CLOUDASSET
cloudasset.analyzeIamPolicy
valid {
input.ReqMap.scope == STRING
input.Qs.analysisQuery.accessSelector.permissions == STRING
input.Qs.analysisQuery.accessSelector.roles == STRING
input.Qs.analysisQuery.conditionContext.accessTime == STRING
input.Qs.analysisQuery.identitySelector.identity == STRING
input.Qs.analysisQuery.options.analyzeServiceAccountImpersonation == BOOLEAN
input.Qs.analysisQuery.options.expandGroups == BOOLEAN
input.Qs.analysisQuery.options.expandResources == BOOLEAN
input.Qs.analysisQuery.options.expandRoles == BOOLEAN
input.Qs.analysisQuery.options.outputGroupEdges == BOOLEAN
input.Qs.analysisQuery.options.outputResourceEdges == BOOLEAN
input.Qs.analysisQuery.resourceSelector.fullResourceName == STRING
input.Qs.executionTimeout == STRING
input.Qs.savedAnalysisQuery == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.analyzeIamPolicyLongrunning
enum_GoogleCloudAssetV1BigQueryDestinationPartitionKey := [ "PARTITION_KEY_UNSPECIFIED", "REQUEST_TIME" ]
valid {
input.Body.analysisQuery.accessSelector.permissions[_] == STRING
input.Body.analysisQuery.accessSelector.roles[_] == STRING
input.Body.analysisQuery.conditionContext.accessTime == STRING
input.Body.analysisQuery.identitySelector.identity == STRING
input.Body.analysisQuery.options.analyzeServiceAccountImpersonation == BOOLEAN
input.Body.analysisQuery.options.expandGroups == BOOLEAN
input.Body.analysisQuery.options.expandResources == BOOLEAN
input.Body.analysisQuery.options.expandRoles == BOOLEAN
input.Body.analysisQuery.options.outputGroupEdges == BOOLEAN
input.Body.analysisQuery.options.outputResourceEdges == BOOLEAN
input.Body.analysisQuery.resourceSelector.fullResourceName == STRING
input.Body.analysisQuery.scope == STRING
input.Body.outputConfig.bigqueryDestination.dataset == STRING
input.Body.outputConfig.bigqueryDestination.partitionKey == enum_GoogleCloudAssetV1BigQueryDestinationPartitionKey[_]
input.Body.outputConfig.bigqueryDestination.tablePrefix == STRING
input.Body.outputConfig.bigqueryDestination.writeDisposition == STRING
input.Body.outputConfig.gcsDestination.uri == STRING
input.Body.savedAnalysisQuery == STRING
input.ReqMap.scope == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.analyzeMove
enum_ViewParameter := [ "ANALYSIS_VIEW_UNSPECIFIED", "FULL", "BASIC" ]
valid {
input.ReqMap.resource == STRING
input.Qs.destinationParent == STRING
input.Qs.view == enum_ViewParameter[_]
input.ProviderMetadata.Region == STRING
}
cloudasset.analyzeOrgPolicies
valid {
input.ReqMap.scope == STRING
input.Qs.constraint == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.analyzeOrgPolicyGovernedAssets
valid {
input.ReqMap.scope == STRING
input.Qs.constraint == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.analyzeOrgPolicyGovernedContainers
valid {
input.ReqMap.scope == STRING
input.Qs.constraint == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.assets.list
enum_ContentTypeParameter := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]
valid {
input.ReqMap.parent == STRING
input.Qs.assetTypes == STRING
input.Qs.contentType == enum_ContentTypeParameter[_]
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.readTime == STRING
input.Qs.relationshipTypes == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.batchGetAssetsHistory
enum_ContentTypeParameter := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]
valid {
input.ReqMap.parent == STRING
input.Qs.assetNames == STRING
input.Qs.contentType == enum_ContentTypeParameter[_]
input.Qs.readTimeWindow.endTime == STRING
input.Qs.readTimeWindow.startTime == STRING
input.Qs.relationshipTypes == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.effectiveIamPolicies.batchGet
valid {
input.ReqMap.scope == STRING
input.Qs.names == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.exportAssets
enum_ExportAssetsRequestContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]
enum_PartitionSpecPartitionKey := [ "PARTITION_KEY_UNSPECIFIED", "READ_TIME", "REQUEST_TIME" ]
valid {
input.Body.assetTypes[_] == STRING
input.Body.contentType == enum_ExportAssetsRequestContentType[_]
input.Body.outputConfig.bigqueryDestination.dataset == STRING
input.Body.outputConfig.bigqueryDestination.force == BOOLEAN
input.Body.outputConfig.bigqueryDestination.partitionSpec.partitionKey == enum_PartitionSpecPartitionKey[_]
input.Body.outputConfig.bigqueryDestination.separateTablesPerAssetType == BOOLEAN
input.Body.outputConfig.bigqueryDestination.table == STRING
input.Body.outputConfig.gcsDestination.uri == STRING
input.Body.outputConfig.gcsDestination.uriPrefix == STRING
input.Body.readTime == STRING
input.Body.relationshipTypes[_] == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.exportIamPolicyAnalysis
valid {
input.Body.analysisQuery.accessSelector.permissions[_] == STRING
input.Body.analysisQuery.accessSelector.roles[_] == STRING
input.Body.analysisQuery.identitySelector.identity == STRING
input.Body.analysisQuery.parent == STRING
input.Body.analysisQuery.resourceSelector.fullResourceName == STRING
input.Body.options.analyzeServiceAccountImpersonation == BOOLEAN
input.Body.options.expandGroups == BOOLEAN
input.Body.options.expandResources == BOOLEAN
input.Body.options.expandRoles == BOOLEAN
input.Body.options.outputGroupEdges == BOOLEAN
input.Body.options.outputResourceEdges == BOOLEAN
input.Body.outputConfig.gcsDestination.uri == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.feeds.create
enum_FeedContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]
valid {
input.Body.feed.assetNames[_] == STRING
input.Body.feed.assetTypes[_] == STRING
input.Body.feed.condition.description == STRING
input.Body.feed.condition.expression == STRING
input.Body.feed.condition.location == STRING
input.Body.feed.condition.title == STRING
input.Body.feed.contentType == enum_FeedContentType[_]
input.Body.feed.feedOutputConfig.pubsubDestination.topic == STRING
input.Body.feed.name == STRING
input.Body.feed.relationshipTypes[_] == STRING
input.Body.feedId == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.feeds.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.feeds.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.feeds.list
valid {
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.feeds.patch
enum_FeedContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY", "OS_INVENTORY", "RELATIONSHIP" ]
valid {
input.Body.feed.assetNames[_] == STRING
input.Body.feed.assetTypes[_] == STRING
input.Body.feed.condition.description == STRING
input.Body.feed.condition.expression == STRING
input.Body.feed.condition.location == STRING
input.Body.feed.condition.title == STRING
input.Body.feed.contentType == enum_FeedContentType[_]
input.Body.feed.feedOutputConfig.pubsubDestination.topic == STRING
input.Body.feed.name == STRING
input.Body.feed.relationshipTypes[_] == STRING
input.Body.updateMask == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.folders.exportAssets
enum_ExportAssetsRequestContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]
valid {
input.Body.assetTypes[_] == STRING
input.Body.contentType == enum_ExportAssetsRequestContentType[_]
input.Body.outputConfig.gcsDestination.uri == STRING
input.Body.outputConfig.gcsDestination.uriPrefix == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.folders.operations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.iamPolicies.searchAll
valid {
input.ReqMap.scope == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.query == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.operations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.organizations.batchGetAssetsHistory
enum_ContentTypeParameter := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]
valid {
input.ReqMap.parent == STRING
input.Qs.assetNames == STRING
input.Qs.contentType == enum_ContentTypeParameter[_]
input.Qs.readTimeWindow.endTime == STRING
input.Qs.readTimeWindow.startTime == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.organizations.exportAssets
enum_ExportAssetsRequestContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]
valid {
input.Body.assetTypes[_] == STRING
input.Body.contentType == enum_ExportAssetsRequestContentType[_]
input.Body.outputConfig.gcsDestination.uri == STRING
input.Body.outputConfig.gcsDestination.uriPrefix == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.organizations.operations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.projects.batchGetAssetsHistory
enum_ContentTypeParameter := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]
valid {
input.ReqMap.parent == STRING
input.Qs.assetNames == STRING
input.Qs.contentType == enum_ContentTypeParameter[_]
input.Qs.readTimeWindow.endTime == STRING
input.Qs.readTimeWindow.startTime == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.projects.exportAssets
enum_ExportAssetsRequestContentType := [ "CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY" ]
valid {
input.Body.assetTypes[_] == STRING
input.Body.contentType == enum_ExportAssetsRequestContentType[_]
input.Body.outputConfig.gcsDestination.uri == STRING
input.Body.outputConfig.gcsDestination.uriPrefix == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.projects.operations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.queryAssets
valid {
input.Body.jobReference == STRING
input.Body.outputConfig.bigqueryDestination.dataset == STRING
input.Body.outputConfig.bigqueryDestination.table == STRING
input.Body.outputConfig.bigqueryDestination.writeDisposition == STRING
input.Body.pageSize == INTEGER
input.Body.pageToken == STRING
input.Body.readTime == STRING
input.Body.readTimeWindow.endTime == STRING
input.Body.readTimeWindow.startTime == STRING
input.Body.statement == STRING
input.Body.timeout == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.resources.searchAll
valid {
input.ReqMap.scope == STRING
input.Qs.assetTypes == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.query == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.savedQueries.create
valid {
input.Body.content.iamPolicyAnalysisQuery.accessSelector.permissions[_] == STRING
input.Body.content.iamPolicyAnalysisQuery.accessSelector.roles[_] == STRING
input.Body.content.iamPolicyAnalysisQuery.conditionContext.accessTime == STRING
input.Body.content.iamPolicyAnalysisQuery.identitySelector.identity == STRING
input.Body.content.iamPolicyAnalysisQuery.options.analyzeServiceAccountImpersonation == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.expandGroups == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.expandResources == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.expandRoles == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.outputGroupEdges == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.outputResourceEdges == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.resourceSelector.fullResourceName == STRING
input.Body.content.iamPolicyAnalysisQuery.scope == STRING
input.Body.description == STRING
input.Body.labels.STRING == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.Qs.savedQueryId == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.savedQueries.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.savedQueries.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.savedQueries.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.savedQueries.patch
valid {
input.Body.content.iamPolicyAnalysisQuery.accessSelector.permissions[_] == STRING
input.Body.content.iamPolicyAnalysisQuery.accessSelector.roles[_] == STRING
input.Body.content.iamPolicyAnalysisQuery.conditionContext.accessTime == STRING
input.Body.content.iamPolicyAnalysisQuery.identitySelector.identity == STRING
input.Body.content.iamPolicyAnalysisQuery.options.analyzeServiceAccountImpersonation == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.expandGroups == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.expandResources == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.expandRoles == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.outputGroupEdges == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.options.outputResourceEdges == BOOLEAN
input.Body.content.iamPolicyAnalysisQuery.resourceSelector.fullResourceName == STRING
input.Body.content.iamPolicyAnalysisQuery.scope == STRING
input.Body.description == STRING
input.Body.labels.STRING == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.searchAllIamPolicies
valid {
input.ReqMap.scope == STRING
input.Qs.assetTypes == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.query == STRING
input.ProviderMetadata.Region == STRING
}
cloudasset.searchAllResources
valid {
input.ReqMap.scope == STRING
input.Qs.assetTypes == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.query == STRING
input.Qs.readMask == STRING
input.ProviderMetadata.Region == STRING
}
Updated 4 days ago