extend type Query {
  """
  SecretManagerSecrets gets secrets from Edge Secret Manager and secrets from kubernetes for a given banner.
  """
  secretManagerSecrets(
    """
    Banner id to retrieve secrets for.
    """
    bannerEdgeId: String! @hasBannerAccess(field: "bannerEdgeId")
    """
    Owner type to get secrets to filter secrets on.
    """
    owner: String
    """
    Type of secrets to retrieve
    """
    type: String
    """
    Whether or not to also retrieve secret values from the secret manager. Will increase response time if decrypting values for secrets returned.
    """
    getValues: Boolean!
  ): [SecretManagerResponse]
    @hasRole(
      roles: [
        EDGE_ORG_ADMIN
        EDGE_BANNER_ADMIN
        EDGE_BANNER_OPERATOR
        EDGE_BANNER_VIEWER
      ]
    )

  """
  SecretManagerSecrets gets secret from Edge Secret Manager and secrets from kubernetes for a given banner.
  """
  secretManagerSecret(
    """
    Name of the secret to retrieve
    """
    name: String!
    """
    Banner id to retrieve secrets for.
    """
    bannerEdgeId: String! @hasBannerAccess(field: "bannerEdgeId")
    """
    Owner type to get secrets to filter secrets on.
    """
    owner: String
    """
    Type of secrets to retrieve
    """
    type: String
    """
    Whether or not to also retrieve secret values from the secret manager. Will increase response time if decrypting values for secrets returned.
    """
    getValues: Boolean!
  ): SecretManagerResponse
    @hasRole(
      roles: [
        EDGE_ORG_ADMIN
        EDGE_BANNER_ADMIN
        EDGE_BANNER_OPERATOR
        EDGE_BANNER_VIEWER
      ]
    )
}
extend type Mutation {
  """
  CreateOrUpdateSecretManagerSecret creates a secret in GCP Secret Manager and external secret using chariot client.
  """
  createOrUpdateSecretManagerSecret(
    """
    Name of the secret to create or override.
    """
    name: String!
    """
    Banner of the secret getting created or updated.
    """
    bannerEdgeId: String! @hasBannerAccess(field: "bannerEdgeId")
    """
    Owner of the secret getting created.
    """
    owner: String!
    """
    Values to include in secret. If secret is applied to kubernetes cluster keys will be data keys in the kubernetes secret.
    """
    values: [keyValues]
    """
    How the secret will be used. Corresponds to the namespaces the secret will be synced to.
    """
    workload: String
    """
    Type of the secret
    """
    type: String!
  ): Boolean!
    @hasRole(roles: [EDGE_ORG_ADMIN, EDGE_BANNER_ADMIN, EDGE_BANNER_OPERATOR])

  """
  DeleteSecretManagerSecret deletes a secret in GCP Secret Manager and external secret using chariot client.
  """
  deleteSecretManagerSecret(
    """
    Name of the secret being deleted.
    """
    name: String!
    """
    Banner of the secret to be deleted
    """
    bannerEdgeId: String! @hasBannerAccess(field: "bannerEdgeId")
  ): Boolean!
    @hasRole(roles: [EDGE_ORG_ADMIN, EDGE_BANNER_ADMIN, EDGE_BANNER_OPERATOR])
}