CLOUDKMS
cloudkms.folders.getAutokeyConfig
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.folders.updateAutokeyConfig
valid {
input.Body.keyProject == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConfig.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConfig.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConfig.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConnections.create
enum_EkmConnectionKeyManagementMode := [ "KEY_MANAGEMENT_MODE_UNSPECIFIED", "MANUAL", "CLOUD_KMS" ]
valid {
input.Body.cryptoSpacePath == STRING
input.Body.etag == STRING
input.Body.keyManagementMode == enum_EkmConnectionKeyManagementMode[_]
input.Body.serviceResolvers[_].endpointFilter == STRING
input.Body.serviceResolvers[_].hostname == STRING
input.Body.serviceResolvers[_].serverCertificates[_].rawDer == STRING
input.Body.serviceResolvers[_].serviceDirectoryService == STRING
input.ReqMap.parent == STRING
input.Qs.ekmConnectionId == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConnections.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConnections.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConnections.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConnections.patch
enum_EkmConnectionKeyManagementMode := [ "KEY_MANAGEMENT_MODE_UNSPECIFIED", "MANUAL", "CLOUD_KMS" ]
valid {
input.Body.cryptoSpacePath == STRING
input.Body.etag == STRING
input.Body.keyManagementMode == enum_EkmConnectionKeyManagementMode[_]
input.Body.serviceResolvers[_].endpointFilter == STRING
input.Body.serviceResolvers[_].hostname == STRING
input.Body.serviceResolvers[_].serverCertificates[_].rawDer == STRING
input.Body.serviceResolvers[_].serviceDirectoryService == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConnections.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConnections.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.ekmConnections.verifyConnectivity
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.generateRandomBytes
enum_GenerateRandomBytesRequestProtectionLevel := [ "PROTECTION_LEVEL_UNSPECIFIED", "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC" ]
valid {
input.Body.lengthBytes == INTEGER
input.Body.protectionLevel == enum_GenerateRandomBytesRequestProtectionLevel[_]
input.ReqMap.location == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.getEkmConfig
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyHandles.create
valid {
input.Body.name == STRING
input.Body.resourceTypeSelector == STRING
input.ReqMap.parent == STRING
input.Qs.keyHandleId == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyHandles.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyHandles.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.create
valid {
input.ReqMap.parent == STRING
input.Qs.keyRingId == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.create
enum_CryptoKeyPurpose := [ "CRYPTO_KEY_PURPOSE_UNSPECIFIED", "ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "RAW_ENCRYPT_DECRYPT", "MAC" ]
enum_CryptoKeyVersionTemplateAlgorithm := [ "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED", "GOOGLE_SYMMETRIC_ENCRYPTION", "AES_128_GCM", "AES_256_GCM", "AES_128_CBC", "AES_256_CBC", "AES_128_CTR", "AES_256_CTR", "RSA_SIGN_PSS_2048_SHA256", "RSA_SIGN_PSS_3072_SHA256", "RSA_SIGN_PSS_4096_SHA256", "RSA_SIGN_PSS_4096_SHA512", "RSA_SIGN_PKCS1_2048_SHA256", "RSA_SIGN_PKCS1_3072_SHA256", "RSA_SIGN_PKCS1_4096_SHA256", "RSA_SIGN_PKCS1_4096_SHA512", "RSA_SIGN_RAW_PKCS1_2048", "RSA_SIGN_RAW_PKCS1_3072", "RSA_SIGN_RAW_PKCS1_4096", "RSA_DECRYPT_OAEP_2048_SHA256", "RSA_DECRYPT_OAEP_3072_SHA256", "RSA_DECRYPT_OAEP_4096_SHA256", "RSA_DECRYPT_OAEP_4096_SHA512", "RSA_DECRYPT_OAEP_2048_SHA1", "RSA_DECRYPT_OAEP_3072_SHA1", "RSA_DECRYPT_OAEP_4096_SHA1", "EC_SIGN_P256_SHA256", "EC_SIGN_P384_SHA384", "EC_SIGN_SECP256K1_SHA256", "EC_SIGN_ED25519", "HMAC_SHA256", "HMAC_SHA1", "HMAC_SHA384", "HMAC_SHA512", "HMAC_SHA224", "EXTERNAL_SYMMETRIC_ENCRYPTION" ]
enum_CryptoKeyVersionTemplateProtectionLevel := [ "PROTECTION_LEVEL_UNSPECIFIED", "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC" ]
enum_KeyAccessJustificationsPolicyAllowedAccessReasons := [ "REASON_UNSPECIFIED", "CUSTOMER_INITIATED_SUPPORT", "GOOGLE_INITIATED_SERVICE", "THIRD_PARTY_DATA_REQUEST", "GOOGLE_INITIATED_REVIEW", "CUSTOMER_INITIATED_ACCESS", "GOOGLE_INITIATED_SYSTEM_OPERATION", "REASON_NOT_EXPECTED", "MODIFIED_CUSTOMER_INITIATED_ACCESS", "MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION", "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT", "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING" ]
valid {
input.Body.cryptoKeyBackend == STRING
input.Body.destroyScheduledDuration == STRING
input.Body.importOnly == BOOLEAN
input.Body.keyAccessJustificationsPolicy.allowedAccessReasons[_] == enum_KeyAccessJustificationsPolicyAllowedAccessReasons[_]
input.Body.labels.STRING == STRING
input.Body.nextRotationTime == STRING
input.Body.purpose == enum_CryptoKeyPurpose[_]
input.Body.rotationPeriod == STRING
input.Body.versionTemplate.algorithm == enum_CryptoKeyVersionTemplateAlgorithm[_]
input.Body.versionTemplate.protectionLevel == enum_CryptoKeyVersionTemplateProtectionLevel[_]
input.ReqMap.parent == STRING
input.Qs.cryptoKeyId == STRING
input.Qs.skipInitialVersionCreation == BOOLEAN
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.asymmetricDecrypt
valid {
input.Body.ciphertext == STRING
input.Body.ciphertextCrc32c == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.asymmetricSign
valid {
input.Body.data == STRING
input.Body.dataCrc32c == STRING
input.Body.digest.sha256 == STRING
input.Body.digest.sha384 == STRING
input.Body.digest.sha512 == STRING
input.Body.digestCrc32c == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.create
enum_CryptoKeyVersionState := [ "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED", "PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED", "GENERATION_FAILED", "PENDING_EXTERNAL_DESTRUCTION", "EXTERNAL_DESTRUCTION_FAILED" ]
valid {
input.Body.externalProtectionLevelOptions.ekmConnectionKeyPath == STRING
input.Body.externalProtectionLevelOptions.externalKeyUri == STRING
input.Body.state == enum_CryptoKeyVersionState[_]
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy
valid {
input.Body.STRING == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.getPublicKey
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.import
enum_ImportCryptoKeyVersionRequestAlgorithm := [ "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED", "GOOGLE_SYMMETRIC_ENCRYPTION", "AES_128_GCM", "AES_256_GCM", "AES_128_CBC", "AES_256_CBC", "AES_128_CTR", "AES_256_CTR", "RSA_SIGN_PSS_2048_SHA256", "RSA_SIGN_PSS_3072_SHA256", "RSA_SIGN_PSS_4096_SHA256", "RSA_SIGN_PSS_4096_SHA512", "RSA_SIGN_PKCS1_2048_SHA256", "RSA_SIGN_PKCS1_3072_SHA256", "RSA_SIGN_PKCS1_4096_SHA256", "RSA_SIGN_PKCS1_4096_SHA512", "RSA_SIGN_RAW_PKCS1_2048", "RSA_SIGN_RAW_PKCS1_3072", "RSA_SIGN_RAW_PKCS1_4096", "RSA_DECRYPT_OAEP_2048_SHA256", "RSA_DECRYPT_OAEP_3072_SHA256", "RSA_DECRYPT_OAEP_4096_SHA256", "RSA_DECRYPT_OAEP_4096_SHA512", "RSA_DECRYPT_OAEP_2048_SHA1", "RSA_DECRYPT_OAEP_3072_SHA1", "RSA_DECRYPT_OAEP_4096_SHA1", "EC_SIGN_P256_SHA256", "EC_SIGN_P384_SHA384", "EC_SIGN_SECP256K1_SHA256", "EC_SIGN_ED25519", "HMAC_SHA256", "HMAC_SHA1", "HMAC_SHA384", "HMAC_SHA512", "HMAC_SHA224", "EXTERNAL_SYMMETRIC_ENCRYPTION" ]
valid {
input.Body.algorithm == enum_ImportCryptoKeyVersionRequestAlgorithm[_]
input.Body.cryptoKeyVersion == STRING
input.Body.importJob == STRING
input.Body.rsaAesWrappedKey == STRING
input.Body.wrappedKey == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.list
enum_ViewParameter := [ "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED", "FULL" ]
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.view == enum_ViewParameter[_]
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.macSign
valid {
input.Body.data == STRING
input.Body.dataCrc32c == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.macVerify
valid {
input.Body.data == STRING
input.Body.dataCrc32c == STRING
input.Body.mac == STRING
input.Body.macCrc32c == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.patch
enum_CryptoKeyVersionState := [ "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED", "PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED", "GENERATION_FAILED", "PENDING_EXTERNAL_DESTRUCTION", "EXTERNAL_DESTRUCTION_FAILED" ]
valid {
input.Body.externalProtectionLevelOptions.ekmConnectionKeyPath == STRING
input.Body.externalProtectionLevelOptions.externalKeyUri == STRING
input.Body.state == enum_CryptoKeyVersionState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.rawDecrypt
valid {
input.Body.additionalAuthenticatedData == STRING
input.Body.additionalAuthenticatedDataCrc32c == STRING
input.Body.ciphertext == STRING
input.Body.ciphertextCrc32c == STRING
input.Body.initializationVector == STRING
input.Body.initializationVectorCrc32c == STRING
input.Body.tagLength == INTEGER
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.rawEncrypt
valid {
input.Body.additionalAuthenticatedData == STRING
input.Body.additionalAuthenticatedDataCrc32c == STRING
input.Body.initializationVector == STRING
input.Body.initializationVectorCrc32c == STRING
input.Body.plaintext == STRING
input.Body.plaintextCrc32c == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.restore
valid {
input.Body.STRING == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.decrypt
valid {
input.Body.additionalAuthenticatedData == STRING
input.Body.additionalAuthenticatedDataCrc32c == STRING
input.Body.ciphertext == STRING
input.Body.ciphertextCrc32c == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.encrypt
valid {
input.Body.additionalAuthenticatedData == STRING
input.Body.additionalAuthenticatedDataCrc32c == STRING
input.Body.plaintext == STRING
input.Body.plaintextCrc32c == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.list
enum_VersionViewParameter := [ "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED", "FULL" ]
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.versionView == enum_VersionViewParameter[_]
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.patch
enum_CryptoKeyPurpose := [ "CRYPTO_KEY_PURPOSE_UNSPECIFIED", "ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "RAW_ENCRYPT_DECRYPT", "MAC" ]
enum_CryptoKeyVersionTemplateAlgorithm := [ "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED", "GOOGLE_SYMMETRIC_ENCRYPTION", "AES_128_GCM", "AES_256_GCM", "AES_128_CBC", "AES_256_CBC", "AES_128_CTR", "AES_256_CTR", "RSA_SIGN_PSS_2048_SHA256", "RSA_SIGN_PSS_3072_SHA256", "RSA_SIGN_PSS_4096_SHA256", "RSA_SIGN_PSS_4096_SHA512", "RSA_SIGN_PKCS1_2048_SHA256", "RSA_SIGN_PKCS1_3072_SHA256", "RSA_SIGN_PKCS1_4096_SHA256", "RSA_SIGN_PKCS1_4096_SHA512", "RSA_SIGN_RAW_PKCS1_2048", "RSA_SIGN_RAW_PKCS1_3072", "RSA_SIGN_RAW_PKCS1_4096", "RSA_DECRYPT_OAEP_2048_SHA256", "RSA_DECRYPT_OAEP_3072_SHA256", "RSA_DECRYPT_OAEP_4096_SHA256", "RSA_DECRYPT_OAEP_4096_SHA512", "RSA_DECRYPT_OAEP_2048_SHA1", "RSA_DECRYPT_OAEP_3072_SHA1", "RSA_DECRYPT_OAEP_4096_SHA1", "EC_SIGN_P256_SHA256", "EC_SIGN_P384_SHA384", "EC_SIGN_SECP256K1_SHA256", "EC_SIGN_ED25519", "HMAC_SHA256", "HMAC_SHA1", "HMAC_SHA384", "HMAC_SHA512", "HMAC_SHA224", "EXTERNAL_SYMMETRIC_ENCRYPTION" ]
enum_CryptoKeyVersionTemplateProtectionLevel := [ "PROTECTION_LEVEL_UNSPECIFIED", "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC" ]
enum_KeyAccessJustificationsPolicyAllowedAccessReasons := [ "REASON_UNSPECIFIED", "CUSTOMER_INITIATED_SUPPORT", "GOOGLE_INITIATED_SERVICE", "THIRD_PARTY_DATA_REQUEST", "GOOGLE_INITIATED_REVIEW", "CUSTOMER_INITIATED_ACCESS", "GOOGLE_INITIATED_SYSTEM_OPERATION", "REASON_NOT_EXPECTED", "MODIFIED_CUSTOMER_INITIATED_ACCESS", "MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION", "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT", "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING" ]
valid {
input.Body.cryptoKeyBackend == STRING
input.Body.destroyScheduledDuration == STRING
input.Body.importOnly == BOOLEAN
input.Body.keyAccessJustificationsPolicy.allowedAccessReasons[_] == enum_KeyAccessJustificationsPolicyAllowedAccessReasons[_]
input.Body.labels.STRING == STRING
input.Body.nextRotationTime == STRING
input.Body.purpose == enum_CryptoKeyPurpose[_]
input.Body.rotationPeriod == STRING
input.Body.versionTemplate.algorithm == enum_CryptoKeyVersionTemplateAlgorithm[_]
input.Body.versionTemplate.protectionLevel == enum_CryptoKeyVersionTemplateProtectionLevel[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.cryptoKeys.updatePrimaryVersion
valid {
input.Body.cryptoKeyVersionId == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.importJobs.create
enum_ImportJobImportMethod := [ "IMPORT_METHOD_UNSPECIFIED", "RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256", "RSA_OAEP_3072_SHA256_AES_256", "RSA_OAEP_4096_SHA256_AES_256", "RSA_OAEP_3072_SHA256", "RSA_OAEP_4096_SHA256" ]
enum_ImportJobProtectionLevel := [ "PROTECTION_LEVEL_UNSPECIFIED", "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC" ]
valid {
input.Body.importMethod == enum_ImportJobImportMethod[_]
input.Body.protectionLevel == enum_ImportJobProtectionLevel[_]
input.ReqMap.parent == STRING
input.Qs.importJobId == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.importJobs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.importJobs.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.importJobs.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.importJobs.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.importJobs.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.keyRings.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.list
valid {
input.ReqMap.name == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.operations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.locations.updateEkmConfig
valid {
input.Body.defaultEkmConnection == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
cloudkms.projects.showEffectiveAutokeyConfig
valid {
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
Updated 4 days ago