79. GraphQL in Python with Patrick Arminio - Pycon Italia Part 3

Welcome back to another episode of The Rabbit Hole. Today on the show we have another interview from Dave’s time at PyCon Italia, the last of a three part series. While over there, Dave had the change to speak with Patrick Arminio. Patrick is a Full Stack Developer at Stink Studios and is also the a co-chair of the PyCon Italia, organizing the conference each year. Inside this episode we dive into GraphQL in Python, discussing common challenges, unique perspectives, and the problem that Patrick is most interested in. For all this and more, be sure to tune as we go down today’s rabbit hole!

Key Points From This Episode:

  • Patrick’s background and what he is currently working on.
  • What Patrick is excited for about GraphQL
  • The current GraphQL problems that Patrick is most interested in.
  • Common challenges with GraphQL across countries.
  • Unique perspectives of GraphQL from Patrick.
  • Less overhead and more security with precompiled queries.
  • What’s next for PyCon Italia?
  • And much more!

Transcript for Episode 79. GraphQL in Python with Patrick Arminio: Pycon Italia Part 3

[0:00:36.0] MN: Hello and welcome to The Rabbit Hole, the definitive developer’s podcast. I’m your host, Michael Nunez. Our co-host today.

[0:00:44.4] DA: Dave Anderson.

[0:00:45.6] MN: Today, we got another interview.

[0:00:47.7] DA: Yeah, this is the last in a three part PyCon Italia series.

[0:00:53.5] MN: Yeah, Dave was out there a couple of months ago, or many months ago, rather. To Florence, Italy where he gave his talk in PyCon Italia, Choose Your Own Adventure, right? That was the name?

[0:01:06.4] DA: Choose Your Own Adventure With Client Web – no, Choose Your Own Adventure For Client Web Servers With GraphQL, it was a mouth full.

[0:01:16.3] MN: Yeah, definitely.

[0:01:18.0] DA: Thought it was fun.

[0:01:18.9] MN: Yeah, you scored a couple of interviews, which is great. Great content. But the one up next is with someone by the name of Patrick Arminio. For those who don’t know, Patrick is the chair person for PyCon Italia. How did you manage to sit down with the chairperson of PyCon Italia?

[0:01:37.8] DA: We had the GraphQL connection and also Patrick is a super chill guy. He’s very relaxed. Yeah, so Patrick gave a talk on GraphQL and Python. Which I saw on the schedule and it was like, “Oh no, there’s two GraphQL talks. This guy is my rival.” His talk was in Italian, which unfortunately, I couldn’t go and check it out because I don’t speak Italian but most of the talks were in English. So I decided I wanted to pick his brain and talk with him and try and get an interview about you know, what his experience in GraphQL is and see where those overlaps were between what pain points we have and what he has.

[0:02:20.3] MN: Yeah, because I imagine like, you guys are using the same frameworks but like, there’s different uses and different like, domains where you would use GraphQL. Like a completely different language that you can talk about GraphQL.

[0:02:33.4] DA: Yeah, he was talking more about like message passing and like adding things to queues and so that’s not really use case that we’re using right now. But like, a lot of the common core problems that he was facing, like how do I do permissions and authentication and authorization for this service where it’s so flexible, you can really do pretty much anything with it? It was like, “Okay, this is my person, we were both feeling this pain.”

[0:03:02.7] MN: Yeah, that’s awesome. So let’s get that rolling, cool. We’ll dive right into the interview, this is Patrick Arminio.

[0:03:10.6] DA: Cool, get in the tape, enjoy.


[0:03:26.4] PA: Hi, thanks for hosting me in this podcast.

[0:03:29.8] DA: Awesome. Why don’t’ you tell us a little about yourself?

[0:03:31.8] PA: Yeah, I’m a full stack developer, I work in an agency in London and I mainly do back end stuff right now and I’m focusing on finding something after that. My work in those projects. And was so, like I’m the chair of PyCon Italy, so we organize this conference here in Florence every year.

[0:03:52.4] DA: Nice.

[0:03:54.0] PA: We are also working on building the current website using modern technologies life as GraphQL and [inaudible] for the front end.

[0:04:01.2] DA: Cool, that’s good to like put that in practice. What excites you right now about GraphQL, what problems are you most interested in?

[0:04:09.3] PA: I’m most interested in the permission authentication, I think that’s authentication is mostly solved by [inaudible].

[0:04:19.3] DA: Yeah. It’s pretty agnostic to whatever permission you need.

[0:04:23.3] PA: Permission I find interesting, especially use frameworks by Django where you already have loads of stuff to made for you, all the groups permission on actions, on single [inaudible].

[0:04:34.2] DA: Right.

[0:04:36.3] PA: Yeah, something that I would like to work on is the Python [inaudible] to actually have an integration for those fields, those Django features.

[0:04:46.5] DA: Like to build it in to the graph in –

[0:04:49.7] PA: I think it should be built in because it makes sense as a feature of the library.

[0:04:54.9] DA: Yeah.

[0:04:54.8] PA: This is something that comes up very quite often.

[0:04:58.3] DA: Yeah, it seems like that’s something that we’re struggling with right now too because like, you know, with so much flexibility that you get with GraphQL which I guess like, just to give context for anyone who doesn’t really fully aware of it, it’s a core language for your API so you can get any fields, any model pretty easily by default.

[0:05:18.2] PA: Yeah, you can also do like invitation, we can do changes on the server and it’s quite powerful because you’ve done, it’s not related to end to this so you can do an imitation that doesn’t send some notification to a perceived user for example and if you have this power on your API, you need to make sure that no one is using them not perfectly.

[0:05:43.5] DA: Yeah.

[0:05:44.3] PA: That’s where permission comes into play.

[0:05:47.1] DA: Right, especially if like some fields that might be like sensitive data.

[0:05:51.2] PA: Yeah, especially for that for example. I think some of the ideas we have from the conference website is for example, the admin can see the email of the users but not the normal user, they cannot.

[0:06:03.4] DA: You can’t list out the email address and home address of all the users.

[0:06:07.5] PA: Yeah, since like, GraphQL, it’s easy to inspect the API, we need to make sure that on the user can see the field of – with your, not being as the normal user that field is always none.

[0:06:23.1] DA: You're talking about like really aggressively hiding the fields so that it wouldn’t even be part of the schema? Or where it would just return no value.

[0:06:31.1] PA: Potentially yes, we can hide the field. I’m not sure, since this project’s going to be open source, we probably not going to bother about hiding the field, it’s going to be there but maybe, that’s something that could be interesting for someone that’s got an API that it’s going to be used internally and stand on it.

I think [inaudible]. Their GraphQL API is being used internally and externally so it’s probably can part at the same time.

[0:06:58.1] DA: Oh, so like the public API, the four API, which is pretty awesome if you haven’t checked it out like, you should definitely go to their website and play with it. They have GraphQL set up and everything. You’re saying that like, their public API is a like a subset of what fields might be possible on private API?

[0:07:19.1] PA: They eventually have a single code base that what’s for [inaudible], which is probably amazing because you have only one project like this.

[0:07:29.6] DA: Right, yeah. It’s funny, a challenging thing, especially since like a lot of what the user sees might be like restricted by their context like, you know, for example on a purchasing site, it might not be able to see the orders of another user but I definitely want to see my own orders and maybe different users might have different abilities to like see certain information on those orders.

Have you looked into kind of precompiled queries or?

[0:07:58.8] PA: Yeah, that’s something yeah, almost forgot about that, it’s quite interesting because you can do interesting stuff with that. So you can optimize for example, the front end so you stand an ID.

[0:08:13.2] DA: Right, yeah. It’s like less overhead and maybe you also a little bit more security because it’s locked down.

[0:08:19.3] PA: Yeah, definitely. I mean, it depends if you locked down the back end as well. You can only say, “I only accept the following queries.” You can also use git just the creates none efficient. You can use gushing on it.

[0:08:35.3] DA: Yeah. Sure.

[0:08:36.9] PA: Varnish on top of it.

[0:08:37.9] DA: Yeah.

[0:08:38.3] PA: Which is quite nice.

[0:08:39.4] DA: Yeah, that’s an interesting thought actually.

[0:08:41.4] PA: It’s something that Facebook is doing and they’re doing it for Instagram for sure as I was playing with the API.

[0:08:48.5] DA: Oh really? Okay.

[0:08:49.0] PA: Yeah, they send the ID like with them.

[0:08:51.8] DA: Okay.

[0:08:53.3] PA: This is how they –

[0:08:54.6] DA: Yeah, I know Twitter is doing a similar thing where you need to like, submit your query. Like even for the public API, you need to submit your query and it validates your query and then it gives you an ID back so then you need to go and ask for that query by the ID. It’s like a separate service unit to submit a query.

[0:09:14.0] PA: Yeah, that’s nice.

[0:09:15.1] DA: Yeah, although I guess like the challenge with that is like Facebook and twitter are both like really large companies and the kind of extra overhead of like setting up the pipelines and stuff is challenging. It’s definitely would be something that I would love to see like more of on open source like maybe it’s a part of the graphing Django view or something like that.

[0:09:32.1] PA: Yeah, there was someone coming up with this that want to [inaudible] in the library but actually, it seems to be really easy to setup. So for example, if you have your Django view you can check if there is a git one, if there is one on the ID but then go fetch the query from the five C’s on database and then you can send that query to GraphQL.

Which we – yeah, it will be nice, I mean, to implement it and like –

[0:09:57.8] DA: Some kind of standardized way –

[0:09:59.4] PA: Yeah.

[0:10:00.8] DA: That’s right. I guess it isn’t too hard, the only thing is, you just need to make sure that your front-end queries are in sync with the back-end.

[0:10:07.8] PA: Yeah, definitely, if it’s implemented like as official library, more people aren’t going to use it because not having [inaudible] about this.

[0:10:15.6] DA: Right.

[0:10:17.2] PA: The computation, it will be –

[0:10:19.7] DA: It seems like there’s a lot of like kind of unique things that people are like discovering right now. If you like watch the videos from the GraphQL conferences and stuff.

[0:10:27.1] PA: Yeah, [inaudible] not used much, I think I haven’t used it yet.

[0:10:31.8] DA: They’re pretty great actually. Like so for our particular application, we basically made a really robust webpage as our first one. It’s pretty much like a spreadsheet where there’s like all kinds of financial information and quantities and calculations happening and so in the end, you might have like 40,000 or like 400,000 records that are coming over to the GraphQL API. At that point, you kind of hit a wall and you need to use data loggers.

I don’t know if you saw [inaudible]’s talk on Friday? Maybe if they recorded it, you could check it out but there’s a blog post that he put out as well. I think he explains that [inaudible] pretty well. That’s one of the areas that I think graphing like could be a little bit stronger like the documentation for data load, this little super if’s, they exist. Then what? What’s next for PyCon Italia and any other conferences.

[0:11:30.9] PA: We have some big plans for next year, it’s going to be the 10th edition, something nice, it’s kind of definitely going to be in Florence again, it’s going to be hard to find another venue that cooks so well and that we know.

[0:11:43.1] DA: In this particular hotel here?

[0:11:45.1] PA: Yeah.

[0:11:45.5] DA: Okay.

[0:11:45.9] PA: Definitely, we’re going to work on the website because that’s like the key priority now.

[0:11:50.2] DA: I guess that will be really nice, it’s also for the tenth anniversary.

[0:11:53.3] PA: Yeah, definitely, yeah.

[0:11:54.5] DA: A nice, shiny website.

[0:11:56.5] PA: We have few people that want to help out, but we need someone to organize the work, wish so many people it’s really difficult to [inaudible] work.

[0:12:04.4] DA: Someone’s got to be the project manager.

[0:12:06.6] PA: Yeah, hopefully, yeah. Maybe if I’m the guy in there so, I mean.

[0:12:10.7] DA: Right, yeah.

[0:12:11.9] PA: Because he will say, “Oh maybe we should do come one and definitely do and do it? Yes.”

[0:12:18.4] DA: That’s good. Just require some peer pressure.

[0:12:20.8] PA: Yeah. For next conferences, actually going to a few of them in the next few months. I’m going to go to GoogleIO. Next spring.

[0:12:30.5] DA: Where is that one? Iraio?

[0:12:33.1] PA: GoogleIO.

[0:12:34.6] DA: GoogleIO, great.

[0:12:36.0] PA: A month in here.

[0:12:36.6] DA: Cool.

[0:12:37.9] PA: I’m going to DjangoCon Europe, actually, I’m giving a talk about GraphQL.

[0:12:42.3] DA: Oh great. Are you coming out to PyCon in the States at all?

[0:12:47.2] PA: No, I would like to come but – yeah, maybe next year.

[0:12:51.3] DA: Yeah. I decided I was going to go but it’s in Cleveland so it’s like not exciting place but it should be fun.

[0:12:59.4] PA: Yeah. I think one of the PyCon US was in Canada once, which was interesting. Then I’m going to CSS and [inaudible] in Berlin.

[0:13:09.1] DA: Nice.

[0:13:09.8] PA: I’ve been doing mainly back end so front end will really unfamiliar.

[0:13:14.9] DA: Yeah, a refreshing change of pace.

[0:13:17.6] PA: They also care a lot about accessibility and it’s going to be interesting, hopefully I’m going to get some ideas for our conference to [inaudible] the rest.

[0:13:28.0] DA: Nice. Okay. Yeah, I guess that helps too being an organizer, you probably have a good excuse to like bother people on the other organizing days. Yeah, I’ve been really impressed with like the python community in Europe and so many different people are so enthusiastic about python.

[0:13:47.3] PA: Yeah, it’s nice. I like that so many people coming from all over the world like you, from the States, people from Australia, India, Russia, it’s really nice.

[0:13:57.3] DA: Yeah, I mean, any excuse to come out to Florence is a good excuse in my book. I wouldn’t be mad if this kept happening in Florence.

Yeah, thanks so much for talking with me, it was fun.

[0:14:09.6] PA: Thank you for letting me participate in this. This was my first podcast.

[0:14:14.9] DA: Cool, yeah. Well you're welcome anytime.

[0:14:16.6] PA: Thank you.


[0:14:30.9] MN: Follow us now on Twitter @radiofreerabbit so we can keep the conversation going. Like what you hear? Give us a five star review and help developers like you find their way into The Rabbit Hole and never miss an episode, subscribe now however you listen to your favorite podcast. On behalf of our producer extraordinaire, William Jeffries and my amazing co-host, Dave Anderson and me, your host, Michael Nunez, thanks for listening to The Rabbit Hole.

Links and Resources:

The Rabbit Hole on Twitter

Patrick Arminio

Patrick on Twitter


PyCon Italia