Text file src/edge-infra.dev/pkg/edge/api/graph/schema/schema.graphql

Documentation: edge-infra.dev/pkg/edge/api/graph/schema

     1"""
     2Query returns generated.QueryResolver implementation.
     3"""
     4type Query {
     5  """
     6  GetAPIHealthStatus not implemented
     7  """
     8  getAPIHealthStatus: APIStatusSummary!
     9    @hasRole(
    10      roles: [
    11        EDGE_ORG_ADMIN
    12        EDGE_BANNER_ADMIN
    13        EDGE_BANNER_OPERATOR
    14        EDGE_BANNER_VIEWER
    15      ]
    16    )
    17  """
    18  apiVersion gets version and download information for edge cli that matches version
    19  """
    20  apiVersion: APIVersion!
    21    @hasRole(
    22      roles: [
    23        EDGE_ORG_ADMIN
    24        EDGE_BANNER_ADMIN
    25        EDGE_BANNER_OPERATOR
    26        EDGE_BANNER_VIEWER
    27      ]
    28    )
    29}
    30
    31"""
    32This is a directive to verify that the user has correct role for the api
    33"""
    34directive @hasRole(roles: [Role!]) on FIELD_DEFINITION
    35
    36"""
    37This is the list of edge roles
    38"""
    39enum Role {
    40  EDGE_SUPER_ADMIN
    41  EDGE_ORG_ADMIN
    42  EDGE_BANNER_ADMIN
    43  EDGE_BANNER_OPERATOR
    44  EDGE_BANNER_VIEWER
    45  TOTP_ROLE
    46  EDGE_TERMINAL
    47  EDGE_BOOTSTRAP
    48  EDGE_ENGINEERING_LEADS
    49  EDGE_OI_ADMIN
    50  EDGE_SUPER_USER
    51  EDGE_L1
    52  EDGE_L2
    53  EDGE_L3
    54  EDGE_L4
    55}
    56#!!!!!!!!!!!!!!IMPORTANT: to get these roles assigned to correct group in bsl for each org need to
    57# add role to RoleMap in pkg/edge/bsl-reconciler/utils.go!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    58"""
    59This is the list of bsl roles that correspond to the EDGE_ORG_ADMIN role
    60"""
    61enum EDGE_ORG_ADMIN {
    62  NEP_ENTERPRISE_ADMINISTRATOR
    63  NEP_ENTERPRISE_GRANT_ADMINISTRATOR
    64  NEP_ROLEGRANT_ADMINISTRATOR
    65  NEP_IDENTITY_ADMINISTRATOR
    66  ORGANIZATION_INTERNAL_ADMINISTRATOR
    67  SITE_CREATE
    68  SITE_READ
    69  SITE_UPDATE
    70  NEP_TOKEN_EXCHANGER
    71}
    72
    73"""
    74This is the list of bsl roles that correspond to the EDGE_SUPER_ADMIN role
    75"""
    76enum EDGE_SUPER_ADMIN {
    77  NEP_ENTERPRISE_ADMINISTRATOR
    78  NEP_ENTERPRISE_GRANT_ADMINISTRATOR
    79  NEP_ROLEGRANT_ADMINISTRATOR
    80  NEP_IDENTITY_ADMINISTRATOR
    81  ORGANIZATION_INTERNAL_ADMINISTRATOR
    82  SITE_CREATE
    83  SITE_READ
    84  SITE_UPDATE
    85  NEP_ENTERPRISE_SUPER_ADMINISTRATOR
    86  NEP_TOKEN_EXCHANGER
    87}
    88
    89"""
    90This is the list of bsl roles that correspond to the EDGE_BANNER_ADMIN role
    91"""
    92enum EDGE_BANNER_ADMIN {
    93  NEP_ENTERPRISE_VIEWER
    94  NEP_ENTERPRISE_GRANT_ADMINISTRATOR
    95  NEP_IDENTITY_VIEWER
    96  NEP_ORGANIZATION_VIEWER
    97  SITE_CREATE
    98  SITE_READ
    99  SITE_UPDATE
   100  NEP_TOKEN_EXCHANGER
   101  NEP_IDENTITY_GROUP_ADD_MEMBERS
   102  NEP_IDENTITY_GROUP_REMOVE_MEMBERS
   103}
   104
   105"""
   106This is the list of bsl roles that correspond to the EDGE_BANNER_OPERATOR role
   107"""
   108enum EDGE_BANNER_OPERATOR {
   109  NEP_ENTERPRISE_VIEWER
   110  NEP_ENTERPRISE_GRANT_VIEWER
   111  NEP_IDENTITY_VIEWER
   112  NEP_ORGANIZATION_VIEWER
   113  SITE_CREATE
   114  SITE_READ
   115  SITE_UPDATE
   116  NEP_TOKEN_EXCHANGER
   117}
   118
   119"""
   120This is the list of bsl roles that correspond to the EDGE_BANNER_VIEWER role
   121"""
   122enum EDGE_BANNER_VIEWER {
   123  NEP_ENTERPRISE_VIEWER
   124  NEP_ENTERPRISE_GRANT_VIEWER
   125  NEP_IDENTITY_VIEWER
   126  NEP_ORGANIZATION_VIEWER
   127  NEP_TOKEN_EXCHANGER
   128  SITE_READ
   129}
   130
   131"""
   132This is the list of bsl roles that correspond to the EDGE_ENGINEERING_LEADS role
   133"""
   134enum EDGE_ENGINEERING_LEADS {
   135  NEP_ENTERPRISE_ADMINISTRATOR
   136  NEP_ENTERPRISE_GRANT_ADMINISTRATOR
   137  NEP_ROLEGRANT_ADMINISTRATOR
   138  NEP_IDENTITY_ADMINISTRATOR
   139  ORGANIZATION_INTERNAL_ADMINISTRATOR
   140  SITE_CREATE
   141  SITE_READ
   142  SITE_UPDATE
   143  NEP_TOKEN_EXCHANGER
   144}
   145
   146"""
   147This is the list of bsl roles that correspond to the EDGE_OI_ADMIN role
   148"""
   149enum EDGE_OI_ADMIN {
   150  NEP_IDENTITY_GROUP_ADD_MEMBERS
   151  NEP_IDENTITY_GROUP_REMOVE_MEMBERS
   152}
   153
   154type EdgeRoles {
   155  EDGE_SUPER_ADMIN: EDGE_SUPER_ADMIN
   156}
   157
   158scalar Map
   159
   160scalar UUID
   161
   162"""
   163This is a directive to verify that the user has access to the organization that this banner maps to
   164"""
   165directive @hasBannerAccess(field: String!) on ARGUMENT_DEFINITION
   166
   167"""
   168This is a directive to verify that the user has access to the organization that this cluster maps to
   169"""
   170directive @hasClusterAccess(field: String!) on ARGUMENT_DEFINITION
   171
   172"""
   173This is a directive to verify that the user has access to the organization that this cluster maps to
   174"""
   175directive @hasClusterAccessInput(field: String!) on INPUT_FIELD_DEFINITION
   176
   177"""
   178This is a directive to verify that the user has access to the helm release / workload that this helmEdgeID maps to
   179"""
   180directive @hasHelmWorkloadAccess(field: String!) on ARGUMENT_DEFINITION
   181
   182"""
   183This is a directive to verify that the user has access to the helm release / workload that this helmEdgeID maps to
   184"""
   185directive @hasHelmWorkloadAccessInput(field: String!) on INPUT_FIELD_DEFINITION
   186
   187"""
   188This is a directive to verify that the user has access to the organization that this banner maps to
   189"""
   190directive @hasBannerAccessInput(field: String!) on INPUT_FIELD_DEFINITION
   191
   192"""
   193This is a directive to verify that the user has access to the organization that this label maps to
   194"""
   195directive @hasLabelAccess(field: String!) on ARGUMENT_DEFINITION
   196
   197"""
   198This is a directive to verify that the user has access to the organization that this label maps to
   199"""
   200directive @hasLabelAccessInput(field: String!) on INPUT_FIELD_DEFINITION
   201
   202"""
   203This is a directive to check if the user can assign the requested role based on their role
   204"""
   205directive @canAssignRole(abilityMap: Map!) on ARGUMENT_DEFINITION
   206
   207"""
   208This is a directive to check that user has terminal access
   209"""
   210directive @hasTerminalAccess(field: String!) on ARGUMENT_DEFINITION
   211
   212"""
   213This is a directive to check that user has terminal access
   214"""
   215directive @hasTerminalAccessInput(field: String!) on INPUT_FIELD_DEFINITION
   216
   217"""
   218This is a directive to check that pin attempts / history requirements are met
   219"""
   220directive @hasValidProviderPinSetting(field: String!) on INPUT_FIELD_DEFINITION
   221
   222"""
   223This is a directive that forces a new resolver to be generated for the field
   224"""
   225directive @goField(
   226  forceResolver: Boolean
   227  name: String
   228) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION
   229
   230"""
   231This is a directive that adds validation constraints to an input model struct
   232"""
   233directive @validation_constraint(
   234  format: String
   235) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION

View as plain text