I am trying to configure a transaction for a Gremlin client that will not allow any mutating queries (Read-only).
I am aware that this is possible in JanusGraph or Titan with their API (with buildTransaction() as readOnly()), however for TinkerPop or Neptune I have not found anything similar.
I am using a java script based client (sessioned):
Cluster cluster = Cluster.open();
Client client = cluster.connect('SessionID');
String mutatingQuery = "g.addV('Test')";
client.submit("g.tx().open()");
client.submit(mutatingQuery); // This should fail.
client.submit("g.tx().commit()");
I know you can restrict these types of queries from server side. But is this also possible from client side? I am also not sure if this is the correct approach to this problem.
Edit:
I am communicating remotely with Gremlin Server over WebSocket, by submitting "scripts".
From Java, I am configuring the cluster as:
Cluster cluster =
Cluster.build().addContactPoint(url).port(port).create();
And then using the client to submit queries:
Client c= cluster.connect().init();
c.submit(query);
I know about the ReadOnlyStrategy that a Graph supports. But I have not found a way to enable it through the above approach, only from server configuration script. Is there a another way to restrict the submitted "query"?
My server is configured with this default groovy script:
globals << [g : graph.traversal()] // Could have used readOnly strategy here.
And my client is sending queries like this:
c.submit("g.addV('test')"); // this should fail
Any Ideas?
Manual transaction logic using .tx() is not currently supported in Neptune.
Docs: https://docs.aws.amazon.com/neptune/latest/userguide/access-graph-gremlin-differences.html -> Transactions
And as Kelvin mentioned in his answer, you can always make your application talk to the reader endpoint of the cluster, which lets you do only read-only operations. You can get the reader endpoint, by viewing the cluster details from console, or obtain the endpoint programmatically using the Neptune SDK.
aws neptune describe-db-clusters --db-cluster-identifier \
neptunedbcluster-t0wz5xpqmiuc --region us-east-1 --output table
---------------------------------------------------------------------------------------------------------------------------------
| DescribeDBClusters |
+-------------------------------------------------------------------------------------------------------------------------------+
|| DBClusters ||
|+-----------------------------------+-----------------------------------------------------------------------------------------+|
|| AllocatedStorage | 1 ||
|| BackupRetentionPeriod | 1 ||
|| ClusterCreateTime | 2018-10-16T04:17:23.384Z ||
|| DBClusterArn | arn:aws:rds:us-east-1:123123123123:cluster:neptunedbcluster-t0wz5xpqmiuc ||
|| DBClusterIdentifier | neptunedbcluster-t0wz5xpqmiuc ||
|| DBClusterParameterGroup | neptunedbclusterparametergr-q6eekezcpd04 ||
|| DBSubnetGroup | neptunedbsubnetgroup-dmcliosqke8b ||
|| DbClusterResourceId | cluster-AEFFOL3WFA7W5H7WL4QWEQWEQWE ||
|| EarliestRestorableTime | 2018-10-21T07:04:17.379Z ||
|| Endpoint | neptunedbcluster-t0wz5xpqmiuc.cluster-qweqweqwe.us-east-1.neptune.amazonaws.com ||
|| Engine | neptune ||
|| EngineVersion | 1.0.1.0 ||
|| HostedZoneId | ZUFXD4SLT2LS7 ||
|| IAMDatabaseAuthenticationEnabled | False ||
|| LatestRestorableTime | 2018-10-22T17:16:44.233Z ||
|| MasterUsername | admin ||
|| MultiAZ | False ||
|| Port | 8182 ||
|| PreferredBackupWindow | 06:52-07:22 ||
|| PreferredMaintenanceWindow | mon:09:33-mon:10:03 ||
|| ReaderEndpoint | neptunedbcluster-t0wz5xpqmiuc.cluster-ro-qweqweqwe.us-east-1.neptune.amazonaws.com ||
|| Status | available ||
|| StorageEncrypted | False ||
|+-----------------------------------+-----------------------------------------------------------------------------------------+|
||| AssociatedRoles |||
||+----------+----------------------------------------------------------------------------------------------------------------+||
||| RoleArn | arn:aws:iam::393993383537:role/RDS-2-Neptune-Demo-NeptuneBa-NeptuneLoadFromS3Role-1NKBKFMRK6L1G |||
||| Status | ACTIVE |||
||+----------+----------------------------------------------------------------------------------------------------------------+||
||| AvailabilityZones |||
||+---------------------------------------------------------------------------------------------------------------------------+||
||| us-east-1b |||
||| us-east-1c |||
||| us-east-1a |||
||+---------------------------------------------------------------------------------------------------------------------------+||
||| DBClusterMembers |||
||+------------------------------------------------------------+--------------------------------------------------------------+||
||| DBClusterParameterGroupStatus | in-sync |||
||| DBInstanceIdentifier | neptunedbinstance-owqd0npl6ar4 |||
||| IsClusterWriter | True |||
||| PromotionTier | 1 |||
||+------------------------------------------------------------+--------------------------------------------------------------+||
||| VpcSecurityGroups |||
||+-----------------------------------+---------------------------------------------------------------------------------------+||
||| Status | VpcSecurityGroupId |||
||+-----------------------------------+---------------------------------------------------------------------------------------+||
||| active | sg-01ab9e609e122c01b |||
||| active | sg-0723b9b248cbe20a3 |||
||+-----------------------------------+---------------------------------------------------------------------------------------+||
Note that the reader endpoint is available as ReaderEndpoint in the result.
UPDATE: If you have only one instance in your cluster, then both reader and writer endpoints point to the same instance. If you want a truly read-only endpoint, you should create a multi instance cluster, in which case the reader endpoint does a DNS round robin between the readers.