Stitch is a no-code GraphQL tool for your existing APIs and data sources
Added the status endpoint to registry that returns the metadata file for the resource group and validates that policy attachments exist for all opa policies, returning an array of the policies that have missing attachments
Fixed a bug in anonymous strategy authentication that included querystring as a part of the path
Introspection query policy is used like a BasePolicy, hence it needs to use the same types.
Currently stitch exposes GRAPHQL_INTROSPECTION
with a default of true.
Enabling the introspection query in production is a security vulnerability in some use cases, so we want to control access to the introspection query using a policy instead.
This change adds the introspectionQueryPolicy
resource type, which can be added same to the base policy via cli or the registry graphql gateway.
If the introspection query is not provided, it will be allowed by default (assuming GRAPHQL_INTROSPECTION
is true).