The following examples are in the form as entered in the GraphQL 'playground', which is found at: https://{{ host_address }}/graphql Example using GraphQL mutations to configure a DHCP server: All examples assume that the http-api is running: 'set service https api' One can configure an address on an interface, and configure the DHCP server to run with that address as default router by requesting these 'mutations' in the GraphQL playground: mutation { CreateInterfaceEthernet (data: {interface: "eth1", address: "192.168.0.1/24", description: "BOB"}) { success errors data { address } } } mutation { CreateDhcpServer(data: {sharedNetworkName: "BOB", subnet: "192.168.0.0/24", defaultRouter: "192.168.0.1", nameServer: "192.168.0.1", domainName: "vyos.net", lease: 86400, range: 0, start: "192.168.0.9", stop: "192.168.0.254", dnsForwardingAllowFrom: "192.168.0.0/24", dnsForwardingCacheSize: 0, dnsForwardingListenAddress: "192.168.0.1"}) { success errors data { defaultRouter } } } To save the configuration, use the following mutation: mutation { SaveConfigFile(data: {fileName: "/config/config.boot"}) { success errors data { fileName } } } N.B. fileName can be empty (fileName: "") or data can be empty (data: {}) to save to /config/config.boot; to save to an alternative path, specify fileName. Similarly, using an analogous 'endpoint' (meaning the form of the request and resolver; the actual enpoint for all GraphQL requests is https://hostname/graphql), one can load an arbitrary config file from a path. mutation { LoadConfigFile(data: {fileName: "/home/vyos/config.boot"}) { success errors data { fileName } } } Op-mode 'show' commands may be requested by path, e.g.: query { Show (data: {path: ["interfaces", "ethernet", "detail"]}) { success errors data { result } } } N.B. to see the output the 'data' field 'result' must be present in the request. Mutations to manipulate firewall address groups: mutation { CreateFirewallAddressGroup (data: {name: "ADDR-GRP", address: "10.0.0.1"}) { success errors } } mutation { UpdateFirewallAddressGroupMembers (data: {name: "ADDR-GRP", address: ["10.0.0.1-10.0.0.8", "192.168.0.1"]}) { success errors } } mutation { RemoveFirewallAddressGroupMembers (data: {name: "ADDR-GRP", address: "192.168.0.1"}) { success errors } } N.B. The schema for the above specify that 'address' be of the form 'list of strings' (SDL type [String!]! for UpdateFirewallAddressGroupMembers, where the ! indicates that the input is required; SDL type [String] in CreateFirewallAddressGroup, since a group may be created without any addresses). However, notice that a single string may be passed without being a member of a list, in which case the specification allows for 'input coercion': http://spec.graphql.org/October2021/#sec-Scalars.Input-Coercion Similarly, IPv6 versions of the above: CreateFirewallAddressIpv6Group UpdateFirewallAddressIpv6GroupMembers RemoveFirewallAddressIpv6GroupMembers Instead of using the GraphQL playground, an equivalent curl command to the first example above would be: curl -k 'https://192.168.100.168/graphql' -H 'Content-Type: application/json' --data-binary '{"query": "mutation {createInterfaceEthernet (data: {interface: \"eth1\", address: \"192.168.0.1/24\", description: \"BOB\"}) {success errors data {address}}}"}' Note that the 'mutation' term is prefaced by 'query' in the curl command. Curl equivalents may be read from within the GraphQL playground at the 'copy curl' button. What's here: services ├── api │ └── graphql │ ├── bindings.py │ ├── graphql │ │ ├── directives.py │ │ ├── __init__.py │ │ ├── mutations.py │ │ └── schema │ │ ├── config_file.graphql │ │ ├── dhcp_server.graphql │ │ ├── firewall_group.graphql │ │ ├── interface_ethernet.graphql │ │ ├── schema.graphql │ │ ├── show_config.graphql │ │ └── show.graphql │ ├── README.graphql │ ├── recipes │ │ ├── __init__.py │ │ ├── remove_firewall_address_group_members.py │ │ ├── session.py │ │ └── templates │ │ ├── create_dhcp_server.tmpl │ │ ├── create_firewall_address_group.tmpl │ │ ├── create_interface_ethernet.tmpl │ │ ├── remove_firewall_address_group_members.tmpl │ │ └── update_firewall_address_group_members.tmpl │ └── state.py ├── vyos-configd ├── vyos-hostsd └── vyos-http-api-server The GraphQL library that we are using, Ariadne, advertises itself as a 'schema-first' implementation: define the schema; define resolvers (handlers) for declared Query and Mutation types (Subscription types are not currently used). In the current approach to a high-level API, we consider the Jinja2-templated collection of configuration mode 'set'/'delete' commands as the Ur-data; the GraphQL schema is produced from those files, located in 'api/graphql/recipes/templates'. Resolvers for the schema Mutation fields are dynamically generated using a 'directive' added to the respective schema field. The directive, '@configure', is handled by the class 'ConfigureDirective' in 'api/graphql/graphql/directives.py', which calls the 'make_configure_resolver' function in 'api/graphql/graphql/mutations.py'; the produced resolver calls the appropriate wrapper in 'api/graphql/recipes', with base class doing the (overridable) configuration steps of calling all defined 'set'/'delete' commands. Integrating the above with vyos-http-api-server is 4 lines of code. What needs to be done: • automate generation of schema and wrappers from templated configuration commands • investigate whether the subclassing provided by the named wrappers in 'api/graphql/recipes' is sufficient for use cases which need to modify data • encapsulate the manipulation of 'canonical names' which transforms the prefixed camel-case schema names to various snake-case file/function names • consider mechanism for migration of templates: offline vs. on-the-fly • define the naming convention for those schema fields that refer to configuration mode parameters: e.g. how much of the path is needed as prefix to uniquely define the term