Experience GraphQL Summit 2024
Since 0.17.2

The Rover persisted-queries Command

Publish persisted query manifests to your persisted queries list

With GraphOS Enterprise, you can enhance a graph's security by maintaining a persisted query list (PQL) for your graph's self-hosted router. The GraphOS Router checks incoming requests against the PQL, and can be configured to reject operations that aren't registered in the list.

Registering operations to a PQL has two steps:

  1. Generating persisted queries manifests (PQMs) using client-specific tooling

  2. Publishing PQMs to the PQL using Rover

This article details the latter. For more information on PQM generation and other implementation steps, see the GraphOS persisted queries documentation.

Publishing a PQM

persisted-queries publish

This command requires authenticating Rover with GraphOS.

You can use Rover to publish a PQM for any client to any existing PQL.

Run the persisted-queries publish command, like so:

Bash
1rover persisted-queries publish my-graph@my-variant \
2  --manifest ./persisted-query-manifest.json

  • The my-graph@my-variant argument is the graph ref of any variant the PQL is linked to.

    • Graph refs have the format graph-id@variant-name.

  • Use the --manifest option to provide the path to the manifest you want to publish.

Instead of my-graph@my-variant, you can combine the --graph-id and --list-id options to specify the PQL you want to publish to:

Bash
1rover persisted-queries publish \
2  --graph-id my_graph --list-id dc4b4040-30fc-4bd1-94a3-5fc1c722acc9 \
3  --manifest ./persisted-query-manifest.json

  • Use --graph-id to provide the graph's ID

  • Use --list-id to provide the PQL's UUID

The persisted-queries publish command does the following:

  1. Publishes all operations in the provided manifest file to the PQL linked to the specified variant, or to the specified PQL.

    • Publishing a manifest to a PQL is additive. Any existing entries in the PQL remain.

    • If you publish an operation with the same id but different details from an existing entry in the PQL, the entire publish command fails with an error.

  2. Updates any other variants that the PQL is applied to so that routers associated with those variants can fetch their updated PQL.

As with generating manifests, it's best to execute this command in your CI/CD pipeline to publish new operations as part of your app release process. This command requires your API key to have the Graph Admin or Persisted Query Publisher role; the latter is a role specifically designed to work with this command without exposing unnecessary information about your graph to users of the API key.

Relay supportSince 0.19.0

The rover persisted-queries command supports publishing persisted queries generated by the Relay compiler.

  1. Configure the Relay compiler to output a JSON operation manifest to a specified location according to their documentation.

  2. Use the persisted-queries publish command to publish the manifest to Apollo GraphOS. The command usage is the same as when publishing Apollo-generated manifests, but you must include the --manifest-format relay argument:

Bash
1rover persisted-queries publish my-graph@my-variant \
2  --manifest ./persisted-queries.json \
3  --manifest-format relay
Feedback

Edit on GitHub

Forums