IAP
iap.getIamPolicy
valid {
input.Body.options.requestedPolicyVersion == INTEGER
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
iap.getIapSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.brands.create
valid {
input.Body.applicationTitle == STRING
input.Body.supportEmail == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.brands.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.brands.identityAwareProxyClients.create
valid {
input.Body.displayName == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.brands.identityAwareProxyClients.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.brands.identityAwareProxyClients.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.brands.identityAwareProxyClients.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.brands.identityAwareProxyClients.resetSecret
valid {
input.Body.STRING == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.brands.list
valid {
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.iap_tunnel.locations.destGroups.create
valid {
input.Body.cidrs[_] == STRING
input.Body.fqdns[_] == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.Qs.tunnelDestGroupId == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.iap_tunnel.locations.destGroups.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.iap_tunnel.locations.destGroups.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.iap_tunnel.locations.destGroups.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
iap.projects.iap_tunnel.locations.destGroups.patch
valid {
input.Body.cidrs[_] == STRING
input.Body.fqdns[_] == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
iap.setIamPolicy
valid {
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
iap.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
iap.updateIapSettings
enum_AccessSettingsIdentitySources := [ "IDENTITY_SOURCE_UNSPECIFIED", "WORKFORCE_IDENTITY_FEDERATION" ]
enum_AttributePropagationSettingsOutputCredentials := [ "OUTPUT_CREDENTIALS_UNSPECIFIED", "HEADER", "JWT", "RCTOKEN" ]
enum_ReauthSettingsMethod := [ "METHOD_UNSPECIFIED", "LOGIN", "PASSWORD", "SECURE_KEY", "ENROLLED_SECOND_FACTORS" ]
enum_ReauthSettingsPolicyType := [ "POLICY_TYPE_UNSPECIFIED", "MINIMUM", "DEFAULT" ]
valid {
input.Body.accessSettings.allowedDomainsSettings.domains[_] == STRING
input.Body.accessSettings.allowedDomainsSettings.enable == BOOLEAN
input.Body.accessSettings.corsSettings.allowHttpOptions == BOOLEAN
input.Body.accessSettings.gcipSettings.loginPageUri == STRING
input.Body.accessSettings.gcipSettings.tenantIds[_] == STRING
input.Body.accessSettings.identitySources[_] == enum_AccessSettingsIdentitySources[_]
input.Body.accessSettings.oauthSettings.loginHint == STRING
input.Body.accessSettings.oauthSettings.programmaticClients[_] == STRING
input.Body.accessSettings.policyDelegationSettings.iamPermission == STRING
input.Body.accessSettings.policyDelegationSettings.iamServiceName == STRING
input.Body.accessSettings.policyDelegationSettings.policyName.id == STRING
input.Body.accessSettings.policyDelegationSettings.policyName.region == STRING
input.Body.accessSettings.policyDelegationSettings.policyName.type == STRING
input.Body.accessSettings.policyDelegationSettings.resource.expectedNextState.STRING == ANY
input.Body.accessSettings.policyDelegationSettings.resource.labels.STRING == STRING
input.Body.accessSettings.policyDelegationSettings.resource.name == STRING
input.Body.accessSettings.policyDelegationSettings.resource.nextStateOfTags.tagsFullState.tags.STRING == STRING
input.Body.accessSettings.policyDelegationSettings.resource.nextStateOfTags.tagsFullStateForChildResource.tags.STRING == STRING
input.Body.accessSettings.policyDelegationSettings.resource.nextStateOfTags.tagsPartialState.tagKeysToRemove[_] == STRING
input.Body.accessSettings.policyDelegationSettings.resource.nextStateOfTags.tagsPartialState.tagsToUpsert.STRING == STRING
input.Body.accessSettings.policyDelegationSettings.resource.service == STRING
input.Body.accessSettings.policyDelegationSettings.resource.type == STRING
input.Body.accessSettings.reauthSettings.maxAge == STRING
input.Body.accessSettings.reauthSettings.method == enum_ReauthSettingsMethod[_]
input.Body.accessSettings.reauthSettings.policyType == enum_ReauthSettingsPolicyType[_]
input.Body.accessSettings.workforceIdentitySettings.oauth2.clientId == STRING
input.Body.accessSettings.workforceIdentitySettings.oauth2.clientSecret == STRING
input.Body.accessSettings.workforceIdentitySettings.workforcePools[_] == STRING
input.Body.applicationSettings.accessDeniedPageSettings.accessDeniedPageUri == STRING
input.Body.applicationSettings.accessDeniedPageSettings.generateTroubleshootingUri == BOOLEAN
input.Body.applicationSettings.accessDeniedPageSettings.remediationTokenGenerationEnabled == BOOLEAN
input.Body.applicationSettings.attributePropagationSettings.enable == BOOLEAN
input.Body.applicationSettings.attributePropagationSettings.expression == STRING
input.Body.applicationSettings.attributePropagationSettings.outputCredentials[_] == enum_AttributePropagationSettingsOutputCredentials[_]
input.Body.applicationSettings.cookieDomain == STRING
input.Body.applicationSettings.csmSettings.rctokenAud == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
iap.validateAttributeExpression
valid {
input.ReqMap.name == STRING
input.Qs.expression == STRING
input.ProviderMetadata.Region == STRING
}
Updated about 2 months ago