Skip to main content

Part 2: Operation Name

In this tutorial we'll go through everything you need to know to configure Inigo agents. We'll use a simple security configuration to enforce api requests to have a valid operation name.

Prerequisites

  • Account : create one at app.inigo.io.
  • CLI : install the Inigo cli.
  • We'll use a hosted Starwars Demo service so there is no need to deploy any GraphQL server.

Introduction

When you first login to Inigo, you will see a demo service which is running the Inigo agent on top of a common Starwars GraphQL api. The demo has been pre-populated with some api data, you can browse through the dashboards on the Home tab, and also play with the filters on the Explore tab to see more granular analytics of each request.

Inigo agents are configured using yaml configuration file, similar to Kubernetes or other tools that use the configure as code approach. The configuration files live in your repository and the Inigo cli is used to apply them to running systems. The cli can be run locally and can be easily integrated into any CI/CD pipeline. Inigo agents automatically pull the latest applied configuration without a need to restart the GraphQL server the agent is running on.

In this tutorial we'll add a simple rule to require all requests to have a valid operation name. Requiring named GraphQL operations enables you to best utilize the power of Inigo's API management dashboard, which displays a log of the operations executed against your GraphQL API.

Run a test query

Before applying your first configuration. Head over to the playground tab in the Inigo app and run a simple query:

query {
  films {
    title
  }
}

You should get a reply with all the classic Starwars movie titles (before Disney took over).

First Config

Create a file called service.yml with the following content:

kind: Service
name: demo
label: starwars
spec:
  anonymous_profile: guest

Create a file called security.yml with the following content:

kind: Security
name: demo
label: starwars
spec:
  profiles:
    - name: guest
      require_operation_name: true

Note that the name of the configuration files doesn't actually matter, feel free to name them however you want.

Apply Config

Login using the cli

inigo login

Supply your username and password when prompted:

username: [email protected]
password: ********

If you created an account using google sso: use the corresponding login command:

inigo login google

If you created an account using github sso: use the corresponding login command:

inigo login github

Apply the configuration

inigo apply service.yml
inigo apply security.yml

Alternatively you can also apply multiple configuration files at once using a bash glob:

inigo apply *.yml

Test it out

Now that you have applied the configuration, go back to the playground and try running the same query. This time the server should respond with an error, the request has been blocked by the Inigo agent.

{
  "data": null,
  "extensions": {},
  "errors": [
    {
      "message": "nameless operations are not allowed"
    }
  ]
}

Try adding an operation name to the query to get it to pass:

query Films {
  films {
    title
  }
}

Congratulations! You have applied your first configuration. You can now go to the Home and Explore tab and view the different requests you just ran.

Next up

Follow up with part 2, and go over other more security knobs to protect against deep and large queries.