feat(hogql): HogQLQuery node and data table support #14265
Conversation
…into hogql-symbol-resolution
|
Other than a failing storybook build (sql formatter + webpack 4 = ❤️), this is ready for a review as well. |
| SELECT ("posthog_person"."properties" -> '$some_prop_1') = '"something_1"' AS "flag_X_condition_0" | ||
| SELECT (("posthog_person"."properties" -> '$some_prop_1') = '"something_1"' | ||
| AND "posthog_person"."properties" ? '$some_prop_1' | ||
| AND NOT (("posthog_person"."properties" -> '$some_prop_1') = 'null')) AS "flag_X_condition_0" |
There was a problem hiding this comment.
I don't understand why these tests would change in this PR, but going to assume it's ok.
There was a problem hiding this comment.
These two do look like unrelated changes. They're definitely referencing SQL that's not generated by HogQL. I remember hearing about some changes to /decide, so that's probably this plus a bad merge somewhere by someone?
There was a problem hiding this comment.
Yeah me 🙈 , old PR got merged after a snapshot change went in, which didn't update snapshots again
| SELECT ("posthog_person"."properties" -> 'email') = '"[email protected]"' AS "flag_X_condition_0", | ||
| SELECT (("posthog_person"."properties" -> 'email') = '"[email protected]"' | ||
| AND "posthog_person"."properties" ? 'email' | ||
| AND NOT (("posthog_person"."properties" -> 'email') = 'null')) AS "flag_X_condition_0", |
There was a problem hiding this comment.
Same here: I don't understand why these tests would change in this PR, but going to assume it's ok.
It seems so. Potential thing to look out for: can I make conditions in such a way that the
🤷♂️
Definitely WHERE, faster and safer
It's fine to stick to WHERE, the only thing that would ever really go into PREWHERE is team_id check, but this is more of a perf optimisation. |
I can't imagine a case either. The only other case I can imagine is if somebody manually creates an alias with the name Out of paranoia I have anyway blocked
I think if we implement some of the suggested query safeguards (max memory limit, timeouts, etc) discussed here, we're probably good
👍
Worth doing then, though I propose it should be outside the scope of this PR. |
|
All right, to make everything simple and to give us the maximum amount of playroom, I put the backend in this PR behind a new flag
The "frontend" is still as it is, since there's no real frontend, only an obscure /query debug URL where you'll find HogQL as the 21st link in a list of links. So I think that's fine for now. This flag can be reused when we build a real frontend, or get HogQL insights running. I'll be happy to add all the query/byte/time/etc limits in a followup. |
Problem
HogQL is cool, but nobody can use it yet.
Extracted from #14042
Part of PostHog/meta#81
Stacked on top of #14185
Changes
Exposes a HogQL query editor, together with pretty printing and a table to show the results, under
/query.This HogQL editor is not exposed under its own node because it should likely always be created as a "new insight". Will wait for insights to natively be query nodes for that.
Security concerns
Before putting this live, I'd like to be 100% sure there's no way to leak data from other team. What was not resolved in #14185 will need to be discussed now.
team_idcheck secure as is? Can someone override it somehow? What must we look out for.ONor in theWHEREclause?PREWHEREvsWHERE? Which should we actually use?How did you test this code?
In the browser, plus added a test for the new API endpoint.