PRIVATECA
privateca.projects.locations.caPools.certificateAuthorities.activate
valid {
input.Body.pemCaCertificate == STRING
input.Body.requestId == STRING
input.Body.subordinateConfig.certificateAuthority == STRING
input.Body.subordinateConfig.pemIssuerChain.pemCertificates[_] == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.patch
valid {
input.Body.labels.STRING == STRING
input.ReqMap.name == STRING
input.Qs.requestId == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.create
enum_CertificateAuthorityType := [ "TYPE_UNSPECIFIED", "SELF_SIGNED", "SUBORDINATE" ]
enum_KeyVersionSpecAlgorithm := [ "SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384" ]
enum_PublicKeyFormat := [ "KEY_FORMAT_UNSPECIFIED", "PEM" ]
valid {
input.Body.config.publicKey.format == enum_PublicKeyFormat[_]
input.Body.config.publicKey.key == STRING
input.Body.config.subjectConfig.subject.commonName == STRING
input.Body.config.subjectConfig.subject.countryCode == STRING
input.Body.config.subjectConfig.subject.locality == STRING
input.Body.config.subjectConfig.subject.organization == STRING
input.Body.config.subjectConfig.subject.organizationalUnit == STRING
input.Body.config.subjectConfig.subject.postalCode == STRING
input.Body.config.subjectConfig.subject.province == STRING
input.Body.config.subjectConfig.subject.streetAddress == STRING
input.Body.config.subjectConfig.subjectAltName.customSans[_].critical == BOOLEAN
input.Body.config.subjectConfig.subjectAltName.customSans[_].objectId.objectIdPath[_] == INTEGER
input.Body.config.subjectConfig.subjectAltName.customSans[_].value == STRING
input.Body.config.subjectConfig.subjectAltName.dnsNames[_] == STRING
input.Body.config.subjectConfig.subjectAltName.emailAddresses[_] == STRING
input.Body.config.subjectConfig.subjectAltName.ipAddresses[_] == STRING
input.Body.config.subjectConfig.subjectAltName.uris[_] == STRING
input.Body.config.subjectKeyId.keyId == STRING
input.Body.config.x509Config.additionalExtensions[_].critical == BOOLEAN
input.Body.config.x509Config.additionalExtensions[_].objectId.objectIdPath[_] == INTEGER
input.Body.config.x509Config.additionalExtensions[_].value == STRING
input.Body.config.x509Config.aiaOcspServers[_] == STRING
input.Body.config.x509Config.caOptions.isCa == BOOLEAN
input.Body.config.x509Config.caOptions.maxIssuerPathLength == INTEGER
input.Body.config.x509Config.keyUsage.baseKeyUsage.certSign == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.contentCommitment == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.crlSign == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.dataEncipherment == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.decipherOnly == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.digitalSignature == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.encipherOnly == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.keyAgreement == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.keyEncipherment == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.clientAuth == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.codeSigning == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.emailProtection == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.ocspSigning == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.serverAuth == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.timeStamping == BOOLEAN
input.Body.config.x509Config.keyUsage.unknownExtendedKeyUsages[_].objectIdPath[_] == INTEGER
input.Body.config.x509Config.nameConstraints.critical == BOOLEAN
input.Body.config.x509Config.nameConstraints.excludedDnsNames[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedEmailAddresses[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedIpRanges[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedUris[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedDnsNames[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedEmailAddresses[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedIpRanges[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedUris[_] == STRING
input.Body.config.x509Config.policyIds[_].objectIdPath[_] == INTEGER
input.Body.gcsBucket == STRING
input.Body.keySpec.algorithm == enum_KeyVersionSpecAlgorithm[_]
input.Body.keySpec.cloudKmsKeyVersion == STRING
input.Body.labels.STRING == STRING
input.Body.lifetime == STRING
input.Body.subordinateConfig.certificateAuthority == STRING
input.Body.subordinateConfig.pemIssuerChain.pemCertificates[_] == STRING
input.Body.type == enum_CertificateAuthorityType[_]
input.ReqMap.parent == STRING
input.Qs.certificateAuthorityId == STRING
input.Qs.requestId == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.delete
valid {
input.ReqMap.name == STRING
input.Qs.ignoreActiveCertificates == BOOLEAN
input.Qs.ignoreDependentResources == BOOLEAN
input.Qs.requestId == STRING
input.Qs.skipGracePeriod == BOOLEAN
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.disable
valid {
input.Body.ignoreDependentResources == BOOLEAN
input.Body.requestId == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.enable
valid {
input.Body.requestId == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.fetch
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.patch
enum_CertificateAuthorityType := [ "TYPE_UNSPECIFIED", "SELF_SIGNED", "SUBORDINATE" ]
enum_KeyVersionSpecAlgorithm := [ "SIGN_HASH_ALGORITHM_UNSPECIFIED", "RSA_PSS_2048_SHA256", "RSA_PSS_3072_SHA256", "RSA_PSS_4096_SHA256", "RSA_PKCS1_2048_SHA256", "RSA_PKCS1_3072_SHA256", "RSA_PKCS1_4096_SHA256", "EC_P256_SHA256", "EC_P384_SHA384" ]
enum_PublicKeyFormat := [ "KEY_FORMAT_UNSPECIFIED", "PEM" ]
valid {
input.Body.config.publicKey.format == enum_PublicKeyFormat[_]
input.Body.config.publicKey.key == STRING
input.Body.config.subjectConfig.subject.commonName == STRING
input.Body.config.subjectConfig.subject.countryCode == STRING
input.Body.config.subjectConfig.subject.locality == STRING
input.Body.config.subjectConfig.subject.organization == STRING
input.Body.config.subjectConfig.subject.organizationalUnit == STRING
input.Body.config.subjectConfig.subject.postalCode == STRING
input.Body.config.subjectConfig.subject.province == STRING
input.Body.config.subjectConfig.subject.streetAddress == STRING
input.Body.config.subjectConfig.subjectAltName.customSans[_].critical == BOOLEAN
input.Body.config.subjectConfig.subjectAltName.customSans[_].objectId.objectIdPath[_] == INTEGER
input.Body.config.subjectConfig.subjectAltName.customSans[_].value == STRING
input.Body.config.subjectConfig.subjectAltName.dnsNames[_] == STRING
input.Body.config.subjectConfig.subjectAltName.emailAddresses[_] == STRING
input.Body.config.subjectConfig.subjectAltName.ipAddresses[_] == STRING
input.Body.config.subjectConfig.subjectAltName.uris[_] == STRING
input.Body.config.subjectKeyId.keyId == STRING
input.Body.config.x509Config.additionalExtensions[_].critical == BOOLEAN
input.Body.config.x509Config.additionalExtensions[_].objectId.objectIdPath[_] == INTEGER
input.Body.config.x509Config.additionalExtensions[_].value == STRING
input.Body.config.x509Config.aiaOcspServers[_] == STRING
input.Body.config.x509Config.caOptions.isCa == BOOLEAN
input.Body.config.x509Config.caOptions.maxIssuerPathLength == INTEGER
input.Body.config.x509Config.keyUsage.baseKeyUsage.certSign == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.contentCommitment == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.crlSign == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.dataEncipherment == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.decipherOnly == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.digitalSignature == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.encipherOnly == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.keyAgreement == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.keyEncipherment == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.clientAuth == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.codeSigning == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.emailProtection == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.ocspSigning == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.serverAuth == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.timeStamping == BOOLEAN
input.Body.config.x509Config.keyUsage.unknownExtendedKeyUsages[_].objectIdPath[_] == INTEGER
input.Body.config.x509Config.nameConstraints.critical == BOOLEAN
input.Body.config.x509Config.nameConstraints.excludedDnsNames[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedEmailAddresses[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedIpRanges[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedUris[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedDnsNames[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedEmailAddresses[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedIpRanges[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedUris[_] == STRING
input.Body.config.x509Config.policyIds[_].objectIdPath[_] == INTEGER
input.Body.gcsBucket == STRING
input.Body.keySpec.algorithm == enum_KeyVersionSpecAlgorithm[_]
input.Body.keySpec.cloudKmsKeyVersion == STRING
input.Body.labels.STRING == STRING
input.Body.lifetime == STRING
input.Body.subordinateConfig.certificateAuthority == STRING
input.Body.subordinateConfig.pemIssuerChain.pemCertificates[_] == STRING
input.Body.type == enum_CertificateAuthorityType[_]
input.ReqMap.name == STRING
input.Qs.requestId == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificateAuthorities.undelete
valid {
input.Body.requestId == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificates.create
enum_CertificateSubjectMode := [ "SUBJECT_REQUEST_MODE_UNSPECIFIED", "DEFAULT", "REFLECTED_SPIFFE" ]
enum_PublicKeyFormat := [ "KEY_FORMAT_UNSPECIFIED", "PEM" ]
valid {
input.Body.certificateTemplate == STRING
input.Body.config.publicKey.format == enum_PublicKeyFormat[_]
input.Body.config.publicKey.key == STRING
input.Body.config.subjectConfig.subject.commonName == STRING
input.Body.config.subjectConfig.subject.countryCode == STRING
input.Body.config.subjectConfig.subject.locality == STRING
input.Body.config.subjectConfig.subject.organization == STRING
input.Body.config.subjectConfig.subject.organizationalUnit == STRING
input.Body.config.subjectConfig.subject.postalCode == STRING
input.Body.config.subjectConfig.subject.province == STRING
input.Body.config.subjectConfig.subject.streetAddress == STRING
input.Body.config.subjectConfig.subjectAltName.customSans[_].critical == BOOLEAN
input.Body.config.subjectConfig.subjectAltName.customSans[_].objectId.objectIdPath[_] == INTEGER
input.Body.config.subjectConfig.subjectAltName.customSans[_].value == STRING
input.Body.config.subjectConfig.subjectAltName.dnsNames[_] == STRING
input.Body.config.subjectConfig.subjectAltName.emailAddresses[_] == STRING
input.Body.config.subjectConfig.subjectAltName.ipAddresses[_] == STRING
input.Body.config.subjectConfig.subjectAltName.uris[_] == STRING
input.Body.config.subjectKeyId.keyId == STRING
input.Body.config.x509Config.additionalExtensions[_].critical == BOOLEAN
input.Body.config.x509Config.additionalExtensions[_].objectId.objectIdPath[_] == INTEGER
input.Body.config.x509Config.additionalExtensions[_].value == STRING
input.Body.config.x509Config.aiaOcspServers[_] == STRING
input.Body.config.x509Config.caOptions.isCa == BOOLEAN
input.Body.config.x509Config.caOptions.maxIssuerPathLength == INTEGER
input.Body.config.x509Config.keyUsage.baseKeyUsage.certSign == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.contentCommitment == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.crlSign == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.dataEncipherment == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.decipherOnly == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.digitalSignature == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.encipherOnly == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.keyAgreement == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.keyEncipherment == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.clientAuth == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.codeSigning == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.emailProtection == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.ocspSigning == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.serverAuth == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.timeStamping == BOOLEAN
input.Body.config.x509Config.keyUsage.unknownExtendedKeyUsages[_].objectIdPath[_] == INTEGER
input.Body.config.x509Config.nameConstraints.critical == BOOLEAN
input.Body.config.x509Config.nameConstraints.excludedDnsNames[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedEmailAddresses[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedIpRanges[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedUris[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedDnsNames[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedEmailAddresses[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedIpRanges[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedUris[_] == STRING
input.Body.config.x509Config.policyIds[_].objectIdPath[_] == INTEGER
input.Body.labels.STRING == STRING
input.Body.lifetime == STRING
input.Body.pemCsr == STRING
input.Body.subjectMode == enum_CertificateSubjectMode[_]
input.ReqMap.parent == STRING
input.Qs.certificateId == STRING
input.Qs.issuingCertificateAuthorityId == STRING
input.Qs.requestId == STRING
input.Qs.validateOnly == BOOLEAN
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificates.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificates.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificates.patch
enum_CertificateSubjectMode := [ "SUBJECT_REQUEST_MODE_UNSPECIFIED", "DEFAULT", "REFLECTED_SPIFFE" ]
enum_PublicKeyFormat := [ "KEY_FORMAT_UNSPECIFIED", "PEM" ]
valid {
input.Body.certificateTemplate == STRING
input.Body.config.publicKey.format == enum_PublicKeyFormat[_]
input.Body.config.publicKey.key == STRING
input.Body.config.subjectConfig.subject.commonName == STRING
input.Body.config.subjectConfig.subject.countryCode == STRING
input.Body.config.subjectConfig.subject.locality == STRING
input.Body.config.subjectConfig.subject.organization == STRING
input.Body.config.subjectConfig.subject.organizationalUnit == STRING
input.Body.config.subjectConfig.subject.postalCode == STRING
input.Body.config.subjectConfig.subject.province == STRING
input.Body.config.subjectConfig.subject.streetAddress == STRING
input.Body.config.subjectConfig.subjectAltName.customSans[_].critical == BOOLEAN
input.Body.config.subjectConfig.subjectAltName.customSans[_].objectId.objectIdPath[_] == INTEGER
input.Body.config.subjectConfig.subjectAltName.customSans[_].value == STRING
input.Body.config.subjectConfig.subjectAltName.dnsNames[_] == STRING
input.Body.config.subjectConfig.subjectAltName.emailAddresses[_] == STRING
input.Body.config.subjectConfig.subjectAltName.ipAddresses[_] == STRING
input.Body.config.subjectConfig.subjectAltName.uris[_] == STRING
input.Body.config.subjectKeyId.keyId == STRING
input.Body.config.x509Config.additionalExtensions[_].critical == BOOLEAN
input.Body.config.x509Config.additionalExtensions[_].objectId.objectIdPath[_] == INTEGER
input.Body.config.x509Config.additionalExtensions[_].value == STRING
input.Body.config.x509Config.aiaOcspServers[_] == STRING
input.Body.config.x509Config.caOptions.isCa == BOOLEAN
input.Body.config.x509Config.caOptions.maxIssuerPathLength == INTEGER
input.Body.config.x509Config.keyUsage.baseKeyUsage.certSign == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.contentCommitment == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.crlSign == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.dataEncipherment == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.decipherOnly == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.digitalSignature == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.encipherOnly == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.keyAgreement == BOOLEAN
input.Body.config.x509Config.keyUsage.baseKeyUsage.keyEncipherment == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.clientAuth == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.codeSigning == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.emailProtection == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.ocspSigning == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.serverAuth == BOOLEAN
input.Body.config.x509Config.keyUsage.extendedKeyUsage.timeStamping == BOOLEAN
input.Body.config.x509Config.keyUsage.unknownExtendedKeyUsages[_].objectIdPath[_] == INTEGER
input.Body.config.x509Config.nameConstraints.critical == BOOLEAN
input.Body.config.x509Config.nameConstraints.excludedDnsNames[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedEmailAddresses[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedIpRanges[_] == STRING
input.Body.config.x509Config.nameConstraints.excludedUris[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedDnsNames[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedEmailAddresses[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedIpRanges[_] == STRING
input.Body.config.x509Config.nameConstraints.permittedUris[_] == STRING
input.Body.config.x509Config.policyIds[_].objectIdPath[_] == INTEGER
input.Body.labels.STRING == STRING
input.Body.lifetime == STRING
input.Body.pemCsr == STRING
input.Body.subjectMode == enum_CertificateSubjectMode[_]
input.ReqMap.name == STRING
input.Qs.requestId == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.certificates.revoke
enum_RevokeCertificateRequestReason := [ "REVOCATION_REASON_UNSPECIFIED", "KEY_COMPROMISE", "CERTIFICATE_AUTHORITY_COMPROMISE", "AFFILIATION_CHANGED", "SUPERSEDED", "CESSATION_OF_OPERATION", "CERTIFICATE_HOLD", "PRIVILEGE_WITHDRAWN", "ATTRIBUTE_AUTHORITY_COMPROMISE" ]
valid {
input.Body.reason == enum_RevokeCertificateRequestReason[_]
input.Body.requestId == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.create
enum_CaPoolTier := [ "TIER_UNSPECIFIED", "ENTERPRISE", "DEVOPS" ]
enum_CertificateExtensionConstraintsKnownExtensions := [ "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED", "BASE_KEY_USAGE", "EXTENDED_KEY_USAGE", "CA_OPTIONS", "POLICY_IDS", "AIA_OCSP_SERVERS", "NAME_CONSTRAINTS" ]
enum_EcKeyTypeSignatureAlgorithm := [ "EC_SIGNATURE_ALGORITHM_UNSPECIFIED", "ECDSA_P256", "ECDSA_P384", "EDDSA_25519" ]
enum_PublishingOptionsEncodingFormat := [ "ENCODING_FORMAT_UNSPECIFIED", "PEM", "DER" ]
valid {
input.Body.issuancePolicy.allowedIssuanceModes.allowConfigBasedIssuance == BOOLEAN
input.Body.issuancePolicy.allowedIssuanceModes.allowCsrBasedIssuance == BOOLEAN
input.Body.issuancePolicy.allowedKeyTypes[_].ellipticCurve.signatureAlgorithm == enum_EcKeyTypeSignatureAlgorithm[_]
input.Body.issuancePolicy.allowedKeyTypes[_].rsa.maxModulusSize == STRING
input.Body.issuancePolicy.allowedKeyTypes[_].rsa.minModulusSize == STRING
input.Body.issuancePolicy.baselineValues.additionalExtensions[_].critical == BOOLEAN
input.Body.issuancePolicy.baselineValues.additionalExtensions[_].objectId.objectIdPath[_] == INTEGER
input.Body.issuancePolicy.baselineValues.additionalExtensions[_].value == STRING
input.Body.issuancePolicy.baselineValues.aiaOcspServers[_] == STRING
input.Body.issuancePolicy.baselineValues.caOptions.isCa == BOOLEAN
input.Body.issuancePolicy.baselineValues.caOptions.maxIssuerPathLength == INTEGER
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.certSign == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.contentCommitment == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.crlSign == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.dataEncipherment == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.decipherOnly == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.digitalSignature == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.encipherOnly == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.keyAgreement == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.keyEncipherment == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.clientAuth == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.codeSigning == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.emailProtection == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.ocspSigning == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.serverAuth == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.timeStamping == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages[_].objectIdPath[_] == INTEGER
input.Body.issuancePolicy.baselineValues.nameConstraints.critical == BOOLEAN
input.Body.issuancePolicy.baselineValues.nameConstraints.excludedDnsNames[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.excludedEmailAddresses[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.excludedIpRanges[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.excludedUris[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.permittedDnsNames[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.permittedEmailAddresses[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.permittedIpRanges[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.permittedUris[_] == STRING
input.Body.issuancePolicy.baselineValues.policyIds[_].objectIdPath[_] == INTEGER
input.Body.issuancePolicy.identityConstraints.allowSubjectAltNamesPassthrough == BOOLEAN
input.Body.issuancePolicy.identityConstraints.allowSubjectPassthrough == BOOLEAN
input.Body.issuancePolicy.identityConstraints.celExpression.description == STRING
input.Body.issuancePolicy.identityConstraints.celExpression.expression == STRING
input.Body.issuancePolicy.identityConstraints.celExpression.location == STRING
input.Body.issuancePolicy.identityConstraints.celExpression.title == STRING
input.Body.issuancePolicy.maximumLifetime == STRING
input.Body.issuancePolicy.passthroughExtensions.additionalExtensions[_].objectIdPath[_] == INTEGER
input.Body.issuancePolicy.passthroughExtensions.knownExtensions[_] == enum_CertificateExtensionConstraintsKnownExtensions[_]
input.Body.labels.STRING == STRING
input.Body.publishingOptions.encodingFormat == enum_PublishingOptionsEncodingFormat[_]
input.Body.publishingOptions.publishCaCert == BOOLEAN
input.Body.publishingOptions.publishCrl == BOOLEAN
input.Body.tier == enum_CaPoolTier[_]
input.ReqMap.parent == STRING
input.Qs.caPoolId == STRING
input.Qs.requestId == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.delete
valid {
input.ReqMap.name == STRING
input.Qs.ignoreDependentResources == BOOLEAN
input.Qs.requestId == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.fetchCaCerts
valid {
input.Body.requestId == STRING
input.ReqMap.caPool == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.patch
enum_CaPoolTier := [ "TIER_UNSPECIFIED", "ENTERPRISE", "DEVOPS" ]
enum_CertificateExtensionConstraintsKnownExtensions := [ "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED", "BASE_KEY_USAGE", "EXTENDED_KEY_USAGE", "CA_OPTIONS", "POLICY_IDS", "AIA_OCSP_SERVERS", "NAME_CONSTRAINTS" ]
enum_EcKeyTypeSignatureAlgorithm := [ "EC_SIGNATURE_ALGORITHM_UNSPECIFIED", "ECDSA_P256", "ECDSA_P384", "EDDSA_25519" ]
enum_PublishingOptionsEncodingFormat := [ "ENCODING_FORMAT_UNSPECIFIED", "PEM", "DER" ]
valid {
input.Body.issuancePolicy.allowedIssuanceModes.allowConfigBasedIssuance == BOOLEAN
input.Body.issuancePolicy.allowedIssuanceModes.allowCsrBasedIssuance == BOOLEAN
input.Body.issuancePolicy.allowedKeyTypes[_].ellipticCurve.signatureAlgorithm == enum_EcKeyTypeSignatureAlgorithm[_]
input.Body.issuancePolicy.allowedKeyTypes[_].rsa.maxModulusSize == STRING
input.Body.issuancePolicy.allowedKeyTypes[_].rsa.minModulusSize == STRING
input.Body.issuancePolicy.baselineValues.additionalExtensions[_].critical == BOOLEAN
input.Body.issuancePolicy.baselineValues.additionalExtensions[_].objectId.objectIdPath[_] == INTEGER
input.Body.issuancePolicy.baselineValues.additionalExtensions[_].value == STRING
input.Body.issuancePolicy.baselineValues.aiaOcspServers[_] == STRING
input.Body.issuancePolicy.baselineValues.caOptions.isCa == BOOLEAN
input.Body.issuancePolicy.baselineValues.caOptions.maxIssuerPathLength == INTEGER
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.certSign == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.contentCommitment == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.crlSign == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.dataEncipherment == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.decipherOnly == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.digitalSignature == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.encipherOnly == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.keyAgreement == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.baseKeyUsage.keyEncipherment == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.clientAuth == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.codeSigning == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.emailProtection == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.ocspSigning == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.serverAuth == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.extendedKeyUsage.timeStamping == BOOLEAN
input.Body.issuancePolicy.baselineValues.keyUsage.unknownExtendedKeyUsages[_].objectIdPath[_] == INTEGER
input.Body.issuancePolicy.baselineValues.nameConstraints.critical == BOOLEAN
input.Body.issuancePolicy.baselineValues.nameConstraints.excludedDnsNames[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.excludedEmailAddresses[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.excludedIpRanges[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.excludedUris[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.permittedDnsNames[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.permittedEmailAddresses[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.permittedIpRanges[_] == STRING
input.Body.issuancePolicy.baselineValues.nameConstraints.permittedUris[_] == STRING
input.Body.issuancePolicy.baselineValues.policyIds[_].objectIdPath[_] == INTEGER
input.Body.issuancePolicy.identityConstraints.allowSubjectAltNamesPassthrough == BOOLEAN
input.Body.issuancePolicy.identityConstraints.allowSubjectPassthrough == BOOLEAN
input.Body.issuancePolicy.identityConstraints.celExpression.description == STRING
input.Body.issuancePolicy.identityConstraints.celExpression.expression == STRING
input.Body.issuancePolicy.identityConstraints.celExpression.location == STRING
input.Body.issuancePolicy.identityConstraints.celExpression.title == STRING
input.Body.issuancePolicy.maximumLifetime == STRING
input.Body.issuancePolicy.passthroughExtensions.additionalExtensions[_].objectIdPath[_] == INTEGER
input.Body.issuancePolicy.passthroughExtensions.knownExtensions[_] == enum_CertificateExtensionConstraintsKnownExtensions[_]
input.Body.labels.STRING == STRING
input.Body.publishingOptions.encodingFormat == enum_PublishingOptionsEncodingFormat[_]
input.Body.publishingOptions.publishCaCert == BOOLEAN
input.Body.publishingOptions.publishCrl == BOOLEAN
input.Body.tier == enum_CaPoolTier[_]
input.ReqMap.name == STRING
input.Qs.requestId == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.caPools.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateAuthorities.certificateRevocationLists.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateAuthorities.certificateRevocationLists.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateAuthorities.certificateRevocationLists.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateAuthorities.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateAuthorities.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateAuthorities.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateTemplates.create
enum_CertificateExtensionConstraintsKnownExtensions := [ "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED", "BASE_KEY_USAGE", "EXTENDED_KEY_USAGE", "CA_OPTIONS", "POLICY_IDS", "AIA_OCSP_SERVERS", "NAME_CONSTRAINTS" ]
valid {
input.Body.description == STRING
input.Body.identityConstraints.allowSubjectAltNamesPassthrough == BOOLEAN
input.Body.identityConstraints.allowSubjectPassthrough == BOOLEAN
input.Body.identityConstraints.celExpression.description == STRING
input.Body.identityConstraints.celExpression.expression == STRING
input.Body.identityConstraints.celExpression.location == STRING
input.Body.identityConstraints.celExpression.title == STRING
input.Body.labels.STRING == STRING
input.Body.maximumLifetime == STRING
input.Body.passthroughExtensions.additionalExtensions[_].objectIdPath[_] == INTEGER
input.Body.passthroughExtensions.knownExtensions[_] == enum_CertificateExtensionConstraintsKnownExtensions[_]
input.Body.predefinedValues.additionalExtensions[_].critical == BOOLEAN
input.Body.predefinedValues.additionalExtensions[_].objectId.objectIdPath[_] == INTEGER
input.Body.predefinedValues.additionalExtensions[_].value == STRING
input.Body.predefinedValues.aiaOcspServers[_] == STRING
input.Body.predefinedValues.caOptions.isCa == BOOLEAN
input.Body.predefinedValues.caOptions.maxIssuerPathLength == INTEGER
input.Body.predefinedValues.keyUsage.baseKeyUsage.certSign == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.contentCommitment == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.crlSign == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.dataEncipherment == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.decipherOnly == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.digitalSignature == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.encipherOnly == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.keyAgreement == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.keyEncipherment == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.clientAuth == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.codeSigning == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.emailProtection == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.ocspSigning == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.serverAuth == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.timeStamping == BOOLEAN
input.Body.predefinedValues.keyUsage.unknownExtendedKeyUsages[_].objectIdPath[_] == INTEGER
input.Body.predefinedValues.nameConstraints.critical == BOOLEAN
input.Body.predefinedValues.nameConstraints.excludedDnsNames[_] == STRING
input.Body.predefinedValues.nameConstraints.excludedEmailAddresses[_] == STRING
input.Body.predefinedValues.nameConstraints.excludedIpRanges[_] == STRING
input.Body.predefinedValues.nameConstraints.excludedUris[_] == STRING
input.Body.predefinedValues.nameConstraints.permittedDnsNames[_] == STRING
input.Body.predefinedValues.nameConstraints.permittedEmailAddresses[_] == STRING
input.Body.predefinedValues.nameConstraints.permittedIpRanges[_] == STRING
input.Body.predefinedValues.nameConstraints.permittedUris[_] == STRING
input.Body.predefinedValues.policyIds[_].objectIdPath[_] == INTEGER
input.ReqMap.parent == STRING
input.Qs.certificateTemplateId == STRING
input.Qs.requestId == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateTemplates.delete
valid {
input.ReqMap.name == STRING
input.Qs.requestId == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateTemplates.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateTemplates.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateTemplates.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateTemplates.patch
enum_CertificateExtensionConstraintsKnownExtensions := [ "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED", "BASE_KEY_USAGE", "EXTENDED_KEY_USAGE", "CA_OPTIONS", "POLICY_IDS", "AIA_OCSP_SERVERS", "NAME_CONSTRAINTS" ]
valid {
input.Body.description == STRING
input.Body.identityConstraints.allowSubjectAltNamesPassthrough == BOOLEAN
input.Body.identityConstraints.allowSubjectPassthrough == BOOLEAN
input.Body.identityConstraints.celExpression.description == STRING
input.Body.identityConstraints.celExpression.expression == STRING
input.Body.identityConstraints.celExpression.location == STRING
input.Body.identityConstraints.celExpression.title == STRING
input.Body.labels.STRING == STRING
input.Body.maximumLifetime == STRING
input.Body.passthroughExtensions.additionalExtensions[_].objectIdPath[_] == INTEGER
input.Body.passthroughExtensions.knownExtensions[_] == enum_CertificateExtensionConstraintsKnownExtensions[_]
input.Body.predefinedValues.additionalExtensions[_].critical == BOOLEAN
input.Body.predefinedValues.additionalExtensions[_].objectId.objectIdPath[_] == INTEGER
input.Body.predefinedValues.additionalExtensions[_].value == STRING
input.Body.predefinedValues.aiaOcspServers[_] == STRING
input.Body.predefinedValues.caOptions.isCa == BOOLEAN
input.Body.predefinedValues.caOptions.maxIssuerPathLength == INTEGER
input.Body.predefinedValues.keyUsage.baseKeyUsage.certSign == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.contentCommitment == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.crlSign == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.dataEncipherment == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.decipherOnly == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.digitalSignature == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.encipherOnly == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.keyAgreement == BOOLEAN
input.Body.predefinedValues.keyUsage.baseKeyUsage.keyEncipherment == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.clientAuth == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.codeSigning == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.emailProtection == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.ocspSigning == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.serverAuth == BOOLEAN
input.Body.predefinedValues.keyUsage.extendedKeyUsage.timeStamping == BOOLEAN
input.Body.predefinedValues.keyUsage.unknownExtendedKeyUsages[_].objectIdPath[_] == INTEGER
input.Body.predefinedValues.nameConstraints.critical == BOOLEAN
input.Body.predefinedValues.nameConstraints.excludedDnsNames[_] == STRING
input.Body.predefinedValues.nameConstraints.excludedEmailAddresses[_] == STRING
input.Body.predefinedValues.nameConstraints.excludedIpRanges[_] == STRING
input.Body.predefinedValues.nameConstraints.excludedUris[_] == STRING
input.Body.predefinedValues.nameConstraints.permittedDnsNames[_] == STRING
input.Body.predefinedValues.nameConstraints.permittedEmailAddresses[_] == STRING
input.Body.predefinedValues.nameConstraints.permittedIpRanges[_] == STRING
input.Body.predefinedValues.nameConstraints.permittedUris[_] == STRING
input.Body.predefinedValues.policyIds[_].objectIdPath[_] == INTEGER
input.ReqMap.name == STRING
input.Qs.requestId == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateTemplates.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.certificateTemplates.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.list
valid {
input.ReqMap.name == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.operations.cancel
valid {
input.Body.STRING == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.operations.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.operations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.operations.list
valid {
input.ReqMap.name == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.reusableConfigs.getIamPolicy
valid {
input.ReqMap.resource == STRING
input.Qs.options.requestedPolicyVersion == INTEGER
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.reusableConfigs.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
privateca.projects.locations.reusableConfigs.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
Updated 6 days ago