otterize
diff --git a/‎src/mapper/pkg/cloudclient/generated.go‎
Lines changed: 18 additions & 11 deletions b/‎src/mapper/pkg/cloudclient/generated.go‎
Lines changed: 18 additions & 11 deletions
diff --git a/‎src/mapper/pkg/cloudclient/schema.graphql‎
Lines changed: 52 additions & 7 deletions b/‎src/mapper/pkg/cloudclient/schema.graphql‎
Lines changed: 52 additions & 7 deletions
diff --git a/‎src/mapper/pkg/clouduploader/cloud_upload.go‎
Lines changed: 4 additions & 0 deletions b/‎src/mapper/pkg/clouduploader/cloud_upload.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎…tsstore/concurrent_connection_counter.go‎ ‎…counter/concurrent_connection_counter.go‎src/mapper/pkg/intentsstore/concurrent_connection_counter.go renamed to src/mapper/pkg/concurrentconnectioncounter/concurrent_connection_counter.go
Lines changed: 12 additions & 24 deletions b/‎…tsstore/concurrent_connection_counter.go‎ ‎…counter/concurrent_connection_counter.go‎src/mapper/pkg/intentsstore/concurrent_connection_counter.go renamed to src/mapper/pkg/concurrentconnectioncounter/concurrent_connection_counter.go
Lines changed: 12 additions & 24 deletions
@@ -32,10 +32,21 @@ directive @include(
 	if: Boolean!
 ) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT
 
+"""@noRole indicates that the specified query / mutation / subscription can be executed regardless of the user's roles.
+This practically means that the query will not allow accessing any org-specific data."""
+directive @noRole on FIELD_DEFINITION
+
 """@noauth indicates that the specified query / mutation / subscription can be executed anonymously without
+user authentication, meaning anyone and everyone can execute it. USE WITH CAUTION.
 user authentication, meaning anyone and everyone can execute it. USE WITH CAUTION."""
 directive @noauth on FIELD_DEFINITION
 
+"""@requiresRole indicates that the specified query / mutation / subscription requires any of the provided roles to be executed.
+Users without any of the specified roles will not be able to execute the query / mutation / subscription."""
+directive @requiresRole(
+	roles: [AuthRole!]!
+) on FIELD_DEFINITION
+
 directive @restApiField(
 	action: ApiFieldAction
 ) on FIELD_DEFINITION
@@ -275,6 +286,11 @@ type AppliedIntentsRequestWithDetails {
 	clientIntents: ClientIntentsFileRepresentation!
 }
 
+enum AuthRole {
+	ADMIN
+	VIEWER
+}
+
 enum AutomateThirdPartyNetworkPolicy {
 	OFF
 	ALWAYS
@@ -823,6 +839,7 @@ input ExternalTrafficIntentInput {
 	namespace: String!
 	clientName: String!
 	target: DNSIPPairInput!
+	connectionsCount: ConnectionsCount
 }
 
 input ExternallyAccessibleServiceInput {
@@ -1216,6 +1233,7 @@ input InputIntegrationAccessGraphFilter {
 	namespaceFilterType: IDFilterOperators
 	serviceIds: [ID!]
 	serviceFilterType: IDFilterOperators
+	targets: [IntentType!]
 }
 
 """ Network policies filter """
@@ -1341,6 +1359,7 @@ type IntegrationAccessGraphFilter {
 	serviceIds: [ID!]
 	serviceFilterType: IDFilterOperators
 	lastSeenAfter: Time
+	targets: [IntentType!]
 }
 
 type IntegrationComponents {
@@ -1458,6 +1477,7 @@ input IntentStatusInput {
 }
 
 enum IntentType {
+	KUBERNETES
 	HTTP
 	KAFKA
 	DATABASE
@@ -1535,6 +1555,7 @@ type Invite {
 	id: ID!
 	email: String!
 	organization: Organization!
+	organizationMembership: OrganizationMembership!
 	inviter: User!
 	created: Time!
 	acceptedAt: Time
@@ -2052,6 +2073,7 @@ type Mutation {
 """Create user invite"""
 	createInvite(
 		email: String!
+		organizationMembership: OrganizationMembershipInput
 	): Invite!
 """Delete user invite"""
 	deleteInvite(
@@ -2105,7 +2127,7 @@ type Mutation {
 		settings: OrganizationSettingsInput
 	): Organization!
 	updateDomainsDefaultRole(
-		defaultRole: OrgMembershipRole!
+		defaultRole: AuthRole!
 	): Organization!
 """Remove user from organization"""
 	removeUserFromOrganization(
@@ -2235,6 +2257,7 @@ input NetworkPolicyInput {
 enum NetworkPolicyKind {
 	NETWORK_POLICY
 	CILIUM_NETWORK_POLICY
+	CILIUM_CLUSTER_WIDE_NETWORK_POLICY
 }
 
 enum NetworkPolicyScope {
@@ -2248,11 +2271,6 @@ type NetworkPolicyWorkload {
 	service: Service!
 }
 
-enum OrgMembershipRole {
-	ADMIN
-	VIEWER
-}
-
 type Organization {
 	id: ID!
 	name: String!
@@ -2262,19 +2280,45 @@ type Organization {
 	created: Time!
 }
 
+type OrganizationMembership {
+	role: AuthRole!
+	restrictions: OrganizationMembershipRestrictions
+}
+
+input OrganizationMembershipInput {
+	role: AuthRole!
+	restrictions: OrganizationMembershipRestrictionsInput
+}
+
+type OrganizationMembershipRestrictions {
+	clusterIds: IDFilterValue
+	serviceIds: IDFilterValue
+	namespaceIds: IDFilterValue
+	environmentIds: IDFilterValue
+}
+
+input OrganizationMembershipRestrictionsInput {
+	clusterIds: InputIDFilterValue
+	serviceIds: InputIDFilterValue
+	namespaceIds: InputIDFilterValue
+	environmentIds: InputIDFilterValue
+}
+
 type OrganizationSettings {
 	domains: [String!]
 	enforcedRegulations: [String!]
 	ignoredCloudDomains: [String!]
 	defaultIntentsApprovalActionByEnv: [DefaultIntentsApprovalActionByEnv!]!
-	domainsDefaultRole: OrgMembershipRole!
+	ignoreInternetIntents: Boolean
+	domainsDefaultRole: AuthRole!
 }
 
 input OrganizationSettingsInput {
 	domains: [String!]
 	enforcedRegulations: [String]
 	ignoredCloudDomains: [String!]
 	defaultIntentsApprovalActionByEnv: [InputDefaultIntentsApprovalActionByEnv!]
+	ignoreInternetIntents: Boolean
 }
 
 input PaginationInput {
@@ -2979,6 +3023,7 @@ type User {
 	authProviderUserId: String!
 	tutorials: [UserTutorial!]
 	activeTutorial: UserTutorial!
+	orgMembership: OrganizationMembership!
 	awsCustomer: AWSCustomer
 }
 
 
@@ -10,6 +10,7 @@ import (
 	"github.com/otterize/network-mapper/src/mapper/pkg/externaltrafficholder"
 	"github.com/otterize/network-mapper/src/mapper/pkg/gcpintentsholder"
 	"github.com/otterize/network-mapper/src/mapper/pkg/incomingtrafficholder"
+	"github.com/otterize/nilable"
 	"time"
 
 	"github.com/cenkalti/backoff/v4"
@@ -139,6 +140,9 @@ func (c *CloudUploader) NotifyExternalTrafficIntents(ctx context.Context, intent
 		for ip := range intent.Intent.IPs {
 			output.Intent.Target.Ips = append(output.Intent.Target.Ips, lo.ToPtr(string(ip)))
 		}
+
+		output.Intent.ConnectionsCount = nilable.FromPtr(intent.ConnectionsCount)
+
 		return output
 	})
 
 
@@ -1,8 +1,7 @@
-package intentsstore
+package concurrentconnectioncounter
 
 import (
 	"github.com/otterize/network-mapper/src/mapper/pkg/cloudclient"
-	"github.com/otterize/network-mapper/src/mapper/pkg/graph/model"
 	"github.com/samber/lo"
 	"sync"
 )
@@ -17,32 +16,32 @@ const (
 	CountMethodSourcePort CountMethod = 2
 )
 
-type CounterInput struct {
-	Intent      model.Intent
+type CounterInput[T CountableIntent] struct {
+	Intent      T
 	SourcePorts []int64
 }
 
-type ConnectionCounter struct {
+type ConnectionCounter[T CountableIntent] struct {
 	SourcePorts SourcePortsSet
 	DNSCounter  int
 	countMethod CountMethod
 	lock        sync.Mutex
 }
 
-func NewConnectionCounter() *ConnectionCounter {
-	return &ConnectionCounter{
+func NewConnectionCounter[T CountableIntent]() *ConnectionCounter[T] {
+	return &ConnectionCounter[T]{
 		SourcePorts: make(SourcePortsSet),
 		DNSCounter:  0,
 		countMethod: CountMethodUnset,
 		lock:        sync.Mutex{},
 	}
 }
 
-func (c *ConnectionCounter) AddConnection(input CounterInput) {
+func (c *ConnectionCounter[T]) AddConnection(input CounterInput[T]) {
 	c.lock.Lock()
 	defer c.lock.Unlock()
 
-	if c.shouldHandleIntentAsSrcPortCount(input.Intent) {
+	if input.Intent.ShouldCountUsingSrcPortMethod() {
 		// TCP source port connections wins over DNS (in terms of connections count)
 		c.countMethod = CountMethodSourcePort
 		lo.ForEach(input.SourcePorts, func(port int64, _ int) {
@@ -51,7 +50,7 @@ func (c *ConnectionCounter) AddConnection(input CounterInput) {
 		return
 	}
 
-	if (c.countMethod == CountMethodUnset || c.countMethod == CountMethodDNS) && c.shouldHandleIntentAsDNSCount(input.Intent) {
+	if (c.countMethod == CountMethodUnset || c.countMethod == CountMethodDNS) && input.Intent.ShouldCountUsingDNSMethod() {
 		c.countMethod = CountMethodDNS
 		c.DNSCounter++
 		return
@@ -61,14 +60,14 @@ func (c *ConnectionCounter) AddConnection(input CounterInput) {
 	// or because it is an unknown intent type
 }
 
-func (c *ConnectionCounter) GetConnectionCount() (int, bool) {
+func (c *ConnectionCounter[T]) GetConnectionCount() (int, bool) {
 	c.lock.Lock()
 	defer c.lock.Unlock()
 
 	return c.getConnectionCountUnsafe()
 }
 
-func (c *ConnectionCounter) getConnectionCountUnsafe() (int, bool) {
+func (c *ConnectionCounter[T]) getConnectionCountUnsafe() (int, bool) {
 	if c.countMethod == CountMethodSourcePort {
 		return len(c.SourcePorts), true
 	}
@@ -80,18 +79,7 @@ func (c *ConnectionCounter) getConnectionCountUnsafe() (int, bool) {
 	return 0, false
 }
 
-func (c *ConnectionCounter) shouldHandleIntentAsDNSCount(intent model.Intent) bool {
-	return intent.ResolutionData != nil && *(intent.ResolutionData) == DNSTrafficIntentResolution
-}
-
-func (c *ConnectionCounter) shouldHandleIntentAsSrcPortCount(intent model.Intent) bool {
-	return intent.ResolutionData != nil &&
-		(*(intent.ResolutionData) == SocketScanServiceIntentResolution ||
-			*intent.ResolutionData == SocketScanPodIntentResolution ||
-			*intent.ResolutionData == TCPTrafficIntentResolution)
-}
-
-func (c *ConnectionCounter) GetConnectionCountDiff(other *ConnectionCounter) (cloudclient.ConnectionsCount, bool) {
+func (c *ConnectionCounter[T]) GetConnectionCountDiff(other *ConnectionCounter[T]) (cloudclient.ConnectionsCount, bool) {
 	c.lock.Lock()
 	defer c.lock.Unlock()