""" Query returns generated.QueryResolver implementation. """ type Query { """ GetAPIHealthStatus not implemented """ getAPIHealthStatus: APIStatusSummary! @hasRole( roles: [ EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR EDGE_BANNER_VIEWER ] ) """ apiVersion gets version and download information for edge cli that matches version """ apiVersion: APIVersion! @hasRole( roles: [ EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR EDGE_BANNER_VIEWER ] ) } """ This is a directive to verify that the user has correct role for the api """ directive @hasRole(roles: [Role!]) on FIELD_DEFINITION """ This is the list of edge roles """ enum Role { EDGE_SUPER_ADMIN EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR EDGE_BANNER_VIEWER TOTP_ROLE EDGE_TERMINAL EDGE_BOOTSTRAP EDGE_ENGINEERING_LEADS EDGE_OI_ADMIN EDGE_SUPER_USER EDGE_L1 EDGE_L2 EDGE_L3 EDGE_L4 } #!!!!!!!!!!!!!!IMPORTANT: to get these roles assigned to correct group in bsl for each org need to # add role to RoleMap in pkg/edge/bsl-reconciler/utils.go!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! """ This is the list of bsl roles that correspond to the EDGE_ORG_ADMIN role """ enum EDGE_ORG_ADMIN { NEP_ENTERPRISE_ADMINISTRATOR NEP_ENTERPRISE_GRANT_ADMINISTRATOR NEP_ROLEGRANT_ADMINISTRATOR NEP_IDENTITY_ADMINISTRATOR ORGANIZATION_INTERNAL_ADMINISTRATOR SITE_CREATE SITE_READ SITE_UPDATE NEP_TOKEN_EXCHANGER } """ This is the list of bsl roles that correspond to the EDGE_SUPER_ADMIN role """ enum EDGE_SUPER_ADMIN { NEP_ENTERPRISE_ADMINISTRATOR NEP_ENTERPRISE_GRANT_ADMINISTRATOR NEP_ROLEGRANT_ADMINISTRATOR NEP_IDENTITY_ADMINISTRATOR ORGANIZATION_INTERNAL_ADMINISTRATOR SITE_CREATE SITE_READ SITE_UPDATE NEP_ENTERPRISE_SUPER_ADMINISTRATOR NEP_TOKEN_EXCHANGER } """ This is the list of bsl roles that correspond to the EDGE_BANNER_ADMIN role """ enum EDGE_BANNER_ADMIN { NEP_ENTERPRISE_VIEWER NEP_ENTERPRISE_GRANT_ADMINISTRATOR NEP_IDENTITY_VIEWER NEP_ORGANIZATION_VIEWER SITE_CREATE SITE_READ SITE_UPDATE NEP_TOKEN_EXCHANGER NEP_IDENTITY_GROUP_ADD_MEMBERS NEP_IDENTITY_GROUP_REMOVE_MEMBERS } """ This is the list of bsl roles that correspond to the EDGE_BANNER_OPERATOR role """ enum EDGE_BANNER_OPERATOR { NEP_ENTERPRISE_VIEWER NEP_ENTERPRISE_GRANT_VIEWER NEP_IDENTITY_VIEWER NEP_ORGANIZATION_VIEWER SITE_CREATE SITE_READ SITE_UPDATE NEP_TOKEN_EXCHANGER } """ This is the list of bsl roles that correspond to the EDGE_BANNER_VIEWER role """ enum EDGE_BANNER_VIEWER { NEP_ENTERPRISE_VIEWER NEP_ENTERPRISE_GRANT_VIEWER NEP_IDENTITY_VIEWER NEP_ORGANIZATION_VIEWER NEP_TOKEN_EXCHANGER SITE_READ } """ This is the list of bsl roles that correspond to the EDGE_ENGINEERING_LEADS role """ enum EDGE_ENGINEERING_LEADS { NEP_ENTERPRISE_ADMINISTRATOR NEP_ENTERPRISE_GRANT_ADMINISTRATOR NEP_ROLEGRANT_ADMINISTRATOR NEP_IDENTITY_ADMINISTRATOR ORGANIZATION_INTERNAL_ADMINISTRATOR SITE_CREATE SITE_READ SITE_UPDATE NEP_TOKEN_EXCHANGER } """ This is the list of bsl roles that correspond to the EDGE_OI_ADMIN role """ enum EDGE_OI_ADMIN { NEP_IDENTITY_GROUP_ADD_MEMBERS NEP_IDENTITY_GROUP_REMOVE_MEMBERS } type EdgeRoles { EDGE_SUPER_ADMIN: EDGE_SUPER_ADMIN } scalar Map scalar UUID """ This is a directive to verify that the user has access to the organization that this banner maps to """ directive @hasBannerAccess(field: String!) on ARGUMENT_DEFINITION """ This is a directive to verify that the user has access to the organization that this cluster maps to """ directive @hasClusterAccess(field: String!) on ARGUMENT_DEFINITION """ This is a directive to verify that the user has access to the organization that this cluster maps to """ directive @hasClusterAccessInput(field: String!) on INPUT_FIELD_DEFINITION """ This is a directive to verify that the user has access to the helm release / workload that this helmEdgeID maps to """ directive @hasHelmWorkloadAccess(field: String!) on ARGUMENT_DEFINITION """ This is a directive to verify that the user has access to the helm release / workload that this helmEdgeID maps to """ directive @hasHelmWorkloadAccessInput(field: String!) on INPUT_FIELD_DEFINITION """ This is a directive to verify that the user has access to the organization that this banner maps to """ directive @hasBannerAccessInput(field: String!) on INPUT_FIELD_DEFINITION """ This is a directive to verify that the user has access to the organization that this label maps to """ directive @hasLabelAccess(field: String!) on ARGUMENT_DEFINITION """ This is a directive to verify that the user has access to the organization that this label maps to """ directive @hasLabelAccessInput(field: String!) on INPUT_FIELD_DEFINITION """ This is a directive to check if the user can assign the requested role based on their role """ directive @canAssignRole(abilityMap: Map!) on ARGUMENT_DEFINITION """ This is a directive to check that user has terminal access """ directive @hasTerminalAccess(field: String!) on ARGUMENT_DEFINITION """ This is a directive to check that user has terminal access """ directive @hasTerminalAccessInput(field: String!) on INPUT_FIELD_DEFINITION """ This is a directive to check that pin attempts / history requirements are met """ directive @hasValidProviderPinSetting(field: String!) on INPUT_FIELD_DEFINITION """ This is a directive that forces a new resolver to be generated for the field """ directive @goField( forceResolver: Boolean name: String ) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION """ This is a directive that adds validation constraints to an input model struct """ directive @validation_constraint( format: String ) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION