Guides

CLOUDIDENTITY

cloud.google.com
GCP documentation

cloudidentity.customers.userinvitations.cancel

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.customers.userinvitations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.customers.userinvitations.isInvitableUser

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.customers.userinvitations.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.customers.userinvitations.send

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.cancelWipe

valid {
    input.Body.customer == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.create

valid {
    input.Body.assetTag == STRING
    input.Body.deviceId == STRING
    input.Body.hostname == STRING
    input.Body.lastSyncTime == STRING
    input.Body.serialNumber == STRING
    input.Body.wifiMacAddresses[_] == STRING
    input.Qs.customer == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.customer == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.approve

valid {
    input.Body.customer == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.block

valid {
    input.Body.customer == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.cancelWipe

valid {
    input.Body.customer == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.clientStates.get

valid {
    input.ReqMap.name == STRING
    input.Qs.customer == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.clientStates.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.customer == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.clientStates.patch

enum_GoogleAppsCloudidentityDevicesV1ClientStateComplianceState := [ "COMPLIANCE_STATE_UNSPECIFIED", "COMPLIANT", "NON_COMPLIANT" ]
enum_GoogleAppsCloudidentityDevicesV1ClientStateHealthScore := [ "HEALTH_SCORE_UNSPECIFIED", "VERY_POOR", "POOR", "NEUTRAL", "GOOD", "VERY_GOOD" ]
enum_GoogleAppsCloudidentityDevicesV1ClientStateManaged := [ "MANAGED_STATE_UNSPECIFIED", "MANAGED", "UNMANAGED" ]

valid {
    input.Body.assetTags[_] == STRING
    input.Body.complianceState == enum_GoogleAppsCloudidentityDevicesV1ClientStateComplianceState[_]
    input.Body.customId == STRING
    input.Body.etag == STRING
    input.Body.healthScore == enum_GoogleAppsCloudidentityDevicesV1ClientStateHealthScore[_]
    input.Body.keyValuePairs.STRING.boolValue == BOOLEAN
    input.Body.keyValuePairs.STRING.numberValue == NUMBER
    input.Body.keyValuePairs.STRING.stringValue == STRING
    input.Body.managed == enum_GoogleAppsCloudidentityDevicesV1ClientStateManaged[_]
    input.Body.scoreReason == STRING
    input.ReqMap.name == STRING
    input.Qs.customer == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.customer == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.get

valid {
    input.ReqMap.name == STRING
    input.Qs.customer == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.customer == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.lookup

valid {
    input.ReqMap.parent == STRING
    input.Qs.androidId == STRING
    input.Qs.iosDeviceId == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.partner == STRING
    input.Qs.rawResourceId == STRING
    input.Qs.userId == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.deviceUsers.wipe

valid {
    input.Body.customer == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.get

valid {
    input.ReqMap.name == STRING
    input.Qs.customer == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.list

enum_ViewParameter := [ "VIEW_UNSPECIFIED", "COMPANY_INVENTORY", "USER_ASSIGNED_DEVICES" ]

valid {
    input.Qs.customer == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.view == enum_ViewParameter[_]
    input.ProviderMetadata.Region == STRING
}

cloudidentity.devices.wipe

valid {
    input.Body.customer == STRING
    input.Body.removeResetLock == BOOLEAN
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.create

enum_DynamicGroupQueryResourceType := [ "RESOURCE_TYPE_UNSPECIFIED", "USER" ]
enum_InitialGroupConfigParameter := [ "INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.dynamicGroupMetadata.queries[_].query == STRING
    input.Body.dynamicGroupMetadata.queries[_].resourceType == enum_DynamicGroupQueryResourceType[_]
    input.Body.groupKey.id == STRING
    input.Body.groupKey.namespace == STRING
    input.Body.labels.STRING == STRING
    input.Body.parent == STRING
    input.Qs.initialGroupConfig == enum_InitialGroupConfigParameter[_]
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.getSecuritySettings

valid {
    input.ReqMap.name == STRING
    input.Qs.readMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.list

enum_ViewParameter := [ "VIEW_UNSPECIFIED", "BASIC", "FULL" ]

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.Qs.view == enum_ViewParameter[_]
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.lookup

valid {
    input.Qs.groupKey.id == STRING
    input.Qs.groupKey.namespace == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.checkTransitiveMembership

valid {
    input.ReqMap.parent == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.create

valid {
    input.Body.preferredMemberKey.id == STRING
    input.Body.preferredMemberKey.namespace == STRING
    input.Body.roles[_].expiryDetail.expireTime == STRING
    input.Body.roles[_].name == STRING
    input.Body.roles[_].restrictionEvaluations.memberRestrictionEvaluation == {}
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.getMembershipGraph

valid {
    input.ReqMap.parent == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.list

enum_ViewParameter := [ "VIEW_UNSPECIFIED", "BASIC", "FULL" ]

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.view == enum_ViewParameter[_]
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.lookup

valid {
    input.ReqMap.parent == STRING
    input.Qs.memberKey.id == STRING
    input.Qs.memberKey.namespace == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.modifyMembershipRoles

valid {
    input.Body.addRoles[_].expiryDetail.expireTime == STRING
    input.Body.addRoles[_].name == STRING
    input.Body.addRoles[_].restrictionEvaluations.memberRestrictionEvaluation == {}
    input.Body.removeRoles[_] == STRING
    input.Body.updateRolesParams[_].fieldMask == STRING
    input.Body.updateRolesParams[_].membershipRole.expiryDetail.expireTime == STRING
    input.Body.updateRolesParams[_].membershipRole.name == STRING
    input.Body.updateRolesParams[_].membershipRole.restrictionEvaluations.memberRestrictionEvaluation == {}
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.searchDirectGroups

valid {
    input.ReqMap.parent == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.searchTransitiveGroups

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.memberships.searchTransitiveMemberships

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.patch

enum_DynamicGroupQueryResourceType := [ "RESOURCE_TYPE_UNSPECIFIED", "USER" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.dynamicGroupMetadata.queries[_].query == STRING
    input.Body.dynamicGroupMetadata.queries[_].resourceType == enum_DynamicGroupQueryResourceType[_]
    input.Body.groupKey.id == STRING
    input.Body.groupKey.namespace == STRING
    input.Body.labels.STRING == STRING
    input.Body.parent == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.search

enum_ViewParameter := [ "VIEW_UNSPECIFIED", "BASIC", "FULL" ]

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.Qs.view == enum_ViewParameter[_]
    input.ProviderMetadata.Region == STRING
}

cloudidentity.groups.updateSecuritySettings

valid {
    input.Body.memberRestriction.evaluation == {}
    input.Body.memberRestriction.query == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundOidcSsoProfiles.create

valid {
    input.Body.customer == STRING
    input.Body.displayName == STRING
    input.Body.idpConfig.changePasswordUri == STRING
    input.Body.idpConfig.issuerUri == STRING
    input.Body.rpConfig.clientId == STRING
    input.Body.rpConfig.clientSecret == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundOidcSsoProfiles.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundOidcSsoProfiles.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundOidcSsoProfiles.list

valid {
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundOidcSsoProfiles.patch

valid {
    input.Body.customer == STRING
    input.Body.displayName == STRING
    input.Body.idpConfig.changePasswordUri == STRING
    input.Body.idpConfig.issuerUri == STRING
    input.Body.rpConfig.clientId == STRING
    input.Body.rpConfig.clientSecret == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.create

valid {
    input.Body.customer == STRING
    input.Body.displayName == STRING
    input.Body.idpConfig.changePasswordUri == STRING
    input.Body.idpConfig.entityId == STRING
    input.Body.idpConfig.logoutRedirectUri == STRING
    input.Body.idpConfig.singleSignOnServiceUri == STRING
    input.Body.spConfig == {}
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.idpCredentials.add

valid {
    input.Body.pemData == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.idpCredentials.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.idpCredentials.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.idpCredentials.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.list

valid {
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSamlSsoProfiles.patch

valid {
    input.Body.customer == STRING
    input.Body.displayName == STRING
    input.Body.idpConfig.changePasswordUri == STRING
    input.Body.idpConfig.entityId == STRING
    input.Body.idpConfig.logoutRedirectUri == STRING
    input.Body.idpConfig.singleSignOnServiceUri == STRING
    input.Body.spConfig == {}
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSsoAssignments.create

enum_InboundSsoAssignmentSsoMode := [ "SSO_MODE_UNSPECIFIED", "SSO_OFF", "SAML_SSO", "OIDC_SSO", "DOMAIN_WIDE_SAML_IF_ENABLED" ]
enum_SignInBehaviorRedirectCondition := [ "REDIRECT_CONDITION_UNSPECIFIED", "NEVER" ]

valid {
    input.Body.customer == STRING
    input.Body.oidcSsoInfo.inboundOidcSsoProfile == STRING
    input.Body.rank == INTEGER
    input.Body.samlSsoInfo.inboundSamlSsoProfile == STRING
    input.Body.signInBehavior.redirectCondition == enum_SignInBehaviorRedirectCondition[_]
    input.Body.ssoMode == enum_InboundSsoAssignmentSsoMode[_]
    input.Body.targetGroup == STRING
    input.Body.targetOrgUnit == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSsoAssignments.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSsoAssignments.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSsoAssignments.list

valid {
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.inboundSsoAssignments.patch

enum_InboundSsoAssignmentSsoMode := [ "SSO_MODE_UNSPECIFIED", "SSO_OFF", "SAML_SSO", "OIDC_SSO", "DOMAIN_WIDE_SAML_IF_ENABLED" ]
enum_SignInBehaviorRedirectCondition := [ "REDIRECT_CONDITION_UNSPECIFIED", "NEVER" ]

valid {
    input.Body.customer == STRING
    input.Body.oidcSsoInfo.inboundOidcSsoProfile == STRING
    input.Body.rank == INTEGER
    input.Body.samlSsoInfo.inboundSamlSsoProfile == STRING
    input.Body.signInBehavior.redirectCondition == enum_SignInBehaviorRedirectCondition[_]
    input.Body.ssoMode == enum_InboundSsoAssignmentSsoMode[_]
    input.Body.targetGroup == STRING
    input.Body.targetOrgUnit == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.orgUnits.memberships.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.customer == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.orgUnits.memberships.move

valid {
    input.Body.customer == STRING
    input.Body.destinationOrgUnit == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.policies.create

valid {
    input.Body.customer == STRING
    input.Body.policyQuery.group == STRING
    input.Body.policyQuery.orgUnit == STRING
    input.Body.policyQuery.query == STRING
    input.Body.setting.type == STRING
    input.Body.setting.value.STRING == ANY
    input.ProviderMetadata.Region == STRING
}

cloudidentity.policies.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.policies.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.policies.list

valid {
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudidentity.policies.patch

valid {
    input.Body.customer == STRING
    input.Body.policyQuery.group == STRING
    input.Body.policyQuery.orgUnit == STRING
    input.Body.policyQuery.query == STRING
    input.Body.setting.type == STRING
    input.Body.setting.value.STRING == ANY
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}