docs: public graphql api documentation (#6811)

Author: n1ru4l

packages/services/api/src/modules/organization/module.graphql.ts

@@ -36,6 +36,9 @@ export default gql`
     answerOrganizationTransferRequest(
       input: AnswerOrganizationTransferRequestInput!
     ): AnswerOrganizationTransferRequestResult!
+    """
+    Create a new member role with permissions.
+    """
     createMemberRole(input: CreateMemberRoleInput! @tag(name: "public")): CreateMemberRoleResult!
       @tag(name: "public")
     updateMemberRole(input: UpdateMemberRoleInput! @tag(name: "public")): UpdateMemberRoleResult!
@@ -58,10 +61,27 @@ export default gql`
   }
 
   input CreateOrganizationAccessTokenInput {
+    """
+    Organization in which the access token should be created.
+    """
     organization: OrganizationReferenceInput! @tag(name: "public")
+    """
+    Title of the access token.
+    """
     title: String! @tag(name: "public")
+    """
+    Additional description containing information about the purpose of the access token.
+    """
     description: String @tag(name: "public")
+    """
+    List of permissions that are assigned to the access token.
+    A list of available permissions can be retrieved via the \`Organization.availableOrganizationAccessTokenPermissionGroups\` field.
+    """
     permissions: [String!]! @tag(name: "public")
+    """
+    Resources on which the permissions should be granted (project, target, service, and app deployments).
+    Permissions are inherited by sub-resources.
+    """
     resources: ResourceAssignmentInput! @tag(name: "public")
   }
 
@@ -102,6 +122,9 @@ export default gql`
   }
 
   input DeleteOrganizationAccessTokenInput {
+    """
+    The access token that should be deleted.
+    """
     organizationAccessToken: OrganizationAccessTokenReference! @tag(name: "public")
   }
 
@@ -394,12 +417,12 @@ export default gql`
 
   type OrganizationInvitationEdge {
     node: OrganizationInvitation! @tag(name: "public")
-    cursor: String!
+    cursor: String! @tag(name: "public")
   }
 
   type OrganizationInvitationConnection {
     edges: [OrganizationInvitationEdge!]! @tag(name: "public")
-    pageInfo: PageInfo!
+    pageInfo: PageInfo! @tag(name: "public")
   }
 
   type OrganizationInvitation {
@@ -485,9 +508,21 @@ export default gql`
   }
 
   input CreateMemberRoleInput {
+    """
+    The organization in which the member role should be created.
+    """
     organization: OrganizationReferenceInput! @tag(name: "public")
+    """
+    The name of the member role (must be unique).
+    """
     name: String! @tag(name: "public")
+    """
+    A description describing the purpose of the member role.
+    """
     description: String! @tag(name: "public")
+    """
+    A list of available permissions can be retrieved via the \`Organization.availableMemberPermissionGroups\` field.
+    """
     selectedPermissions: [String!]! @tag(name: "public")
   }
 

packages/web/docs/src/content/_meta.ts

@@ -9,6 +9,7 @@ export default {
   'other-integrations': 'Other Integrations',
   'api-reference': 'CLI/API Reference',
   specs: 'Specifications',
+  'graphql-api': 'GraphQL API',
   'use-cases': 'Use Cases',
   'migration-guides': 'Migration Guides',
   'self-hosting': 'Self-Hosting',

packages/web/docs/src/content/graphql-api/_meta.ts

@@ -0,0 +1,8 @@
+export default {
+  index: 'Using the GraphQL API',
+  'member-management': 'Manage Members',
+  'access-token-management': 'Manage Access Tokens',
+  'project-management': 'Manage Projects',
+  'target-management': 'Manage Targets',
+  'contract-management': 'Manage Contracts',
+};

packages/web/docs/src/content/graphql-api/access-token-management.mdx

@@ -0,0 +1,170 @@
+---
+title: Access Token Management via the GraphQL API
+description: Learn how to manage access tokens via the Hive Console GraphQL API.
+---
+
+# Access Token Management via the GraphQL API
+
+Manage access tokens used for schema publishing, schema checks, app deployment publishes and other
+actions available via the GraphQL API. For more information, please refer to our
+[access token documentation](/docs/management/access-tokens).
+
+## Retrieve a List of Access Tokens
+
+Use the `Organization.accessTokens` field for retrieving a paginated list of available access.
+
+```graphql filename="Example: Paginated list of access tokens"
+query OrganizationAccessTokens($organizationSlug: String!, $after: String) {
+  organization(reference: { bySelector: { organizationSlug: $organizationSlug } }) {
+    accessTokens(first: 10, after: $after) {
+      edges {
+        node {
+          id
+          title
+          description
+          createdAt
+        }
+      }
+      pageInfo {
+        endCursor
+        hasNextPage
+      }
+    }
+  }
+}
+```
+
+## Retrieve a Single Access Token
+
+Instead of fetching a paginated list, it is also possible to retrieve a single access token by its
+id via the `Organization.accessToken` field.
+
+```graphql filename="Example: Retrieve access token by id"
+query OrganizationAccessTokenById($organizationSlug: String!, $accessTokenId: ID!) {
+  organization(reference: { bySelector: { organizationSlug: $organizationSlug } }) {
+    accessToken(id: $accessTokenId) {
+      id
+      title
+      description
+      createdAt
+    }
+  }
+}
+```
+
+## Retrieve a List of Permissions Assignable to Access Tokens
+
+A list of permissions that are assignable to access tokens can be retrieved via the
+`Organization.availableOrganizationAccessTokenPermissionGroups` field. It returns a list of all
+permission groups and their permissions.
+
+```graphql filename="Example: Retrieve permissions by group"
+query OrganizationPermissions($organizationSlug: String!) {
+  organization(reference: { bySelector: { organizationSlug: $organizationSlug } }) {
+    id
+    slug
+    availableOrganizationAccessTokenPermissionGroups {
+      id
+      permissions {
+        id
+        title
+        description
+      }
+    }
+  }
+}
+```
+
+## Create an Access Token
+
+An access token can be created by using the `Mutation.createOrganizationAccessToken` field.
+
+The `CreateOrganizationAccessTokenResultOk.privateAccessKey` field in the mutation results contains
+the access key that can be used with the Hive CLI or the Hive GraphQL API as an authorization
+header.
+
+```graphql filename="Example: Create an Access Token"
+mutation CreateAccessTokenMutation($input: CreateOrganizationAccessTokenInput!) {
+  createOrganizationAccessToken(input: $input) {
+    ok {
+      privateAccessKey
+    }
+    error {
+      message
+      details {
+        title
+        description
+      }
+    }
+  }
+}
+```
+
+### Resource Assignment
+
+Use the `CreateOrganizationAccessTokenInput.resources` field to specify on which resources the
+permissions should apply. Permissions are inherited by all subresources (organization, project,
+target, service, app deployment).
+
+```json5 filename="Example: Grant permissions on all resources"
+{
+  mode: 'ALL',
+  projects: []
+}
+```
+
+```json5 filename="Example: Grant permissions on specific project"
+{
+  mode: 'GRANULAR',
+  projects: [
+    {
+      projectId: '<PROJECT_ID>',
+      targets: {
+        // Grant permissions on all targets within project
+        mode: 'ALL'
+      }
+    }
+  ]
+}
+```
+
+```json5 filename="Example: Grant permissions on specific target"
+{
+  mode: 'GRANULAR',
+  projects: [
+    {
+      projectId: '<PROJECT_ID>',
+      targets: {
+        // Grant permissions on a single targets within project
+        mode: 'GRANULAR',
+        targets: [
+          {
+            targetId: '<TARGET_ID>',
+            // Grant permissions on a all services within target
+            services: { mode: 'ALL' },
+            // Grant permissions on a all app deployments within target
+            appDeployments: { mode: 'ALL' }
+          }
+        ]
+      }
+    }
+  ]
+}
+```
+
+## Delete an Access Token
+
+A access token can be deleted by using the `Mutation.deleteOrganizationAccessToken` field.
+
+```graphql filename="Example: Create an Access Token"
+mutation CreateAccessTokenMutation($input: CreateOrganizationAccessTokenInput!) {
+  deleteOrganizationAccessToken(input: $input) {
+    ok {
+      deletedOrganizationAccessTokenId
+    }
+    error {
+      message
+    }
+  }
+}
+```

packages/web/docs/src/content/graphql-api/contract-management.mdx

@@ -0,0 +1,124 @@
+---
+title: Contract Management via the GraphQL API
+description: Learn how to manage contracts via the Hive Console GraphQL API.
+---
+
+# Contract Management via the GraphQL API
+
+The contracts of a target can be managed via the Hive Console GraphQL API. For more information,
+please refer to our [schema contracts documentation](/docs/schema-registry/contracts).
+
+## Retrieve a list of all Contracts in Target
+
+Use the `Target.contracts` field for retrieving a list of all contracts within the target.
+
+```graphql
+query ContractTargets($targetId: ID!) {
+  target(reference: { byId: $targetId }) {
+    id
+    contracts {
+      edges {
+        node {
+          id
+          contractName
+          includeTags
+          excludeTags
+          removeUnreachableTypesFromPublicApiSchema
+          isDisabled
+        }
+      }
+      pageInfo {
+        hasNextPage
+        endCursor
+      }
+    }
+  }
+}
+```
+
+## Retrieve a list of all Active Contracts in Target
+
+Use the `Target.activeContracts` field for retrieving a list of all contracts within the target.
+
+```graphql
+query ActiveContractTargets($targetId: ID!) {
+  target(reference: { byId: $targetId }) {
+    id
+    activeContracts {
+      edges {
+        node {
+          id
+          contractName
+          includeTags
+          excludeTags
+          removeUnreachableTypesFromPublicApiSchema
+          isDisabled
+        }
+      }
+      pageInfo {
+        hasNextPage
+        endCursor
+      }
+    }
+  }
+}
+```
+
+### Create a Contract
+
+Use the `Mutation.createContract` field for creating a new contract.
+
+```graphql
+mutation CreateContract($input: CreateContractInput!) {
+  createContract(input: $input) {
+    ok {
+      createdContract {
+        id
+        contractName
+        includeTags
+        excludeTags
+        removeUnreachableTypesFromPublicApiSchema
+        isDisabled
+      }
+    }
+    error {
+      message
+      details {
+        target
+        contractName
+        includeTags
+        excludeTags
+      }
+    }
+  }
+}
+```
+
+## Disable a Contract
+
+Use the `Mutation.disableContract` field for disabling a contract. **Note:** A disabled contract
+cannot be made active again.
+
+```graphql
+mutation DisableContract($input: DisableContractInput!) {
+  disableContract(input: $input) {
+    ok {
+      disabledContract {
+        id
+        contractName
+        includeTags
+        excludeTags
+        removeUnreachableTypesFromPublicApiSchema
+        isDisabled
+      }
+    }
+    error {
+      message
+    }
+  }
+}
+```
+
+## Delete a Contract
+
+This is not possible. Instead, disable the contract.