diff --git a/GNUmakefile b/GNUmakefile index e339a0a..a1e2c8a 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -11,6 +11,7 @@ lint: generate: cd tools; go generate ./... + cd internal; go generate ./... fmt: gofmt -s -w -e . diff --git a/go.mod b/go.mod index 2fb4d97..b52a367 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,8 @@ module terraform-provider-tlspc go 1.22.7 require ( + github.com/Khan/genqlient v0.8.0 + github.com/google/uuid v1.6.0 github.com/hashicorp/terraform-plugin-framework v1.14.1 github.com/hashicorp/terraform-plugin-framework-jsontypes v0.2.0 ) @@ -22,6 +24,7 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/oklog/run v1.0.0 // indirect + github.com/vektah/gqlparser/v2 v2.5.19 // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect golang.org/x/net v0.34.0 // indirect diff --git a/go.sum b/go.sum index af21cf9..2097a5a 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,7 @@ +github.com/Khan/genqlient v0.8.0 h1:Hd1a+E1CQHYbMEKakIkvBH3zW0PWEeiX6Hp1i2kP2WE= +github.com/Khan/genqlient v0.8.0/go.mod h1:hn70SpYjWteRGvxTwo0kfaqg4wxvndECGkfa1fdDdYI= +github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= +github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -53,10 +57,14 @@ github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= -github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/vektah/gqlparser/v2 v2.5.19 h1:bhCPCX1D4WWzCDvkPl4+TP1N8/kLrWnp43egplt7iSg= +github.com/vektah/gqlparser/v2 v2.5.19/go.mod h1:y7kvl5bBlDeuWIvLtA9849ncyvx6/lj06RsMrEjVy3U= github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8= github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= diff --git a/internal/provider/cloudprovider_gcp_resource.go b/internal/provider/cloudprovider_gcp_resource.go new file mode 100644 index 0000000..e0dd7c3 --- /dev/null +++ b/internal/provider/cloudprovider_gcp_resource.go @@ -0,0 +1,230 @@ +// Copyright (c) Venafi, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package provider + +import ( + "context" + "fmt" + + "terraform-provider-tlspc/internal/tlspc" + + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +var ( + _ resource.Resource = &cloudProviderGCPResource{} + _ resource.ResourceWithConfigure = &cloudProviderGCPResource{} + _ resource.ResourceWithImportState = &cloudProviderGCPResource{} +) + +type cloudProviderGCPResource struct { + client *tlspc.Client +} + +func NewCloudProviderGCPResource() resource.Resource { + return &cloudProviderGCPResource{} +} + +func (r *cloudProviderGCPResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_cloudprovider_gcp" +} + +func (r *cloudProviderGCPResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "issuer_url": schema.StringAttribute{ + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + Required: true, + }, + "team": schema.StringAttribute{ + Required: true, + }, + "service_account_email": schema.StringAttribute{ + Required: true, + }, + "project_number": schema.Int64Attribute{ + Required: true, + }, + "workload_identity_pool_id": schema.StringAttribute{ + Required: true, + }, + "workload_identity_pool_provider_id": schema.StringAttribute{ + Required: true, + }, + }, + } +} + +func (r *cloudProviderGCPResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + client, ok := req.ProviderData.(*tlspc.Client) + + if !ok { + resp.Diagnostics.AddError( + "Unexpected Data Source Configure Type", + fmt.Sprintf("Expected *tlspc.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData), + ) + + return + } + + r.client = client +} + +type cloudProviderGCPResourceModel struct { + ID types.String `tfsdk:"id"` + IssuerUrl types.String `tfsdk:"issuer_url"` + Name types.String `tfsdk:"name"` + Team types.String `tfsdk:"team"` + ServiceAccountEmail types.String `tfsdk:"service_account_email"` + ProjectNumber types.Int64 `tfsdk:"project_number"` + WorkloadIdentityPoolId types.String `tfsdk:"workload_identity_pool_id"` + WorkloadIdentityPoolProviderId types.String `tfsdk:"workload_identity_pool_provider_id"` +} + +func (r *cloudProviderGCPResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan cloudProviderGCPResourceModel + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + p := tlspc.CloudProviderGCP{ + Name: plan.Name.ValueString(), + Team: plan.Team.ValueString(), + ServiceAccountEmail: plan.ServiceAccountEmail.ValueString(), + ProjectNumber: plan.ProjectNumber.ValueInt64(), + WorkloadIdentityPoolId: plan.WorkloadIdentityPoolId.ValueString(), + WorkloadIdentityPoolProviderId: plan.WorkloadIdentityPoolProviderId.ValueString(), + } + + created, err := r.client.CreateCloudProviderGCP(ctx, p) + + if err != nil { + resp.Diagnostics.AddError( + "Error creating GCP Cloud Provider", + "Could not create GCP Cloud Provider: "+err.Error(), + ) + return + } + + plan.ID = types.StringValue(created.ID) + plan.IssuerUrl = types.StringValue(created.IssuerUrl) + + diags = resp.State.Set(ctx, plan) + resp.Diagnostics.Append(diags...) +} + +func (r *cloudProviderGCPResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state cloudProviderGCPResourceModel + + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + cp, err := r.client.GetCloudProviderGCP(ctx, state.ID.ValueString()) + if err != nil { + resp.Diagnostics.AddError( + "Error retrieving GCP Cloud Provider", + "Could not find GCP Cloud Provider: "+err.Error(), + ) + return + } + + state.IssuerUrl = types.StringValue(cp.IssuerUrl) + state.Name = types.StringValue(cp.Name) + state.Team = types.StringValue(cp.Team) + state.ServiceAccountEmail = types.StringValue(cp.ServiceAccountEmail) + state.ProjectNumber = types.Int64Value(cp.ProjectNumber) + state.WorkloadIdentityPoolId = types.StringValue(cp.WorkloadIdentityPoolId) + state.WorkloadIdentityPoolProviderId = types.StringValue(cp.WorkloadIdentityPoolProviderId) + + diags = resp.State.Set(ctx, state) + resp.Diagnostics.Append(diags...) +} + +func (r *cloudProviderGCPResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var state, plan cloudProviderGCPResourceModel + + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + diags = req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + cp := tlspc.CloudProviderGCP{ + ID: state.ID.ValueString(), + Name: plan.Name.ValueString(), + Team: plan.Team.ValueString(), + ServiceAccountEmail: plan.ServiceAccountEmail.ValueString(), + ProjectNumber: plan.ProjectNumber.ValueInt64(), + WorkloadIdentityPoolId: plan.WorkloadIdentityPoolId.ValueString(), + WorkloadIdentityPoolProviderId: plan.WorkloadIdentityPoolProviderId.ValueString(), + } + + updated, err := r.client.UpdateCloudProviderGCP(ctx, cp) + + if err != nil { + resp.Diagnostics.AddError( + "Error updating GCP Cloud Provider", + "Could not update GCP Cloud Provider, unexpected error: "+err.Error(), + ) + return + } + plan.IssuerUrl = types.StringValue(updated.IssuerUrl) + + diags = resp.State.Set(ctx, plan) + resp.Diagnostics.Append(diags...) +} + +func (r *cloudProviderGCPResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state cloudProviderGCPResourceModel + + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + err := r.client.DeleteCloudProviderGCP(ctx, state.ID.ValueString()) + if err != nil { + resp.Diagnostics.AddError( + "Error updating GCP Cloud Provider", + "Could not updating GCP Cloud Provider: "+err.Error(), + ) + return + } +} + +func (r *cloudProviderGCPResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + // Retrieve import ID and save to id attribute + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 683389e..1b43679 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -88,6 +88,7 @@ func (p *tlspcProvider) Resources(ctx context.Context) []func() resource.Resourc NewPluginResource, NewCertificateTemplateResource, NewApplicationResource, + NewCloudProviderGCPResource, } } diff --git a/internal/tlspc/graphql.go b/internal/tlspc/graphql.go new file mode 100644 index 0000000..c6d24ec --- /dev/null +++ b/internal/tlspc/graphql.go @@ -0,0 +1,221 @@ +// Copyright (c) Venafi, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package tlspc + +import ( + "context" + "errors" + "net/http" + "strconv" + "terraform-provider-tlspc/internal/tlspc/graphql" + + gql "github.com/Khan/genqlient/graphql" + "github.com/google/uuid" +) + +func (c *Client) GetGraphQLClient() gql.Client { + httpClient := http.DefaultClient + rt := WithHeader(httpClient.Transport) + rt.Set("tppl-api-key", c.apikey) + rt.Header.Set("User-Agent", "terraform-provider-tlspc/"+c.version) + httpClient.Transport = rt + + path := c.Path(`%s/graphql`) + client := gql.NewClient(path, httpClient) + + return client +} + +type withHeader struct { + http.Header + rt http.RoundTripper +} + +func WithHeader(rt http.RoundTripper) withHeader { + if rt == nil { + rt = http.DefaultTransport + } + + return withHeader{Header: make(http.Header), rt: rt} +} + +func (h withHeader) RoundTrip(req *http.Request) (*http.Response, error) { + if len(h.Header) == 0 { + return h.rt.RoundTrip(req) + } + + req = req.Clone(req.Context()) + for k, v := range h.Header { + req.Header[k] = v + } + + return h.rt.RoundTrip(req) +} + +type CloudProviderGCP struct { + ID string + IssuerUrl string + Name string + Team string + ServiceAccountEmail string + ProjectNumber int64 + WorkloadIdentityPoolId string + WorkloadIdentityPoolProviderId string +} + +func (c *Client) CreateCloudProviderGCP(ctx context.Context, p CloudProviderGCP) (*CloudProviderGCP, error) { + gql := c.GetGraphQLClient() + + teamid, err := uuid.Parse(p.Team) + if err != nil { + return nil, err + } + + pn := strconv.FormatInt(p.ProjectNumber, 10) + + resp, err := graphql.NewGCPProvider(ctx, gql, + p.Name, + teamid, + p.ServiceAccountEmail, + pn, + p.WorkloadIdentityPoolId, + p.WorkloadIdentityPoolProviderId, + ) + + if err != nil { + return nil, err + } + + cfg, ok := resp.CreateCloudProvider.Configuration.(*graphql.NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) + if !ok { + return nil, errors.New("No GCP CloudProvider Configuration returned") + } + + cpn, err := strconv.ParseInt(cfg.ProjectNumber, 10, 64) + if err != nil { + return nil, err + } + + created := CloudProviderGCP{ + ID: resp.CreateCloudProvider.Id.String(), + IssuerUrl: cfg.IssuerUrl, + Name: resp.CreateCloudProvider.Name, + Team: resp.CreateCloudProvider.Team.Id, + ProjectNumber: cpn, + ServiceAccountEmail: cfg.ServiceAccountEmail, + WorkloadIdentityPoolId: cfg.WorkloadIdentityPoolId, + WorkloadIdentityPoolProviderId: cfg.WorkloadIdentityPoolProviderId, + } + + return &created, nil +} + +func (c *Client) GetCloudProviderGCP(ctx context.Context, id string) (*CloudProviderGCP, error) { + gql := c.GetGraphQLClient() + + // No mechanism to retrieve by Id :( + // (CloudProviderDetails only works if we get a valid connection - we definitely want to be able to retrieve poorly/incomplete setup) + resp, err := graphql.GCPProviders(ctx, gql) + + if err != nil { + return nil, err + } + + var found *graphql.GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider + + for _, v := range resp.CloudProviders.Nodes { + if v.Id.String() == id { + found = &v + break + } + } + if found == nil { + return nil, errors.New("GCP CloudProvider not found") + } + cfg, ok := found.Configuration.(*graphql.GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) + if !ok { + return nil, errors.New("Expected GCP Configuration not found") + } + + cpn, err := strconv.ParseInt(cfg.ProjectNumber, 10, 64) + if err != nil { + return nil, err + } + + p := CloudProviderGCP{ + ID: found.Id.String(), + IssuerUrl: cfg.IssuerUrl, + Name: found.Name, + Team: found.Team.Id, + ProjectNumber: cpn, + ServiceAccountEmail: cfg.ServiceAccountEmail, + WorkloadIdentityPoolId: cfg.WorkloadIdentityPoolId, + WorkloadIdentityPoolProviderId: cfg.WorkloadIdentityPoolProviderId, + } + + return &p, nil +} + +func (c *Client) UpdateCloudProviderGCP(ctx context.Context, p CloudProviderGCP) (*CloudProviderGCP, error) { + gql := c.GetGraphQLClient() + + id, err := uuid.Parse(p.ID) + if err != nil { + return nil, err + } + + teamid, err := uuid.Parse(p.Team) + if err != nil { + return nil, err + } + + pn := strconv.FormatInt(p.ProjectNumber, 10) + + resp, err := graphql.UpdateGCPProvider(ctx, gql, + id, + p.Name, + teamid, + pn, + p.WorkloadIdentityPoolId, + p.WorkloadIdentityPoolProviderId, + ) + if err != nil { + return nil, err + } + cfg, ok := resp.UpdateCloudProvider.Configuration.(*graphql.UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) + if !ok { + return nil, errors.New("Error updating GCP Cloud Provider") + } + + cpn, err := strconv.ParseInt(cfg.ProjectNumber, 10, 64) + if err != nil { + return nil, err + } + + updated := CloudProviderGCP{ + ID: resp.UpdateCloudProvider.Id.String(), + IssuerUrl: cfg.IssuerUrl, + Name: resp.UpdateCloudProvider.Name, + Team: resp.UpdateCloudProvider.Team.Id, + ProjectNumber: cpn, + ServiceAccountEmail: cfg.ServiceAccountEmail, + WorkloadIdentityPoolId: cfg.WorkloadIdentityPoolId, + WorkloadIdentityPoolProviderId: cfg.WorkloadIdentityPoolProviderId, + } + + return &updated, nil +} + +func (c *Client) DeleteCloudProviderGCP(ctx context.Context, id string) error { + gql := c.GetGraphQLClient() + + deleteId, err := uuid.Parse(id) + if err != nil { + return err + } + + _, err = graphql.DeleteGCPProvider(ctx, gql, deleteId) + + return err +} diff --git a/internal/tlspc/graphql/genqlient.go b/internal/tlspc/graphql/genqlient.go new file mode 100644 index 0000000..2dbf618 --- /dev/null +++ b/internal/tlspc/graphql/genqlient.go @@ -0,0 +1,6 @@ +// Copyright (c) Venafi, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package graphql + +//go:generate go run github.com/Khan/genqlient diff --git a/internal/tlspc/graphql/genqlient.graphql b/internal/tlspc/graphql/genqlient.graphql new file mode 100644 index 0000000..2b52075 --- /dev/null +++ b/internal/tlspc/graphql/genqlient.graphql @@ -0,0 +1,92 @@ +query GCPProviders { + cloudProviders(filter: {type: GCP}) { + totalCount + nodes{ + id + name + type + team { + id + } + authorizedTeams { + id + } + configuration { + ... on CloudProviderGCPConfiguration{ + serviceAccountEmail + projectNumber + workloadIdentityPoolId + workloadIdentityPoolProviderId + issuerUrl + } + } + } + } +} + +mutation NewGCPProvider($Name: String!, $Team: UUID!, $Email: String!, $Project: String!, $WIPId: String!, $WIPPId: String!) { + createCloudProvider( + input: { + name: $Name, + type: GCP, + teamId: $Team, + gcpConfiguration: { + authorizationMethod: WORKLOAD_IDENTITY_FEDERATION, + serviceAccountEmail: $Email, + projectNumber: $Project, + workloadIdentityPoolId: $WIPId, + workloadIdentityPoolProviderId: $WIPPId, + } + } + ) { + id + name + team { + id + } + configuration{ + ... on CloudProviderGCPConfiguration{ + serviceAccountEmail + projectNumber + workloadIdentityPoolId + workloadIdentityPoolProviderId + issuerUrl + } + } + } +} + +mutation UpdateGCPProvider($Id: UUID!, $Name: String!, $Team: UUID!, $Project: String!, $WIPId: String!, $WIPPId: String!) { + updateCloudProvider( + input: { + id: $Id, + name: $Name, + type: GCP, + teamId: $Team, + gcpConfiguration: { + projectNumber: $Project, + workloadIdentityPoolId: $WIPId, + workloadIdentityPoolProviderId: $WIPPId, + } + } + ) { + id + name + team { + id + } + configuration{ + ... on CloudProviderGCPConfiguration{ + serviceAccountEmail + projectNumber + workloadIdentityPoolId + workloadIdentityPoolProviderId + issuerUrl + } + } + } +} + +mutation DeleteGCPProvider($Id: UUID!) { + deleteCloudProvider(cloudProviderId: [$Id]) +} diff --git a/internal/tlspc/graphql/genqlient.yaml b/internal/tlspc/graphql/genqlient.yaml new file mode 100644 index 0000000..fd303a4 --- /dev/null +++ b/internal/tlspc/graphql/genqlient.yaml @@ -0,0 +1,13 @@ +# Copyright (c) Venafi, Inc. +# SPDX-License-Identifier: MPL-2.0 + +# Default genqlient config; for full documentation see: +# https://github.com/Khan/genqlient/blob/main/docs/genqlient.yaml +schema: schema.graphql +package: graphql +operations: +- genqlient.graphql +generated: graphql.go +bindings: + UUID: + type: github.com/google/uuid.UUID diff --git a/internal/tlspc/graphql/graphql.go b/internal/tlspc/graphql/graphql.go new file mode 100644 index 0000000..626e632 --- /dev/null +++ b/internal/tlspc/graphql/graphql.go @@ -0,0 +1,1170 @@ +// Code generated by github.com/Khan/genqlient, DO NOT EDIT. + +package graphql + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/Khan/genqlient/graphql" + "github.com/google/uuid" +) + +// Indicates the type of a Cloud Provider +type CloudProviderType string + +const ( + // AWS cloud provider type + CloudProviderTypeAws CloudProviderType = "AWS" + // Azure cloud provider type + CloudProviderTypeAzure CloudProviderType = "AZURE" + // Google cloud provider type + CloudProviderTypeGcp CloudProviderType = "GCP" +) + +var AllCloudProviderType = []CloudProviderType{ + CloudProviderTypeAws, + CloudProviderTypeAzure, + CloudProviderTypeGcp, +} + +// DeleteGCPProviderResponse is returned by DeleteGCPProvider on success. +type DeleteGCPProviderResponse struct { + // Deletes a list of Cloud Providers by ID + DeleteCloudProvider bool `json:"deleteCloudProvider"` +} + +// GetDeleteCloudProvider returns DeleteGCPProviderResponse.DeleteCloudProvider, and is useful for accessing the field via an interface. +func (v *DeleteGCPProviderResponse) GetDeleteCloudProvider() bool { return v.DeleteCloudProvider } + +// GCPProvidersCloudProvidersCloudProviderConnection includes the requested fields of the GraphQL type CloudProviderConnection. +// The GraphQL type's documentation follows. +// +// A page of CloudProvider results +type GCPProvidersCloudProvidersCloudProviderConnection struct { + // Total number of cloud providers (in all pages) + TotalCount int `json:"totalCount"` + // CloudProviders in the current page, without cursor + Nodes []GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider `json:"nodes"` +} + +// GetTotalCount returns GCPProvidersCloudProvidersCloudProviderConnection.TotalCount, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnection) GetTotalCount() int { return v.TotalCount } + +// GetNodes returns GCPProvidersCloudProvidersCloudProviderConnection.Nodes, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnection) GetNodes() []GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider { + return v.Nodes +} + +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider includes the requested fields of the GraphQL type CloudProvider. +type GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider struct { + Id uuid.UUID `json:"id"` + Name string `json:"name"` + Type CloudProviderType `json:"type"` + Team GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderTeam `json:"team"` + AuthorizedTeams []GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderAuthorizedTeamsTeam `json:"authorizedTeams"` + Configuration GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration `json:"-"` +} + +// GetId returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider.Id, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) GetId() uuid.UUID { + return v.Id +} + +// GetName returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider.Name, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) GetName() string { + return v.Name +} + +// GetType returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider.Type, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) GetType() CloudProviderType { + return v.Type +} + +// GetTeam returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider.Team, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) GetTeam() GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderTeam { + return v.Team +} + +// GetAuthorizedTeams returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider.AuthorizedTeams, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) GetAuthorizedTeams() []GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderAuthorizedTeamsTeam { + return v.AuthorizedTeams +} + +// GetConfiguration returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider.Configuration, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) GetConfiguration() GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration { + return v.Configuration +} + +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider + Configuration json.RawMessage `json:"configuration"` + graphql.NoUnmarshalJSON + } + firstPass.GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + { + dst := &v.Configuration + src := firstPass.Configuration + if len(src) != 0 && string(src) != "null" { + err = __unmarshalGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider.Configuration: %w", err) + } + } + } + return nil +} + +type __premarshalGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider struct { + Id uuid.UUID `json:"id"` + + Name string `json:"name"` + + Type CloudProviderType `json:"type"` + + Team GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderTeam `json:"team"` + + AuthorizedTeams []GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderAuthorizedTeamsTeam `json:"authorizedTeams"` + + Configuration json.RawMessage `json:"configuration"` +} + +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider) __premarshalJSON() (*__premarshalGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider, error) { + var retval __premarshalGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider + + retval.Id = v.Id + retval.Name = v.Name + retval.Type = v.Type + retval.Team = v.Team + retval.AuthorizedTeams = v.AuthorizedTeams + { + + dst := &retval.Configuration + src := v.Configuration + var err error + *dst, err = __marshalGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProvider.Configuration: %w", err) + } + } + return &retval, nil +} + +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderAuthorizedTeamsTeam includes the requested fields of the GraphQL type Team. +// The GraphQL type's documentation follows. +// +// A team of users +type GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderAuthorizedTeamsTeam struct { + // A unique identifier that identifies a specific team. + Id string `json:"id"` +} + +// GetId returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderAuthorizedTeamsTeam.Id, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderAuthorizedTeamsTeam) GetId() string { + return v.Id +} + +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration includes the requested fields of the GraphQL interface CloudProviderConfiguration. +// +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration is implemented by the following types: +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration +type GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration interface { + implementsGraphQLInterfaceGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() string +} + +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration) implementsGraphQLInterfaceGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration() { +} +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration) implementsGraphQLInterfaceGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration() { +} +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) implementsGraphQLInterfaceGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration() { +} + +func __unmarshalGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration(b []byte, v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration) error { + if string(b) == "null" { + return nil + } + + var tn struct { + TypeName string `json:"__typename"` + } + err := json.Unmarshal(b, &tn) + if err != nil { + return err + } + + switch tn.TypeName { + case "CloudProviderAWSConfiguration": + *v = new(GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration) + return json.Unmarshal(b, *v) + case "CloudProviderAzureConfiguration": + *v = new(GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration) + return json.Unmarshal(b, *v) + case "CloudProviderGCPConfiguration": + *v = new(GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing CloudProviderConfiguration.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration: "%v"`, tn.TypeName) + } +} + +func __marshalGCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration(v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration) ([]byte, error) { + + var typename string + switch v := (*v).(type) { + case *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration: + typename = "CloudProviderAWSConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration + }{typename, v} + return json.Marshal(result) + case *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration: + typename = "CloudProviderAzureConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration + }{typename, v} + return json.Marshal(result) + case *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration: + typename = "CloudProviderGCPConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration + }{typename, v} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfiguration: "%T"`, v) + } +} + +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration includes the requested fields of the GraphQL type CloudProviderAWSConfiguration. +type GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration struct { + Typename string `json:"__typename"` +} + +// GetTypename returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAWSConfiguration) GetTypename() string { + return v.Typename +} + +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration includes the requested fields of the GraphQL type CloudProviderAzureConfiguration. +type GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration struct { + Typename string `json:"__typename"` +} + +// GetTypename returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderAzureConfiguration) GetTypename() string { + return v.Typename +} + +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration includes the requested fields of the GraphQL type CloudProviderGCPConfiguration. +type GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration struct { + Typename string `json:"__typename"` + ServiceAccountEmail string `json:"serviceAccountEmail"` + ProjectNumber string `json:"projectNumber"` + WorkloadIdentityPoolId string `json:"workloadIdentityPoolId"` + WorkloadIdentityPoolProviderId string `json:"workloadIdentityPoolProviderId"` + IssuerUrl string `json:"issuerUrl"` +} + +// GetTypename returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) GetTypename() string { + return v.Typename +} + +// GetServiceAccountEmail returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration.ServiceAccountEmail, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) GetServiceAccountEmail() string { + return v.ServiceAccountEmail +} + +// GetProjectNumber returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration.ProjectNumber, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) GetProjectNumber() string { + return v.ProjectNumber +} + +// GetWorkloadIdentityPoolId returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration.WorkloadIdentityPoolId, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) GetWorkloadIdentityPoolId() string { + return v.WorkloadIdentityPoolId +} + +// GetWorkloadIdentityPoolProviderId returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration.WorkloadIdentityPoolProviderId, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) GetWorkloadIdentityPoolProviderId() string { + return v.WorkloadIdentityPoolProviderId +} + +// GetIssuerUrl returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration.IssuerUrl, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderConfigurationCloudProviderGCPConfiguration) GetIssuerUrl() string { + return v.IssuerUrl +} + +// GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderTeam includes the requested fields of the GraphQL type Team. +// The GraphQL type's documentation follows. +// +// A team of users +type GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderTeam struct { + // A unique identifier that identifies a specific team. + Id string `json:"id"` +} + +// GetId returns GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderTeam.Id, and is useful for accessing the field via an interface. +func (v *GCPProvidersCloudProvidersCloudProviderConnectionNodesCloudProviderTeam) GetId() string { + return v.Id +} + +// GCPProvidersResponse is returned by GCPProviders on success. +type GCPProvidersResponse struct { + // Retrieves Cloud Providers. + // The pagination can be either forward or backward. To enable forward pagination, two arguments + // are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`. + // If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments + // are supplied, it returns the first page of 10 cloud providers (i.e. defaults `first` to 10). The result is sorted by + // the added on date in ascending order. + // - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning + // that we return the first page of cloud providers, if `first` value is supplied + // - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value. + // Max value is 100 + // - before: returns the elements in the list that come before the specified cursor. By default is the empty string, + // meaning that the results will be the last page, if `last` value is supplied + // - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value. + // Max value is 100 + CloudProviders GCPProvidersCloudProvidersCloudProviderConnection `json:"cloudProviders"` +} + +// GetCloudProviders returns GCPProvidersResponse.CloudProviders, and is useful for accessing the field via an interface. +func (v *GCPProvidersResponse) GetCloudProviders() GCPProvidersCloudProvidersCloudProviderConnection { + return v.CloudProviders +} + +// NewGCPProviderCreateCloudProvider includes the requested fields of the GraphQL type CloudProvider. +type NewGCPProviderCreateCloudProvider struct { + Id uuid.UUID `json:"id"` + Name string `json:"name"` + Team NewGCPProviderCreateCloudProviderTeam `json:"team"` + Configuration NewGCPProviderCreateCloudProviderConfiguration `json:"-"` +} + +// GetId returns NewGCPProviderCreateCloudProvider.Id, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProvider) GetId() uuid.UUID { return v.Id } + +// GetName returns NewGCPProviderCreateCloudProvider.Name, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProvider) GetName() string { return v.Name } + +// GetTeam returns NewGCPProviderCreateCloudProvider.Team, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProvider) GetTeam() NewGCPProviderCreateCloudProviderTeam { + return v.Team +} + +// GetConfiguration returns NewGCPProviderCreateCloudProvider.Configuration, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProvider) GetConfiguration() NewGCPProviderCreateCloudProviderConfiguration { + return v.Configuration +} + +func (v *NewGCPProviderCreateCloudProvider) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *NewGCPProviderCreateCloudProvider + Configuration json.RawMessage `json:"configuration"` + graphql.NoUnmarshalJSON + } + firstPass.NewGCPProviderCreateCloudProvider = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + { + dst := &v.Configuration + src := firstPass.Configuration + if len(src) != 0 && string(src) != "null" { + err = __unmarshalNewGCPProviderCreateCloudProviderConfiguration( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal NewGCPProviderCreateCloudProvider.Configuration: %w", err) + } + } + } + return nil +} + +type __premarshalNewGCPProviderCreateCloudProvider struct { + Id uuid.UUID `json:"id"` + + Name string `json:"name"` + + Team NewGCPProviderCreateCloudProviderTeam `json:"team"` + + Configuration json.RawMessage `json:"configuration"` +} + +func (v *NewGCPProviderCreateCloudProvider) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *NewGCPProviderCreateCloudProvider) __premarshalJSON() (*__premarshalNewGCPProviderCreateCloudProvider, error) { + var retval __premarshalNewGCPProviderCreateCloudProvider + + retval.Id = v.Id + retval.Name = v.Name + retval.Team = v.Team + { + + dst := &retval.Configuration + src := v.Configuration + var err error + *dst, err = __marshalNewGCPProviderCreateCloudProviderConfiguration( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NewGCPProviderCreateCloudProvider.Configuration: %w", err) + } + } + return &retval, nil +} + +// NewGCPProviderCreateCloudProviderConfiguration includes the requested fields of the GraphQL interface CloudProviderConfiguration. +// +// NewGCPProviderCreateCloudProviderConfiguration is implemented by the following types: +// NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration +// NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration +// NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration +type NewGCPProviderCreateCloudProviderConfiguration interface { + implementsGraphQLInterfaceNewGCPProviderCreateCloudProviderConfiguration() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() string +} + +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration) implementsGraphQLInterfaceNewGCPProviderCreateCloudProviderConfiguration() { +} +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration) implementsGraphQLInterfaceNewGCPProviderCreateCloudProviderConfiguration() { +} +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) implementsGraphQLInterfaceNewGCPProviderCreateCloudProviderConfiguration() { +} + +func __unmarshalNewGCPProviderCreateCloudProviderConfiguration(b []byte, v *NewGCPProviderCreateCloudProviderConfiguration) error { + if string(b) == "null" { + return nil + } + + var tn struct { + TypeName string `json:"__typename"` + } + err := json.Unmarshal(b, &tn) + if err != nil { + return err + } + + switch tn.TypeName { + case "CloudProviderAWSConfiguration": + *v = new(NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration) + return json.Unmarshal(b, *v) + case "CloudProviderAzureConfiguration": + *v = new(NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration) + return json.Unmarshal(b, *v) + case "CloudProviderGCPConfiguration": + *v = new(NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing CloudProviderConfiguration.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for NewGCPProviderCreateCloudProviderConfiguration: "%v"`, tn.TypeName) + } +} + +func __marshalNewGCPProviderCreateCloudProviderConfiguration(v *NewGCPProviderCreateCloudProviderConfiguration) ([]byte, error) { + + var typename string + switch v := (*v).(type) { + case *NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration: + typename = "CloudProviderAWSConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration + }{typename, v} + return json.Marshal(result) + case *NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration: + typename = "CloudProviderAzureConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration + }{typename, v} + return json.Marshal(result) + case *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration: + typename = "CloudProviderGCPConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration + }{typename, v} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for NewGCPProviderCreateCloudProviderConfiguration: "%T"`, v) + } +} + +// NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration includes the requested fields of the GraphQL type CloudProviderAWSConfiguration. +type NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration struct { + Typename string `json:"__typename"` +} + +// GetTypename returns NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderAWSConfiguration) GetTypename() string { + return v.Typename +} + +// NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration includes the requested fields of the GraphQL type CloudProviderAzureConfiguration. +type NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration struct { + Typename string `json:"__typename"` +} + +// GetTypename returns NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderAzureConfiguration) GetTypename() string { + return v.Typename +} + +// NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration includes the requested fields of the GraphQL type CloudProviderGCPConfiguration. +type NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration struct { + Typename string `json:"__typename"` + ServiceAccountEmail string `json:"serviceAccountEmail"` + ProjectNumber string `json:"projectNumber"` + WorkloadIdentityPoolId string `json:"workloadIdentityPoolId"` + WorkloadIdentityPoolProviderId string `json:"workloadIdentityPoolProviderId"` + IssuerUrl string `json:"issuerUrl"` +} + +// GetTypename returns NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) GetTypename() string { + return v.Typename +} + +// GetServiceAccountEmail returns NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration.ServiceAccountEmail, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) GetServiceAccountEmail() string { + return v.ServiceAccountEmail +} + +// GetProjectNumber returns NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration.ProjectNumber, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) GetProjectNumber() string { + return v.ProjectNumber +} + +// GetWorkloadIdentityPoolId returns NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration.WorkloadIdentityPoolId, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) GetWorkloadIdentityPoolId() string { + return v.WorkloadIdentityPoolId +} + +// GetWorkloadIdentityPoolProviderId returns NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration.WorkloadIdentityPoolProviderId, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) GetWorkloadIdentityPoolProviderId() string { + return v.WorkloadIdentityPoolProviderId +} + +// GetIssuerUrl returns NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration.IssuerUrl, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderConfigurationCloudProviderGCPConfiguration) GetIssuerUrl() string { + return v.IssuerUrl +} + +// NewGCPProviderCreateCloudProviderTeam includes the requested fields of the GraphQL type Team. +// The GraphQL type's documentation follows. +// +// A team of users +type NewGCPProviderCreateCloudProviderTeam struct { + // A unique identifier that identifies a specific team. + Id string `json:"id"` +} + +// GetId returns NewGCPProviderCreateCloudProviderTeam.Id, and is useful for accessing the field via an interface. +func (v *NewGCPProviderCreateCloudProviderTeam) GetId() string { return v.Id } + +// NewGCPProviderResponse is returned by NewGCPProvider on success. +type NewGCPProviderResponse struct { + // Creates a Cloud Provider + CreateCloudProvider NewGCPProviderCreateCloudProvider `json:"createCloudProvider"` +} + +// GetCreateCloudProvider returns NewGCPProviderResponse.CreateCloudProvider, and is useful for accessing the field via an interface. +func (v *NewGCPProviderResponse) GetCreateCloudProvider() NewGCPProviderCreateCloudProvider { + return v.CreateCloudProvider +} + +// UpdateGCPProviderResponse is returned by UpdateGCPProvider on success. +type UpdateGCPProviderResponse struct { + // Updates a cloud provider + UpdateCloudProvider UpdateGCPProviderUpdateCloudProvider `json:"updateCloudProvider"` +} + +// GetUpdateCloudProvider returns UpdateGCPProviderResponse.UpdateCloudProvider, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderResponse) GetUpdateCloudProvider() UpdateGCPProviderUpdateCloudProvider { + return v.UpdateCloudProvider +} + +// UpdateGCPProviderUpdateCloudProvider includes the requested fields of the GraphQL type CloudProvider. +type UpdateGCPProviderUpdateCloudProvider struct { + Id uuid.UUID `json:"id"` + Name string `json:"name"` + Team UpdateGCPProviderUpdateCloudProviderTeam `json:"team"` + Configuration UpdateGCPProviderUpdateCloudProviderConfiguration `json:"-"` +} + +// GetId returns UpdateGCPProviderUpdateCloudProvider.Id, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProvider) GetId() uuid.UUID { return v.Id } + +// GetName returns UpdateGCPProviderUpdateCloudProvider.Name, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProvider) GetName() string { return v.Name } + +// GetTeam returns UpdateGCPProviderUpdateCloudProvider.Team, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProvider) GetTeam() UpdateGCPProviderUpdateCloudProviderTeam { + return v.Team +} + +// GetConfiguration returns UpdateGCPProviderUpdateCloudProvider.Configuration, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProvider) GetConfiguration() UpdateGCPProviderUpdateCloudProviderConfiguration { + return v.Configuration +} + +func (v *UpdateGCPProviderUpdateCloudProvider) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *UpdateGCPProviderUpdateCloudProvider + Configuration json.RawMessage `json:"configuration"` + graphql.NoUnmarshalJSON + } + firstPass.UpdateGCPProviderUpdateCloudProvider = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + { + dst := &v.Configuration + src := firstPass.Configuration + if len(src) != 0 && string(src) != "null" { + err = __unmarshalUpdateGCPProviderUpdateCloudProviderConfiguration( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal UpdateGCPProviderUpdateCloudProvider.Configuration: %w", err) + } + } + } + return nil +} + +type __premarshalUpdateGCPProviderUpdateCloudProvider struct { + Id uuid.UUID `json:"id"` + + Name string `json:"name"` + + Team UpdateGCPProviderUpdateCloudProviderTeam `json:"team"` + + Configuration json.RawMessage `json:"configuration"` +} + +func (v *UpdateGCPProviderUpdateCloudProvider) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *UpdateGCPProviderUpdateCloudProvider) __premarshalJSON() (*__premarshalUpdateGCPProviderUpdateCloudProvider, error) { + var retval __premarshalUpdateGCPProviderUpdateCloudProvider + + retval.Id = v.Id + retval.Name = v.Name + retval.Team = v.Team + { + + dst := &retval.Configuration + src := v.Configuration + var err error + *dst, err = __marshalUpdateGCPProviderUpdateCloudProviderConfiguration( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal UpdateGCPProviderUpdateCloudProvider.Configuration: %w", err) + } + } + return &retval, nil +} + +// UpdateGCPProviderUpdateCloudProviderConfiguration includes the requested fields of the GraphQL interface CloudProviderConfiguration. +// +// UpdateGCPProviderUpdateCloudProviderConfiguration is implemented by the following types: +// UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration +// UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration +// UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration +type UpdateGCPProviderUpdateCloudProviderConfiguration interface { + implementsGraphQLInterfaceUpdateGCPProviderUpdateCloudProviderConfiguration() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() string +} + +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration) implementsGraphQLInterfaceUpdateGCPProviderUpdateCloudProviderConfiguration() { +} +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration) implementsGraphQLInterfaceUpdateGCPProviderUpdateCloudProviderConfiguration() { +} +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) implementsGraphQLInterfaceUpdateGCPProviderUpdateCloudProviderConfiguration() { +} + +func __unmarshalUpdateGCPProviderUpdateCloudProviderConfiguration(b []byte, v *UpdateGCPProviderUpdateCloudProviderConfiguration) error { + if string(b) == "null" { + return nil + } + + var tn struct { + TypeName string `json:"__typename"` + } + err := json.Unmarshal(b, &tn) + if err != nil { + return err + } + + switch tn.TypeName { + case "CloudProviderAWSConfiguration": + *v = new(UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration) + return json.Unmarshal(b, *v) + case "CloudProviderAzureConfiguration": + *v = new(UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration) + return json.Unmarshal(b, *v) + case "CloudProviderGCPConfiguration": + *v = new(UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing CloudProviderConfiguration.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for UpdateGCPProviderUpdateCloudProviderConfiguration: "%v"`, tn.TypeName) + } +} + +func __marshalUpdateGCPProviderUpdateCloudProviderConfiguration(v *UpdateGCPProviderUpdateCloudProviderConfiguration) ([]byte, error) { + + var typename string + switch v := (*v).(type) { + case *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration: + typename = "CloudProviderAWSConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration + }{typename, v} + return json.Marshal(result) + case *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration: + typename = "CloudProviderAzureConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration + }{typename, v} + return json.Marshal(result) + case *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration: + typename = "CloudProviderGCPConfiguration" + + result := struct { + TypeName string `json:"__typename"` + *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration + }{typename, v} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for UpdateGCPProviderUpdateCloudProviderConfiguration: "%T"`, v) + } +} + +// UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration includes the requested fields of the GraphQL type CloudProviderAWSConfiguration. +type UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration struct { + Typename string `json:"__typename"` +} + +// GetTypename returns UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAWSConfiguration) GetTypename() string { + return v.Typename +} + +// UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration includes the requested fields of the GraphQL type CloudProviderAzureConfiguration. +type UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration struct { + Typename string `json:"__typename"` +} + +// GetTypename returns UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderAzureConfiguration) GetTypename() string { + return v.Typename +} + +// UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration includes the requested fields of the GraphQL type CloudProviderGCPConfiguration. +type UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration struct { + Typename string `json:"__typename"` + ServiceAccountEmail string `json:"serviceAccountEmail"` + ProjectNumber string `json:"projectNumber"` + WorkloadIdentityPoolId string `json:"workloadIdentityPoolId"` + WorkloadIdentityPoolProviderId string `json:"workloadIdentityPoolProviderId"` + IssuerUrl string `json:"issuerUrl"` +} + +// GetTypename returns UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration.Typename, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) GetTypename() string { + return v.Typename +} + +// GetServiceAccountEmail returns UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration.ServiceAccountEmail, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) GetServiceAccountEmail() string { + return v.ServiceAccountEmail +} + +// GetProjectNumber returns UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration.ProjectNumber, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) GetProjectNumber() string { + return v.ProjectNumber +} + +// GetWorkloadIdentityPoolId returns UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration.WorkloadIdentityPoolId, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) GetWorkloadIdentityPoolId() string { + return v.WorkloadIdentityPoolId +} + +// GetWorkloadIdentityPoolProviderId returns UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration.WorkloadIdentityPoolProviderId, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) GetWorkloadIdentityPoolProviderId() string { + return v.WorkloadIdentityPoolProviderId +} + +// GetIssuerUrl returns UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration.IssuerUrl, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderConfigurationCloudProviderGCPConfiguration) GetIssuerUrl() string { + return v.IssuerUrl +} + +// UpdateGCPProviderUpdateCloudProviderTeam includes the requested fields of the GraphQL type Team. +// The GraphQL type's documentation follows. +// +// A team of users +type UpdateGCPProviderUpdateCloudProviderTeam struct { + // A unique identifier that identifies a specific team. + Id string `json:"id"` +} + +// GetId returns UpdateGCPProviderUpdateCloudProviderTeam.Id, and is useful for accessing the field via an interface. +func (v *UpdateGCPProviderUpdateCloudProviderTeam) GetId() string { return v.Id } + +// __DeleteGCPProviderInput is used internally by genqlient +type __DeleteGCPProviderInput struct { + Id uuid.UUID `json:"Id"` +} + +// GetId returns __DeleteGCPProviderInput.Id, and is useful for accessing the field via an interface. +func (v *__DeleteGCPProviderInput) GetId() uuid.UUID { return v.Id } + +// __NewGCPProviderInput is used internally by genqlient +type __NewGCPProviderInput struct { + Name string `json:"Name"` + Team uuid.UUID `json:"Team"` + Email string `json:"Email"` + Project string `json:"Project"` + WIPId string `json:"WIPId"` + WIPPId string `json:"WIPPId"` +} + +// GetName returns __NewGCPProviderInput.Name, and is useful for accessing the field via an interface. +func (v *__NewGCPProviderInput) GetName() string { return v.Name } + +// GetTeam returns __NewGCPProviderInput.Team, and is useful for accessing the field via an interface. +func (v *__NewGCPProviderInput) GetTeam() uuid.UUID { return v.Team } + +// GetEmail returns __NewGCPProviderInput.Email, and is useful for accessing the field via an interface. +func (v *__NewGCPProviderInput) GetEmail() string { return v.Email } + +// GetProject returns __NewGCPProviderInput.Project, and is useful for accessing the field via an interface. +func (v *__NewGCPProviderInput) GetProject() string { return v.Project } + +// GetWIPId returns __NewGCPProviderInput.WIPId, and is useful for accessing the field via an interface. +func (v *__NewGCPProviderInput) GetWIPId() string { return v.WIPId } + +// GetWIPPId returns __NewGCPProviderInput.WIPPId, and is useful for accessing the field via an interface. +func (v *__NewGCPProviderInput) GetWIPPId() string { return v.WIPPId } + +// __UpdateGCPProviderInput is used internally by genqlient +type __UpdateGCPProviderInput struct { + Id uuid.UUID `json:"Id"` + Name string `json:"Name"` + Team uuid.UUID `json:"Team"` + Project string `json:"Project"` + WIPId string `json:"WIPId"` + WIPPId string `json:"WIPPId"` +} + +// GetId returns __UpdateGCPProviderInput.Id, and is useful for accessing the field via an interface. +func (v *__UpdateGCPProviderInput) GetId() uuid.UUID { return v.Id } + +// GetName returns __UpdateGCPProviderInput.Name, and is useful for accessing the field via an interface. +func (v *__UpdateGCPProviderInput) GetName() string { return v.Name } + +// GetTeam returns __UpdateGCPProviderInput.Team, and is useful for accessing the field via an interface. +func (v *__UpdateGCPProviderInput) GetTeam() uuid.UUID { return v.Team } + +// GetProject returns __UpdateGCPProviderInput.Project, and is useful for accessing the field via an interface. +func (v *__UpdateGCPProviderInput) GetProject() string { return v.Project } + +// GetWIPId returns __UpdateGCPProviderInput.WIPId, and is useful for accessing the field via an interface. +func (v *__UpdateGCPProviderInput) GetWIPId() string { return v.WIPId } + +// GetWIPPId returns __UpdateGCPProviderInput.WIPPId, and is useful for accessing the field via an interface. +func (v *__UpdateGCPProviderInput) GetWIPPId() string { return v.WIPPId } + +// The mutation executed by DeleteGCPProvider. +const DeleteGCPProvider_Operation = ` +mutation DeleteGCPProvider ($Id: UUID!) { + deleteCloudProvider(cloudProviderId: [$Id]) +} +` + +func DeleteGCPProvider( + ctx_ context.Context, + client_ graphql.Client, + Id uuid.UUID, +) (data_ *DeleteGCPProviderResponse, err_ error) { + req_ := &graphql.Request{ + OpName: "DeleteGCPProvider", + Query: DeleteGCPProvider_Operation, + Variables: &__DeleteGCPProviderInput{ + Id: Id, + }, + } + + data_ = &DeleteGCPProviderResponse{} + resp_ := &graphql.Response{Data: data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return data_, err_ +} + +// The query executed by GCPProviders. +const GCPProviders_Operation = ` +query GCPProviders { + cloudProviders(filter: {type:GCP}) { + totalCount + nodes { + id + name + type + team { + id + } + authorizedTeams { + id + } + configuration { + __typename + ... on CloudProviderGCPConfiguration { + serviceAccountEmail + projectNumber + workloadIdentityPoolId + workloadIdentityPoolProviderId + issuerUrl + } + } + } + } +} +` + +func GCPProviders( + ctx_ context.Context, + client_ graphql.Client, +) (data_ *GCPProvidersResponse, err_ error) { + req_ := &graphql.Request{ + OpName: "GCPProviders", + Query: GCPProviders_Operation, + } + + data_ = &GCPProvidersResponse{} + resp_ := &graphql.Response{Data: data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return data_, err_ +} + +// The mutation executed by NewGCPProvider. +const NewGCPProvider_Operation = ` +mutation NewGCPProvider ($Name: String!, $Team: UUID!, $Email: String!, $Project: String!, $WIPId: String!, $WIPPId: String!) { + createCloudProvider(input: {name:$Name,type:GCP,teamId:$Team,gcpConfiguration:{authorizationMethod:WORKLOAD_IDENTITY_FEDERATION,serviceAccountEmail:$Email,projectNumber:$Project,workloadIdentityPoolId:$WIPId,workloadIdentityPoolProviderId:$WIPPId}}) { + id + name + team { + id + } + configuration { + __typename + ... on CloudProviderGCPConfiguration { + serviceAccountEmail + projectNumber + workloadIdentityPoolId + workloadIdentityPoolProviderId + issuerUrl + } + } + } +} +` + +func NewGCPProvider( + ctx_ context.Context, + client_ graphql.Client, + Name string, + Team uuid.UUID, + Email string, + Project string, + WIPId string, + WIPPId string, +) (data_ *NewGCPProviderResponse, err_ error) { + req_ := &graphql.Request{ + OpName: "NewGCPProvider", + Query: NewGCPProvider_Operation, + Variables: &__NewGCPProviderInput{ + Name: Name, + Team: Team, + Email: Email, + Project: Project, + WIPId: WIPId, + WIPPId: WIPPId, + }, + } + + data_ = &NewGCPProviderResponse{} + resp_ := &graphql.Response{Data: data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return data_, err_ +} + +// The mutation executed by UpdateGCPProvider. +const UpdateGCPProvider_Operation = ` +mutation UpdateGCPProvider ($Id: UUID!, $Name: String!, $Team: UUID!, $Project: String!, $WIPId: String!, $WIPPId: String!) { + updateCloudProvider(input: {id:$Id,name:$Name,type:GCP,teamId:$Team,gcpConfiguration:{projectNumber:$Project,workloadIdentityPoolId:$WIPId,workloadIdentityPoolProviderId:$WIPPId}}) { + id + name + team { + id + } + configuration { + __typename + ... on CloudProviderGCPConfiguration { + serviceAccountEmail + projectNumber + workloadIdentityPoolId + workloadIdentityPoolProviderId + issuerUrl + } + } + } +} +` + +func UpdateGCPProvider( + ctx_ context.Context, + client_ graphql.Client, + Id uuid.UUID, + Name string, + Team uuid.UUID, + Project string, + WIPId string, + WIPPId string, +) (data_ *UpdateGCPProviderResponse, err_ error) { + req_ := &graphql.Request{ + OpName: "UpdateGCPProvider", + Query: UpdateGCPProvider_Operation, + Variables: &__UpdateGCPProviderInput{ + Id: Id, + Name: Name, + Team: Team, + Project: Project, + WIPId: WIPId, + WIPPId: WIPPId, + }, + } + + data_ = &UpdateGCPProviderResponse{} + resp_ := &graphql.Response{Data: data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return data_, err_ +} diff --git a/internal/tlspc/graphql/schema.graphql b/internal/tlspc/graphql/schema.graphql new file mode 100644 index 0000000..7f43251 --- /dev/null +++ b/internal/tlspc/graphql/schema.graphql @@ -0,0 +1,5283 @@ +schema + @link(url: "https://specs.apollo.dev/link/v1.0") + @link(url: "https://specs.apollo.dev/join/v0.3", for: EXECUTION) + @link(url: "https://specs.apollo.dev/inaccessible/v0.2", for: SECURITY) +{ + query: Query + mutation: Mutation +} + +directive @inaccessible on FIELD_DEFINITION | OBJECT | INTERFACE | UNION | ARGUMENT_DEFINITION | SCALAR | ENUM | ENUM_VALUE | INPUT_OBJECT | INPUT_FIELD_DEFINITION + +directive @join__enumValue(graph: join__Graph!) repeatable on ENUM_VALUE + +directive @join__field(graph: join__Graph, requires: join__FieldSet, provides: join__FieldSet, type: String, external: Boolean, override: String, usedOverridden: Boolean) repeatable on FIELD_DEFINITION | INPUT_FIELD_DEFINITION + +directive @join__graph(name: String!, url: String!) on ENUM_VALUE + +directive @join__implements(graph: join__Graph!, interface: String!) repeatable on OBJECT | INTERFACE + +directive @join__type(graph: join__Graph!, key: join__FieldSet, extension: Boolean! = false, resolvable: Boolean! = true, isInterfaceObject: Boolean! = false) repeatable on OBJECT | INTERFACE | UNION | ENUM | INPUT_OBJECT | SCALAR + +directive @join__unionMember(graph: join__Graph!, member: String!) repeatable on UNION + +directive @link(url: String, as: String, for: link__Purpose, import: [link__Import]) repeatable on SCHEMA + +type AggregatedKubernetesTag + @join__type(graph: TLSPK) +{ + name: String! + resourceNames: [String]! +} + +""" +Application is used in matching rules and allows for querying more information through query +""" +type Application + @join__type(graph: COMPLIANCE_POLICY, key: "id", resolvable: false) + @join__type(graph: OUTAGEDETECTION, key: "id") +{ + """ID is the ID of the application for entity linking purposes""" + id: ID! + name: String! @join__field(graph: OUTAGEDETECTION) + description: String @join__field(graph: OUTAGEDETECTION) + owners: IdentityConnection @join__field(graph: OUTAGEDETECTION) +} + +type ApplicationConnection + @join__type(graph: OUTAGEDETECTION) +{ + pageInfo: PageInfo! + totalCount: Int! + nodes: [Application!] + edges: [ApplicationEdge] +} + +type ApplicationEdge + @join__type(graph: OUTAGEDETECTION) +{ + node: Application! + cursor: String! +} + +""" +ApplicationMatchingRule wraps the Application type to add included to it +""" +type ApplicationMatchingRule + @join__type(graph: COMPLIANCE_POLICY) +{ + """Application is the reference to the application to include or exclude""" + application: Application + + """ + Included states whether this application should be included in matching for resources + """ + included: Boolean +} + +type ApprovalDetails + @join__type(graph: CAOPERATIONS) +{ + approverUserIds: [UUID] + approverTeamIds: [UUID] + finalApproverId: UUID + approvedIds: [UUID] + rejectedBy: UUID + rejectionReason: String +} + +enum ApproverDecision + @join__type(graph: CAOPERATIONS) +{ + APPROVE @join__enumValue(graph: CAOPERATIONS) + REJECT @join__enumValue(graph: CAOPERATIONS) +} + +"""Represents available operators for date types""" +enum AttributeDateOperator + @join__type(graph: CUSTOM_REPORTING) +{ + BETWEEN @join__enumValue(graph: CUSTOM_REPORTING) +} + +"""Represents available operators for enum types""" +enum AttributeEnumOperator + @join__type(graph: CUSTOM_REPORTING) + @join__type(graph: TLSPK) +{ + EQUALS @join__enumValue(graph: CUSTOM_REPORTING) @join__enumValue(graph: TLSPK) +} + +"""Represents available operators for string types""" +enum AttributeStringOperator + @join__type(graph: CUSTOM_REPORTING) + @join__type(graph: TLSPK) +{ + EQUALS @join__enumValue(graph: CUSTOM_REPORTING) @join__enumValue(graph: TLSPK) + CONTAINS @join__enumValue(graph: CUSTOM_REPORTING) @join__enumValue(graph: TLSPK) +} + +"""Represents available operators for uuid types""" +enum AttributeUUIDOperator + @join__type(graph: CUSTOM_REPORTING) +{ + IN @join__enumValue(graph: CUSTOM_REPORTING) +} + +""" +Indicates the type of authentication used to communicate with Cloud Providers +""" +enum AuthorizationMethod + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + Venafi generated key uploaded manually by the customer to the Service Account + """ + VENAFI_GENERATED_KEY @join__enumValue(graph: CLOUD_PROVIDERS) + + """Workload Identity Federation using OIDC""" + WORKLOAD_IDENTITY_FEDERATION @join__enumValue(graph: CLOUD_PROVIDERS) +} + +"""A 12 digit string representing an AWS account ID""" +scalar AWSAccountID + @join__type(graph: CLOUD_PROVIDERS) + +type AWSCertificateMetadata + @join__type(graph: CLOUD_PROVIDERS) +{ + arn: String! + in_use: Boolean + type: String +} + +type AWSProviderDetails + @join__type(graph: CLOUD_PROVIDERS) +{ + cloudProvider: CloudProvider! + awsRegions: [String!] +} + +type AzureCertificateMetadata + @join__type(graph: CLOUD_PROVIDERS) +{ + azureId: String! + name: String! + version: String! +} + +type AzureKeyVault + @join__type(graph: CLOUD_PROVIDERS) +{ + id: String! + name: String! +} + +type AzureProviderDetails + @join__type(graph: CLOUD_PROVIDERS) +{ + cloudProvider: CloudProvider! + subscriptions: [AzureSubscriptionDetails] +} + +type AzureSubscriptionDetails + @join__type(graph: CLOUD_PROVIDERS) +{ + id: String! + name: String! +} + +"""Represents a Billing Cycle""" +type BillingCycle + @join__type(graph: ENTITLEMENTS) +{ + start: DateTime! + end: DateTime! +} + +"""Represents a Billing Metric""" +type BillingMetric + @join__type(graph: ENTITLEMENTS) +{ + key: String! + value: String! +} + +enum Capability + @join__type(graph: CLOUD_PROVIDERS) +{ + CLOUD_PROVIDERS @join__enumValue(graph: CLOUD_PROVIDERS) +} + +"""Certificate""" +type Certificate + @join__type(graph: CAOPERATIONS, key: "fingerprint") + @join__type(graph: CERTIFICATE_INVENTORY, key: "fingerprint") + @join__type(graph: CLOUD_PROVIDERS, key: "fingerprint") + @join__type(graph: COMPLIANCE_POLICY, key: "fingerprint") + @join__type(graph: COMPUTED_FIELDS, key: "fingerprint") + @join__type(graph: OUTAGEDETECTION, key: "id") + @join__type(graph: PROVISIONING, key: "fingerprint") + @join__type(graph: SEARCH, key: "fingerprint", resolvable: false) + @join__type(graph: TAGGING, key: "id") + @join__type(graph: TLSPK, key: "fingerprint") +{ + """The SHA-1 digest of the entire raw certificate""" + fingerprint: ID! @join__field(graph: CAOPERATIONS) @join__field(graph: CERTIFICATE_INVENTORY) @join__field(graph: CLOUD_PROVIDERS) @join__field(graph: COMPLIANCE_POLICY) @join__field(graph: COMPUTED_FIELDS) @join__field(graph: PROVISIONING) @join__field(graph: SEARCH) @join__field(graph: TLSPK) + issuanceCertificateAuthorityAccount: CertificateAuthorityAccount @join__field(graph: CAOPERATIONS) + productOption: CertificateAuthorityProductOption @join__field(graph: CAOPERATIONS) + importCertificateAuthorityAccount: CertificateAuthorityAccount @join__field(graph: CAOPERATIONS) + importOption: CertificateAuthorityImportOption @join__field(graph: CAOPERATIONS) + lastImportRunId: UUID @join__field(graph: CAOPERATIONS) + revocation: Revocation @join__field(graph: CAOPERATIONS) + id: ID! @join__field(graph: CERTIFICATE_INVENTORY) @join__field(graph: OUTAGEDETECTION) @join__field(graph: TAGGING) + name: String! @join__field(graph: CERTIFICATE_INVENTORY) + issuer: DirectoryName @join__field(graph: CERTIFICATE_INVENTORY) + validity: CertificateValidity @join__field(graph: CERTIFICATE_INVENTORY) + status: CertificateStatus! @join__field(graph: CERTIFICATE_INVENTORY) + + """ + Indicates if this certificate is the current (i.e. last) version of the certificate + """ + isCurrent: Boolean! @join__field(graph: CERTIFICATE_INVENTORY) + + """Indicates if this certificate is a certificate authority certificate""" + isCA: Boolean! @join__field(graph: CERTIFICATE_INVENTORY) + + """Indicates if this certificate is a self signed certificate""" + isSelfSigned: Boolean! @join__field(graph: CERTIFICATE_INVENTORY) + + """ + Timestamp when a new version of this certificate was found (i.e. when isCurrent was set to FALSE) + """ + archivedTime: DateTime @join__field(graph: CERTIFICATE_INVENTORY) + + """Timestamp when the certificate was created""" + creationTime: DateTime! @join__field(graph: CERTIFICATE_INVENTORY) + + """Timestamp of the last modification""" + lastModifiedTime: DateTime! @join__field(graph: CERTIFICATE_INVENTORY) + subject: DirectoryName @join__field(graph: CERTIFICATE_INVENTORY) + subjectAlternativeNames: [GeneralName!] @join__field(graph: CERTIFICATE_INVENTORY) + serialNumber: String! @join__field(graph: CERTIFICATE_INVENTORY) + publicKeyInformation: PublicKeyInformation! @join__field(graph: CERTIFICATE_INVENTORY) + signatureAlgorithm: String! @join__field(graph: CERTIFICATE_INVENTORY) + signatureHashAlgorithm: String! @join__field(graph: CERTIFICATE_INVENTORY) + extendedKeyUsages: [String!] @join__field(graph: CERTIFICATE_INVENTORY) + keyUsages: [CertificateKeyUsage!] @join__field(graph: CERTIFICATE_INVENTORY) + + """ + The certificates in the chain. This will return null for nested certificates. + """ + chain: [Certificate!] @join__field(graph: CERTIFICATE_INVENTORY) + + """ + All other versions of the current certificate. This will return null for nested certificates. + The pagination can be either forward or backward. To enable forward pagination, two arguments are + used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`. + However, 'after' and 'before' arguments are only valid for 'certificate' queries (i.e. single certificate result) + If arguments for both forward and backward pagination are supplied, forward pagination will be used. If no arguments + are supplied, it returns the first page of 10 certificates (i.e. defaults `first` to 10). If orderBy is not + specified, the result will be sorted by fingerprints in ascending order. + """ + relatedCertificates(after: String, before: String, first: Int, last: Int, orderBy: [RelatedCertificateOrderInput!]): CertificateConnection @join__field(graph: CERTIFICATE_INVENTORY) + certificateValidationErrors: [ValidationError!] @join__field(graph: CERTIFICATE_INVENTORY) + certificateErrorCount: ValidationErrorCount! @join__field(graph: CERTIFICATE_INVENTORY) @join__field(graph: COMPUTED_FIELDS, external: true) + origins: [String!]! @join__field(graph: CERTIFICATE_INVENTORY, override: "computed-fields") + + """ + The group ID for this certificate. This is used to group older and newer versions of the same certificate. + """ + groupId: ID! @join__field(graph: CERTIFICATE_INVENTORY) + + """The user that last modified the certificate record, if any""" + lastModifiedBy: ID @join__field(graph: CERTIFICATE_INVENTORY) + + """The subjectKeyIdentifier SHA1 hash value""" + subjectKeyIdentifierHash: String! @join__field(graph: CERTIFICATE_INVENTORY) + + """The authorityKeyIdentifier SHA1 hash value""" + authorityKeyIdentifierHash: String! @join__field(graph: CERTIFICATE_INVENTORY) + + """Returns true if the 'id-pkix-ocsp-nocheck' extension is defined""" + ocspNoCheck: Boolean! @join__field(graph: CERTIFICATE_INVENTORY) + + """ + The maximum path length for certificates subordinate to this certificate. This is only present for CA certificates + """ + pathLength: Int @join__field(graph: CERTIFICATE_INVENTORY) + + """ + Policy constraint indicating the number of additional certificates that may appear in the path before an + explicit policy is required for the entire path + """ + requireExplicitPolicy: Int @join__field(graph: CERTIFICATE_INVENTORY) + + """ + Policy constraint indicating the number of additional certificates that may appear in the path before + policy mapping is no longer permitted + """ + inhibitPolicyMapping: Int @join__field(graph: CERTIFICATE_INVENTORY) + + """ + Indicates the number of additional non-self-issued certificates that may appear in the path before anyPolicy is no + longer permitted + """ + inhibitAnyPolicy: Int @join__field(graph: CERTIFICATE_INVENTORY) + cloudInstallations: MachineIdentityConnection @join__field(graph: CLOUD_PROVIDERS) + + """ + CompliancePolicyFindings shows how many findings a particular certificate has against it + """ + compliancePolicyFindings: CompliancePolicyFindingConnection @join__field(graph: COMPLIANCE_POLICY) + tlsServerEndpoints(after: String, before: String, first: Int, last: Int): TLSServerEndpointConnection @join__field(graph: COMPUTED_FIELDS, external: true) @join__field(graph: OUTAGEDETECTION) + errorCount: ValidationErrorCount! @join__field(graph: COMPUTED_FIELDS, requires: "certificateErrorCount{warnings alerts} tlsServerEndpoints(after:null,before:null,first:null,last:null) {tlsServerEndpointsErrorCount {warnings alerts}}") + certificateRequest: CertificateRequest @join__field(graph: OUTAGEDETECTION) + applications: [Application!] @join__field(graph: OUTAGEDETECTION) + dekHash: String @join__field(graph: OUTAGEDETECTION) + lastNotification: Int! @join__field(graph: OUTAGEDETECTION) + + """Machine installations collection associated with the certificate.""" + machineInstallations(after: String, before: String, first: Int, last: Int): MachineInstallationConnection @join__field(graph: PROVISIONING) + tags: [Tag!] @join__field(graph: TAGGING) + clusterCertificateInstallations(after: String, before: String, first: Int, last: Int): ClusterCertificateInstallationConnection @join__field(graph: TLSPK) + hasClusterSourceTag: Boolean! @inaccessible @join__field(graph: TLSPK) + aggregatedKubernetesLabels: [AggregatedKubernetesTag]! @join__field(graph: TLSPK) + aggregatedKubernetesAnnotations: [AggregatedKubernetesTag]! @join__field(graph: TLSPK) +} + +type CertificateAuthorityAccount + @join__type(graph: CAOPERATIONS, key: "id") +{ + id: ID! + certificateAuthorityType: CertificateAuthorityType! + name: String! +} + +type CertificateAuthorityAccountConnection + @join__type(graph: CAOPERATIONS) +{ + pageInfo: PageInfo! + totalCount: Int! + nodes: [CertificateAuthorityAccount!] + edges: [CertificateAuthorityAccountEdge] +} + +type CertificateAuthorityAccountEdge + @join__type(graph: CAOPERATIONS) +{ + node: CertificateAuthorityAccount! + cursor: String! +} + +type CertificateAuthorityImportOption + @join__type(graph: CAOPERATIONS) +{ + id: UUID! +} + +type CertificateAuthorityProductOption + @join__type(graph: CAOPERATIONS) +{ + id: UUID! +} + +enum CertificateAuthorityType + @join__type(graph: CAOPERATIONS) +{ + DIGICERT @join__enumValue(graph: CAOPERATIONS) + GLOBALSIGN @join__enumValue(graph: CAOPERATIONS) + BUILTIN @join__enumValue(graph: CAOPERATIONS) + ENTRUST @join__enumValue(graph: CAOPERATIONS) + MICROSOFT @join__enumValue(graph: CAOPERATIONS) + ACME @join__enumValue(graph: CAOPERATIONS) + ZTPKI @join__enumValue(graph: CAOPERATIONS) + GLOBALSIGNMSSL @join__enumValue(graph: CAOPERATIONS) + TPP @join__enumValue(graph: CAOPERATIONS) + CONNECTOR @join__enumValue(graph: CAOPERATIONS) +} + +input CertificateBooleanFilter + @join__type(graph: SEARCH) +{ + """The boolean value that we want to match""" + eq: Boolean + + """The boolean value that we don't want to match""" + neq: Boolean + + """ + The boolean value that we want to assert whether the boolean field is null or not + """ + hasValue: Boolean +} + +union CertificateCloudMetadata + @join__type(graph: CLOUD_PROVIDERS) + @join__unionMember(graph: CLOUD_PROVIDERS, member: "AWSCertificateMetadata") + @join__unionMember(graph: CLOUD_PROVIDERS, member: "AzureCertificateMetadata") + @join__unionMember(graph: CLOUD_PROVIDERS, member: "GCPCertificateMetadata") + = AWSCertificateMetadata | AzureCertificateMetadata | GCPCertificateMetadata + +""" +CertificateCompliancePolicyFindingsOverviewCategory denotes different categories for more details in the widget +""" +type CertificateCompliancePolicyFindingsOverviewCategory + @join__type(graph: COMPLIANCE_POLICY) +{ + """Id is used to determine which category is being used""" + id: String + + """ + Count returns the number related to the ID that this category is showing + """ + count: Int +} + +""" +CertificateCompliancePolicyFindingsOverviewWidget provides a summary context for number of certificates evaluated +in policies compared to how many of those certificate findings resulted in issues" +""" +type CertificateCompliancePolicyFindingsOverviewWidget + @join__type(graph: COMPLIANCE_POLICY) +{ + """ + TotalCertificatesCount is the number of certificates with evaluation findings + """ + totalCertificatesCount: Int + + """ + CertificatesWithFindingsCount returns the number of certificates with issues from findings + """ + certificatesWithFindingsCount: Int + + """Categories is the list of certificates that have issues from findings""" + categories: [CertificateCompliancePolicyFindingsOverviewCategory] +} + +"""A page of certificate results""" +type CertificateConnection + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: SEARCH) + @join__type(graph: TLSPK) +{ + """Current page information""" + pageInfo: PageInfo! + + """Total number of certificates (in all pages)""" + totalCount: Int! + + """Certificates in the current page, without cursor""" + nodes: [Certificate!] @join__field(graph: CERTIFICATE_INVENTORY, type: "[Certificate!]") @join__field(graph: SEARCH, type: "[Certificate!]") @join__field(graph: TLSPK, type: "[Certificate!]!") + + """ + Certificates in the current page, together with their associated cursor + """ + edges: [CertificateEdge!] @join__field(graph: CERTIFICATE_INVENTORY, type: "[CertificateEdge!]") @join__field(graph: SEARCH, type: "[CertificateEdge!]") @join__field(graph: TLSPK, type: "[CertificateEdge!]!") +} + +input CertificateDateFilter + @join__type(graph: SEARCH) +{ + """The datetime value for certificate that we want to match""" + eq: DateTime + + """The datetime value for certificate that we don't want to match""" + neq: DateTime + + """ + The date range for certificate that we want to assert whether the date value is within the specified range + """ + between: CertificateDateRange + + """ + The boolean value that we want to assert whether the date field is null or not + """ + hasValue: Boolean +} + +input CertificateDateRange + @join__type(graph: SEARCH) +{ + """The earliest date value we want to match on""" + gte: DateTime + + """The latest date value we want to match on""" + lte: DateTime +} + +"""Certificate together with its associated cursor""" +type CertificateEdge + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: SEARCH) + @join__type(graph: TLSPK) +{ + """The certificate""" + node: Certificate! + + """The cursor for the certificate""" + cursor: String! +} + +""" +CertificateEvaluationRuleAttributesInput provides information on which attributes are used for evaluation +""" +input CertificateEvaluationRuleAttributesInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """ + CertificateAuthorityFingerprints allows to filter by certificate authority for Issuing CA evaluation type + """ + certificateAuthorityFingerprints: CompliancePolicyFieldStringFilter + + """And allows for chaining AND logic""" + and: [CertificateEvaluationRuleAttributesInput!] + + """Or allows for chaining OR logic""" + or: [CertificateEvaluationRuleAttributesInput!] +} + +""" +Identifies the intended usage for which the public-key certificate has been issued +""" +enum CertificateKeyUsage + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """ + for verifying digital signatures that are used with an entity authentication service, a data origin authentication service and/or an integrity service + """ + DIGITAL_SIGNATURE @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """ + for verifying digital signatures which are intended to signal that the signer is committing to the content being signed + """ + NON_REPUDIATION @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """ + for enciphering keys or other security information, e.g., for key transport + """ + KEY_ENCIPHERMENT @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """for enciphering user data, but not keys or other security information""" + DATA_ENCIPHERMENT @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """ + for use as a public key agreement key, such an when an asymmetric Diffie-Hellman key pair is used for key management + """ + KEY_AGREEMENT @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """for verifying a CA's signature on public-key certificates""" + KEY_CERT_SIGN @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """for verifying an authority's signature on CRLs""" + CRL_SIGN @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """ + public key agreement key for use only in enciphering data when used with KEY_AGREEMENT also set + """ + ENCIPHER_ONLY @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """ + public key agreement key for use only in deciphering data when used with KEY_AGREEMENT also set + """ + DECIPHER_ONLY @join__enumValue(graph: CERTIFICATE_INVENTORY) +} + +input CertificateListFilter + @join__type(graph: SEARCH) +{ + """The string value that we want to assert whether it is within the list""" + includes: String + + """The string value that we want to exclude from the list""" + excludes: String + + """ + The boolean value that we want to assert whether the boolean field is null or not + """ + hasValue: Boolean +} + +""" +CertificateMatchingRuleAttributesInput provides information on which attributes are used for matching for certificate resources +""" +input CertificateMatchingRuleAttributesInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """ApplicationIDs allows to filter by application""" + applicationIDs: CompliancePolicyFieldStringFilter + + """Tags allows to filter by application""" + tags: CompliancePolicyFieldStringFilter + + """And allows for chaining AND logic""" + and: [CertificateMatchingRuleAttributesInput!] + + """Or allows for chaining OR logic""" + or: [CertificateMatchingRuleAttributesInput!] +} + +input CertificateNumberFilter + @join__type(graph: SEARCH) +{ + """The generic number value for certificate we want to match""" + eq: Int64 + + """The generic number value for certificate we don't want to match""" + neq: Int64 + + """ + The generic number range value for certificate that we want to assert whether the number value is within the specified range + """ + between: CertificateNumberRange + + """ + The boolean value that we want to assert whether the number field is null or not + """ + hasValue: Boolean +} + +input CertificateNumberRange + @join__type(graph: SEARCH) +{ + """The minimum number value we want to match on""" + gte: Int64 + + """The maximum number value we want to match on""" + lte: Int64 +} + +"""CertificateOrderField defines the fields that can be used for ordering""" +enum CertificateOrderField + @join__type(graph: SEARCH) +{ + """Order by field fingerprint""" + FINGERPRINT @join__enumValue(graph: SEARCH) + + """Order by field subject.cn""" + CERTIFICATE_NAME @join__enumValue(graph: SEARCH) + + """Order by field issuer.cn""" + ISSUER @join__enumValue(graph: SEARCH) + + """Order by field validity.to""" + EXPIRES_ON @join__enumValue(graph: SEARCH) + + """Order by field isCurrent""" + IS_CURRENT @join__enumValue(graph: SEARCH) + + """Order by field tlsServerEndpoints.totalCount""" + TLS_SERVER_ENDPOINTS_TOTAL_COUNT @join__enumValue(graph: SEARCH) + + """Order by field lastModifiedTime""" + LAST_MODIFIED_TIME @join__enumValue(graph: SEARCH) + + """Order by field revocation.status""" + REVOCATION_STATUS @join__enumValue(graph: SEARCH) +} + +""" +CertificateOrderInput contains the ordering information for a specific field +""" +input CertificateOrderInput + @join__type(graph: SEARCH) +{ + field: CertificateOrderField! + direction: OrderDirection! +} + +"""Identifies the origin of the certificate""" +enum CertificateOrigin + @join__type(graph: SEARCH) +{ + USER_PROVIDED @join__enumValue(graph: SEARCH) + USER_IMPORTED @join__enumValue(graph: SEARCH) + USER_SCAN @join__enumValue(graph: SEARCH) + ON_PREM_CA_IMPORT @join__enumValue(graph: SEARCH) + EXTERNAL_CA_IMPORT @join__enumValue(graph: SEARCH) + EXTERNAL_SCAN @join__enumValue(graph: SEARCH) + DOMAIN_SCAN @join__enumValue(graph: SEARCH) + SMART_SCAN_INTERNAL @join__enumValue(graph: SEARCH) + SMART_SCAN_EXTERNAL @join__enumValue(graph: SEARCH) + SMART_VALIDATION_INTERNAL @join__enumValue(graph: SEARCH) + SMART_VALIDATION_EXTERNAL @join__enumValue(graph: SEARCH) + MACHINE_DISCOVERY @join__enumValue(graph: SEARCH) + KUBERNETES_DISCOVERY @join__enumValue(graph: SEARCH) + AWS_DISCOVERY @join__enumValue(graph: SEARCH) + AZURE_DISCOVERY @join__enumValue(graph: SEARCH) + GCP_DISCOVERY @join__enumValue(graph: SEARCH) +} + +input CertificateOriginFilter + @join__type(graph: SEARCH) +{ + """The string value that we want to assert whether it is within the list""" + includes: CertificateOrigin + + """ + The list of origins to match. It will match if at least one of the origins is in the list + """ + anyOf: [CertificateOrigin!] + + """ + The boolean value that we want to assert whether the boolean field is null or not + """ + hasValue: Boolean +} + +input CertificateProvisioningAWSOptionsInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + Amazon Resource Name (ARN) uniquely identifying AWS certificate resource + """ + arn: String + tags: [CertificateProvisioningTagOptionInput] +} + +input CertificateProvisioningAzureOptionsInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + An Azure object-name is a user provided name for and must be unique within a key vault. The name must be a 1-127 character string, starting with a letter and containing only 0-9, a-z, A-Z, and -. + """ + name: String + enabled: Boolean + exportable: Boolean + reuseKey: Boolean + tags: [CertificateProvisioningTagOptionInput] +} + +input CertificateProvisioningGCPOptionsInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + A GCM certificate id is a user provider name and must be unique within a region. The id must be a 1-63 character string, start with a letter and only contain lower case letters, digits and hyphens. + """ + id: String + description: String + scope: GCMCertificateScope + labels: [CertificateProvisioningTagOptionInput] +} + +input CertificateProvisioningOptionsInput + @join__type(graph: CLOUD_PROVIDERS) +{ + awsOptions: CertificateProvisioningAWSOptionsInput + azureOptions: CertificateProvisioningAzureOptionsInput + gcpOptions: CertificateProvisioningGCPOptionsInput +} + +input CertificateProvisioningTagOptionInput + @join__type(graph: CLOUD_PROVIDERS) +{ + name: String! + value: String! +} + +type CertificateRequest + @join__type(graph: CAOPERATIONS, key: "id") + @join__type(graph: OUTAGEDETECTION, key: "id") +{ + id: ID! + issuingTemplate: IssuingTemplate @join__field(graph: CAOPERATIONS) + requester: User @join__field(graph: CAOPERATIONS) + issuedTime: DateTime @join__field(graph: CAOPERATIONS) + csr: String @join__field(graph: CAOPERATIONS) + validityPeriod: String @join__field(graph: CAOPERATIONS) + certificateAuthorityAccount: CertificateAuthorityAccount @join__field(graph: CAOPERATIONS) @deprecated(reason: "deprecated - use issuingTemplate.certificateAuthorityAccount field") + application: Application @join__field(graph: OUTAGEDETECTION) +} + +enum CertificateRevocationApprovalStatus + @join__type(graph: CAOPERATIONS) +{ + NOT_STARTED @join__enumValue(graph: CAOPERATIONS) + COMPLETED @join__enumValue(graph: CAOPERATIONS) + FAILED @join__enumValue(graph: CAOPERATIONS) +} + +type CertificateRevocationApprovalStatusObject + @join__type(graph: CAOPERATIONS) +{ + fingerprint: String! + errorInformation: ErrorInformation + status: CertificateRevocationApprovalStatus! +} + +""" +CertificateSearchAttributesInput defines the searchable field attributes. The parent input field name defines the operator +used between the attributes (i.e. "and" will match ALL supplied attributes, "or" will match ANY of the attributes) +""" +input CertificateSearchAttributesInput + @join__type(graph: SEARCH) +{ + """Filter by field 'application.id'""" + applicationId: CertificateStringFilter + + """Filter by field 'application.name'""" + applicationName: CertificateStringFilter + + """Filter by field 'applications.owners.nodes.id'""" + applicationOwnerId: CertificateStringFilter + + """Filter by field 'lastImportRunId'""" + lastImportRunId: CertificateStringFilter + + """Filter by field 'issuanceCertificateAuthorityAccount.id'""" + issuanceCertificateAuthorityAccountId: CertificateStringFilter + + """Filter by field 'productOption.id'""" + productOptionId: CertificateStringFilter + + """Filter by field 'importCertificateAuthorityAccount.id'""" + importCertificateAuthorityAccountId: CertificateStringFilter + + """Filter by field 'importOption.id'""" + importOptionId: CertificateStringFilter + + """Filter by field 'certificateErrorCount.alerts'""" + certificateAlertsCount: CertificateNumberFilter + + """Filter by field 'certificateErrorCount.warnings'""" + certificateWarningsCount: CertificateNumberFilter + + """Filter by field 'name'""" + certificateName: CertificateStringFilter + + """Filter by field 'subject.c'""" + subjectC: CertificateListFilter + + """Filter by field 'subject.cn'""" + subjectCN: CertificateStringFilter + + """Filter by field 'subject.commonName'""" + subjectCommonName: CertificateListFilter + + """Filter by field 'subject.dc'""" + subjectDC: CertificateStringFilter + + """Filter by field 'subject.l'""" + subjectL: CertificateListFilter + + """Filter by field 'subject.o'""" + subjectO: CertificateListFilter + + """Filter by field 'subject.ou'""" + subjectOU: CertificateListFilter + + """Filter by field 'subject.postalCode'""" + subjectPostalCode: CertificateListFilter + + """Filter by field 'subject.st'""" + subjectST: CertificateListFilter + + """Filter by field 'errorCount.alerts'""" + alertsCount: CertificateNumberFilter + + """Filter by field 'errorCount.warnings'""" + warningsCount: CertificateNumberFilter + + """Filter by field 'extendedKeyUsages'""" + extendedKeyUsages: ExtendedKeyUsagesFilter + + """Filter by field 'fingerprint'""" + fingerprint: CertificateStringFilter + + """Filter by field 'creationTime'""" + creationTime: CertificateDateFilter + + """Filter by field 'lastModifiedTime'""" + lastModifiedTime: CertificateDateFilter + + """Filter by field 'serialNumber'""" + serialNumber: CertificateStringFilter + + """Filter by field 'isCurrent'""" + isCurrent: CertificateBooleanFilter + + """Filter by field 'isCA'""" + isCA: CertificateBooleanFilter + + """Filter by field 'isSelfSigned'""" + isSelfSigned: CertificateBooleanFilter + + """Filter by field 'issuer.c'""" + issuerC: CertificateListFilter + + """Filter by field 'issuer.cn'""" + issuerCN: CertificateStringFilter + + """Filter by field 'issuer.dc'""" + issuerDC: CertificateStringFilter + + """Filter by field 'issuer.l'""" + issuerL: CertificateListFilter + + """Filter by field 'issuer.o'""" + issuerO: CertificateListFilter + + """Filter by field 'issuer.ou'""" + issuerOU: CertificateListFilter + + """Filter by field 'issuer.postalCode'""" + issuerPostalCode: CertificateListFilter + + """Filter by field 'issuer.st'""" + issuerST: CertificateListFilter + + """Filter by field 'origins'""" + origins: CertificateOriginFilter + + """Filter by field 'revocation.status'""" + revocationStatus: RevocationStatusFilter + + """Filter by field 'revocation.approvalDetails.approverUserIds'""" + revocationApproverUserIds: RevocationApprovalInformationFilter + + """Filter by field 'revocation.approvalDetails.approverTeamIds'""" + revocationApproverTeamIds: RevocationApprovalInformationFilter + + """Filter by field 'revocation.approvalDetails.approvedIds'""" + revocationApprovedIds: RevocationApprovalInformationFilter + + """Filter by field 'revocation.approvalDetails.finalApproverId'""" + revocationFinalApproverId: RevocationFinalApprovalInformationFilter + + """Filter by field 'dekHash'""" + dekHash: CertificateStringFilter + + """Filter by field 'publicKeyInformation.__typename'""" + publicKeyInformationTypeName: PublicKeyInformationTypeFilter + + """Filter by RSAKeyInfo field 'publicKeyInformation.strength'""" + publicKeyInformationRSAStrength: CertificateNumberFilter + + """Filter by ECKeyInfo field 'publicKeyInformation.curve'""" + publicKeyInformationECCurve: CertificateStringFilter + + """Filter by DSAKeyInfo field 'publicKeyInformation.l'""" + publicKeyInformationDSAL: CertificateNumberFilter + + """Filter by DSAKeyInfo field 'publicKeyInformation.n'""" + publicKeyInformationDSAN: CertificateNumberFilter + + """Filter by GenericKeyInfo field 'publicKeyInformation.oid'""" + publicKeyInformationOID: CertificateStringFilter + + """Filter by field 'subjectHashAlgorithm'""" + signatureHashAlgorithm: SignatureHashAlgorithmFilter + + """Filter by field 'status'""" + status: CertificateStatusFilter + + """Filter by field 'subjectAlternativeNames.__typename'""" + subjectAlternativeNameTypeName: SubjectAlternativeNameTypeFilter + + """Filter by field 'subjectAlternativeNames.dnsName'""" + subjectAlternativeNameDNSName: CertificateStringFilter + + """Filter by field 'subjectAlternativeNames.c'""" + subjectAlternativeNameDirectoryNameC: CertificateListFilter + + """Filter by field 'subjectAlternativeNames.cn'""" + subjectAlternativeNameDirectoryNameCN: CertificateStringFilter + + """Filter by field 'subjectAlternativeNames.l'""" + subjectAlternativeNameDirectoryNameL: CertificateListFilter + + """Filter by field 'subjectAlternativeNames.o'""" + subjectAlternativeNameDirectoryNameO: CertificateListFilter + + """Filter by field 'subjectAlternativeNames.ou'""" + subjectAlternativeNameDirectoryNameOU: CertificateListFilter + + """Filter by field 'subjectAlternativeNames.postalCode'""" + subjectAlternativeNameDirectoryNamePostalCode: CertificateListFilter + + """Filter by field 'subjectAlternativeNames.st'""" + subjectAlternativeNameDirectoryNameST: CertificateListFilter + + """Filter by field 'subjectAlternativeNames.streetAddress'""" + subjectAlternativeNameDirectoryNameStreetAddress: CertificateListFilter + + """Filter by field 'subjectAlternativeNames.ip'""" + subjectAlternativeNameIP: CertificateStringFilter + + """Filter by field 'subjectAlternativeNames.uri'""" + subjectAlternativeNameURI: CertificateStringFilter + + """Filter by field 'subjectAlternativeNames.emailAddress'""" + subjectAlternativeNameEmailAddress: CertificateStringFilter + + """Filter by field 'tags.name'""" + tagName: CertificateStringFilter + + """Filter by field 'tlsServerEndpoints.totalCount'""" + tlsServerEndpointTotalCount: CertificateNumberFilter + + """Filter by field 'tlsServerEndpoints.nodes.lastAttemptTime'""" + tlsServerEndpointLastAttemptTime: CertificateDateFilter + + """Filter by field 'tlsServerEndpoints.nodes.lastSeenTime'""" + tlsServerEndpointLastSeenTime: CertificateDateFilter + + """Filter by field 'tlsServerEndpoints.nodes.deploymentStatus'""" + tlsServerEndpointDeploymentStatus: DeploymentStatusFilter + + """ + Filter by field 'tlsServerEndpoints.nodes.tlsValidationError.errorType' + """ + tlsServerEndpointTLSValidationErrorType: TLSValidationErrorTypeFilter + + """ + Filter by field 'tlsServerEndpoints.nodes.chainValidationErrors.errorType' + """ + tlsServerEndpointChainValidationErrorType: ChainValidationErrorTypeFilter + + """Filter by field 'validity.from'""" + validityFrom: CertificateDateFilter + + """Filter by field 'validity.to'""" + validityTo: CertificateDateFilter + + """Filter by field 'validity.period'""" + validityPeriod: CertificateNumberFilter + + """Filter by field 'clusterCertificateInstallations.nodes.__typename'""" + clusterCertificateInstallationTypeName: CertificateStringFilter + + """Filter by field 'clusterCertificateInstallations.nodes.namespace'""" + clusterCertificateInstallationClusterSecretNamespace: CertificateStringFilter + + """Filter by field 'clusterCertificateInstallations.nodes.cluster.id'""" + clusterCertificateInstallationClusterId: CertificateStringFilter + + """Filter by field 'clusterCertificateInstallations.nodes.cluster.name'""" + clusterCertificateInstallationClusterName: CertificateStringFilter + + """Filter by field 'clusterCertificateInstallations.nodes.lifecycle'""" + clusterCertificateInstallationClusterSecretLifecycle: CertificateStringFilter + + """ + Filter by field 'clusterCertificateInstallations.nodes.clusterCertificateBinding.resourceType' + """ + clusterCertificateInstallationClusterSecretUsedBy: CertificateStringFilter + + """Filter by field 'aggregatedKubernetesLabels.name'""" + kubernetesLabel: CertificateStringFilter + + """Filter by field 'aggregatedKubernetesAnnotations.name'""" + kubernetesAnnotation: CertificateStringFilter + + """Filter by field 'cloudInstallations.nodes.metadata.cloudId'""" + cloudInstallationsCloudId: CertificateStringFilter + + """Filter by field 'cloudInstallations.nodes.cloudKeystoreId'""" + cloudInstallationsCloudKeystoreId: CertificateStringFilter + + """Filter by field 'cloudInstallations.nodes.cloudKeystoreName'""" + cloudInstallationsCloudKeystoreName: CertificateStringFilter + + """Filter by field 'cloudInstallations.nodes.cloudProviderId'""" + cloudInstallationsCloudProviderId: CertificateStringFilter + + """Filter by field 'cloudInstallations.nodes.cloudProviderName'""" + cloudInstallationsCloudProviderName: CertificateStringFilter + + """Filter by field 'cloudInstallations.nodes.addedOn'""" + cloudInstallationsAddedOn: CertificateDateFilter + + """Filter by field 'cloudInstallations.nodes.status'""" + cloudInstallationsStatus: CertificateStringFilter + + """ + Filter by matching ALL the supplied fields on the array of CertificateSearchAttributes input object + """ + and: [CertificateSearchAttributesInput!] + + """ + Filter by matching any ONE of the supplied fields on the array of CertificateSearchAttributes input object + """ + or: [CertificateSearchAttributesInput!] +} + +""" +CertificateSearchFilterInput defines the search filter. If more than one field is supplied, the match is on ALL of them +(i.e. using an implicit AND operator) +""" +input CertificateSearchFilterInput + @join__type(graph: SEARCH) +{ + """ + Simple filter for full-text like search, used for matching across all searchable fields + """ + quickFilter: String + + """ + Filter by matching ALL the supplied fields on the array of CertificateSearchAttributes input object + """ + and: [CertificateSearchAttributesInput!] + + """ + Filter by matching any ONE of the supplied fields on the array of CertificateSearchAttributes input object + """ + or: [CertificateSearchAttributesInput!] +} + +"""Indicates the status of a certificate""" +enum CertificateStatus + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: SEARCH) +{ + """certificate is active""" + ACTIVE @join__enumValue(graph: CERTIFICATE_INVENTORY) @join__enumValue(graph: SEARCH) + + """certificate has been retired by an user""" + RETIRED @join__enumValue(graph: CERTIFICATE_INVENTORY) @join__enumValue(graph: SEARCH) +} + +input CertificateStatusFilter + @join__type(graph: SEARCH) +{ + """The certificate status value we want to match""" + eq: CertificateStatus + + """The certificate status value we don't want to match""" + neq: CertificateStatus + + """ + The list of certificate status that we want to assert whether the string value is included in the provided list + """ + in: [CertificateStatus!] + + """ + The boolean value that we want to assert whether the field is null or not + """ + hasValue: Boolean +} + +input CertificateStringFilter + @join__type(graph: SEARCH) +{ + """The generic string value for certificate we want to match""" + eq: String + + """The generic string value for certificate we don't want to match""" + neq: String + + """ + The generic string value for certificate we want to assert whether the provided string is present + """ + contains: String + + """ + The list of generic string values for certificate that we want to assert whether the string value is included in the provided list + """ + in: [String!] + + """ + The list of generic string values for certificate that we want to assert whether the certificate string value is a prefixed by values in the provided list + """ + startsWith: [String!] + + """ + The boolean value that we want to assert whether the field is null or not + """ + hasValue: Boolean +} + +""" +CertificateType defines what type of certificate the trusted CA cert is +""" +enum CertificateType + @join__type(graph: CERTIFICATE) +{ + ROOT_CA @join__enumValue(graph: CERTIFICATE) + SELF_ISSUED_CA @join__enumValue(graph: CERTIFICATE) + CA @join__enumValue(graph: CERTIFICATE) + CROSS_CA @join__enumValue(graph: CERTIFICATE) + END_ENTITY @join__enumValue(graph: CERTIFICATE) + END_ENTITY_AC @join__enumValue(graph: CERTIFICATE) +} + +type CertificateValidationError implements ValidationError + @join__implements(graph: CERTIFICATE_INVENTORY, interface: "ValidationError") + @join__type(graph: CERTIFICATE_INVENTORY) +{ + message: String + arguments: [String!] + errorType: CertificateValidationErrorType +} + +"""Identifies error type for certificate validation""" +enum CertificateValidationErrorType + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """indicates when a certificate is expired""" + CERTIFICATE_EXPIRED @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """ + indicates when a certificate is an older version of an existing current version of certificate + """ + CERTIFICATE_OLD_VERSION @join__enumValue(graph: CERTIFICATE_INVENTORY) +} + +"""Indicates the validity of a certificate""" +type CertificateValidity + @join__type(graph: CERTIFICATE_INVENTORY) +{ + from: DateTime + to: DateTime + + """ certificate validity period in seconds""" + period: Int64 +} + +type ChainValidationError implements ValidationError + @join__implements(graph: OUTAGEDETECTION, interface: "ValidationError") + @join__type(graph: OUTAGEDETECTION) +{ + message: String + arguments: [String!] + errorType: ChainValidationErrorType +} + +""" +Identifies the chain validation error type associated with a tls server endpoint +""" +enum ChainValidationErrorType + @join__type(graph: OUTAGEDETECTION) + @join__type(graph: SEARCH) +{ + CHAIN_EXPIRE_BEFORE_EE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + CHAIN_BUILDING_FAILED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + INCOMPLETE_CHAIN @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + DISTRUSTED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + UNKNOWN_ERROR @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + NOT_APPLICABLE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + SELF_SIGNED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) +} + +input ChainValidationErrorTypeFilter + @join__type(graph: SEARCH) +{ + """The chain validation error type value we want to match""" + eq: ChainValidationErrorType + + """The chain validation error type value we don't want to match""" + neq: ChainValidationErrorType + + """ + The list of chain validation error types that we want to assert whether the string value is included in the provided list + """ + in: [ChainValidationErrorType!] + + """ + The boolean value that we want to assert whether the field is null or not + """ + hasValue: Boolean +} + +type CloudDiscovery + @join__type(graph: CLOUD_PROVIDERS) +{ + id: UUID! + cloudKeystore: CloudKeystore! + status: CloudDiscoveryStatus! + statusDetails: String + totalCertificatesCount: Int! + missingCertificatesCount: Int! + updatedCertificatesCount: Int! + newCertificatesCount: Int! + startedBy: User! + startTime: DateTime + endTime: DateTime +} + +type CloudDiscoveryConfiguration + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + A crontab expression representing when the scheduled discovery will run, eg: '00 03 * * *' -> 3 AM every day + """ + scheduleSpecification: String + includeExpiredCertificates: Boolean! + includeRevokedCertificates: Boolean! +} + +input CloudDiscoveryConfigurationInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + A crontab expression representing when the scheduled discovery will run, eg: '00 03 * * *' -> 3 AM every day + """ + scheduleSpecification: String + includeExpiredCertificates: Boolean + includeRevokedCertificates: Boolean +} + +"""Indicates the status of a cloud discovery""" +enum CloudDiscoveryStatus + @join__type(graph: CLOUD_PROVIDERS) +{ + """The cloud discovery has not been initiated""" + NEVER_INITIATED @join__enumValue(graph: CLOUD_PROVIDERS) + + """The cloud discovery has been initiated""" + INITIATED @join__enumValue(graph: CLOUD_PROVIDERS) + + """The cloud discovery is running""" + RUNNING @join__enumValue(graph: CLOUD_PROVIDERS) + + """The cloud discovery has been successfully completed""" + COMPLETED @join__enumValue(graph: CLOUD_PROVIDERS) + + """The cloud discovery has been aborted""" + ABORTED @join__enumValue(graph: CLOUD_PROVIDERS) + + """The cloud discovery is aborting""" + ABORTING @join__enumValue(graph: CLOUD_PROVIDERS) + + """The cloud discovery has failed""" + FAILED @join__enumValue(graph: CLOUD_PROVIDERS) +} + +type CloudKeystore + @join__type(graph: CLOUD_PROVIDERS) +{ + id: UUID! + + """ + Cloud Keystore name + + A string between 3 and 250 characters + """ + name: String! + type: CloudKeystoreType! + team: Team! + authorizedTeams: [Team!] + cloudProvider: CloudProvider! + configuration: CloudKeystoreConfiguration! + machineIdentitiesCount: Int! + createdOn: DateTime! + createdBy: User! + lastModifiedOn: DateTime! + lastModifiedBy: User + discovery: CloudDiscovery + discoveryConfiguration: CloudDiscoveryConfiguration! +} + +type CloudKeystoreACMConfiguration + @join__type(graph: CLOUD_PROVIDERS) +{ + region: String! +} + +input CloudKeystoreACMConfigurationInput + @join__type(graph: CLOUD_PROVIDERS) +{ + region: String! +} + +type CloudKeystoreAKVConfiguration + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + An Azure Key Vault name + + The vault name should be string of 3 to 24 characters and can contain only numbers (0-9), letters (a-z, A-Z), and hyphens (-). + The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens. + """ + keyVaultName: String! +} + +input CloudKeystoreAKVConfigurationInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + An Azure Key Vault name + + The vault name should be string of 3 to 24 characters and can contain only numbers (0-9), letters (a-z, A-Z), and hyphens (-). + The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens. + """ + keyVaultName: String! +} + +union CloudKeystoreConfiguration + @join__type(graph: CLOUD_PROVIDERS) + @join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudKeystoreACMConfiguration") + @join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudKeystoreAKVConfiguration") + @join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudKeystoreGCMConfiguration") + = CloudKeystoreACMConfiguration | CloudKeystoreAKVConfiguration | CloudKeystoreGCMConfiguration + +"""A page of CloudKeystore results""" +type CloudKeystoreConnection + @join__type(graph: CLOUD_PROVIDERS) +{ + """Current page information""" + pageInfo: PageInfo! + + """Total number of cloud keystores (in all pages)""" + totalCount: Int! + + """CloudKeystores in the current page, without cursor""" + nodes: [CloudKeystore!] + + """ + CloudKeystores in the current page, together with their associated cursor + """ + edges: [CloudKeystoreEdge!] +} + +"""CloudKeystore together with its associated cursor""" +type CloudKeystoreEdge + @join__type(graph: CLOUD_PROVIDERS) +{ + """The cloud keystore""" + node: CloudKeystore! + + """The cursor for the cloud keystore""" + cursor: String! +} + +input CloudKeystoreFilterInput + @join__type(graph: CLOUD_PROVIDERS) +{ + cloudProviderId: UUID + cloudProviderName: String + cloudKeystoreId: UUID + cloudKeystoreName: String +} + +type CloudKeystoreGCMConfiguration + @join__type(graph: CLOUD_PROVIDERS) +{ + projectId: String! + location: String! +} + +input CloudKeystoreGCMConfigurationInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + GCP Certificate Manager project name. + + The unique, user-assigned ID of the Project. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. + """ + projectId: String! + location: String! +} + +input CloudKeystoreInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + Cloud Keystore name + + A string between 3 and 250 characters + """ + name: String! + type: CloudKeystoreType! + teamId: UUID! + authorizedTeams: [UUID!] + cloudProviderId: UUID! + acmConfiguration: CloudKeystoreACMConfigurationInput + akvConfiguration: CloudKeystoreAKVConfigurationInput + gcmConfiguration: CloudKeystoreGCMConfigurationInput + discoveryConfiguration: CloudDiscoveryConfigurationInput +} + +""" +CloudKeystoreOrderField defines the fields that can be used for ordering +""" +enum CloudKeystoreOrderField + @join__type(graph: CLOUD_PROVIDERS) +{ + """Order by ID""" + ID @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Name""" + NAME @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Cloud Keystore Type""" + TYPE @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Owner Team ID""" + TEAM_ID @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Authorized Team IDs""" + AUTHORIZED_TEAMS @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Cloud Provider ID""" + CLOUD_PROVIDER_ID @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Cloud Provider Name""" + CLOUD_PROVIDER_NAME @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Machine Identities Count""" + MACHINE_IDENTITIES_COUNT @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Created On date""" + CREATED_ON @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by CreatedBy User ID""" + CREATED_BY @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Last Modified date""" + LAST_MODIFIED_ON @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Last Modified By User ID""" + LAST_MODIFIED_BY @join__enumValue(graph: CLOUD_PROVIDERS) +} + +""" +CloudKeystoreOrderInput contains the ordering information for a specific field +""" +input CloudKeystoreOrderInput + @join__type(graph: CLOUD_PROVIDERS) +{ + field: CloudKeystoreOrderField! + direction: OrderDirection! +} + +"""Indicates the type of a Cloud Keystore""" +enum CloudKeystoreType + @join__type(graph: CLOUD_PROVIDERS) +{ + """AWS Certificate Manager""" + ACM @join__enumValue(graph: CLOUD_PROVIDERS) + + """Azure Key Vault""" + AKV @join__enumValue(graph: CLOUD_PROVIDERS) + + """Google Certificate Manager""" + GCM @join__enumValue(graph: CLOUD_PROVIDERS) +} + +input CloudKeystoreUpdateInput + @join__type(graph: CLOUD_PROVIDERS) +{ + id: UUID! + + """ + Cloud Keystore name + + A string between 3 and 250 characters + """ + name: String + teamId: UUID + authorizedTeams: [UUID!] + discoveryConfiguration: CloudDiscoveryConfigurationInput +} + +input CloudMachineIdentitiesFilterInput + @join__type(graph: CLOUD_PROVIDERS) +{ + cloudKeystoreId: UUID + machineIdentityId: UUID + fingerprints: [String!] + newlyDiscovered: Boolean + metadata: String +} + +type CloudProvider + @join__type(graph: CLOUD_PROVIDERS) +{ + id: UUID! + type: CloudProviderType! + configuration: CloudProviderConfiguration! + name: String! + team: Team! + authorizedTeams: [Team!] + status: CloudProviderStatus! + statusDetails: String + keystoresCount: Int! + createdOn: DateTime! + createdBy: User! + lastModifiedOn: DateTime! + lastModifiedBy: User +} + +type CloudProviderAWSConfiguration + @join__type(graph: CLOUD_PROVIDERS) +{ + accountId: AWSAccountID! + + """ + An AWS Policy Role. + + Maximum 64 characters. Use alphanumeric and '+=,.@-_' characters. + """ + role: String! + externalId: String! +} + +input CloudProviderAWSConfigurationInput + @join__type(graph: CLOUD_PROVIDERS) +{ + accountId: AWSAccountID! + + """ + An AWS Policy Role. + + Maximum 64 characters. Use alphanumeric and '+=,.@-_' characters. + """ + role: String! +} + +input CloudProviderAWSConfigurationUpdateInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + An AWS Policy Role. + + Maximum 64 characters. Use alphanumeric and '+=,.@-_' characters. + """ + role: String +} + +type CloudProviderAzureConfiguration + @join__type(graph: CLOUD_PROVIDERS) +{ + applicationId: String! + directoryId: String! +} + +input CloudProviderAzureConfigurationInput + @join__type(graph: CLOUD_PROVIDERS) +{ + applicationId: String! + directoryId: String! + secret: String! +} + +input CloudProviderAzureConfigurationUpdateInput + @join__type(graph: CLOUD_PROVIDERS) +{ + secret: String! +} + +union CloudProviderConfiguration + @join__type(graph: CLOUD_PROVIDERS) + @join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudProviderAWSConfiguration") + @join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudProviderAzureConfiguration") + @join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudProviderGCPConfiguration") + = CloudProviderAWSConfiguration | CloudProviderAzureConfiguration | CloudProviderGCPConfiguration + +"""A page of CloudProvider results""" +type CloudProviderConnection + @join__type(graph: CLOUD_PROVIDERS) +{ + """Current page information""" + pageInfo: PageInfo! + + """Total number of cloud providers (in all pages)""" + totalCount: Int! + + """CloudProviders in the current page, without cursor""" + nodes: [CloudProvider!] + + """ + CloudProviders in the current page, together with their associated cursor + """ + edges: [CloudProviderEdge!] +} + +union CloudProviderDetails + @join__type(graph: CLOUD_PROVIDERS) + @join__unionMember(graph: CLOUD_PROVIDERS, member: "AWSProviderDetails") + @join__unionMember(graph: CLOUD_PROVIDERS, member: "AzureProviderDetails") + @join__unionMember(graph: CLOUD_PROVIDERS, member: "GCPProviderDetails") + = AWSProviderDetails | AzureProviderDetails | GCPProviderDetails + +"""CloudProvider together with its associated cursor""" +type CloudProviderEdge + @join__type(graph: CLOUD_PROVIDERS) +{ + """The cloud provider""" + node: CloudProvider! + + """The cursor for the cloud provider""" + cursor: String! +} + +input CloudProviderFilterInput + @join__type(graph: CLOUD_PROVIDERS) +{ + status: CloudProviderStatus + type: CloudProviderType + name: String +} + +type CloudProviderGCPConfiguration + @join__type(graph: CLOUD_PROVIDERS) +{ + serviceAccountEmail: String! + publicKey: String + publicKeyNotAfter: String + authorizationMethod: AuthorizationMethod! + projectNumber: String + workloadIdentityPoolId: String + workloadIdentityPoolProviderId: String + issuerUrl: String +} + +input CloudProviderGCPConfigurationInput + @join__type(graph: CLOUD_PROVIDERS) +{ + serviceAccountEmail: String! + projectNumber: String + workloadIdentityPoolId: String + workloadIdentityPoolProviderId: String + authorizationMethod: AuthorizationMethod +} + +input CloudProviderGCPConfigurationUpdateInput + @join__type(graph: CLOUD_PROVIDERS) +{ + projectNumber: String + workloadIdentityPoolId: String + workloadIdentityPoolProviderId: String +} + +input CloudProviderInput + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + Cloud Provider name + + A string between 3 and 250 characters + """ + name: String! + type: CloudProviderType! + awsConfiguration: CloudProviderAWSConfigurationInput + azureConfiguration: CloudProviderAzureConfigurationInput + gcpConfiguration: CloudProviderGCPConfigurationInput + teamId: UUID! + authorizedTeams: [UUID!] +} + +""" +CloudKeystoreOrderField defines the fields that can be used for ordering +""" +enum CloudProviderOrderField + @join__type(graph: CLOUD_PROVIDERS) +{ + """Order by ID""" + ID @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Name""" + NAME @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Cloud Provider Type""" + TYPE @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Validation Status""" + STATUS @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Owner Team ID""" + TEAM_ID @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Authorized Team IDs""" + AUTHORIZED_TEAMS @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Cloud Keystore Count""" + CLOUD_KEYSTORE_COUNT @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Created On date""" + CREATED_ON @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by CreatedBy User ID""" + CREATED_BY @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Last Modified date""" + LAST_MODIFIED_ON @join__enumValue(graph: CLOUD_PROVIDERS) + + """Order by Last Modified By User ID""" + LAST_MODIFIED_BY @join__enumValue(graph: CLOUD_PROVIDERS) +} + +""" +CloudProviderOrderInput contains the ordering information for a specific field +""" +input CloudProviderOrderInput + @join__type(graph: CLOUD_PROVIDERS) +{ + field: CloudProviderOrderField! + direction: OrderDirection! +} + +"""Indicates the status of a cloud provider""" +enum CloudProviderStatus + @join__type(graph: CLOUD_PROVIDERS) +{ + """The cloud provider is successfully validated""" + VALIDATED @join__enumValue(graph: CLOUD_PROVIDERS) + + """ + The cloud provider is not validated or the validation fails for some reason + """ + NOT_VALIDATED @join__enumValue(graph: CLOUD_PROVIDERS) +} + +"""Indicates the type of a Cloud Provider""" +enum CloudProviderType + @join__type(graph: CLOUD_PROVIDERS) +{ + """AWS cloud provider type""" + AWS @join__enumValue(graph: CLOUD_PROVIDERS) + + """Azure cloud provider type""" + AZURE @join__enumValue(graph: CLOUD_PROVIDERS) + + """Google cloud provider type""" + GCP @join__enumValue(graph: CLOUD_PROVIDERS) +} + +input CloudProviderUpdateInput + @join__type(graph: CLOUD_PROVIDERS) +{ + type: CloudProviderType! + id: UUID! + + """ + Cloud Provider name + + A string between 3 and 250 characters + """ + name: String + teamId: UUID + authorizedTeams: [UUID!] + awsConfiguration: CloudProviderAWSConfigurationUpdateInput + azureConfiguration: CloudProviderAzureConfigurationUpdateInput + gcpConfiguration: CloudProviderGCPConfigurationUpdateInput +} + +input CloudProviderValidateInput + @join__type(graph: CLOUD_PROVIDERS) +{ + type: CloudProviderType! + awsConfiguration: CloudProviderAWSConfigurationInput + azureConfiguration: CloudProviderAzureConfigurationInput + gcpConfiguration: CloudProviderGCPConfigurationInput +} + +type CloudProviderValidationResult + @join__type(graph: CLOUD_PROVIDERS) +{ + result: CloudProviderStatus! + details: String +} + +type Cluster + @join__type(graph: TLSPK) +{ + """ID is the identifier of the cluster in VaaS. It is immutable.""" + id: ID! + + """Name is the display name of the cluster.""" + name: String! + + """Description is the description text about the cluster.""" + description: String + + """ + UploaderID is the identifier used by the upload API to assign an upload to a cluster. It sent by agent in the payload. + """ + uploaderID: ID! + + """LastCheckInTime is the last time the cluster connected with VaaS.""" + lastCheckInTime: String + + """RegisteredOnTime is when the cluster connected for the first time.""" + registeredOnTime: String + + """Status is the status of the cluster connection.""" + status: ClusterStatus! + + """AgentVersion is the version of the agent last time it contacted.""" + agentVersion: String! + + """ + ServiceAccountID is the client ID of the service account linked to the cluster + """ + serviceAccountID: String + + """ServiceAccount is the service account linked to the cluster""" + serviceAccount: ServiceAccount + + """ + Certificates is the connection to list of certificates per cluster that were sent to cert-inventory + """ + certificates: CertificateConnection + + """ + UniqueCertificates is the total number of unique certificates currently in the cluster + """ + uniqueCertificates: Int! +} + +type ClusterCertificateBinding + @join__type(graph: TLSPK) +{ + id: ID! + resourceName: String! + resourceType: String! + namespace: String! + policyViolation: [PolicyViolation!]! + certificate: Certificate + clusterSecret: ClusterSecret! + cluster: Cluster! + aggregatedKubernetesLabels(type: String): [AggregatedKubernetesTag]! + aggregatedKubernetesAnnotations(type: String): [AggregatedKubernetesTag]! +} + +type ClusterCertificateBindingConnection + @join__type(graph: TLSPK) +{ + pageInfo: PageInfo! + nodes: [ClusterCertificateBinding!]! + edges: [ClusterCertificateBindingEdge!]! + totalCount: Int! +} + +type ClusterCertificateBindingEdge + @join__type(graph: TLSPK) +{ + node: ClusterCertificateBinding! + cursor: String! +} + +union ClusterCertificateInstallation + @join__type(graph: TLSPK) + @join__unionMember(graph: TLSPK, member: "ClusterSecret") + = ClusterSecret + +type ClusterCertificateInstallationConnection + @join__type(graph: TLSPK) +{ + pageInfo: PageInfo! + nodes: [ClusterCertificateInstallation!]! + edges: [ClusterCertificateInstallationEdge!]! + totalCount: Int! +} + +type ClusterCertificateInstallationEdge + @join__type(graph: TLSPK) +{ + node: ClusterCertificateInstallation! + cursor: String! +} + +type ClusterConnection + @join__type(graph: TLSPK) +{ + edges: [ClusterEdge!]! + nodes: [Cluster!]! + pageInfo: PageInfo! + totalCount: Int! +} + +type ClusterEdge + @join__type(graph: TLSPK) +{ + node: Cluster + cursor: String! +} + +input ClusterFilterInput + @join__type(graph: TLSPK) +{ + filter: String + filterOperator: LogicOperator + id: ConditionInputForEnum + name: ConditionInputForString + status: ConditionInputForEnum + attributesOperator: LogicOperator +} + +input ClusterInput + @join__type(graph: TLSPK) +{ + """ID is the identifier of the cluster in VaaS. It is immutable.""" + id: ID + + """Name is the display name for the cluster.""" + name: String + + """Description is the description text about the cluster.""" + description: String + + """ServiceAccountID is the client ID of the service account to link""" + serviceAccountID: String +} + +enum ClusterOrderDirection + @join__type(graph: TLSPK) +{ + ASC @join__enumValue(graph: TLSPK) + DESC @join__enumValue(graph: TLSPK) +} + +enum ClusterOrderField + @join__type(graph: TLSPK) +{ + name @join__enumValue(graph: TLSPK) + status @join__enumValue(graph: TLSPK) + lastCheckInTime @join__enumValue(graph: TLSPK) + registeredOnTime @join__enumValue(graph: TLSPK) +} + +input ClusterOrderInput + @join__type(graph: TLSPK) +{ + field: ClusterOrderField + direction: ClusterOrderDirection +} + +type ClusterSecret + @join__type(graph: TLSPK) +{ + id: ID! + name: String! + namespace: String! + policyViolation: [PolicyViolation!]! + certificate: Certificate + lifecycle: Lifecycle + clusterCertificateBindings: [ClusterCertificateBinding!]! + cluster: Cluster! + aggregatedKubernetesLabels(type: String): [AggregatedKubernetesTag]! + aggregatedKubernetesAnnotations(type: String): [AggregatedKubernetesTag]! +} + +type ClusterSecretConnection + @join__type(graph: TLSPK) +{ + pageInfo: PageInfo! + nodes: [ClusterSecret!]! + edges: [ClusterSecretEdge!]! + totalCount: Int! +} + +type ClusterSecretEdge + @join__type(graph: TLSPK) +{ + node: ClusterSecret! + cursor: String! +} + +enum ClusterStatus + @join__type(graph: TLSPK) +{ + WAITING_FOR_FIRST_CONTACT @join__enumValue(graph: TLSPK) + REGISTERED @join__enumValue(graph: TLSPK) + ACTIVE @join__enumValue(graph: TLSPK) + INACTIVE @join__enumValue(graph: TLSPK) + DELETED @join__enumValue(graph: TLSPK) +} + +""" +CompliancePoliciesSummary defines a summary view of widgets to provide more context for the collection of compliance policies +""" +type CompliancePoliciesSummary + @join__type(graph: COMPLIANCE_POLICY) +{ + """ + CertificatePolicyFindings is used to provide information on how many certs have issues + """ + certificatePolicyFindings: CertificateCompliancePolicyFindingsOverviewWidget +} + +""" +CompliancePolicy refers to a policy set on resources in VCP to check certain rules +These consist of matching rules (which assets should be checked) +and evaluation rules (what attributes should be checked) +Based on the configured matching and evaluation rules, a certain amount of +findings can be generated which show a status for each evaluation rule +""" +type CompliancePolicy + @join__type(graph: COMPLIANCE_POLICY) +{ + id: UUID! + + """Name for compliance policy""" + name: String + + """Status of the compliance policy""" + status: CompliancePolicyStatus + + """Description of the compliance policy""" + description: String + + """ + Matching rules of the compliance policy, referring to Application and Tags + """ + matchingRules: [CompliancePolicyMatchingRule!] + + """ + Evaluation rules of the compliance policy, attributes to check on certificates + """ + evaluationRules: [CompliancePolicyEvaluationRule!] + + """Findings is a list of findings found per policy""" + findings: CompliancePolicyFindingConnection + + """UpdatedOn shows the time the compliance policy was last updated""" + updatedOn: String + + """Active states whether this policy is active for evaluation""" + active: Boolean + + """ + RemediationText is text used to inform a user of what steps can be taken to fix issues + """ + remediationText: String +} + +""" +CompliancePolicyConnection is used to provide pagination to compliance policies +""" +type CompliancePolicyConnection + @join__type(graph: COMPLIANCE_POLICY) +{ + """Edges of the compliance policy connection for linking""" + edges: [CompliancePolicyEdge!]! + + """Nodes of the compliance policy connection for paginated results""" + nodes: [CompliancePolicy!]! + + """PageInfo is information for pagination""" + pageInfo: PageInfo! + + """TotalCount of compliance policies that match pagination criteria""" + totalCount: Int! +} + +""" +CompliancePolicyInput provides information on a compliance policy insert. +""" +input CompliancePolicyCreateInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """Name is the name to create for the compliance policy""" + name: String + + """Description is the description to create for the compliance policy""" + description: String + + """ + RemediationText is the input to provide feedback on how to resolve policy issues + """ + remediationText: String + + """ + MatchingRules is the configured matching rules to attach to the compliance policy + """ + matchingRules: CompliancePolicyMatchingRuleInput + + """ + EvaluationRules is the configured evaluation rules to attach to the compliance policy + """ + evaluationRules: CompliancePolicyEvaluationRuleInput +} + +"""CompliancePolicyEdge is used for the CompliancePolicyConnection""" +type CompliancePolicyEdge + @join__type(graph: COMPLIANCE_POLICY) +{ + """Node of the compliance policy""" + node: CompliancePolicy + + """Cursor is the link to the next edge""" + cursor: String! +} + +""" +CompliancePolicyEvaluationRule defines what is compared against in a resource to determine the evaluation status for a policy +""" +type CompliancePolicyEvaluationRule + @join__type(graph: COMPLIANCE_POLICY) +{ + """Type is used to determine which type the evaluation rule is configured""" + type: CompliancePolicyEvaluationRuleType + + """Severity shows the level of importance for the policy in its findings""" + severity: CompliancePolicySeverity + + """ + EvaluationValue is used to display information about the configuration of the evaluation rule + """ + evaluationValue: EvaluationRuleValueType +} + +""" +CompliancePolicyEvaluationRuleInput provides details about an evaluation rule to be processed +""" +input CompliancePolicyEvaluationRuleInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """ + CertificateEvaluationValues stores a list of values related to the configuration + """ + certificateEvaluationValues: CompliancePolicyEvaluationRuleRootInput +} + +""" +CompliancePolicyEvaluationRuleRootInput provides the root level matching operators for evaluation rules +""" +input CompliancePolicyEvaluationRuleRootInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """And allows for chaining AND logic at the root level""" + and: [CertificateEvaluationRuleAttributesInput!] + + """Or allows for chaining OR logic at the root level""" + or: [CertificateEvaluationRuleAttributesInput!] +} + +""" +CompliancePolicyEvaluationRuleType denotes what group of rules an evaluation rule is evaluating for a policy +""" +enum CompliancePolicyEvaluationRuleType + @join__type(graph: COMPLIANCE_POLICY) +{ + """IssuingCA is for the group of rules related to issuing CAs""" + ISSUING_CA @join__enumValue(graph: COMPLIANCE_POLICY) +} + +""" +CompliancePolicyFieldStringFilter provides a list of options for fields in matching and evaluation rules +""" +input CompliancePolicyFieldStringFilter + @join__type(graph: COMPLIANCE_POLICY) +{ + """Includes is used for checking if elements are in list""" + includes: [String!] + + """Excludes is used for checking if elements are not in list""" + excludes: [String!] + + """ + HasValue is used to include/exclude all of a resource (all applications, etc.) + """ + hasValue: Boolean +} + +""" +CompliancePolicyFinding denotes the result of an evaluation rule on a particular resource +""" +type CompliancePolicyFinding + @join__type(graph: COMPLIANCE_POLICY) +{ + """ + Type is used to differentiate which type of finding resource is in the finding + """ + type: CompliancePolicyResourceType + + """CompliancePolicy is the policy that evaluated and created this finding""" + compliancePolicy: CompliancePolicy + + """Status is used to show the status of the finding""" + status: CompliancePolicyFindingStatus + + """Severity shows the level of importance for the policy for this finding""" + severity: CompliancePolicySeverity + + """FindingResource is the parent resource that this finding came from""" + findingResource: FindingResource +} + +""" +CompliancePolicyConnection is used to provide pagination to compliance policy findings +""" +type CompliancePolicyFindingConnection + @join__type(graph: COMPLIANCE_POLICY) +{ + """Edges of the compliance policy finding connection for linking""" + edges: [CompliancePolicyFindingEdge!]! + + """ + Nodes of the compliance policy finding connection for paginated results + """ + nodes: [CompliancePolicyFinding!]! + + """PageInfo is information for pagination""" + pageInfo: PageInfo! + + """ + TotalCount of compliance policy findings that match pagination criteria + """ + totalCount: Int! +} + +""" +CompliancePolicyFindingEdge is used for CompliancePolicyFindingConnection +""" +type CompliancePolicyFindingEdge + @join__type(graph: COMPLIANCE_POLICY) +{ + """Node of the compliance policy finding""" + node: CompliancePolicyFinding + + """Cursor is the link to the next edge""" + cursor: String! +} + +""" +CompliancePolicyFindingResource is the resource generated for a finding and is used to store the CompliancePolicyFinding +""" +type CompliancePolicyFindingResource + @join__type(graph: COMPLIANCE_POLICY) +{ + """ID is the ID of the compliance policy finding evaluation""" + id: UUID! + + """ + EvaluationRuleID is the ID of the evaluation rule that the compliance policy finding evaluation is associated with + """ + evaluationRuleId: UUID! + + """ + ResourceType is the type of resource that the compliance policy finding evaluation is associated with + """ + resourceType: String! + + """ + ResourceId is the ID of the resource that the compliance policy finding evaluation is associated with + """ + resourceId: String! + + """Status is the status of the compliance policy finding evaluation""" + status: CompliancePolicyFindingStatus + + """ + CreatedAt is the time the compliance policy finding evaluation was created + """ + createdAt: String +} + +"""CompliancePolicyFindingStatus denotes the status of the policy finding""" +enum CompliancePolicyFindingStatus + @join__type(graph: COMPLIANCE_POLICY) +{ + """Passed states that the finding passed evaluation""" + PASSED @join__enumValue(graph: COMPLIANCE_POLICY) + + """Failed states that the finding failed evaluation""" + FAILED @join__enumValue(graph: COMPLIANCE_POLICY) +} + +""" +CompliancePolicyMatchingRule defines a matching set of resources that should be used in evaluation for a particular policy +""" +type CompliancePolicyMatchingRule + @join__type(graph: COMPLIANCE_POLICY) +{ + """Type is used to differentiate which type of matching rule is stored""" + type: CompliancePolicyResourceType + + """AllApplications is the flag to determine if all applications are set""" + allApplications: Boolean + + """ + Applications is the list of all applications that have been set for this matching rule + """ + applications: [ApplicationMatchingRule!] + + """AllTags is the flag to determine if all tags are set""" + allTags: Boolean + + """Tags is the list of all tags that have been set for this matching rule""" + tags: [TagMatchingRule!] +} + +""" +CompliancePolicyMatchingRuleInput provides details about a matching rule to be processed +""" +input CompliancePolicyMatchingRuleInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """ + CertificateMatchingValues stores a list of values related to the configuration + """ + certificateMatchingValues: CompliancePolicyMatchingRuleRootInput +} + +""" +CompliancePolicyMatchingRuleRootInput provides the root level matching operators for matching rules +""" +input CompliancePolicyMatchingRuleRootInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """And allows for chaining AND logic at the root level""" + and: [CertificateMatchingRuleAttributesInput!] + + """Or allows for chaining OR logic at the root level""" + or: [CertificateMatchingRuleAttributesInput!] +} + +"""CompliancePolicyOrderDirection denotes the different ordering types""" +enum CompliancePolicyOrderDirection + @join__type(graph: COMPLIANCE_POLICY) +{ + """Asc means ascending order""" + ASC @join__enumValue(graph: COMPLIANCE_POLICY) + + """Desc means descending order""" + DESC @join__enumValue(graph: COMPLIANCE_POLICY) +} + +"""CompliancePolicyOrderField is the type of fields that can be ordered""" +enum CompliancePolicyOrderField + @join__type(graph: COMPLIANCE_POLICY) +{ + """Name refers to the policy name that can be sorted""" + NAME @join__enumValue(graph: COMPLIANCE_POLICY) +} + +"""CompliancePolicyOrderInput is used to set an order direction per field""" +input CompliancePolicyOrderInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """Field determines which field is sorted""" + field: CompliancePolicyOrderField + + """Direction determines if ascending or descending direction""" + direction: CompliancePolicyOrderDirection +} + +""" +CompliancePolicyResourceType denotes which resource type the matching rule will target +""" +enum CompliancePolicyResourceType + @join__type(graph: COMPLIANCE_POLICY) +{ + """ + Certificate is used to show the matching is evaluating certificate resources + """ + CERTIFICATE @join__enumValue(graph: COMPLIANCE_POLICY) + + """Ingress is used to show the matching is evaluating ingress resources""" + INGRESS @join__enumValue(graph: COMPLIANCE_POLICY) +} + +""" +CompliancePolicySearchAttributesInput provides information on which filter attributes are used for filtering +""" +input CompliancePolicySearchAttributesInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """Name allows to search by name""" + name: CompliancePolicyStringFilter + + """And allows for chaining AND logic""" + and: [CompliancePolicySearchAttributesInput!] + + """Or allows for chaining OR logic""" + or: [CompliancePolicySearchAttributesInput!] +} + +""" +CompliancePolicySearchFilterInput provides information on how filtering should be performed +""" +input CompliancePolicySearchFilterInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """QuickFilter is the string filter to be applied""" + quickFilter: String + + """And allows for chaining AND logic""" + and: [CompliancePolicySearchAttributesInput!] + + """Or allows for chaining OR logic""" + or: [CompliancePolicySearchAttributesInput!] +} + +""" +CompliancePolicySeverity denotes how severe the finding is in its evaluation result for a policy +""" +enum CompliancePolicySeverity + @join__type(graph: COMPLIANCE_POLICY) +{ + """Critical determines critical severity""" + CRITICAL @join__enumValue(graph: COMPLIANCE_POLICY) + + """High determines high severity""" + HIGH @join__enumValue(graph: COMPLIANCE_POLICY) + + """Medium determines medium severity""" + MEDIUM @join__enumValue(graph: COMPLIANCE_POLICY) + + """Low determines low severity""" + LOW @join__enumValue(graph: COMPLIANCE_POLICY) + + """Info determines info severity""" + INFO @join__enumValue(graph: COMPLIANCE_POLICY) +} + +""" +CompliancePolicyStatus denotes the status for a compliance policy in terms of activity +""" +enum CompliancePolicyStatus + @join__type(graph: COMPLIANCE_POLICY) +{ + """Created refers to a policy that has been created but not activated""" + CREATED @join__enumValue(graph: COMPLIANCE_POLICY) + + """ + Running refers to a policy when it is currently evaluating (will switch to ACTIVE or INACTIVE) + """ + RUNNING @join__enumValue(graph: COMPLIANCE_POLICY) + + """ + Active refers to a policy that has finished running and is actively listening to resources for evaluation + """ + ACTIVE @join__enumValue(graph: COMPLIANCE_POLICY) + + """ + Inactive refers to a policy that has finished running and is set to an inactive status to not actively listen to resources for evaluation + """ + INACTIVE @join__enumValue(graph: COMPLIANCE_POLICY) + + """Error refers to a policy that has run into an error during evaluation""" + ERROR @join__enumValue(graph: COMPLIANCE_POLICY) +} + +""" +CompliancePolicyStringFilter provides a list of options for string filters on how to compare against a field +""" +input CompliancePolicyStringFilter + @join__type(graph: COMPLIANCE_POLICY) +{ + """Eq is used for checking field equals this string""" + eq: String + + """Neq is used for checking field not equals this string""" + neq: String + + """Contains is used for checking field contains this string""" + contains: String + + """In is used for checking if elements are in list""" + in: [String!] + + """HasValue is used for checking if field has a value""" + hasValue: Boolean +} + +""" +CompliancePolicyInput provides information on a compliance policy update. +""" +input CompliancePolicyUpdateInput + @join__type(graph: COMPLIANCE_POLICY) +{ + """ID refers to the ID of a compliance policy for updates""" + id: UUID + + """Name is the name to update for the compliance policy""" + name: String + + """Description is the description to update for the compliance policy""" + description: String + + """ + RemediationText is the input to provide feedback on how to resolve policy issues + """ + remediationText: String + + """ + MatchingRules is the configured matching rules to attach to the compliance policy + """ + matchingRules: CompliancePolicyMatchingRuleInput + + """ + EvaluationRules is the configured evaluation rules to attach to the compliance policy + """ + evaluationRules: CompliancePolicyEvaluationRuleInput +} + +input ConditionInputForEnum + @join__type(graph: TLSPK) +{ + operator: AttributeEnumOperator + value: String +} + +input ConditionInputForString + @join__type(graph: TLSPK) +{ + operator: AttributeStringOperator + value: String +} + +"""Represents the configuration details of a machine installation.""" +type Configuration + @join__type(graph: PLUGIN_SERVICE) +{ + """Configuration details related to the keystore.""" + keystore: ConfigurationItem + + """Configuration details related to the binding.""" + binding: ConfigurationItem +} + +"""Represents a field in the configuration details.""" +type ConfigurationField + @join__type(graph: PLUGIN_SERVICE) +{ + """The name of the field.""" + field: String! + + """The translated description of the field extracted from the manifest.""" + description: String! + + """The value of the field.""" + value: String! + + """The rank value indicating order.""" + rank: Float +} + +"""Represents an item in the configuration details.""" +type ConfigurationItem + @join__type(graph: PLUGIN_SERVICE) +{ + """Description of the configuration details item.""" + description: String! + + """The data associated with the configuration details item.""" + data: [ConfigurationField] +} + +""" +CreateExternalEmailRecipientInput represents the input for creating an external email recipient. +Name is limited to 256 characters. +Address cannot exceed 254 characters and should be a proper email address. +External email recipient will receive a welcome email. +""" +input CreateExternalEmailRecipientInput + @join__type(graph: MESSAGING) +{ + name: String! + address: String! +} + +"""Represents the input for creating a PagerDuty integration.""" +input CreatePagerDutyIntegrationInput + @join__type(graph: MESSAGING) +{ + name: String! + pagerDutyParams: PagerDutyIntegrationInputParams +} + +"""ReportDefinition creation request input.""" +input CreateReportDefinitionInput + @join__type(graph: CUSTOM_REPORTING) +{ + """The report name.""" + name: String! + + """The report description.""" + description: String + + """ + The query to be run for generating the report. Currently being ignored for update requests. + """ + query: String! +} + +"""Represents the input for creating a Zoom Team Chat integration.""" +input CreateZoomTeamChatIntegrationInput + @join__type(graph: MESSAGING) +{ + name: String! + zoomTeamChatParams: ZoomTeamChatIntegrationInputParams +} + +"""Date is a defined type for date values""" +scalar Date + @join__type(graph: NOTIFICATION_ROUTER) + +""" +A date-time string at UTC, such as 2007-12-03T10:15:30Z, is compliant with the date-time format outlined in section 5.6 +of the RFC 3339 profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. +""" +scalar DateTime + @join__type(graph: CAOPERATIONS) + @join__type(graph: CERTIFICATE) + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: CLOUD_PROVIDERS) + @join__type(graph: CUSTOM_REPORTING) + @join__type(graph: ENTITLEMENTS) + @join__type(graph: LEGACY) + @join__type(graph: OUTAGEDETECTION) + @join__type(graph: SEARCH) + @join__type(graph: USAGEMETRIC) + +""" +DeleteCertificateInput defines the input required for deleting a retired certificates +""" +input DeleteCertificateInput + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """The fingerprint for the certificate to delete""" + fingerprint: ID! +} + +""" +DeleteCertificatePayload holds the result of deleting a retired certificate +""" +type DeleteCertificatePayload + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """The fingerprint for the certificate that was deleted""" + fingerprint: ID! +} + +""" +DeleteCertificatesInput defines the input required for deleting one or more retired certificates +""" +input DeleteCertificatesInput + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """List of certificates to delete""" + certificates: [DeleteCertificateInput!]! +} + +""" +DeleteExternalEmailRecipientPayload represents the payload for deleting external email recipients. +""" +type DeleteExternalEmailRecipientPayload + @join__type(graph: MESSAGING) +{ + addresses: [String!] +} + +"""Represents the payload for deleting an integration.""" +type DeleteIntegrationPayload + @join__type(graph: MESSAGING) +{ + ids: [UUID!] +} + +"""Identifies the deployment status of a tls server endpoint""" +enum DeploymentStatus + @join__type(graph: OUTAGEDETECTION) + @join__type(graph: SEARCH) +{ + IN_USE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + SUPERSEDED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + UNKNOWN @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) +} + +input DeploymentStatusFilter + @join__type(graph: SEARCH) +{ + """The deployment status value we want to match""" + eq: DeploymentStatus + + """The deployment status value we don't want to match""" + neq: DeploymentStatus + + """ + The list of deployment statuses that we want to assert whether the string value is included in the provided list + """ + in: [DeploymentStatus!] + + """ + The boolean value that we want to assert whether the field is null or not + """ + hasValue: Boolean +} + +type DirectoryName + @join__type(graph: CERTIFICATE_INVENTORY) +{ + dn: String! + cn: String @deprecated(reason: "Deprecated, use `commonName` instead") + commonName: [String!] + c: [String!] + dc: String + o: [String!] + l: [String!] + ou: [String!] + st: [String!] + postalCode: [String!] + streetAddress: [String!] +} + +type DNSName + @join__type(graph: CERTIFICATE_INVENTORY) +{ + dnsName: String! +} + +"""DSA public key information""" +type DSAKeyInfo + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """Bit length of parameter p""" + l: Int! + + """Bit length of parameter q""" + n: Int! +} + +"""Elliptic curve public key information""" +type ECKeyInfo + @join__type(graph: CERTIFICATE_INVENTORY) +{ + curve: KeyCurve! +} + +type EdiPartyName + @join__type(graph: CERTIFICATE_INVENTORY) +{ + nameAssigner: String + partyName: String +} + +"""Represents an entitlement including features and packages.""" +type Entitlement + @join__type(graph: ENTITLEMENTS) + @join__type(graph: USAGEMETRIC, key: "tenantId") +{ + tenantId: UUID! @inaccessible + features: [Feature!]! @join__field(graph: ENTITLEMENTS) + packages: [Package!]! @join__field(graph: ENTITLEMENTS) + allFeatures: [Feature!]! @join__field(graph: ENTITLEMENTS) + billingMetrics: [BillingMetric!] @join__field(graph: ENTITLEMENTS) + plan: Plan @join__field(graph: ENTITLEMENTS) + usageMetrics: UsageMetrics @join__field(graph: USAGEMETRIC) +} + +type ErrorInformation + @join__type(graph: CAOPERATIONS) +{ + message: String! + arguments: [String!] + code: Int +} + +""" +EvaluationIssuingCAs provides a configuration on which CAs of a certificate are evaluated against and how they should be treated +""" +type EvaluationIssuingCAs + @join__type(graph: COMPLIANCE_POLICY) +{ + """Approved stores a list of IDs approved for evaluation""" + trustedCAs: [TrustedCAEvaluationRule!] +} + +""" +EvaluationRuleValueType is a collection of types that will provide a structure for evaluation rule particulars +""" +union EvaluationRuleValueType + @join__type(graph: COMPLIANCE_POLICY) + @join__unionMember(graph: COMPLIANCE_POLICY, member: "EvaluationIssuingCAs") + = EvaluationIssuingCAs + +enum ExtendedKeyUsages + @join__type(graph: SEARCH) +{ + SERVER_AUTH @join__enumValue(graph: SEARCH) + CLIENT_AUTH @join__enumValue(graph: SEARCH) + CODE_SIGNING @join__enumValue(graph: SEARCH) + EMAIL_PROTECTION @join__enumValue(graph: SEARCH) + TIME_STAMPING @join__enumValue(graph: SEARCH) + OCSP_SIGNING @join__enumValue(graph: SEARCH) + IPSEC_IKE @join__enumValue(graph: SEARCH) + IPSEC_IKE_INTERMEDIATE @join__enumValue(graph: SEARCH) +} + +input ExtendedKeyUsagesFilter + @join__type(graph: SEARCH) +{ + """The string value we want to match""" + eq: ExtendedKeyUsages + + """ + The list of strings that we want to assert whether the string value is included in the provided list + """ + in: [ExtendedKeyUsages!] +} + +"""Represents an external email recipient.""" +type ExternalEmailRecipient + @join__type(graph: MESSAGING) +{ + name: String! + address: String! + enabled: Boolean! + createdAt: String! + createdBy: UUID! + createdByType: String! + updatedAt: String + updatedBy: UUID + updatedByType: String +} + +""" +ExternalEmailRecipientConnection represents a connection of ExternalEmailRecipient nodes with pagination. +""" +type ExternalEmailRecipientConnection + @join__type(graph: MESSAGING) +{ + pageInfo: PageInfo! + totalCount: Int! + nodes: [ExternalEmailRecipient!] + edges: [ExternalEmailRecipientEdge!] +} + +""" +ExternalEmailRecipientEdge represents an edge in the ExternalEmailRecipientConnection. +""" +type ExternalEmailRecipientEdge + @join__type(graph: MESSAGING) +{ + node: ExternalEmailRecipient! + cursor: String! +} + +""" +ExternalEmailRecipientFilterInput represents the input for filtering external email recipients. +Name is limited to 256 characters. +""" +input ExternalEmailRecipientFilterInput + @join__type(graph: MESSAGING) +{ + name: String + enabled: Boolean +} + +""" +ExternalEmailRecipientOrderBy represents an external email recipient order by to use. +""" +enum ExternalEmailRecipientOrderBy + @join__type(graph: MESSAGING) +{ + name @join__enumValue(graph: MESSAGING) + address @join__enumValue(graph: MESSAGING) +} + +"""Represents an individual feature.""" +type Feature + @join__type(graph: ENTITLEMENTS) +{ + id: String! + name: String! + description: String! +} + +""" +FindingResource refers to what resource was evaluated against to produce the finding +""" +union FindingResource + @join__type(graph: COMPLIANCE_POLICY) + @join__unionMember(graph: COMPLIANCE_POLICY, member: "Certificate") + = Certificate + +""" +A fully qualified domain name as specified in section 2.3.1 of the RFC 1035 +""" +scalar FQDN + @join__type(graph: OUTAGEDETECTION) + +""" +Indicates the Scope for a certificate provisioned to GCP Certificate Manager +""" +enum GCMCertificateScope + @join__type(graph: CLOUD_PROVIDERS) +{ + """ + Certificates with default scope are served from core Google data centers. If unsure, choose this option. + """ + DEFAULT @join__enumValue(graph: CLOUD_PROVIDERS) + + """ + Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + See https://cloud.google.com/vpc/docs/edge-locations. + """ + EDGE_CACHE @join__enumValue(graph: CLOUD_PROVIDERS) +} + +type GCPCertificateMetadata + @join__type(graph: CLOUD_PROVIDERS) +{ + gcpId: String! + name: String! +} + +type GCPLocation + @join__type(graph: CLOUD_PROVIDERS) +{ + name: String! +} + +type GCPProjectDetails + @join__type(graph: CLOUD_PROVIDERS) +{ + id: String! + name: String! +} + +type GCPProviderDetails + @join__type(graph: CLOUD_PROVIDERS) +{ + cloudProvider: CloudProvider! + projects: [GCPProjectDetails] +} + +union GeneralName + @join__type(graph: CERTIFICATE_INVENTORY) + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "RFC822Name") + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "DNSName") + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "DirectoryName") + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "EdiPartyName") + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "UniformResourceIdentifier") + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "IPAddress") + = RFC822Name | DNSName | DirectoryName | EdiPartyName | UniformResourceIdentifier | IPAddress + +"""PublicKeyInformation when the public key is other than RSA, DSA, or EC""" +type GenericKeyInfo + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """ASN1 object identifier""" + oid: String! +} + +""" +Types that represent actors with distinct identities that can use the system, includes User and ServiceAccount types +""" +union Identity + @join__type(graph: LEGACY) + @join__type(graph: OUTAGEDETECTION) + @join__unionMember(graph: LEGACY, member: "User") + @join__unionMember(graph: OUTAGEDETECTION, member: "User") + @join__unionMember(graph: LEGACY, member: "ServiceAccount") + @join__unionMember(graph: OUTAGEDETECTION, member: "ServiceAccount") + @join__unionMember(graph: LEGACY, member: "Team") + @join__unionMember(graph: OUTAGEDETECTION, member: "Team") + = User | ServiceAccount | Team + +"""The connection type for Identity""" +type IdentityConnection + @join__type(graph: LEGACY) + @join__type(graph: OUTAGEDETECTION) +{ + """A list of edges.""" + edges: [IdentityEdge!] + + """A list of nodes.""" + nodes: [Identity!] + + """Information to aid in pagination.""" + pageInfo: PageInfo! + + """Identifies the total count of items in the connection.""" + totalCount: Int! +} + +"""An edge in a IdentityConnection.""" +type IdentityEdge + @join__type(graph: LEGACY) + @join__type(graph: OUTAGEDETECTION) +{ + """A cursor for use in pagination""" + cursor: ID! + + """The item at the end of the edge""" + node: Identity! +} + +"""A data type that represents a 64 bit signed integer""" +scalar Int64 + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: SEARCH) + +"""Represents a configured integration details.""" +type Integration + @join__type(graph: MESSAGING, key: "id") + @join__type(graph: NOTIFICATION_ROUTER, key: "id", resolvable: false) +{ + id: UUID! + integrationType: IntegrationType! @join__field(graph: MESSAGING) + name: String @join__field(graph: MESSAGING) + enabled: Boolean! @join__field(graph: MESSAGING) + createdAt: String @join__field(graph: MESSAGING) + createdBy: UUID @join__field(graph: MESSAGING) + updatedAt: String @join__field(graph: MESSAGING) + updatedBy: UUID @join__field(graph: MESSAGING) + usage: [IntegrationUsage!] @join__field(graph: MESSAGING) + default: Boolean! @join__field(graph: MESSAGING) +} + +""" +IntegrationConnection represents a connection of Integration nodes with pagination. +""" +type IntegrationConnection + @join__type(graph: MESSAGING) +{ + pageInfo: PageInfo! + totalCount: Int! + nodes: [Integration!] + edges: [IntegrationEdge!] +} + +"""IntegrationEdge represents an edge in the IntegrationConnection.""" +type IntegrationEdge + @join__type(graph: MESSAGING) +{ + node: Integration! + cursor: String! +} + +"""Represents a integration order by to use""" +enum IntegrationOrderBy + @join__type(graph: MESSAGING) +{ + UUID @join__enumValue(graph: MESSAGING) +} + +"""Represents an integration type.""" +type IntegrationType + @join__type(graph: MESSAGING) +{ + type: String! + name: String! + description: String! +} + +""" +IntegrationTypeConnection represents a connection of IntegrationType nodes with pagination. +""" +type IntegrationTypeConnection + @join__type(graph: MESSAGING) +{ + pageInfo: PageInfo! + totalCount: Int! + nodes: [IntegrationType!] + edges: [IntegrationTypeEdge!] +} + +"""IntegrationEdge represents an edge in the IntegrationTypeConnection.""" +type IntegrationTypeEdge + @join__type(graph: MESSAGING) +{ + node: IntegrationType! + cursor: String! +} + +type IntegrationUsage + @join__type(graph: MESSAGING) +{ + reference: String! + callCount: Int! +} + +""" +A field whose value is either an IPv4 address(opens in a new tab) or IPv6 address(opens in a new tab). +""" +scalar IP + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: OUTAGEDETECTION) + +type IPAddress + @join__type(graph: CERTIFICATE_INVENTORY) +{ + ip: IP! +} + +type IssuingTemplate + @join__type(graph: CAOPERATIONS, key: "id") +{ + id: ID! + name: String! + certificateAuthorityAccount: CertificateAuthorityAccount +} + +scalar join__FieldSet + +enum join__Graph { + CAOPERATIONS @join__graph(name: "caoperations", url: "http://caoperations-service:2522/system/graphql") + CERTIFICATE @join__graph(name: "certificate", url: "http://certificate-service:2322/system/graphql") + CERTIFICATE_INVENTORY @join__graph(name: "certificate-inventory", url: "http://certificate-query-service:80/graphql") + CLOUD_PROVIDERS @join__graph(name: "cloud-providers", url: "http://cloudproviders-service:4488/graphql") + CODESIGN @join__graph(name: "codesign", url: "http://codesign-service:8080/graphql") + COMPLIANCE_POLICY @join__graph(name: "compliance-policy", url: "http://compliance-policy-service:8080/graphql") + COMPUTED_FIELDS @join__graph(name: "computed-fields", url: "http://graphql-computed-fields:8080/graphql") + CUSTOM_REPORTING @join__graph(name: "custom-reporting", url: "http://report-inventory-service:80/graphql") + ENTITLEMENTS @join__graph(name: "entitlements", url: "http://iam-entitlement-service:80/graphql") + LEGACY @join__graph(name: "legacy", url: "http://graphql-legacy-api-adapter:8080/graphql") + MESSAGING @join__graph(name: "messaging", url: "http://ext-integration-msg-service:80/graphql") + NOTIFICATION_ROUTER @join__graph(name: "notification-router", url: "http://notification-router-service:8080/graphql") + OUTAGEDETECTION @join__graph(name: "outagedetection", url: "http://outagedetection-service:7777/system/graphql") + PLUGIN_SERVICE @join__graph(name: "plugin-service", url: "http://platform-plugin-service:80/graphql") + PROVISIONING @join__graph(name: "provisioning", url: "http://provisioning-service:3022/system/graphql") + SEARCH @join__graph(name: "search", url: "http://search-query-service:80/graphql") + TAGGING @join__graph(name: "tagging", url: "http://tagging-service:3122/system/graphql") + TLSPK @join__graph(name: "tlspk", url: "http://tlspk-backend-service:443/graphql") + USAGEMETRIC @join__graph(name: "usagemetric", url: "http://iam-usagemetric-service:80/graphql") +} + +scalar JSON + @join__type(graph: PLUGIN_SERVICE) + @join__type(graph: PROVISIONING) + +"""Elliptic curves""" +enum KeyCurve + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """ + NIST P-224 (FIPS 186-4, section D.2.2), also known as secp224r1, wap-wsg-idm-ecid-wtls12, and ansip224r1 + """ + P224 @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """ + NIST P-256 (FIPS 186-4, section D.2.3), also known as secp256r1 or prime256v1 + """ + P256 @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """NIST P-384 (FIPS 186-4, section D.2.4), also known as secp384r1""" + P384 @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """NIST P-521 (FIPS 186-4, section D.2.5), also known as secp521r1""" + P521 @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """Ed25519 signature algorithm""" + ED25519 @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """Unknown (or unsupported) key curve""" + UNSUPPORTED @join__enumValue(graph: CERTIFICATE_INVENTORY) +} + +"""Certificate Lifecycle enum""" +enum Lifecycle + @join__type(graph: TLSPK) +{ + NOT_MANAGED @join__enumValue(graph: TLSPK) + CERT_MANAGER @join__enumValue(graph: TLSPK) + SYSTEM_MANAGED @join__enumValue(graph: TLSPK) +} + +scalar link__Import + +enum link__Purpose { + """ + `SECURITY` features provide metadata necessary to securely resolve fields. + """ + SECURITY + + """ + `EXECUTION` features provide metadata necessary for operation execution. + """ + EXECUTION +} + +enum LogicOperator + @join__type(graph: TLSPK) +{ + AND @join__enumValue(graph: TLSPK) + OR @join__enumValue(graph: TLSPK) +} + +"""Represents information about a machine.""" +type Machine + @join__type(graph: PLUGIN_SERVICE, key: "id", resolvable: false) + @join__type(graph: PROVISIONING, key: "id") +{ + """The unique identifier of the machine.""" + id: ID! + + """The plugin associated with the machine.""" + plugin: Plugin! + + """The name of the machine.""" + name: String! @join__field(graph: PROVISIONING) +} + +type MachineIdentity + @join__type(graph: CLOUD_PROVIDERS) +{ + id: UUID! + cloudKeystoreId: UUID! + cloudKeystoreName: String + cloudProviderId: UUID + cloudProviderName: String + metadata: CertificateCloudMetadata + status: MachineIdentityStatus! + statusDetails: String + addedOn: DateTime! + addedBy: User + certificate: Certificate! + certificateId: UUID! +} + +"""A page of MachineIdentity results""" +type MachineIdentityConnection + @join__type(graph: CLOUD_PROVIDERS) +{ + """Current page information""" + pageInfo: PageInfo! + + """Total number of certificates (in all pages)""" + totalCount: Int! + + """MachineIdentity in the current page, without cursor""" + nodes: [MachineIdentity!] + + """ + MachineIdentities in the current page, together with their associated cursor + """ + edges: [MachineIdentityEdge!] +} + +"""MachineIdentity together with its associated cursor""" +type MachineIdentityEdge + @join__type(graph: CLOUD_PROVIDERS) +{ + """The machine identity""" + node: MachineIdentity! + + """The cursor for the machine identity""" + cursor: String! +} + +enum MachineIdentityStatus + @join__type(graph: CLOUD_PROVIDERS) +{ + NEW @join__enumValue(graph: CLOUD_PROVIDERS) + PENDING @join__enumValue(graph: CLOUD_PROVIDERS) + INSTALLED @join__enumValue(graph: CLOUD_PROVIDERS) + DISCOVERED @join__enumValue(graph: CLOUD_PROVIDERS) + VALIDATED @join__enumValue(graph: CLOUD_PROVIDERS) + MISSING @join__enumValue(graph: CLOUD_PROVIDERS) + FAILED @join__enumValue(graph: CLOUD_PROVIDERS) +} + +""" +Represents an instance of machine installation identified by a certificate. +""" +type MachineInstallation + @join__type(graph: PLUGIN_SERVICE, key: "id") + @join__type(graph: PROVISIONING, key: "id") +{ + """The unique identifier of the machine installation.""" + id: ID! + + """JSON data representing keystore specifics.""" + keystoreJson: JSON @join__field(graph: PLUGIN_SERVICE, external: true) @join__field(graph: PROVISIONING) + + """JSON data representing binding specifics.""" + bindingJson: JSON @join__field(graph: PLUGIN_SERVICE, external: true) @join__field(graph: PROVISIONING) + + """Details of the associated machine.""" + machine: Machine! @join__field(graph: PLUGIN_SERVICE, external: true) @join__field(graph: PROVISIONING) + + """Details about the configurations of the machine installation.""" + configurationDetails: Configuration @join__field(graph: PLUGIN_SERVICE, requires: "machine { plugin { manifest } } keystoreJson bindingJson") + + """The status of the machine installation.""" + status: MachineInstallationStatus! @join__field(graph: PROVISIONING) +} + +"""A connection to a list of MachineInstallation objects.""" +type MachineInstallationConnection + @join__type(graph: PROVISIONING) +{ + """Information to aid in pagination.""" + pageInfo: PageInfo! + + """The total count of machine installations in the connection.""" + totalCount: Int! + + """A list of nodes representing machine installations.""" + nodes: [MachineInstallation!] + + """A list of edges representing connections to machine installations.""" + edges: [MachineInstallationEdge!] +} + +"""An edge in a MachineInstallationConnection.""" +type MachineInstallationEdge + @join__type(graph: PROVISIONING) +{ + """A cursor for use in pagination.""" + cursor: ID! + + """The item at the end of the edge.""" + node: MachineInstallation! +} + +"""Represents the possible statuses for a machine installation.""" +enum MachineInstallationStatus + @join__type(graph: PROVISIONING) +{ + NEW @join__enumValue(graph: PROVISIONING) + PENDING @join__enumValue(graph: PROVISIONING) + INSTALLED @join__enumValue(graph: PROVISIONING) + DISCOVERED @join__enumValue(graph: PROVISIONING) + VALIDATED @join__enumValue(graph: PROVISIONING) + MISSING @join__enumValue(graph: PROVISIONING) + FAILED @join__enumValue(graph: PROVISIONING) +} + +type Mutation + @join__type(graph: CAOPERATIONS) + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: CLOUD_PROVIDERS) + @join__type(graph: COMPLIANCE_POLICY) + @join__type(graph: CUSTOM_REPORTING) + @join__type(graph: MESSAGING) + @join__type(graph: NOTIFICATION_ROUTER) + @join__type(graph: TLSPK) +{ + """Revoke a certificate by SHA1 fingerprint""" + revokeCertificate(fingerprint: ID!, certificateAuthorityAccountId: UUID, revocationReason: RevocationReason!, revocationComment: String): Certificate @join__field(graph: CAOPERATIONS) + + """Approve or reject pending certificate revocation by SHA1 fingerprint""" + approveCertificateRevocation(fingerprint: ID!, rejectReason: String, decision: ApproverDecision!): Certificate @join__field(graph: CAOPERATIONS) + + """ + Approve or reject pending certificates revocation by SHA1 fingerprints in BULK + """ + approveCertificateRevocationInBulk(fingerprints: [ID!]!, rejectReason: String, decision: ApproverDecision!, wsClientId: String): String @join__field(graph: CAOPERATIONS) + + """ + Retire one or more certificates. If a current certificate (i.e. latest version of a certificate) is retired, all + previous versions of the certificate will be retired as well. + """ + retireCertificates(input: RetireCertificatesInput!): [RetireCertificatePayload]! @join__field(graph: CERTIFICATE_INVENTORY) + + """Recover one or more retired certificates.""" + recoverCertificates(input: RecoverCertificatesInput!): [RecoverCertificatePayload]! @join__field(graph: CERTIFICATE_INVENTORY) + + """Delete one or more retired certificates.""" + deleteCertificates(input: DeleteCertificatesInput!): [DeleteCertificatePayload]! @join__field(graph: CERTIFICATE_INVENTORY) + + """Creates a Cloud Provider""" + createCloudProvider(input: CloudProviderInput!): CloudProvider @join__field(graph: CLOUD_PROVIDERS) + + """Validates a Cloud Provider configuration by ID""" + validateCloudProvider(cloudProviderId: UUID!): CloudProviderValidationResult! @join__field(graph: CLOUD_PROVIDERS) + + """Updates a cloud provider""" + updateCloudProvider(input: CloudProviderUpdateInput!): CloudProvider @join__field(graph: CLOUD_PROVIDERS) + + """Deletes a list of Cloud Providers by ID""" + deleteCloudProvider(cloudProviderId: [UUID!]!): Boolean! @join__field(graph: CLOUD_PROVIDERS) + + """Creates a Cloud Keystore""" + createCloudKeystore(input: CloudKeystoreInput!): CloudKeystore @join__field(graph: CLOUD_PROVIDERS) + + """Updates a Cloud Keystore""" + updateCloudKeystore(input: CloudKeystoreUpdateInput!): CloudKeystore @join__field(graph: CLOUD_PROVIDERS) + + """Deletes a list of Cloud Keystores by ID""" + deleteCloudKeystore(cloudKeystoreIds: [UUID!]!): Boolean! @join__field(graph: CLOUD_PROVIDERS) + + """Provision a certificate to a Cloud Keystore""" + provisionToCloudKeystore(certificateId: UUID!, cloudKeystoreId: UUID!, wsClientId: UUID!, options: CertificateProvisioningOptionsInput): WorkflowResult @join__field(graph: CLOUD_PROVIDERS) + + """ + Provision to existing Cloud Machine Identity. If `certificateId` is not provided a re-provisioning of the existing certificate would be triggered + """ + provisionToCloudMachineIdentity(machineIdentityId: UUID!, wsClientId: UUID!, certificateId: UUID): WorkflowResult @join__field(graph: CLOUD_PROVIDERS) + + """Deletes a list of Cloud machine identities""" + deleteCloudMachineIdentities(machineIdentityIds: [UUID!]!): Boolean! @join__field(graph: CLOUD_PROVIDERS) + + """Start cloud discovery""" + startCloudDiscovery(cloudKeystoreId: UUID!, wsClientId: UUID!): WorkflowResult @join__field(graph: CLOUD_PROVIDERS) + + """Abort cloud discovery""" + abortCloudDiscovery(cloudKeystoreId: UUID!): Boolean! @join__field(graph: CLOUD_PROVIDERS) + + """ + Rotate the secrets of the given Cloud Provider + GCP - Venafi Generated Key: Rotates the private/public key pair + GCP - Workload Identity Federation: Rotates the private/public key pair and exposes the new pair in the given OIDC endpoint + """ + rotateSecrets(cloudProviderId: UUID!): CloudProvider @join__field(graph: CLOUD_PROVIDERS) + + """ + CreateCompliancePolicy is the mutation to create one or many compliance policies + """ + createCompliancePolicy(input: [CompliancePolicyCreateInput!]!): [CompliancePolicy]! @join__field(graph: COMPLIANCE_POLICY) + + """ + UpdateCompliancePolicy is the mutation to update one or many compliance policies + """ + updateCompliancePolicy(input: [CompliancePolicyUpdateInput!]!): [CompliancePolicy]! @join__field(graph: COMPLIANCE_POLICY) + + """ + DeleteCompliancePolicy is the mutation to delete one or many compliance policies + """ + deleteCompliancePolicy(id: [UUID!]!): [CompliancePolicy]! @join__field(graph: COMPLIANCE_POLICY) + + """ + EvaluateCompliancePolicy runs an evaluation of the provided compliance policy IDs + """ + evaluateCompliancePolicy(id: UUID!): CompliancePolicy @join__field(graph: COMPLIANCE_POLICY) + + """ + Runs a report definition's query to generate the report with the latest information. + """ + runReportDefinitionQuery(id: UUID!): ReportInformation @join__field(graph: CUSTOM_REPORTING) + + """Deletes a report definition by id.""" + deleteReportDefinition(id: UUID!): Boolean @join__field(graph: CUSTOM_REPORTING) + + """Creates a report definition.""" + createReportDefinition(input: CreateReportDefinitionInput!): ReportDefinition @join__field(graph: CUSTOM_REPORTING) + + """Updates a report definition.""" + updateReportDefinition(id: UUID!, input: UpdateReportDefinitionInput!): ReportDefinition @join__field(graph: CUSTOM_REPORTING) + createPagerDutyIntegration(input: CreatePagerDutyIntegrationInput!): Integration @join__field(graph: MESSAGING) + updatePagerDutyIntegration(input: UpdatePagerDutyIntegrationInput!): Integration @join__field(graph: MESSAGING) + createZoomTeamChatIntegration(input: CreateZoomTeamChatIntegrationInput!): Integration @join__field(graph: MESSAGING) + updateZoomTeamChatIntegration(input: UpdateZoomTeamChatIntegrationInput!): Integration @join__field(graph: MESSAGING) + deleteIntegrations(ids: [UUID!]): DeleteIntegrationPayload @join__field(graph: MESSAGING) + createExternalEmailRecipient(input: CreateExternalEmailRecipientInput!): ExternalEmailRecipient @join__field(graph: MESSAGING) + updateExternalEmailRecipient(input: UpdateExternalEmailRecipientInput!): ExternalEmailRecipient @join__field(graph: MESSAGING) + deleteExternalEmailRecipients(addresses: [String!]): DeleteExternalEmailRecipientPayload @join__field(graph: MESSAGING) + createNotificationRoutingConfiguration(notificationRouterFilterConfig: NotificationRouterFilterConfigInput!, notificationRouterIntegrationConfig: NotificationRouterIntegrationConfigInput!): NotificationRouter @join__field(graph: NOTIFICATION_ROUTER) + updateNotificationRoutingConfiguration(id: UUID!, notificationRouterFilterConfig: NotificationRouterFilterConfigInput, notificationRouterIntegrationConfig: NotificationRouterIntegrationConfigInput, enabled: Boolean): NotificationRouter @join__field(graph: NOTIFICATION_ROUTER) + deleteNotificationRouting(id: UUID!): NotificationRouter @join__field(graph: NOTIFICATION_ROUTER) + + """CreateCluster creates a new cluster.""" + createCluster(input: [ClusterInput!]!): [Cluster!]! @join__field(graph: TLSPK) + + """UpdateCluster updates the properties of a cluster.""" + updateCluster(input: [ClusterInput!]!): [Cluster!]! @join__field(graph: TLSPK) + + """DeleteCluster deletes a cluster.""" + deleteCluster(id: [ID!]!): [Cluster!]! @join__field(graph: TLSPK) +} + +""" +NotificationDestinationConfiguration is the union type for the different destination types. +""" +union NotificationDestinationConfiguration + @join__type(graph: NOTIFICATION_ROUTER) + @join__unionMember(graph: NOTIFICATION_ROUTER, member: "NotificationEmailDestination") + @join__unionMember(graph: NOTIFICATION_ROUTER, member: "NotificationZoomDestination") + @join__unionMember(graph: NOTIFICATION_ROUTER, member: "NotificationSlackDestination") + @join__unionMember(graph: NOTIFICATION_ROUTER, member: "NotificationPagerDutyDestination") + = NotificationEmailDestination | NotificationZoomDestination | NotificationSlackDestination | NotificationPagerDutyDestination + +""" +NotificationEmailDestination represents an email destination or channel. +""" +type NotificationEmailDestination + @join__type(graph: NOTIFICATION_ROUTER) +{ + users: [UUID!]! + roles: [String!] + externalEmails: [String!] +} + +""" +NotificationPagerDutyDestination represents a PagerDuty destination or channel. +""" +type NotificationPagerDutyDestination + @join__type(graph: NOTIFICATION_ROUTER) +{ + placeHolder: String +} + +""" +NotificationRouterFilterConfig is the structure defining the router unifying the filter configuration and the integration configuration. +""" +type NotificationRouter + @join__type(graph: NOTIFICATION_ROUTER) +{ + id: UUID! + notificationRouterFilterConfig: NotificationRouterFilterConfig! + notificationRouterIntegrationConfig: NotificationRouterIntegrationConfig! + enabled: Boolean +} + +""" +NotificationRouterConnection is the structure for the list of notification routers. +""" +type NotificationRouterConnection + @join__type(graph: NOTIFICATION_ROUTER) +{ + pageInfo: PageInfo! + nodes: [NotificationRouter!]! + edges: [NotificationRouterEdge!]! + totalCount: Int! +} + +""" +NotificationRouterEdge is the structure for the edges in the notification router connection. +""" +type NotificationRouterEdge + @join__type(graph: NOTIFICATION_ROUTER) +{ + node: NotificationRouter! + cursor: String! +} + +""" +NotificationRouterFilterConfig uses a CEL expression to filter notifications. +""" +type NotificationRouterFilterConfig + @join__type(graph: NOTIFICATION_ROUTER) +{ + notificationRouterCelExpression: String! +} + +""" +NotificationRouterFilterConfigInput is the input structure for creating a new filter configuration. +""" +input NotificationRouterFilterConfigInput + @join__type(graph: NOTIFICATION_ROUTER) +{ + notificationRouterCelExpression: String! +} + +""" +NotificationRouterIntegrationConfig is the structure for the integration configuration. +""" +type NotificationRouterIntegrationConfig + @join__type(graph: NOTIFICATION_ROUTER) +{ + notificationRouterIntegrationID: UUID! + notificationRouterIntegration: Integration + notificationRouterTemplateID: String + notificationRouterDestinationInfo: NotificationDestinationConfiguration +} + +""" +NotificationRouterIntegrationConfigInput is the input structure for creating a new integration configuration. +""" +input NotificationRouterIntegrationConfigInput + @join__type(graph: NOTIFICATION_ROUTER) +{ + notificationRouterIntegrationID: UUID! + notificationRouterTemplateID: String + users: [UUID!] + roles: [String!] + externalEmails: [String!] +} + +""" +NotificationSlackDestination represents a Slack destination or channel. +""" +type NotificationSlackDestination + @join__type(graph: NOTIFICATION_ROUTER) +{ + placeHolder: String +} + +""" +NotificationZoomDestination represents a Zoom Team Chat destination or channel. +""" +type NotificationZoomDestination + @join__type(graph: NOTIFICATION_ROUTER) +{ + placeHolder: String +} + +"""OrderDirection represents the ordering direction""" +enum OrderDirection + @join__type(graph: CLOUD_PROVIDERS) + @join__type(graph: SEARCH) +{ + """ASC is the ascending order""" + ASC @join__enumValue(graph: CLOUD_PROVIDERS) @join__enumValue(graph: SEARCH) + + """DESC is the descending order""" + DESC @join__enumValue(graph: CLOUD_PROVIDERS) @join__enumValue(graph: SEARCH) +} + +"""Represents a package containing a list of features.""" +type Package + @join__type(graph: ENTITLEMENTS) +{ + id: String! + name: String! + tier: String! + billingCycle: BillingCycle + plan: Plan +} + +""" +PageInfo provides pagination information as defined by [https://relay.dev/graphql/connections.htm](GraphQL Cursor Connections Specification) +""" +type PageInfo + @join__type(graph: CAOPERATIONS) + @join__type(graph: CERTIFICATE) + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: CLOUD_PROVIDERS) + @join__type(graph: COMPLIANCE_POLICY) + @join__type(graph: CUSTOM_REPORTING) + @join__type(graph: LEGACY) + @join__type(graph: MESSAGING) + @join__type(graph: NOTIFICATION_ROUTER) + @join__type(graph: OUTAGEDETECTION) + @join__type(graph: PROVISIONING) + @join__type(graph: SEARCH) + @join__type(graph: TAGGING) + @join__type(graph: TLSPK) +{ + """ + Indicates whether more edges exist following the set defined by the clients arguments. + """ + hasNextPage: Boolean! + + """ + Indicates whether more edges exist prior to the set defined by the clients arguments. + """ + hasPreviousPage: Boolean! + + """Cursor corresponding to the last node in edges.""" + endCursor: String + + """Cursor corresponding to the first node in edges.""" + startCursor: String +} + +"""Represents the input parameters for a PagerDuty integration.""" +input PagerDutyIntegrationInputParams + @join__type(graph: MESSAGING) +{ + IntegrationKey: String! +} + +"""Represents plan containing a list of features.""" +type Plan + @join__type(graph: ENTITLEMENTS) +{ + id: String! + name: String! +} + +"""Represents information about a plugin.""" +type Plugin + @join__type(graph: PLUGIN_SERVICE, key: "id") + @join__type(graph: PROVISIONING, key: "id", resolvable: false) +{ + """The plugin unique identifier.""" + id: ID! + + """The definition of the plugin's manifest.""" + manifest: JSON @join__field(graph: PLUGIN_SERVICE) + + """The name of the plugin.""" + name: String @join__field(graph: PLUGIN_SERVICE) +} + +type PolicyViolation + @join__type(graph: TLSPK) +{ + id: ID! + message: String! + description: String + remidiation: String + code: String! +} + +"""Product Roles""" +enum ProductRole + @join__type(graph: LEGACY) +{ + """Guest""" + GUEST @join__enumValue(graph: LEGACY) + + """PKI Administrator""" + PKI_ADMIN @join__enumValue(graph: LEGACY) + + """Resource Owner""" + RESOURCE_OWNER @join__enumValue(graph: LEGACY) +} + +"""Certificate public key information""" +union PublicKeyInformation + @join__type(graph: CERTIFICATE_INVENTORY) + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "RSAKeyInfo") + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "ECKeyInfo") + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "DSAKeyInfo") + @join__unionMember(graph: CERTIFICATE_INVENTORY, member: "GenericKeyInfo") + = RSAKeyInfo | ECKeyInfo | DSAKeyInfo | GenericKeyInfo + +"""Identifies a certificate's public key information type""" +enum PublicKeyInformationType + @join__type(graph: SEARCH) +{ + RSAKeyInfo @join__enumValue(graph: SEARCH) + ECKeyInfo @join__enumValue(graph: SEARCH) + DSAKeyInfo @join__enumValue(graph: SEARCH) + GenericKeyInfo @join__enumValue(graph: SEARCH) +} + +input PublicKeyInformationTypeFilter + @join__type(graph: SEARCH) +{ + """The string value we want to match""" + eq: PublicKeyInformationType + + """The string value we don't want to match""" + neq: PublicKeyInformationType + + """ + The list of strings that we want to assert whether the string value is included in the provided list + """ + in: [PublicKeyInformationType!] + + """ + The boolean value that we want to assert whether the field is null or not + """ + hasValue: Boolean +} + +"""The query root of Venafi Control Plane GraphQL interface.""" +type Query + @join__type(graph: CAOPERATIONS) + @join__type(graph: CERTIFICATE) + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: CLOUD_PROVIDERS) + @join__type(graph: CODESIGN) + @join__type(graph: COMPLIANCE_POLICY) + @join__type(graph: COMPUTED_FIELDS) + @join__type(graph: CUSTOM_REPORTING) + @join__type(graph: ENTITLEMENTS) + @join__type(graph: LEGACY) + @join__type(graph: MESSAGING) + @join__type(graph: NOTIFICATION_ROUTER) + @join__type(graph: OUTAGEDETECTION) + @join__type(graph: PLUGIN_SERVICE) + @join__type(graph: PROVISIONING) + @join__type(graph: SEARCH) + @join__type(graph: TAGGING) + @join__type(graph: TLSPK) + @join__type(graph: USAGEMETRIC) +{ + """Returns the certificate request with the given id""" + certificateRequest(id: ID!): CertificateRequest @join__field(graph: CAOPERATIONS) + + """ + Returns a list of certificate authority accounts. + - after: returns the certificate authority accounts in the list that come after the specified cursor + - before: returns the certificate authority accounts in the list that come before the specified cursor + - first: returns the first _n_ certificate authority accounts from the list + - last: returns the last _n_ certificate authority accounts from the list + """ + certificateAuthorityAccounts(after: String, before: String, first: Int, last: Int): CertificateAuthorityAccountConnection @join__field(graph: CAOPERATIONS) + + """ + Returns the result for specific bulk certificate revocation approval request. Every request has individual status. + """ + bulkCertificateRevocationApprovalRequestStatuses(operationId: ID!): [CertificateRevocationApprovalStatusObject] @join__field(graph: CAOPERATIONS) + + """ + Returns a list of trusted CA certificates. + - after: returns the trusted CA certificates in the list that come after the specified cursor + - before: returns the trusted CA certificates in the list that come before the specified cursor + - first: returns the first _n_ trusted CA certificates from the list + - last: returns the last _n_ trusted CA certificates from the list + """ + trustedCaCertificates(after: String, before: String, first: Int, last: Int): TrustedCaCertificatesConnection @join__field(graph: CERTIFICATE) + + """Deprecated, use `certificate` instead""" + getCertificate(fingerprint: ID!): Certificate @join__field(graph: CERTIFICATE_INVENTORY) @deprecated(reason: "Deprecated, use `certificate` instead") + + """ + Deprecated, use `certificates` instead. Get all certificates (no pagination) + """ + getAllCertificates: [Certificate!] @join__field(graph: CERTIFICATE_INVENTORY) @deprecated(reason: "Deprecated, use `certificates` instead") + + """Returns the certificate with the given fingerprint""" + certificate(fingerprint: ID!): Certificate @join__field(graph: CERTIFICATE_INVENTORY) + + """ + Get all certificates. The pagination can be either forward or backward. To enable forward pagination, two arguments + are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`. + If arguments for both forward and backward pagination are supplied, forward pagination will be used. If no arguments + are supplied, it returns the first page of 10 certificates (i.e. defaults `first` to 10). The result is sorted by + fingerprints in ascending order. + - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning + that we return the first page of certificates, if `first` value is supplied + - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value. + Max value is 100 + - before: returns the elements in the list that come before the specified cursor. By default is the empty string, + meaning that the results will be the last page, if `last` value is supplied + - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value. + Max value is 100 + """ + certificates(after: String, before: String, first: Int, last: Int): CertificateConnection @join__field(graph: CERTIFICATE_INVENTORY) + + """ + Retrieves Cloud Providers. + The pagination can be either forward or backward. To enable forward pagination, two arguments + are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`. + If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments + are supplied, it returns the first page of 10 cloud providers (i.e. defaults `first` to 10). The result is sorted by + the added on date in ascending order. + - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning + that we return the first page of cloud providers, if `first` value is supplied + - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value. + Max value is 100 + - before: returns the elements in the list that come before the specified cursor. By default is the empty string, + meaning that the results will be the last page, if `last` value is supplied + - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value. + Max value is 100 + """ + cloudProviders(after: String, before: String, first: Int, last: Int, filter: CloudProviderFilterInput, orderBy: CloudProviderOrderInput): CloudProviderConnection @join__field(graph: CLOUD_PROVIDERS) + + """ + Retrieves Cloud Keystores. + The pagination can be either forward or backward. To enable forward pagination, two arguments + are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`. + If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments + are supplied, it returns the first page of 10 cloud keystores (i.e. defaults `first` to 10). The result is sorted by + the added on date in ascending order. + - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning + that we return the first page of cloud providers, if `first` value is supplied + - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value. + Max value is 100 + - before: returns the elements in the list that come before the specified cursor. By default is the empty string, + meaning that the results will be the last page, if `last` value is supplied + - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value. + Max value is 100 + """ + cloudKeystores(after: String, before: String, first: Int, last: Int, filter: CloudKeystoreFilterInput, orderBy: CloudKeystoreOrderInput): CloudKeystoreConnection @join__field(graph: CLOUD_PROVIDERS) + + """ + Retrieves details for a Cloud Provider (like the available AWS regions) + """ + cloudProviderDetails(cloudProviderId: UUID!): CloudProviderDetails @join__field(graph: CLOUD_PROVIDERS) + + """ + Retrieves details for all KeyVaults assigned to the Azure subscriptionId provided + """ + azureKeyVaultDetails(cloudProviderId: UUID!, subscriptionId: String): [AzureKeyVault] @join__field(graph: CLOUD_PROVIDERS) + + """Retrieves available locations for the project name provided""" + gcpProjectLocations(cloudProviderId: UUID!, projectId: String): [GCPLocation] @join__field(graph: CLOUD_PROVIDERS) + + """Retrieves machine identities for a Cloud Keystore""" + cloudKeystoreMachineIdentities(cloudKeystoreId: UUID!): [MachineIdentity]! @join__field(graph: CLOUD_PROVIDERS) @deprecated(reason: "Deprecated, use `cloudMachineIdentities` instead") + + """ + Retrieves machine identities for a Cloud Keystore. + The pagination can be either forward or backward. To enable forward pagination, two arguments + are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`. + If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments + are supplied, it returns the first page of 10 machine identities (i.e. defaults `first` to 10). The result is sorted by + the added on date in descending order. + - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning + that we return the first page of certificates, if `first` value is supplied + - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value. + Max value is 1000 + - before: returns the elements in the list that come before the specified cursor. By default is the empty string, + meaning that the results will be the last page, if `last` value is supplied + - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value. + Max value is 1000 + """ + cloudMachineIdentities(after: String, before: String, first: Int, last: Int, filter: CloudMachineIdentitiesFilterInput): MachineIdentityConnection @join__field(graph: CLOUD_PROVIDERS) + + """ + SearchCompliancePolicies retrieves a list of compliance policies applying the filters. + """ + searchCompliancePolicies( + """After is used for pagination after a cursor""" + after: String + + """Before is used for pagination before a cursor""" + before: String + + """First is used for pagination of what the first element should be""" + first: Int + + """Last is used for pagination of what the last element should be""" + last: Int + + """Filter is used for search to return a specific set of data""" + filter: CompliancePolicySearchFilterInput + + """OrderBy is used for sorting by fields and direction""" + orderBy: [CompliancePolicyOrderInput!] + ): CompliancePolicyConnection! @join__field(graph: COMPLIANCE_POLICY) + + """ + CompliancePolicy retrieves a compliance policy associated with the ID provided + """ + compliancePolicy(id: UUID!): CompliancePolicy @join__field(graph: COMPLIANCE_POLICY) + + """ + CompliancePoliciesSummary retrieves a summary of all the clusters, detailing their respective counts and current statuses. + """ + compliancePoliciesSummary: CompliancePoliciesSummary @join__field(graph: COMPLIANCE_POLICY) + + """ + Get all report definitions. + The pagination can be either forward or backward. + To enable forward pagination, two arguments are used: `after` and `first`. + To enable backward pagination, two arguments are used: `before` and `last`. + + When arguments for both forward and backward pagination are supplied, forward pagination will be used. + When no arguments are supplied, it returns the first page of 10 reports (i.e. defaults `first` to 10). + """ + searchReportDefinition(after: String, before: String, first: Int, last: Int, filter: ReportDefinitionFilterInput): ReportDefinitionConnection @join__field(graph: CUSTOM_REPORTING) + + """Get report definition by id.""" + reportDefinition(id: UUID!): ReportDefinition @join__field(graph: CUSTOM_REPORTING) + + """Get the data contract to build the query""" + dataContract: String @join__field(graph: CUSTOM_REPORTING) + entitlement: Entitlement @join__field(graph: ENTITLEMENTS) + + """Retrieve a list of all users, service accounts and teams.""" + identities( + """Returns the elements in the list that come after the specified cursor.""" + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """Returns the first _n_ elements from the list.""" + first: Int + + """Returns the last _n_ elements from the list.""" + last: Int + ): IdentityConnection @join__field(graph: LEGACY) + + """Retrieve a list of all users.""" + users( + """Returns the elements in the list that come after the specified cursor.""" + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """Returns the first _n_ elements from the list.""" + first: Int + + """Returns the last _n_ elements from the list.""" + last: Int + ): UserConnection @join__field(graph: LEGACY) + + """Retrieve a list of all teams.""" + teams( + """Returns the elements in the list that come after the specified cursor.""" + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """Returns the first _n_ elements from the list.""" + first: Int + + """Returns the last _n_ elements from the list.""" + last: Int + + """Returns the teams that match the team filter input""" + filter: TeamFilterInput + ): TeamConnection @join__field(graph: LEGACY) + serviceAccounts( + """Returns the elements in the list that come after the specified cursor.""" + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """Returns the first _n_ elements from the list.""" + first: Int + + """Returns the last _n_ elements from the list.""" + last: Int + ): ServiceAccountConnection @join__field(graph: LEGACY) + userActiveApiKey: String @join__field(graph: LEGACY) + integrationTypes(after: UUID, before: UUID, first: Int, last: Int, orderBy: IntegrationOrderBy! = UUID): IntegrationTypeConnection! @join__field(graph: MESSAGING) + integrations(after: UUID, before: UUID, first: Int, last: Int, orderBy: IntegrationOrderBy! = UUID): IntegrationConnection! @join__field(graph: MESSAGING) + integration(id: UUID!): Integration @join__field(graph: MESSAGING) + searchExternalEmailRecipients(after: String, before: String, first: Int, last: Int, filter: ExternalEmailRecipientFilterInput, orderBy: ExternalEmailRecipientOrderBy! = address): ExternalEmailRecipientConnection! @join__field(graph: MESSAGING) + externalEmailRecipient(address: String!): ExternalEmailRecipient @join__field(graph: MESSAGING) + notificationRoutingConfiguration(id: UUID!): NotificationRouter @join__field(graph: NOTIFICATION_ROUTER) + searchNotificationRoutingConfigurations(before: String, after: String, first: Int, last: Int): NotificationRouterConnection @join__field(graph: NOTIFICATION_ROUTER) + + """ + Retrieve a list of applications. + - after: returns the applications in the list that come after the specified cursor + - before: returns the applications in the list that come before the specified cursor + - first: returns the first _n_ applications from the list + - last: returns the last _n_ applications from the list + """ + applications(after: String, before: String, first: Int, last: Int): ApplicationConnection @join__field(graph: OUTAGEDETECTION) + + """ + Search certificates repository. The pagination can be either forward or backward. To enable forward pagination, two + arguments are used: 'after' and 'first'. To enable backward pagination, two arguments are used: 'before' and 'last'. + If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments + are supplied, it returns the first page of 10 certificates (i.e. defaults 'first' to 10). The result is sorted by + fingerprints in ascending order. + - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning + that we return the first page of certificates, if 'first' value is supplied + - first: non-negative integer, denoting the first 'n' number of records to return after the 'after' cursor value. + Max value is 100 + - before: returns the elements in the list that come before the specified cursor. By default is the empty string, + meaning that the results will be the last page, if 'last' value is supplied + - last: non-negative integer, denoting the last 'n' number of records to return before the 'before' cursor value. + Max value is 100 + """ + searchCertificates(after: String, before: String, first: Int, last: Int, filter: SearchCertificateFilterInput, filterOn: CertificateSearchFilterInput, orderBy: [CertificateOrderInput!]): CertificateConnection! @join__field(graph: SEARCH) + + """ + Retrieve a list of tags. + - after: returns the tags in the list that come after the specified cursor + - before: returns the tags in the list that come before the specified cursor + - first: returns the first _n_ tags from the list + - last: returns the last _n_ tags from the list + """ + tags(after: String, before: String, first: Int, last: Int): TagConnection @join__field(graph: TAGGING) + + """SearchClusters retrieves a list of clusters applying the filters.""" + searchClusters(after: String, before: String, first: Int, last: Int, filter: ClusterFilterInput, orderBy: [ClusterOrderInput!]): ClusterConnection! @join__field(graph: TLSPK) + + """Cluster retrieves one cluster by ID.""" + cluster(id: ID!): Cluster @join__field(graph: TLSPK) + + """Retrieves the list of ClusterCertificateInstallations by cluster ID""" + clusterCertificateInstallations(clusterID: ID!, after: String, before: String, first: Int, last: Int): ClusterCertificateInstallationConnection @join__field(graph: TLSPK) + + """ + Retrieves a summary of all the clusters, detailing their respective counts and current statuses. + """ + clustersSummary: TlspkClustersSummary @join__field(graph: TLSPK) + + """ + Retrieves the list of labels contained in an installation: + * id: The ID of the secret/binding that has the labels/annotations assigned to + """ + clusterCertificateInstallation(id: ID!): ClusterCertificateInstallation @join__field(graph: TLSPK) +} + +""" +RecoverCertificateInput defines the input required for recovering a retired certificate +""" +input RecoverCertificateInput + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """The fingerprint for the certificate to recover""" + fingerprint: ID! +} + +""" +RecoverCertificatePayload holds the result of recovering a retired certificate +""" +type RecoverCertificatePayload + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """The fingerprint for the certificate that was recovered""" + fingerprint: ID! +} + +""" +RecoverCertificateInput defines the input required for recovering one or more retired certificates +""" +input RecoverCertificatesInput + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """List of certificates to recover""" + certificates: [RecoverCertificateInput!]! + + """ + An optional list of application IDs to associate with the recovered certificates + """ + applicationIds: [ID!] +} + +""" +RelatedCertificateOrderDirection represents the ordering direction for related certificates. +""" +enum RelatedCertificateOrderDirection + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """ASC is the ascending order""" + ASC @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """DESC is the descending order""" + DESC @join__enumValue(graph: CERTIFICATE_INVENTORY) +} + +""" +RelatedCertificateOrderField defines the fields that can be used for ordering the related certificates. +""" +enum RelatedCertificateOrderField + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """Order by field 'fingerprint'""" + FINGERPRINT @join__enumValue(graph: CERTIFICATE_INVENTORY) + + """Order by field 'archivedTime'""" + ARCHIVED_TIME @join__enumValue(graph: CERTIFICATE_INVENTORY) +} + +""" +RelatedCertificateOrderInput contains the ordering information for the related certificates. +""" +input RelatedCertificateOrderInput + @join__type(graph: CERTIFICATE_INVENTORY) +{ + field: RelatedCertificateOrderField! + direction: RelatedCertificateOrderDirection! +} + +"""Represents the report definition object""" +type ReportDefinition + @join__type(graph: CUSTOM_REPORTING) +{ + """The report definition unique identifier.""" + id: UUID! + + """The report name.""" + name: String! + + """The report description.""" + description: String + + """The query to be run for generating the report.""" + query: String! + + """User ID representing the user who created the report.""" + createdBy: UUID! + + """User ID representing the user who updated the report.""" + updatedBy: UUID! + + """The creation date of the report definition.""" + creationDate: DateTime + + """The date the report was last modified.""" + modificationDate: DateTime + + """Information regarding the report's last run if any.""" + lastReportInformation: ReportInformation +} + +"""A page of custom report results""" +type ReportDefinitionConnection + @join__type(graph: CUSTOM_REPORTING) +{ + """Current page information.""" + pageInfo: PageInfo! + + """Total number of report definitions (in all pages).""" + totalCount: Int! + + """Report Definitions in the current page, without cursor.""" + nodes: [ReportDefinition!] + + """Custom reports in the current page, with cursor.""" + edges: [ReportDefinitionEdge!] +} + +"""ReportDefinition together with its associated cursor""" +type ReportDefinitionEdge + @join__type(graph: CUSTOM_REPORTING) +{ + """The report definition.""" + node: ReportDefinition! + + """The cursor for the report definition.""" + cursor: String! +} + +"""Represents a report definition enum filter""" +input ReportDefinitionEnumFilterInput + @join__type(graph: CUSTOM_REPORTING) +{ + eq: ReportQueryRunStatus +} + +"""Represents a report definition field filter input""" +input ReportDefinitionFieldFilterInput + @join__type(graph: CUSTOM_REPORTING) +{ + name: StringFilterInput + createdBy: UUIDFilterInput + status: ReportDefinitionEnumFilterInput + and: [ReportDefinitionFieldFilterInput] + or: [ReportDefinitionFieldFilterInput] +} + +"""Represents the report definition filters input""" +input ReportDefinitionFilterInput + @join__type(graph: CUSTOM_REPORTING) +{ + and: [ReportDefinitionFieldFilterInput] + or: [ReportDefinitionFieldFilterInput] +} + +"""Represents a custom report's execution information""" +type ReportInformation + @join__type(graph: CUSTOM_REPORTING) +{ + """The report unique identifier.""" + id: UUID! + + """The query to be run for generating the report.""" + query: String! + + """The status of the report's query run.""" + status: ReportQueryRunStatus! + + """UUID for the user who triggered the report generation.""" + runBy: UUID! + + """The start date of the report definition's query run.""" + startDate: DateTime! + + """The completion date of the report definition's query run.""" + completionDate: DateTime + + """The error message for the report if generation failed""" + errorMessage: String +} + +"""Represents the status of the report generation""" +enum ReportQueryRunStatus + @join__type(graph: CUSTOM_REPORTING) +{ + NEW @join__enumValue(graph: CUSTOM_REPORTING) + PENDING @join__enumValue(graph: CUSTOM_REPORTING) + IN_PROGRESS @join__enumValue(graph: CUSTOM_REPORTING) + COMPLETED @join__enumValue(graph: CUSTOM_REPORTING) + FAILED @join__enumValue(graph: CUSTOM_REPORTING) + ABORTED @join__enumValue(graph: CUSTOM_REPORTING) +} + +""" +RetireCertificateInput defines the input required for retiring a certificate +""" +input RetireCertificateInput + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """The fingerprint for the certificate to retire""" + fingerprint: ID! +} + +"""RetireCertificatePayload holds the result of retiring a certificate""" +type RetireCertificatePayload + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """The fingerprint for the certificate that was retired""" + fingerprint: ID! +} + +""" +RetireCertificatesInput defines the input required for retiring one or more certificates +""" +input RetireCertificatesInput + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """List of certificates to retire""" + certificates: [RetireCertificateInput!]! + + """ + Indicate whether to add the certificates to the blocklist as well. If missing, defaults to false + """ + addToBlocklist: Boolean +} + +type Revocation + @join__type(graph: CAOPERATIONS) +{ + certificateAuthorityAccount: CertificateAuthorityAccount + status: RevocationStatus + reason: RevocationReason + comment: String + error: ErrorInformation + user: User + approvalDetails: ApprovalDetails +} + +input RevocationApprovalInformationFilter + @join__type(graph: SEARCH) +{ + """Includes is used for checking if elements are in list""" + includes: String + + """Excludes is used for checking if elements are not in list""" + excludes: String +} + +input RevocationFinalApprovalInformationFilter + @join__type(graph: SEARCH) +{ + """The string value we want to match""" + eq: String +} + +enum RevocationReason + @join__type(graph: CAOPERATIONS) +{ + UNSPECIFIED @join__enumValue(graph: CAOPERATIONS) + KEY_COMPROMISE @join__enumValue(graph: CAOPERATIONS) + AFFILIATION_CHANGED @join__enumValue(graph: CAOPERATIONS) + SUPERSEDED @join__enumValue(graph: CAOPERATIONS) + CESSATION_OF_OPERATION @join__enumValue(graph: CAOPERATIONS) +} + +"""Indicates the revocation status of a certificate""" +enum RevocationStatus + @join__type(graph: CAOPERATIONS) + @join__type(graph: SEARCH) +{ + SUBMITTED @join__enumValue(graph: CAOPERATIONS) @join__enumValue(graph: SEARCH) + FAILED @join__enumValue(graph: CAOPERATIONS) @join__enumValue(graph: SEARCH) + PENDING_APPROVAL @join__enumValue(graph: CAOPERATIONS) @join__enumValue(graph: SEARCH) + PENDING_FINAL_APPROVAL @join__enumValue(graph: CAOPERATIONS) @join__enumValue(graph: SEARCH) + REJECTED_APPROVAL @join__enumValue(graph: CAOPERATIONS) @join__enumValue(graph: SEARCH) +} + +input RevocationStatusFilter + @join__type(graph: SEARCH) +{ + """The string value we want to match""" + eq: RevocationStatus + + """ + The boolean value that we want to assert whether the boolean field is null or not + """ + hasValue: Boolean + + """ + The list of strings that we want to assert whether the string value is included in the provided list + """ + in: [RevocationStatus!] +} + +type RFC822Name + @join__type(graph: CERTIFICATE_INVENTORY) +{ + emailAddress: String! +} + +"""RSA public key information""" +type RSAKeyInfo + @join__type(graph: CERTIFICATE_INVENTORY) +{ + """Strength in bits""" + strength: Int! +} + +enum ScanType + @join__type(graph: OUTAGEDETECTION) +{ + USER @join__enumValue(graph: OUTAGEDETECTION) + EXTERNAL @join__enumValue(graph: OUTAGEDETECTION) + DOMAIN @join__enumValue(graph: OUTAGEDETECTION) + VALIDATION @join__enumValue(graph: OUTAGEDETECTION) + SMART_INTERNAL @join__enumValue(graph: OUTAGEDETECTION) + SMART_EXTERNAL @join__enumValue(graph: OUTAGEDETECTION) + SMART_VALIDATION_INTERNAL @join__enumValue(graph: OUTAGEDETECTION) + SMART_VALIDATION_EXTERNAL @join__enumValue(graph: OUTAGEDETECTION) +} + +"""SearchCertificateFilterInput filter argument for certificate search""" +input SearchCertificateFilterInput + @join__type(graph: SEARCH) +{ + """filter is a search expression based on the Certificate type""" + filter: String! +} + +"""A representation of an account for a machine""" +type ServiceAccount + @join__type(graph: LEGACY, key: "id") + @join__type(graph: OUTAGEDETECTION) + @join__type(graph: TLSPK, key: "id") +{ + """A unique identifier that identifies a specific service account.""" + id: ID! + + """The display name associated with this service account.""" + displayName: String @join__field(graph: LEGACY) + + """A flag representing if the service account is enabled or not.""" + enabled: Boolean @join__field(graph: LEGACY) + + """The team who owns this service account""" + owner: Team @join__field(graph: LEGACY) + + """Scopes that are assigned to this service account""" + scopes: [String] @join__field(graph: LEGACY) + usedByClusters: [Cluster!]! @join__field(graph: TLSPK) +} + +"""The connection type for ServiceAccount.""" +type ServiceAccountConnection + @join__type(graph: LEGACY) +{ + """A list of edges""" + edges: [ServiceAccountEdge!] + + """A list of nodes.""" + nodes: [ServiceAccount!] + + """Information to aid in pagination.""" + pageInfo: PageInfo! + + """Identifies the total count of service accounts in the connection.""" + totalCount: Int! +} + +"""An edge in the ServiceAccountConnection""" +type ServiceAccountEdge + @join__type(graph: LEGACY) +{ + """A cursor for use in pagination""" + cursor: ID! + + """The item at the end of the edge""" + node: ServiceAccount! +} + +"""Indicates the signature hash algorithm of a certificate""" +enum SignatureHashAlgorithm + @join__type(graph: SEARCH) +{ + GOST_R3410_2001 @join__enumValue(graph: SEARCH) + GOST_R3410_94 @join__enumValue(graph: SEARCH) + GOST_R3411_2012 @join__enumValue(graph: SEARCH) + MD2 @join__enumValue(graph: SEARCH) + MD5 @join__enumValue(graph: SEARCH) + SHA1 @join__enumValue(graph: SEARCH) + SHA224 @join__enumValue(graph: SEARCH) + SHA256 @join__enumValue(graph: SEARCH) + SHA384 @join__enumValue(graph: SEARCH) + SHA512 @join__enumValue(graph: SEARCH) + SHA3_256 @join__enumValue(graph: SEARCH) + SHA3_512 @join__enumValue(graph: SEARCH) + SM3 @join__enumValue(graph: SEARCH) + RIPEMD160 @join__enumValue(graph: SEARCH) + UNKNOWN @join__enumValue(graph: SEARCH) +} + +input SignatureHashAlgorithmFilter + @join__type(graph: SEARCH) +{ + """The string value we want to match""" + eq: SignatureHashAlgorithm + + """ + The list of strings that we want to assert whether the string value is included in the provided list + """ + in: [SignatureHashAlgorithm!] +} + +"""Represents a string filter""" +input StringFilterInput + @join__type(graph: CUSTOM_REPORTING) +{ + eq: String + contains: String + in: [String] +} + +"""Identifies certificate's subject alternative name type""" +enum SubjectAlternativeNameType + @join__type(graph: SEARCH) +{ + RFC822Name @join__enumValue(graph: SEARCH) + DNSName @join__enumValue(graph: SEARCH) + DirectoryName @join__enumValue(graph: SEARCH) + EdiPartyName @join__enumValue(graph: SEARCH) + UniformResourceIdentifier @join__enumValue(graph: SEARCH) + IPAddress @join__enumValue(graph: SEARCH) +} + +input SubjectAlternativeNameTypeFilter + @join__type(graph: SEARCH) +{ + """The subject alternative name type value we want to match""" + eq: SubjectAlternativeNameType + + """The subject alternative name type value we don't want to match""" + neq: SubjectAlternativeNameType + + """ + The list of subject alternative name types that we want to assert whether the string value is included in the provided list + """ + in: [SubjectAlternativeNameType!] + + """ + The boolean value that we want to assert whether the field is null or not + """ + hasValue: Boolean +} + +"""System Roles""" +enum SystemRole + @join__type(graph: LEGACY) +{ + """System Administrator""" + SYSTEM_ADMIN @join__enumValue(graph: LEGACY) +} + +"""Tag is used in matching rules and displays the key name""" +type Tag + @join__type(graph: COMPLIANCE_POLICY) + @join__type(graph: TAGGING) +{ + """Name refers to the name of the tag""" + name: String! +} + +type TagConnection + @join__type(graph: TAGGING) +{ + pageInfo: PageInfo! + totalCount: Int! + nodes: [Tag!] + edges: [TagEdge] +} + +type TagEdge + @join__type(graph: TAGGING) +{ + node: Tag! + cursor: String! +} + +"""TagMatchingRule wraps the Tag type to add included to it""" +type TagMatchingRule + @join__type(graph: COMPLIANCE_POLICY) +{ + """Tag is the reference to the tag to include or exclude""" + tag: Tag + + """ + Included states whether this tag should be included in matching for resources + """ + included: Boolean +} + +"""A team of users""" +type Team + @join__type(graph: CLOUD_PROVIDERS) + @join__type(graph: LEGACY, key: "id") + @join__type(graph: OUTAGEDETECTION) +{ + """A unique identifier that identifies a specific team.""" + id: ID! + + """The name of the team.""" + name: String! @join__field(graph: LEGACY) + + """The accounts that belogn to this team.""" + members( + """Returns the elements in the list that come after the specified cursor.""" + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """Returns the first _n_ elements from the list.""" + first: Int + + """Returns the last _n_ elements from the list.""" + last: Int + ): UserConnection! @join__field(graph: LEGACY) +} + +"""The connection type for Team""" +type TeamConnection + @join__type(graph: LEGACY) +{ + """A list of edges.""" + edges: [TeamEdge!] + + """A list of nodes.""" + nodes: [Team!] + + """Information to aid in pagination.""" + pageInfo: PageInfo! + + """Identifies the total count of teams in the connection.""" + totalCount: Int! +} + +"""An edge in a TeamConnection.""" +type TeamEdge + @join__type(graph: LEGACY) +{ + """A cursor for use in pagination.""" + cursor: ID! + + """The item at the end of the edge.""" + node: Team! +} + +input TeamFilterAttributesInput + @join__type(graph: LEGACY) +{ + """Filter by user id within team's members""" + userId: TeamListFilter +} + +input TeamFilterInput + @join__type(graph: LEGACY) +{ + """Filter by matching ALL the supplied filter inputs""" + and: [TeamFilterAttributesInput!] +} + +input TeamListFilter + @join__type(graph: LEGACY) +{ + """The string value that we want to assert whether it is within the list""" + includes: String +} + +enum TlspkCertManagerIssuerKind + @join__type(graph: TLSPK) +{ + CLUSTER @join__enumValue(graph: TLSPK) + NAMESPACE @join__enumValue(graph: TLSPK) +} + +type TlspkClustersCertificatesOverviewCategory + @join__type(graph: TLSPK) +{ + id: String + count: Int +} + +type TlspkClustersCertificatesOverviewWidget + @join__type(graph: TLSPK) +{ + """ + totalCount is the number of long, short and ultra short lived certificates found in clusters + """ + totalCount: Int + + """ + categories is the list of long, short and ultra short lived certificates found in clusters + """ + categories: [TlspkClustersCertificatesOverviewCategory] +} + +type TlspkClustersCertManagerIssuersType + @join__type(graph: TLSPK) +{ + issuerType: String + count: Int + kind: TlspkCertManagerIssuerKind +} + +type TlspkClustersCertManagerIssuersWidget + @join__type(graph: TLSPK) +{ + """ + totalCount is the number of venafi and non-venafi cert-manager issuers found in clusters + """ + totalCount: Int + + """ + nonVenafiIssuers is the number of non-venafi cert-manager issuers found in clusters + """ + nonVenafiIssuers: Int + + """types is the list of venafi and non-venafi issuers found in clusters""" + types: [TlspkClustersCertManagerIssuersType] +} + +type TlspkClustersIngressesCategory + @join__type(graph: TLSPK) +{ + id: String + count: Int +} + +type TlspkClustersIngressesWidget + @join__type(graph: TLSPK) +{ + """totalCount is the number of ingresses found in clusters""" + totalCount: Int + + """ + unhealthy is the number of ingresses found in clusters that have certificates that are expired or soon to expire + """ + unhealthy: Int + + """ + categories is the list of ingresses found in clusters that have certificates that are expired or soon to expire + """ + categories: [TlspkClustersIngressesCategory] +} + +type TlspkClustersLLCertsNotManagedByCertManagerCategory + @join__type(graph: TLSPK) +{ + id: String + count: Int +} + +type TlspkClustersLLCertsNotManagedByCertManagerWidget + @join__type(graph: TLSPK) +{ + """totalCount is the number of long lived certificates found in clusters""" + totalCount: Int + + """ + notManagedByCertManager is the number of long lived certfiicates found in clusters that are not managed by Cert-Manager + """ + notManagedByCertManager: Int + + """ + categories is the list of long lived certificates found in clusters that are either managed by Cert-Manager or not managed by Cert-Manager + """ + categories: [TlspkClustersLLCertsNotManagedByCertManagerCategory] +} + +type TlspkClustersLongLivedCertificatesCategory + @join__type(graph: TLSPK) +{ + id: String + count: Int +} + +type TlspkClustersLongLivedCertificatesWidget + @join__type(graph: TLSPK) +{ + """totalCount is the number of long lived certificates found in clusters""" + totalCount: Int + + """ + unhealthy is the number of long lived certificates found in clusters that are expired, soon to expire or not managed by cert manager + """ + unhealthy: Int + + """ + categories is the list of long lived certificates found in clusters that are expired, soon to expire or not managed by cert manager + """ + categories: [TlspkClustersLongLivedCertificatesCategory] +} + +type TlspkClustersOverviewCategory + @join__type(graph: TLSPK) +{ + id: String + count: Int +} + +type TlspkClustersOverviewWidget + @join__type(graph: TLSPK) +{ + """totalCount is the number of clusters with any status except DELETED""" + totalCount: Int + + """ + unhealthy is the number of clusters with status INACTIVE or WAITING_FOR_FIRST_CONTACT + """ + unhealthy: Int + + """ + categories is the list of clusters with status INACTIVE or WAITING_FOR_FIRST_CONTACT + """ + categories: [TlspkClustersOverviewCategory] +} + +type TlspkClustersSummary + @join__type(graph: TLSPK) +{ + clusters: TlspkClustersOverviewWidget + clustersCertificates: TlspkClustersCertificatesOverviewWidget + clustersLongLivedCertificates: TlspkClustersLongLivedCertificatesWidget + clustersLLCertsNotManagedByCertManager: TlspkClustersLLCertsNotManagedByCertManagerWidget + ingresses: TlspkClustersIngressesWidget + certManagerIssuers: TlspkClustersCertManagerIssuersWidget +} + +enum TLSProtocol + @join__type(graph: OUTAGEDETECTION) +{ + """SSL v2""" + SSL_V2 @join__enumValue(graph: OUTAGEDETECTION) + + """SSL v3""" + SSL_V3 @join__enumValue(graph: OUTAGEDETECTION) + + """TLS v1.0""" + TLS_V1 @join__enumValue(graph: OUTAGEDETECTION) + + """TLS v1.1""" + TLS_V1_1 @join__enumValue(graph: OUTAGEDETECTION) + + """TLS v1.2""" + TLS_V1_2 @join__enumValue(graph: OUTAGEDETECTION) + + """TLS v1.3""" + TLS_V1_3 @join__enumValue(graph: OUTAGEDETECTION) +} + +type TLSServerEndpoint + @join__type(graph: OUTAGEDETECTION) +{ + id: ID! + scanType: ScanType! + ipAddress: IP! + port: Int! + serverName: FQDN + lastSeenTime: DateTime! + tlsProtocols: [TLSProtocol!] + deploymentStatus: DeploymentStatus + chainValidationErrors: [ValidationError!] + tlsValidationError: ValidationError + lastAttemptTime: DateTime +} + +type TLSServerEndpointConnection + @join__type(graph: COMPUTED_FIELDS) + @join__type(graph: OUTAGEDETECTION) +{ + tlsServerEndpointsErrorCount: ValidationErrorCount! + pageInfo: PageInfo! @join__field(graph: OUTAGEDETECTION) + totalCount: Int! @join__field(graph: OUTAGEDETECTION) + nodes: [TLSServerEndpoint!] @join__field(graph: OUTAGEDETECTION) + edges: [TLSServerEndpointEdge] @join__field(graph: OUTAGEDETECTION) +} + +type TLSServerEndpointEdge + @join__type(graph: OUTAGEDETECTION) +{ + node: TLSServerEndpoint! + cursor: String! +} + +type TLSValidationError implements ValidationError + @join__implements(graph: OUTAGEDETECTION, interface: "ValidationError") + @join__type(graph: OUTAGEDETECTION) +{ + message: String + arguments: [String!] + errorType: TLSValidationErrorType +} + +""" +Identifies the tls validation error type associated with a tls server endpoint +""" +enum TLSValidationErrorType + @join__type(graph: OUTAGEDETECTION) + @join__type(graph: SEARCH) +{ + INVALID_CERTIFICATE_FOUND @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + OLD_VERSION_CERTIFICATE_FOUND @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + UNEXPECTED_CERTIFICATE_FOUND @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + NO_CERTIFICATE_PRESENTED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + TARGET_UNREACHABLE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + HOSTNAME_NOT_RESOLVABLE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) + UNKNOWN_ERROR @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH) +} + +input TLSValidationErrorTypeFilter + @join__type(graph: SEARCH) +{ + """The tls validation error type value we want to match""" + eq: TLSValidationErrorType + + """The tls validation error type value we don't want to match""" + neq: TLSValidationErrorType + + """ + The list of tls validation error types that we want to assert whether the string value is included in the provided list + """ + in: [TLSValidationErrorType!] + + """ + The boolean value that we want to assert whether the field is null or not + """ + hasValue: Boolean +} + +""" +TrustedCaCertificate is the trusted CA certificate that is trusted by the user for use in issuing certificates +""" +type TrustedCaCertificate + @join__type(graph: CERTIFICATE, key: "fingerprint") + @join__type(graph: COMPLIANCE_POLICY, key: "fingerprint", resolvable: false) +{ + """Fingerprint of the trusted CA certificate""" + fingerprint: ID! + + """ + CertificateType defines what type of certificate the trusted CA cert is + """ + certificateType: CertificateType! @join__field(graph: CERTIFICATE) + + """Source defines how the certificate was loaded into the system""" + source: TrustedCACertificateSource! @join__field(graph: CERTIFICATE) + + """SubjectCN of the trusted CA certificate""" + subjectCN: [String]! @join__field(graph: CERTIFICATE) +} + +""" +TrustedCaCertificatesConnection is used to provide pagination to trusted CA certificates +""" +type TrustedCaCertificatesConnection + @join__type(graph: CERTIFICATE) +{ + """PageInfo is information for pagination""" + pageInfo: PageInfo! + + """TotalCount of trusted CA certificates""" + totalCount: Int! + + """Nodes of the trusted CA certificate connection for paginated results""" + nodes: [TrustedCaCertificate!] + + """Edges of the trusted CA certificate connection for linking""" + edges: [TrustedCaCertificatesEdge] +} + +""" +TrustedCaCertificatesEdge is used for the TrustedCaCertificatesConnection edges +""" +type TrustedCaCertificatesEdge + @join__type(graph: CERTIFICATE) +{ + """Node of the trusted CA certificate connection""" + node: TrustedCaCertificate! + + """Cursor is the link to the next edge""" + cursor: String! +} + +""" +TrustedCACertificateSource defines how the certificate was loaded into the system +""" +enum TrustedCACertificateSource + @join__type(graph: CERTIFICATE) +{ + GLOBALLY_TRUSTED @join__enumValue(graph: CERTIFICATE) + USER_PROVIDED @join__enumValue(graph: CERTIFICATE) +} + +""" +TrustedCAEvaluationRule wraps the Trusted CA type to add included to it +""" +type TrustedCAEvaluationRule + @join__type(graph: COMPLIANCE_POLICY) +{ + """TrustedCA is the reference to the Trusted CA to include or exclude""" + trustedCA: TrustedCaCertificate + + """ + Included states whether this Trusted CA should be included in matching for resources + """ + included: Boolean +} + +type UniformResourceIdentifier + @join__type(graph: CERTIFICATE_INVENTORY) +{ + uri: URI! +} + +""" +UpdateExternalEmailRecipientInput represents the input for updating an external email recipient. +Name is limited to 256 characters. +Address is not updated (it is the search key) and cannot exceed 254 characters and should be a proper email address. +""" +input UpdateExternalEmailRecipientInput + @join__type(graph: MESSAGING) +{ + name: String + address: String! + enabled: Boolean +} + +"""Represents the input for updating a PagerDuty integration.""" +input UpdatePagerDutyIntegrationInput + @join__type(graph: MESSAGING) +{ + id: UUID! + name: String + pagerDutyParams: PagerDutyIntegrationInputParams +} + +"""ReportDefinition update request input.""" +input UpdateReportDefinitionInput + @join__type(graph: CUSTOM_REPORTING) +{ + """The report name.""" + name: String + + """The report description.""" + description: String +} + +"""Represents the input for updating a Zoom Team Chat integration.""" +input UpdateZoomTeamChatIntegrationInput + @join__type(graph: MESSAGING) +{ + id: UUID! + name: String + zoomTeamChatParams: ZoomTeamChatIntegrationInputParams +} + +""" +A field whose value conforms to the standard URI format as specified in RFC3986 +""" +scalar URI + @join__type(graph: CERTIFICATE_INVENTORY) + +"""Represents the usage metrics per billing plan""" +type Usage + @join__type(graph: USAGEMETRIC) +{ + billingPlan: String! + metrics: [UsageMetric]! +} + +""" +Represents a metric where the key is the metric name and the value is the metric value +""" +type UsageMetric + @join__type(graph: USAGEMETRIC) +{ + key: String! + value: String! +} + +"""Represents the usage metrics""" +type UsageMetrics + @join__type(graph: USAGEMETRIC) +{ + calculatedAt: DateTime + usage: [Usage] +} + +"""A representation of a human user account.""" +type User + @join__type(graph: CAOPERATIONS) + @join__type(graph: CLOUD_PROVIDERS) + @join__type(graph: LEGACY, key: "id") + @join__type(graph: OUTAGEDETECTION) +{ + """A unique identifier that identifies a specific user.""" + id: ID! + + """ + The username associated with this user. Note that the username is the user's email address. + """ + username: String! @join__field(graph: LEGACY) + + """The user's given name.""" + firstName: String @join__field(graph: LEGACY) + + """The user's surname.""" + lastName: String @join__field(graph: LEGACY) +} + +"""The connection type for User.""" +type UserConnection + @join__type(graph: LEGACY) +{ + """A list of edges""" + edges: [UserEdge!] + + """A list of nodes.""" + nodes: [User!] + + """Information to aid in pagination.""" + pageInfo: PageInfo! + + """Identifies the total count of users in the connection.""" + totalCount: Int! +} + +"""An edge in the UserConnection""" +type UserEdge + @join__type(graph: LEGACY) +{ + """A cursor for use in pagination""" + cursor: ID! + + """The item at the end of the edge""" + node: User! +} + +"""User status""" +enum UserStatus + @join__type(graph: LEGACY) +{ + """Active""" + ACTIVE @join__enumValue(graph: LEGACY) + + """Inactive""" + INACTIVE @join__enumValue(graph: LEGACY) + + """Pending Activation""" + PENDING_ACTIVATION @join__enumValue(graph: LEGACY) +} + +"""A field whose value is a generic Universally Unique Identifier.""" +scalar UUID + @join__type(graph: CAOPERATIONS) + @join__type(graph: CERTIFICATE) + @join__type(graph: CLOUD_PROVIDERS) + @join__type(graph: COMPLIANCE_POLICY) + @join__type(graph: CUSTOM_REPORTING) + @join__type(graph: ENTITLEMENTS) + @join__type(graph: LEGACY) + @join__type(graph: MESSAGING) + @join__type(graph: NOTIFICATION_ROUTER) + @join__type(graph: OUTAGEDETECTION) + @join__type(graph: USAGEMETRIC) + +"""Represents a UUID filter""" +input UUIDFilterInput + @join__type(graph: CUSTOM_REPORTING) +{ + in: [UUID] +} + +interface ValidationError + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: OUTAGEDETECTION) +{ + message: String + arguments: [String!] +} + +type ValidationErrorCount + @join__type(graph: CERTIFICATE_INVENTORY) + @join__type(graph: COMPUTED_FIELDS) + @join__type(graph: OUTAGEDETECTION) +{ + warnings: Int! + alerts: Int! +} + +type WorkflowResult + @join__type(graph: CLOUD_PROVIDERS) +{ + workflowName: String! + workflowId: UUID! +} + +"""Represents the input parameters for a Zoom Team Chat integration.""" +input ZoomTeamChatIntegrationInputParams + @join__type(graph: MESSAGING) +{ + webhookURL: String! + verificationToken: String! +} \ No newline at end of file