Command: graphql

Execute graphql queries against a Turbot Guardrails workspace.

Passing a query on command line

The graphql query may be passed using the --query argument. This may be either a string query, or the path to a file containing the query

turbot graphql --query '{ resource(id:"tmod:@turbot/turbot#/"){ turbot {title} } }'

or

turbot graphql --query ~/queries/query1.txt

where ~/queries/query1.txt is a file containing the same query as above.

These return:

resource:
turbot:
title: Turbot

Specify json output format

- turbot graphql --query ~/queries/query1.txt --format json

This returns

{
"resource": {
"turbot": {
"title": "Turbot"
}
}
}

Executing specific resolver

Instead of using the --query parameter, you can use any graphql resolver as a sub-command.

For many resolvers, the default graphql output is defined, so it is not required. You can override the default output (or provide a default output for a type not yet implemented by the cli) by adding an entry to the cli config file: ~/.config/turbot/config.yyl

To override the default output for resource and control, add the following to the config:

defaultGraphqlOutput:
resource: "{ title }"
control: " { state }"

Alternatively, you can specify the output data you wish graphql to return with the --output parameter

Query resource by id, returning default output fields

graphql resource --id "tmod:@turbot/turbot#/"

This returns:

resource:
type:
uri: "tmod:@turbot/turbot#/resource/types/turbot"
turbot:
id: "165643650699265"
parentId: null
title: Turbot

Query resource by id, returning custom output fields

The output may be either a format string or a file path:

turbot graphql resource --id "tmod:@turbot/turbot#/" --output '{ title }'

or

turbot graphql resource --id "tmod:@turbot/turbot#/" --output ~/queries/resourceOutput.txt

where ~/queries/resourceOutput.txt is a file containing the same output format text as above.

These return

resource:
title: Turbot

Awaiting expected graphql output

If the --expected argument is provided, the cli will check the results of the graphql query against the expected result and if they not match it will retry every 5 seconds for up to a minute (by default).

For example:

turbot graphql resource-list --filter "resourceType:folder waitTest" --output {items{title}} --expected ~/queries/expected1.yml

Where expected1.yml is:

resourceList:
items:
- title: waitTest

This query will retry until the result matches the expected value.

Notes:

  • The expected argument (or file) should be json or yaml format text
  • The timeout may be customized by passing the --timeout argument, which specifies the timeout in seconds

Usage

Usage: turbot graphql [options]

The turbot graphql command executes graphql queries against a Turbot Guardrails workspace. You can use the --query to specify the full graphql query to run

The supported options are:

  • --expected : Either a file path to a yml/json file or a yml/json string, containing expected result.
  • --timeout : The number of second to retry the graphql query, until the result matches the expected result. The default is 60 (one minute).
  • --query : `Either a file path to a file containing a graphql query, or a graphql query as a string.
  • --variables : Either a file path to a yml/json file or a yml/json string, containing the variables for the query.
  • --output : Either a file path to a yml/json file or a yml/json string containing the graphql output data.
  • --format : The format of the graphql results. Valid values are yaml (the default) or json.
  • --dir or -d : Path to the Guardrails mod that you want to upload, and it defaults to ".".
  • --help : Shows help.
  • --profile : The Turbot Guardrails credentials profile to use.
  • --credentials-file : Path to the shared credentials file. The default is ~/.config/turbot/credentials.yml.
  • --access-key: Turbot Guardrails access key for the workspace. If not specified, credentials will be read from your Guardrails CLI credentials file or environment variables
  • --secret-key: Turbot Guardrails secret access key id. If not specified, credentials will be read from your Guardrails CLI credentials file or environment variables
  • --workspace: Turbot Guardrails workspace, for example: parker-turbot.cloud.turbot-dev.com. If not specified, Turbot Guardrails credentials will be read from your Guardrails CLI credentials file or environment variables

Usage: turbot graphql <subcommand> [options]

Instead of using the --query parameter, you can use any graphql resolver as a sub-command:

  • turbot graphql active-grant
  • turbot graphql active-grant-list
  • turbot graphql active-grants
  • turbot graphql control
  • turbot graphql control-categories
  • turbot graphql control-category
  • turbot graphql control-category-list
  • turbot graphql control-list
  • turbot graphql control-summaries-by-control-category
  • turbot graphql control-summaries-by-control-type
  • turbot graphql control-summaries-by-resource
  • turbot graphql control-summaries-by-resource-category
  • turbot graphql control-summaries-by-resource-type
  • turbot graphql control-type
  • turbot graphql control-type-list
  • turbot graphql control-types
  • turbot graphql control-version
  • turbot graphql controls
  • turbot graphql controls-by-control-category-list
  • turbot graphql controls-by-control-type-list
  • turbot graphql controls-by-resource-category-list
  • turbot graphql controls-by-resource-list
  • turbot graphql controls-by-resource-type-list
  • turbot graphql favorite
  • turbot graphql favorite-list
  • turbot graphql favorites
  • turbot graphql grant
  • turbot graphql grant-list
  • turbot graphql grants
  • turbot graphql identity-permissions-summary-list
  • turbot graphql notification
  • turbot graphql notification-list
  • turbot graphql notifications
  • turbot graphql permission-level
  • turbot graphql permission-level-list
  • turbot graphql permission-levels
  • turbot graphql permission-type
  • turbot graphql permission-type-list
  • turbot graphql permission-types
  • turbot graphql permissions-details-by-identity
  • turbot graphql permissions-details-by-resource
  • turbot graphql policies
  • turbot graphql policy
  • turbot graphql policy-detail
  • turbot graphql policy-hierarchies
  • turbot graphql policy-list
  • turbot graphql policy-setting
  • turbot graphql policy-setting-list
  • turbot graphql policy-setting-summaries-by-control-category
  • turbot graphql policy-setting-summaries-by-policy-type
  • turbot graphql policy-setting-summaries-by-resource
  • turbot graphql policy-setting-summaries-by-resource-type
  • turbot graphql policy-settings
  • turbot graphql policy-settings-by-control-category-list
  • turbot graphql policy-settings-by-policy-type-list
  • turbot graphql policy-settings-by-resource-list
  • turbot graphql policy-settings-by-resource-type-list
  • turbot graphql policy-type
  • turbot graphql policy-type-list
  • turbot graphql policy-types
  • turbot graphql policy-value
  • turbot graphql policy-value-list
  • turbot graphql policy-value-version
  • turbot graphql policy-values
  • turbot graphql process
  • turbot graphql process-history
  • turbot graphql process-list
  • turbot graphql process-log-list
  • turbot graphql process-logs
  • turbot graphql processes
  • turbot graphql profile-access-key
  • turbot graphql profile-access-keys
  • turbot graphql render-template
  • turbot graphql resource
  • turbot graphql resource-categories
  • turbot graphql resource-category
  • turbot graphql resource-category-list
  • turbot graphql resource-list
  • turbot graphql resource-permissions-summary-list
  • turbot graphql resource-summaries-by-resource
  • turbot graphql resource-summaries-by-resource-category
  • turbot graphql resource-summaries-by-resource-type
  • turbot graphql resource-type
  • turbot graphql resource-type-list
  • turbot graphql resource-types
  • turbot graphql resource-version
  • turbot graphql resources
  • turbot graphql resources-by-resource-category-list
  • turbot graphql resources-by-resource-list
  • turbot graphql resources-by-resource-type-list
  • turbot graphql watch
  • turbot graphql watch-list
  • turbot graphql watch-rule
  • turbot graphql watch-rule-list
  • turbot graphql watch-rules
  • turbot graphql watches

The supported options vary by sub-command, but most support:

  • --expected : Either a file path to a yml/json file or a yml/json string, containing expected result.
  • --timeout : The number of second to retry the graphql query, until the result matches the expected result. The default is 60 (one minute).
  • --query : `Either a file path to a file containing a graphql query, or a graphql query as a string.
  • --variables : Either a file path to a yml/json file or a yml/json string, containing the variables for the query.
  • --output : Either a file path to a yml/json file or a yml/json string containing the graphql output data.
  • --format : The format of the graphql results. Valid values are yaml (the default) or json.
  • --dir or -d : Path to the Guardrails mod that you want to upload, and it defaults to ".".
  • --help : Shows help.
  • --profile : The Turbot Guardrails credentials profile to use.
  • --credentials-file : Path to the shared credentials file. The default is ~/.config/turbot/credentials.yml.
  • --access-key: Turbot Guardrails access key for the workspace. If not specified, credentials will be read from your Guardrails CLI credentials file or environment variables
  • --secret-key: Turbot Guardrails secret access key id. If not specified, credentials will be read from your Guardrails CLI credentials file or environment variables
  • --workspace: Turbot Guardrails workspace, for example: parker-turbot.cloud.turbot-dev.com. If not specified, Turbot Guardrails credentials will be read from your Guardrails credentials file or environment variables

Queries that return a single item (turbot graphql resource, turbot graphql control, etc) also support:

  • --id : an aka or id of the resource to return.

List queries (turbot graphql resources, turbot graphql controls, etc) also support:

  • --filter : A Turbot Guardrails filter to search for resources.
  • --paging : A paging token to get the next batch of items