schema.graphql

"""@auth indicates that the specified query / mutation / subscription requires user authentication"""
directive @auth on FIELD_DEFINITION

directive @constraint(
	tag: String!
	pattern: String!
	example: String!
) on ENUM_VALUE

"""Directs the executor to defer this fragment when the `if` argument is true or undefined."""
directive @defer(
"""Deferred when true or undefined."""
	if: Boolean
"""Unique name"""
	label: String
) on FRAGMENT_SPREAD | INLINE_FRAGMENT

"""Marks an element of a GraphQL schema as no longer supported."""
directive @deprecated(
"""Explains why this element was deprecated, usually also including a suggestion for how to access supported similar data. Formatted using the Markdown syntax, as specified by [CommonMark](https://commonmark.org/)."""
	reason: String
) on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | ENUM_VALUE

directive @goField(
	forceResolver: Boolean
	name: String
) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION

directive @httpError(
	statusCode: Int!
) on ENUM_VALUE

"""Directs the executor to include this field or fragment only when the `if` argument is true."""
directive @include(
"""Included when true."""
	if: Boolean!
) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT

"""@noRole indicates that the specified query / mutation / subscription can be executed regardless of the user's roles.
This practically means that the query will not allow accessing any org-specific data."""
directive @noRole on FIELD_DEFINITION

"""@noauth indicates that the specified query / mutation / subscription can be executed anonymously without
user authentication, meaning anyone and everyone can execute it. USE WITH CAUTION.
user authentication, meaning anyone and everyone can execute it. USE WITH CAUTION."""
directive @noauth on FIELD_DEFINITION

"""Indicates exactly one field must be supplied and this field must not be `null`."""
directive @oneOf on INPUT_OBJECT

"""@requiresRole indicates that the specified query / mutation / subscription requires any of the provided roles to be executed.
Users without any of the specified roles will not be able to execute the query / mutation / subscription."""
directive @requiresRole(
	roles: [AuthRole!]!
) on FIELD_DEFINITION

directive @restApiField(
	action: ApiFieldAction
) on FIELD_DEFINITION

directive @restApiRoute(
	method: ApiMethod!
	path: String!
	tags: [String!]!
) on FIELD_DEFINITION

"""Directs the executor to skip this field or fragment when the `if` argument is true."""
directive @skip(
"""Skipped when true."""
	if: Boolean!
) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT

"""Exposes a URL that specifies the behavior of this scalar."""
directive @specifiedBy(
"""The URL that specifies the behavior of this scalar."""
	url: String!
) on SCALAR

"""@validate should be applied on API input fields / arguments, to enforce API input validation.
See https://github.com/go-playground/validator for possible built-in constraints,
and github.com/otterize/cloud/src/backend-service/pkg/lib/graphql/directives for custom contraints."""
directive @validate(
	constraint: String
	customConstraint: CustomConstraint
) on INPUT_FIELD_DEFINITION | ARGUMENT_DEFINITION

type AWSCustomer {
	awsAccountId: String!
}

type AWSGeneralResource {
	resource: String!
	isWildcard: Boolean!
}

type AWSInfo {
	region: String!
	namespace: String!
	eksClusterName: String!
	awsAccountId: String!
}

input AWSInfoInput {
	clusterId: ID!
	region: String!
	namespace: String!
	eksClusterName: String!
	awsAccountId: String!
}

type AWSResource {
	type: AWSResourceType!
	info: AWSResourceInfo!
}

union AWSResourceInfo =AWSS3Resource | AWSGeneralResource

enum AWSResourceType {
	GENERAL
	S3
}

type AWSS3Resource {
	bucketName: String!
}

type AWSVisibility {
	arn: String!
	resourceType: AWSVisibilityResourceType!
	name: String!
	lbArn: String
	domain: String
	ips: [String!]!
	eksIngressName: String
	region: String!
}

enum AWSVisibilityResourceType {
	EKS
}

type AWSVisibilitySettings {
	isActive: Boolean!
	awsAccountId: String!
	externalId: String!
	regions: [String!]!
}

input AWSVisibilitySettingsInput {
	isActive: Boolean!
	awsAccountId: String!
	regions: [String!]!
}

type AccessApprovalRuleset {
	id: ID!
	order: Int!
	origin: AccessApprovalRulesetFilter!
	target: AccessApprovalRulesetFilter!
	action: AccessApprovalRulesetAction!
}

enum AccessApprovalRulesetAction {
	AUTO_APPROVE
	AUTO_DENY
	REQUIRE_APPROVAL
}

type AccessApprovalRulesetFilter {
	clusterIds: IDFilterValue
	serviceIds: IDFilterValue
	namespaceIds: IDFilterValue
	environmentIds: IDFilterValue
}

enum AccessApprovalRulesetFilterValue {
	ANY
}

type AccessApprovalRulesetResources {
	clusters: [Cluster!]!
	services: [Service!]!
	namespaces: [Namespace!]!
}

type AccessApprovalRulesetSummary {
	environment: Environment!
	count: Int!
}

type AccessGraph {
	filter: AccessGraphFilter!
"""Clusters for which there are results"""
	clusters: [Cluster!]!
	serviceAccessGraphs: [ServiceAccessGraph!]!
	serviceCount: Int!
}

type AccessGraphEdge {
	client: Service!
	server: Service!
	discoveredIntents: [Intent!]!
	appliedIntents: [Intent!]!
	accessStatus: EdgeAccessStatus!
	accessStatuses: EdgeAccessStatuses!
	findings: [CallFinding!]!
	traffic: TrafficLevel!
}

""" Access graph filter """
type AccessGraphFilter {
	clusterIds: IDFilterValue
	serviceIds: IDFilterValue
	namespaceIds: IDFilterValue
	environmentIds: IDFilterValue
	lastSeen: TimeFilterValue
	featureFlags: FeatureFlags
	includeOnlyClientsMatchingFilter: Boolean
	hits: NumericFilterValue
}

type AccessLog {
	clusters: [Cluster!]!
	namespaces: [Namespace!]!
	entries: [AccessLogEdge!]!
	timeRange: TimeRange!
	totalCount: Int!
}

type AccessLogEdge {
	timestamp: Time!
	client: Service!
	server: Service!
	appliedIntents: [Intent!]
	originIntent: Intent!
	dns: String!
	accessStatus: EdgeAccessStatus!
}

""" This enum should be removed after removing allowExternalTrafficPolicy from IntentsOperatorConfigurationInput, it is here for backward compatibility """
enum AllowExternalTrafficPolicy {
	OFF
	ALWAYS
	IF_BLOCKED_BY_OTTERIZE
}

enum ApiFieldAction {
"""Do nothing, expose models to the REST API as id-only structs (Default behaviour)"""
	COLLAPSE_MODEL
"""Expand model field, returning its full data and not just its ID"""
	EXPAND_MODEL
"""Drop this field from the REST API"""
	DROP_FIELD
}

enum ApiMethod {
	GET
	POST
	PUT
	PATCH
	DELETE
}

"""applied intents request"""
input AppliedIntentsRequestApprovalData {
"""applied intents request"""
	approved: Boolean!
"""applied intents request"""
	reason: String!
}

type AppliedIntentsRequestStatus {
	id: ID!
	resourceId: String!
	generation: Int!
"""client"""
	service: Service!
	timestamp: Time!
	status: AppliedIntentsRequestStatusLabel!
	reason: String
}

enum AppliedIntentsRequestStatusLabel {
	PENDING
	APPROVED
	DENIED
	STALE
}

type AppliedIntentsRequestWithDetails {
	id: ID!
	clientService: Service!
	serverServices: [Service!]!
	timestamp: Time!
	status: AppliedIntentsRequestStatusLabel!
	reason: String
	clientIntents: ClientIntentsFileRepresentation!
}

enum AuthRole {
	ADMIN
	VIEWER
}

type AutoApproveMoreRestrictiveIntentsByEnv {
	environmentId: ID!
	enabled: Boolean!
}

enum AutomateThirdPartyNetworkPolicy {
	OFF
	ALWAYS
	IF_BLOCKED_BY_OTTERIZE
}

enum AutomatedThirdPartyPolicyTypes {
	EXTERNAL_TRAFFIC
	METRICS_TRAFFIC
	WEBHOOK_TRAFFIC
}

enum AwsIamStep {
	CREATE_CLUSTER
	CONNECT_CLUSTER
	DEPLOY_OTTERIZE_FOR_AWS_IAM
	CREATE_S3_BUCKET
	DEPLOY_SAMPLE_SERVER
	VIEW_LOGS
	LABEL_THE_SERVER_POD
	SEE_THE_CREATED_ROLE
	SEE_THE_SERVICE_ACCOUNT
	APPLY_INTENTS
	QUERY_S3_BUCKET_CONTENT
	COMPLETED
}

type AzureInfo {
	tenantId: String!
	subscriptionId: String!
	resourceGroup: String!
	aksClusterName: String!
	namespace: String!
}

input AzureInfoInput {
	clusterId: ID!
	tenantId: String!
	subscriptionId: String!
	resourceGroup: String!
	aksClusterName: String!
	namespace: String!
}

type AzureKeyVaultPolicy {
	certificatePermissions: [String!]
	keyPermissions: [String!]
	secretPermissions: [String!]
	storagePermissions: [String!]
}

input AzureKeyVaultPolicyInput {
	certificatePermissions: [String!]
	keyPermissions: [String!]
	secretPermissions: [String!]
	storagePermissions: [String!]
}

type AzureResource {
	resource: String!
}

type BasicEntity {
	id: ID!
	name: String!
}

"""The `Boolean` scalar type represents `true` or `false`."""
scalar Boolean

input CLICommand {
	noun: String!
	verb: String!
	modifiers: [String!]
}

input CLIIdentifier {
	version: String!
	contextId: String!
	cloudClientId: String
}

input CLITelemetry {
	identifier: CLIIdentifier!
	command: CLICommand!
}

type CallFinding {
	standard: RegulationStandard!
	code: RegulationCode!
	reason: String!
}

input CertificateCustomization {
	dnsNames: [String!]
	ttl: Int
}

type CertificateInformation {
	commonName: String!
	dnsNames: [String!]
	ttl: Int
}

enum CertificateProvider {
	SPIRE
	CERT_MANAGER
	CLOUD
	NONE
}

input ChannelInfoInput {
	channelName: String!
}

input ClientIPConfig {
	timeoutSeconds: Int
}

type ClientIntentAccessStatus {
	total: Int!
	allowed: Int!
	blocked: Int!
	wouldBeBlocked: Int!
}

type ClientIntentEvent {
	firstTimestamp: Time
	lastTimestamp: Time
	reportingComponent: String
	count: Int!
	type: String!
	reason: String!
	message: String!
}

input ClientIntentEventInput {
	clientName: String!
	clientWorkloadKind: String
	namespace: String!
	name: String!
	labels: [KeyValueInput!]
	annotations: [KeyValueInput!]
	count: Int!
	clientIntentName: String!
	firstTimestamp: Time
	lastTimestamp: Time
	reportingComponent: String
	reportingInstance: String
	sourceComponent: String
	type: String!
	reason: String!
	message: String!
}

type ClientIntentStatus {
	clientIntentName: String!
	generation: Int!
	timestamp: Time!
	observedGeneration: Int!
	upToDate: Boolean!
}

input ClientIntentStatusInput {
	namespace: String!
	clientName: String!
	clientWorkloadKind: String
	clientIntentName: String!
	generation: Int!
	timestamp: Time!
	observedGeneration: Int!
	upToDate: Boolean!
}

type ClientIntentsFileRepresentation {
	fileName: String!
	namespacedFileName: String!
	service: Service!
	rows: [ClientIntentsRow!]!
	content: String!
}

type ClientIntentsFiles {
	files: [ClientIntentsFileRepresentation!]!
	mergedYAMLFile: MergedYAMLFile
}

type ClientIntentsRow {
	text: String!
	diff: RowDiff
	calledServerId: ID
}

type CloudIam {
	awsRoles: [String!]
}

type Cluster {
	id: ID!
	name: String!
	configuration: ClusterConfiguration
	namespaces: [Namespace!]!
	serviceCount: Int!
	integration: Integration
	integrations: [Integration!]!
	defaultEnvironment: Environment
	components: IntegrationComponents!
	createdAt: Time!
}

type ClusterConfiguration {
	globalDefaultDeny: Boolean!
	istioGlobalDefaultDeny: Boolean!
	linkerdGlobalDefaultDeny: Boolean!
	useNetworkPoliciesInAccessGraphStates: Boolean!
	useIstioPoliciesInAccessGraphStates: Boolean!
	useLinkerdPoliciesInAccessGraphStates: Boolean!
	useKafkaACLsInAccessGraphStates: Boolean!
	useAWSIAMInAccessGraphStates: Boolean!
	useGCPIAMInAccessGraphStates: Boolean!
	useAzureIAMInAccessGraphStates: Boolean!
	useDatabaseInAccessGraphStates: Boolean!
	clusterFormSettings: ClusterFormSettings!
}

input ClusterConfigurationInput {
	globalDefaultDeny: Boolean!
	istioGlobalDefaultDeny: Boolean
	linkerdGlobalDefaultDeny: Boolean
	useNetworkPoliciesInAccessGraphStates: Boolean!
	useIstioPoliciesInAccessGraphStates: Boolean!
	useLinkerdPoliciesInAccessGraphStates: Boolean!
	useKafkaACLsInAccessGraphStates: Boolean!
	useAWSIAMInAccessGraphStates: Boolean
	useGCPIAMInAccessGraphStates: Boolean
	useAzureIAMInAccessGraphStates: Boolean
	useDatabaseInAccessGraphStates: Boolean
	clusterFormSettings: ClusterFormSettingsInput
}

type ClusterFinding {
	cluster: Cluster!
	reason: String!
	reasonId: String!
	intentsOperatorState: IntentsOperatorState
	relatedServices: [Service!]
}

type ClusterFormSettings {
	certificateProvider: CertificateProvider!
	enforcement: Boolean!
}

input ClusterFormSettingsInput {
	certificateProvider: CertificateProvider!
	enforcement: Boolean!
}

input Component {
	componentType: TelemetryComponentType!
	componentInstanceId: ID!
	contextId: ID!
	version: String!
	cloudClientId: String
}

type ComponentStatus {
	type: ComponentStatusType!
	lastSeen: Time
}

enum ComponentStatusType {
	NOT_INTEGRATED
	CONNECTED
	DISCONNECTED
}

enum ComponentType {
	INTENTS_OPERATOR
	CREDENTIALS_OPERATOR
	NETWORK_MAPPER
}

input ConnectionsCount {
	current: Int!
	removed: Int!
	added: Int!
}

type CreateGitHubIntegrationResponse {
	integration: Integration!
	nextURL: String!
}

type CreateGitLabIntegrationResponse {
	integration: Integration!
	nextURL: String!
}

type CreateSIEMIntegrationResponse {
	integration: Integration!
}

type CreateSlackIntegrationResponse {
	integration: Integration!
	nextURL: String!
}

type CredentialsOperatorComponent {
	type: ComponentType!
	status: ComponentStatus!
}

"""The set of custom constraints supported by our API schema."""
enum CustomConstraint {
	CUSTOM_NAME
	K8S_NAME
	LABEL_NAME
	NONEMPTY
	ID
}

input DNSIPPairInput {
	dnsName: String
	ips: [String!]
}

type Dashboard {
	findings: [FindingSummary!]!
	summary: DashboardData!
}

type DashboardData {
	findingsCount: Int!
	nonCompliantClusters: Fraction!
	nonCompliantWorkloads: Fraction!
	overallCompliance: Fraction!
	nonCompliantStandards: Fraction!
	nonCompliantControls: Fraction!
}

type DashboardV2 {
	dashboard: DashboardData!
	findings: [FindingSummaryV2!]!
}

type DatabaseConfig {
	dbname: String!
	table: String!
	operations: [DatabaseOperation!]
}

input DatabaseConfigInput {
	dbname: String!
	table: String
	operations: [DatabaseOperation!]
}

type DatabaseInfo {
	databaseType: DatabaseType!
	address: String!
	username: String!
	visibility: DatabaseVisibilitySettings
}

input DatabaseInfoInput {
	databaseType: DatabaseType!
	address: String!
	visibility: DatabaseVisibilitySettingsInput
}

enum DatabaseOperation {
	ALL
	SELECT
	INSERT
	UPDATE
	DELETE
}

enum DatabaseType {
	POSTGRESQL
	MYSQL
}

type DatabaseVisibilitySettings {
	source: DatabaseVisibilitySource
	gcpPubSub: GCPPubSubLogConsumerSettings
}

input DatabaseVisibilitySettingsInput {
	source: DatabaseVisibilitySource
	gcpPubSub: GCPPubSubLogConsumerSettingsInput
}

enum DatabaseVisibilitySource {
	GCP_PUBSUB
}

type DefaultIntentsApprovalActionByEnv {
	environmentId: ID!
	action: AccessApprovalRulesetAction!
}

type DetectedCloudServer {
	cloudProvider: String!
	cloudService: String!
	region: String!
}

input DiscoveredIntentInput {
	discoveredAt: Time!
	intent: IntentInput!
}

input EBPFDiagnostics {
	containerImage: String
	executable: String
	executableHash: String
	programName: String
	podName: String
	podNamespace: String
}

type EdgeAccessStatus {
	useNetworkPoliciesInAccessGraphStates: Boolean!
	useIstioPoliciesInAccessGraphStates: Boolean!
	useLinkerdPoliciesInAccessGraphStates: Boolean!
	useKafkaPoliciesInAccessGraphStates: Boolean!
	verdict: EdgeAccessStatusVerdict!
	reason: EdgeAccessStatusReason!
	reasons: [EdgeAccessStatusReason!]!
}

enum EdgeAccessStatusReason {
	ALLOWED_BY_APPLIED_INTENTS
	ALLOWED_BY_APPLIED_INTENTS_OVERLY_PERMISSIVE
	ALLOWED_BY_APPLIED_INTENTS_HTTP_OVERLY_PERMISSIVE
	ALLOWED_BY_APPLIED_INTENTS_KAFKA_OVERLY_PERMISSIVE
	ALLOWED_BY_APPLIED_INTENTS_DATABASE_OVERLY_PERMISSIVE
	ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY
	ALLOWED_BY_INTERNET_EGRESS_NETWORK_POLICY
	ALLOWED_BY_INTERNET_INGRESS_NETWORK_POLICY
	WOULD_BE_ALLOWED_BY_EXTERNAL_TRAFFIC_NETWORK_POLICY
	BLOCKED_BY_APPLIED_INTENTS_UNDER_PERMISSIVE
	BLOCKED_BY_APPLIED_INTENTS_RESOURCE_MISMATCH
	BLOCKED_BY_APPLIED_INTENTS_HTTP_UNDER_PERMISSIVE
	BLOCKED_BY_APPLIED_INTENTS_HTTP_RESOURCE_MISMATCH
	BLOCKED_BY_APPLIED_INTENTS_KAFKA_UNDER_PERMISSIVE
	BLOCKED_BY_APPLIED_INTENTS_KAFKA_RESOURCE_MISMATCH
	BLOCKED_BY_KAFKA_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS
	BLOCKED_BY_APPLIED_INTENTS_DATABASE_UNDER_PERMISSIVE
	BLOCKED_BY_APPLIED_INTENTS_DATABASE_RESOURCE_MISMATCH
	BLOCKED_BY_DATABASE_ENFORCEMENT_CONFIG_MISSING_APPLIED_INTENTS
	BLOCKED_BY_INTERNET_EGRESS_NETWORK_POLICY
	BLOCKED_BY_INTERNET_INGRESS_NETWORK_POLICY
	BLOCKED_BY_DEFAULT_DENY
	SHARED_SERVICE_ACCOUNT
	CLIENT_ISTIO_SIDECAR_MISSING
	SERVER_ISTIO_SIDECAR_MISSING
	INTENTS_OPERATOR_NOT_ENFORCING
	INTENTS_OPERATOR_NOT_ENFORCING_MISSING_APPLIED_INTENT
	INTENTS_OPERATOR_NOT_ENFORCING_KAFKA_INTENTS_NOT_REQUIRED_FOR_TOPIC
	MISSING_APPLIED_INTENT
	MISSING_APPLIED_CLOUD_RESOURCE_INTENT
	NOT_IN_PROTECTED_SERVICES
	INTENTS_OPERATOR_NEVER_CONNECTED
	NETWORK_MAPPER_NEVER_CONNECTED
	INTERNET_ACCESS_STATUS_UNKNOWN
	NO_INTENTS_FOUND_OF_RELEVANT_TYPE
	IGNORED_IN_CALCULATION
	INTERNET_INTENTS_ENFORCEMENT_DISABLED
	BLOCKED_BY_DEFAULT_DENY_MISSING_EXTERNAL_TRAFFIC_POLICY
	BLOCKED_BY_APPLIED_INTENTS_MISSING_EXTERNAL_TRAFFIC_POLICY
	ALLOWED_BY_EXTERNALLY_MANAGED_NETWORK_POLICY
	ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY
	WOULD_BE_ALLOWED_BY_METRICS_COLLECTION_TRAFFIC_NETWORK_POLICY
}

enum EdgeAccessStatusVerdict {
	EXPLICITLY_ALLOWED
	IMPLICITLY_ALLOWED
	WOULD_BE_BLOCKED
	BLOCKED
	UNKNOWN
}

type EdgeAccessStatuses {
	networkPolicies: EdgeAccessStatus!
	kafkaACLs: EdgeAccessStatus!
	istioPolicies: EdgeAccessStatus!
	awsIam: EdgeAccessStatus!
	gcpIam: EdgeAccessStatus!
	azureIAM: EdgeAccessStatus!
	database: EdgeAccessStatus!
	linkerdPolicies: EdgeAccessStatus!
}

enum EligibleForMetricsCollectionReason {
	POD_ANNOTATIONS
	SERVICE_ANNOTATIONS
}

type Environment {
	id: ID!
	name: String!
	labels: [Label!]
	namespaces: [Namespace!]!
	serviceCount: Int!
	appliedIntentsCount: Int!
}

input Error {
	message: String!
	errorClass: String!
	cause: Error
	stack: [StackFrame]
	metadata: [MetadataEntry!]
}

enum EventType {
	INTENTS_DELETED
	INTENTS_APPLIED
	INTENTS_APPLIED_KAFKA
	INTENTS_APPLIED_HTTP
	INTENTS_APPLIED_DATABASE
	INTENTS_APPLIED_INTERNET
	INTENTS_DISCOVERED
	INTENTS_DISCOVERED_SOCKET_SCAN
	INTENTS_DISCOVERED_CAPTURE
	INTENTS_DISCOVERED_KAFKA
	INTENTS_DISCOVERED_ISTIO
	INTENTS_DISCOVERED_TCP
	MAPPER_EXPORT
	MAPPER_VISUALIZE
	KAFKA_SERVER_CONFIG_APPLIED
	KAFKA_SERVER_CONFIG_DELETED
	NETWORK_POLICIES_CREATED
	NETWORK_POLICIES_DELETED
	KAFKA_ACLS_CREATED
	KAFKA_ACLS_DELETED
	ISTIO_POLICIES_CREATED
	ISTIO_POLICIES_DELETED
	STARTED
	SERVICE_DISCOVERED
	NAMESPACE_DISCOVERED
	PROTECTED_SERVICE_APPLIED
	PROTECTED_SERVICE_DELETED
	ACTIVE
	EBPF_ATTACHED
	EBPF_ATTACH_FAILED
	EBPF_PROCESSING_ERROR
}

input ExternalTrafficDiscoveredIntentInput {
	discoveredAt: Time!
	intent: ExternalTrafficIntentInput!
}

input ExternalTrafficIntentInput {
	namespace: String!
	clientName: String!
	target: DNSIPPairInput!
	connectionsCount: ConnectionsCount
	ttl: Time
}

input ExternallyAccessibleServiceInput {
	namespace: String!
	serverName: String!
	serviceName: String
	referredByIngress: Boolean!
	hasInternetFacingAWSALBIngress: Boolean
	serviceType: KubernetesServiceType!
}

input ExternallyManagedPolicyWorkloadInput {
	name: String!
	namespace: String!
	kind: String!
}

type FeatureFlags {
	isCloudServicesDetectionEnabled: Boolean
	isCloudSecurityEnabled: Boolean
	useClientIntentsV2: Boolean
	enableFindingsV2: Boolean
	useTypedIntentsCTE: Boolean
	enableInternetIntentsSuggestions: Boolean
	enableIAMIntentsSuggestions: Boolean
	enableNetworkPoliciesInAccessGraph: Boolean
}

type Finding {
	hash: String!
	service: BasicEntity!
	serviceNamespace: BasicEntity
	server: BasicEntity!
	cluster: BasicEntity!
	intentsOperatorState: IntentsOperatorState
	clusterRelatedServices: [Service!]
	reason: String!
	status: FindingStatus!
	ignoredReason: String
	type: FindingType!
	controlId: RegulationCode!
}

enum FindingStatus {
	OPEN
	RESOLVED
	IGNORED
}

type FindingStatusHistory {
	timestamp: Time!
	status: FindingStatus!
	reason: String
}

type FindingSummary {
	standard: RegulationStandard!
	codeLabel: String!
	code: RegulationCode!
	severity: Severity!
	description: String!
	validationDescription: String
	clusterFindings: [ClusterFinding!]!
	serviceFindings: [ServiceFinding!]!
	clusterCount: Int!
	serviceCount: Int!
	requirements: [FindingSummary!]
}

type FindingSummaryResponse {
	findingSummaries: [FindingSummaryV2!]!
	timestamp: Time!
}

type FindingSummaryV2 {
	standard: RegulationStandard!
	code: RegulationCode!
	codeLabel: String!
	severity: Severity!
	description: String!
	validationDescription: String
	status: FindingStatus!
	ignoredReason: String
	workloadFindingsStatus: StatusSummary!
	clusterFindingStatus: StatusSummary!
	requirements: [FindingSummaryV2!]
	wasOpen: Boolean!
}

"""NEW findings"""
enum FindingType {
	SERVICE
	CLUSTER
}

"""The `Float` scalar type represents signed double-precision fractional values as specified by [IEEE 754](http://en.wikipedia.org/wiki/IEEE_floating_point)."""
scalar Float

type Fraction {
	numerator: Int!
	denominator: Int!
}

type GCPInfo {
	region: String!
	namespace: String!
	gcpProjectName: String!
	gkeClusterName: String!
}

input GCPInfoInput {
	region: String!
	namespace: String!
	clusterId: String!
	gcpProjectName: String!
	gkeClusterName: String!
}

type GCPPubSubLogConsumerSettings {
	projectId: String!
	topic: String!
}

input GCPPubSubLogConsumerSettingsInput {
	projectId: String!
	topic: String!
}

type GCPResource {
	resource: String!
}

type GitHubRepoFilterPair {
	filter: IntegrationAccessGraphFilter!
	repoInfo: GitHubRepoInfo!
}

input GitHubRepoFilterPairInput {
	filter: InputIntegrationAccessGraphFilter!
	repoInfo: GitHubRepoInfoInput!
}

type GitHubRepoInfo {
	repository: String!
	baseBranch: String!
	intentsPath: String!
	terraformPath: String
}

input GitHubRepoInfoInput {
	repository: String!
	baseBranch: String!
	intentsPath: String!
	terraformPath: String
}

type GitHubSettings {
	isActive: Boolean!
	repoFilterPairs: [GitHubRepoFilterPair!]!
	enableAutoMerge: Boolean!
}

input GitHubSettingsInput {
	isActive: Boolean!
	repoFilterPairs: [GitHubRepoFilterPairInput!]!
	enableAutoMerge: Boolean
}

type GitLabRepoFilterPair {
	filter: IntegrationAccessGraphFilter!
	repoInfo: GitLabRepoInfo!
}

input GitLabRepoFilterPairInput {
	filter: InputIntegrationAccessGraphFilter!
	repoInfo: GitLabRepoInfoInput!
}

type GitLabRepoInfo {
	projectPath: String!
	baseBranch: String!
	intentsPath: String!
}

input GitLabRepoInfoInput {
	projectPath: String!
	baseBranch: String!
	intentsPath: String!
	terraformPath: String
}

type GitLabSettings {
	isActive: Boolean!
	repoFilterPairs: [GitLabRepoFilterPair!]!
}

input GitLabSettingsInput {
	isActive: Boolean!
	repoFilterPairs: [GitLabRepoFilterPairInput!]!
}

type HTTPConfig {
	path: String!
	methods: [HTTPMethod!]
}

input HTTPConfigInput {
	path: String!
	methods: [HTTPMethod!]
}

enum HTTPMethod {
	GET
	POST
	PUT
	DELETE
	OPTIONS
	TRACE
	PATCH
	CONNECT
	ALL
}

"""The `ID` scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID."""
scalar ID

"""ID filters"""
enum IDFilterOperators {
	INCLUDE
	EXCLUDE
}

type IDFilterValue {
	include: [ID!]
	exclude: [ID!]
}

enum IPFamily {
	IPV4
	IPV6
	UNKNOWN
}

"""IP filters"""
type IPFilterValue {
	cidr: String!
	exclude: [String!]
}

input IncomingInternetSourceInput {
	ip: String!
}

input IncomingTrafficDiscoveredIntentInput {
	discoveredAt: Time!
	intent: IncomingTrafficIntentInput!
}

input IncomingTrafficIntentInput {
	serverName: String!
	namespace: String!
	source: IncomingInternetSourceInput!
	connectionsCount: ConnectionsCount
}

input IngressControllerConfigInput {
	name: String!
	namespace: String!
	kind: String!
}

"""Ruleset"""
input InputAccessApprovalRuleset {
"""Ruleset"""
	id: ID!
"""Ruleset"""
	order: Int!
"""Ruleset"""
	origin: InputAccessApprovalRulesetConfigFilter!
"""Ruleset"""
	target: InputAccessApprovalRulesetConfigFilter!
"""Ruleset"""
	action: AccessApprovalRulesetAction!
}

input InputAccessApprovalRulesetConfigFilter {
	clusterIds: InputIDFilterValue
	serviceIds: InputIDFilterValue
	namespaceIds: InputIDFilterValue
}

""" Ruleset filter """
input InputAccessApprovalRulesetFilter {
""" Ruleset filter """
	environmentIds: InputIDFilterValue
""" Ruleset filter """
	environmentNames: InputIDFilterValue
""" Ruleset filter """
	namespaceIds: InputIDFilterValue
""" Ruleset filter """
	clusterIds: InputIDFilterValue
""" Ruleset filter """
	serviceIds: InputIDFilterValue
""" Ruleset filter """
	actions: InputIDFilterValue
}

input InputAccessGraphFilter {
	clusterIds: InputIDFilterValue
	serviceIds: InputIDFilterValue
	namespaceIds: InputIDFilterValue
	environmentIds: InputIDFilterValue
	lastSeen: InputTimeFilterValue
	featureFlags: InputFeatureFlags
	includeOnlyClientsMatchingFilter: Boolean
	hits: InputNumericFilterValue
}

""" Access log filter """
input InputAccessLogFilter {
""" Access log filter """
	clusterIds: InputIDFilterValue
""" Access log filter """
	serviceIds: InputIDFilterValue
""" Access log filter """
	namespaceIds: InputIDFilterValue
""" Access log filter """
	environmentIds: InputIDFilterValue
""" Access log filter """
	timeRange: TimeRangeInput
""" Access log filter """
	featureFlags: InputFeatureFlags
""" Access log filter """
	pagination: PaginationInput
""" Access log filter """
	accessVerdicts: InputIDFilterValue
""" Access log filter """
	accessStatusReasons: InputIDFilterValue
}

""" Applied intents request filter """
input InputAppliedIntentsRequestFilter {
""" Applied intents request filter """
	requestIds: InputIDFilterValue
""" Applied intents request filter """
	clusterIds: InputIDFilterValue
""" Applied intents request filter """
	serviceIds: InputIDFilterValue
""" Applied intents request filter """
	namespaceIds: InputIDFilterValue
""" Applied intents request filter """
	environmentIds: InputIDFilterValue
""" Applied intents request filter """
	approvalStatuses: InputIDFilterValue
}

input InputAutoApproveMoreRestrictiveIntentsByEnv {
	environmentId: ID!
	enabled: Boolean!
}

input InputDefaultIntentsApprovalActionByEnv {
	environmentId: ID!
	action: AccessApprovalRulesetAction!
}

input InputFeatureFlags {
	isCloudServicesDetectionEnabled: Boolean
	isCloudSecurityEnabled: Boolean
	useClientIntentsV2: Boolean
	enableFindingsV2: Boolean
	useTypedIntentsCTE: Boolean
	enableInternetIntentsSuggestions: Boolean
	enableIAMIntentsSuggestions: Boolean
	enableNetworkPoliciesInAccessGraph: Boolean
}

""" Findings filter """
input InputFindingFilter {
""" Findings filter """
	severity: InputIDFilterValue
""" Findings filter """
	status: InputIDFilterValue
""" Findings filter """
	clusterIds: InputIDFilterValue
""" Findings filter """
	serviceIds: InputIDFilterValue
""" Findings filter """
	namespaceIds: InputIDFilterValue
""" Findings filter """
	regulationIds: InputIDFilterValue
""" Findings filter """
	environmentIds: InputIDFilterValue
""" Findings filter """
	findingTypes: InputIDFilterValue
""" Findings filter """
	hashes: InputIDFilterValue
}

input InputIDFilterValue {
	include: [ID!]
	exclude: [ID!]
}

input InputIntegrationAccessGraphFilter {
	environmentIds: [ID!]
	environmentFilterType: IDFilterOperators
	clusterIds: [ID!]
	clusterFilterType: IDFilterOperators
	namespaceIds: [ID!]
	namespaceFilterType: IDFilterOperators
	serviceIds: [ID!]
	serviceFilterType: IDFilterOperators
	targets: [IntentType!]
}

""" Network policies filter """
input InputNetworkPolicyFilter {
""" Network policies filter """
	search: String
""" Network policies filter """
	clusterIds: InputIDFilterValue
""" Network policies filter """
	namespaceIds: InputIDFilterValue
""" Network policies filter """
	environmentIds: InputIDFilterValue
""" Network policies filter """
	networkPolicyIds: InputIDFilterValue
""" Network policies filter """
	policyKinds: InputIDFilterValue
""" Network policies filter """
	since: InputTimeFilterValue
}

input InputNetworkPolicyHitsFilter {
	since: InputTimeFilterValue
}

input InputNumericFilterValue {
	value: Int!
	operator: NumericFilterOperators!
}

input InputOffsetPagination {
	page: Int
	size: Int
}

input InputResourceInventoryFilter {
	serviceIds: InputIDFilterValue
	environmentIds: InputIDFilterValue
}

""" Service filter """
input InputServiceFilter {
""" Service filter """
	search: String
""" Service filter """
	serviceType: InputIDFilterValue
""" Service filter """
	serviceIds: [ID!]
""" Service filter """
	clusterIds: [ID!]
""" Service filter """
	namespaceIds: [ID!]
""" Service filter """
	environmentIds: [ID!]
""" Service filter """
	integrationIds: [ID!]
}

input InputTerraformAwsInlinePolicyInfo {
	name: String!
	policy: String!
}

input InputTerraformAwsPolicyInfo {
	arn: String!
	policy: String!
	address: String!
}

input InputTerraformAwsRoleInfo {
	arn: String!
	address: String!
	inlinePolicy: [InputTerraformAwsInlinePolicyInfo!]
	attachedPolicies: [InputTerraformAwsPolicyInfo!]
}

input InputTerraformResourceInfo {
	modulePath: String!
	gitOriginUrl: String!
	gitCommitHash: String!
	awsRoles: [InputTerraformAwsRoleInfo!]
}

input InputTimeFilterValue {
	value: Time!
	operator: TimeFilterOperators!
}

input InputValidateIDFilter {
	clusterIds: InputIDFilterValue
	serviceIds: InputIDFilterValue
	namespaceIds: InputIDFilterValue
	environmentIds: InputIDFilterValue
}

""" Workload/Resource inventory filter """
input InputWorkloadInventoryFilter {
""" Workload/Resource inventory filter """
	clusterIds: InputIDFilterValue
""" Workload/Resource inventory filter """
	serviceIds: InputIDFilterValue
""" Workload/Resource inventory filter """
	namespaceIds: InputIDFilterValue
""" Workload/Resource inventory filter """
	environmentIds: InputIDFilterValue
}

"""The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1."""
scalar Int

input IntOrStringInput {
	isInt: Boolean!
	intVal: Int
	strVal: String
}

type Integration {
	id: ID!
	name: String!
	type: IntegrationType!
	credentials: IntegrationCredentials!
	components: IntegrationComponents
	defaultEnvironment: Environment
	cluster: Cluster
	databaseInfo: DatabaseInfo
	awsInfo: AWSInfo
	gcpInfo: GCPInfo
	azureInfo: AzureInfo
	gitHubSettings: GitHubSettings
	gitLabSettings: GitLabSettings
	slackSettings: SlackSettings
	awsVisibilitySettings: AWSVisibilitySettings
	siemSettings: SIEMSettings
	organizationId: String!
	status: IntegrationStatus
}

type IntegrationAccessGraphFilter {
	environmentIds: [ID!]
	environmentFilterType: IDFilterOperators
	clusterIds: [ID!]
	clusterFilterType: IDFilterOperators
	namespaceIds: [ID!]
	namespaceFilterType: IDFilterOperators
	serviceIds: [ID!]
	serviceFilterType: IDFilterOperators
	lastSeenAfter: Time
	targets: [IntentType!]
}

type IntegrationComponents {
	intentsOperator: IntentsOperatorComponent!
	credentialsOperator: CredentialsOperatorComponent!
	networkMapper: NetworkMapperComponent!
}

type IntegrationCredentials {
	clientId: String!
	clientSecret: String!
}

enum IntegrationState {
	SUCCESS
	FAILURE
	PENDING
	WARNING
	DISABLED
}

type IntegrationStatus {
	state: IntegrationState!
	message: String
	metadata: [IntegrationStatusMetadataItem!]
	lastSeen: Time
}

type IntegrationStatusMetadataItem {
	message: String!
	extra: [LabelValueTuple!]
}

enum IntegrationType {
	GENERIC
	KUBERNETES
	DATABASE
	AWS
	GCP
	GITHUB
	GITLAB
	AZURE
	SLACK
	AWS_VISIBILITY
	SIEM
}

type Intent {
	id: ID!
	server: Service!
	serverAlias: ServerAlias
	client: Service!
	type: IntentType
	kafkaTopics: [KafkaConfig!]
	httpResources: [HTTPConfig!]
	databaseResources: [DatabaseConfig!]
	awsRole: String
	awsActions: [String!]
	azureRoles: [String!]
	azureActions: [String!]
	azureDataActions: [String!]
	azureKeyVaultPolicy: AzureKeyVaultPolicy
	gcpPermissions: [String!]
	internet: InternetConfig
	status: IntentStatus
}

input IntentInput {
	namespace: String!
	clientName: String!
	clientResolutionData: String
	clientWorkloadKind: String
	clientNameResolvedUsingAnnotation: Boolean
	serverName: String!
	serverResolutionData: String
	serverWorkloadKind: String
	serverNameResolvedUsingAnnotation: Boolean
	serverAlias: ServerAliasInput
	serverNamespace: String
	type: IntentType
	topics: [KafkaConfigInput!]
	resources: [HTTPConfigInput!]
	databaseResources: [DatabaseConfigInput!]
	awsRole: String
	awsActions: [String!]
	azureRoles: [String!]
	azureActions: [String!]
	azureDataActions: [String!]
	azureKeyVaultPolicy: AzureKeyVaultPolicyInput
	gcpPermissions: [String!]
	internet: InternetConfigInput
	status: IntentStatusInput
	resolutionData: String
	connectionsCount: ConnectionsCount
}

input IntentRequestInput {
	resourceGeneration: IntentRequestResourceGeneration!
	intent: IntentInput!
}

input IntentRequestResourceGeneration {
	resourceId: String!
	generation: Int!
}

type IntentStatus {
	serviceAccountName: String!
	isServiceAccountShared: Boolean!
	isServerMissingSidecar: Boolean!
	isClientMissingSidecar: Boolean!
}

input IntentStatusInput {
	istioStatus: IstioStatusInput
}

enum IntentType {
	KUBERNETES
	HTTP
	KAFKA
	DATABASE
	AWS
	GCP
	AZURE
	S3
	INTERNET
}

type IntentsOperatorComponent {
	type: ComponentType!
	status: ComponentStatus!
	configuration: IntentsOperatorConfiguration
}

type IntentsOperatorConfiguration {
	globalEnforcementEnabled: Boolean!
	networkPolicyEnforcementEnabled: Boolean!
	kafkaACLEnforcementEnabled: Boolean!
	istioPolicyEnforcementEnabled: Boolean!
	linkerdPolicyEnforcementEnabled: Boolean!
	awsIAMPolicyEnforcementEnabled: Boolean!
	gcpIAMPolicyEnforcementEnabled: Boolean!
	azureIAMPolicyEnforcementEnabled: Boolean!
	databaseEnforcementEnabled: Boolean!
	strictModeEnabled: Boolean!
	protectedServicesEnabled: Boolean!
	protectedServices: [Service!]!
	egressNetworkPolicyEnforcementEnabled: Boolean!
	enforcedNamespaces: [String!]
	excludedStrictModeNamespaces: [String!]
}

input IntentsOperatorConfigurationInput {
	globalEnforcementEnabled: Boolean!
	networkPolicyEnforcementEnabled: Boolean
	kafkaACLEnforcementEnabled: Boolean
	istioPolicyEnforcementEnabled: Boolean
	linkerdPolicyEnforcementEnabled: Boolean
	protectedServicesEnabled: Boolean
	egressNetworkPolicyEnforcementEnabled: Boolean
	awsIAMPolicyEnforcementEnabled: Boolean
	gcpIAMPolicyEnforcementEnabled: Boolean
	azureIAMPolicyEnforcementEnabled: Boolean
	databaseEnforcementEnabled: Boolean
	strictModeEnabled: Boolean
	excludedStrictModeNamespaces: [String!]
	enforcedNamespaces: [String!]
	ingressControllerConfig: [IngressControllerConfigInput!]
	awsALBLoadBalancerExemptionEnabled: Boolean
	allowExternalTrafficPolicy: AllowExternalTrafficPolicy
	externallyManagedPolicyWorkloads: [ExternallyManagedPolicyWorkloadInput!]
	automateThirdPartyNetworkPolicies: AutomateThirdPartyNetworkPolicy
	prometheusServerConfigs: [PrometheusServerConfigInput!]
	automatedThirdPartyPolicyTypes: [AutomatedThirdPartyPolicyTypes!]
}

type IntentsOperatorState {
	globalEnforcementEnabled: Boolean!
	networkPolicyEnforcementEnabled: Boolean!
	egressNetworkPolicyEnforcementEnabled: Boolean!
}

type InternetConfig {
	appliedDomains: [String!]
	dnsName: String
	ips: [String!]
	ports: [Int!]
}

input InternetConfigInput {
	domains: [String!]
	discoveredTarget: DNSIPPairInput
	ips: [String!]
	ports: [Int!]
}

type Invite {
	id: ID!
	email: String!
	organization: Organization!
	organizationMembership: OrganizationMembership!
	inviter: User!
	created: Time!
	acceptedAt: Time
	status: InviteStatus!
}

input InviteOrgMembershipInput {
	inviteId: ID!
	membership: OrganizationMembershipInput!
}

enum InviteStatus {
	PENDING
	ACCEPTED
}

enum IpFamilyPolicy {
	SINGLE_STACK
	PREFER_DUAL_STACK
	REQUIRE_DUAL_STACK
}

input IstioStatusInput {
	serviceAccountName: String!
	isServiceAccountShared: Boolean!
	isServerMissingSidecar: Boolean!
	isClientMissingSidecar: Boolean!
}

input K8sIngressBackendInput {
	service: K8sIngressServiceBackendInput
	resource: K8sIngressResourceBackendInput
}

input K8sIngressHttpPathInput {
	path: String
	pathType: PathType
	backend: K8sIngressBackendInput!
}

input K8sIngressInput {
	namespace: String!
	name: String!
	ingress: K8sResourceIngressInput!
}

input K8sIngressResourceBackendInput {
	apiGroup: String
	kind: String!
	name: String!
}

input K8sIngressRuleInput {
	host: String
	httpPaths: [K8sIngressHttpPathInput!]
}

input K8sIngressServiceBackendInput {
	name: String!
	port: ServiceBackendPortInput!
}

input K8sIngressTLSInput {
	hosts: [String!]
	secretName: String
}

enum K8sPortProtocol {
	TCP
	UDP
	SCTP
}

input K8sResourceEligibleForMetricsCollectionInput {
	namespace: String!
	name: String!
	kind: String!
}

input K8sResourceIngressInput {
	spec: K8sResourceIngressSpecInput!
	status: K8sResourceIngressStatusInput
}

input K8sResourceIngressSpecInput {
	ingressClassName: String
	defaultBackend: K8sIngressBackendInput
	tls: [K8sIngressTLSInput!]
	rules: [K8sIngressRuleInput!]
}

input K8sResourceIngressStatusInput {
	loadBalancer: [K8sResourceLoadBalancerIngressInput!]
}

input K8sResourceLoadBalancerIngressInput {
	ip: String
	hostname: String
	ports: [PortStatusInput!]
}

input K8sResourceServiceInput {
	spec: K8sResourceServiceSpecInput!
	status: K8sResourceServiceStatusInput
}

input K8sResourceServiceLoadBalancerIngressInput {
	ip: String
	hostname: String
	ipMode: LoadBalancerIPMode
	ports: [PortStatusInput!]
}

input K8sResourceServiceLoadBalancerStatusInput {
	ingress: [K8sResourceServiceLoadBalancerIngressInput!]
}

input K8sResourceServiceSpecInput {
	ports: [K8sServicePort!]!
	selector: [SelectorKeyValueInput!]!
	clusterIP: String
	clusterIPs: [String!]
	type: K8sServiceType
	externalIPs: [String!]
	sessionAffinity: SessionAffinity
	loadBalancerIP: String
	loadBalancerSourceRanges: [String!]
	externalName: String
	externalTrafficPolicy: ServiceExternalTrafficPolicy
	healthCheckNodePort: Int
	publishNotReadyAddresses: Boolean
	sessionAffinityConfig: SessionAffinityConfig
	ipFamilies: [IPFamily!]
	ipFamilyPolicy: IpFamilyPolicy
	allocateLoadBalancerNodePorts: Boolean
	loadBalancerClass: String
	internalTrafficPolicy: ServiceInternalTrafficPolicy
}

input K8sResourceServiceStatusInput {
	loadBalancer: K8sResourceServiceLoadBalancerStatusInput
}

input K8sServiceInput {
	namespace: String!
	otterizeServer: String!
	resourceName: String!
	service: K8sResourceServiceInput!
}

input K8sServicePort {
	name: String
	protocol: K8sPortProtocol
	appProtocol: String
	port: Int!
	targetPort: IntOrStringInput
	nodePort: Int
}

enum K8sServiceType {
	CLUSTER_IP
	NODE_PORT
	LOAD_BALANCER
	EXTERNAL_NAME
}

input K8sWebhookServiceInput {
	otterizeName: String!
	serviceName: String!
	namespace: String!
	webhookName: String!
	webhookType: WebhookType!
}

type KafkaConfig {
	name: String!
	operations: [KafkaOperation!]
}

input KafkaConfigInput {
	name: String!
	operations: [KafkaOperation!]
}

enum KafkaOperation {
	ALL
	CONSUME
	PRODUCE
	CREATE
	ALTER
	DELETE
	DESCRIBE
	CLUSTER_ACTION
	DESCRIBE_CONFIGS
	ALTER_CONFIGS
	IDEMPOTENT_WRITE
}

type KafkaServerConfig {
	address: String
	topics: [KafkaTopic!]!
}

input KafkaServerConfigInput {
	name: String!
	namespace: String!
	address: String!
	topics: [KafkaTopicInput!]!
}

type KafkaTopic {
	clientIdentityRequired: Boolean!
	intentsRequired: Boolean!
	pattern: KafkaTopicPattern!
	topic: String!
}

input KafkaTopicInput {
	clientIdentityRequired: Boolean!
	intentsRequired: Boolean!
	pattern: KafkaTopicPattern!
	topic: String!
}

enum KafkaTopicPattern {
	LITERAL
	PREFIX
}

type KeyPair {
	keyPEM: String!
	caPEM: String!
	certPEM: String!
	rootCAPEM: String!
	expiresAt: Int!
}

input KeyValueInput {
	key: String!
	value: String
}

enum KubernetesServiceType {
	LOAD_BALANCER
	NODE_PORT
	CLUSTER_IP
	EXTERNAL_NAME
}

type Label {
	key: String!
	value: String
}

input LabelInput {
	key: String!
	value: String
}

type LabelValueTuple {
	label: String!
	value: String!
}

enum LoadBalancerIPMode {
	VIP
	PROXY
}

type Me {
"""The logged-in user details."""
	user: User!
"""The organizations to which the current logged-in user belongs."""
	organizations: [Organization!]!
"""The organizations to which the current logged-in user belongs."""
	userOrganizations: [UserOrganizationAssociation!]!
"""Organizations to which the current logged-in user may join."""
	invites: [Invite!]!
"""The organization under which the current user request acts.
This is selected by the X-Otterize-Organization header,
or, for users with a single organization, this is that single selected organization."""
	selectedOrganization: Organization!
"""The organization under which the current user request acts.
This is selected by the X-Otterize-Organization header,
or, for users with a single organization, this is that single selected organization."""
	selectedUserOrganization: UserOrganizationAssociation!
	selectedOrganizationRestrictionResources: OrganizationMembershipRestrictionResources
}

type MeMutation {
"""Register the user defined by the active session token into the otterize users store."""
	registerUser: Me!
}

type MergedYAMLFile {
	fileName: String!
	rows: [ClientIntentsRow!]!
	content: String!
}

input MetadataEntry {
	key: String!
	value: String!
}

type Mutation {
"""This is just a placeholder since currently GraphQL does not allow empty types"""
	dummy: Boolean
"""applied intents requests"""
	reportAppliedIntentsRequest(
		intents: [IntentRequestInput!]!
	): Boolean!
	updateIntentsApprovalStatus(
		id: ID!
		result: AppliedIntentsRequestApprovalData!
	): Boolean!
	syncPendingRequestStatuses(
		intentResourceGeneration: [IntentRequestResourceGeneration!]!
	): [AppliedIntentsRequestStatus!]!
"""rulesets"""
	saveAccessApprovalRulesets(
		environmentId: ID!
		rules: [InputAccessApprovalRuleset!]!
	): Boolean!
"""Register certificate-request details for kubernetes pod owner, returns the service associated with this pod owner"""
	registerKubernetesPodOwnerCertificateRequest(
		podOwner: NamespacedPodOwner!
		certificateCustomization: CertificateCustomization
	): Service!
"""Report active pod owners to the cloud, as a result the cloud removes certificate requests of inactive pod owners """
	reportActiveCertificateRequesters(
		activePodOwners: [NamespacedPodOwner!]!
	): Boolean!
"""Create cluster"""
	createCluster(
		name: String!
	): Cluster!
"""Delete cluster"""
	deleteCluster(
		id: ID!
	): ID!
"""Update cluster"""
	updateCluster(
		id: ID!
		name: String
		configuration: ClusterConfigurationInput
	): Cluster!
"""Register user-password request for a pod owner, returns the service associated with this pod owner"""
	registerKubernetesServiceUserAndPasswordRequest(
		podOwner: NamespacedPodOwner!
	): Service!
"""Create a new environment"""
	createEnvironment(
		name: String!
		labels: [LabelInput!]
	): Environment!
"""Update environment"""
	updateEnvironment(
		id: ID!
		name: String
		labels: [LabelInput!]
	): Environment!
"""Delete environment"""
	deleteEnvironment(
		id: ID!
	): ID!
"""Add label to environment"""
	addEnvironmentLabel(
		id: ID!
		label: LabelInput!
	): Environment!
"""Remove label from environment"""
	deleteEnvironmentLabel(
		id: ID!
		key: String!
	): Environment!
	sendErrors(
		component: Component
		errors: [Error!]!
	): Boolean!
	setFindingsIgnoredByHashes(
		hashes: [String!]!
		ignored: Boolean!
		reason: String
	): Boolean!
	setFindingsIgnoredByControlIds(
		controlIds: [RegulationCode!]!
		ignored: Boolean!
		reason: String
	): Boolean!
	createFindingsForOrg: Boolean!
"""Create a new generic integration"""
	createGenericIntegration(
		name: String!
	): Integration
	createDatabaseIntegration(
		name: String!
		databaseInfo: DatabaseInfoInput!
	): Integration
"""Create a new Kubernetes integration"""
	createKubernetesIntegration(
		environmentId: ID!
		name: String!
	): Integration
"""Create a new AWS integration"""
	createAWSIntegration(
		name: String!
		awsIntegration: AWSInfoInput!
	): Integration
"""Create a new Azure integration"""
	createAzureIntegration(
		name: String!
		azureIntegration: AzureInfoInput!
	): Integration
"""Update Azure integration"""
	updateAzureIntegration(
		id: ID!
		name: String
		azureIntegration: AzureInfoInput
	): Integration
"""Create a new GitHub integration"""
	createGitHubIntegration(
		name: String!
		gitHubSettings: GitHubSettingsInput!
	): CreateGitHubIntegrationResponse
"""Create a new GitLab integration"""
	createGitLabIntegration(
		name: String!
		gitLabSettings: GitLabSettingsInput!
	): CreateGitLabIntegrationResponse
"""Create a new Slack integration"""
	createSlackIntegration(
		name: String!
		slackSettings: SlackSettingsInput!
	): CreateSlackIntegrationResponse
"""Create a new SIEM integration"""
	createSIEMIntegration(
		name: String!
		siemSettings: SIEMSettingsInput!
	): CreateSIEMIntegrationResponse
"""Update SIEM integration"""
	updateSIEMIntegration(
		id: ID!
		name: String!
		siemSettings: SIEMSettingsInput!
	): Integration
"""Update a Slack integration"""
	updateSlackIntegration(
		id: ID!
		name: String!
		slackSettings: SlackSettingsInput!
	): Integration
"""Create a new AWS Visibility integration"""
	createAwsVisibilityIntegration(
		name: String!
		awsVisibilitySettings: AWSVisibilitySettingsInput!
	): Integration
"""Update an AWS Visibility integration"""
	updateAwsVisibilityIntegration(
		id: ID!
		name: String
		awsVisibilitySettings: AWSVisibilitySettingsInput
	): Integration
"""Create a new GCP integration"""
	createGCPIntegration(
		name: String!
		gcpIntegration: GCPInfoInput!
	): Integration
"""Update GitHub integration"""
	updateGitHubIntegration(
		id: ID!
		name: String!
		gitHubSettings: GitHubSettingsInput!
	): Integration
"""Update GitLab integration"""
	updateGitLabIntegration(
		id: ID!
		name: String!
		gitLabSettings: GitLabSettingsInput!
	): Integration
"""Update AWS integration"""
	updateAWSIntegration(
		id: ID!
		name: String
		environmentId: ID
		awsIntegration: AWSInfoInput
	): Integration
"""Update GCP integration"""
	updateGCPIntegration(
		id: ID!
		name: String
		gcpIntegration: GCPInfoInput
	): Integration
"""Update Generic integration"""
	updateGenericIntegration(
		id: ID!
		name: String
	): Integration
"""Update Kubernetes integration"""
	updateKubernetesIntegration(
		id: ID!
		environmentId: ID
		name: String
	): Integration
"""Update Database integration"""
	updateDatabaseIntegration(
		id: ID!
		name: String
		databaseInfo: DatabaseInfoInput
	): Integration
"""Delete integration"""
	deleteIntegration(
		id: ID!
	): ID!
"""Report integration components status"""
	reportIntegrationComponentStatus(
		component: ComponentType!
	): Boolean!
	reportIntentsOperatorConfiguration(
		configuration: IntentsOperatorConfigurationInput!
	): Boolean!
	reportDiscoveredIntents(
		intents: [DiscoveredIntentInput!]!
	): Boolean!
	reportExternalTrafficDiscoveredIntents(
		intents: [ExternalTrafficDiscoveredIntentInput!]!
	): Boolean!
	reportIncomingTrafficDiscoveredIntents(
		intents: [IncomingTrafficDiscoveredIntentInput!]!
	): Boolean!
	reportAppliedKubernetesIntents(
		namespace: String!
		intents: [IntentInput!]!
		ossClusterId: String
	): Boolean!
	reportExternallyAccessibleServices(
		namespace: String!
		services: [ExternallyAccessibleServiceInput!]!
	): Boolean!
	reportClientIntentStatus(
		statuses: [ClientIntentStatusInput!]!
	): Boolean!
	reportClientIntentEvent(
		events: [ClientIntentEventInput!]!
	): Boolean!
"""Create user invite"""
	createInvite(
		email: String!
		organizationMembership: OrganizationMembershipInput
	): Invite!
"""Delete user invite"""
	deleteInvite(
		id: ID!
	): ID!
"""Accept user invite"""
	acceptInvite(
		id: ID!
	): Invite!
	saveInviteOrgMemberships(
		memberships: [InviteOrgMembershipInput!]!
	): Boolean!
	reportK8sServices(
		namespace: String!
		services: [K8sServiceInput!]!
	): Boolean!
	reportK8sIngresses(
		namespace: String!
		ingresses: [K8sIngressInput!]!
	): Boolean!
	reportK8sResourceEligibleForMetricsCollection(
		namespace: String!
		reason: EligibleForMetricsCollectionReason!
		resources: [K8sResourceEligibleForMetricsCollectionInput!]!
	): Boolean!
	reportK8sWebhookServices(
		services: [K8sWebhookServiceInput!]!
	): Boolean!
	reportKafkaServerConfigs(
		namespace: String!
		serverConfigs: [KafkaServerConfigInput!]!
	): Boolean!
"""Operate on the current logged-in user"""
	me: MeMutation!
"""Associate namespace to environment"""
	associateNamespaceToEnv(
		id: ID!
		environmentId: ID
	): Namespace!
	reportNamespaceLabels(
		name: String!
		labels: [LabelInput!]
	): Boolean!
	reportNetworkPolicies(
		namespace: String
		networkPolicies: [NetworkPolicyInput!]
	): Boolean!
	computeNetworkPoliciesForOrg: Boolean!
"""Create a new organization"""
	createOrganization(
		name: String
	): Organization!
"""Update organization"""
	updateOrganization(
		id: ID!
		name: String
		imageURL: String
		settings: OrganizationSettingsInput
	): Organization!
	updateDomainsDefaultRole(
		defaultRole: AuthRole!
	): Organization!
"""Remove user from organization"""
	removeUserFromOrganization(
		id: ID!
		userId: ID!
	): ID!
	reportProtectedServicesSnapshot(
		namespace: String!
		services: [ProtectedServiceInput!]!
	): Boolean!
"""Update service"""
	updateService(
		id: ID!
		tags: [String!]
	): Service!
"""update service metadata from operator"""
	reportServiceMetadata(
		serviceMeta: ReportServiceMetadataInput!
	): Boolean!
"""update multiple service metadata from operator"""
	reportServicesMetadata(
		servicesMeta: [ReportServiceMetadataInput!]!
	): Boolean!
"""Bulk Update services"""
	addTagsToServices(
		ids: [ID!]!
		tags: [String!]!
	): [Service!]!
	sendTelemetries(
		telemetries: [TelemetryInput!]!
	): Boolean!
	sendCLITelemetries(
		telemetries: [CLITelemetry!]!
	): Boolean!
"""report terraform resources from Otterize CLI"""
	reportTerraformResources(
		resourceInfo: InputTerraformResourceInfo!
	): TerraformResourceInfo!
"""Update service"""
	reportTrafficLevels(
		trafficLevels: [TrafficLevelInput!]!
	): Boolean!
	saveOnboardingFeedback(
		userEmail: String!
		feedback: String!
	): Boolean!
	saveOrgMemberships(
		memberships: [UserOrgMembershipInput!]!
	): Boolean!
	createOrActivateTutorial(
		tutorialName: TutorialName!
	): Boolean!
	updateUserTutorialCluster(
		clusterId: ID!
		ifClusterNotExists: Boolean!
	): Boolean!
	resetUserTutorial(
		userTutorialId: ID!
	): Boolean!
	notifyUserTutorialEvent(
		userTutorialId: ID!
		event: TutorialEvent!
	): Boolean!
	notifyUserTutorialStepSeen(
		userTutorialId: ID!
		tutorialName: TutorialName!
		step: String!
	): Boolean!
}

type Namespace {
	id: ID!
	name: String!
	cluster: Cluster!
	environment: Environment!
	services: [Service!]!
	serviceCount: Int!
}

input NamespaceFilterInput {
	name: String
	clusterIds: [ID!]
	environmentIds: [ID!]
}

input NamespacedPodOwner {
	name: String!
	namespace: String!
}

type NetworkMapperComponent {
	type: ComponentType!
	status: ComponentStatus!
}

type NetworkPoliciesPage {
	data: [NetworkPolicy!]!
	meta: PaginationMeta
}

enum NetworkPoliciesStep {
"""Connect cluster"""
	CREATE_CLUSTER
	CONNECT_CLUSTER
"""Get to know your network map"""
	EXPLORE_NETWORK_MAP_ADD_NS_FILTER
	EXPLORE_NETWORK_MAP_ADD_SVC_FILTER
	EXPLORE_NETWORK_MAP_CLEAR_FILTERS
"""Declare intents"""
	DECLARE_INTENTS_CLICK_ON_SERVICE
	DECLARE_INTENTS_DOWNLOAD_YAML
	DECLARE_INTENTS_DO_APPLY
	COMPLETED
}

type NetworkPolicy {
	id: ID!
	name: String!
	kind: NetworkPolicyKind!
	cluster: Cluster!
	namespace: Namespace
	environment: Environment!
	hits: Int!
	allowedHits: Int!
	blockedHits: Int!
	workloads: [NetworkPolicyWorkload!]!
	workloadsAffected: Int!
	spec: String!
	lastUsed: Time
	metadata: NetworkPolicyMetadata
}

input NetworkPolicyInput {
	name: String!
	yaml: String!
}

enum NetworkPolicyKind {
	NETWORK_POLICY
	NETWORK_POLICY_MANAGED_BY_OTTERIZE
	CILIUM_NETWORK_POLICY
	CILIUM_CLUSTER_WIDE_NETWORK_POLICY
}

type NetworkPolicyMetadata {
	isEgress: Boolean!
	isIngress: Boolean!
	hasIpBlocks: Boolean!
}

enum NetworkPolicyScope {
	PRIMARY
	EGRESS
	INGRESS
}

type NetworkPolicyWorkload {
	scope: NetworkPolicyScope!
	service: Service!
}

"""Numeric filters"""
enum NumericFilterOperators {
	EQUAL
	NOT_EQUAL
	GREATER_THAN
	GREATER_THAN_OR_EQUAL
	LESS_THAN
	LESS_THAN_OR_EQUAL
}

type NumericFilterValue {
	value: Int!
	operator: NumericFilterOperators!
}

type Organization {
	id: ID!
	name: String!
	uniqueName: String!
	imageURL: String
	settings: OrganizationSettings!
	created: Time!
}

type OrganizationMembership {
	organizationId: ID!
	role: AuthRole!
	restrictions: OrganizationMembershipRestrictions
	restrictionResources: OrganizationMembershipRestrictionResources
}

input OrganizationMembershipInput {
	role: AuthRole!
	restrictions: OrganizationMembershipRestrictionsInput
}

type OrganizationMembershipRestrictionResources {
	clusters: [Cluster!]!
	services: [Service!]!
	namespaces: [Namespace!]!
	environments: [Environment!]!
}

type OrganizationMembershipRestrictions {
	clusterIds: IDFilterValue
	serviceIds: IDFilterValue
	namespaceIds: IDFilterValue
	environmentIds: IDFilterValue
}

input OrganizationMembershipRestrictionsInput {
	clusterIds: InputIDFilterValue
	serviceIds: InputIDFilterValue
	namespaceIds: InputIDFilterValue
	environmentIds: InputIDFilterValue
}

type OrganizationSettings {
	domains: [String!]
	enforcedRegulations: [String!]
	ignoredCloudDomains: [String!]
	defaultIntentsApprovalActionByEnv: [DefaultIntentsApprovalActionByEnv!]!
	ignoreInternetIntents: Boolean
	domainsDefaultRole: AuthRole!
	defaultInviteMembership: OrganizationMembership!
	autoApproveMoreRestrictiveIntentsByEnv: [AutoApproveMoreRestrictiveIntentsByEnv!]!
}

input OrganizationSettingsInput {
	domains: [String!]
	enforcedRegulations: [String]
	ignoredCloudDomains: [String!]
	defaultIntentsApprovalActionByEnv: [InputDefaultIntentsApprovalActionByEnv!]
	ignoreInternetIntents: Boolean
	defaultInviteMembership: OrganizationMembershipInput
	autoApproveMoreRestrictiveIntentsByEnv: [InputAutoApproveMoreRestrictiveIntentsByEnv!]
}

input PaginationInput {
	offset: Int
	limit: Int
}

""" Pagination types """
type PaginationMeta {
	total: Int
}

enum PathType {
	IMPLEMENTATION_SPECIFIC
	PREFIX
	EXACT
}

input PortStatusInput {
	port: Int!
	protocol: K8sPortProtocol!
	error: String
}

input PrometheusServerConfigInput {
	name: String!
	namespace: String!
	kind: String!
}

input ProtectedServiceInput {
	name: String!
}

type Query {
"""This is just a placeholder since currently GraphQL does not allow empty types"""
	dummy: Boolean
"""Get access graph"""
	accessGraph(
		filter: InputAccessGraphFilter
	): AccessGraph!
	accessGraphServices(
		filter: InputAccessGraphFilter
	): [Service!]!
	serviceAccessGraph(
		id: ID!
	): ServiceAccessGraph!
""" Get service ClientIntents """
	serviceClientIntents(
		id: ID!
		asServiceId: ID
		lastSeenAfter: Time
		clusterIds: [ID!]
		enableInternetIntents: Boolean
		featureFlags: InputFeatureFlags
	): ServiceClientIntents!
""" Get service ClientIntents by filter """
	clientIntents(
		filter: InputServiceFilter!
		lastSeenAfter: Time
		clusterIds: [ID!]
		featureFlags: InputFeatureFlags
	): [ClientIntentsFileRepresentation!]!
""" Get service incoming internet connections """
	serviceIncomingInternetConnections(
		targetServiceId: ID!
		lastSeenAfter: Time!
	): [String!]!
	edgeNetworkPolicies(
		clientServiceId: ID!
		serverServiceId: ID!
	): [NetworkPolicy!]!
""" Get edge connections count """
	edgeConnectionsCount(
		clientId: ID!
		serverId: ID!
		lastSeenAfter: Time!
	): Int!
"""Get access log"""
	accessLog(
		filter: InputAccessLogFilter
	): AccessLog!
"""applied intents requests"""
	appliedIntentsRequestStatus(
		filter: InputAppliedIntentsRequestFilter
	): [AppliedIntentsRequestStatus!]!
	appliedIntentsRequestWithDetails(
		id: ID!
		featureFlags: InputFeatureFlags
	): AppliedIntentsRequestWithDetails!
"""rulesets"""
	accessApprovalRulesetSummary: [AccessApprovalRulesetSummary!]!
	accessApprovalRulesetList(
		filter: InputAccessApprovalRulesetFilter
	): RulesetsWithResources!
"""Get cluster"""
	cluster(
		id: ID!
	): Cluster!
"""List clusters"""
	clusters(
		name: String
	): [Cluster!]!
"""Get cluster by filters"""
	oneCluster(
		name: String!
	): Cluster
"""Get environment"""
	environment(
		id: ID!
	): Environment!
"""List environments"""
	environments(
		name: String
		labels: [LabelInput!]
	): [Environment!]!
"""Get environment by filters"""
	oneEnvironment(
		name: String!
	): Environment!
"""Validate existing ID filters and return valid filters"""
	validateFilters(
		filter: InputValidateIDFilter!
	): ValidIDFilter!
	findings(
		filter: InputFindingFilter
		tree: Boolean
	): [FindingSummary!]!
	dashboard(
		filter: InputFindingFilter
		tree: Boolean
	): Dashboard!
"""NEW findings"""
	findingSummary(
		filter: InputFindingFilter
	): FindingSummaryResponse!
	findingsV2(
		filter: InputFindingFilter
	): [Finding!]!
	findingStatusHistory(
		hash: String!
	): [FindingStatusHistory!]!
	findingSummaryStatusHistory(
		leafControlIDs: [RegulationCode!]!
	): [FindingStatusHistory!]!
	dashboardV2(
		filter: InputFindingFilter
	): DashboardV2!
"""List integrations"""
	integrations(
		name: String
		integrationType: IntegrationType
		environmentId: ID
		clusterId: ID
	): [Integration!]!
"""Get integration"""
	integration(
		id: ID!
	): Integration!
"""Get integration by filters"""
	oneIntegration(
		integrationType: IntegrationType
		environmentId: ID
		clusterId: ID
		name: String
	): Integration!
"""Test database visibility connectivity"""
	testDatabaseVisibilityConnection(
		databaseInfo: DatabaseInfoInput!
	): TestDatabaseConnectionResponse!
"""List user invites"""
	invites(
		email: String
		status: InviteStatus
	): [Invite!]!
"""Get user invite"""
	invite(
		id: ID!
	): Invite!
"""Get one user invite"""
	oneInvite(
		email: String
		status: InviteStatus
	): Invite!
"""Get information regarding the current logged-in user"""
	me: Me!
"""Get namespace"""
	namespace(
		id: ID!
	): Namespace!
"""List namespaces"""
	namespaces(
		environmentId: ID
		clusterId: ID
		name: String
		filter: NamespaceFilterInput
	): [Namespace!]!
"""Get one namespace"""
	oneNamespace(
		environmentId: ID
		clusterId: ID
		name: String
	): Namespace!
	networkPolicy(
		id: ID!
		filter: InputNetworkPolicyHitsFilter
	): NetworkPolicy
	networkPolicies(
		filter: InputNetworkPolicyFilter
		pagination: InputOffsetPagination
	): NetworkPoliciesPage
"""List organizations"""
	organizations: [Organization!]!
"""Get organization"""
	organization(
		id: ID!
	): Organization!
"""Checks the availability of the API server"""
	ping: Boolean!
	regulations: [Regulation!]!
	resources(
		filter: InputResourceInventoryFilter
	): [Resource!]!
"""Get service"""
	service(
		id: ID!
	): Service!
	tagOptions: [String!]
"""List services"""
	services(
		environmentId: ID
		namespaceId: ID
		name: String
		filter: InputServiceFilter
		featureFlags: InputFeatureFlags
	): [Service!]!
"""Paginate services"""
	paginateServices(
		filter: InputServiceFilter
		pagination: PaginationInput
		featureFlags: InputFeatureFlags
	): ServicesResponse!
"""Get service by filters"""
	oneService(
		environmentId: ID
		namespaceId: ID
		name: String
	): Service
"""Get service by kubernetes identity"""
	serviceByIdentity(
		identity: ServiceIdentityInput!
	): Service!
"""get terraform resource by git identity"""
	terraformResourceByIdentity(
		modulePath: String!
		gitOriginUrl: String!
		gitCommitHash: String!
	): TerraformResourceInfo!
"""List users"""
	users: [User!]!
	orgUsers: [UserOrganizationAssociation!]!
"""Get user"""
	user(
		id: ID!
	): User!
	workloads(
		filter: InputWorkloadInventoryFilter
	): [Workload!]!
}

type Regulation {
	code: RegulationCode!
	standard: RegulationStandard!
	enforced: Boolean!
	requirements: [Regulation!]
	label: String!
	description: String!
	validationDescription: String
}

enum RegulationCode {
	PCI_4_0
	PCI_4_0_1_1
	PCI_4_0_1_1_2
	PCI_4_0_1_1_4
	PCI_4_0_1_1_6
	PCI_4_0_1_2
	PCI_4_0_1_2_1
	PCI_4_0_1_3
	PCI_4_0_1_3_4
	PCI_4_0_1_3_6
	PCI_4_0_7_1
	PCI_4_0_7_2
	PCI_4_0_8_7
	ZERO_TRUST
	ZERO_TRUST_SENSITIVE
	ZERO_TRUST_DEFAULT_DENY
	ZERO_TRUST_EGRESS_ACCESS_COVERED
	ZERO_TRUST_EXTERNAL_INGRESS_TAGGED
	ZERO_TRUST_ALL_INTRA_CLUSTER_ACCESS_COVERED
	THREAT_INTELLIGENCE
"""Detect known IOCs (IPs, domain names) against ingress and egress Internet traffic"""
	THREAT_INTELLIGENCE_KNOWN_IOCS
}

enum RegulationStandard {
	PCI_4_0
	PII
	HIPAA
	ZERO_TRUST
	THREAT_INTELLIGENCE
}

input ReportServiceMetadataInput {
	identity: ServiceIdentityInput!
	metadata: ServiceMetadataInput!
}

type Resource {
	id: ID!
	service: Service!
	types: [ServiceType!]!
	inboundStatus: ServerProtectionStatusVerdict!
}

enum RowDiff {
	ADDED
	REMOVED
	STRICT_MODE_WARNING
}

type RulesetsWithResources {
	rulesets: [AccessApprovalRuleset!]!
	resources: AccessApprovalRulesetResources!
}

type SIEMIntegrationTrigger {
	isActive: Boolean!
}

input SIEMIntegrationTriggerInput {
	isActive: Boolean!
}

type SIEMSettings {
	isActive: Boolean!
	syslogHostname: String!
	syslogPort: Int!
	syslogFacility: Int!
	tlsConfiguration: TLSConfiguration
	serviceTriggers: [SIEMTrigger!]!
	findingTriggers: [SIEMTrigger!]!
	integrationTriggers: SIEMIntegrationTrigger!
}

input SIEMSettingsInput {
	isActive: Boolean!
	syslogHostname: String!
	syslogPort: Int!
	syslogFacility: Int!
	tlsConfiguration: TLSConfigurationInput
	serviceTriggers: [SIEMTriggerInput!]!
	findingTriggers: [SIEMTriggerInput!]!
	integrationTriggers: SIEMIntegrationTriggerInput!
}

type SIEMTrigger {
	filter: IntegrationAccessGraphFilter!
}

input SIEMTriggerInput {
	filter: InputIntegrationAccessGraphFilter!
}

input SelectorKeyValueInput {
	key: String
	value: String
}

type ServerAlias {
	name: String!
	kind: String
}

input ServerAliasInput {
	name: String!
	kind: String
}

type ServerBlockingStatus {
	verdict: ServerBlockingStatusVerdict!
	reason: ServerBlockingStatusReason!
}

enum ServerBlockingStatusReason {
	INTENTS_OPERATOR_NEVER_CONNECTED
	NETWORK_MAPPER_NEVER_CONNECTED
	INTENTS_IMPLICITLY_ALLOWED
	ALL_INTENTS_APPLIED
	MISSING_APPLIED_INTENTS
	INTENTS_OPERATOR_NOT_ENFORCING
}

enum ServerBlockingStatusVerdict {
	UNKNOWN
	NOT_BLOCKING
	WOULD_BLOCK
	BLOCKING
}

type ServerProtectionStatus {
	verdict: ServerProtectionStatusVerdict!
	reason: ServerProtectionStatusReason!
}

enum ServerProtectionStatusReason {
	INTENTS_OPERATOR_NEVER_CONNECTED
	INTENTS_OPERATOR_NOT_ENFORCING
	SERVER_HAS_NO_NETWORK_POLICY
	SERVER_HAS_NO_ISTIO_POLICY
	SERVER_HAS_NO_ISTIO_SIDECAR
	PROTECTED_BY_DEFAULT_DENY
	PROTECTED_BY_SERVER_NETWORK_POLICY
	PROTECTED_BY_SERVER_ISTIO_POLICY
	PROTECTED_BY_KAFKA_IDENTITY_REQUIRED_NO_INTENTS_REQUIRED
	PROTECTED_BY_KAFKA_INTENTS_REQUIRED
	SERVER_HAS_KAFKASERVERCONFIG_NO_ENFORCEMENT
	SERVER_HAS_NO_KAFKA_SERVER_CONFIG
	IGNORED_IN_CALCULATION
	PROTECTED_BY_DATABASE_INTEGRATION
	PROTECTED_BY_AWS_IAM_INTEGRATION
	PROTECTED_BY_INTERNET_INTENTS
	SERVER_EXTERNAL_ACCESS_POLICY_CREATED
	EXTERNALLY_MANAGED_POLICY_WORKLOAD
}

enum ServerProtectionStatusVerdict {
	UNKNOWN
	UNPROTECTED
	PROTECTED
}

type ServerProtectionStatuses {
	networkPolicies: ServerProtectionStatus!
	kafkaACLs: ServerProtectionStatus!
	istioPolicies: ServerProtectionStatus!
}

type Service {
	id: ID!
	name: String!
	tags: [String!]
	cloudIam: CloudIam
	workloadKind: String
	aliases: [ServerAlias!]
	namespace: Namespace
	environment: Environment!
	networkPolicies: [NetworkPolicy!]
"""If service is Kafka, its KafkaServerConfig."""
	kafkaServerConfig: KafkaServerConfig
	certificateInformation: CertificateInformation
	serviceAccount: String
	awsResource: AWSResource
	gcpResource: GCPResource
	azureResource: AzureResource
	discoveredByIntegration: Integration
	detectedCloudServer: DetectedCloudServer
	awsVisibility: AWSVisibility
	databaseIntegration: Integration
	tlsKeyPair: KeyPair!
}

type ServiceAccessGraph {
	service: Service!
	types: [ServiceType!]!
	accessStatus: ServiceAccessStatus!
	calls: [AccessGraphEdge!]!
	serves: [AccessGraphEdge!]!
}

type ServiceAccessStatus {
	useNetworkPoliciesInAccessGraphStates: Boolean!
	useKafkaACLsInAccessGraphStates: Boolean!
	useIstioPoliciesInAccessGraphStates: Boolean!
	useLinkerdPoliciesInAccessGraphStates: Boolean!
	protectionStatus: ServerProtectionStatus!
	protectionStatuses: ServerProtectionStatuses!
	blockingStatus: ServerBlockingStatus!
	hasAppliedIntents: Boolean!
}

input ServiceBackendPortInput {
	name: String
	number: Int
}

type ServiceClientIntents {
	asClient: ClientIntentsFiles
	asServer: ClientIntentsFiles
	asClientStatus: ClientIntentAccessStatus
	asServerStatus: ClientIntentAccessStatus
	appliedIntentStatus: ClientIntentStatus
	appliedIntentEvents: [ClientIntentEvent!]
}

enum ServiceExternalTrafficPolicy {
	CLUSTER
	LOCAL
}

type ServiceFinding {
	service: Service!
	reason: String!
	reasonId: String!
	callsFindings: [AccessGraphEdge!]
}

input ServiceIdentityInput {
	name: String!
	namespace: String!
	kind: String!
	nameResolvedUsingAnnotation: Boolean
}

enum ServiceInternalTrafficPolicy {
	CLUSTER
	LOCAL
}

input ServiceMetadataInput {
	tags: [String!]
	awsRoles: [String!]
	labels: [LabelInput!]
	podIps: [String!]
	serviceIps: [String!]
}

enum ServiceType {
	NODE_GROUP
	PREFIX_GROUP
	KUBERNETES
	KAFKA
	AWS
	GCP
	AZURE
	DATABASE
	INTERNET
	DATABASE_USER
	KUBERNETES_LOAD_BALANCER
	AWS_VISIBILITY_EKS
	DETECTED_CLOUD_SERVER
	CONTROL_PLANE
}

type ServicesResponse {
	data: [Service!]!
	meta: PaginationMeta
}

enum SessionAffinity {
	CLIENT_IP
	NONE
}

input SessionAffinityConfig {
	clientIP: ClientIPConfig
}

enum Severity {
	CRITICAL
	HIGH
	MEDIUM
	LOW
	INFORMATIONAL
}

type SlackChannelInfo {
	channelName: String!
}

type SlackChannelIntegrationAlerts {
	channelInfo: SlackChannelInfo!
}

input SlackChannelIntegrationAlertsInput {
	channelInfo: ChannelInfoInput!
}

type SlackFilterPair {
	filter: IntegrationAccessGraphFilter!
	channelInfo: SlackChannelInfo!
}

input SlackFilterPairInput {
	filter: InputIntegrationAccessGraphFilter
	channelInfo: ChannelInfoInput!
}

type SlackSettings {
	isActive: Boolean!
	channelFilterPairs: [SlackFilterPair!]!
	channelIntegrationAlerts: [SlackChannelIntegrationAlerts!]
}

input SlackSettingsInput {
	isActive: Boolean!
	channelFilterPairs: [SlackFilterPairInput!]!
	channelIntegrationAlerts: [SlackChannelIntegrationAlertsInput!]
}

input StackFrame {
	file: String!
	lineNumber: Int!
	name: String!
	package: String!
}

type StatusSummary {
	openCount: Int!
	resolvedCount: Int!
	ignoredCount: Int!
	totalCount: Int!
	status: FindingStatus!
}

"""The `String`scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text."""
scalar String

type TLSConfiguration {
	caCertificate: String
	certificate: String
}

input TLSConfigurationInput {
	caCertificate: String
	certificate: String
	key: String
}

enum TelemetryComponentType {
	INTENTS_OPERATOR
	CREDENTIALS_OPERATOR
	NETWORK_MAPPER
	CLI
	NODE_AGENT
}

input TelemetryData {
	eventType: EventType!
	count: Int
	error: String
	ebpf: EBPFDiagnostics
}

input TelemetryInput {
	component: Component!
	data: TelemetryData!
}

type TerraformAwsInlinePolicyInfo {
	name: String!
	policy: String!
}

type TerraformAwsPolicyInfo {
	arn: String!
	policy: String!
	address: String!
}

type TerraformAwsRoleInfo {
	arn: String!
	address: String!
	inlinePolicy: [TerraformAwsInlinePolicyInfo!]
	attachedPolicies: [TerraformAwsPolicyInfo!]
}

type TerraformResourceInfo {
	modulePath: String!
	gitPlatform: String!
	gitOrigin: String!
	gitCommitHash: String!
	awsRoles: [TerraformAwsRoleInfo!]
}

type TestDatabaseConnectionResponse {
	success: Boolean!
	errorMessage: String!
}

scalar Time

"""Time filters"""
enum TimeFilterOperators {
	AFTER
}

type TimeFilterValue {
	value: Time!
	operator: TimeFilterOperators!
}

type TimeRange {
	from: Time
	to: Time
}

input TimeRangeInput {
	from: Time
	to: Time
}

type TrafficLevel {
	dataBytesPerSecond: Int!
	flowsCountPerSecond: Int!
	lastReportedAt: Time!
}

input TrafficLevelInput {
	clientName: String!
	clientNamespace: String!
	serverName: String!
	serverNamespace: String!
	dataBytesPerSecond: Int!
	flowsCountPerSecond: Int!
}

enum TutorialEvent {
	CLUSTER_CREATED
	CLUSTER_CONNECTED
	NS_FILTER_CLICKED
	SVC_FILTER_CLICKED
	FILTER_CLEARED
	SERVICE_CLICKED
	YAML_DOWNLOADED
	INTENTS_APPLIED
	TUTORIAL_COMPLETED
	S3_BUCKET_CREATED
	AWS_IAM_INTEGRATION_CREATED
	SERVICE_DEPLOYED
	LOGS_VIEWED
	SERVER_POD_LABELED
	AWS_IAM_ROLE_LIST_QUERIED
	K8S_SERVICE_ACCOUNT_QUERIED
	AWS_IAM_INTENTS_APPLIED
	S3_BUCKET_CONTENT_QUERIED
}

enum TutorialName {
	NETWORK_POLICIES
	AWS_IAM
	GCP_IAM
	AZURE_IAM
	POSTGRESQL
	MYSQL
	ISTIO_AUTH_POLICY_AUTOMATION
	KAFKA_ACCESS_AUTOMATE_OTTERIZE_CLOUD
}

type User {
	id: ID!
	email: String!
	name: String!
	imageURL: String!
	authProviderUserId: String!
	tutorials: [UserTutorial!]
	activeTutorial: UserTutorial!
	awsCustomer: AWSCustomer
}

enum UserErrorType {
	UNAUTHENTICATED
	NOT_FOUND
	INTERNAL_SERVER_ERROR
	BAD_REQUEST
	FORBIDDEN
	CONFLICT
	BAD_USER_INPUT
	APPLIED_INTENTS_ERROR
	TIMEOUT
}

input UserOrgMembershipInput {
	userId: ID!
	membership: OrganizationMembershipInput!
}

type UserOrganizationAssociation {
	org: Organization!
	user: User!
	membership: OrganizationMembership!
}

type UserTutorial {
	id: ID!
	userId: ID!
	clusterId: ID!
	clusterName: String!
	name: TutorialName!
	isActive: Boolean!
	isCompleted: Boolean!
	step: String!
	stepSeen: String!
}

""" Used to validate ID based filters """
type ValidIDFilter {
	clusterIds: IDFilterValue
	serviceIds: IDFilterValue
	namespaceIds: IDFilterValue
	regulationIds: IDFilterValue
	environmentIds: IDFilterValue
}

enum WebhookType {
	VALIDATING_WEBHOOK
	MUTATING_WEBHOOK
	CONVERSION_WEBHOOK
}

type Workload {
	id: ID!
	service: Service!
	types: [ServiceType!]!
	inboundStatus: ServerProtectionStatusVerdict!
	outboundStatus: EdgeAccessStatusVerdict!
}

enum WorkloadTag {
	PCI
	PII
	HIPAA
	Sensitive
	External
}