1extend type Query {
2 """
3 SecretManagerSecrets gets secrets from Edge Secret Manager and secrets from kubernetes for a given banner.
4 """
5 secretManagerSecrets(
6 """
7 Banner id to retrieve secrets for.
8 """
9 bannerEdgeId: String! @hasBannerAccess(field: "bannerEdgeId")
10 """
11 Owner type to get secrets to filter secrets on.
12 """
13 owner: String
14 """
15 Type of secrets to retrieve
16 """
17 type: String
18 """
19 Whether or not to also retrieve secret values from the secret manager. Will increase response time if decrypting values for secrets returned.
20 """
21 getValues: Boolean!
22 ): [SecretManagerResponse]
23 @hasRole(
24 roles: [
25 EDGE_ORG_ADMIN
26 EDGE_BANNER_ADMIN
27 EDGE_BANNER_OPERATOR
28 EDGE_BANNER_VIEWER
29 ]
30 )
31
32 """
33 SecretManagerSecrets gets secret from Edge Secret Manager and secrets from kubernetes for a given banner.
34 """
35 secretManagerSecret(
36 """
37 Name of the secret to retrieve
38 """
39 name: String!
40 """
41 Banner id to retrieve secrets for.
42 """
43 bannerEdgeId: String! @hasBannerAccess(field: "bannerEdgeId")
44 """
45 Owner type to get secrets to filter secrets on.
46 """
47 owner: String
48 """
49 Type of secrets to retrieve
50 """
51 type: String
52 """
53 Whether or not to also retrieve secret values from the secret manager. Will increase response time if decrypting values for secrets returned.
54 """
55 getValues: Boolean!
56 ): SecretManagerResponse
57 @hasRole(
58 roles: [
59 EDGE_ORG_ADMIN
60 EDGE_BANNER_ADMIN
61 EDGE_BANNER_OPERATOR
62 EDGE_BANNER_VIEWER
63 ]
64 )
65}
66extend type Mutation {
67 """
68 CreateOrUpdateSecretManagerSecret creates a secret in GCP Secret Manager and external secret using chariot client.
69 """
70 createOrUpdateSecretManagerSecret(
71 """
72 Name of the secret to create or override.
73 """
74 name: String!
75 """
76 Banner of the secret getting created or updated.
77 """
78 bannerEdgeId: String! @hasBannerAccess(field: "bannerEdgeId")
79 """
80 Owner of the secret getting created.
81 """
82 owner: String!
83 """
84 Values to include in secret. If secret is applied to kubernetes cluster keys will be data keys in the kubernetes secret.
85 """
86 values: [keyValues]
87 """
88 How the secret will be used. Corresponds to the namespaces the secret will be synced to.
89 """
90 workload: String
91 """
92 Type of the secret
93 """
94 type: String!
95 ): Boolean!
96 @hasRole(roles: [EDGE_ORG_ADMIN, EDGE_BANNER_ADMIN, EDGE_BANNER_OPERATOR])
97
98 """
99 DeleteSecretManagerSecret deletes a secret in GCP Secret Manager and external secret using chariot client.
100 """
101 deleteSecretManagerSecret(
102 """
103 Name of the secret being deleted.
104 """
105 name: String!
106 """
107 Banner of the secret to be deleted
108 """
109 bannerEdgeId: String! @hasBannerAccess(field: "bannerEdgeId")
110 ): Boolean!
111 @hasRole(roles: [EDGE_ORG_ADMIN, EDGE_BANNER_ADMIN, EDGE_BANNER_OPERATOR])
112}
View as plain text