Guides

CLOUDRESOURCEMANAGER

cloud.google.com
GCP documentation

cloudresourcemanager.effectiveTags.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.capabilities.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.capabilities.patch

valid {
    input.Body.name == STRING
    input.Body.value == BOOLEAN
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.clearOrgPolicy

valid {
    input.Body.constraint == STRING
    input.Body.etag == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.create

valid {
    input.Body.displayName == STRING
    input.Body.name == STRING
    input.Body.parent == STRING
    input.Body.tags.STRING == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.getEffectiveOrgPolicy

valid {
    input.Body.constraint == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.getIamPolicy

valid {
    input.Body.options.requestedPolicyVersion == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.getOrgPolicy

valid {
    input.Body.constraint == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.Qs.showDeleted == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.listAvailableOrgPolicyConstraints

valid {
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.listOrgPolicies

valid {
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.move

valid {
    input.Body.destinationParent == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.patch

valid {
    input.Body.displayName == STRING
    input.Body.name == STRING
    input.Body.parent == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.search

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.setOrgPolicy

enum_ListPolicyAllValues := [ "ALL_VALUES_UNSPECIFIED", "ALLOW", "DENY" ]

valid {
    input.Body.policy.booleanPolicy.enforced == BOOLEAN
    input.Body.policy.constraint == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.listPolicy.allValues == enum_ListPolicyAllValues[_]
    input.Body.policy.listPolicy.allowedValues[_] == STRING
    input.Body.policy.listPolicy.deniedValues[_] == STRING
    input.Body.policy.listPolicy.inheritFromParent == BOOLEAN
    input.Body.policy.listPolicy.suggestedValue == STRING
    input.Body.policy.restoreDefault.STRING == STRING
    input.Body.policy.updateTime == STRING
    input.Body.policy.version == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.folders.undelete

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.liens.create

valid {
    input.Body.createTime == STRING
    input.Body.name == STRING
    input.Body.origin == STRING
    input.Body.parent == STRING
    input.Body.reason == STRING
    input.Body.restrictions[_] == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.liens.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.liens.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.liens.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.locations.effectiveTagBindingCollections.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.locations.tagBindingCollections.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.locations.tagBindingCollections.update

valid {
    input.Body.etag == STRING
    input.Body.fullResourceName == STRING
    input.Body.name == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.clearOrgPolicy

valid {
    input.Body.constraint == STRING
    input.Body.etag == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.getEffectiveOrgPolicy

valid {
    input.Body.constraint == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.getIamPolicy

valid {
    input.Body.options.requestedPolicyVersion == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.getOrgPolicy

valid {
    input.Body.constraint == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.list

valid {
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.listAvailableOrgPolicyConstraints

valid {
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.listOrgPolicies

valid {
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.search

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.setOrgPolicy

enum_ListPolicyAllValues := [ "ALL_VALUES_UNSPECIFIED", "ALLOW", "DENY" ]

valid {
    input.Body.policy.booleanPolicy.enforced == BOOLEAN
    input.Body.policy.constraint == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.listPolicy.allValues == enum_ListPolicyAllValues[_]
    input.Body.policy.listPolicy.allowedValues[_] == STRING
    input.Body.policy.listPolicy.deniedValues[_] == STRING
    input.Body.policy.listPolicy.inheritFromParent == BOOLEAN
    input.Body.policy.listPolicy.suggestedValue == STRING
    input.Body.policy.restoreDefault.STRING == STRING
    input.Body.policy.updateTime == STRING
    input.Body.policy.version == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.organizations.update

enum_OrganizationLifecycleState := [ "LIFECYCLE_STATE_UNSPECIFIED", "ACTIVE", "DELETE_REQUESTED" ]

valid {
    input.Body.creationTime == STRING
    input.Body.displayName == STRING
    input.Body.lifecycleState == enum_OrganizationLifecycleState[_]
    input.Body.name == STRING
    input.Body.organizationId == STRING
    input.Body.owner.directoryCustomerId == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.clearOrgPolicy

valid {
    input.Body.constraint == STRING
    input.Body.etag == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.create

valid {
    input.Body.displayName == STRING
    input.Body.labels.STRING == STRING
    input.Body.parent == STRING
    input.Body.projectId == STRING
    input.Body.tags.STRING == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.getAncestry

valid {
    input.Body.STRING == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudresourcemanager.projects.getEffectiveOrgPolicy

valid {
    input.Body.constraint == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.getIamPolicy

valid {
    input.Body.options.requestedPolicyVersion == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.getOrgPolicy

valid {
    input.Body.constraint == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.Qs.showDeleted == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.listAvailableOrgPolicyConstraints

valid {
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.listOrgPolicies

valid {
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.move

valid {
    input.Body.destinationParent == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.patch

valid {
    input.Body.displayName == STRING
    input.Body.labels.STRING == STRING
    input.Body.parent == STRING
    input.Body.projectId == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.search

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.query == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.setOrgPolicy

enum_ListPolicyAllValues := [ "ALL_VALUES_UNSPECIFIED", "ALLOW", "DENY" ]

valid {
    input.Body.policy.booleanPolicy.enforced == BOOLEAN
    input.Body.policy.constraint == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.listPolicy.allValues == enum_ListPolicyAllValues[_]
    input.Body.policy.listPolicy.allowedValues[_] == STRING
    input.Body.policy.listPolicy.deniedValues[_] == STRING
    input.Body.policy.listPolicy.inheritFromParent == BOOLEAN
    input.Body.policy.listPolicy.suggestedValue == STRING
    input.Body.policy.restoreDefault.STRING == STRING
    input.Body.policy.updateTime == STRING
    input.Body.policy.version == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.undelete

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.projects.update

enum_ProjectLifecycleState := [ "LIFECYCLE_STATE_UNSPECIFIED", "ACTIVE", "DELETE_REQUESTED", "DELETE_IN_PROGRESS" ]

valid {
    input.Body.createTime == STRING
    input.Body.labels.STRING == STRING
    input.Body.lifecycleState == enum_ProjectLifecycleState[_]
    input.Body.name == STRING
    input.Body.parent.id == STRING
    input.Body.parent.type == STRING
    input.Body.projectId == STRING
    input.Body.projectNumber == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

cloudresourcemanager.tagBindings.create

valid {
    input.Body.parent == STRING
    input.Body.tagValue == STRING
    input.Body.tagValueNamespacedName == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagBindings.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagBindings.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.create

enum_TagKeyPurpose := [ "PURPOSE_UNSPECIFIED", "GCE_FIREWALL", "DATA_GOVERNANCE" ]

valid {
    input.Body.description == STRING
    input.Body.etag == STRING
    input.Body.name == STRING
    input.Body.parent == STRING
    input.Body.purpose == enum_TagKeyPurpose[_]
    input.Body.purposeData.STRING == STRING
    input.Body.shortName == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.etag == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.getIamPolicy

valid {
    input.Body.options.requestedPolicyVersion == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.getNamespaced

valid {
    input.Qs.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.patch

enum_TagKeyPurpose := [ "PURPOSE_UNSPECIFIED", "GCE_FIREWALL", "DATA_GOVERNANCE" ]

valid {
    input.Body.description == STRING
    input.Body.etag == STRING
    input.Body.name == STRING
    input.Body.parent == STRING
    input.Body.purpose == enum_TagKeyPurpose[_]
    input.Body.purposeData.STRING == STRING
    input.Body.shortName == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagKeys.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.create

valid {
    input.Body.description == STRING
    input.Body.etag == STRING
    input.Body.name == STRING
    input.Body.parent == STRING
    input.Body.shortName == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.etag == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.getIamPolicy

valid {
    input.Body.options.requestedPolicyVersion == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.getNamespaced

valid {
    input.Qs.name == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.patch

valid {
    input.Body.description == STRING
    input.Body.etag == STRING
    input.Body.name == STRING
    input.Body.parent == STRING
    input.Body.shortName == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.tagHolds.create

valid {
    input.Body.helpLink == STRING
    input.Body.holder == STRING
    input.Body.origin == STRING
    input.ReqMap.parent == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.tagHolds.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.validateOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.tagHolds.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

cloudresourcemanager.tagValues.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}