SIGNER
AddProfilePermission
valid {
input.Body.profileVersion == STRING
input.Body.action == STRING
input.Body.principal == STRING
input.Body.revisionId == STRING
input.Body.statementId == STRING
input.ReqMap.profileName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CancelSigningProfile
valid {
input.ReqMap.profileName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeSigningJob
valid {
input.ReqMap.jobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRevocationStatus
valid {
input.Qs.signatureTimestamp == TIMESTAMP
input.Qs.platformId == STRING
input.Qs.profileVersionArn == STRING
input.Qs.jobArn == STRING
input.Qs.certificateHashes[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSigningPlatform
valid {
input.ReqMap.platformId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSigningProfile
valid {
input.ReqMap.profileName == STRING
input.Qs.profileOwner == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListProfilePermissions
valid {
input.ReqMap.profileName == STRING
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSigningJobs
enum_SigningStatus := [ "InProgress", "Failed", "Succeeded" ]
valid {
input.Qs.status == enum_SigningStatus[_]
input.Qs.platformId == STRING
input.Qs.requestedBy == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.Qs.isRevoked == BOOLEAN
input.Qs.signatureExpiresBefore == TIMESTAMP
input.Qs.signatureExpiresAfter == TIMESTAMP
input.Qs.jobInvoker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSigningPlatforms
valid {
input.Qs.category == STRING
input.Qs.partner == STRING
input.Qs.target == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSigningProfiles
enum_SigningProfileStatus := [ "Active", "Canceled", "Revoked" ]
valid {
input.Qs.includeCanceled == BOOLEAN
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.Qs.platformId == STRING
input.Qs.statuses[_] == enum_SigningProfileStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutSigningProfile
enum_EncryptionAlgorithm := [ "RSA", "ECDSA" ]
enum_HashAlgorithm := [ "SHA1", "SHA256" ]
enum_ImageFormat := [ "JSON", "JSONEmbedded", "JSONDetached" ]
enum_ValidityType := [ "DAYS", "MONTHS", "YEARS" ]
valid {
input.Body.signingMaterial.certificateArn == STRING
input.Body.signatureValidityPeriod.value == INTEGER
input.Body.signatureValidityPeriod.type == enum_ValidityType[_]
input.Body.platformId == STRING
input.Body.overrides.signingConfiguration.encryptionAlgorithm == enum_EncryptionAlgorithm[_]
input.Body.overrides.signingConfiguration.hashAlgorithm == enum_HashAlgorithm[_]
input.Body.overrides.signingImageFormat == enum_ImageFormat[_]
input.Body.signingParameters.STRING == STRING
input.Body.tags.STRING == STRING
input.ReqMap.profileName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveProfilePermission
valid {
input.ReqMap.profileName == STRING
input.ReqMap.statementId == STRING
input.Qs.revisionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RevokeSignature
valid {
input.Body.jobOwner == STRING
input.Body.reason == STRING
input.ReqMap.jobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RevokeSigningProfile
valid {
input.Body.profileVersion == STRING
input.Body.reason == STRING
input.Body.effectiveTime == TIMESTAMP
input.ReqMap.profileName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SignPayload
valid {
input.Body.profileName == STRING
input.Body.profileOwner == STRING
input.Body.payload == BLOB
input.Body.payloadFormat == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartSigningJob
valid {
input.Body.source.s3.bucketName == STRING
input.Body.source.s3.key == STRING
input.Body.source.s3.version == STRING
input.Body.destination.s3.bucketName == STRING
input.Body.destination.s3.prefix == STRING
input.Body.profileName == STRING
input.Body.clientRequestToken == STRING
input.Body.profileOwner == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 5 days ago