
Prisma Cloud – A GraphQL Database Platform - sorenbs
https://blog.graph.cool/introducing-prisma-cloud-a-graphql-database-platform-ed591baa8737
======
ojkelly
I’ve been a fan of Prisma for a while now - hacked on a project with
graphcool. Congrats on the launch!

As it’s unbundled it doesn’t have (on purpose I think) a few things for a
proper production deployment.

I’m working on a GraphQL front end server (Bunjil) designed to be the public
bastion server in front of a Prisma/Prisma Cloud backend (though it works with
any and multiple graphQL servers).

It’s probably too early to share this as I’m still writing the documentation,
but here it is anyway.

The main additions are an authentication hook, and Policy Based Access Control
similar to AWS IAM. I’ve found this style of authorisation amazingly powerful
with GraphQL.

This gives you the ability to give a role access to say all types, or
everything on the user type except ‘password’. Or block access to certain
mutations.

I’m looking at how to hide specific mutations from the final scheme (to block
‘allUsers’ for example).

[https://bunjil.js.org](https://bunjil.js.org)

As most of the docs are still being written, the main two pages with more info
are the api specs. The front page has a simple usage example.

[https://bunjil.js.org/api/bunjil](https://bunjil.js.org/api/bunjil)

[https://bunjil.js.org/api/policy](https://bunjil.js.org/api/policy)

~~~
sorenbs
Thanks ojkelly - this looks super cool! I'll take a closer look tomorrow :-)

Did you already use yoga and bindings? I think you might find it
inspirational.

~~~
ojkelly
Yeah had a good play with and dive around the internals of graphql-yoga.
Bunjil is intended to be pretty opinionated, and I needed to do some things a
bit differently. Namely, a specific focus and opinion on security.

You could easily have Bunjil consume many upstream graphql-yoga in micro
services for example.

------
hobofan
Wow, that looks very cool! I've been following Graphcool since (before?) its
release and my biggest criticism back then was "you are giving up control of
your data if you are not controlling the database". This now completely flips
that on its head and puts control over the database first.

Sadly I'll probably won't be working with a system involving GraphQL for some
time, but when I will again, I'll definitely check out Prisma!

------
jamesmcintyre
If someone were to use Prisma Cloud (or self-hosted) would they need to put
another server in front of Prisma if they wanted to execute arbitrary code?
For instance if I want a certain graphql mutation to first make a call to a
3rd-party api and then perform prisma data mutation based on that 3rd-party
response would I need to orchestrate this on a server that sits in front of
Prisma or does Prisma have the ability to run arbitrary node code?

By the way, graphcool and prisma are amazing ideas with really great UX
execution and open-sourcing Prisma is also very cool so thanks!

EDIT: I think I know the answer now but just a suggestion- you might want to
add a bit more contextual information as to how Prisma fits into a
conventional stack. I know you guys are probably crazy busy so I imagine more
copy/documentation is to come!

~~~
sorenbs
Thanks James! More documentation to come for sure, but this section on Prisma
architecture should already give you a good understanding
[https://www.prismagraphql.com/docs/reference/introduction/wh...](https://www.prismagraphql.com/docs/reference/introduction/what-
is-prisma-apohpae9ju#architecture)

------
fischerq
Looks like a pretty comfortable package! How does this relate to Graphcool
([https://www.graph.cool/](https://www.graph.cool/)), which seems to be your
other (main?) product?

~~~
sorenbs
Thanks Fischer!

Prisma is an evolution of Graphcool Framework. Graphcool Framework is a
complete backend as a service that enable you to create a database, configure
permissions and write business logic that is deployed to serverless functions.

In contrast, Prisma focuses exclusively on the database aspect and brings many
advancements compared to Graphcool.

We have created some nifty open source libraries to bring a lot of the same
out-of-the-box experience provided by Graphcool Framework to more traditional
GraphQL backend development with Prisma, including GraphQL Bindings that
provide smart schema stitching and auto-complete in your editor as seen in the
video on [https://www.prismagraphql.com/](https://www.prismagraphql.com/)

Prisma incorporates 2 years of learnings from operating Graphcool at scale and
writing big applications with GraphQL. I'm super excited to be part of the
community that is shaping around GraphQL and happy to answer any questions
about GraphQL in general (especially from the backend perspective) or Prisma
specifically.

