github.com/Venafi/vcert/v5@v5.10.2/pkg/webclient/cloudproviders/schema.graphql

schema
@link(url: "https://specs.apollo.dev/link/v1.0")
@link(url: "https://specs.apollo.dev/join/v0.3", for: EXECUTION)
@link(url: "https://specs.apollo.dev/inaccessible/v0.2", for: SECURITY)
{
    query: Query
    mutation: Mutation
}

directive @inaccessible on FIELD_DEFINITION | OBJECT | INTERFACE | UNION | ARGUMENT_DEFINITION | SCALAR | ENUM | ENUM_VALUE | INPUT_OBJECT | INPUT_FIELD_DEFINITION

directive @join__enumValue(graph: join__Graph!) repeatable on ENUM_VALUE

directive @join__field(graph: join__Graph, requires: join__FieldSet, provides: join__FieldSet, type: String, external: Boolean, override: String, usedOverridden: Boolean) repeatable on FIELD_DEFINITION | INPUT_FIELD_DEFINITION

directive @join__graph(name: String!, url: String!) on ENUM_VALUE

directive @join__implements(graph: join__Graph!, interface: String!) repeatable on OBJECT | INTERFACE

directive @join__type(graph: join__Graph!, key: join__FieldSet, extension: Boolean! = false, resolvable: Boolean! = true, isInterfaceObject: Boolean! = false) repeatable on OBJECT | INTERFACE | UNION | ENUM | INPUT_OBJECT | SCALAR

directive @join__unionMember(graph: join__Graph!, member: String!) repeatable on UNION

directive @link(url: String, as: String, for: link__Purpose, import: [link__Import]) repeatable on SCHEMA

"""
Application is used in matching rules and allows for querying more information through query
"""
type Application
@join__type(graph: COMPLIANCE_POLICY, key: "id", resolvable: false)
@join__type(graph: OUTAGEDETECTION, key: "id")
{
    """ID is the ID of the application for entity linking purposes"""
    id: ID!
    name: String! @join__field(graph: OUTAGEDETECTION)
    description: String @join__field(graph: OUTAGEDETECTION)
    owners: IdentityConnection @join__field(graph: OUTAGEDETECTION)
}

type ApplicationConnection
@join__type(graph: OUTAGEDETECTION)
{
    pageInfo: PageInfo!
    totalCount: Int!
    nodes: [Application!]
    edges: [ApplicationEdge]
}

type ApplicationEdge
@join__type(graph: OUTAGEDETECTION)
{
    node: Application!
    cursor: String!
}

"""
ApplicationMatchingRule wraps the Application type to add included to it
"""
type ApplicationMatchingRule
@join__type(graph: COMPLIANCE_POLICY)
{
    """Application is the reference to the application to include or exclude"""
    application: Application

    """
    Included states whether this application should be included in matching for resources
    """
    included: Boolean
}

enum AttributeEnumOperator
@join__type(graph: TLSPK)
{
    EQUALS @join__enumValue(graph: TLSPK)
}

enum AttributeStringOperator
@join__type(graph: TLSPK)
{
    EQUALS @join__enumValue(graph: TLSPK)
    CONTAINS @join__enumValue(graph: TLSPK)
}

"""A 12 digit string representing an AWS account ID"""
scalar AWSAccountID
@join__type(graph: CLOUD_PROVIDERS)

type AWSCertificateMetadata
@join__type(graph: CLOUD_PROVIDERS)
{
    arn: String!
}

type AWSProviderDetails
@join__type(graph: CLOUD_PROVIDERS)
{
    cloudProvider: CloudProvider!
    awsRegions: [String!]
}

type AzureCertificateMetadata
@join__type(graph: CLOUD_PROVIDERS)
{
    azureId: String!
    name: String!
    version: String!
}

type AzureKeyVault
@join__type(graph: CLOUD_PROVIDERS)
{
    id: String!
    name: String!
}

type AzureProviderDetails
@join__type(graph: CLOUD_PROVIDERS)
{
    cloudProvider: CloudProvider!
    subscriptions: [AzureSubscriptionDetails]
}

type AzureSubscriptionDetails
@join__type(graph: CLOUD_PROVIDERS)
{
    id: String!
    name: String!
}

"""Represents a Billing Metric"""
type BillingMetric
@join__type(graph: ENTITLEMENTS)
{
    key: String!
    value: String!
}

enum Capability
@join__type(graph: CLOUD_PROVIDERS)
{
    CLOUD_PROVIDERS @join__enumValue(graph: CLOUD_PROVIDERS)
}

"""Certificate"""
type Certificate
@join__type(graph: CAOPERATIONS, key: "fingerprint")
@join__type(graph: CERTIFICATE_INVENTORY, key: "fingerprint")
@join__type(graph: CLOUD_PROVIDERS, key: "fingerprint")
@join__type(graph: COMPLIANCE_POLICY, key: "fingerprint")
@join__type(graph: COMPUTED_FIELDS, key: "fingerprint")
@join__type(graph: OUTAGEDETECTION, key: "id")
@join__type(graph: PROVISIONING, key: "fingerprint")
@join__type(graph: SEARCH, key: "fingerprint", resolvable: false)
@join__type(graph: TAGGING, key: "id")
@join__type(graph: TLSPK, key: "fingerprint")
{
    """The SHA-1 digest of the entire raw certificate"""
    fingerprint: ID! @join__field(graph: CAOPERATIONS) @join__field(graph: CERTIFICATE_INVENTORY) @join__field(graph: CLOUD_PROVIDERS) @join__field(graph: COMPLIANCE_POLICY) @join__field(graph: COMPUTED_FIELDS) @join__field(graph: PROVISIONING) @join__field(graph: SEARCH) @join__field(graph: TLSPK)
    issuanceCertificateAuthorityAccount: CertificateAuthorityAccount @join__field(graph: CAOPERATIONS)
    importCertificateAuthorityAccount: CertificateAuthorityAccount @join__field(graph: CAOPERATIONS)
    revocationCertificateAuthorityAccount: CertificateAuthorityAccount @join__field(graph: CAOPERATIONS) @deprecated(reason: "Deprecated, use `revocation.certificateAuthorityAccount` instead")
    revocationStatus: RevocationStatus @join__field(graph: CAOPERATIONS) @deprecated(reason: "Deprecated, use `revocation.status` instead")
    revocationReason: RevocationReason @join__field(graph: CAOPERATIONS) @deprecated(reason: "Deprecated, use `revocation.reason` instead")
    revocationComment: String @join__field(graph: CAOPERATIONS) @deprecated(reason: "Deprecated, use `revocation.comment` instead")
    revocationError: ErrorInformation @join__field(graph: CAOPERATIONS) @deprecated(reason: "Deprecated, use `revocation.error` instead")
    revocationUser: User @join__field(graph: CAOPERATIONS) @deprecated(reason: "Deprecated, use `revocation.user` instead")
    revocation: Revocation @join__field(graph: CAOPERATIONS)
    id: ID! @join__field(graph: CERTIFICATE_INVENTORY) @join__field(graph: OUTAGEDETECTION) @join__field(graph: TAGGING)
    issuer: DirectoryName @join__field(graph: CERTIFICATE_INVENTORY)
    validity: CertificateValidity @join__field(graph: CERTIFICATE_INVENTORY)
    status: CertificateStatus! @join__field(graph: CERTIFICATE_INVENTORY)

    """
    Indicates if this certificate is the current (i.e. last) version of the certificate
    """
    isCurrent: Boolean! @join__field(graph: CERTIFICATE_INVENTORY)

    """Indicates if this certificate is a certificate authority certificate"""
    isCA: Boolean! @join__field(graph: CERTIFICATE_INVENTORY)

    """Indicates if this certificate is a self signed certificate"""
    isSelfSigned: Boolean! @join__field(graph: CERTIFICATE_INVENTORY)

    """
    Timestamp when a new version of this certificate was found (i.e. when isCurrent was set to FALSE)
    """
    archivedTime: DateTime @join__field(graph: CERTIFICATE_INVENTORY)

    """Timestamp when the certificate was created"""
    creationTime: DateTime! @join__field(graph: CERTIFICATE_INVENTORY)

    """Timestamp of the last modification"""
    lastModifiedTime: DateTime! @join__field(graph: CERTIFICATE_INVENTORY)
    subject: DirectoryName @join__field(graph: CERTIFICATE_INVENTORY)
    subjectAlternativeNames: [GeneralName!] @join__field(graph: CERTIFICATE_INVENTORY)
    serialNumber: String! @join__field(graph: CERTIFICATE_INVENTORY)
    publicKeyInformation: PublicKeyInformation! @join__field(graph: CERTIFICATE_INVENTORY)
    signatureAlgorithm: String! @join__field(graph: CERTIFICATE_INVENTORY)
    signatureHashAlgorithm: String! @join__field(graph: CERTIFICATE_INVENTORY)
    extendedKeyUsages: [String!] @join__field(graph: CERTIFICATE_INVENTORY)
    keyUsages: [CertificateKeyUsage!] @join__field(graph: CERTIFICATE_INVENTORY)

    """
    The certificates in the chain. This will return null for nested certificates.
    """
    chain: [Certificate!] @join__field(graph: CERTIFICATE_INVENTORY)

    """
    All other versions of the current certificate. This will return null for nested certificates.
    The pagination can be either forward or backward. To enable forward pagination, two arguments are
    used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`.
    However, 'after' and 'before' arguments are only valid for 'certificate' queries (i.e. single certificate result)
    If arguments for both forward and backward pagination are supplied, forward pagination will be used. If no arguments
    are supplied, it returns the first page of 10 certificates (i.e. defaults `first` to 10). If orderBy is not
    specified, the result will be sorted by fingerprints in ascending order.
    """
    relatedCertificates(after: String, before: String, first: Int, last: Int, orderBy: [RelatedCertificateOrderInput!]): CertificateConnection @join__field(graph: CERTIFICATE_INVENTORY)
    certificateValidationErrors: [ValidationError!] @join__field(graph: CERTIFICATE_INVENTORY)
    certificateErrorCount: ValidationErrorCount! @join__field(graph: CERTIFICATE_INVENTORY) @join__field(graph: COMPUTED_FIELDS, external: true)
    origins: [String!]! @join__field(graph: CERTIFICATE_INVENTORY, override: "computed-fields")
    cloudInstallations: MachineIdentityConnection @join__field(graph: CLOUD_PROVIDERS)

    """
    CompliancePolicyFindings shows how many findings a particular certificate has against it
    """
    compliancePolicyFindings: CompliancePolicyFindingConnection @join__field(graph: COMPLIANCE_POLICY)
    tlsServerEndpoints(after: String, before: String, first: Int, last: Int): TLSServerEndpointConnection @join__field(graph: COMPUTED_FIELDS, external: true) @join__field(graph: OUTAGEDETECTION)
    errorCount: ValidationErrorCount! @join__field(graph: COMPUTED_FIELDS, requires: "certificateErrorCount{warnings alerts} tlsServerEndpoints(after:null,before:null,first:null,last:null) {tlsServerEndpointsErrorCount {warnings alerts}}")
    certificateRequest: CertificateRequest @join__field(graph: OUTAGEDETECTION)
    applications: [Application!] @join__field(graph: OUTAGEDETECTION)
    dekHash: String @join__field(graph: OUTAGEDETECTION)

    """Machine installations collection associated with the certificate."""
    machineInstallations(after: String, before: String, first: Int, last: Int): MachineInstallationConnection @join__field(graph: PROVISIONING)
    tags: [Tag!] @join__field(graph: TAGGING)
    clusterCertificateInstallations(after: String, before: String, first: Int, last: Int): ClusterCertificateInstallationConnection @join__field(graph: TLSPK)
    hasClusterSourceTag: Boolean! @inaccessible @join__field(graph: TLSPK)
}

type CertificateAuthorityAccount
@join__type(graph: CAOPERATIONS, key: "id")
{
    id: ID!
    certificateAuthorityType: CertificateAuthorityType!
    name: String!
}

type CertificateAuthorityAccountConnection
@join__type(graph: CAOPERATIONS)
{
    pageInfo: PageInfo!
    totalCount: Int!
    nodes: [CertificateAuthorityAccount!]
    edges: [CertificateAuthorityAccountEdge]
}

type CertificateAuthorityAccountEdge
@join__type(graph: CAOPERATIONS)
{
    node: CertificateAuthorityAccount!
    cursor: String!
}

enum CertificateAuthorityType
@join__type(graph: CAOPERATIONS)
{
    DIGICERT @join__enumValue(graph: CAOPERATIONS)
    GLOBALSIGN @join__enumValue(graph: CAOPERATIONS)
    BUILTIN @join__enumValue(graph: CAOPERATIONS)
    ENTRUST @join__enumValue(graph: CAOPERATIONS)
    MICROSOFT @join__enumValue(graph: CAOPERATIONS)
    ACME @join__enumValue(graph: CAOPERATIONS)
    ZTPKI @join__enumValue(graph: CAOPERATIONS)
    GLOBALSIGNMSSL @join__enumValue(graph: CAOPERATIONS)
    TPP @join__enumValue(graph: CAOPERATIONS)
    CONNECTOR @join__enumValue(graph: CAOPERATIONS)
}

input CertificateBooleanFilter
@join__type(graph: SEARCH)
{
    """The boolean value that we want to match"""
    eq: Boolean

    """The boolean value that we don't want to match"""
    neq: Boolean

    """
    The boolean value that we want to assert whether the boolean field is null or not
    """
    hasValue: Boolean
}

union CertificateCloudMetadata
@join__type(graph: CLOUD_PROVIDERS)
@join__unionMember(graph: CLOUD_PROVIDERS, member: "AWSCertificateMetadata")
@join__unionMember(graph: CLOUD_PROVIDERS, member: "AzureCertificateMetadata")
@join__unionMember(graph: CLOUD_PROVIDERS, member: "GCPCertificateMetadata")
= AWSCertificateMetadata | AzureCertificateMetadata | GCPCertificateMetadata

"""
CertificateCompliancePolicyFindingsOverviewCategory denotes different categories for more details in the widget
"""
type CertificateCompliancePolicyFindingsOverviewCategory
@join__type(graph: COMPLIANCE_POLICY)
{
    """Id is used to determine which category is being used"""
    id: String

    """
    Count returns the number related to the ID that this category is showing
    """
    count: Int
}

"""
CertificateCompliancePolicyFindingsOverviewWidget provides a summary context for number of certificates evaluated
in policies compared to how many of those certificate findings resulted in issues"
"""
type CertificateCompliancePolicyFindingsOverviewWidget
@join__type(graph: COMPLIANCE_POLICY)
{
    """
    TotalCertificatesCount is the number of certificates with evaluation findings
    """
    totalCertificatesCount: Int

    """
    CertificatesWithFindingsCount returns the number of certificates with issues from findings
    """
    certificatesWithFindingsCount: Int

    """Categories is the list of certificates that have issues from findings"""
    categories: [CertificateCompliancePolicyFindingsOverviewCategory]
}

"""A page of certificate results"""
type CertificateConnection
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: SEARCH)
@join__type(graph: TLSPK)
{
    """Current page information"""
    pageInfo: PageInfo!

    """Total number of certificates (in all pages)"""
    totalCount: Int!

    """Certificates in the current page, without cursor"""
    nodes: [Certificate!] @join__field(graph: CERTIFICATE_INVENTORY, type: "[Certificate!]") @join__field(graph: SEARCH, type: "[Certificate!]") @join__field(graph: TLSPK, type: "[Certificate!]!")

    """
    Certificates in the current page, together with their associated cursor
    """
    edges: [CertificateEdge!] @join__field(graph: CERTIFICATE_INVENTORY, type: "[CertificateEdge!]") @join__field(graph: SEARCH, type: "[CertificateEdge!]") @join__field(graph: TLSPK, type: "[CertificateEdge!]!")
}

input CertificateDateFilter
@join__type(graph: SEARCH)
{
    """The datetime value for certificate that we want to match"""
    eq: DateTime

    """The datetime value for certificate that we don't want to match"""
    neq: DateTime

    """
    The date range for certificate that we want to assert whether the date value is within the specified range
    """
    between: CertificateDateRange

    """
    The boolean value that we want to assert whether the date field is null or not
    """
    hasValue: Boolean
}

input CertificateDateRange
@join__type(graph: SEARCH)
{
    """The earliest date value we want to match on"""
    gte: DateTime

    """The latest date value we want to match on"""
    lte: DateTime
}

"""Certificate together with its associated cursor"""
type CertificateEdge
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: SEARCH)
@join__type(graph: TLSPK)
{
    """The certificate"""
    node: Certificate!

    """The cursor for the certificate"""
    cursor: String!
}

"""
CertificateEvaluationRuleAttributesInput provides information on which attributes are used for evaluation
"""
input CertificateEvaluationRuleAttributesInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """
    CertificateAuthorityFingerprints allows to filter by certificate authority for Issuing CA evaluation type
    """
    certificateAuthorityFingerprints: CompliancePolicyFieldStringFilter

    """And allows for chaining AND logic"""
    and: [CertificateEvaluationRuleAttributesInput!]

    """Or allows for chaining OR logic"""
    or: [CertificateEvaluationRuleAttributesInput!]
}

"""
Identifies the intended usage for which the public-key certificate has been issued
"""
enum CertificateKeyUsage
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """
    for verifying digital signatures that are used with an entity authentication service, a data origin authentication service and/or an integrity service
    """
    DIGITAL_SIGNATURE @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """
    for verifying digital signatures which are intended to signal that the signer is committing to the content being signed
    """
    NON_REPUDIATION @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """
    for enciphering keys or other security information, e.g., for key transport
    """
    KEY_ENCIPHERMENT @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """for enciphering user data, but not keys or other security information"""
    DATA_ENCIPHERMENT @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """
    for use as a public key agreement key, such an when an asymmetric Diffie-Hellman key pair is used for key management
    """
    KEY_AGREEMENT @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """for verifying a CA's signature on public-key certificates"""
    KEY_CERT_SIGN @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """for verifying an authority's signature on CRLs"""
    CRL_SIGN @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """
    public key agreement key for use only in enciphering data when used with KEY_AGREEMENT also set
    """
    ENCIPHER_ONLY @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """
    public key agreement key for use only in deciphering data when used with KEY_AGREEMENT also set
    """
    DECIPHER_ONLY @join__enumValue(graph: CERTIFICATE_INVENTORY)
}

input CertificateListFilter
@join__type(graph: SEARCH)
{
    """The string value that we want to assert whether it is within the list"""
    includes: String

    """
    The boolean value that we want to assert whether the boolean field is null or not
    """
    hasValue: Boolean
}

"""
CertificateMatchingRuleAttributesInput provides information on which attributes are used for matching for certificate resources
"""
input CertificateMatchingRuleAttributesInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """ApplicationIDs allows to filter by application"""
    applicationIDs: CompliancePolicyFieldStringFilter

    """Tags allows to filter by application"""
    tags: CompliancePolicyFieldStringFilter

    """And allows for chaining AND logic"""
    and: [CertificateMatchingRuleAttributesInput!]

    """Or allows for chaining OR logic"""
    or: [CertificateMatchingRuleAttributesInput!]
}

input CertificateNumberFilter
@join__type(graph: SEARCH)
{
    """The generic number value for certificate we want to match"""
    eq: Int64

    """The generic number value for certificate we don't want to match"""
    neq: Int64

    """
    The generic number range value for certificate that we want to assert whether the number value is within the specified range
    """
    between: CertificateNumberRange

    """
    The boolean value that we want to assert whether the number field is null or not
    """
    hasValue: Boolean
}

input CertificateNumberRange
@join__type(graph: SEARCH)
{
    """The minimum number value we want to match on"""
    gte: Int64

    """The maximum number value we want to match on"""
    lte: Int64
}

"""CertificateOrderField defines the fields that can be used for ordering"""
enum CertificateOrderField
@join__type(graph: SEARCH)
{
    """Order by field fingerprint"""
    FINGERPRINT @join__enumValue(graph: SEARCH)

    """Order by field subject.cn"""
    CERTIFICATE_NAME @join__enumValue(graph: SEARCH)

    """Order by field issuer.cn"""
    ISSUER @join__enumValue(graph: SEARCH)

    """Order by field validity.to"""
    EXPIRES_ON @join__enumValue(graph: SEARCH)

    """Order by field isCurrent"""
    IS_CURRENT @join__enumValue(graph: SEARCH)

    """Order by field tlsServerEndpoints.totalCount"""
    TLS_SERVER_ENDPOINTS_TOTAL_COUNT @join__enumValue(graph: SEARCH)

    """Order by field lastModifiedTime"""
    LAST_MODIFIED_TIME @join__enumValue(graph: SEARCH)

    """Order by field revocation.status"""
    REVOCATION_STATUS @join__enumValue(graph: SEARCH)
}

"""
CertificateOrderInput contains the ordering information for a specific field
"""
input CertificateOrderInput
@join__type(graph: SEARCH)
{
    field: CertificateOrderField!
    direction: OrderDirection!
}

"""Identifies the origin of the certificate"""
enum CertificateOrigin
@join__type(graph: SEARCH)
{
    USER_PROVIDED @join__enumValue(graph: SEARCH)
    USER_IMPORTED @join__enumValue(graph: SEARCH)
    USER_SCAN @join__enumValue(graph: SEARCH)
    ON_PREM_CA_IMPORT @join__enumValue(graph: SEARCH)
    EXTERNAL_CA_IMPORT @join__enumValue(graph: SEARCH)
    EXTERNAL_SCAN @join__enumValue(graph: SEARCH)
    DOMAIN_SCAN @join__enumValue(graph: SEARCH)
    SMART_SCAN_INTERNAL @join__enumValue(graph: SEARCH)
    SMART_SCAN_EXTERNAL @join__enumValue(graph: SEARCH)
    SMART_VALIDATION_INTERNAL @join__enumValue(graph: SEARCH)
    SMART_VALIDATION_EXTERNAL @join__enumValue(graph: SEARCH)
    MACHINE_DISCOVERY @join__enumValue(graph: SEARCH)
    KUBERNETES_DISCOVERY @join__enumValue(graph: SEARCH)
    AWS_DISCOVERY @join__enumValue(graph: SEARCH)
    AZURE_DISCOVERY @join__enumValue(graph: SEARCH)
    GCP_DISCOVERY @join__enumValue(graph: SEARCH)
}

input CertificateOriginFilter
@join__type(graph: SEARCH)
{
    """The string value that we want to assert whether it is within the list"""
    includes: CertificateOrigin

    """
    The boolean value that we want to assert whether the boolean field is null or not
    """
    hasValue: Boolean
}

input CertificateProvisioningAWSOptionsInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    Amazon Resource Name (ARN) uniquely identifying AWS certificate resource
    """
    arn: String
    tags: [CertificateProvisioningTagOptionInput]
}

input CertificateProvisioningAzureOptionsInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    An Azure object-name is a user provided name for and must be unique within a key vault. The name must be a 1-127 character string, starting with a letter and containing only 0-9, a-z, A-Z, and -.
    """
    name: String
    enabled: Boolean
    exportable: Boolean
    reuseKey: Boolean
    tags: [CertificateProvisioningTagOptionInput]
}

input CertificateProvisioningGCPOptionsInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    A GCM certificate id is a user provider name and must be unique within a region. The id must be a 1-63 character string, start with a letter and only contain lower case letters, digits and hyphens.
    """
    id: String
    description: String
    scope: GCMCertificateScope
    labels: [CertificateProvisioningTagOptionInput]
}

input CertificateProvisioningOptionsInput
@join__type(graph: CLOUD_PROVIDERS)
{
    awsOptions: CertificateProvisioningAWSOptionsInput
    azureOptions: CertificateProvisioningAzureOptionsInput
    gcpOptions: CertificateProvisioningGCPOptionsInput
}

input CertificateProvisioningTagOptionInput
@join__type(graph: CLOUD_PROVIDERS)
{
    name: String!
    value: String!
}

type CertificateRequest
@join__type(graph: CAOPERATIONS, key: "id")
@join__type(graph: OUTAGEDETECTION, key: "id")
{
    id: ID!
    issuingTemplate: IssuingTemplate @join__field(graph: CAOPERATIONS)
    requester: User @join__field(graph: CAOPERATIONS)
    issuedTime: DateTime @join__field(graph: CAOPERATIONS)
    csr: String @join__field(graph: CAOPERATIONS)
    validityPeriod: String @join__field(graph: CAOPERATIONS)
    certificateAuthorityAccount: CertificateAuthorityAccount @join__field(graph: CAOPERATIONS) @deprecated(reason: "deprecated - use issuingTemplate.certificateAuthorityAccount field")
    application: Application @join__field(graph: OUTAGEDETECTION)
}

"""
CertificateSearchAttributesInput defines the searchable field attributes. The parent input field name defines the operator
used between the attributes (i.e. "and" will match ALL supplied attributes, "or" will match ANY of the attributes)
"""
input CertificateSearchAttributesInput
@join__type(graph: SEARCH)
{
    """Filter by field 'application.id'"""
    applicationId: CertificateStringFilter

    """Filter by field 'application.name'"""
    applicationName: CertificateStringFilter

    """Filter by field 'applications.owners.nodes.id'"""
    applicationOwnerId: CertificateStringFilter

    """Filter by field 'certificateErrorCount.alerts'"""
    certificateAlertsCount: CertificateNumberFilter

    """Filter by field 'certificateErrorCount.warnings'"""
    certificateWarningsCount: CertificateNumberFilter

    """Filter by field 'subject.c'"""
    subjectC: CertificateListFilter

    """Filter by field 'subject.cn'"""
    subjectCN: CertificateStringFilter

    """Filter by field 'subject.dc'"""
    subjectDC: CertificateStringFilter

    """Filter by field 'subject.l'"""
    subjectL: CertificateListFilter

    """Filter by field 'subject.o'"""
    subjectO: CertificateListFilter

    """Filter by field 'subject.ou'"""
    subjectOU: CertificateListFilter

    """Filter by field 'subject.postalCode'"""
    subjectPostalCode: CertificateListFilter

    """Filter by field 'subject.st'"""
    subjectST: CertificateListFilter

    """Filter by field 'errorCount.alerts'"""
    alertsCount: CertificateNumberFilter

    """Filter by field 'errorCount.warnings'"""
    warningsCount: CertificateNumberFilter

    """Filter by field 'extendedKeyUsages'"""
    extendedKeyUsages: CertificateListFilter

    """Filter by field 'fingerprint'"""
    fingerprint: CertificateStringFilter

    """Filter by field 'creationTime'"""
    creationTime: CertificateDateFilter

    """Filter by field 'lastModifiedTime'"""
    lastModifiedTime: CertificateDateFilter

    """Filter by field 'serialNumber'"""
    serialNumber: CertificateStringFilter

    """Filter by field 'isCurrent'"""
    isCurrent: CertificateBooleanFilter

    """Filter by field 'isCA'"""
    isCA: CertificateBooleanFilter

    """Filter by field 'isSelfSigned'"""
    isSelfSigned: CertificateBooleanFilter

    """Filter by field 'issuer.c'"""
    issuerC: CertificateListFilter

    """Filter by field 'issuer.cn'"""
    issuerCN: CertificateStringFilter

    """Filter by field 'issuer.dc'"""
    issuerDC: CertificateStringFilter

    """Filter by field 'issuer.l'"""
    issuerL: CertificateListFilter

    """Filter by field 'issuer.o'"""
    issuerO: CertificateListFilter

    """Filter by field 'issuer.ou'"""
    issuerOU: CertificateListFilter

    """Filter by field 'issuer.postalCode'"""
    issuerPostalCode: CertificateListFilter

    """Filter by field 'issuer.st'"""
    issuerST: CertificateListFilter

    """Filter by field 'origins'"""
    origins: CertificateOriginFilter

    """Filter by field 'revocation.status'"""
    revocationStatus: RevocationStatusFilter

    """Filter by field 'dekHash'"""
    dekHash: CertificateStringFilter

    """Filter by field 'publicKeyInformation.__typename'"""
    publicKeyInformationTypeName: PublicKeyInformationTypeFilter

    """Filter by RSAKeyInfo field 'publicKeyInformation.strength'"""
    publicKeyInformationRSAStrength: CertificateNumberFilter

    """Filter by ECKeyInfo field 'publicKeyInformation.curve'"""
    publicKeyInformationECCurve: CertificateStringFilter

    """Filter by DSAKeyInfo field 'publicKeyInformation.l'"""
    publicKeyInformationDSAL: CertificateNumberFilter

    """Filter by DSAKeyInfo field 'publicKeyInformation.n'"""
    publicKeyInformationDSAN: CertificateNumberFilter

    """Filter by GenericKeyInfo field 'publicKeyInformation.oid'"""
    publicKeyInformationOID: CertificateStringFilter

    """Filter by field 'subjectHashAlgorithm'"""
    signatureHashAlgorithm: SignatureHashAlgorithmFilter

    """Filter by field 'status'"""
    status: CertificateStatusFilter

    """Filter by field 'subjectAlternativeNames.__typename'"""
    subjectAlternativeNameTypeName: SubjectAlternativeNameTypeFilter

    """Filter by field 'subjectAlternativeNames.dnsName'"""
    subjectAlternativeNameDNSName: CertificateStringFilter

    """Filter by field 'subjectAlternativeNames.c'"""
    subjectAlternativeNameDirectoryNameC: CertificateListFilter

    """Filter by field 'subjectAlternativeNames.cn'"""
    subjectAlternativeNameDirectoryNameCN: CertificateStringFilter

    """Filter by field 'subjectAlternativeNames.l'"""
    subjectAlternativeNameDirectoryNameL: CertificateListFilter

    """Filter by field 'subjectAlternativeNames.o'"""
    subjectAlternativeNameDirectoryNameO: CertificateListFilter

    """Filter by field 'subjectAlternativeNames.ou'"""
    subjectAlternativeNameDirectoryNameOU: CertificateListFilter

    """Filter by field 'subjectAlternativeNames.postalCode'"""
    subjectAlternativeNameDirectoryNamePostalCode: CertificateListFilter

    """Filter by field 'subjectAlternativeNames.st'"""
    subjectAlternativeNameDirectoryNameST: CertificateListFilter

    """Filter by field 'subjectAlternativeNames.streetAddress'"""
    subjectAlternativeNameDirectoryNameStreetAddress: CertificateListFilter

    """Filter by field 'subjectAlternativeNames.ip'"""
    subjectAlternativeNameIP: CertificateStringFilter

    """Filter by field 'subjectAlternativeNames.uri'"""
    subjectAlternativeNameURI: CertificateStringFilter

    """Filter by field 'subjectAlternativeNames.emailAddress'"""
    subjectAlternativeNameEmailAddress: CertificateStringFilter

    """Filter by field 'tags.name'"""
    tagName: CertificateStringFilter

    """Filter by field 'tlsServerEndpoints.totalCount'"""
    tlsServerEndpointTotalCount: CertificateNumberFilter

    """Filter by field 'tlsServerEndpoints.nodes.lastAttemptTime'"""
    tlsServerEndpointLastAttemptTime: CertificateDateFilter

    """Filter by field 'tlsServerEndpoints.nodes.lastSeenTime'"""
    tlsServerEndpointLastSeenTime: CertificateDateFilter

    """Filter by field 'tlsServerEndpoints.nodes.deploymentStatus'"""
    tlsServerEndpointDeploymentStatus: DeploymentStatusFilter

    """
    Filter by field 'tlsServerEndpoints.nodes.tlsValidationError.errorType'
    """
    tlsServerEndpointTLSValidationErrorType: TLSValidationErrorTypeFilter

    """
    Filter by field 'tlsServerEndpoints.nodes.chainValidationErrors.errorType'
    """
    tlsServerEndpointChainValidationErrorType: ChainValidationErrorTypeFilter

    """Filter by field 'validity.from'"""
    validityFrom: CertificateDateFilter

    """Filter by field 'validity.to'"""
    validityTo: CertificateDateFilter

    """Filter by field 'validity.period'"""
    validityPeriod: CertificateNumberFilter

    """Filter by field 'clusterCertificateInstallations.nodes.__typename'"""
    clusterCertificateInstallationTypeName: CertificateStringFilter

    """Filter by field 'clusterCertificateInstallations.nodes.namespace'"""
    clusterCertificateInstallationClusterSecretNamespace: CertificateStringFilter

    """Filter by field 'clusterCertificateInstallations.nodes.cluster.id'"""
    clusterCertificateInstallationClusterId: CertificateStringFilter

    """Filter by field 'clusterCertificateInstallations.nodes.cluster.name'"""
    clusterCertificateInstallationClusterName: CertificateStringFilter

    """Filter by field 'clusterCertificateInstallations.nodes.lifecycle'"""
    clusterCertificateInstallationClusterSecretLifecycle: CertificateStringFilter

    """
    Filter by field 'clusterCertificateInstallations.nodes.clusterCertificateBinding.resourceType'
    """
    clusterCertificateInstallationClusterSecretUsedBy: CertificateStringFilter

    """Filter by field 'cloudInstallations.nodes.metadata.cloudId'"""
    cloudInstallationsCloudId: CertificateStringFilter

    """Filter by field 'cloudInstallations.nodes.cloudKeystoreId'"""
    cloudInstallationsCloudKeystoreId: CertificateStringFilter

    """Filter by field 'cloudInstallations.nodes.cloudKeystoreName'"""
    cloudInstallationsCloudKeystoreName: CertificateStringFilter

    """Filter by field 'cloudInstallations.nodes.cloudProviderId'"""
    cloudInstallationsCloudProviderId: CertificateStringFilter

    """Filter by field 'cloudInstallations.nodes.cloudProviderName'"""
    cloudInstallationsCloudProviderName: CertificateStringFilter

    """Filter by field 'cloudInstallations.nodes.addedOn'"""
    cloudInstallationsAddedOn: CertificateDateFilter

    """Filter by field 'cloudInstallations.nodes.status'"""
    cloudInstallationsStatus: CertificateStringFilter

    """
    Filter by matching ALL the supplied fields on the array of CertificateSearchAttributes input object
    """
    and: [CertificateSearchAttributesInput!]

    """
    Filter by matching any ONE of the supplied fields on the array of CertificateSearchAttributes input object
    """
    or: [CertificateSearchAttributesInput!]
}

"""
CertificateSearchFilterInput defines the search filter. If more than one field is supplied, the match is on ALL of them
(i.e. using an implicit AND operator)
"""
input CertificateSearchFilterInput
@join__type(graph: SEARCH)
{
    """
    Simple filter for full-text like search, used for matching across all searchable fields
    """
    quickFilter: String

    """
    Filter by matching ALL the supplied fields on the array of CertificateSearchAttributes input object
    """
    and: [CertificateSearchAttributesInput!]

    """
    Filter by matching any ONE of the supplied fields on the array of CertificateSearchAttributes input object
    """
    or: [CertificateSearchAttributesInput!]
}

"""Indicates the status of a certificate"""
enum CertificateStatus
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: SEARCH)
{
    """certificate is active"""
    ACTIVE @join__enumValue(graph: CERTIFICATE_INVENTORY) @join__enumValue(graph: SEARCH)

    """certificate has been retired by an user"""
    RETIRED @join__enumValue(graph: CERTIFICATE_INVENTORY) @join__enumValue(graph: SEARCH)
}

input CertificateStatusFilter
@join__type(graph: SEARCH)
{
    """The certificate status value we want to match"""
    eq: CertificateStatus

    """The certificate status value we don't want to match"""
    neq: CertificateStatus

    """
    The list of certificate status that we want to assert whether the string value is included in the provided list
    """
    in: [CertificateStatus!]

    """
    The boolean value that we want to assert whether the field is null or not
    """
    hasValue: Boolean
}

input CertificateStringFilter
@join__type(graph: SEARCH)
{
    """The generic string value for certificate we want to match"""
    eq: String

    """The generic string value for certificate we don't want to match"""
    neq: String

    """
    The generic string value for certificate we want to assert whether the provided string is present
    """
    contains: String

    """
    The list of generic string values for certificate that we want to assert whether the string value is included in the provided list
    """
    in: [String!]

    """
    The boolean value that we want to assert whether the field is null or not
    """
    hasValue: Boolean
}

"""
CertificateType defines what type of certificate the trusted CA cert is
"""
enum CertificateType
@join__type(graph: CERTIFICATE)
{
    ROOT_CA @join__enumValue(graph: CERTIFICATE)
    SELF_ISSUED_CA @join__enumValue(graph: CERTIFICATE)
    CA @join__enumValue(graph: CERTIFICATE)
    CROSS_CA @join__enumValue(graph: CERTIFICATE)
    END_ENTITY @join__enumValue(graph: CERTIFICATE)
    END_ENTITY_AC @join__enumValue(graph: CERTIFICATE)
}

type CertificateValidationError implements ValidationError
@join__implements(graph: CERTIFICATE_INVENTORY, interface: "ValidationError")
@join__type(graph: CERTIFICATE_INVENTORY)
{
    message: String
    arguments: [String!]
    errorType: CertificateValidationErrorType
}

"""Identifies error type for certificate validation"""
enum CertificateValidationErrorType
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """indicates when a certificate is expired"""
    CERTIFICATE_EXPIRED @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """
    indicates when a certificate is an older version of an existing current version of certificate
    """
    CERTIFICATE_OLD_VERSION @join__enumValue(graph: CERTIFICATE_INVENTORY)
}

"""Indicates the validity of a certificate"""
type CertificateValidity
@join__type(graph: CERTIFICATE_INVENTORY)
{
    from: DateTime
    to: DateTime

    """ certificate validity period in seconds"""
    period: Int64
}

type ChainValidationError implements ValidationError
@join__implements(graph: OUTAGEDETECTION, interface: "ValidationError")
@join__type(graph: OUTAGEDETECTION)
{
    message: String
    arguments: [String!]
    errorType: ChainValidationErrorType
}

"""
Identifies the chain validation error type associated with a tls server endpoint
"""
enum ChainValidationErrorType
@join__type(graph: OUTAGEDETECTION)
@join__type(graph: SEARCH)
{
    CHAIN_EXPIRE_BEFORE_EE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    CHAIN_BUILDING_FAILED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    INCOMPLETE_CHAIN @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    DISTRUSTED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    UNKNOWN_ERROR @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    NOT_APPLICABLE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    SELF_SIGNED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
}

input ChainValidationErrorTypeFilter
@join__type(graph: SEARCH)
{
    """The chain validation error type value we want to match"""
    eq: ChainValidationErrorType

    """The chain validation error type value we don't want to match"""
    neq: ChainValidationErrorType

    """
    The list of chain validation error types that we want to assert whether the string value is included in the provided list
    """
    in: [ChainValidationErrorType!]

    """
    The boolean value that we want to assert whether the field is null or not
    """
    hasValue: Boolean
}

type CloudDiscovery
@join__type(graph: CLOUD_PROVIDERS)
{
    id: UUID!
    cloudKeystore: CloudKeystore!
    status: CloudDiscoveryStatus!
    statusDetails: String
    totalCertificatesCount: Int!
    missingCertificatesCount: Int!
    newCertificatesCount: Int!
    startedBy: User!
    startTime: DateTime
    endTime: DateTime
}

type CloudDiscoveryConfiguration
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    A crontab expression representing when the scheduled discovery will run, eg: '00 03 * * *' -> 3 AM every day
    """
    scheduleSpecification: String
    includeExpiredCertificates: Boolean!
    includeRevokedCertificates: Boolean!
}

input CloudDiscoveryConfigurationInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    A crontab expression representing when the scheduled discovery will run, eg: '00 03 * * *' -> 3 AM every day
    """
    scheduleSpecification: String
    includeExpiredCertificates: Boolean
    includeRevokedCertificates: Boolean
}

"""Indicates the status of a cloud discovery"""
enum CloudDiscoveryStatus
@join__type(graph: CLOUD_PROVIDERS)
{
    """The cloud discovery has not been initiated"""
    NEVER_INITIATED @join__enumValue(graph: CLOUD_PROVIDERS)

    """The cloud discovery has been initiated"""
    INITIATED @join__enumValue(graph: CLOUD_PROVIDERS)

    """The cloud discovery is running"""
    RUNNING @join__enumValue(graph: CLOUD_PROVIDERS)

    """The cloud discovery has been successfully completed"""
    COMPLETED @join__enumValue(graph: CLOUD_PROVIDERS)

    """The cloud discovery has been aborted"""
    ABORTED @join__enumValue(graph: CLOUD_PROVIDERS)

    """The cloud discovery is aborting"""
    ABORTING @join__enumValue(graph: CLOUD_PROVIDERS)

    """The cloud discovery has failed"""
    FAILED @join__enumValue(graph: CLOUD_PROVIDERS)
}

type CloudKeystore
@join__type(graph: CLOUD_PROVIDERS)
{
    id: UUID!

    """
    Cloud Keystore name

    A string between 3 and 250 characters
    """
    name: String!
    type: CloudKeystoreType!
    team: Team!
    authorizedTeams: [Team!]
    cloudProvider: CloudProvider!
    configuration: CloudKeystoreConfiguration!
    machineIdentitiesCount: Int!
    createdOn: DateTime!
    createdBy: User!
    lastModifiedOn: DateTime!
    lastModifiedBy: User
    discovery: CloudDiscovery
    discoveryConfiguration: CloudDiscoveryConfiguration!
}

type CloudKeystoreACMConfiguration
@join__type(graph: CLOUD_PROVIDERS)
{
    region: String!
}

input CloudKeystoreACMConfigurationInput
@join__type(graph: CLOUD_PROVIDERS)
{
    region: String!
}

type CloudKeystoreAKVConfiguration
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    An Azure Key Vault name

    The vault name should be string of 3 to 24 characters and can contain only numbers (0-9), letters (a-z, A-Z), and hyphens (-).
    The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens.
    """
    keyVaultName: String!
}

input CloudKeystoreAKVConfigurationInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    An Azure Key Vault name

    The vault name should be string of 3 to 24 characters and can contain only numbers (0-9), letters (a-z, A-Z), and hyphens (-).
    The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens.
    """
    keyVaultName: String!
}

union CloudKeystoreConfiguration
@join__type(graph: CLOUD_PROVIDERS)
@join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudKeystoreACMConfiguration")
@join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudKeystoreAKVConfiguration")
@join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudKeystoreGCMConfiguration")
= CloudKeystoreACMConfiguration | CloudKeystoreAKVConfiguration | CloudKeystoreGCMConfiguration

"""A page of CloudKeystore results"""
type CloudKeystoreConnection
@join__type(graph: CLOUD_PROVIDERS)
{
    """Current page information"""
    pageInfo: PageInfo!

    """Total number of cloud keystores (in all pages)"""
    totalCount: Int!

    """CloudKeystores in the current page, without cursor"""
    nodes: [CloudKeystore!]

    """
    CloudKeystores in the current page, together with their associated cursor
    """
    edges: [CloudKeystoreEdge!]
}

"""CloudKeystore together with its associated cursor"""
type CloudKeystoreEdge
@join__type(graph: CLOUD_PROVIDERS)
{
    """The cloud keystore"""
    node: CloudKeystore!

    """The cursor for the cloud keystore"""
    cursor: String!
}

input CloudKeystoreFilterInput
@join__type(graph: CLOUD_PROVIDERS)
{
    cloudProviderId: UUID
    cloudProviderName: String
    cloudKeystoreId: UUID
    cloudKeystoreName: String
}

type CloudKeystoreGCMConfiguration
@join__type(graph: CLOUD_PROVIDERS)
{
    projectId: String!
    location: String!
}

input CloudKeystoreGCMConfigurationInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    GCP Certificate Manager project name.

    The unique, user-assigned ID of the Project. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.
    """
    projectId: String!
    location: String!
}

input CloudKeystoreInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    Cloud Keystore name

    A string between 3 and 250 characters
    """
    name: String!
    type: CloudKeystoreType!
    teamId: UUID!
    authorizedTeams: [UUID!]
    cloudProviderId: UUID!
    acmConfiguration: CloudKeystoreACMConfigurationInput
    akvConfiguration: CloudKeystoreAKVConfigurationInput
    gcmConfiguration: CloudKeystoreGCMConfigurationInput
    discoveryConfiguration: CloudDiscoveryConfigurationInput
}

"""
CloudKeystoreOrderField defines the fields that can be used for ordering
"""
enum CloudKeystoreOrderField
@join__type(graph: CLOUD_PROVIDERS)
{
    """Order by ID"""
    ID @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Name"""
    NAME @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Cloud Keystore Type"""
    TYPE @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Owner Team ID"""
    TEAM_ID @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Authorized Team IDs"""
    AUTHORIZED_TEAMS @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Cloud Provider ID"""
    CLOUD_PROVIDER_ID @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Cloud Provider Name"""
    CLOUD_PROVIDER_NAME @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Machine Identities Count"""
    MACHINE_IDENTITIES_COUNT @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Created On date"""
    CREATED_ON @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by CreatedBy User ID"""
    CREATED_BY @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Last Modified date"""
    LAST_MODIFIED_ON @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Last Modified By User ID"""
    LAST_MODIFIED_BY @join__enumValue(graph: CLOUD_PROVIDERS)
}

"""
CloudKeystoreOrderInput contains the ordering information for a specific field
"""
input CloudKeystoreOrderInput
@join__type(graph: CLOUD_PROVIDERS)
{
    field: CloudKeystoreOrderField!
    direction: OrderDirection!
}

"""Indicates the type of a Cloud Keystore"""
enum CloudKeystoreType
@join__type(graph: CLOUD_PROVIDERS)
{
    """AWS Certificate Manager"""
    ACM @join__enumValue(graph: CLOUD_PROVIDERS)

    """Azure Key Vault"""
    AKV @join__enumValue(graph: CLOUD_PROVIDERS)

    """Google Certificate Manager"""
    GCM @join__enumValue(graph: CLOUD_PROVIDERS)
}

input CloudKeystoreUpdateInput
@join__type(graph: CLOUD_PROVIDERS)
{
    id: UUID!

    """
    Cloud Keystore name

    A string between 3 and 250 characters
    """
    name: String
    teamId: UUID
    authorizedTeams: [UUID!]
    discoveryConfiguration: CloudDiscoveryConfigurationInput
}

input CloudMachineIdentitiesFilterInput
@join__type(graph: CLOUD_PROVIDERS)
{
    cloudKeystoreId: UUID
    machineIdentityId: UUID
    fingerprints: [String!]
    newlyDiscovered: Boolean
    metadata: String
}

type CloudProvider
@join__type(graph: CLOUD_PROVIDERS)
{
    id: UUID!
    type: CloudProviderType!
    configuration: CloudProviderConfiguration!
    name: String!
    team: Team!
    authorizedTeams: [Team!]
    status: CloudProviderStatus!
    statusDetails: String
    keystoresCount: Int!
    createdOn: DateTime!
    createdBy: User!
    lastModifiedOn: DateTime!
    lastModifiedBy: User
}

type CloudProviderAWSConfiguration
@join__type(graph: CLOUD_PROVIDERS)
{
    accountId: AWSAccountID!

    """
    An AWS Policy Role.

    Maximum 64 characters. Use alphanumeric and '+=,.@-_' characters.
    """
    role: String!
    externalId: String!
}

input CloudProviderAWSConfigurationInput
@join__type(graph: CLOUD_PROVIDERS)
{
    accountId: AWSAccountID!

    """
    An AWS Policy Role.

    Maximum 64 characters. Use alphanumeric and '+=,.@-_' characters.
    """
    role: String!
}

input CloudProviderAWSConfigurationUpdateInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    An AWS Policy Role.

    Maximum 64 characters. Use alphanumeric and '+=,.@-_' characters.
    """
    role: String
}

type CloudProviderAzureConfiguration
@join__type(graph: CLOUD_PROVIDERS)
{
    applicationId: String!
    directoryId: String!
}

input CloudProviderAzureConfigurationInput
@join__type(graph: CLOUD_PROVIDERS)
{
    applicationId: String!
    directoryId: String!
    secret: String!
}

input CloudProviderAzureConfigurationUpdateInput
@join__type(graph: CLOUD_PROVIDERS)
{
    secret: String!
}

union CloudProviderConfiguration
@join__type(graph: CLOUD_PROVIDERS)
@join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudProviderAWSConfiguration")
@join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudProviderAzureConfiguration")
@join__unionMember(graph: CLOUD_PROVIDERS, member: "CloudProviderGCPConfiguration")
= CloudProviderAWSConfiguration | CloudProviderAzureConfiguration | CloudProviderGCPConfiguration

"""A page of CloudProvider results"""
type CloudProviderConnection
@join__type(graph: CLOUD_PROVIDERS)
{
    """Current page information"""
    pageInfo: PageInfo!

    """Total number of cloud providers (in all pages)"""
    totalCount: Int!

    """CloudProviders in the current page, without cursor"""
    nodes: [CloudProvider!]

    """
    CloudProviders in the current page, together with their associated cursor
    """
    edges: [CloudProviderEdge!]
}

union CloudProviderDetails
@join__type(graph: CLOUD_PROVIDERS)
@join__unionMember(graph: CLOUD_PROVIDERS, member: "AWSProviderDetails")
@join__unionMember(graph: CLOUD_PROVIDERS, member: "AzureProviderDetails")
@join__unionMember(graph: CLOUD_PROVIDERS, member: "GCPProviderDetails")
= AWSProviderDetails | AzureProviderDetails | GCPProviderDetails

"""CloudProvider together with its associated cursor"""
type CloudProviderEdge
@join__type(graph: CLOUD_PROVIDERS)
{
    """The cloud provider"""
    node: CloudProvider!

    """The cursor for the cloud provider"""
    cursor: String!
}

input CloudProviderFilterInput
@join__type(graph: CLOUD_PROVIDERS)
{
    status: CloudProviderStatus
    type: CloudProviderType
    name: String
}

type CloudProviderGCPConfiguration
@join__type(graph: CLOUD_PROVIDERS)
{
    serviceAccountEmail: String!
    publicKey: String!
    publicKeyNotAfter: String!
}

input CloudProviderGCPConfigurationInput
@join__type(graph: CLOUD_PROVIDERS)
{
    serviceAccountEmail: String!
}

input CloudProviderInput
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    Cloud Provider name

    A string between 3 and 250 characters
    """
    name: String!
    type: CloudProviderType!
    awsConfiguration: CloudProviderAWSConfigurationInput
    azureConfiguration: CloudProviderAzureConfigurationInput
    gcpConfiguration: CloudProviderGCPConfigurationInput
    teamId: UUID!
    authorizedTeams: [UUID!]
}

"""
CloudKeystoreOrderField defines the fields that can be used for ordering
"""
enum CloudProviderOrderField
@join__type(graph: CLOUD_PROVIDERS)
{
    """Order by ID"""
    ID @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Name"""
    NAME @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Cloud Provider Type"""
    TYPE @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Validation Status"""
    STATUS @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Owner Team ID"""
    TEAM_ID @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Authorized Team IDs"""
    AUTHORIZED_TEAMS @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Cloud Keystore Count"""
    CLOUD_KEYSTORE_COUNT @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Created On date"""
    CREATED_ON @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by CreatedBy User ID"""
    CREATED_BY @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Last Modified date"""
    LAST_MODIFIED_ON @join__enumValue(graph: CLOUD_PROVIDERS)

    """Order by Last Modified By User ID"""
    LAST_MODIFIED_BY @join__enumValue(graph: CLOUD_PROVIDERS)
}

"""
CloudProviderOrderInput contains the ordering information for a specific field
"""
input CloudProviderOrderInput
@join__type(graph: CLOUD_PROVIDERS)
{
    field: CloudProviderOrderField!
    direction: OrderDirection!
}

"""Indicates the status of a cloud provider"""
enum CloudProviderStatus
@join__type(graph: CLOUD_PROVIDERS)
{
    """The cloud provider is successfully validated"""
    VALIDATED @join__enumValue(graph: CLOUD_PROVIDERS)

    """
    The cloud provider is not validated or the validation fails for some reason
    """
    NOT_VALIDATED @join__enumValue(graph: CLOUD_PROVIDERS)
}

"""Indicates the type of a Cloud Provider"""
enum CloudProviderType
@join__type(graph: CLOUD_PROVIDERS)
{
    """AWS cloud provider type"""
    AWS @join__enumValue(graph: CLOUD_PROVIDERS)

    """Azure cloud provider type"""
    AZURE @join__enumValue(graph: CLOUD_PROVIDERS)

    """Google cloud provider type"""
    GCP @join__enumValue(graph: CLOUD_PROVIDERS)
}

input CloudProviderUpdateInput
@join__type(graph: CLOUD_PROVIDERS)
{
    type: CloudProviderType!
    id: UUID!

    """
    Cloud Provider name

    A string between 3 and 250 characters
    """
    name: String
    teamId: UUID
    authorizedTeams: [UUID!]
    awsConfiguration: CloudProviderAWSConfigurationUpdateInput
    azureConfiguration: CloudProviderAzureConfigurationUpdateInput
}

input CloudProviderValidateInput
@join__type(graph: CLOUD_PROVIDERS)
{
    type: CloudProviderType!
    awsConfiguration: CloudProviderAWSConfigurationInput
    azureConfiguration: CloudProviderAzureConfigurationInput
    gcpConfiguration: CloudProviderGCPConfigurationInput
}

type CloudProviderValidationResult
@join__type(graph: CLOUD_PROVIDERS)
{
    result: CloudProviderStatus!
    details: String
}

type Cluster
@join__type(graph: TLSPK)
{
    """ID is the identifier of the cluster in VaaS. It is immutable."""
    id: ID!

    """Name is the display name of the cluster."""
    name: String!

    """Description is the description text about the cluster."""
    description: String

    """
    UploaderID is the identifier used by the upload API to assign an upload to a cluster. It sent by agent in the payload.
    """
    uploaderID: ID!

    """LastCheckInTime is the last time the cluster connected with VaaS."""
    lastCheckInTime: String

    """RegisteredOnTime is when the cluster connected for the first time."""
    registeredOnTime: String

    """Status is the status of the cluster connection."""
    status: ClusterStatus!

    """AgentVersion is the version of the agent last time it contacted."""
    agentVersion: String!

    """
    ServiceAccountID is the client ID of the service account linked to the cluster
    """
    serviceAccountID: String

    """ServiceAccount is the service account linked to the cluster"""
    serviceAccount: ServiceAccount

    """
    Certificates is the connection to list of certificates per cluster that were sent to cert-inventory
    """
    certificates: CertificateConnection

    """
    UniqueCertificates is the total number of unique certificates currently in the cluster
    """
    uniqueCertificates: Int!
}

type ClusterCertificateBinding
@join__type(graph: TLSPK)
{
    id: ID!
    resourceName: String!
    resourceType: String!
    namespace: String!
    policyViolation: [PolicyViolation!]!
    certificate: Certificate
    clusterSecret: ClusterSecret!
    cluster: Cluster!
}

type ClusterCertificateBindingConnection
@join__type(graph: TLSPK)
{
    pageInfo: PageInfo!
    nodes: [ClusterCertificateBinding!]!
    edges: [ClusterCertificateBindingEdge!]!
    totalCount: Int!
}

type ClusterCertificateBindingEdge
@join__type(graph: TLSPK)
{
    node: ClusterCertificateBinding!
    cursor: String!
}

union ClusterCertificateInstallation
@join__type(graph: TLSPK)
@join__unionMember(graph: TLSPK, member: "ClusterSecret")
= ClusterSecret

type ClusterCertificateInstallationConnection
@join__type(graph: TLSPK)
{
    pageInfo: PageInfo!
    nodes: [ClusterCertificateInstallation!]!
    edges: [ClusterCertificateInstallationEdge!]!
    totalCount: Int!
}

type ClusterCertificateInstallationEdge
@join__type(graph: TLSPK)
{
    node: ClusterCertificateInstallation!
    cursor: String!
}

type ClusterConnection
@join__type(graph: TLSPK)
{
    edges: [ClusterEdge!]!
    nodes: [Cluster!]!
    pageInfo: PageInfo!
    totalCount: Int!
}

type ClusterEdge
@join__type(graph: TLSPK)
{
    node: Cluster
    cursor: String!
}

input ClusterFilterInput
@join__type(graph: TLSPK)
{
    filter: String
    filterOperator: LogicOperator
    id: ConditionInputForEnum
    name: ConditionInputForString
    status: ConditionInputForEnum
    attributesOperator: LogicOperator
}

input ClusterInput
@join__type(graph: TLSPK)
{
    """ID is the identifier of the cluster in VaaS. It is immutable."""
    id: ID

    """Name is the display name for the cluster."""
    name: String

    """Description is the description text about the cluster."""
    description: String

    """ServiceAccountID is the client ID of the service account to link"""
    serviceAccountID: String
}

enum ClusterOrderDirection
@join__type(graph: TLSPK)
{
    ASC @join__enumValue(graph: TLSPK)
    DESC @join__enumValue(graph: TLSPK)
}

enum ClusterOrderField
@join__type(graph: TLSPK)
{
    name @join__enumValue(graph: TLSPK)
    status @join__enumValue(graph: TLSPK)
    lastCheckInTime @join__enumValue(graph: TLSPK)
    registeredOnTime @join__enumValue(graph: TLSPK)
}

input ClusterOrderInput
@join__type(graph: TLSPK)
{
    field: ClusterOrderField
    direction: ClusterOrderDirection
}

type ClusterSecret
@join__type(graph: TLSPK)
{
    id: ID!
    name: String!
    namespace: String!
    policyViolation: [PolicyViolation!]!
    certificate: Certificate
    lifecycle: Lifecycle
    clusterCertificateBindings: [ClusterCertificateBinding!]!
    cluster: Cluster!
}

type ClusterSecretConnection
@join__type(graph: TLSPK)
{
    pageInfo: PageInfo!
    nodes: [ClusterSecret!]!
    edges: [ClusterSecretEdge!]!
    totalCount: Int!
}

type ClusterSecretEdge
@join__type(graph: TLSPK)
{
    node: ClusterSecret!
    cursor: String!
}

enum ClusterStatus
@join__type(graph: TLSPK)
{
    WAITING_FOR_FIRST_CONTACT @join__enumValue(graph: TLSPK)
    REGISTERED @join__enumValue(graph: TLSPK)
    ACTIVE @join__enumValue(graph: TLSPK)
    INACTIVE @join__enumValue(graph: TLSPK)
    DELETED @join__enumValue(graph: TLSPK)
}

"""
CompliancePoliciesSummary defines a summary view of widgets to provide more context for the collection of compliance policies
"""
type CompliancePoliciesSummary
@join__type(graph: COMPLIANCE_POLICY)
{
    """
    CertificatePolicyFindings is used to provide information on how many certs have issues
    """
    certificatePolicyFindings: CertificateCompliancePolicyFindingsOverviewWidget
}

"""
CompliancePolicy refers to a policy set on resources in VCP to check certain rules
These consist of matching rules (which assets should be checked)
and evaluation rules (what attributes should be checked)
Based on the configured matching and evaluation rules, a certain amount of
findings can be generated which show a status for each evaluation rule
"""
type CompliancePolicy
@join__type(graph: COMPLIANCE_POLICY)
{
    id: UUID!

    """Name for compliance policy"""
    name: String

    """Status of the compliance policy"""
    status: CompliancePolicyStatus

    """Description of the compliance policy"""
    description: String

    """
    Matching rules of the compliance policy, referring to Application and Tags
    """
    matchingRules: [CompliancePolicyMatchingRule!]

    """
    Evaluation rules of the compliance policy, attributes to check on certificates
    """
    evaluationRules: [CompliancePolicyEvaluationRule!]

    """Findings is a list of findings found per policy"""
    findings: CompliancePolicyFindingConnection

    """UpdatedOn shows the time the compliance policy was last updated"""
    updatedOn: String

    """Active states whether this policy is active for evaluation"""
    active: Boolean

    """
    RemediationText is text used to inform a user of what steps can be taken to fix issues
    """
    remediationText: String
}

"""
CompliancePolicyConnection is used to provide pagination to compliance policies
"""
type CompliancePolicyConnection
@join__type(graph: COMPLIANCE_POLICY)
{
    """Edges of the compliance policy connection for linking"""
    edges: [CompliancePolicyEdge!]!

    """Nodes of the compliance policy connection for paginated results"""
    nodes: [CompliancePolicy!]!

    """PageInfo is information for pagination"""
    pageInfo: PageInfo!

    """TotalCount of compliance policies that match pagination criteria"""
    totalCount: Int!
}

"""
CompliancePolicyInput provides information on a compliance policy insert.
"""
input CompliancePolicyCreateInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """Name is the name to create for the compliance policy"""
    name: String

    """Description is the description to create for the compliance policy"""
    description: String

    """
    RemediationText is the input to provide feedback on how to resolve policy issues
    """
    remediationText: String

    """
    MatchingRules is the configured matching rules to attach to the compliance policy
    """
    matchingRules: CompliancePolicyMatchingRuleInput

    """
    EvaluationRules is the configured evaluation rules to attach to the compliance policy
    """
    evaluationRules: CompliancePolicyEvaluationRuleInput
}

"""CompliancePolicyEdge is used for the CompliancePolicyConnection"""
type CompliancePolicyEdge
@join__type(graph: COMPLIANCE_POLICY)
{
    """Node of the compliance policy"""
    node: CompliancePolicy

    """Cursor is the link to the next edge"""
    cursor: String!
}

"""
CompliancePolicyEvaluationRule defines what is compared against in a resource to determine the evaluation status for a policy
"""
type CompliancePolicyEvaluationRule
@join__type(graph: COMPLIANCE_POLICY)
{
    """Type is used to determine which type the evaluation rule is configured"""
    type: CompliancePolicyEvaluationRuleType

    """Severity shows the level of importance for the policy in its findings"""
    severity: CompliancePolicySeverity

    """
    EvaluationValue is used to display information about the configuration of the evaluation rule
    """
    evaluationValue: EvaluationRuleValueType
}

"""
CompliancePolicyEvaluationRuleInput provides details about an evaluation rule to be processed
"""
input CompliancePolicyEvaluationRuleInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """
    CertificateEvaluationValues stores a list of values related to the configuration
    """
    certificateEvaluationValues: CompliancePolicyEvaluationRuleRootInput
}

"""
CompliancePolicyEvaluationRuleRootInput provides the root level matching operators for evaluation rules
"""
input CompliancePolicyEvaluationRuleRootInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """And allows for chaining AND logic at the root level"""
    and: [CertificateEvaluationRuleAttributesInput!]

    """Or allows for chaining OR logic at the root level"""
    or: [CertificateEvaluationRuleAttributesInput!]
}

"""
CompliancePolicyEvaluationRuleType denotes what group of rules an evaluation rule is evaluating for a policy
"""
enum CompliancePolicyEvaluationRuleType
@join__type(graph: COMPLIANCE_POLICY)
{
    """IssuingCA is for the group of rules related to issuing CAs"""
    ISSUING_CA @join__enumValue(graph: COMPLIANCE_POLICY)
}

"""
CompliancePolicyFieldStringFilter provides a list of options for fields in matching and evaluation rules
"""
input CompliancePolicyFieldStringFilter
@join__type(graph: COMPLIANCE_POLICY)
{
    """Includes is used for checking if elements are in list"""
    includes: [String!]

    """Excludes is used for checking if elements are not in list"""
    excludes: [String!]

    """
    HasValue is used to include/exclude all of a resource (all applications, etc.)
    """
    hasValue: Boolean
}

"""
CompliancePolicyFinding denotes the result of an evaluation rule on a particular resource
"""
type CompliancePolicyFinding
@join__type(graph: COMPLIANCE_POLICY)
{
    """
    Type is used to differentiate which type of finding resource is in the finding
    """
    type: CompliancePolicyResourceType

    """CompliancePolicy is the policy that evaluated and created this finding"""
    compliancePolicy: CompliancePolicy

    """Status is used to show the status of the finding"""
    status: CompliancePolicyFindingStatus

    """Severity shows the level of importance for the policy for this finding"""
    severity: CompliancePolicySeverity

    """FindingResource is the parent resource that this finding came from"""
    findingResource: FindingResource
}

"""
CompliancePolicyConnection is used to provide pagination to compliance policy findings
"""
type CompliancePolicyFindingConnection
@join__type(graph: COMPLIANCE_POLICY)
{
    """Edges of the compliance policy finding connection for linking"""
    edges: [CompliancePolicyFindingEdge!]!

    """
    Nodes of the compliance policy finding connection for paginated results
    """
    nodes: [CompliancePolicyFinding!]!

    """PageInfo is information for pagination"""
    pageInfo: PageInfo!

    """
    TotalCount of compliance policy findings that match pagination criteria
    """
    totalCount: Int!
}

"""
CompliancePolicyFindingEdge is used for CompliancePolicyFindingConnection
"""
type CompliancePolicyFindingEdge
@join__type(graph: COMPLIANCE_POLICY)
{
    """Node of the compliance policy finding"""
    node: CompliancePolicyFinding

    """Cursor is the link to the next edge"""
    cursor: String!
}

"""
CompliancePolicyFindingResource is the resource generated for a finding and is used to store the CompliancePolicyFinding
"""
type CompliancePolicyFindingResource
@join__type(graph: COMPLIANCE_POLICY)
{
    """ID is the ID of the compliance policy finding evaluation"""
    id: UUID!

    """
    EvaluationRuleID is the ID of the evaluation rule that the compliance policy finding evaluation is associated with
    """
    evaluationRuleId: UUID!

    """
    ResourceType is the type of resource that the compliance policy finding evaluation is associated with
    """
    resourceType: String!

    """
    ResourceId is the ID of the resource that the compliance policy finding evaluation is associated with
    """
    resourceId: String!

    """Status is the status of the compliance policy finding evaluation"""
    status: CompliancePolicyFindingStatus

    """
    CreatedAt is the time the compliance policy finding evaluation was created
    """
    createdAt: String
}

"""CompliancePolicyFindingStatus denotes the status of the policy finding"""
enum CompliancePolicyFindingStatus
@join__type(graph: COMPLIANCE_POLICY)
{
    """Passed states that the finding passed evaluation"""
    PASSED @join__enumValue(graph: COMPLIANCE_POLICY)

    """Failed states that the finding failed evaluation"""
    FAILED @join__enumValue(graph: COMPLIANCE_POLICY)
}

"""
CompliancePolicyMatchingRule defines a matching set of resources that should be used in evaluation for a particular policy
"""
type CompliancePolicyMatchingRule
@join__type(graph: COMPLIANCE_POLICY)
{
    """Type is used to differentiate which type of matching rule is stored"""
    type: CompliancePolicyResourceType

    """AllApplications is the flag to determine if all applications are set"""
    allApplications: Boolean

    """
    Applications is the list of all applications that have been set for this matching rule
    """
    applications: [ApplicationMatchingRule!]

    """AllTags is the flag to determine if all tags are set"""
    allTags: Boolean

    """Tags is the list of all tags that have been set for this matching rule"""
    tags: [TagMatchingRule!]
}

"""
CompliancePolicyMatchingRuleInput provides details about a matching rule to be processed
"""
input CompliancePolicyMatchingRuleInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """
    CertificateMatchingValues stores a list of values related to the configuration
    """
    certificateMatchingValues: CompliancePolicyMatchingRuleRootInput
}

"""
CompliancePolicyMatchingRuleRootInput provides the root level matching operators for matching rules
"""
input CompliancePolicyMatchingRuleRootInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """And allows for chaining AND logic at the root level"""
    and: [CertificateMatchingRuleAttributesInput!]

    """Or allows for chaining OR logic at the root level"""
    or: [CertificateMatchingRuleAttributesInput!]
}

"""CompliancePolicyOrderDirection denotes the different ordering types"""
enum CompliancePolicyOrderDirection
@join__type(graph: COMPLIANCE_POLICY)
{
    """Asc means ascending order"""
    ASC @join__enumValue(graph: COMPLIANCE_POLICY)

    """Desc means descending order"""
    DESC @join__enumValue(graph: COMPLIANCE_POLICY)
}

"""CompliancePolicyOrderField is the type of fields that can be ordered"""
enum CompliancePolicyOrderField
@join__type(graph: COMPLIANCE_POLICY)
{
    """Name refers to the policy name that can be sorted"""
    NAME @join__enumValue(graph: COMPLIANCE_POLICY)
}

"""CompliancePolicyOrderInput is used to set an order direction per field"""
input CompliancePolicyOrderInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """Field determines which field is sorted"""
    field: CompliancePolicyOrderField

    """Direction determines if ascending or descending direction"""
    direction: CompliancePolicyOrderDirection
}

"""
CompliancePolicyResourceType denotes which resource type the matching rule will target
"""
enum CompliancePolicyResourceType
@join__type(graph: COMPLIANCE_POLICY)
{
    """
    Certificate is used to show the matching is evaluating certificate resources
    """
    CERTIFICATE @join__enumValue(graph: COMPLIANCE_POLICY)

    """Ingress is used to show the matching is evaluating ingress resources"""
    INGRESS @join__enumValue(graph: COMPLIANCE_POLICY)
}

"""
CompliancePolicySearchAttributesInput provides information on which filter attributes are used for filtering
"""
input CompliancePolicySearchAttributesInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """Name allows to search by name"""
    name: CompliancePolicyStringFilter

    """And allows for chaining AND logic"""
    and: [CompliancePolicySearchAttributesInput!]

    """Or allows for chaining OR logic"""
    or: [CompliancePolicySearchAttributesInput!]
}

"""
CompliancePolicySearchFilterInput provides information on how filtering should be performed
"""
input CompliancePolicySearchFilterInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """QuickFilter is the string filter to be applied"""
    quickFilter: String

    """And allows for chaining AND logic"""
    and: [CompliancePolicySearchAttributesInput!]

    """Or allows for chaining OR logic"""
    or: [CompliancePolicySearchAttributesInput!]
}

"""
CompliancePolicySeverity denotes how severe the finding is in its evaluation result for a policy
"""
enum CompliancePolicySeverity
@join__type(graph: COMPLIANCE_POLICY)
{
    """Critical determines critical severity"""
    CRITICAL @join__enumValue(graph: COMPLIANCE_POLICY)

    """High determines high severity"""
    HIGH @join__enumValue(graph: COMPLIANCE_POLICY)

    """Medium determines medium severity"""
    MEDIUM @join__enumValue(graph: COMPLIANCE_POLICY)

    """Low determines low severity"""
    LOW @join__enumValue(graph: COMPLIANCE_POLICY)

    """Info determines info severity"""
    INFO @join__enumValue(graph: COMPLIANCE_POLICY)
}

"""
CompliancePolicyStatus denotes the status for a compliance policy in terms of activity
"""
enum CompliancePolicyStatus
@join__type(graph: COMPLIANCE_POLICY)
{
    """Created refers to a policy that has been created but not activated"""
    CREATED @join__enumValue(graph: COMPLIANCE_POLICY)

    """
    Running refers to a policy when it is currently evaluating (will switch to ACTIVE or INACTIVE)
    """
    RUNNING @join__enumValue(graph: COMPLIANCE_POLICY)

    """
    Active refers to a policy that has finished running and is actively listening to resources for evaluation
    """
    ACTIVE @join__enumValue(graph: COMPLIANCE_POLICY)

    """
    Inactive refers to a policy that has finished running and is set to an inactive status to not actively listen to resources for evaluation
    """
    INACTIVE @join__enumValue(graph: COMPLIANCE_POLICY)

    """Error refers to a policy that has run into an error during evaluation"""
    ERROR @join__enumValue(graph: COMPLIANCE_POLICY)
}

"""
CompliancePolicyStringFilter provides a list of options for string filters on how to compare against a field
"""
input CompliancePolicyStringFilter
@join__type(graph: COMPLIANCE_POLICY)
{
    """Eq is used for checking field equals this string"""
    eq: String

    """Neq is used for checking field not equals this string"""
    neq: String

    """Contains is used for checking field contains this string"""
    contains: String

    """In is used for checking if elements are in list"""
    in: [String!]

    """HasValue is used for checking if field has a value"""
    hasValue: Boolean
}

"""
CompliancePolicyInput provides information on a compliance policy update.
"""
input CompliancePolicyUpdateInput
@join__type(graph: COMPLIANCE_POLICY)
{
    """ID refers to the ID of a compliance policy for updates"""
    id: UUID

    """Name is the name to update for the compliance policy"""
    name: String

    """Description is the description to update for the compliance policy"""
    description: String

    """
    RemediationText is the input to provide feedback on how to resolve policy issues
    """
    remediationText: String

    """
    MatchingRules is the configured matching rules to attach to the compliance policy
    """
    matchingRules: CompliancePolicyMatchingRuleInput

    """
    EvaluationRules is the configured evaluation rules to attach to the compliance policy
    """
    evaluationRules: CompliancePolicyEvaluationRuleInput
}

input ConditionInputForEnum
@join__type(graph: TLSPK)
{
    operator: AttributeEnumOperator
    value: String
}

input ConditionInputForString
@join__type(graph: TLSPK)
{
    operator: AttributeStringOperator
    value: String
}

"""Represents the configuration details of a machine installation."""
type Configuration
@join__type(graph: PLUGIN_SERVICE)
{
    """Configuration details related to the keystore."""
    keystore: ConfigurationItem

    """Configuration details related to the binding."""
    binding: ConfigurationItem
}

"""Represents a field in the configuration details."""
type ConfigurationField
@join__type(graph: PLUGIN_SERVICE)
{
    """The name of the field."""
    field: String!

    """The translated description of the field extracted from the manifest."""
    description: String!

    """The value of the field."""
    value: String!

    """The rank value indicating order."""
    rank: Float
}

"""Represents an item in the configuration details."""
type ConfigurationItem
@join__type(graph: PLUGIN_SERVICE)
{
    """Description of the configuration details item."""
    description: String!

    """The data associated with the configuration details item."""
    data: [ConfigurationField]
}

"""Represents the input for creating a PagerDuty integration."""
input CreatePagerDutyIntegrationInput
@join__type(graph: MESSAGING)
{
    name: String!
    pagerDutyParams: PagerDutyIntegrationInputParams
}

"""
A date-time string at UTC, such as 2007-12-03T10:15:30Z, is compliant with the date-time format outlined in section 5.6
of the RFC 3339 profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar.
"""
scalar DateTime
@join__type(graph: CAOPERATIONS)
@join__type(graph: CERTIFICATE)
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: CLOUD_PROVIDERS)
@join__type(graph: ENTITLEMENTS)
@join__type(graph: LEGACY)
@join__type(graph: OUTAGEDETECTION)
@join__type(graph: SEARCH)

"""
DeleteCertificateInput defines the input required for deleting a retired certificates
"""
input DeleteCertificateInput
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """The fingerprint for the certificate to delete"""
    fingerprint: ID!
}

"""
DeleteCertificatePayload holds the result of deleting a retired certificate
"""
type DeleteCertificatePayload
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """The fingerprint for the certificate that was deleted"""
    fingerprint: ID!
}

"""
DeleteCertificatesInput defines the input required for deleting one or more retired certificates
"""
input DeleteCertificatesInput
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """List of certificates to delete"""
    certificates: [DeleteCertificateInput!]!
}

"""Represents the payload for deleting an integration."""
type DeleteIntegrationPayload
@join__type(graph: MESSAGING)
{
    ids: [ID!]
}

"""Identifies the deployment status of a tls server endpoint"""
enum DeploymentStatus
@join__type(graph: OUTAGEDETECTION)
@join__type(graph: SEARCH)
{
    IN_USE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    SUPERSEDED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    UNKNOWN @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
}

input DeploymentStatusFilter
@join__type(graph: SEARCH)
{
    """The deployment status value we want to match"""
    eq: DeploymentStatus

    """The deployment status value we don't want to match"""
    neq: DeploymentStatus

    """
    The list of deployment statuses that we want to assert whether the string value is included in the provided list
    """
    in: [DeploymentStatus!]

    """
    The boolean value that we want to assert whether the field is null or not
    """
    hasValue: Boolean
}

type DirectoryName
@join__type(graph: CERTIFICATE_INVENTORY)
{
    dn: String!
    cn: String
    c: [String!]
    dc: String
    o: [String!]
    l: [String!]
    ou: [String!]
    st: [String!]
    postalCode: [String!]
    streetAddress: [String!]
}

type DNSName
@join__type(graph: CERTIFICATE_INVENTORY)
{
    dnsName: String!
}

"""DSA public key information"""
type DSAKeyInfo
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """Bit length of parameter p"""
    l: Int!

    """Bit length of parameter q"""
    n: Int!
}

"""Elliptic curve public key information"""
type ECKeyInfo
@join__type(graph: CERTIFICATE_INVENTORY)
{
    curve: KeyCurve!
}

type EdiPartyName
@join__type(graph: CERTIFICATE_INVENTORY)
{
    nameAssigner: String
    partyName: String
}

"""Represents an entitlement including features and packages."""
type Entitlement
@join__type(graph: ENTITLEMENTS)
{
    features: [Feature!]!
    packages: [Package!]!
    allFeatures: [Feature!]!
    billingMetrics: [BillingMetric!]
}

type ErrorInformation
@join__type(graph: CAOPERATIONS)
{
    message: String!
    arguments: [String!]
    code: Int
}

"""
EvaluationIssuingCAs provides a configuration on which CAs of a certificate are evaluated against and how they should be treated
"""
type EvaluationIssuingCAs
@join__type(graph: COMPLIANCE_POLICY)
{
    """Approved stores a list of IDs approved for evaluation"""
    trustedCAs: [TrustedCAEvaluationRule!]
}

"""
EvaluationRuleValueType is a collection of types that will provide a structure for evaluation rule particulars
"""
union EvaluationRuleValueType
@join__type(graph: COMPLIANCE_POLICY)
@join__unionMember(graph: COMPLIANCE_POLICY, member: "EvaluationIssuingCAs")
= EvaluationIssuingCAs

"""Represents an individual feature."""
type Feature
@join__type(graph: ENTITLEMENTS)
{
    name: String!
    expiry: DateTime
}

"""
FindingResource refers to what resource was evaluated against to produce the finding
"""
union FindingResource
@join__type(graph: COMPLIANCE_POLICY)
@join__unionMember(graph: COMPLIANCE_POLICY, member: "Certificate")
= Certificate

"""
A fully qualified domain name as specified in section 2.3.1 of the RFC 1035
"""
scalar FQDN
@join__type(graph: OUTAGEDETECTION)

"""
Indicates the Scope for a certificate provisioned to GCP Certificate Manager
"""
enum GCMCertificateScope
@join__type(graph: CLOUD_PROVIDERS)
{
    """
    Certificates with default scope are served from core Google data centers. If unsure, choose this option.
    """
    DEFAULT @join__enumValue(graph: CLOUD_PROVIDERS)

    """
    Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence.
    See https://cloud.google.com/vpc/docs/edge-locations.
    """
    EDGE_CACHE @join__enumValue(graph: CLOUD_PROVIDERS)

    """
    Certificates with ALL_REGIONS scope are served from all Google Cloud
    regions. See https://cloud.google.com/compute/docs/regions-zones.
    """
    ALL_REGIONS @join__enumValue(graph: CLOUD_PROVIDERS)
}

type GCPCertificateMetadata
@join__type(graph: CLOUD_PROVIDERS)
{
    gcpId: String!
    name: String!
}

type GCPLocation
@join__type(graph: CLOUD_PROVIDERS)
{
    name: String!
}

type GCPProjectDetails
@join__type(graph: CLOUD_PROVIDERS)
{
    id: String!
    name: String!
}

type GCPProviderDetails
@join__type(graph: CLOUD_PROVIDERS)
{
    cloudProvider: CloudProvider!
    projects: [GCPProjectDetails]
}

union GeneralName
@join__type(graph: CERTIFICATE_INVENTORY)
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "RFC822Name")
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "DNSName")
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "DirectoryName")
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "EdiPartyName")
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "UniformResourceIdentifier")
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "IPAddress")
= RFC822Name | DNSName | DirectoryName | EdiPartyName | UniformResourceIdentifier | IPAddress

"""PublicKeyInformation when the public key is other than RSA, DSA, or EC"""
type GenericKeyInfo
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """ASN1 object identifier"""
    oid: String!
}

"""
Types that represent actors with distinct identities that can use the system, includes User and ServiceAccount types
"""
union Identity
@join__type(graph: LEGACY)
@join__type(graph: OUTAGEDETECTION)
@join__unionMember(graph: LEGACY, member: "User")
@join__unionMember(graph: OUTAGEDETECTION, member: "User")
@join__unionMember(graph: LEGACY, member: "ServiceAccount")
@join__unionMember(graph: OUTAGEDETECTION, member: "ServiceAccount")
@join__unionMember(graph: LEGACY, member: "Team")
@join__unionMember(graph: OUTAGEDETECTION, member: "Team")
= User | ServiceAccount | Team

"""The connection type for Identity"""
type IdentityConnection
@join__type(graph: LEGACY)
@join__type(graph: OUTAGEDETECTION)
{
    """A list of edges."""
    edges: [IdentityEdge!]

    """A list of nodes."""
    nodes: [Identity!]

    """Information to aid in pagination."""
    pageInfo: PageInfo!

    """Identifies the total count of items in the connection."""
    totalCount: Int!
}

"""An edge in a IdentityConnection."""
type IdentityEdge
@join__type(graph: LEGACY)
@join__type(graph: OUTAGEDETECTION)
{
    """A cursor for use in pagination"""
    cursor: ID!

    """The item at the end of the edge"""
    node: Identity!
}

"""A data type that represents a 64 bit signed integer"""
scalar Int64
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: SEARCH)

"""Represents a configured integration details."""
type Integration
@join__type(graph: MESSAGING)
{
    id: ID!
    integrationType: IntegrationType!
    name: String
    enabled: Boolean!
    createdAt: String
    createdBy: ID
    updatedAt: String
    updatedBy: ID
    usage: [IntegrationUsage!]
    default: Boolean!
}

"""
IntegrationConnection represents a connection of Integration nodes with pagination.
"""
type IntegrationConnection
@join__type(graph: MESSAGING)
{
    pageInfo: PageInfo!
    totalCount: Int!
    nodes: [Integration!]
    edges: [IntegrationEdge!]
}

"""IntegrationEdge represents an edge in the IntegrationConnection."""
type IntegrationEdge
@join__type(graph: MESSAGING)
{
    node: Integration!
    cursor: String!
}

"""Represents a integration order by to use"""
enum IntegrationOrderBy
@join__type(graph: MESSAGING)
{
    ID @join__enumValue(graph: MESSAGING)
}

"""Represents an integration type."""
type IntegrationType
@join__type(graph: MESSAGING)
{
    type: String!
    name: String!
    description: String!
}

"""
IntegrationTypeConnection represents a connection of IntegrationType nodes with pagination.
"""
type IntegrationTypeConnection
@join__type(graph: MESSAGING)
{
    pageInfo: PageInfo!
    totalCount: Int!
    nodes: [IntegrationType!]
    edges: [IntegrationTypeEdge!]
}

"""IntegrationEdge represents an edge in the IntegrationTypeConnection."""
type IntegrationTypeEdge
@join__type(graph: MESSAGING)
{
    node: IntegrationType!
    cursor: String!
}

type IntegrationUsage
@join__type(graph: MESSAGING)
{
    reference: String!
    callCount: Int!
}

"""
A field whose value is either an IPv4 address(opens in a new tab) or IPv6 address(opens in a new tab).
"""
scalar IP
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: OUTAGEDETECTION)

type IPAddress
@join__type(graph: CERTIFICATE_INVENTORY)
{
    ip: IP!
}

type IssuingTemplate
@join__type(graph: CAOPERATIONS, key: "id")
{
    id: ID!
    name: String!
    certificateAuthorityAccount: CertificateAuthorityAccount
}

scalar join__FieldSet

enum join__Graph {
    CAOPERATIONS @join__graph(name: "caoperations", url: "http://caoperations-service:2522/system/graphql")
    CERTIFICATE @join__graph(name: "certificate", url: "http://certificate-service:2322/system/graphql")
    CERTIFICATE_INVENTORY @join__graph(name: "certificate-inventory", url: "http://certificate-query-service:80/graphql")
    CLOUD_PROVIDERS @join__graph(name: "cloud-providers", url: "http://cloudproviders-service:4488/graphql")
    COMPLIANCE_POLICY @join__graph(name: "compliance-policy", url: "http://compliance-policy-service:8080/graphql")
    COMPUTED_FIELDS @join__graph(name: "computed-fields", url: "http://graphql-computed-fields:8080/graphql")
    ENTITLEMENTS @join__graph(name: "entitlements", url: "http://iam-entitlement-service:80/graphql")
    LEGACY @join__graph(name: "legacy", url: "http://graphql-legacy-api-adapter:8080/graphql")
    MESSAGING @join__graph(name: "messaging", url: "http://ext-integration-msg-service:80/graphql")
    OUTAGEDETECTION @join__graph(name: "outagedetection", url: "http://outagedetection-service:7777/system/graphql")
    PLUGIN_SERVICE @join__graph(name: "plugin-service", url: "http://platform-plugin-service:80/graphql")
    PROVISIONING @join__graph(name: "provisioning", url: "http://provisioning-service:3022/system/graphql")
    SEARCH @join__graph(name: "search", url: "http://search-query-service:80/graphql")
    TAGGING @join__graph(name: "tagging", url: "http://tagging-service:3122/system/graphql")
    TLSPK @join__graph(name: "tlspk", url: "http://tlspk-backend-service:443/graphql")
}

scalar JSON
@join__type(graph: PLUGIN_SERVICE)
@join__type(graph: PROVISIONING)

"""Elliptic curves"""
enum KeyCurve
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """
    NIST P-224 (FIPS 186-4, section D.2.2), also known as secp224r1, wap-wsg-idm-ecid-wtls12, and ansip224r1
    """
    P224 @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """
    NIST P-256 (FIPS 186-4, section D.2.3), also known as secp256r1 or prime256v1
    """
    P256 @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """NIST P-384 (FIPS 186-4, section D.2.4), also known as secp384r1"""
    P384 @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """NIST P-521 (FIPS 186-4, section D.2.5), also known as secp521r1"""
    P521 @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """Ed25519 signature algorithm"""
    ED25519 @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """Unknown (or unsupported) key curve"""
    UNSUPPORTED @join__enumValue(graph: CERTIFICATE_INVENTORY)
}

"""Certificate Lifecycle enum"""
enum Lifecycle
@join__type(graph: TLSPK)
{
    NOT_MANAGED @join__enumValue(graph: TLSPK)
    CERT_MANAGER @join__enumValue(graph: TLSPK)
    SYSTEM_MANAGED @join__enumValue(graph: TLSPK)
}

scalar link__Import

enum link__Purpose {
    """
    `SECURITY` features provide metadata necessary to securely resolve fields.
    """
    SECURITY

    """
    `EXECUTION` features provide metadata necessary for operation execution.
    """
    EXECUTION
}

enum LogicOperator
@join__type(graph: TLSPK)
{
    AND @join__enumValue(graph: TLSPK)
    OR @join__enumValue(graph: TLSPK)
}

"""Represents information about a machine."""
type Machine
@join__type(graph: PLUGIN_SERVICE, key: "id", resolvable: false)
@join__type(graph: PROVISIONING, key: "id")
{
    """The unique identifier of the machine."""
    id: ID!

    """The plugin associated with the machine."""
    plugin: Plugin!

    """The name of the machine."""
    name: String! @join__field(graph: PROVISIONING)
}

type MachineIdentity
@join__type(graph: CLOUD_PROVIDERS)
{
    id: UUID!
    cloudKeystoreId: UUID!
    cloudKeystoreName: String
    cloudProviderId: UUID
    cloudProviderName: String
    metadata: CertificateCloudMetadata
    status: MachineIdentityStatus!
    statusDetails: String
    addedOn: DateTime!
    addedBy: User
    certificate: Certificate!
    certificateId: UUID!
}

"""A page of MachineIdentity results"""
type MachineIdentityConnection
@join__type(graph: CLOUD_PROVIDERS)
{
    """Current page information"""
    pageInfo: PageInfo!

    """Total number of certificates (in all pages)"""
    totalCount: Int!

    """MachineIdentity in the current page, without cursor"""
    nodes: [MachineIdentity!]

    """
    MachineIdentities in the current page, together with their associated cursor
    """
    edges: [MachineIdentityEdge!]
}

"""MachineIdentity together with its associated cursor"""
type MachineIdentityEdge
@join__type(graph: CLOUD_PROVIDERS)
{
    """The machine identity"""
    node: MachineIdentity!

    """The cursor for the machine identity"""
    cursor: String!
}

enum MachineIdentityStatus
@join__type(graph: CLOUD_PROVIDERS)
{
    NEW @join__enumValue(graph: CLOUD_PROVIDERS)
    PENDING @join__enumValue(graph: CLOUD_PROVIDERS)
    INSTALLED @join__enumValue(graph: CLOUD_PROVIDERS)
    DISCOVERED @join__enumValue(graph: CLOUD_PROVIDERS)
    VALIDATED @join__enumValue(graph: CLOUD_PROVIDERS)
    MISSING @join__enumValue(graph: CLOUD_PROVIDERS)
    FAILED @join__enumValue(graph: CLOUD_PROVIDERS)
}

"""
Represents an instance of machine installation identified by a certificate.
"""
type MachineInstallation
@join__type(graph: PLUGIN_SERVICE, key: "id")
@join__type(graph: PROVISIONING, key: "id")
{
    """The unique identifier of the machine installation."""
    id: ID!

    """JSON data representing keystore specifics."""
    keystoreJson: JSON @join__field(graph: PLUGIN_SERVICE, external: true) @join__field(graph: PROVISIONING)

    """JSON data representing binding specifics."""
    bindingJson: JSON @join__field(graph: PLUGIN_SERVICE, external: true) @join__field(graph: PROVISIONING)

    """Details of the associated machine."""
    machine: Machine! @join__field(graph: PLUGIN_SERVICE, external: true) @join__field(graph: PROVISIONING)

    """Details about the configurations of the machine installation."""
    configurationDetails: Configuration @join__field(graph: PLUGIN_SERVICE, requires: "machine { plugin { manifest } } keystoreJson bindingJson")

    """The status of the machine installation."""
    status: MachineInstallationStatus! @join__field(graph: PROVISIONING)
}

"""A connection to a list of MachineInstallation objects."""
type MachineInstallationConnection
@join__type(graph: PROVISIONING)
{
    """Information to aid in pagination."""
    pageInfo: PageInfo!

    """The total count of machine installations in the connection."""
    totalCount: Int!

    """A list of nodes representing machine installations."""
    nodes: [MachineInstallation!]

    """A list of edges representing connections to machine installations."""
    edges: [MachineInstallationEdge!]
}

"""An edge in a MachineInstallationConnection."""
type MachineInstallationEdge
@join__type(graph: PROVISIONING)
{
    """A cursor for use in pagination."""
    cursor: ID!

    """The item at the end of the edge."""
    node: MachineInstallation!
}

"""Represents the possible statuses for a machine installation."""
enum MachineInstallationStatus
@join__type(graph: PROVISIONING)
{
    NEW @join__enumValue(graph: PROVISIONING)
    PENDING @join__enumValue(graph: PROVISIONING)
    INSTALLED @join__enumValue(graph: PROVISIONING)
    DISCOVERED @join__enumValue(graph: PROVISIONING)
    VALIDATED @join__enumValue(graph: PROVISIONING)
    MISSING @join__enumValue(graph: PROVISIONING)
    FAILED @join__enumValue(graph: PROVISIONING)
}

type Mutation
@join__type(graph: CAOPERATIONS)
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: CLOUD_PROVIDERS)
@join__type(graph: COMPLIANCE_POLICY)
@join__type(graph: MESSAGING)
@join__type(graph: TLSPK)
{
    """Revoke a certificate by SHA1 fingerprint"""
    revokeCertificate(fingerprint: ID!, certificateAuthorityAccountId: UUID, revocationReason: RevocationReason!, revocationComment: String): Certificate @join__field(graph: CAOPERATIONS)

    """
    Retire one or more certificates. If a current certificate (i.e. latest version of a certificate) is retired, all
    previous versions of the certificate will be retired as well.
    """
    retireCertificates(input: RetireCertificatesInput!): [RetireCertificatePayload]! @join__field(graph: CERTIFICATE_INVENTORY)

    """Recover one or more retired certificates."""
    recoverCertificates(input: RecoverCertificatesInput!): [RecoverCertificatePayload]! @join__field(graph: CERTIFICATE_INVENTORY)

    """Delete one or more retired certificates."""
    deleteCertificates(input: DeleteCertificatesInput!): [DeleteCertificatePayload]! @join__field(graph: CERTIFICATE_INVENTORY)

    """Creates a Cloud Provider"""
    createCloudProvider(input: CloudProviderInput!): CloudProvider @join__field(graph: CLOUD_PROVIDERS)

    """Validates a Cloud Provider configuration by ID"""
    validateCloudProvider(cloudProviderId: UUID!): CloudProviderValidationResult! @join__field(graph: CLOUD_PROVIDERS)

    """Updates a cloud provider"""
    updateCloudProvider(input: CloudProviderUpdateInput!): CloudProvider @join__field(graph: CLOUD_PROVIDERS)

    """Deletes a list of Cloud Providers by ID"""
    deleteCloudProvider(cloudProviderId: [UUID!]!): Boolean! @join__field(graph: CLOUD_PROVIDERS)

    """Creates a Cloud Keystore"""
    createCloudKeystore(input: CloudKeystoreInput!): CloudKeystore @join__field(graph: CLOUD_PROVIDERS)

    """Updates a Cloud Keystore"""
    updateCloudKeystore(input: CloudKeystoreUpdateInput!): CloudKeystore @join__field(graph: CLOUD_PROVIDERS)

    """Deletes a list of Cloud Keystores by ID"""
    deleteCloudKeystore(cloudKeystoreIds: [UUID!]!): Boolean! @join__field(graph: CLOUD_PROVIDERS)

    """Provision a certificate to a Cloud Keystore"""
    provisionToCloudKeystore(certificateId: UUID!, cloudKeystoreId: UUID!, wsClientId: UUID!, options: CertificateProvisioningOptionsInput): WorkflowResult @join__field(graph: CLOUD_PROVIDERS)

    """
    Provision to existing Cloud Machine Identity. If `certificateId` is not provided a re-provisioning of the existing certificate would be triggered
    """
    provisionToCloudMachineIdentity(machineIdentityId: UUID!, wsClientId: UUID!, certificateId: UUID): WorkflowResult @join__field(graph: CLOUD_PROVIDERS)

    """Deletes a list of Cloud machine identities"""
    deleteCloudMachineIdentities(machineIdentityIds: [UUID!]!): Boolean! @join__field(graph: CLOUD_PROVIDERS)

    """Start cloud discovery"""
    startCloudDiscovery(cloudKeystoreId: UUID!, wsClientId: UUID!): WorkflowResult @join__field(graph: CLOUD_PROVIDERS)

    """Abort cloud discovery"""
    abortCloudDiscovery(cloudKeystoreId: UUID!): Boolean! @join__field(graph: CLOUD_PROVIDERS)

    """
    CreateCompliancePolicy is the mutation to create one or many compliance policies
    """
    createCompliancePolicy(input: [CompliancePolicyCreateInput!]!): [CompliancePolicy]! @join__field(graph: COMPLIANCE_POLICY)

    """
    UpdateCompliancePolicy is the mutation to update one or many compliance policies
    """
    updateCompliancePolicy(input: [CompliancePolicyUpdateInput!]!): [CompliancePolicy]! @join__field(graph: COMPLIANCE_POLICY)

    """
    DeleteCompliancePolicy is the mutation to delete one or many compliance policies
    """
    deleteCompliancePolicy(id: [UUID!]!): [CompliancePolicy]! @join__field(graph: COMPLIANCE_POLICY)

    """
    EvaluateCompliancePolicy runs an evaluation of the provided compliance policy IDs
    """
    evaluateCompliancePolicy(id: UUID!): CompliancePolicy @join__field(graph: COMPLIANCE_POLICY)
    createPagerDutyIntegration(input: CreatePagerDutyIntegrationInput!): Integration @join__field(graph: MESSAGING)
    updatePagerDutyIntegration(input: UpdatePagerDutyIntegrationInput!): Integration @join__field(graph: MESSAGING)
    deleteIntegrations(ids: [ID!]): DeleteIntegrationPayload @join__field(graph: MESSAGING)

    """CreateCluster creates a new cluster."""
    createCluster(input: [ClusterInput!]!): [Cluster!]! @join__field(graph: TLSPK)

    """UpdateCluster updates the properties of a cluster."""
    updateCluster(input: [ClusterInput!]!): [Cluster!]! @join__field(graph: TLSPK)

    """DeleteCluster deletes a cluster."""
    deleteCluster(id: [ID!]!): [Cluster!]! @join__field(graph: TLSPK)
}

"""OrderDirection represents the ordering direction"""
enum OrderDirection
@join__type(graph: CLOUD_PROVIDERS)
@join__type(graph: SEARCH)
{
    """ASC is the ascending order"""
    ASC @join__enumValue(graph: CLOUD_PROVIDERS) @join__enumValue(graph: SEARCH)

    """DESC is the descending order"""
    DESC @join__enumValue(graph: CLOUD_PROVIDERS) @join__enumValue(graph: SEARCH)
}

"""Represents a package containing a list of features."""
type Package
@join__type(graph: ENTITLEMENTS)
{
    name: String!
    expiry: DateTime!
    tier: String!
    billingMetrics: [BillingMetric!]
}

"""
PageInfo provides pagination information as defined by [https://relay.dev/graphql/connections.htm](GraphQL Cursor Connections Specification)
"""
type PageInfo
@join__type(graph: CAOPERATIONS)
@join__type(graph: CERTIFICATE)
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: CLOUD_PROVIDERS)
@join__type(graph: COMPLIANCE_POLICY)
@join__type(graph: LEGACY)
@join__type(graph: MESSAGING)
@join__type(graph: OUTAGEDETECTION)
@join__type(graph: PROVISIONING)
@join__type(graph: SEARCH)
@join__type(graph: TAGGING)
@join__type(graph: TLSPK)
{
    """
    Indicates whether more edges exist following the set defined by the clients arguments.
    """
    hasNextPage: Boolean!

    """
    Indicates whether more edges exist prior to the set defined by the clients arguments.
    """
    hasPreviousPage: Boolean!

    """Cursor corresponding to the last node in edges."""
    endCursor: String

    """Cursor corresponding to the first node in edges."""
    startCursor: String
}

"""Represents the input parameters for a PagerDuty integration."""
input PagerDutyIntegrationInputParams
@join__type(graph: MESSAGING)
{
    IntegrationKey: String!
}

"""Represents information about a plugin."""
type Plugin
@join__type(graph: PLUGIN_SERVICE, key: "id")
@join__type(graph: PROVISIONING, key: "id", resolvable: false)
{
    """The plugin unique identifier."""
    id: ID!

    """The definition of the plugin's manifest."""
    manifest: JSON @join__field(graph: PLUGIN_SERVICE)

    """The name of the plugin."""
    name: String @join__field(graph: PLUGIN_SERVICE)
}

type PolicyViolation
@join__type(graph: TLSPK)
{
    id: ID!
    message: String!
    description: String
    remidiation: String
    code: String!
}

"""Product Roles"""
enum ProductRole
@join__type(graph: LEGACY)
{
    """Guest"""
    GUEST @join__enumValue(graph: LEGACY)

    """PKI Administrator"""
    PKI_ADMIN @join__enumValue(graph: LEGACY)

    """Resource Owner"""
    RESOURCE_OWNER @join__enumValue(graph: LEGACY)
}

"""Certificate public key information"""
union PublicKeyInformation
@join__type(graph: CERTIFICATE_INVENTORY)
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "RSAKeyInfo")
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "ECKeyInfo")
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "DSAKeyInfo")
@join__unionMember(graph: CERTIFICATE_INVENTORY, member: "GenericKeyInfo")
= RSAKeyInfo | ECKeyInfo | DSAKeyInfo | GenericKeyInfo

"""Identifies a certificate's public key information type"""
enum PublicKeyInformationType
@join__type(graph: SEARCH)
{
    RSAKeyInfo @join__enumValue(graph: SEARCH)
    ECKeyInfo @join__enumValue(graph: SEARCH)
    DSAKeyInfo @join__enumValue(graph: SEARCH)
    GenericKeyInfo @join__enumValue(graph: SEARCH)
}

input PublicKeyInformationTypeFilter
@join__type(graph: SEARCH)
{
    """The string value we want to match"""
    eq: PublicKeyInformationType

    """The string value we don't want to match"""
    neq: PublicKeyInformationType

    """
    The list of strings that we want to assert whether the string value is included in the provided list
    """
    in: [PublicKeyInformationType!]

    """
    The boolean value that we want to assert whether the field is null or not
    """
    hasValue: Boolean
}

"""The query root of Venafi Control Plane GraphQL interface."""
type Query
@join__type(graph: CAOPERATIONS)
@join__type(graph: CERTIFICATE)
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: CLOUD_PROVIDERS)
@join__type(graph: COMPLIANCE_POLICY)
@join__type(graph: COMPUTED_FIELDS)
@join__type(graph: ENTITLEMENTS)
@join__type(graph: LEGACY)
@join__type(graph: MESSAGING)
@join__type(graph: OUTAGEDETECTION)
@join__type(graph: PLUGIN_SERVICE)
@join__type(graph: PROVISIONING)
@join__type(graph: SEARCH)
@join__type(graph: TAGGING)
@join__type(graph: TLSPK)
{
    """Returns the certificate request with the given id"""
    certificateRequest(id: ID!): CertificateRequest @join__field(graph: CAOPERATIONS)

    """
    Returns a list of certificate authority accounts.
    - after: returns the certificate authority accounts in the list that come after the specified cursor
    - before: returns the certificate authority accounts in the list that come before the specified cursor
    - first: returns the first _n_ certificate authority accounts from the list
    - last: returns the last _n_ certificate authority accounts from the list
    """
    certificateAuthorityAccounts(after: String, before: String, first: Int, last: Int): CertificateAuthorityAccountConnection @join__field(graph: CAOPERATIONS)

    """
    Returns a list of trusted CA certificates.
    - after: returns the trusted CA certificates in the list that come after the specified cursor
    - before: returns the trusted CA certificates in the list that come before the specified cursor
    - first: returns the first _n_ trusted CA certificates from the list
    - last: returns the last _n_ trusted CA certificates from the list
    """
    trustedCaCertificates(after: String, before: String, first: Int, last: Int): TrustedCaCertificatesConnection @join__field(graph: CERTIFICATE)

    """Deprecated, use `certificate` instead"""
    getCertificate(fingerprint: ID!): Certificate @join__field(graph: CERTIFICATE_INVENTORY) @deprecated(reason: "Deprecated, use `certificate` instead")

    """
    Deprecated, use `certificates` instead. Get all certificates (no pagination)
    """
    getAllCertificates: [Certificate!] @join__field(graph: CERTIFICATE_INVENTORY) @deprecated(reason: "Deprecated, use `certificates` instead")

    """Returns the certificate with the given fingerprint"""
    certificate(fingerprint: ID!): Certificate @join__field(graph: CERTIFICATE_INVENTORY)

    """
    Get all certificates. The pagination can be either forward or backward. To enable forward pagination, two arguments
    are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`.
    If arguments for both forward and backward pagination are supplied, forward pagination will be used. If no arguments
    are supplied, it returns the first page of 10 certificates (i.e. defaults `first` to 10). The result is sorted by
    fingerprints in ascending order.
    - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning
    that we return the first page of certificates, if `first` value is supplied
    - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value.
    Max value is 100
    - before: returns the elements in the list that come before the specified cursor. By default is the empty string,
    meaning that the results will be the last page, if `last` value is supplied
    - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value.
    Max value is 100
    """
    certificates(after: String, before: String, first: Int, last: Int): CertificateConnection @join__field(graph: CERTIFICATE_INVENTORY)

    """
    Retrieves Cloud Providers.
    The pagination can be either forward or backward. To enable forward pagination, two arguments
    are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`.
    If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments
    are supplied, it returns the first page of 10 cloud providers (i.e. defaults `first` to 10). The result is sorted by
    the added on date in ascending order.
    - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning
    that we return the first page of cloud providers, if `first` value is supplied
    - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value.
    Max value is 100
    - before: returns the elements in the list that come before the specified cursor. By default is the empty string,
    meaning that the results will be the last page, if `last` value is supplied
    - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value.
    Max value is 100
    """
    cloudProviders(after: String, before: String, first: Int, last: Int, filter: CloudProviderFilterInput, orderBy: CloudProviderOrderInput): CloudProviderConnection @join__field(graph: CLOUD_PROVIDERS)

    """
    Retrieves Cloud Keystores.
    The pagination can be either forward or backward. To enable forward pagination, two arguments
    are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`.
    If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments
    are supplied, it returns the first page of 10 cloud keystores (i.e. defaults `first` to 10). The result is sorted by
    the added on date in ascending order.
    - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning
    that we return the first page of cloud providers, if `first` value is supplied
    - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value.
    Max value is 100
    - before: returns the elements in the list that come before the specified cursor. By default is the empty string,
    meaning that the results will be the last page, if `last` value is supplied
    - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value.
    Max value is 100
    """
    cloudKeystores(after: String, before: String, first: Int, last: Int, filter: CloudKeystoreFilterInput, orderBy: CloudKeystoreOrderInput): CloudKeystoreConnection @join__field(graph: CLOUD_PROVIDERS)

    """
    Retrieves details for a Cloud Provider (like the available AWS regions)
    """
    cloudProviderDetails(cloudProviderId: UUID!): CloudProviderDetails @join__field(graph: CLOUD_PROVIDERS)

    """
    Retrieves details for all KeyVaults assigned to the Azure subscriptionId provided
    """
    azureKeyVaultDetails(cloudProviderId: UUID!, subscriptionId: String): [AzureKeyVault] @join__field(graph: CLOUD_PROVIDERS)

    """Retrieves available locations for the project name provided"""
    gcpProjectLocations(cloudProviderId: UUID!, projectId: String): [GCPLocation] @join__field(graph: CLOUD_PROVIDERS)

    """Retrieves machine identities for a Cloud Keystore"""
    cloudKeystoreMachineIdentities(cloudKeystoreId: UUID!): [MachineIdentity]! @join__field(graph: CLOUD_PROVIDERS) @deprecated(reason: "Deprecated, use `cloudMachineIdentities` instead")

    """
    Retrieves machine identities for a Cloud Keystore.
    The pagination can be either forward or backward. To enable forward pagination, two arguments
    are used: `after` and `first`. To enable backward pagination, two arguments are used: `before` and `last`.
    If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments
    are supplied, it returns the first page of 10 machine identities (i.e. defaults `first` to 10). The result is sorted by
    the added on date in descending order.
    - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning
    that we return the first page of certificates, if `first` value is supplied
    - first: non-negative integer, denoting the first `n` number of records to return after the `after` cursor value.
    Max value is 1000
    - before: returns the elements in the list that come before the specified cursor. By default is the empty string,
    meaning that the results will be the last page, if `last` value is supplied
    - last: non-negative integer, denoting the last `n` number of records to return before the `before` cursor value.
    Max value is 1000
    """
    cloudMachineIdentities(after: String, before: String, first: Int, last: Int, filter: CloudMachineIdentitiesFilterInput): MachineIdentityConnection @join__field(graph: CLOUD_PROVIDERS)

    """
    SearchCompliancePolicies retrieves a list of compliance policies applying the filters.
    """
    searchCompliancePolicies(
        """After is used for pagination after a cursor"""
        after: String

        """Before is used for pagination before a cursor"""
        before: String

        """First is used for pagination of what the first element should be"""
        first: Int

        """Last is used for pagination of what the last element should be"""
        last: Int

        """Filter is used for search to return a specific set of data"""
        filter: CompliancePolicySearchFilterInput

        """OrderBy is used for sorting by fields and direction"""
        orderBy: [CompliancePolicyOrderInput!]
    ): CompliancePolicyConnection! @join__field(graph: COMPLIANCE_POLICY)

    """
    CompliancePolicy retrieves a compliance policy associated with the ID provided
    """
    compliancePolicy(id: UUID!): CompliancePolicy @join__field(graph: COMPLIANCE_POLICY)

    """
    CompliancePoliciesSummary retrieves a summary of all the clusters, detailing their respective counts and current statuses.
    """
    compliancePoliciesSummary: CompliancePoliciesSummary @join__field(graph: COMPLIANCE_POLICY)
    entitlement: Entitlement @join__field(graph: ENTITLEMENTS)

    """Retrieve a list of all users, service accounts and teams."""
    identities(
        """Returns the elements in the list that come after the specified cursor."""
        after: String

        """
        Returns the elements in the list that come before the specified cursor.
        """
        before: String

        """Returns the first _n_ elements from the list."""
        first: Int

        """Returns the last _n_ elements from the list."""
        last: Int
    ): IdentityConnection @join__field(graph: LEGACY)

    """Retrieve a list of all users."""
    users(
        """Returns the elements in the list that come after the specified cursor."""
        after: String

        """
        Returns the elements in the list that come before the specified cursor.
        """
        before: String

        """Returns the first _n_ elements from the list."""
        first: Int

        """Returns the last _n_ elements from the list."""
        last: Int
    ): UserConnection @join__field(graph: LEGACY)

    """Retrieve a list of all teams."""
    teams(
        """Returns the elements in the list that come after the specified cursor."""
        after: String

        """
        Returns the elements in the list that come before the specified cursor.
        """
        before: String

        """Returns the first _n_ elements from the list."""
        first: Int

        """Returns the last _n_ elements from the list."""
        last: Int

        """Returns the teams that match the team filter input"""
        filter: TeamFilterInput
    ): TeamConnection @join__field(graph: LEGACY)
    serviceAccounts(
        """Returns the elements in the list that come after the specified cursor."""
        after: String

        """
        Returns the elements in the list that come before the specified cursor.
        """
        before: String

        """Returns the first _n_ elements from the list."""
        first: Int

        """Returns the last _n_ elements from the list."""
        last: Int
    ): ServiceAccountConnection @join__field(graph: LEGACY)
    userActiveApiKey: String @join__field(graph: LEGACY)
    integrationTypes(after: ID, before: ID, first: Int, last: Int, orderBy: IntegrationOrderBy! = ID): IntegrationTypeConnection! @join__field(graph: MESSAGING)
    integrations(after: ID, before: ID, first: Int, last: Int, orderBy: IntegrationOrderBy! = ID): IntegrationConnection! @join__field(graph: MESSAGING)
    integration(id: ID!): Integration @join__field(graph: MESSAGING)

    """
    Retrieve a list of applications.
    - after: returns the applications in the list that come after the specified cursor
    - before: returns the applications in the list that come before the specified cursor
    - first: returns the first _n_ applications from the list
    - last: returns the last _n_ applications from the list
    """
    applications(after: String, before: String, first: Int, last: Int): ApplicationConnection @join__field(graph: OUTAGEDETECTION)

    """
    Search certificates repository. The pagination can be either forward or backward. To enable forward pagination, two
    arguments are used: 'after' and 'first'. To enable backward pagination, two arguments are used: 'before' and 'last'.
    If arguments for both forward and backward pagination are supplied, forward pagination wil be used. If no arguments
    are supplied, it returns the first page of 10 certificates (i.e. defaults 'first' to 10). The result is sorted by
    fingerprints in ascending order.
    - after: returns the elements in the list that come after the specified cursor. Defaults to empty string, meaning
    that we return the first page of certificates, if 'first' value is supplied
    - first: non-negative integer, denoting the first 'n' number of records to return after the 'after' cursor value.
    Max value is 100
    - before: returns the elements in the list that come before the specified cursor. By default is the empty string,
    meaning that the results will be the last page, if 'last' value is supplied
    - last: non-negative integer, denoting the last 'n' number of records to return before the 'before' cursor value.
    Max value is 100
    """
    searchCertificates(after: String, before: String, first: Int, last: Int, filter: SearchCertificateFilterInput, filterOn: CertificateSearchFilterInput, orderBy: [CertificateOrderInput!]): CertificateConnection! @join__field(graph: SEARCH)

    """
    Retrieve a list of tags.
    - after: returns the tags in the list that come after the specified cursor
    - before: returns the tags in the list that come before the specified cursor
    - first: returns the first _n_ tags from the list
    - last: returns the last _n_ tags from the list
    """
    tags(after: String, before: String, first: Int, last: Int): TagConnection @join__field(graph: TAGGING)

    """SearchClusters retrieves a list of clusters applying the filters."""
    searchClusters(after: String, before: String, first: Int, last: Int, filter: ClusterFilterInput, orderBy: [ClusterOrderInput!]): ClusterConnection! @join__field(graph: TLSPK)

    """Cluster retrieves one cluster by ID."""
    cluster(id: ID!): Cluster @join__field(graph: TLSPK)

    """Retrieves the list of ClusterCertificateInstallations by cluster ID"""
    clusterCertificateInstallations(clusterID: ID!, after: String, before: String, first: Int, last: Int): ClusterCertificateInstallationConnection @join__field(graph: TLSPK)

    """
    Retrieves a summary of all the clusters, detailing their respective counts and current statuses.
    """
    clustersSummary: TlspkClustersSummary @join__field(graph: TLSPK)
}

"""
RecoverCertificateInput defines the input required for recovering a retired certificate
"""
input RecoverCertificateInput
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """The fingerprint for the certificate to recover"""
    fingerprint: ID!
}

"""
RecoverCertificatePayload holds the result of recovering a retired certificate
"""
type RecoverCertificatePayload
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """The fingerprint for the certificate that was recovered"""
    fingerprint: ID!
}

"""
RecoverCertificateInput defines the input required for recovering one or more retired certificates
"""
input RecoverCertificatesInput
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """List of certificates to recover"""
    certificates: [RecoverCertificateInput!]!

    """
    An optional list of application IDs to associate with the recovered certificates
    """
    applicationIds: [ID!]
}

"""
RelatedCertificateOrderDirection represents the ordering direction for related certificates.
"""
enum RelatedCertificateOrderDirection
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """ASC is the ascending order"""
    ASC @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """DESC is the descending order"""
    DESC @join__enumValue(graph: CERTIFICATE_INVENTORY)
}

"""
RelatedCertificateOrderField defines the fields that can be used for ordering the related certificates.
"""
enum RelatedCertificateOrderField
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """Order by field 'fingerprint'"""
    FINGERPRINT @join__enumValue(graph: CERTIFICATE_INVENTORY)

    """Order by field 'archivedTime'"""
    ARCHIVED_TIME @join__enumValue(graph: CERTIFICATE_INVENTORY)
}

"""
RelatedCertificateOrderInput contains the ordering information for the related certificates.
"""
input RelatedCertificateOrderInput
@join__type(graph: CERTIFICATE_INVENTORY)
{
    field: RelatedCertificateOrderField!
    direction: RelatedCertificateOrderDirection!
}

"""
RetireCertificateInput defines the input required for retiring a certificate
"""
input RetireCertificateInput
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """The fingerprint for the certificate to retire"""
    fingerprint: ID!
}

"""RetireCertificatePayload holds the result of retiring a certificate"""
type RetireCertificatePayload
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """The fingerprint for the certificate that was retired"""
    fingerprint: ID!
}

"""
RetireCertificatesInput defines the input required for retiring one or more certificates
"""
input RetireCertificatesInput
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """List of certificates to retire"""
    certificates: [RetireCertificateInput!]!

    """
    Indicate whether to add the certificates to the blocklist as well. If missing, defaults to false
    """
    addToBlocklist: Boolean
}

type Revocation
@join__type(graph: CAOPERATIONS)
{
    certificateAuthorityAccount: CertificateAuthorityAccount
    status: RevocationStatus
    reason: RevocationReason
    comment: String
    error: ErrorInformation
    user: User
}

enum RevocationReason
@join__type(graph: CAOPERATIONS)
{
    UNSPECIFIED @join__enumValue(graph: CAOPERATIONS)
    KEY_COMPROMISE @join__enumValue(graph: CAOPERATIONS)
    AFFILIATION_CHANGED @join__enumValue(graph: CAOPERATIONS)
    SUPERSEDED @join__enumValue(graph: CAOPERATIONS)
    CESSATION_OF_OPERATION @join__enumValue(graph: CAOPERATIONS)
}

"""Indicates the revocation status of a certificate"""
enum RevocationStatus
@join__type(graph: CAOPERATIONS)
@join__type(graph: SEARCH)
{
    SUBMITTED @join__enumValue(graph: CAOPERATIONS) @join__enumValue(graph: SEARCH)
    FAILED @join__enumValue(graph: CAOPERATIONS) @join__enumValue(graph: SEARCH)
}

input RevocationStatusFilter
@join__type(graph: SEARCH)
{
    """The string value we want to match"""
    eq: RevocationStatus

    """
    The boolean value that we want to assert whether the boolean field is null or not
    """
    hasValue: Boolean
}

type RFC822Name
@join__type(graph: CERTIFICATE_INVENTORY)
{
    emailAddress: String!
}

"""RSA public key information"""
type RSAKeyInfo
@join__type(graph: CERTIFICATE_INVENTORY)
{
    """Strength in bits"""
    strength: Int!
}

enum ScanType
@join__type(graph: OUTAGEDETECTION)
{
    USER @join__enumValue(graph: OUTAGEDETECTION)
    EXTERNAL @join__enumValue(graph: OUTAGEDETECTION)
    DOMAIN @join__enumValue(graph: OUTAGEDETECTION)
    VALIDATION @join__enumValue(graph: OUTAGEDETECTION)
    SMART_INTERNAL @join__enumValue(graph: OUTAGEDETECTION)
    SMART_EXTERNAL @join__enumValue(graph: OUTAGEDETECTION)
    SMART_VALIDATION_INTERNAL @join__enumValue(graph: OUTAGEDETECTION)
    SMART_VALIDATION_EXTERNAL @join__enumValue(graph: OUTAGEDETECTION)
}

"""SearchCertificateFilterInput filter argument for certificate search"""
input SearchCertificateFilterInput
@join__type(graph: SEARCH)
{
    """filter is a search expression based on the Certificate type"""
    filter: String!
}

"""A representation of an account for a machine"""
type ServiceAccount
@join__type(graph: LEGACY, key: "id")
@join__type(graph: OUTAGEDETECTION)
@join__type(graph: TLSPK, key: "id")
{
    """A unique identifier that identifies a specific service account."""
    id: ID!

    """The display name associated with this service account."""
    displayName: String @join__field(graph: LEGACY)

    """A flag representing if the service account is enabled or not."""
    enabled: Boolean @join__field(graph: LEGACY)

    """The team who owns this service account"""
    owner: Team @join__field(graph: LEGACY)

    """Scopes that are assigned to this service account"""
    scopes: [String] @join__field(graph: LEGACY)
    usedByClusters: [Cluster!]! @join__field(graph: TLSPK)
}

"""The connection type for ServiceAccount."""
type ServiceAccountConnection
@join__type(graph: LEGACY)
{
    """A list of edges"""
    edges: [ServiceAccountEdge!]

    """A list of nodes."""
    nodes: [ServiceAccount!]

    """Information to aid in pagination."""
    pageInfo: PageInfo!

    """Identifies the total count of service accounts in the connection."""
    totalCount: Int!
}

"""An edge in the ServiceAccountConnection"""
type ServiceAccountEdge
@join__type(graph: LEGACY)
{
    """A cursor for use in pagination"""
    cursor: ID!

    """The item at the end of the edge"""
    node: ServiceAccount!
}

"""Indicates the signature hash algorithm of a certificate"""
enum SignatureHashAlgorithm
@join__type(graph: SEARCH)
{
    GOST_R3410_2001 @join__enumValue(graph: SEARCH)
    GOST_R3410_94 @join__enumValue(graph: SEARCH)
    GOST_R3411_2012 @join__enumValue(graph: SEARCH)
    MD2 @join__enumValue(graph: SEARCH)
    MD5 @join__enumValue(graph: SEARCH)
    SHA1 @join__enumValue(graph: SEARCH)
    SHA224 @join__enumValue(graph: SEARCH)
    SHA256 @join__enumValue(graph: SEARCH)
    SHA384 @join__enumValue(graph: SEARCH)
    SHA512 @join__enumValue(graph: SEARCH)
    SHA3_256 @join__enumValue(graph: SEARCH)
    SHA3_512 @join__enumValue(graph: SEARCH)
    SM3 @join__enumValue(graph: SEARCH)
    RIPEMD160 @join__enumValue(graph: SEARCH)
    UNKNOWN @join__enumValue(graph: SEARCH)
}

input SignatureHashAlgorithmFilter
@join__type(graph: SEARCH)
{
    """The string value we want to match"""
    eq: SignatureHashAlgorithm

    """
    The list of strings that we want to assert whether the string value is included in the provided list
    """
    in: [SignatureHashAlgorithm!]
}

"""Identifies certificate's subject alternative name type"""
enum SubjectAlternativeNameType
@join__type(graph: SEARCH)
{
    RFC822Name @join__enumValue(graph: SEARCH)
    DNSName @join__enumValue(graph: SEARCH)
    DirectoryName @join__enumValue(graph: SEARCH)
    EdiPartyName @join__enumValue(graph: SEARCH)
    UniformResourceIdentifier @join__enumValue(graph: SEARCH)
    IPAddress @join__enumValue(graph: SEARCH)
}

input SubjectAlternativeNameTypeFilter
@join__type(graph: SEARCH)
{
    """The subject alternative name type value we want to match"""
    eq: SubjectAlternativeNameType

    """The subject alternative name type value we don't want to match"""
    neq: SubjectAlternativeNameType

    """
    The list of subject alternative name types that we want to assert whether the string value is included in the provided list
    """
    in: [SubjectAlternativeNameType!]

    """
    The boolean value that we want to assert whether the field is null or not
    """
    hasValue: Boolean
}

"""System Roles"""
enum SystemRole
@join__type(graph: LEGACY)
{
    """System Administrator"""
    SYSTEM_ADMIN @join__enumValue(graph: LEGACY)
}

"""Tag is used in matching rules and displays the key name"""
type Tag
@join__type(graph: COMPLIANCE_POLICY)
@join__type(graph: TAGGING)
{
    """Name refers to the name of the tag"""
    name: String!
}

type TagConnection
@join__type(graph: TAGGING)
{
    pageInfo: PageInfo!
    totalCount: Int!
    nodes: [Tag!]
    edges: [TagEdge]
}

type TagEdge
@join__type(graph: TAGGING)
{
    node: Tag!
    cursor: String!
}

"""TagMatchingRule wraps the Tag type to add included to it"""
type TagMatchingRule
@join__type(graph: COMPLIANCE_POLICY)
{
    """Tag is the reference to the tag to include or exclude"""
    tag: Tag

    """
    Included states whether this tag should be included in matching for resources
    """
    included: Boolean
}

"""A team of users"""
type Team
@join__type(graph: CLOUD_PROVIDERS)
@join__type(graph: LEGACY, key: "id")
@join__type(graph: OUTAGEDETECTION)
{
    """A unique identifier that identifies a specific team."""
    id: ID!

    """The name of the team."""
    name: String! @join__field(graph: LEGACY)

    """The accounts that belogn to this team."""
    members(
        """Returns the elements in the list that come after the specified cursor."""
        after: String

        """
        Returns the elements in the list that come before the specified cursor.
        """
        before: String

        """Returns the first _n_ elements from the list."""
        first: Int

        """Returns the last _n_ elements from the list."""
        last: Int
    ): UserConnection! @join__field(graph: LEGACY)
}

"""The connection type for Team"""
type TeamConnection
@join__type(graph: LEGACY)
{
    """A list of edges."""
    edges: [TeamEdge!]

    """A list of nodes."""
    nodes: [Team!]

    """Information to aid in pagination."""
    pageInfo: PageInfo!

    """Identifies the total count of teams in the connection."""
    totalCount: Int!
}

"""An edge in a TeamConnection."""
type TeamEdge
@join__type(graph: LEGACY)
{
    """A cursor for use in pagination."""
    cursor: ID!

    """The item at the end of the edge."""
    node: Team!
}

input TeamFilterAttributesInput
@join__type(graph: LEGACY)
{
    """Filter by user id within team's members"""
    userId: TeamListFilter
}

input TeamFilterInput
@join__type(graph: LEGACY)
{
    """Filter by matching ALL the supplied filter inputs"""
    and: [TeamFilterAttributesInput!]
}

input TeamListFilter
@join__type(graph: LEGACY)
{
    """The string value that we want to assert whether it is within the list"""
    includes: String
}

enum TlspkCertManagerIssuerKind
@join__type(graph: TLSPK)
{
    CLUSTER @join__enumValue(graph: TLSPK)
    NAMESPACE @join__enumValue(graph: TLSPK)
}

type TlspkClustersCertificatesOverviewCategory
@join__type(graph: TLSPK)
{
    id: String
    count: Int
}

type TlspkClustersCertificatesOverviewWidget
@join__type(graph: TLSPK)
{
    """
    totalCount is the number of long, short and ultra short lived certificates found in clusters
    """
    totalCount: Int

    """
    categories is the list of long, short and ultra short lived certificates found in clusters
    """
    categories: [TlspkClustersCertificatesOverviewCategory]
}

type TlspkClustersCertManagerIssuersType
@join__type(graph: TLSPK)
{
    issuerType: String
    count: Int
    kind: TlspkCertManagerIssuerKind
}

type TlspkClustersCertManagerIssuersWidget
@join__type(graph: TLSPK)
{
    """
    totalCount is the number of venafi and non-venafi cert-manager issuers found in clusters
    """
    totalCount: Int

    """
    nonVenafiIssuers is the number of non-venafi cert-manager issuers found in clusters
    """
    nonVenafiIssuers: Int

    """types is the list of venafi and non-venafi issuers found in clusters"""
    types: [TlspkClustersCertManagerIssuersType]
}

type TlspkClustersIngressesCategory
@join__type(graph: TLSPK)
{
    id: String
    count: Int
}

type TlspkClustersIngressesWidget
@join__type(graph: TLSPK)
{
    """totalCount is the number of ingresses found in clusters"""
    totalCount: Int

    """
    unhealthy is the number of ingresses found in clusters that have certificates that are expired or soon to expire
    """
    unhealthy: Int

    """
    categories is the list of ingresses found in clusters that have certificates that are expired or soon to expire
    """
    categories: [TlspkClustersIngressesCategory]
}

type TlspkClustersLLCertsNotManagedByCertManagerCategory
@join__type(graph: TLSPK)
{
    id: String
    count: Int
}

type TlspkClustersLLCertsNotManagedByCertManagerWidget
@join__type(graph: TLSPK)
{
    """totalCount is the number of long lived certificates found in clusters"""
    totalCount: Int

    """
    notManagedByCertManager is the number of long lived certfiicates found in clusters that are not managed by Cert-Manager
    """
    notManagedByCertManager: Int

    """
    categories is the list of long lived certificates found in clusters that are either managed by Cert-Manager or not managed by Cert-Manager
    """
    categories: [TlspkClustersLLCertsNotManagedByCertManagerCategory]
}

type TlspkClustersLongLivedCertificatesCategory
@join__type(graph: TLSPK)
{
    id: String
    count: Int
}

type TlspkClustersLongLivedCertificatesWidget
@join__type(graph: TLSPK)
{
    """totalCount is the number of long lived certificates found in clusters"""
    totalCount: Int

    """
    unhealthy is the number of long lived certificates found in clusters that are expired, soon to expire or not managed by cert manager
    """
    unhealthy: Int

    """
    categories is the list of long lived certificates found in clusters that are expired, soon to expire or not managed by cert manager
    """
    categories: [TlspkClustersLongLivedCertificatesCategory]
}

type TlspkClustersOverviewCategory
@join__type(graph: TLSPK)
{
    id: String
    count: Int
}

type TlspkClustersOverviewWidget
@join__type(graph: TLSPK)
{
    """totalCount is the number of clusters with any status except DELETED"""
    totalCount: Int

    """
    unhealthy is the number of clusters with status INACTIVE or WAITING_FOR_FIRST_CONTACT
    """
    unhealthy: Int

    """
    categories is the list of clusters with status INACTIVE or WAITING_FOR_FIRST_CONTACT
    """
    categories: [TlspkClustersOverviewCategory]
}

type TlspkClustersSummary
@join__type(graph: TLSPK)
{
    clusters: TlspkClustersOverviewWidget
    clustersCertificates: TlspkClustersCertificatesOverviewWidget
    clustersLongLivedCertificates: TlspkClustersLongLivedCertificatesWidget
    clustersLLCertsNotManagedByCertManager: TlspkClustersLLCertsNotManagedByCertManagerWidget
    ingresses: TlspkClustersIngressesWidget
    certManagerIssuers: TlspkClustersCertManagerIssuersWidget
}

enum TLSProtocol
@join__type(graph: OUTAGEDETECTION)
{
    """SSL v2"""
    SSL_V2 @join__enumValue(graph: OUTAGEDETECTION)

    """SSL v3"""
    SSL_V3 @join__enumValue(graph: OUTAGEDETECTION)

    """TLS v1.0"""
    TLS_V1 @join__enumValue(graph: OUTAGEDETECTION)

    """TLS v1.1"""
    TLS_V1_1 @join__enumValue(graph: OUTAGEDETECTION)

    """TLS v1.2"""
    TLS_V1_2 @join__enumValue(graph: OUTAGEDETECTION)

    """TLS v1.3"""
    TLS_V1_3 @join__enumValue(graph: OUTAGEDETECTION)
}

type TLSServerEndpoint
@join__type(graph: OUTAGEDETECTION)
{
    id: ID!
    scanType: ScanType!
    ipAddress: IP!
    port: Int!
    serverName: FQDN
    lastSeenTime: DateTime!
    tlsProtocols: [TLSProtocol!]
    deploymentStatus: DeploymentStatus
    chainValidationErrors: [ValidationError!]
    tlsValidationError: ValidationError
    lastAttemptTime: DateTime
}

type TLSServerEndpointConnection
@join__type(graph: COMPUTED_FIELDS)
@join__type(graph: OUTAGEDETECTION)
{
    tlsServerEndpointsErrorCount: ValidationErrorCount!
    pageInfo: PageInfo! @join__field(graph: OUTAGEDETECTION)
    totalCount: Int! @join__field(graph: OUTAGEDETECTION)
    nodes: [TLSServerEndpoint!] @join__field(graph: OUTAGEDETECTION)
    edges: [TLSServerEndpointEdge] @join__field(graph: OUTAGEDETECTION)
}

type TLSServerEndpointEdge
@join__type(graph: OUTAGEDETECTION)
{
    node: TLSServerEndpoint!
    cursor: String!
}

type TLSValidationError implements ValidationError
@join__implements(graph: OUTAGEDETECTION, interface: "ValidationError")
@join__type(graph: OUTAGEDETECTION)
{
    message: String
    arguments: [String!]
    errorType: TLSValidationErrorType
}

"""
Identifies the tls validation error type associated with a tls server endpoint
"""
enum TLSValidationErrorType
@join__type(graph: OUTAGEDETECTION)
@join__type(graph: SEARCH)
{
    INVALID_CERTIFICATE_FOUND @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    OLD_VERSION_CERTIFICATE_FOUND @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    UNEXPECTED_CERTIFICATE_FOUND @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    NO_CERTIFICATE_PRESENTED @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    TARGET_UNREACHABLE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    HOSTNAME_NOT_RESOLVABLE @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
    UNKNOWN_ERROR @join__enumValue(graph: OUTAGEDETECTION) @join__enumValue(graph: SEARCH)
}

input TLSValidationErrorTypeFilter
@join__type(graph: SEARCH)
{
    """The tls validation error type value we want to match"""
    eq: TLSValidationErrorType

    """The tls validation error type value we don't want to match"""
    neq: TLSValidationErrorType

    """
    The list of tls validation error types that we want to assert whether the string value is included in the provided list
    """
    in: [TLSValidationErrorType!]

    """
    The boolean value that we want to assert whether the field is null or not
    """
    hasValue: Boolean
}

"""
TrustedCaCertificate is the trusted CA certificate that is trusted by the user for use in issuing certificates
"""
type TrustedCaCertificate
@join__type(graph: CERTIFICATE, key: "fingerprint")
@join__type(graph: COMPLIANCE_POLICY, key: "fingerprint", resolvable: false)
{
    """Fingerprint of the trusted CA certificate"""
    fingerprint: ID!

    """
    CertificateType defines what type of certificate the trusted CA cert is
    """
    certificateType: CertificateType! @join__field(graph: CERTIFICATE)

    """Source defines how the certificate was loaded into the system"""
    source: TrustedCACertificateSource! @join__field(graph: CERTIFICATE)

    """SubjectCN of the trusted CA certificate"""
    subjectCN: [String]! @join__field(graph: CERTIFICATE)
}

"""
TrustedCaCertificatesConnection is used to provide pagination to trusted CA certificates
"""
type TrustedCaCertificatesConnection
@join__type(graph: CERTIFICATE)
{
    """PageInfo is information for pagination"""
    pageInfo: PageInfo!

    """TotalCount of trusted CA certificates"""
    totalCount: Int!

    """Nodes of the trusted CA certificate connection for paginated results"""
    nodes: [TrustedCaCertificate!]

    """Edges of the trusted CA certificate connection for linking"""
    edges: [TrustedCaCertificatesEdge]
}

"""
TrustedCaCertificatesEdge is used for the TrustedCaCertificatesConnection edges
"""
type TrustedCaCertificatesEdge
@join__type(graph: CERTIFICATE)
{
    """Node of the trusted CA certificate connection"""
    node: TrustedCaCertificate!

    """Cursor is the link to the next edge"""
    cursor: String!
}

"""
TrustedCACertificateSource defines how the certificate was loaded into the system
"""
enum TrustedCACertificateSource
@join__type(graph: CERTIFICATE)
{
    GLOBALLY_TRUSTED @join__enumValue(graph: CERTIFICATE)
    USER_PROVIDED @join__enumValue(graph: CERTIFICATE)
}

"""
TrustedCAEvaluationRule wraps the Trusted CA type to add included to it
"""
type TrustedCAEvaluationRule
@join__type(graph: COMPLIANCE_POLICY)
{
    """TrustedCA is the reference to the Trusted CA to include or exclude"""
    trustedCA: TrustedCaCertificate

    """
    Included states whether this Trusted CA should be included in matching for resources
    """
    included: Boolean
}

type UniformResourceIdentifier
@join__type(graph: CERTIFICATE_INVENTORY)
{
    uri: URI!
}

"""Represents the input for updating a PagerDuty integration."""
input UpdatePagerDutyIntegrationInput
@join__type(graph: MESSAGING)
{
    id: ID!
    name: String
    pagerDutyParams: PagerDutyIntegrationInputParams
}

"""
A field whose value conforms to the standard URI format as specified in RFC3986
"""
scalar URI
@join__type(graph: CERTIFICATE_INVENTORY)

"""A representation of a human user account."""
type User
@join__type(graph: CAOPERATIONS)
@join__type(graph: CLOUD_PROVIDERS)
@join__type(graph: LEGACY, key: "id")
@join__type(graph: OUTAGEDETECTION)
{
    """A unique identifier that identifies a specific user."""
    id: ID!

    """
    The username associated with this user. Note that the username is the user's email address.
    """
    username: String! @join__field(graph: LEGACY)

    """The user's given name."""
    firstName: String @join__field(graph: LEGACY)

    """The user's surname."""
    lastName: String @join__field(graph: LEGACY)
}

"""The connection type for User."""
type UserConnection
@join__type(graph: LEGACY)
{
    """A list of edges"""
    edges: [UserEdge!]

    """A list of nodes."""
    nodes: [User!]

    """Information to aid in pagination."""
    pageInfo: PageInfo!

    """Identifies the total count of users in the connection."""
    totalCount: Int!
}

"""An edge in the UserConnection"""
type UserEdge
@join__type(graph: LEGACY)
{
    """A cursor for use in pagination"""
    cursor: ID!

    """The item at the end of the edge"""
    node: User!
}

"""User status"""
enum UserStatus
@join__type(graph: LEGACY)
{
    """Active"""
    ACTIVE @join__enumValue(graph: LEGACY)

    """Inactive"""
    INACTIVE @join__enumValue(graph: LEGACY)

    """Pending Activation"""
    PENDING_ACTIVATION @join__enumValue(graph: LEGACY)
}

"""A field whose value is a generic Universally Unique Identifier."""
scalar UUID
@join__type(graph: CAOPERATIONS)
@join__type(graph: CERTIFICATE)
@join__type(graph: CLOUD_PROVIDERS)
@join__type(graph: COMPLIANCE_POLICY)
@join__type(graph: LEGACY)
@join__type(graph: OUTAGEDETECTION)

interface ValidationError
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: OUTAGEDETECTION)
{
    message: String
    arguments: [String!]
}

type ValidationErrorCount
@join__type(graph: CERTIFICATE_INVENTORY)
@join__type(graph: COMPUTED_FIELDS)
@join__type(graph: OUTAGEDETECTION)
{
    warnings: Int!
    alerts: Int!
}

type WorkflowResult
@join__type(graph: CLOUD_PROVIDERS)
{
    workflowName: String!
    workflowId: UUID!
}