CLOUDBUILD

cloudbuild.githubDotComWebhook.receive

valid {
    input.Body.contentType == STRING
    input.Body.data == STRING
    input.Body.extensions[_].STRING == ANY
    input.Qs.webhookKey == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.locations.regionalWebhook

valid {
    input.Body.contentType == STRING
    input.Body.data == STRING
    input.Body.extensions[_].STRING == ANY
    input.ReqMap.location == STRING
    input.Qs.webhookKey == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.operations.cancel

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.builds.approve

enum_ApprovalResultDecision := [ "DECISION_UNSPECIFIED", "APPROVED", "REJECTED" ]

valid {
    input.Body.approvalResult.comment == STRING
    input.Body.approvalResult.decision == enum_ApprovalResultDecision[_]
    input.Body.approvalResult.url == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.builds.cancel

valid {
    input.Body.id == STRING
    input.Body.name == STRING
    input.Body.projectId == STRING
    input.ReqMap.id == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.builds.create

enum_BuildOptionsDefaultLogsBucketBehavior := [ "DEFAULT_LOGS_BUCKET_BEHAVIOR_UNSPECIFIED", "REGIONAL_USER_OWNED_BUCKET", "LEGACY_BUCKET" ]
enum_BuildOptionsLogStreamingOption := [ "STREAM_DEFAULT", "STREAM_ON", "STREAM_OFF" ]
enum_BuildOptionsLogging := [ "LOGGING_UNSPECIFIED", "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", "NONE" ]
enum_BuildOptionsMachineType := [ "UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32", "E2_MEDIUM" ]
enum_BuildOptionsRequestedVerifyOption := [ "NOT_VERIFIED", "VERIFIED" ]
enum_BuildOptionsSourceProvenanceHash := [ "NONE", "SHA256", "MD5", "SHA512" ]
enum_BuildOptionsSubstitutionOption := [ "MUST_MATCH", "ALLOW_LOOSE" ]
enum_StorageSourceSourceFetcher := [ "SOURCE_FETCHER_UNSPECIFIED", "GSUTIL", "GCS_FETCHER" ]

valid {
    input.Body.artifacts.images[_] == STRING
    input.Body.artifacts.mavenArtifacts[_].artifactId == STRING
    input.Body.artifacts.mavenArtifacts[_].groupId == STRING
    input.Body.artifacts.mavenArtifacts[_].path == STRING
    input.Body.artifacts.mavenArtifacts[_].repository == STRING
    input.Body.artifacts.mavenArtifacts[_].version == STRING
    input.Body.artifacts.npmPackages[_].packagePath == STRING
    input.Body.artifacts.npmPackages[_].repository == STRING
    input.Body.artifacts.objects.location == STRING
    input.Body.artifacts.objects.paths[_] == STRING
    input.Body.artifacts.pythonPackages[_].paths[_] == STRING
    input.Body.artifacts.pythonPackages[_].repository == STRING
    input.Body.availableSecrets.inline[_].envMap.STRING == STRING
    input.Body.availableSecrets.inline[_].kmsKeyName == STRING
    input.Body.availableSecrets.secretManager[_].env == STRING
    input.Body.availableSecrets.secretManager[_].versionName == STRING
    input.Body.gitConfig.http.proxySecretVersionName == STRING
    input.Body.images[_] == STRING
    input.Body.logsBucket == STRING
    input.Body.options.automapSubstitutions == BOOLEAN
    input.Body.options.defaultLogsBucketBehavior == enum_BuildOptionsDefaultLogsBucketBehavior[_]
    input.Body.options.diskSizeGb == STRING
    input.Body.options.dynamicSubstitutions == BOOLEAN
    input.Body.options.env[_] == STRING
    input.Body.options.logStreamingOption == enum_BuildOptionsLogStreamingOption[_]
    input.Body.options.logging == enum_BuildOptionsLogging[_]
    input.Body.options.machineType == enum_BuildOptionsMachineType[_]
    input.Body.options.pool.name == STRING
    input.Body.options.requestedVerifyOption == enum_BuildOptionsRequestedVerifyOption[_]
    input.Body.options.secretEnv[_] == STRING
    input.Body.options.sourceProvenanceHash[_] == enum_BuildOptionsSourceProvenanceHash[_]
    input.Body.options.substitutionOption == enum_BuildOptionsSubstitutionOption[_]
    input.Body.options.volumes[_].name == STRING
    input.Body.options.volumes[_].path == STRING
    input.Body.options.workerPool == STRING
    input.Body.queueTtl == STRING
    input.Body.secrets[_].kmsKeyName == STRING
    input.Body.secrets[_].secretEnv.STRING == STRING
    input.Body.serviceAccount == STRING
    input.Body.source.connectedRepository.dir == STRING
    input.Body.source.connectedRepository.repository == STRING
    input.Body.source.connectedRepository.revision == STRING
    input.Body.source.developerConnectConfig.dir == STRING
    input.Body.source.developerConnectConfig.gitRepositoryLink == STRING
    input.Body.source.developerConnectConfig.revision == STRING
    input.Body.source.gitSource.dir == STRING
    input.Body.source.gitSource.revision == STRING
    input.Body.source.gitSource.url == STRING
    input.Body.source.repoSource.branchName == STRING
    input.Body.source.repoSource.commitSha == STRING
    input.Body.source.repoSource.dir == STRING
    input.Body.source.repoSource.invertRegex == BOOLEAN
    input.Body.source.repoSource.projectId == STRING
    input.Body.source.repoSource.repoName == STRING
    input.Body.source.repoSource.substitutions.STRING == STRING
    input.Body.source.repoSource.tagName == STRING
    input.Body.source.storageSource.bucket == STRING
    input.Body.source.storageSource.generation == STRING
    input.Body.source.storageSource.object == STRING
    input.Body.source.storageSource.sourceFetcher == enum_StorageSourceSourceFetcher[_]
    input.Body.source.storageSourceManifest.bucket == STRING
    input.Body.source.storageSourceManifest.generation == STRING
    input.Body.source.storageSourceManifest.object == STRING
    input.Body.steps[_].allowExitCodes[_] == INTEGER
    input.Body.steps[_].allowFailure == BOOLEAN
    input.Body.steps[_].args[_] == STRING
    input.Body.steps[_].automapSubstitutions == BOOLEAN
    input.Body.steps[_].dir == STRING
    input.Body.steps[_].entrypoint == STRING
    input.Body.steps[_].env[_] == STRING
    input.Body.steps[_].id == STRING
    input.Body.steps[_].name == STRING
    input.Body.steps[_].script == STRING
    input.Body.steps[_].secretEnv[_] == STRING
    input.Body.steps[_].timeout == STRING
    input.Body.steps[_].volumes[_].name == STRING
    input.Body.steps[_].volumes[_].path == STRING
    input.Body.steps[_].waitFor[_] == STRING
    input.Body.substitutions.STRING == STRING
    input.Body.tags[_] == STRING
    input.Body.timeout == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.builds.get

valid {
    input.ReqMap.id == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.name == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.builds.list

valid {
    input.ReqMap.ProjectID == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.builds.retry

valid {
    input.Body.id == STRING
    input.Body.name == STRING
    input.Body.projectId == STRING
    input.ReqMap.id == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.githubEnterpriseConfigs.create

valid {
    input.Body.appId == STRING
    input.Body.displayName == STRING
    input.Body.hostUrl == STRING
    input.Body.name == STRING
    input.Body.peeredNetwork == STRING
    input.Body.secrets.oauthClientIdName == STRING
    input.Body.secrets.oauthClientIdVersionName == STRING
    input.Body.secrets.oauthSecretName == STRING
    input.Body.secrets.oauthSecretVersionName == STRING
    input.Body.secrets.privateKeyName == STRING
    input.Body.secrets.privateKeyVersionName == STRING
    input.Body.secrets.webhookSecretName == STRING
    input.Body.secrets.webhookSecretVersionName == STRING
    input.Body.sslCa == STRING
    input.Body.webhookKey == STRING
    input.ReqMap.parent == STRING
    input.Qs.gheConfigId == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.githubEnterpriseConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.configId == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.githubEnterpriseConfigs.get

valid {
    input.ReqMap.name == STRING
    input.Qs.configId == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.githubEnterpriseConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.githubEnterpriseConfigs.patch

valid {
    input.Body.appId == STRING
    input.Body.displayName == STRING
    input.Body.hostUrl == STRING
    input.Body.name == STRING
    input.Body.peeredNetwork == STRING
    input.Body.secrets.oauthClientIdName == STRING
    input.Body.secrets.oauthClientIdVersionName == STRING
    input.Body.secrets.oauthSecretName == STRING
    input.Body.secrets.oauthSecretVersionName == STRING
    input.Body.secrets.privateKeyName == STRING
    input.Body.secrets.privateKeyVersionName == STRING
    input.Body.secrets.webhookSecretName == STRING
    input.Body.secrets.webhookSecretVersionName == STRING
    input.Body.sslCa == STRING
    input.Body.webhookKey == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.bitbucketServerConfigs.connectedRepositories.batchCreate

valid {
    input.Body.requests[_].bitbucketServerConnectedRepository.parent == STRING
    input.Body.requests[_].bitbucketServerConnectedRepository.repo.projectKey == STRING
    input.Body.requests[_].bitbucketServerConnectedRepository.repo.repoSlug == STRING
    input.Body.requests[_].parent == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.bitbucketServerConfigs.create

valid {
    input.Body.apiKey == STRING
    input.Body.createTime == STRING
    input.Body.hostUri == STRING
    input.Body.name == STRING
    input.Body.peeredNetwork == STRING
    input.Body.peeredNetworkIpRange == STRING
    input.Body.secrets.adminAccessTokenVersionName == STRING
    input.Body.secrets.readAccessTokenVersionName == STRING
    input.Body.secrets.webhookSecretVersionName == STRING
    input.Body.sslCa == STRING
    input.Body.username == STRING
    input.ReqMap.parent == STRING
    input.Qs.bitbucketServerConfigId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.bitbucketServerConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.bitbucketServerConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.bitbucketServerConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.bitbucketServerConfigs.patch

valid {
    input.Body.apiKey == STRING
    input.Body.createTime == STRING
    input.Body.hostUri == STRING
    input.Body.name == STRING
    input.Body.peeredNetwork == STRING
    input.Body.peeredNetworkIpRange == STRING
    input.Body.secrets.adminAccessTokenVersionName == STRING
    input.Body.secrets.readAccessTokenVersionName == STRING
    input.Body.secrets.webhookSecretVersionName == STRING
    input.Body.sslCa == STRING
    input.Body.username == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.bitbucketServerConfigs.removeBitbucketServerConnectedRepository

valid {
    input.Body.connectedRepository.projectKey == STRING
    input.Body.connectedRepository.repoSlug == STRING
    input.ReqMap.config == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.bitbucketServerConfigs.repos.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.builds.approve

enum_ApprovalResultDecision := [ "DECISION_UNSPECIFIED", "APPROVED", "REJECTED" ]

valid {
    input.Body.approvalResult.comment == STRING
    input.Body.approvalResult.decision == enum_ApprovalResultDecision[_]
    input.Body.approvalResult.url == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.builds.cancel

valid {
    input.Body.id == STRING
    input.Body.name == STRING
    input.Body.projectId == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.builds.create

enum_BuildOptionsDefaultLogsBucketBehavior := [ "DEFAULT_LOGS_BUCKET_BEHAVIOR_UNSPECIFIED", "REGIONAL_USER_OWNED_BUCKET", "LEGACY_BUCKET" ]
enum_BuildOptionsLogStreamingOption := [ "STREAM_DEFAULT", "STREAM_ON", "STREAM_OFF" ]
enum_BuildOptionsLogging := [ "LOGGING_UNSPECIFIED", "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", "NONE" ]
enum_BuildOptionsMachineType := [ "UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32", "E2_MEDIUM" ]
enum_BuildOptionsRequestedVerifyOption := [ "NOT_VERIFIED", "VERIFIED" ]
enum_BuildOptionsSourceProvenanceHash := [ "NONE", "SHA256", "MD5", "SHA512" ]
enum_BuildOptionsSubstitutionOption := [ "MUST_MATCH", "ALLOW_LOOSE" ]
enum_StorageSourceSourceFetcher := [ "SOURCE_FETCHER_UNSPECIFIED", "GSUTIL", "GCS_FETCHER" ]

valid {
    input.Body.artifacts.images[_] == STRING
    input.Body.artifacts.mavenArtifacts[_].artifactId == STRING
    input.Body.artifacts.mavenArtifacts[_].groupId == STRING
    input.Body.artifacts.mavenArtifacts[_].path == STRING
    input.Body.artifacts.mavenArtifacts[_].repository == STRING
    input.Body.artifacts.mavenArtifacts[_].version == STRING
    input.Body.artifacts.npmPackages[_].packagePath == STRING
    input.Body.artifacts.npmPackages[_].repository == STRING
    input.Body.artifacts.objects.location == STRING
    input.Body.artifacts.objects.paths[_] == STRING
    input.Body.artifacts.pythonPackages[_].paths[_] == STRING
    input.Body.artifacts.pythonPackages[_].repository == STRING
    input.Body.availableSecrets.inline[_].envMap.STRING == STRING
    input.Body.availableSecrets.inline[_].kmsKeyName == STRING
    input.Body.availableSecrets.secretManager[_].env == STRING
    input.Body.availableSecrets.secretManager[_].versionName == STRING
    input.Body.gitConfig.http.proxySecretVersionName == STRING
    input.Body.images[_] == STRING
    input.Body.logsBucket == STRING
    input.Body.options.automapSubstitutions == BOOLEAN
    input.Body.options.defaultLogsBucketBehavior == enum_BuildOptionsDefaultLogsBucketBehavior[_]
    input.Body.options.diskSizeGb == STRING
    input.Body.options.dynamicSubstitutions == BOOLEAN
    input.Body.options.env[_] == STRING
    input.Body.options.logStreamingOption == enum_BuildOptionsLogStreamingOption[_]
    input.Body.options.logging == enum_BuildOptionsLogging[_]
    input.Body.options.machineType == enum_BuildOptionsMachineType[_]
    input.Body.options.pool.name == STRING
    input.Body.options.requestedVerifyOption == enum_BuildOptionsRequestedVerifyOption[_]
    input.Body.options.secretEnv[_] == STRING
    input.Body.options.sourceProvenanceHash[_] == enum_BuildOptionsSourceProvenanceHash[_]
    input.Body.options.substitutionOption == enum_BuildOptionsSubstitutionOption[_]
    input.Body.options.volumes[_].name == STRING
    input.Body.options.volumes[_].path == STRING
    input.Body.options.workerPool == STRING
    input.Body.queueTtl == STRING
    input.Body.secrets[_].kmsKeyName == STRING
    input.Body.secrets[_].secretEnv.STRING == STRING
    input.Body.serviceAccount == STRING
    input.Body.source.connectedRepository.dir == STRING
    input.Body.source.connectedRepository.repository == STRING
    input.Body.source.connectedRepository.revision == STRING
    input.Body.source.developerConnectConfig.dir == STRING
    input.Body.source.developerConnectConfig.gitRepositoryLink == STRING
    input.Body.source.developerConnectConfig.revision == STRING
    input.Body.source.gitSource.dir == STRING
    input.Body.source.gitSource.revision == STRING
    input.Body.source.gitSource.url == STRING
    input.Body.source.repoSource.branchName == STRING
    input.Body.source.repoSource.commitSha == STRING
    input.Body.source.repoSource.dir == STRING
    input.Body.source.repoSource.invertRegex == BOOLEAN
    input.Body.source.repoSource.projectId == STRING
    input.Body.source.repoSource.repoName == STRING
    input.Body.source.repoSource.substitutions.STRING == STRING
    input.Body.source.repoSource.tagName == STRING
    input.Body.source.storageSource.bucket == STRING
    input.Body.source.storageSource.generation == STRING
    input.Body.source.storageSource.object == STRING
    input.Body.source.storageSource.sourceFetcher == enum_StorageSourceSourceFetcher[_]
    input.Body.source.storageSourceManifest.bucket == STRING
    input.Body.source.storageSourceManifest.generation == STRING
    input.Body.source.storageSourceManifest.object == STRING
    input.Body.steps[_].allowExitCodes[_] == INTEGER
    input.Body.steps[_].allowFailure == BOOLEAN
    input.Body.steps[_].args[_] == STRING
    input.Body.steps[_].automapSubstitutions == BOOLEAN
    input.Body.steps[_].dir == STRING
    input.Body.steps[_].entrypoint == STRING
    input.Body.steps[_].env[_] == STRING
    input.Body.steps[_].id == STRING
    input.Body.steps[_].name == STRING
    input.Body.steps[_].script == STRING
    input.Body.steps[_].secretEnv[_] == STRING
    input.Body.steps[_].timeout == STRING
    input.Body.steps[_].volumes[_].name == STRING
    input.Body.steps[_].volumes[_].path == STRING
    input.Body.steps[_].waitFor[_] == STRING
    input.Body.substitutions.STRING == STRING
    input.Body.tags[_] == STRING
    input.Body.timeout == STRING
    input.ReqMap.parent == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.builds.get

valid {
    input.ReqMap.name == STRING
    input.Qs.id == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.builds.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.builds.retry

valid {
    input.Body.id == STRING
    input.Body.name == STRING
    input.Body.projectId == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.create

valid {
    input.Body.annotations.STRING == STRING
    input.Body.bitbucketCloudConfig.authorizerCredential.userTokenSecretVersion == STRING
    input.Body.bitbucketCloudConfig.readAuthorizerCredential.userTokenSecretVersion == STRING
    input.Body.bitbucketCloudConfig.webhookSecretSecretVersion == STRING
    input.Body.bitbucketCloudConfig.workspace == STRING
    input.Body.bitbucketDataCenterConfig.authorizerCredential.userTokenSecretVersion == STRING
    input.Body.bitbucketDataCenterConfig.hostUri == STRING
    input.Body.bitbucketDataCenterConfig.readAuthorizerCredential.userTokenSecretVersion == STRING
    input.Body.bitbucketDataCenterConfig.serviceDirectoryConfig.service == STRING
    input.Body.bitbucketDataCenterConfig.sslCa == STRING
    input.Body.bitbucketDataCenterConfig.webhookSecretSecretVersion == STRING
    input.Body.disabled == BOOLEAN
    input.Body.etag == STRING
    input.Body.githubConfig.appInstallationId == STRING
    input.Body.githubConfig.authorizerCredential.oauthTokenSecretVersion == STRING
    input.Body.githubEnterpriseConfig.apiKey == STRING
    input.Body.githubEnterpriseConfig.appId == STRING
    input.Body.githubEnterpriseConfig.appInstallationId == STRING
    input.Body.githubEnterpriseConfig.appSlug == STRING
    input.Body.githubEnterpriseConfig.hostUri == STRING
    input.Body.githubEnterpriseConfig.privateKeySecretVersion == STRING
    input.Body.githubEnterpriseConfig.serviceDirectoryConfig.service == STRING
    input.Body.githubEnterpriseConfig.sslCa == STRING
    input.Body.githubEnterpriseConfig.webhookSecretSecretVersion == STRING
    input.Body.gitlabConfig.authorizerCredential.userTokenSecretVersion == STRING
    input.Body.gitlabConfig.hostUri == STRING
    input.Body.gitlabConfig.readAuthorizerCredential.userTokenSecretVersion == STRING
    input.Body.gitlabConfig.serviceDirectoryConfig.service == STRING
    input.Body.gitlabConfig.sslCa == STRING
    input.Body.gitlabConfig.webhookSecretSecretVersion == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.connectionId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.etag == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.fetchLinkableRepositories

valid {
    input.ReqMap.connection == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.patch

valid {
    input.Body.annotations.STRING == STRING
    input.Body.bitbucketCloudConfig.authorizerCredential.userTokenSecretVersion == STRING
    input.Body.bitbucketCloudConfig.readAuthorizerCredential.userTokenSecretVersion == STRING
    input.Body.bitbucketCloudConfig.webhookSecretSecretVersion == STRING
    input.Body.bitbucketCloudConfig.workspace == STRING
    input.Body.bitbucketDataCenterConfig.authorizerCredential.userTokenSecretVersion == STRING
    input.Body.bitbucketDataCenterConfig.hostUri == STRING
    input.Body.bitbucketDataCenterConfig.readAuthorizerCredential.userTokenSecretVersion == STRING
    input.Body.bitbucketDataCenterConfig.serviceDirectoryConfig.service == STRING
    input.Body.bitbucketDataCenterConfig.sslCa == STRING
    input.Body.bitbucketDataCenterConfig.webhookSecretSecretVersion == STRING
    input.Body.disabled == BOOLEAN
    input.Body.etag == STRING
    input.Body.githubConfig.appInstallationId == STRING
    input.Body.githubConfig.authorizerCredential.oauthTokenSecretVersion == STRING
    input.Body.githubEnterpriseConfig.apiKey == STRING
    input.Body.githubEnterpriseConfig.appId == STRING
    input.Body.githubEnterpriseConfig.appInstallationId == STRING
    input.Body.githubEnterpriseConfig.appSlug == STRING
    input.Body.githubEnterpriseConfig.hostUri == STRING
    input.Body.githubEnterpriseConfig.privateKeySecretVersion == STRING
    input.Body.githubEnterpriseConfig.serviceDirectoryConfig.service == STRING
    input.Body.githubEnterpriseConfig.sslCa == STRING
    input.Body.githubEnterpriseConfig.webhookSecretSecretVersion == STRING
    input.Body.gitlabConfig.authorizerCredential.userTokenSecretVersion == STRING
    input.Body.gitlabConfig.hostUri == STRING
    input.Body.gitlabConfig.readAuthorizerCredential.userTokenSecretVersion == STRING
    input.Body.gitlabConfig.serviceDirectoryConfig.service == STRING
    input.Body.gitlabConfig.sslCa == STRING
    input.Body.gitlabConfig.webhookSecretSecretVersion == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.allowMissing == BOOLEAN
    input.Qs.etag == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.processWebhook

valid {
    input.Body.contentType == STRING
    input.Body.data == STRING
    input.Body.extensions[_].STRING == ANY
    input.ReqMap.parent == STRING
    input.Qs.webhookKey == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.repositories.accessReadToken

valid {
    input.Body.STRING == STRING
    input.ReqMap.repository == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.repositories.accessReadWriteToken

valid {
    input.Body.STRING == STRING
    input.ReqMap.repository == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.repositories.batchCreate

valid {
    input.Body.requests[_].parent == STRING
    input.Body.requests[_].repository.annotations.STRING == STRING
    input.Body.requests[_].repository.etag == STRING
    input.Body.requests[_].repository.name == STRING
    input.Body.requests[_].repository.remoteUri == STRING
    input.Body.requests[_].repositoryId == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.repositories.create

valid {
    input.Body.annotations.STRING == STRING
    input.Body.etag == STRING
    input.Body.name == STRING
    input.Body.remoteUri == STRING
    input.ReqMap.parent == STRING
    input.Qs.repositoryId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.repositories.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.etag == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.repositories.fetchGitRefs

enum_RefTypeParameter := [ "REF_TYPE_UNSPECIFIED", "TAG", "BRANCH" ]

valid {
    input.ReqMap.repository == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.refType == enum_RefTypeParameter[_]
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.repositories.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.repositories.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.connections.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.getDefaultServiceAccount

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.gitLabConfigs.connectedRepositories.batchCreate

valid {
    input.Body.requests[_].gitlabConnectedRepository.parent == STRING
    input.Body.requests[_].gitlabConnectedRepository.repo.id == STRING
    input.Body.requests[_].parent == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.gitLabConfigs.create

valid {
    input.Body.connectedRepositories[_].id == STRING
    input.Body.enterpriseConfig.hostUri == STRING
    input.Body.enterpriseConfig.serviceDirectoryConfig.service == STRING
    input.Body.enterpriseConfig.sslCa == STRING
    input.Body.name == STRING
    input.Body.secrets.apiAccessTokenVersion == STRING
    input.Body.secrets.apiKeyVersion == STRING
    input.Body.secrets.readAccessTokenVersion == STRING
    input.Body.secrets.webhookSecretVersion == STRING
    input.Body.username == STRING
    input.ReqMap.parent == STRING
    input.Qs.gitlabConfigId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.gitLabConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.gitLabConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.gitLabConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.gitLabConfigs.patch

valid {
    input.Body.connectedRepositories[_].id == STRING
    input.Body.enterpriseConfig.hostUri == STRING
    input.Body.enterpriseConfig.serviceDirectoryConfig.service == STRING
    input.Body.enterpriseConfig.sslCa == STRING
    input.Body.name == STRING
    input.Body.secrets.apiAccessTokenVersion == STRING
    input.Body.secrets.apiKeyVersion == STRING
    input.Body.secrets.readAccessTokenVersion == STRING
    input.Body.secrets.webhookSecretVersion == STRING
    input.Body.username == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.gitLabConfigs.removeGitLabConnectedRepository

valid {
    input.Body.connectedRepository.id == STRING
    input.ReqMap.config == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.gitLabConfigs.repos.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.githubEnterpriseConfigs.create

valid {
    input.Body.appId == STRING
    input.Body.displayName == STRING
    input.Body.hostUrl == STRING
    input.Body.name == STRING
    input.Body.peeredNetwork == STRING
    input.Body.secrets.oauthClientIdName == STRING
    input.Body.secrets.oauthClientIdVersionName == STRING
    input.Body.secrets.oauthSecretName == STRING
    input.Body.secrets.oauthSecretVersionName == STRING
    input.Body.secrets.privateKeyName == STRING
    input.Body.secrets.privateKeyVersionName == STRING
    input.Body.secrets.webhookSecretName == STRING
    input.Body.secrets.webhookSecretVersionName == STRING
    input.Body.sslCa == STRING
    input.Body.webhookKey == STRING
    input.ReqMap.parent == STRING
    input.Qs.gheConfigId == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.githubEnterpriseConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.configId == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.githubEnterpriseConfigs.get

valid {
    input.ReqMap.name == STRING
    input.Qs.configId == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.githubEnterpriseConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.githubEnterpriseConfigs.patch

valid {
    input.Body.appId == STRING
    input.Body.displayName == STRING
    input.Body.hostUrl == STRING
    input.Body.name == STRING
    input.Body.peeredNetwork == STRING
    input.Body.secrets.oauthClientIdName == STRING
    input.Body.secrets.oauthClientIdVersionName == STRING
    input.Body.secrets.oauthSecretName == STRING
    input.Body.secrets.oauthSecretVersionName == STRING
    input.Body.secrets.privateKeyName == STRING
    input.Body.secrets.privateKeyVersionName == STRING
    input.Body.secrets.webhookSecretName == STRING
    input.Body.secrets.webhookSecretVersionName == STRING
    input.Body.sslCa == STRING
    input.Body.webhookKey == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.list

valid {
    input.ReqMap.name == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.operations.cancel

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.triggers.create

enum_BuildOptionsDefaultLogsBucketBehavior := [ "DEFAULT_LOGS_BUCKET_BEHAVIOR_UNSPECIFIED", "REGIONAL_USER_OWNED_BUCKET", "LEGACY_BUCKET" ]
enum_BuildOptionsLogStreamingOption := [ "STREAM_DEFAULT", "STREAM_ON", "STREAM_OFF" ]
enum_BuildOptionsLogging := [ "LOGGING_UNSPECIFIED", "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", "NONE" ]
enum_BuildOptionsMachineType := [ "UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32", "E2_MEDIUM" ]
enum_BuildOptionsRequestedVerifyOption := [ "NOT_VERIFIED", "VERIFIED" ]
enum_BuildOptionsSourceProvenanceHash := [ "NONE", "SHA256", "MD5", "SHA512" ]
enum_BuildOptionsSubstitutionOption := [ "MUST_MATCH", "ALLOW_LOOSE" ]
enum_BuildTriggerEventType := [ "EVENT_TYPE_UNSPECIFIED", "REPO", "WEBHOOK", "PUBSUB", "MANUAL" ]
enum_BuildTriggerIncludeBuildLogs := [ "INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS" ]
enum_GitFileSourceRepoType := [ "UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER", "GITLAB", "BITBUCKET_CLOUD" ]
enum_GitRepoSourceRepoType := [ "UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER", "GITLAB", "BITBUCKET_CLOUD" ]
enum_PubsubConfigState := [ "STATE_UNSPECIFIED", "OK", "SUBSCRIPTION_DELETED", "TOPIC_DELETED", "SUBSCRIPTION_MISCONFIGURED" ]
enum_PullRequestFilterCommentControl := [ "COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY" ]
enum_StorageSourceSourceFetcher := [ "SOURCE_FETCHER_UNSPECIFIED", "GSUTIL", "GCS_FETCHER" ]
enum_WebhookConfigState := [ "STATE_UNSPECIFIED", "OK", "SECRET_DELETED" ]

valid {
    input.Body.approvalConfig.approvalRequired == BOOLEAN
    input.Body.autodetect == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.bitbucketServerConfigResource == STRING
    input.Body.bitbucketServerTriggerConfig.projectKey == STRING
    input.Body.bitbucketServerTriggerConfig.pullRequest.branch == STRING
    input.Body.bitbucketServerTriggerConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.bitbucketServerTriggerConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.push.branch == STRING
    input.Body.bitbucketServerTriggerConfig.push.invertRegex == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.push.tag == STRING
    input.Body.bitbucketServerTriggerConfig.repoSlug == STRING
    input.Body.build.artifacts.images[_] == STRING
    input.Body.build.artifacts.mavenArtifacts[_].artifactId == STRING
    input.Body.build.artifacts.mavenArtifacts[_].groupId == STRING
    input.Body.build.artifacts.mavenArtifacts[_].path == STRING
    input.Body.build.artifacts.mavenArtifacts[_].repository == STRING
    input.Body.build.artifacts.mavenArtifacts[_].version == STRING
    input.Body.build.artifacts.npmPackages[_].packagePath == STRING
    input.Body.build.artifacts.npmPackages[_].repository == STRING
    input.Body.build.artifacts.objects.location == STRING
    input.Body.build.artifacts.objects.paths[_] == STRING
    input.Body.build.artifacts.pythonPackages[_].paths[_] == STRING
    input.Body.build.artifacts.pythonPackages[_].repository == STRING
    input.Body.build.availableSecrets.inline[_].envMap.STRING == STRING
    input.Body.build.availableSecrets.inline[_].kmsKeyName == STRING
    input.Body.build.availableSecrets.secretManager[_].env == STRING
    input.Body.build.availableSecrets.secretManager[_].versionName == STRING
    input.Body.build.gitConfig.http.proxySecretVersionName == STRING
    input.Body.build.images[_] == STRING
    input.Body.build.logsBucket == STRING
    input.Body.build.options.automapSubstitutions == BOOLEAN
    input.Body.build.options.defaultLogsBucketBehavior == enum_BuildOptionsDefaultLogsBucketBehavior[_]
    input.Body.build.options.diskSizeGb == STRING
    input.Body.build.options.dynamicSubstitutions == BOOLEAN
    input.Body.build.options.env[_] == STRING
    input.Body.build.options.logStreamingOption == enum_BuildOptionsLogStreamingOption[_]
    input.Body.build.options.logging == enum_BuildOptionsLogging[_]
    input.Body.build.options.machineType == enum_BuildOptionsMachineType[_]
    input.Body.build.options.pool.name == STRING
    input.Body.build.options.requestedVerifyOption == enum_BuildOptionsRequestedVerifyOption[_]
    input.Body.build.options.secretEnv[_] == STRING
    input.Body.build.options.sourceProvenanceHash[_] == enum_BuildOptionsSourceProvenanceHash[_]
    input.Body.build.options.substitutionOption == enum_BuildOptionsSubstitutionOption[_]
    input.Body.build.options.volumes[_].name == STRING
    input.Body.build.options.volumes[_].path == STRING
    input.Body.build.options.workerPool == STRING
    input.Body.build.queueTtl == STRING
    input.Body.build.secrets[_].kmsKeyName == STRING
    input.Body.build.secrets[_].secretEnv.STRING == STRING
    input.Body.build.serviceAccount == STRING
    input.Body.build.source.connectedRepository.dir == STRING
    input.Body.build.source.connectedRepository.repository == STRING
    input.Body.build.source.connectedRepository.revision == STRING
    input.Body.build.source.developerConnectConfig.dir == STRING
    input.Body.build.source.developerConnectConfig.gitRepositoryLink == STRING
    input.Body.build.source.developerConnectConfig.revision == STRING
    input.Body.build.source.gitSource.dir == STRING
    input.Body.build.source.gitSource.revision == STRING
    input.Body.build.source.gitSource.url == STRING
    input.Body.build.source.repoSource.branchName == STRING
    input.Body.build.source.repoSource.commitSha == STRING
    input.Body.build.source.repoSource.dir == STRING
    input.Body.build.source.repoSource.invertRegex == BOOLEAN
    input.Body.build.source.repoSource.projectId == STRING
    input.Body.build.source.repoSource.repoName == STRING
    input.Body.build.source.repoSource.substitutions.STRING == STRING
    input.Body.build.source.repoSource.tagName == STRING
    input.Body.build.source.storageSource.bucket == STRING
    input.Body.build.source.storageSource.generation == STRING
    input.Body.build.source.storageSource.object == STRING
    input.Body.build.source.storageSource.sourceFetcher == enum_StorageSourceSourceFetcher[_]
    input.Body.build.source.storageSourceManifest.bucket == STRING
    input.Body.build.source.storageSourceManifest.generation == STRING
    input.Body.build.source.storageSourceManifest.object == STRING
    input.Body.build.steps[_].allowExitCodes[_] == INTEGER
    input.Body.build.steps[_].allowFailure == BOOLEAN
    input.Body.build.steps[_].args[_] == STRING
    input.Body.build.steps[_].automapSubstitutions == BOOLEAN
    input.Body.build.steps[_].dir == STRING
    input.Body.build.steps[_].entrypoint == STRING
    input.Body.build.steps[_].env[_] == STRING
    input.Body.build.steps[_].id == STRING
    input.Body.build.steps[_].name == STRING
    input.Body.build.steps[_].script == STRING
    input.Body.build.steps[_].secretEnv[_] == STRING
    input.Body.build.steps[_].timeout == STRING
    input.Body.build.steps[_].volumes[_].name == STRING
    input.Body.build.steps[_].volumes[_].path == STRING
    input.Body.build.steps[_].waitFor[_] == STRING
    input.Body.build.substitutions.STRING == STRING
    input.Body.build.tags[_] == STRING
    input.Body.build.timeout == STRING
    input.Body.description == STRING
    input.Body.disabled == BOOLEAN
    input.Body.eventType == enum_BuildTriggerEventType[_]
    input.Body.filename == STRING
    input.Body.filter == STRING
    input.Body.gitFileSource.bitbucketServerConfig == STRING
    input.Body.gitFileSource.githubEnterpriseConfig == STRING
    input.Body.gitFileSource.path == STRING
    input.Body.gitFileSource.repoType == enum_GitFileSourceRepoType[_]
    input.Body.gitFileSource.repository == STRING
    input.Body.gitFileSource.revision == STRING
    input.Body.gitFileSource.uri == STRING
    input.Body.github.enterpriseConfigResourceName == STRING
    input.Body.github.installationId == STRING
    input.Body.github.name == STRING
    input.Body.github.owner == STRING
    input.Body.github.pullRequest.branch == STRING
    input.Body.github.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.github.pullRequest.invertRegex == BOOLEAN
    input.Body.github.push.branch == STRING
    input.Body.github.push.invertRegex == BOOLEAN
    input.Body.github.push.tag == STRING
    input.Body.gitlabEnterpriseEventsConfig.gitlabConfigResource == STRING
    input.Body.gitlabEnterpriseEventsConfig.projectNamespace == STRING
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.branch == STRING
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.gitlabEnterpriseEventsConfig.push.branch == STRING
    input.Body.gitlabEnterpriseEventsConfig.push.invertRegex == BOOLEAN
    input.Body.gitlabEnterpriseEventsConfig.push.tag == STRING
    input.Body.ignoredFiles[_] == STRING
    input.Body.includeBuildLogs == enum_BuildTriggerIncludeBuildLogs[_]
    input.Body.includedFiles[_] == STRING
    input.Body.name == STRING
    input.Body.pubsubConfig.serviceAccountEmail == STRING
    input.Body.pubsubConfig.state == enum_PubsubConfigState[_]
    input.Body.pubsubConfig.topic == STRING
    input.Body.repositoryEventConfig.pullRequest.branch == STRING
    input.Body.repositoryEventConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.repositoryEventConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.repositoryEventConfig.push.branch == STRING
    input.Body.repositoryEventConfig.push.invertRegex == BOOLEAN
    input.Body.repositoryEventConfig.push.tag == STRING
    input.Body.repositoryEventConfig.repository == STRING
    input.Body.resourceName == STRING
    input.Body.serviceAccount == STRING
    input.Body.sourceToBuild.bitbucketServerConfig == STRING
    input.Body.sourceToBuild.githubEnterpriseConfig == STRING
    input.Body.sourceToBuild.ref == STRING
    input.Body.sourceToBuild.repoType == enum_GitRepoSourceRepoType[_]
    input.Body.sourceToBuild.repository == STRING
    input.Body.sourceToBuild.uri == STRING
    input.Body.substitutions.STRING == STRING
    input.Body.tags[_] == STRING
    input.Body.triggerTemplate.branchName == STRING
    input.Body.triggerTemplate.commitSha == STRING
    input.Body.triggerTemplate.dir == STRING
    input.Body.triggerTemplate.invertRegex == BOOLEAN
    input.Body.triggerTemplate.projectId == STRING
    input.Body.triggerTemplate.repoName == STRING
    input.Body.triggerTemplate.substitutions.STRING == STRING
    input.Body.triggerTemplate.tagName == STRING
    input.Body.webhookConfig.secret == STRING
    input.Body.webhookConfig.state == enum_WebhookConfigState[_]
    input.ReqMap.parent == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.triggers.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.projectId == STRING
    input.Qs.triggerId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.triggers.get

valid {
    input.ReqMap.name == STRING
    input.Qs.projectId == STRING
    input.Qs.triggerId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.triggers.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.projectId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.triggers.patch

enum_BuildOptionsDefaultLogsBucketBehavior := [ "DEFAULT_LOGS_BUCKET_BEHAVIOR_UNSPECIFIED", "REGIONAL_USER_OWNED_BUCKET", "LEGACY_BUCKET" ]
enum_BuildOptionsLogStreamingOption := [ "STREAM_DEFAULT", "STREAM_ON", "STREAM_OFF" ]
enum_BuildOptionsLogging := [ "LOGGING_UNSPECIFIED", "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", "NONE" ]
enum_BuildOptionsMachineType := [ "UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32", "E2_MEDIUM" ]
enum_BuildOptionsRequestedVerifyOption := [ "NOT_VERIFIED", "VERIFIED" ]
enum_BuildOptionsSourceProvenanceHash := [ "NONE", "SHA256", "MD5", "SHA512" ]
enum_BuildOptionsSubstitutionOption := [ "MUST_MATCH", "ALLOW_LOOSE" ]
enum_BuildTriggerEventType := [ "EVENT_TYPE_UNSPECIFIED", "REPO", "WEBHOOK", "PUBSUB", "MANUAL" ]
enum_BuildTriggerIncludeBuildLogs := [ "INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS" ]
enum_GitFileSourceRepoType := [ "UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER", "GITLAB", "BITBUCKET_CLOUD" ]
enum_GitRepoSourceRepoType := [ "UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER", "GITLAB", "BITBUCKET_CLOUD" ]
enum_PubsubConfigState := [ "STATE_UNSPECIFIED", "OK", "SUBSCRIPTION_DELETED", "TOPIC_DELETED", "SUBSCRIPTION_MISCONFIGURED" ]
enum_PullRequestFilterCommentControl := [ "COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY" ]
enum_StorageSourceSourceFetcher := [ "SOURCE_FETCHER_UNSPECIFIED", "GSUTIL", "GCS_FETCHER" ]
enum_WebhookConfigState := [ "STATE_UNSPECIFIED", "OK", "SECRET_DELETED" ]

valid {
    input.Body.approvalConfig.approvalRequired == BOOLEAN
    input.Body.autodetect == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.bitbucketServerConfigResource == STRING
    input.Body.bitbucketServerTriggerConfig.projectKey == STRING
    input.Body.bitbucketServerTriggerConfig.pullRequest.branch == STRING
    input.Body.bitbucketServerTriggerConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.bitbucketServerTriggerConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.push.branch == STRING
    input.Body.bitbucketServerTriggerConfig.push.invertRegex == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.push.tag == STRING
    input.Body.bitbucketServerTriggerConfig.repoSlug == STRING
    input.Body.build.artifacts.images[_] == STRING
    input.Body.build.artifacts.mavenArtifacts[_].artifactId == STRING
    input.Body.build.artifacts.mavenArtifacts[_].groupId == STRING
    input.Body.build.artifacts.mavenArtifacts[_].path == STRING
    input.Body.build.artifacts.mavenArtifacts[_].repository == STRING
    input.Body.build.artifacts.mavenArtifacts[_].version == STRING
    input.Body.build.artifacts.npmPackages[_].packagePath == STRING
    input.Body.build.artifacts.npmPackages[_].repository == STRING
    input.Body.build.artifacts.objects.location == STRING
    input.Body.build.artifacts.objects.paths[_] == STRING
    input.Body.build.artifacts.pythonPackages[_].paths[_] == STRING
    input.Body.build.artifacts.pythonPackages[_].repository == STRING
    input.Body.build.availableSecrets.inline[_].envMap.STRING == STRING
    input.Body.build.availableSecrets.inline[_].kmsKeyName == STRING
    input.Body.build.availableSecrets.secretManager[_].env == STRING
    input.Body.build.availableSecrets.secretManager[_].versionName == STRING
    input.Body.build.gitConfig.http.proxySecretVersionName == STRING
    input.Body.build.images[_] == STRING
    input.Body.build.logsBucket == STRING
    input.Body.build.options.automapSubstitutions == BOOLEAN
    input.Body.build.options.defaultLogsBucketBehavior == enum_BuildOptionsDefaultLogsBucketBehavior[_]
    input.Body.build.options.diskSizeGb == STRING
    input.Body.build.options.dynamicSubstitutions == BOOLEAN
    input.Body.build.options.env[_] == STRING
    input.Body.build.options.logStreamingOption == enum_BuildOptionsLogStreamingOption[_]
    input.Body.build.options.logging == enum_BuildOptionsLogging[_]
    input.Body.build.options.machineType == enum_BuildOptionsMachineType[_]
    input.Body.build.options.pool.name == STRING
    input.Body.build.options.requestedVerifyOption == enum_BuildOptionsRequestedVerifyOption[_]
    input.Body.build.options.secretEnv[_] == STRING
    input.Body.build.options.sourceProvenanceHash[_] == enum_BuildOptionsSourceProvenanceHash[_]
    input.Body.build.options.substitutionOption == enum_BuildOptionsSubstitutionOption[_]
    input.Body.build.options.volumes[_].name == STRING
    input.Body.build.options.volumes[_].path == STRING
    input.Body.build.options.workerPool == STRING
    input.Body.build.queueTtl == STRING
    input.Body.build.secrets[_].kmsKeyName == STRING
    input.Body.build.secrets[_].secretEnv.STRING == STRING
    input.Body.build.serviceAccount == STRING
    input.Body.build.source.connectedRepository.dir == STRING
    input.Body.build.source.connectedRepository.repository == STRING
    input.Body.build.source.connectedRepository.revision == STRING
    input.Body.build.source.developerConnectConfig.dir == STRING
    input.Body.build.source.developerConnectConfig.gitRepositoryLink == STRING
    input.Body.build.source.developerConnectConfig.revision == STRING
    input.Body.build.source.gitSource.dir == STRING
    input.Body.build.source.gitSource.revision == STRING
    input.Body.build.source.gitSource.url == STRING
    input.Body.build.source.repoSource.branchName == STRING
    input.Body.build.source.repoSource.commitSha == STRING
    input.Body.build.source.repoSource.dir == STRING
    input.Body.build.source.repoSource.invertRegex == BOOLEAN
    input.Body.build.source.repoSource.projectId == STRING
    input.Body.build.source.repoSource.repoName == STRING
    input.Body.build.source.repoSource.substitutions.STRING == STRING
    input.Body.build.source.repoSource.tagName == STRING
    input.Body.build.source.storageSource.bucket == STRING
    input.Body.build.source.storageSource.generation == STRING
    input.Body.build.source.storageSource.object == STRING
    input.Body.build.source.storageSource.sourceFetcher == enum_StorageSourceSourceFetcher[_]
    input.Body.build.source.storageSourceManifest.bucket == STRING
    input.Body.build.source.storageSourceManifest.generation == STRING
    input.Body.build.source.storageSourceManifest.object == STRING
    input.Body.build.steps[_].allowExitCodes[_] == INTEGER
    input.Body.build.steps[_].allowFailure == BOOLEAN
    input.Body.build.steps[_].args[_] == STRING
    input.Body.build.steps[_].automapSubstitutions == BOOLEAN
    input.Body.build.steps[_].dir == STRING
    input.Body.build.steps[_].entrypoint == STRING
    input.Body.build.steps[_].env[_] == STRING
    input.Body.build.steps[_].id == STRING
    input.Body.build.steps[_].name == STRING
    input.Body.build.steps[_].script == STRING
    input.Body.build.steps[_].secretEnv[_] == STRING
    input.Body.build.steps[_].timeout == STRING
    input.Body.build.steps[_].volumes[_].name == STRING
    input.Body.build.steps[_].volumes[_].path == STRING
    input.Body.build.steps[_].waitFor[_] == STRING
    input.Body.build.substitutions.STRING == STRING
    input.Body.build.tags[_] == STRING
    input.Body.build.timeout == STRING
    input.Body.description == STRING
    input.Body.disabled == BOOLEAN
    input.Body.eventType == enum_BuildTriggerEventType[_]
    input.Body.filename == STRING
    input.Body.filter == STRING
    input.Body.gitFileSource.bitbucketServerConfig == STRING
    input.Body.gitFileSource.githubEnterpriseConfig == STRING
    input.Body.gitFileSource.path == STRING
    input.Body.gitFileSource.repoType == enum_GitFileSourceRepoType[_]
    input.Body.gitFileSource.repository == STRING
    input.Body.gitFileSource.revision == STRING
    input.Body.gitFileSource.uri == STRING
    input.Body.github.enterpriseConfigResourceName == STRING
    input.Body.github.installationId == STRING
    input.Body.github.name == STRING
    input.Body.github.owner == STRING
    input.Body.github.pullRequest.branch == STRING
    input.Body.github.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.github.pullRequest.invertRegex == BOOLEAN
    input.Body.github.push.branch == STRING
    input.Body.github.push.invertRegex == BOOLEAN
    input.Body.github.push.tag == STRING
    input.Body.gitlabEnterpriseEventsConfig.gitlabConfigResource == STRING
    input.Body.gitlabEnterpriseEventsConfig.projectNamespace == STRING
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.branch == STRING
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.gitlabEnterpriseEventsConfig.push.branch == STRING
    input.Body.gitlabEnterpriseEventsConfig.push.invertRegex == BOOLEAN
    input.Body.gitlabEnterpriseEventsConfig.push.tag == STRING
    input.Body.ignoredFiles[_] == STRING
    input.Body.includeBuildLogs == enum_BuildTriggerIncludeBuildLogs[_]
    input.Body.includedFiles[_] == STRING
    input.Body.name == STRING
    input.Body.pubsubConfig.serviceAccountEmail == STRING
    input.Body.pubsubConfig.state == enum_PubsubConfigState[_]
    input.Body.pubsubConfig.topic == STRING
    input.Body.repositoryEventConfig.pullRequest.branch == STRING
    input.Body.repositoryEventConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.repositoryEventConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.repositoryEventConfig.push.branch == STRING
    input.Body.repositoryEventConfig.push.invertRegex == BOOLEAN
    input.Body.repositoryEventConfig.push.tag == STRING
    input.Body.repositoryEventConfig.repository == STRING
    input.Body.resourceName == STRING
    input.Body.serviceAccount == STRING
    input.Body.sourceToBuild.bitbucketServerConfig == STRING
    input.Body.sourceToBuild.githubEnterpriseConfig == STRING
    input.Body.sourceToBuild.ref == STRING
    input.Body.sourceToBuild.repoType == enum_GitRepoSourceRepoType[_]
    input.Body.sourceToBuild.repository == STRING
    input.Body.sourceToBuild.uri == STRING
    input.Body.substitutions.STRING == STRING
    input.Body.tags[_] == STRING
    input.Body.triggerTemplate.branchName == STRING
    input.Body.triggerTemplate.commitSha == STRING
    input.Body.triggerTemplate.dir == STRING
    input.Body.triggerTemplate.invertRegex == BOOLEAN
    input.Body.triggerTemplate.projectId == STRING
    input.Body.triggerTemplate.repoName == STRING
    input.Body.triggerTemplate.substitutions.STRING == STRING
    input.Body.triggerTemplate.tagName == STRING
    input.Body.webhookConfig.secret == STRING
    input.Body.webhookConfig.state == enum_WebhookConfigState[_]
    input.ReqMap.resourceName == STRING
    input.Qs.projectId == STRING
    input.Qs.triggerId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.triggers.run

valid {
    input.Body.projectId == STRING
    input.Body.source.branchName == STRING
    input.Body.source.commitSha == STRING
    input.Body.source.dir == STRING
    input.Body.source.invertRegex == BOOLEAN
    input.Body.source.projectId == STRING
    input.Body.source.repoName == STRING
    input.Body.source.substitutions.STRING == STRING
    input.Body.source.tagName == STRING
    input.Body.triggerId == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.triggers.webhook

valid {
    input.Body.contentType == STRING
    input.Body.data == STRING
    input.Body.extensions[_].STRING == ANY
    input.ReqMap.name == STRING
    input.Qs.projectId == STRING
    input.Qs.secret == STRING
    input.Qs.trigger == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.workerPools.create

enum_NetworkConfigEgressOption := [ "EGRESS_OPTION_UNSPECIFIED", "NO_PUBLIC_EGRESS", "PUBLIC_EGRESS" ]

valid {
    input.Body.annotations.STRING == STRING
    input.Body.displayName == STRING
    input.Body.privatePoolV1Config.networkConfig.egressOption == enum_NetworkConfigEgressOption[_]
    input.Body.privatePoolV1Config.networkConfig.peeredNetwork == STRING
    input.Body.privatePoolV1Config.networkConfig.peeredNetworkIpRange == STRING
    input.Body.privatePoolV1Config.privateServiceConnect.networkAttachment == STRING
    input.Body.privatePoolV1Config.privateServiceConnect.publicIpAddressDisabled == BOOLEAN
    input.Body.privatePoolV1Config.privateServiceConnect.routeAllTraffic == BOOLEAN
    input.Body.privatePoolV1Config.workerConfig.diskSizeGb == STRING
    input.Body.privatePoolV1Config.workerConfig.machineType == STRING
    input.ReqMap.parent == STRING
    input.Qs.validateOnly == BOOLEAN
    input.Qs.workerPoolId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.workerPools.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.allowMissing == BOOLEAN
    input.Qs.etag == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.workerPools.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.workerPools.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.locations.workerPools.patch

enum_NetworkConfigEgressOption := [ "EGRESS_OPTION_UNSPECIFIED", "NO_PUBLIC_EGRESS", "PUBLIC_EGRESS" ]

valid {
    input.Body.annotations.STRING == STRING
    input.Body.displayName == STRING
    input.Body.privatePoolV1Config.networkConfig.egressOption == enum_NetworkConfigEgressOption[_]
    input.Body.privatePoolV1Config.networkConfig.peeredNetwork == STRING
    input.Body.privatePoolV1Config.networkConfig.peeredNetworkIpRange == STRING
    input.Body.privatePoolV1Config.privateServiceConnect.networkAttachment == STRING
    input.Body.privatePoolV1Config.privateServiceConnect.publicIpAddressDisabled == BOOLEAN
    input.Body.privatePoolV1Config.privateServiceConnect.routeAllTraffic == BOOLEAN
    input.Body.privatePoolV1Config.workerConfig.diskSizeGb == STRING
    input.Body.privatePoolV1Config.workerConfig.machineType == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.triggers.create

enum_BuildOptionsDefaultLogsBucketBehavior := [ "DEFAULT_LOGS_BUCKET_BEHAVIOR_UNSPECIFIED", "REGIONAL_USER_OWNED_BUCKET", "LEGACY_BUCKET" ]
enum_BuildOptionsLogStreamingOption := [ "STREAM_DEFAULT", "STREAM_ON", "STREAM_OFF" ]
enum_BuildOptionsLogging := [ "LOGGING_UNSPECIFIED", "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", "NONE" ]
enum_BuildOptionsMachineType := [ "UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32", "E2_MEDIUM" ]
enum_BuildOptionsRequestedVerifyOption := [ "NOT_VERIFIED", "VERIFIED" ]
enum_BuildOptionsSourceProvenanceHash := [ "NONE", "SHA256", "MD5", "SHA512" ]
enum_BuildOptionsSubstitutionOption := [ "MUST_MATCH", "ALLOW_LOOSE" ]
enum_BuildTriggerEventType := [ "EVENT_TYPE_UNSPECIFIED", "REPO", "WEBHOOK", "PUBSUB", "MANUAL" ]
enum_BuildTriggerIncludeBuildLogs := [ "INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS" ]
enum_GitFileSourceRepoType := [ "UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER", "GITLAB", "BITBUCKET_CLOUD" ]
enum_GitRepoSourceRepoType := [ "UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER", "GITLAB", "BITBUCKET_CLOUD" ]
enum_PubsubConfigState := [ "STATE_UNSPECIFIED", "OK", "SUBSCRIPTION_DELETED", "TOPIC_DELETED", "SUBSCRIPTION_MISCONFIGURED" ]
enum_PullRequestFilterCommentControl := [ "COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY" ]
enum_StorageSourceSourceFetcher := [ "SOURCE_FETCHER_UNSPECIFIED", "GSUTIL", "GCS_FETCHER" ]
enum_WebhookConfigState := [ "STATE_UNSPECIFIED", "OK", "SECRET_DELETED" ]

valid {
    input.Body.approvalConfig.approvalRequired == BOOLEAN
    input.Body.autodetect == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.bitbucketServerConfigResource == STRING
    input.Body.bitbucketServerTriggerConfig.projectKey == STRING
    input.Body.bitbucketServerTriggerConfig.pullRequest.branch == STRING
    input.Body.bitbucketServerTriggerConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.bitbucketServerTriggerConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.push.branch == STRING
    input.Body.bitbucketServerTriggerConfig.push.invertRegex == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.push.tag == STRING
    input.Body.bitbucketServerTriggerConfig.repoSlug == STRING
    input.Body.build.artifacts.images[_] == STRING
    input.Body.build.artifacts.mavenArtifacts[_].artifactId == STRING
    input.Body.build.artifacts.mavenArtifacts[_].groupId == STRING
    input.Body.build.artifacts.mavenArtifacts[_].path == STRING
    input.Body.build.artifacts.mavenArtifacts[_].repository == STRING
    input.Body.build.artifacts.mavenArtifacts[_].version == STRING
    input.Body.build.artifacts.npmPackages[_].packagePath == STRING
    input.Body.build.artifacts.npmPackages[_].repository == STRING
    input.Body.build.artifacts.objects.location == STRING
    input.Body.build.artifacts.objects.paths[_] == STRING
    input.Body.build.artifacts.pythonPackages[_].paths[_] == STRING
    input.Body.build.artifacts.pythonPackages[_].repository == STRING
    input.Body.build.availableSecrets.inline[_].envMap.STRING == STRING
    input.Body.build.availableSecrets.inline[_].kmsKeyName == STRING
    input.Body.build.availableSecrets.secretManager[_].env == STRING
    input.Body.build.availableSecrets.secretManager[_].versionName == STRING
    input.Body.build.gitConfig.http.proxySecretVersionName == STRING
    input.Body.build.images[_] == STRING
    input.Body.build.logsBucket == STRING
    input.Body.build.options.automapSubstitutions == BOOLEAN
    input.Body.build.options.defaultLogsBucketBehavior == enum_BuildOptionsDefaultLogsBucketBehavior[_]
    input.Body.build.options.diskSizeGb == STRING
    input.Body.build.options.dynamicSubstitutions == BOOLEAN
    input.Body.build.options.env[_] == STRING
    input.Body.build.options.logStreamingOption == enum_BuildOptionsLogStreamingOption[_]
    input.Body.build.options.logging == enum_BuildOptionsLogging[_]
    input.Body.build.options.machineType == enum_BuildOptionsMachineType[_]
    input.Body.build.options.pool.name == STRING
    input.Body.build.options.requestedVerifyOption == enum_BuildOptionsRequestedVerifyOption[_]
    input.Body.build.options.secretEnv[_] == STRING
    input.Body.build.options.sourceProvenanceHash[_] == enum_BuildOptionsSourceProvenanceHash[_]
    input.Body.build.options.substitutionOption == enum_BuildOptionsSubstitutionOption[_]
    input.Body.build.options.volumes[_].name == STRING
    input.Body.build.options.volumes[_].path == STRING
    input.Body.build.options.workerPool == STRING
    input.Body.build.queueTtl == STRING
    input.Body.build.secrets[_].kmsKeyName == STRING
    input.Body.build.secrets[_].secretEnv.STRING == STRING
    input.Body.build.serviceAccount == STRING
    input.Body.build.source.connectedRepository.dir == STRING
    input.Body.build.source.connectedRepository.repository == STRING
    input.Body.build.source.connectedRepository.revision == STRING
    input.Body.build.source.developerConnectConfig.dir == STRING
    input.Body.build.source.developerConnectConfig.gitRepositoryLink == STRING
    input.Body.build.source.developerConnectConfig.revision == STRING
    input.Body.build.source.gitSource.dir == STRING
    input.Body.build.source.gitSource.revision == STRING
    input.Body.build.source.gitSource.url == STRING
    input.Body.build.source.repoSource.branchName == STRING
    input.Body.build.source.repoSource.commitSha == STRING
    input.Body.build.source.repoSource.dir == STRING
    input.Body.build.source.repoSource.invertRegex == BOOLEAN
    input.Body.build.source.repoSource.projectId == STRING
    input.Body.build.source.repoSource.repoName == STRING
    input.Body.build.source.repoSource.substitutions.STRING == STRING
    input.Body.build.source.repoSource.tagName == STRING
    input.Body.build.source.storageSource.bucket == STRING
    input.Body.build.source.storageSource.generation == STRING
    input.Body.build.source.storageSource.object == STRING
    input.Body.build.source.storageSource.sourceFetcher == enum_StorageSourceSourceFetcher[_]
    input.Body.build.source.storageSourceManifest.bucket == STRING
    input.Body.build.source.storageSourceManifest.generation == STRING
    input.Body.build.source.storageSourceManifest.object == STRING
    input.Body.build.steps[_].allowExitCodes[_] == INTEGER
    input.Body.build.steps[_].allowFailure == BOOLEAN
    input.Body.build.steps[_].args[_] == STRING
    input.Body.build.steps[_].automapSubstitutions == BOOLEAN
    input.Body.build.steps[_].dir == STRING
    input.Body.build.steps[_].entrypoint == STRING
    input.Body.build.steps[_].env[_] == STRING
    input.Body.build.steps[_].id == STRING
    input.Body.build.steps[_].name == STRING
    input.Body.build.steps[_].script == STRING
    input.Body.build.steps[_].secretEnv[_] == STRING
    input.Body.build.steps[_].timeout == STRING
    input.Body.build.steps[_].volumes[_].name == STRING
    input.Body.build.steps[_].volumes[_].path == STRING
    input.Body.build.steps[_].waitFor[_] == STRING
    input.Body.build.substitutions.STRING == STRING
    input.Body.build.tags[_] == STRING
    input.Body.build.timeout == STRING
    input.Body.description == STRING
    input.Body.disabled == BOOLEAN
    input.Body.eventType == enum_BuildTriggerEventType[_]
    input.Body.filename == STRING
    input.Body.filter == STRING
    input.Body.gitFileSource.bitbucketServerConfig == STRING
    input.Body.gitFileSource.githubEnterpriseConfig == STRING
    input.Body.gitFileSource.path == STRING
    input.Body.gitFileSource.repoType == enum_GitFileSourceRepoType[_]
    input.Body.gitFileSource.repository == STRING
    input.Body.gitFileSource.revision == STRING
    input.Body.gitFileSource.uri == STRING
    input.Body.github.enterpriseConfigResourceName == STRING
    input.Body.github.installationId == STRING
    input.Body.github.name == STRING
    input.Body.github.owner == STRING
    input.Body.github.pullRequest.branch == STRING
    input.Body.github.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.github.pullRequest.invertRegex == BOOLEAN
    input.Body.github.push.branch == STRING
    input.Body.github.push.invertRegex == BOOLEAN
    input.Body.github.push.tag == STRING
    input.Body.gitlabEnterpriseEventsConfig.gitlabConfigResource == STRING
    input.Body.gitlabEnterpriseEventsConfig.projectNamespace == STRING
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.branch == STRING
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.gitlabEnterpriseEventsConfig.push.branch == STRING
    input.Body.gitlabEnterpriseEventsConfig.push.invertRegex == BOOLEAN
    input.Body.gitlabEnterpriseEventsConfig.push.tag == STRING
    input.Body.ignoredFiles[_] == STRING
    input.Body.includeBuildLogs == enum_BuildTriggerIncludeBuildLogs[_]
    input.Body.includedFiles[_] == STRING
    input.Body.name == STRING
    input.Body.pubsubConfig.serviceAccountEmail == STRING
    input.Body.pubsubConfig.state == enum_PubsubConfigState[_]
    input.Body.pubsubConfig.topic == STRING
    input.Body.repositoryEventConfig.pullRequest.branch == STRING
    input.Body.repositoryEventConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.repositoryEventConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.repositoryEventConfig.push.branch == STRING
    input.Body.repositoryEventConfig.push.invertRegex == BOOLEAN
    input.Body.repositoryEventConfig.push.tag == STRING
    input.Body.repositoryEventConfig.repository == STRING
    input.Body.resourceName == STRING
    input.Body.serviceAccount == STRING
    input.Body.sourceToBuild.bitbucketServerConfig == STRING
    input.Body.sourceToBuild.githubEnterpriseConfig == STRING
    input.Body.sourceToBuild.ref == STRING
    input.Body.sourceToBuild.repoType == enum_GitRepoSourceRepoType[_]
    input.Body.sourceToBuild.repository == STRING
    input.Body.sourceToBuild.uri == STRING
    input.Body.substitutions.STRING == STRING
    input.Body.tags[_] == STRING
    input.Body.triggerTemplate.branchName == STRING
    input.Body.triggerTemplate.commitSha == STRING
    input.Body.triggerTemplate.dir == STRING
    input.Body.triggerTemplate.invertRegex == BOOLEAN
    input.Body.triggerTemplate.projectId == STRING
    input.Body.triggerTemplate.repoName == STRING
    input.Body.triggerTemplate.substitutions.STRING == STRING
    input.Body.triggerTemplate.tagName == STRING
    input.Body.webhookConfig.secret == STRING
    input.Body.webhookConfig.state == enum_WebhookConfigState[_]
    input.ReqMap.ProjectID == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.triggers.delete

valid {
    input.ReqMap.ProjectID == STRING
    input.ReqMap.triggerId == STRING
    input.Qs.name == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.triggers.get

valid {
    input.ReqMap.ProjectID == STRING
    input.ReqMap.triggerId == STRING
    input.Qs.name == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.triggers.list

valid {
    input.ReqMap.ProjectID == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.triggers.patch

enum_BuildOptionsDefaultLogsBucketBehavior := [ "DEFAULT_LOGS_BUCKET_BEHAVIOR_UNSPECIFIED", "REGIONAL_USER_OWNED_BUCKET", "LEGACY_BUCKET" ]
enum_BuildOptionsLogStreamingOption := [ "STREAM_DEFAULT", "STREAM_ON", "STREAM_OFF" ]
enum_BuildOptionsLogging := [ "LOGGING_UNSPECIFIED", "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", "NONE" ]
enum_BuildOptionsMachineType := [ "UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32", "E2_MEDIUM" ]
enum_BuildOptionsRequestedVerifyOption := [ "NOT_VERIFIED", "VERIFIED" ]
enum_BuildOptionsSourceProvenanceHash := [ "NONE", "SHA256", "MD5", "SHA512" ]
enum_BuildOptionsSubstitutionOption := [ "MUST_MATCH", "ALLOW_LOOSE" ]
enum_BuildTriggerEventType := [ "EVENT_TYPE_UNSPECIFIED", "REPO", "WEBHOOK", "PUBSUB", "MANUAL" ]
enum_BuildTriggerIncludeBuildLogs := [ "INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS" ]
enum_GitFileSourceRepoType := [ "UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER", "GITLAB", "BITBUCKET_CLOUD" ]
enum_GitRepoSourceRepoType := [ "UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER", "GITLAB", "BITBUCKET_CLOUD" ]
enum_PubsubConfigState := [ "STATE_UNSPECIFIED", "OK", "SUBSCRIPTION_DELETED", "TOPIC_DELETED", "SUBSCRIPTION_MISCONFIGURED" ]
enum_PullRequestFilterCommentControl := [ "COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY" ]
enum_StorageSourceSourceFetcher := [ "SOURCE_FETCHER_UNSPECIFIED", "GSUTIL", "GCS_FETCHER" ]
enum_WebhookConfigState := [ "STATE_UNSPECIFIED", "OK", "SECRET_DELETED" ]

valid {
    input.Body.approvalConfig.approvalRequired == BOOLEAN
    input.Body.autodetect == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.bitbucketServerConfigResource == STRING
    input.Body.bitbucketServerTriggerConfig.projectKey == STRING
    input.Body.bitbucketServerTriggerConfig.pullRequest.branch == STRING
    input.Body.bitbucketServerTriggerConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.bitbucketServerTriggerConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.push.branch == STRING
    input.Body.bitbucketServerTriggerConfig.push.invertRegex == BOOLEAN
    input.Body.bitbucketServerTriggerConfig.push.tag == STRING
    input.Body.bitbucketServerTriggerConfig.repoSlug == STRING
    input.Body.build.artifacts.images[_] == STRING
    input.Body.build.artifacts.mavenArtifacts[_].artifactId == STRING
    input.Body.build.artifacts.mavenArtifacts[_].groupId == STRING
    input.Body.build.artifacts.mavenArtifacts[_].path == STRING
    input.Body.build.artifacts.mavenArtifacts[_].repository == STRING
    input.Body.build.artifacts.mavenArtifacts[_].version == STRING
    input.Body.build.artifacts.npmPackages[_].packagePath == STRING
    input.Body.build.artifacts.npmPackages[_].repository == STRING
    input.Body.build.artifacts.objects.location == STRING
    input.Body.build.artifacts.objects.paths[_] == STRING
    input.Body.build.artifacts.pythonPackages[_].paths[_] == STRING
    input.Body.build.artifacts.pythonPackages[_].repository == STRING
    input.Body.build.availableSecrets.inline[_].envMap.STRING == STRING
    input.Body.build.availableSecrets.inline[_].kmsKeyName == STRING
    input.Body.build.availableSecrets.secretManager[_].env == STRING
    input.Body.build.availableSecrets.secretManager[_].versionName == STRING
    input.Body.build.gitConfig.http.proxySecretVersionName == STRING
    input.Body.build.images[_] == STRING
    input.Body.build.logsBucket == STRING
    input.Body.build.options.automapSubstitutions == BOOLEAN
    input.Body.build.options.defaultLogsBucketBehavior == enum_BuildOptionsDefaultLogsBucketBehavior[_]
    input.Body.build.options.diskSizeGb == STRING
    input.Body.build.options.dynamicSubstitutions == BOOLEAN
    input.Body.build.options.env[_] == STRING
    input.Body.build.options.logStreamingOption == enum_BuildOptionsLogStreamingOption[_]
    input.Body.build.options.logging == enum_BuildOptionsLogging[_]
    input.Body.build.options.machineType == enum_BuildOptionsMachineType[_]
    input.Body.build.options.pool.name == STRING
    input.Body.build.options.requestedVerifyOption == enum_BuildOptionsRequestedVerifyOption[_]
    input.Body.build.options.secretEnv[_] == STRING
    input.Body.build.options.sourceProvenanceHash[_] == enum_BuildOptionsSourceProvenanceHash[_]
    input.Body.build.options.substitutionOption == enum_BuildOptionsSubstitutionOption[_]
    input.Body.build.options.volumes[_].name == STRING
    input.Body.build.options.volumes[_].path == STRING
    input.Body.build.options.workerPool == STRING
    input.Body.build.queueTtl == STRING
    input.Body.build.secrets[_].kmsKeyName == STRING
    input.Body.build.secrets[_].secretEnv.STRING == STRING
    input.Body.build.serviceAccount == STRING
    input.Body.build.source.connectedRepository.dir == STRING
    input.Body.build.source.connectedRepository.repository == STRING
    input.Body.build.source.connectedRepository.revision == STRING
    input.Body.build.source.developerConnectConfig.dir == STRING
    input.Body.build.source.developerConnectConfig.gitRepositoryLink == STRING
    input.Body.build.source.developerConnectConfig.revision == STRING
    input.Body.build.source.gitSource.dir == STRING
    input.Body.build.source.gitSource.revision == STRING
    input.Body.build.source.gitSource.url == STRING
    input.Body.build.source.repoSource.branchName == STRING
    input.Body.build.source.repoSource.commitSha == STRING
    input.Body.build.source.repoSource.dir == STRING
    input.Body.build.source.repoSource.invertRegex == BOOLEAN
    input.Body.build.source.repoSource.projectId == STRING
    input.Body.build.source.repoSource.repoName == STRING
    input.Body.build.source.repoSource.substitutions.STRING == STRING
    input.Body.build.source.repoSource.tagName == STRING
    input.Body.build.source.storageSource.bucket == STRING
    input.Body.build.source.storageSource.generation == STRING
    input.Body.build.source.storageSource.object == STRING
    input.Body.build.source.storageSource.sourceFetcher == enum_StorageSourceSourceFetcher[_]
    input.Body.build.source.storageSourceManifest.bucket == STRING
    input.Body.build.source.storageSourceManifest.generation == STRING
    input.Body.build.source.storageSourceManifest.object == STRING
    input.Body.build.steps[_].allowExitCodes[_] == INTEGER
    input.Body.build.steps[_].allowFailure == BOOLEAN
    input.Body.build.steps[_].args[_] == STRING
    input.Body.build.steps[_].automapSubstitutions == BOOLEAN
    input.Body.build.steps[_].dir == STRING
    input.Body.build.steps[_].entrypoint == STRING
    input.Body.build.steps[_].env[_] == STRING
    input.Body.build.steps[_].id == STRING
    input.Body.build.steps[_].name == STRING
    input.Body.build.steps[_].script == STRING
    input.Body.build.steps[_].secretEnv[_] == STRING
    input.Body.build.steps[_].timeout == STRING
    input.Body.build.steps[_].volumes[_].name == STRING
    input.Body.build.steps[_].volumes[_].path == STRING
    input.Body.build.steps[_].waitFor[_] == STRING
    input.Body.build.substitutions.STRING == STRING
    input.Body.build.tags[_] == STRING
    input.Body.build.timeout == STRING
    input.Body.description == STRING
    input.Body.disabled == BOOLEAN
    input.Body.eventType == enum_BuildTriggerEventType[_]
    input.Body.filename == STRING
    input.Body.filter == STRING
    input.Body.gitFileSource.bitbucketServerConfig == STRING
    input.Body.gitFileSource.githubEnterpriseConfig == STRING
    input.Body.gitFileSource.path == STRING
    input.Body.gitFileSource.repoType == enum_GitFileSourceRepoType[_]
    input.Body.gitFileSource.repository == STRING
    input.Body.gitFileSource.revision == STRING
    input.Body.gitFileSource.uri == STRING
    input.Body.github.enterpriseConfigResourceName == STRING
    input.Body.github.installationId == STRING
    input.Body.github.name == STRING
    input.Body.github.owner == STRING
    input.Body.github.pullRequest.branch == STRING
    input.Body.github.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.github.pullRequest.invertRegex == BOOLEAN
    input.Body.github.push.branch == STRING
    input.Body.github.push.invertRegex == BOOLEAN
    input.Body.github.push.tag == STRING
    input.Body.gitlabEnterpriseEventsConfig.gitlabConfigResource == STRING
    input.Body.gitlabEnterpriseEventsConfig.projectNamespace == STRING
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.branch == STRING
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.gitlabEnterpriseEventsConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.gitlabEnterpriseEventsConfig.push.branch == STRING
    input.Body.gitlabEnterpriseEventsConfig.push.invertRegex == BOOLEAN
    input.Body.gitlabEnterpriseEventsConfig.push.tag == STRING
    input.Body.ignoredFiles[_] == STRING
    input.Body.includeBuildLogs == enum_BuildTriggerIncludeBuildLogs[_]
    input.Body.includedFiles[_] == STRING
    input.Body.name == STRING
    input.Body.pubsubConfig.serviceAccountEmail == STRING
    input.Body.pubsubConfig.state == enum_PubsubConfigState[_]
    input.Body.pubsubConfig.topic == STRING
    input.Body.repositoryEventConfig.pullRequest.branch == STRING
    input.Body.repositoryEventConfig.pullRequest.commentControl == enum_PullRequestFilterCommentControl[_]
    input.Body.repositoryEventConfig.pullRequest.invertRegex == BOOLEAN
    input.Body.repositoryEventConfig.push.branch == STRING
    input.Body.repositoryEventConfig.push.invertRegex == BOOLEAN
    input.Body.repositoryEventConfig.push.tag == STRING
    input.Body.repositoryEventConfig.repository == STRING
    input.Body.resourceName == STRING
    input.Body.serviceAccount == STRING
    input.Body.sourceToBuild.bitbucketServerConfig == STRING
    input.Body.sourceToBuild.githubEnterpriseConfig == STRING
    input.Body.sourceToBuild.ref == STRING
    input.Body.sourceToBuild.repoType == enum_GitRepoSourceRepoType[_]
    input.Body.sourceToBuild.repository == STRING
    input.Body.sourceToBuild.uri == STRING
    input.Body.substitutions.STRING == STRING
    input.Body.tags[_] == STRING
    input.Body.triggerTemplate.branchName == STRING
    input.Body.triggerTemplate.commitSha == STRING
    input.Body.triggerTemplate.dir == STRING
    input.Body.triggerTemplate.invertRegex == BOOLEAN
    input.Body.triggerTemplate.projectId == STRING
    input.Body.triggerTemplate.repoName == STRING
    input.Body.triggerTemplate.substitutions.STRING == STRING
    input.Body.triggerTemplate.tagName == STRING
    input.Body.webhookConfig.secret == STRING
    input.Body.webhookConfig.state == enum_WebhookConfigState[_]
    input.ReqMap.ProjectID == STRING
    input.ReqMap.triggerId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.triggers.run

valid {
    input.Body.branchName == STRING
    input.Body.commitSha == STRING
    input.Body.dir == STRING
    input.Body.invertRegex == BOOLEAN
    input.Body.projectId == STRING
    input.Body.repoName == STRING
    input.Body.substitutions.STRING == STRING
    input.Body.tagName == STRING
    input.ReqMap.ProjectID == STRING
    input.ReqMap.triggerId == STRING
    input.Qs.name == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.triggers.webhook

valid {
    input.Body.contentType == STRING
    input.Body.data == STRING
    input.Body.extensions[_].STRING == ANY
    input.ReqMap.ProjectID == STRING
    input.ReqMap.trigger == STRING
    input.Qs.name == STRING
    input.Qs.secret == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudbuild.projects.workerPools.create

valid {
    input.Body.networkConfig.peeredNetwork == STRING
    input.Body.region == STRING
    input.Body.workerConfig.diskSizeGb == STRING
    input.Body.workerConfig.machineType == STRING
    input.ReqMap.parent == STRING
    input.Qs.workerPoolId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.workerPools.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.workerPools.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.workerPools.list

valid {
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.projects.workerPools.patch

valid {
    input.Body.networkConfig.peeredNetwork == STRING
    input.Body.region == STRING
    input.Body.workerConfig.diskSizeGb == STRING
    input.Body.workerConfig.machineType == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudbuild.webhook

valid {
    input.Body.contentType == STRING
    input.Body.data == STRING
    input.Body.extensions[_].STRING == ANY
    input.Qs.webhookKey == STRING
    input.ProviderMetadata.Region == STRING
}