CLOUDASSET

cloudasset.analyzeIamPolicy

valid {
    input.ReqMap.scope == STRING
    input.Qs.analysisQuery.accessSelector.permissions == STRING
    input.Qs.analysisQuery.accessSelector.roles == STRING
    input.Qs.analysisQuery.conditionContext.accessTime == STRING
    input.Qs.analysisQuery.identitySelector.identity == STRING
    input.Qs.analysisQuery.options.analyzeServiceAccountImpersonation == BOOLEAN
    input.Qs.analysisQuery.options.expandGroups == BOOLEAN
    input.Qs.analysisQuery.options.expandResources == BOOLEAN
    input.Qs.analysisQuery.options.expandRoles == BOOLEAN
    input.Qs.analysisQuery.options.outputGroupEdges == BOOLEAN
    input.Qs.analysisQuery.options.outputResourceEdges == BOOLEAN
    input.Qs.analysisQuery.resourceSelector.fullResourceName == STRING
    input.Qs.executionTimeout == STRING
    input.Qs.savedAnalysisQuery == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.analyzeIamPolicyLongrunning

enum_GoogleCloudAssetV1BigQueryDestinationPartitionKey := [ "PARTITION_KEY_UNSPECIFIED", "REQUEST_TIME" ]

valid {
    input.Body.analysisQuery.accessSelector.permissions[_] == STRING
    input.Body.analysisQuery.accessSelector.roles[_] == STRING
    input.Body.analysisQuery.conditionContext.accessTime == STRING
    input.Body.analysisQuery.identitySelector.identity == STRING
    input.Body.analysisQuery.options.analyzeServiceAccountImpersonation == BOOLEAN
    input.Body.analysisQuery.options.expandGroups == BOOLEAN
    input.Body.analysisQuery.options.expandResources == BOOLEAN
    input.Body.analysisQuery.options.expandRoles == BOOLEAN
    input.Body.analysisQuery.options.outputGroupEdges == BOOLEAN
    input.Body.analysisQuery.options.outputResourceEdges == BOOLEAN
    input.Body.analysisQuery.resourceSelector.fullResourceName == STRING
    input.Body.analysisQuery.scope == STRING
    input.Body.outputConfig.bigqueryDestination.dataset == STRING
    input.Body.outputConfig.bigqueryDestination.partitionKey == enum_GoogleCloudAssetV1BigQueryDestinationPartitionKey[_]
    input.Body.outputConfig.bigqueryDestination.tablePrefix == STRING
    input.Body.outputConfig.bigqueryDestination.writeDisposition == STRING
    input.Body.outputConfig.gcsDestination.uri == STRING
    input.Body.savedAnalysisQuery == STRING
    input.ReqMap.scope == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.analyzeMove

enum_ViewParameter := [ "ANALYSIS_VIEW_UNSPECIFIED", "FULL", "BASIC" ]

valid {
    input.ReqMap.resource == STRING
    input.Qs.destinationParent == STRING
    input.Qs.view == enum_ViewParameter[_]
    input.ProviderMetadata.Region == STRING
}

cloudasset.analyzeOrgPolicies

valid {
    input.ReqMap.scope == STRING
    input.Qs.constraint == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.analyzeOrgPolicyGovernedAssets

valid {
    input.ReqMap.scope == STRING
    input.Qs.constraint == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.analyzeOrgPolicyGovernedContainers

valid {
    input.ReqMap.scope == STRING
    input.Qs.constraint == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.assets.list

enum_ContentTypeParameter := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]

valid {
    input.ReqMap.parent == STRING
    input.Qs.assetTypes == STRING
    input.Qs.contentType == enum_ContentTypeParameter[_]
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.readTime == STRING
    input.Qs.relationshipTypes == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.batchGetAssetsHistory

enum_ContentTypeParameter := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]

valid {
    input.ReqMap.parent == STRING
    input.Qs.assetNames == STRING
    input.Qs.contentType == enum_ContentTypeParameter[_]
    input.Qs.readTimeWindow.endTime == STRING
    input.Qs.readTimeWindow.startTime == STRING
    input.Qs.relationshipTypes == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.effectiveIamPolicies.batchGet

valid {
    input.ReqMap.scope == STRING
    input.Qs.names == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.exportAssets

enum_ExportAssetsRequestContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]
enum_PartitionSpecPartitionKey := [ "PARTITION_KEY_UNSPECIFIED", "READ_TIME", "REQUEST_TIME" ]

valid {
    input.Body.assetTypes[_] == STRING
    input.Body.contentType == enum_ExportAssetsRequestContentType[_]
    input.Body.outputConfig.bigqueryDestination.dataset == STRING
    input.Body.outputConfig.bigqueryDestination.force == BOOLEAN
    input.Body.outputConfig.bigqueryDestination.partitionSpec.partitionKey == enum_PartitionSpecPartitionKey[_]
    input.Body.outputConfig.bigqueryDestination.separateTablesPerAssetType == BOOLEAN
    input.Body.outputConfig.bigqueryDestination.table == STRING
    input.Body.outputConfig.gcsDestination.uri == STRING
    input.Body.outputConfig.gcsDestination.uriPrefix == STRING
    input.Body.readTime == STRING
    input.Body.relationshipTypes[_] == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.exportIamPolicyAnalysis

valid {
    input.Body.analysisQuery.accessSelector.permissions[_] == STRING
    input.Body.analysisQuery.accessSelector.roles[_] == STRING
    input.Body.analysisQuery.identitySelector.identity == STRING
    input.Body.analysisQuery.parent == STRING
    input.Body.analysisQuery.resourceSelector.fullResourceName == STRING
    input.Body.options.analyzeServiceAccountImpersonation == BOOLEAN
    input.Body.options.expandGroups == BOOLEAN
    input.Body.options.expandResources == BOOLEAN
    input.Body.options.expandRoles == BOOLEAN
    input.Body.options.outputGroupEdges == BOOLEAN
    input.Body.options.outputResourceEdges == BOOLEAN
    input.Body.outputConfig.gcsDestination.uri == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.feeds.create

enum_FeedContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]

valid {
    input.Body.feed.assetNames[_] == STRING
    input.Body.feed.assetTypes[_] == STRING
    input.Body.feed.condition.description == STRING
    input.Body.feed.condition.expression == STRING
    input.Body.feed.condition.location == STRING
    input.Body.feed.condition.title == STRING
    input.Body.feed.contentType == enum_FeedContentType[_]
    input.Body.feed.feedOutputConfig.pubsubDestination.topic == STRING
    input.Body.feed.name == STRING
    input.Body.feed.relationshipTypes[_] == STRING
    input.Body.feedId == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.feeds.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.feeds.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.feeds.list

valid {
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.feeds.patch

enum_FeedContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]

valid {
    input.Body.feed.assetNames[_] == STRING
    input.Body.feed.assetTypes[_] == STRING
    input.Body.feed.condition.description == STRING
    input.Body.feed.condition.expression == STRING
    input.Body.feed.condition.location == STRING
    input.Body.feed.condition.title == STRING
    input.Body.feed.contentType == enum_FeedContentType[_]
    input.Body.feed.feedOutputConfig.pubsubDestination.topic == STRING
    input.Body.feed.name == STRING
    input.Body.feed.relationshipTypes[_] == STRING
    input.Body.updateMask == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.folders.exportAssets

enum_ExportAssetsRequestContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]

valid {
    input.Body.assetTypes[_] == STRING
    input.Body.contentType == enum_ExportAssetsRequestContentType[_]
    input.Body.outputConfig.gcsDestination.uri == STRING
    input.Body.outputConfig.gcsDestination.uriPrefix == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.folders.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.iamPolicies.searchAll

valid {
    input.ReqMap.scope == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.organizations.batchGetAssetsHistory

enum_ContentTypeParameter := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]

valid {
    input.ReqMap.parent == STRING
    input.Qs.assetNames == STRING
    input.Qs.contentType == enum_ContentTypeParameter[_]
    input.Qs.readTimeWindow.endTime == STRING
    input.Qs.readTimeWindow.startTime == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.organizations.exportAssets

enum_ExportAssetsRequestContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]

valid {
    input.Body.assetTypes[_] == STRING
    input.Body.contentType == enum_ExportAssetsRequestContentType[_]
    input.Body.outputConfig.gcsDestination.uri == STRING
    input.Body.outputConfig.gcsDestination.uriPrefix == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.organizations.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.projects.batchGetAssetsHistory

enum_ContentTypeParameter := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]

valid {
    input.ReqMap.parent == STRING
    input.Qs.assetNames == STRING
    input.Qs.contentType == enum_ContentTypeParameter[_]
    input.Qs.readTimeWindow.endTime == STRING
    input.Qs.readTimeWindow.startTime == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.projects.exportAssets

enum_ExportAssetsRequestContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]

valid {
    input.Body.assetTypes[_] == STRING
    input.Body.contentType == enum_ExportAssetsRequestContentType[_]
    input.Body.outputConfig.gcsDestination.uri == STRING
    input.Body.outputConfig.gcsDestination.uriPrefix == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.projects.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.queryAssets

valid {
    input.Body.jobReference == STRING
    input.Body.outputConfig.bigqueryDestination.dataset == STRING
    input.Body.outputConfig.bigqueryDestination.table == STRING
    input.Body.outputConfig.bigqueryDestination.writeDisposition == STRING
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.Body.readTime == STRING
    input.Body.readTimeWindow.endTime == STRING
    input.Body.readTimeWindow.startTime == STRING
    input.Body.statement == STRING
    input.Body.timeout == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.resources.searchAll

valid {
    input.ReqMap.scope == STRING
    input.Qs.assetTypes == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.savedQueries.create

valid {
    input.Body.content.iamPolicyAnalysisQuery.accessSelector.permissions[_] == STRING
    input.Body.content.iamPolicyAnalysisQuery.accessSelector.roles[_] == STRING
    input.Body.content.iamPolicyAnalysisQuery.conditionContext.accessTime == STRING
    input.Body.content.iamPolicyAnalysisQuery.identitySelector.identity == STRING
    input.Body.content.iamPolicyAnalysisQuery.options.analyzeServiceAccountImpersonation == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.expandGroups == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.expandResources == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.expandRoles == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.outputGroupEdges == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.outputResourceEdges == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.resourceSelector.fullResourceName == STRING
    input.Body.content.iamPolicyAnalysisQuery.scope == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.savedQueryId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.savedQueries.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.savedQueries.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.savedQueries.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.savedQueries.patch

valid {
    input.Body.content.iamPolicyAnalysisQuery.accessSelector.permissions[_] == STRING
    input.Body.content.iamPolicyAnalysisQuery.accessSelector.roles[_] == STRING
    input.Body.content.iamPolicyAnalysisQuery.conditionContext.accessTime == STRING
    input.Body.content.iamPolicyAnalysisQuery.identitySelector.identity == STRING
    input.Body.content.iamPolicyAnalysisQuery.options.analyzeServiceAccountImpersonation == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.expandGroups == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.expandResources == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.expandRoles == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.outputGroupEdges == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.options.outputResourceEdges == BOOLEAN
    input.Body.content.iamPolicyAnalysisQuery.resourceSelector.fullResourceName == STRING
    input.Body.content.iamPolicyAnalysisQuery.scope == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.searchAllIamPolicies

valid {
    input.ReqMap.scope == STRING
    input.Qs.assetTypes == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudasset.searchAllResources

valid {
    input.ReqMap.scope == STRING
    input.Qs.assetTypes == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.Qs.readMask == STRING
    input.ProviderMetadata.Region == STRING
}