ACCESSCONTEXTMANAGER
accesscontextmanager.accessPolicies.accessLevels.create
enum_BasicLevelCombiningFunction := [ "AND", "OR" ]
enum_DevicePolicyAllowedDeviceManagementLevels := [ "MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE" ]
enum_DevicePolicyAllowedEncryptionStatuses := [ "ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED" ]
enum_OsConstraintOsType := [ "OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS" ]
valid {
input.Body.basic.combiningFunction == enum_BasicLevelCombiningFunction[_]
input.Body.basic.conditions[_].devicePolicy.allowedDeviceManagementLevels[_] == enum_DevicePolicyAllowedDeviceManagementLevels[_]
input.Body.basic.conditions[_].devicePolicy.allowedEncryptionStatuses[_] == enum_DevicePolicyAllowedEncryptionStatuses[_]
input.Body.basic.conditions[_].devicePolicy.osConstraints[_].minimumVersion == STRING
input.Body.basic.conditions[_].devicePolicy.osConstraints[_].osType == enum_OsConstraintOsType[_]
input.Body.basic.conditions[_].devicePolicy.osConstraints[_].requireVerifiedChromeOs == BOOLEAN
input.Body.basic.conditions[_].devicePolicy.requireAdminApproval == BOOLEAN
input.Body.basic.conditions[_].devicePolicy.requireCorpOwned == BOOLEAN
input.Body.basic.conditions[_].devicePolicy.requireScreenlock == BOOLEAN
input.Body.basic.conditions[_].ipSubnetworks[_] == STRING
input.Body.basic.conditions[_].members[_] == STRING
input.Body.basic.conditions[_].negate == BOOLEAN
input.Body.basic.conditions[_].regions[_] == STRING
input.Body.basic.conditions[_].requiredAccessLevels[_] == STRING
input.Body.basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.network == STRING
input.Body.basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.vpcIpSubnetworks[_] == STRING
input.Body.custom.expr.description == STRING
input.Body.custom.expr.expression == STRING
input.Body.custom.expr.location == STRING
input.Body.custom.expr.title == STRING
input.Body.description == STRING
input.Body.name == STRING
input.Body.title == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.accessLevels.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.accessLevels.get
enum_AccessLevelFormatParameter := [ "LEVEL_FORMAT_UNSPECIFIED", "AS_DEFINED", "CEL" ]
valid {
input.ReqMap.name == STRING
input.Qs.accessLevelFormat == enum_AccessLevelFormatParameter[_]
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.accessLevels.list
enum_AccessLevelFormatParameter := [ "LEVEL_FORMAT_UNSPECIFIED", "AS_DEFINED", "CEL" ]
valid {
input.ReqMap.parent == STRING
input.Qs.accessLevelFormat == enum_AccessLevelFormatParameter[_]
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.accessLevels.patch
enum_BasicLevelCombiningFunction := [ "AND", "OR" ]
enum_DevicePolicyAllowedDeviceManagementLevels := [ "MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE" ]
enum_DevicePolicyAllowedEncryptionStatuses := [ "ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED" ]
enum_OsConstraintOsType := [ "OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS" ]
valid {
input.Body.basic.combiningFunction == enum_BasicLevelCombiningFunction[_]
input.Body.basic.conditions[_].devicePolicy.allowedDeviceManagementLevels[_] == enum_DevicePolicyAllowedDeviceManagementLevels[_]
input.Body.basic.conditions[_].devicePolicy.allowedEncryptionStatuses[_] == enum_DevicePolicyAllowedEncryptionStatuses[_]
input.Body.basic.conditions[_].devicePolicy.osConstraints[_].minimumVersion == STRING
input.Body.basic.conditions[_].devicePolicy.osConstraints[_].osType == enum_OsConstraintOsType[_]
input.Body.basic.conditions[_].devicePolicy.osConstraints[_].requireVerifiedChromeOs == BOOLEAN
input.Body.basic.conditions[_].devicePolicy.requireAdminApproval == BOOLEAN
input.Body.basic.conditions[_].devicePolicy.requireCorpOwned == BOOLEAN
input.Body.basic.conditions[_].devicePolicy.requireScreenlock == BOOLEAN
input.Body.basic.conditions[_].ipSubnetworks[_] == STRING
input.Body.basic.conditions[_].members[_] == STRING
input.Body.basic.conditions[_].negate == BOOLEAN
input.Body.basic.conditions[_].regions[_] == STRING
input.Body.basic.conditions[_].requiredAccessLevels[_] == STRING
input.Body.basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.network == STRING
input.Body.basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.vpcIpSubnetworks[_] == STRING
input.Body.custom.expr.description == STRING
input.Body.custom.expr.expression == STRING
input.Body.custom.expr.location == STRING
input.Body.custom.expr.title == STRING
input.Body.description == STRING
input.Body.name == STRING
input.Body.title == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.accessLevels.replaceAll
enum_BasicLevelCombiningFunction := [ "AND", "OR" ]
enum_DevicePolicyAllowedDeviceManagementLevels := [ "MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE" ]
enum_DevicePolicyAllowedEncryptionStatuses := [ "ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED" ]
enum_OsConstraintOsType := [ "OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS" ]
valid {
input.Body.accessLevels[_].basic.combiningFunction == enum_BasicLevelCombiningFunction[_]
input.Body.accessLevels[_].basic.conditions[_].devicePolicy.allowedDeviceManagementLevels[_] == enum_DevicePolicyAllowedDeviceManagementLevels[_]
input.Body.accessLevels[_].basic.conditions[_].devicePolicy.allowedEncryptionStatuses[_] == enum_DevicePolicyAllowedEncryptionStatuses[_]
input.Body.accessLevels[_].basic.conditions[_].devicePolicy.osConstraints[_].minimumVersion == STRING
input.Body.accessLevels[_].basic.conditions[_].devicePolicy.osConstraints[_].osType == enum_OsConstraintOsType[_]
input.Body.accessLevels[_].basic.conditions[_].devicePolicy.osConstraints[_].requireVerifiedChromeOs == BOOLEAN
input.Body.accessLevels[_].basic.conditions[_].devicePolicy.requireAdminApproval == BOOLEAN
input.Body.accessLevels[_].basic.conditions[_].devicePolicy.requireCorpOwned == BOOLEAN
input.Body.accessLevels[_].basic.conditions[_].devicePolicy.requireScreenlock == BOOLEAN
input.Body.accessLevels[_].basic.conditions[_].ipSubnetworks[_] == STRING
input.Body.accessLevels[_].basic.conditions[_].members[_] == STRING
input.Body.accessLevels[_].basic.conditions[_].negate == BOOLEAN
input.Body.accessLevels[_].basic.conditions[_].regions[_] == STRING
input.Body.accessLevels[_].basic.conditions[_].requiredAccessLevels[_] == STRING
input.Body.accessLevels[_].basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.network == STRING
input.Body.accessLevels[_].basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.vpcIpSubnetworks[_] == STRING
input.Body.accessLevels[_].custom.expr.description == STRING
input.Body.accessLevels[_].custom.expr.expression == STRING
input.Body.accessLevels[_].custom.expr.location == STRING
input.Body.accessLevels[_].custom.expr.title == STRING
input.Body.accessLevels[_].description == STRING
input.Body.accessLevels[_].name == STRING
input.Body.accessLevels[_].title == STRING
input.Body.etag == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.accessLevels.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.authorizedOrgsDescs.create
enum_AuthorizedOrgsDescAssetType := [ "ASSET_TYPE_UNSPECIFIED", "ASSET_TYPE_DEVICE", "ASSET_TYPE_CREDENTIAL_STRENGTH" ]
enum_AuthorizedOrgsDescAuthorizationDirection := [ "AUTHORIZATION_DIRECTION_UNSPECIFIED", "AUTHORIZATION_DIRECTION_TO", "AUTHORIZATION_DIRECTION_FROM" ]
enum_AuthorizedOrgsDescAuthorizationType := [ "AUTHORIZATION_TYPE_UNSPECIFIED", "AUTHORIZATION_TYPE_TRUST" ]
valid {
input.Body.assetType == enum_AuthorizedOrgsDescAssetType[_]
input.Body.authorizationDirection == enum_AuthorizedOrgsDescAuthorizationDirection[_]
input.Body.authorizationType == enum_AuthorizedOrgsDescAuthorizationType[_]
input.Body.name == STRING
input.Body.orgs[_] == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.authorizedOrgsDescs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.authorizedOrgsDescs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.authorizedOrgsDescs.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.authorizedOrgsDescs.patch
enum_AuthorizedOrgsDescAssetType := [ "ASSET_TYPE_UNSPECIFIED", "ASSET_TYPE_DEVICE", "ASSET_TYPE_CREDENTIAL_STRENGTH" ]
enum_AuthorizedOrgsDescAuthorizationDirection := [ "AUTHORIZATION_DIRECTION_UNSPECIFIED", "AUTHORIZATION_DIRECTION_TO", "AUTHORIZATION_DIRECTION_FROM" ]
enum_AuthorizedOrgsDescAuthorizationType := [ "AUTHORIZATION_TYPE_UNSPECIFIED", "AUTHORIZATION_TYPE_TRUST" ]
valid {
input.Body.assetType == enum_AuthorizedOrgsDescAssetType[_]
input.Body.authorizationDirection == enum_AuthorizedOrgsDescAuthorizationDirection[_]
input.Body.authorizationType == enum_AuthorizedOrgsDescAuthorizationType[_]
input.Body.name == STRING
input.Body.orgs[_] == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.create
valid {
input.Body.etag == STRING
input.Body.name == STRING
input.Body.parent == STRING
input.Body.scopes[_] == STRING
input.Body.title == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.getIamPolicy
valid {
input.Body.options.requestedPolicyVersion == INTEGER
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.list
valid {
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.parent == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.patch
valid {
input.Body.etag == STRING
input.Body.name == STRING
input.Body.parent == STRING
input.Body.scopes[_] == STRING
input.Body.title == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.servicePerimeters.commit
valid {
input.Body.etag == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.servicePerimeters.create
enum_EgressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_EgressFromSourceRestriction := [ "SOURCE_RESTRICTION_UNSPECIFIED", "SOURCE_RESTRICTION_ENABLED", "SOURCE_RESTRICTION_DISABLED" ]
enum_IngressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_ServicePerimeterPerimeterType := [ "PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE" ]
valid {
input.Body.description == STRING
input.Body.name == STRING
input.Body.perimeterType == enum_ServicePerimeterPerimeterType[_]
input.Body.spec.accessLevels[_] == STRING
input.Body.spec.egressPolicies[_].egressFrom.identities[_] == STRING
input.Body.spec.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
input.Body.spec.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
input.Body.spec.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
input.Body.spec.egressPolicies[_].egressTo.externalResources[_] == STRING
input.Body.spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
input.Body.spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.spec.egressPolicies[_].egressTo.operations[_].serviceName == STRING
input.Body.spec.egressPolicies[_].egressTo.resources[_] == STRING
input.Body.spec.ingressPolicies[_].ingressFrom.identities[_] == STRING
input.Body.spec.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
input.Body.spec.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
input.Body.spec.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
input.Body.spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
input.Body.spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.spec.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
input.Body.spec.ingressPolicies[_].ingressTo.resources[_] == STRING
input.Body.spec.resources[_] == STRING
input.Body.spec.restrictedServices[_] == STRING
input.Body.spec.vpcAccessibleServices.allowedServices[_] == STRING
input.Body.spec.vpcAccessibleServices.enableRestriction == BOOLEAN
input.Body.status.accessLevels[_] == STRING
input.Body.status.egressPolicies[_].egressFrom.identities[_] == STRING
input.Body.status.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
input.Body.status.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
input.Body.status.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
input.Body.status.egressPolicies[_].egressTo.externalResources[_] == STRING
input.Body.status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
input.Body.status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.status.egressPolicies[_].egressTo.operations[_].serviceName == STRING
input.Body.status.egressPolicies[_].egressTo.resources[_] == STRING
input.Body.status.ingressPolicies[_].ingressFrom.identities[_] == STRING
input.Body.status.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
input.Body.status.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
input.Body.status.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
input.Body.status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
input.Body.status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.status.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
input.Body.status.ingressPolicies[_].ingressTo.resources[_] == STRING
input.Body.status.resources[_] == STRING
input.Body.status.restrictedServices[_] == STRING
input.Body.status.vpcAccessibleServices.allowedServices[_] == STRING
input.Body.status.vpcAccessibleServices.enableRestriction == BOOLEAN
input.Body.title == STRING
input.Body.useExplicitDryRunSpec == BOOLEAN
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.servicePerimeters.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.servicePerimeters.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.servicePerimeters.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.servicePerimeters.patch
enum_EgressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_EgressFromSourceRestriction := [ "SOURCE_RESTRICTION_UNSPECIFIED", "SOURCE_RESTRICTION_ENABLED", "SOURCE_RESTRICTION_DISABLED" ]
enum_IngressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_ServicePerimeterPerimeterType := [ "PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE" ]
valid {
input.Body.description == STRING
input.Body.name == STRING
input.Body.perimeterType == enum_ServicePerimeterPerimeterType[_]
input.Body.spec.accessLevels[_] == STRING
input.Body.spec.egressPolicies[_].egressFrom.identities[_] == STRING
input.Body.spec.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
input.Body.spec.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
input.Body.spec.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
input.Body.spec.egressPolicies[_].egressTo.externalResources[_] == STRING
input.Body.spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
input.Body.spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.spec.egressPolicies[_].egressTo.operations[_].serviceName == STRING
input.Body.spec.egressPolicies[_].egressTo.resources[_] == STRING
input.Body.spec.ingressPolicies[_].ingressFrom.identities[_] == STRING
input.Body.spec.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
input.Body.spec.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
input.Body.spec.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
input.Body.spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
input.Body.spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.spec.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
input.Body.spec.ingressPolicies[_].ingressTo.resources[_] == STRING
input.Body.spec.resources[_] == STRING
input.Body.spec.restrictedServices[_] == STRING
input.Body.spec.vpcAccessibleServices.allowedServices[_] == STRING
input.Body.spec.vpcAccessibleServices.enableRestriction == BOOLEAN
input.Body.status.accessLevels[_] == STRING
input.Body.status.egressPolicies[_].egressFrom.identities[_] == STRING
input.Body.status.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
input.Body.status.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
input.Body.status.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
input.Body.status.egressPolicies[_].egressTo.externalResources[_] == STRING
input.Body.status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
input.Body.status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.status.egressPolicies[_].egressTo.operations[_].serviceName == STRING
input.Body.status.egressPolicies[_].egressTo.resources[_] == STRING
input.Body.status.ingressPolicies[_].ingressFrom.identities[_] == STRING
input.Body.status.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
input.Body.status.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
input.Body.status.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
input.Body.status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
input.Body.status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.status.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
input.Body.status.ingressPolicies[_].ingressTo.resources[_] == STRING
input.Body.status.resources[_] == STRING
input.Body.status.restrictedServices[_] == STRING
input.Body.status.vpcAccessibleServices.allowedServices[_] == STRING
input.Body.status.vpcAccessibleServices.enableRestriction == BOOLEAN
input.Body.title == STRING
input.Body.useExplicitDryRunSpec == BOOLEAN
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.servicePerimeters.replaceAll
enum_EgressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_EgressFromSourceRestriction := [ "SOURCE_RESTRICTION_UNSPECIFIED", "SOURCE_RESTRICTION_ENABLED", "SOURCE_RESTRICTION_DISABLED" ]
enum_IngressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_ServicePerimeterPerimeterType := [ "PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE" ]
valid {
input.Body.etag == STRING
input.Body.servicePerimeters[_].description == STRING
input.Body.servicePerimeters[_].name == STRING
input.Body.servicePerimeters[_].perimeterType == enum_ServicePerimeterPerimeterType[_]
input.Body.servicePerimeters[_].spec.accessLevels[_] == STRING
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressFrom.identities[_] == STRING
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.externalResources[_] == STRING
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.operations[_].serviceName == STRING
input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.resources[_] == STRING
input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressFrom.identities[_] == STRING
input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressTo.resources[_] == STRING
input.Body.servicePerimeters[_].spec.resources[_] == STRING
input.Body.servicePerimeters[_].spec.restrictedServices[_] == STRING
input.Body.servicePerimeters[_].spec.vpcAccessibleServices.allowedServices[_] == STRING
input.Body.servicePerimeters[_].spec.vpcAccessibleServices.enableRestriction == BOOLEAN
input.Body.servicePerimeters[_].status.accessLevels[_] == STRING
input.Body.servicePerimeters[_].status.egressPolicies[_].egressFrom.identities[_] == STRING
input.Body.servicePerimeters[_].status.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
input.Body.servicePerimeters[_].status.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
input.Body.servicePerimeters[_].status.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.externalResources[_] == STRING
input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.operations[_].serviceName == STRING
input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.resources[_] == STRING
input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressFrom.identities[_] == STRING
input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressTo.resources[_] == STRING
input.Body.servicePerimeters[_].status.resources[_] == STRING
input.Body.servicePerimeters[_].status.restrictedServices[_] == STRING
input.Body.servicePerimeters[_].status.vpcAccessibleServices.allowedServices[_] == STRING
input.Body.servicePerimeters[_].status.vpcAccessibleServices.enableRestriction == BOOLEAN
input.Body.servicePerimeters[_].title == STRING
input.Body.servicePerimeters[_].useExplicitDryRunSpec == BOOLEAN
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.servicePerimeters.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.accessPolicies.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.operations.cancel
valid {
input.Body.STRING == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.operations.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.operations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.operations.list
valid {
input.ReqMap.name == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.organizations.gcpUserAccessBindings.create
valid {
input.Body.accessLevels[_] == STRING
input.Body.dryRunAccessLevels[_] == STRING
input.Body.groupKey == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.organizations.gcpUserAccessBindings.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.organizations.gcpUserAccessBindings.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.organizations.gcpUserAccessBindings.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.organizations.gcpUserAccessBindings.patch
valid {
input.Body.accessLevels[_] == STRING
input.Body.dryRunAccessLevels[_] == STRING
input.Body.groupKey == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.services.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
accesscontextmanager.services.list
valid {
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
Updated about 15 hours ago