql": {
        "operation": "Query"
      }
    },
    "GetPublisher": {
      "source": {
        "type": "stored-procedure",
        "object": "get_publisher_by_id",
        "parameters": {
          "id": 1
        },
        "key-fields": []
      },
      "rest": {
        "method": [ "GET" ]
      },
      "permissions": [
        {
          "role": "anonymous",
          "actions": [
            "execute"
          ]
        },
        {
          "role": "authenticated",
          "actions": [
            "execute"
          ]
        }
      ],
      "graphql": {
        "operation": "Query"
      }
    }

Sample Request(s)

Example Entities section of Runtime configuration demonstrating Execute permission for both GraphQL (explicitly set operation to mutation), and REST (explicitly set allowed HTTP verbs to POST and GET

"entities": {
    "InsertBook": {
      "source": {
        "type": "stored-procedure",
        "object": "insert_book",
        "parameters": {
          "title": "randomX",
          "publisher_id": 1234
        },
        "key-fields": []
      },
      "rest": {
        "path": "/InsertBook",
        "spHttpVerbs": [ "POST", "GET" ]
      },
      "permissions": [
        {
          "role": "anonymous",
          "actions": [
            "execute"
          ]
        },
        {
          "role": "authenticated",
          "actions": [
            "execute"
          ]
        }
      ],
      "graphql": {
        "operation": "mutation"
      }
    }
  }

[Aniruddh25]

Created #1167 to track

---

In reply to: 1406999396

[Aniruddh25]

Thanks for @seantleonard and @severussundar on getting this late requested rfc implemented both for CLI and engine!

Observations for future for more qualitative review:
Before starting implementation:

• split the overall rfc into smaller scoped issues,
• determine which issues might depend on each other( 1 way to find that is based on project dependencies) and which can be worked on independently. eg. here Config dll could have been a separate change.
• Scope CLI and engine changes, and dont be afraid to temporarily ignore some tests specific to stored procs given that you were the only ones modifying it.