"""
Query returns generated.QueryResolver implementation.
"""
type Query {
  """
  GetAPIHealthStatus not implemented
  """
  getAPIHealthStatus: APIStatusSummary!
    @hasRole(
      roles: [
        EDGE_ORG_ADMIN
        EDGE_BANNER_ADMIN
        EDGE_BANNER_OPERATOR
        EDGE_BANNER_VIEWER
      ]
    )
  """
  apiVersion gets version and download information for edge cli that matches version
  """
  apiVersion: APIVersion!
    @hasRole(
      roles: [
        EDGE_ORG_ADMIN
        EDGE_BANNER_ADMIN
        EDGE_BANNER_OPERATOR
        EDGE_BANNER_VIEWER
      ]
    )
}

"""
This is a directive to verify that the user has correct role for the api
"""
directive @hasRole(roles: [Role!]) on FIELD_DEFINITION

"""
This is the list of edge roles
"""
enum Role {
  EDGE_SUPER_ADMIN
  EDGE_ORG_ADMIN
  EDGE_BANNER_ADMIN
  EDGE_BANNER_OPERATOR
  EDGE_BANNER_VIEWER
  TOTP_ROLE
  EDGE_TERMINAL
  EDGE_BOOTSTRAP
  EDGE_ENGINEERING_LEADS
  EDGE_OI_ADMIN
  EDGE_SUPER_USER
  EDGE_L1
  EDGE_L2
  EDGE_L3
  EDGE_L4
}
#!!!!!!!!!!!!!!IMPORTANT: to get these roles assigned to correct group in bsl for each org need to
# add role to RoleMap in pkg/edge/bsl-reconciler/utils.go!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
"""
This is the list of bsl roles that correspond to the EDGE_ORG_ADMIN role
"""
enum EDGE_ORG_ADMIN {
  NEP_ENTERPRISE_ADMINISTRATOR
  NEP_ENTERPRISE_GRANT_ADMINISTRATOR
  NEP_ROLEGRANT_ADMINISTRATOR
  NEP_IDENTITY_ADMINISTRATOR
  ORGANIZATION_INTERNAL_ADMINISTRATOR
  SITE_CREATE
  SITE_READ
  SITE_UPDATE
  NEP_TOKEN_EXCHANGER
}

"""
This is the list of bsl roles that correspond to the EDGE_SUPER_ADMIN role
"""
enum EDGE_SUPER_ADMIN {
  NEP_ENTERPRISE_ADMINISTRATOR
  NEP_ENTERPRISE_GRANT_ADMINISTRATOR
  NEP_ROLEGRANT_ADMINISTRATOR
  NEP_IDENTITY_ADMINISTRATOR
  ORGANIZATION_INTERNAL_ADMINISTRATOR
  SITE_CREATE
  SITE_READ
  SITE_UPDATE
  NEP_ENTERPRISE_SUPER_ADMINISTRATOR
  NEP_TOKEN_EXCHANGER
}

"""
This is the list of bsl roles that correspond to the EDGE_BANNER_ADMIN role
"""
enum EDGE_BANNER_ADMIN {
  NEP_ENTERPRISE_VIEWER
  NEP_ENTERPRISE_GRANT_ADMINISTRATOR
  NEP_IDENTITY_VIEWER
  NEP_ORGANIZATION_VIEWER
  SITE_CREATE
  SITE_READ
  SITE_UPDATE
  NEP_TOKEN_EXCHANGER
  NEP_IDENTITY_GROUP_ADD_MEMBERS
  NEP_IDENTITY_GROUP_REMOVE_MEMBERS
}

"""
This is the list of bsl roles that correspond to the EDGE_BANNER_OPERATOR role
"""
enum EDGE_BANNER_OPERATOR {
  NEP_ENTERPRISE_VIEWER
  NEP_ENTERPRISE_GRANT_VIEWER
  NEP_IDENTITY_VIEWER
  NEP_ORGANIZATION_VIEWER
  SITE_CREATE
  SITE_READ
  SITE_UPDATE
  NEP_TOKEN_EXCHANGER
}

"""
This is the list of bsl roles that correspond to the EDGE_BANNER_VIEWER role
"""
enum EDGE_BANNER_VIEWER {
  NEP_ENTERPRISE_VIEWER
  NEP_ENTERPRISE_GRANT_VIEWER
  NEP_IDENTITY_VIEWER
  NEP_ORGANIZATION_VIEWER
  NEP_TOKEN_EXCHANGER
  SITE_READ
}

"""
This is the list of bsl roles that correspond to the EDGE_ENGINEERING_LEADS role
"""
enum EDGE_ENGINEERING_LEADS {
  NEP_ENTERPRISE_ADMINISTRATOR
  NEP_ENTERPRISE_GRANT_ADMINISTRATOR
  NEP_ROLEGRANT_ADMINISTRATOR
  NEP_IDENTITY_ADMINISTRATOR
  ORGANIZATION_INTERNAL_ADMINISTRATOR
  SITE_CREATE
  SITE_READ
  SITE_UPDATE
  NEP_TOKEN_EXCHANGER
}

"""
This is the list of bsl roles that correspond to the EDGE_OI_ADMIN role
"""
enum EDGE_OI_ADMIN {
  NEP_IDENTITY_GROUP_ADD_MEMBERS
  NEP_IDENTITY_GROUP_REMOVE_MEMBERS
}

type EdgeRoles {
  EDGE_SUPER_ADMIN: EDGE_SUPER_ADMIN
}

scalar Map

scalar UUID

"""
This is a directive to verify that the user has access to the organization that this banner maps to
"""
directive @hasBannerAccess(field: String!) on ARGUMENT_DEFINITION

"""
This is a directive to verify that the user has access to the organization that this cluster maps to
"""
directive @hasClusterAccess(field: String!) on ARGUMENT_DEFINITION

"""
This is a directive to verify that the user has access to the organization that this cluster maps to
"""
directive @hasClusterAccessInput(field: String!) on INPUT_FIELD_DEFINITION

"""
This is a directive to verify that the user has access to the helm release / workload that this helmEdgeID maps to
"""
directive @hasHelmWorkloadAccess(field: String!) on ARGUMENT_DEFINITION

"""
This is a directive to verify that the user has access to the helm release / workload that this helmEdgeID maps to
"""
directive @hasHelmWorkloadAccessInput(field: String!) on INPUT_FIELD_DEFINITION

"""
This is a directive to verify that the user has access to the organization that this banner maps to
"""
directive @hasBannerAccessInput(field: String!) on INPUT_FIELD_DEFINITION

"""
This is a directive to verify that the user has access to the organization that this label maps to
"""
directive @hasLabelAccess(field: String!) on ARGUMENT_DEFINITION

"""
This is a directive to verify that the user has access to the organization that this label maps to
"""
directive @hasLabelAccessInput(field: String!) on INPUT_FIELD_DEFINITION

"""
This is a directive to check if the user can assign the requested role based on their role
"""
directive @canAssignRole(abilityMap: Map!) on ARGUMENT_DEFINITION

"""
This is a directive to check that user has terminal access
"""
directive @hasTerminalAccess(field: String!) on ARGUMENT_DEFINITION

"""
This is a directive to check that user has terminal access
"""
directive @hasTerminalAccessInput(field: String!) on INPUT_FIELD_DEFINITION

"""
This is a directive to check that pin attempts / history requirements are met
"""
directive @hasValidProviderPinSetting(field: String!) on INPUT_FIELD_DEFINITION

"""
This is a directive that forces a new resolver to be generated for the field
"""
directive @goField(
  forceResolver: Boolean
  name: String
) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION

"""
This is a directive that adds validation constraints to an input model struct
"""
directive @validation_constraint(
  format: String
) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION