storage.anywhereCaches.disable

valid {
    input.ReqMap.anywhereCacheId == STRING
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.anywhereCaches.get

valid {
    input.ReqMap.anywhereCacheId == STRING
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.anywhereCaches.insert

valid {
    input.Body.admissionPolicy == STRING
    input.Body.anywhereCacheId == STRING
    input.Body.bucket == STRING
    input.Body.createTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.pendingUpdate == BOOLEAN
    input.Body.selfLink == STRING
    input.Body.state == STRING
    input.Body.ttl == STRING
    input.Body.updateTime == STRING
    input.Body.zone == STRING
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.anywhereCaches.list

valid {
    input.ReqMap.bucket == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

storage.anywhereCaches.pause

valid {
    input.ReqMap.anywhereCacheId == STRING
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.anywhereCaches.resume

valid {
    input.ReqMap.anywhereCacheId == STRING
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.anywhereCaches.update

valid {
    input.Body.admissionPolicy == STRING
    input.Body.anywhereCacheId == STRING
    input.Body.bucket == STRING
    input.Body.createTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.pendingUpdate == BOOLEAN
    input.Body.selfLink == STRING
    input.Body.state == STRING
    input.Body.ttl == STRING
    input.Body.updateTime == STRING
    input.Body.zone == STRING
    input.ReqMap.anywhereCacheId == STRING
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.bucketAccessControls.delete

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.bucketAccessControls.get

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.bucketAccessControls.insert

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.bucketAccessControls.list

valid {
    input.ReqMap.bucket == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.bucketAccessControls.patch

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.bucketAccessControls.update

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.delete

valid {
    input.ReqMap.bucket == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.get

enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.ReqMap.bucket == STRING
    input.Qs.generation == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.softDeleted == BOOLEAN
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.getIamPolicy

valid {
    input.ReqMap.bucket == STRING
    input.Qs.optionsRequestedPolicyVersion == INTEGER
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.getStorageLayout

valid {
    input.ReqMap.bucket == STRING
    input.Qs.prefix == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.insert

enum_PredefinedAclParameter := [ "authenticatedRead", "private", "projectPrivate", "publicRead", "publicReadWrite" ]
enum_PredefinedDefaultObjectAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]
enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.acl[_].bucket == STRING
    input.Body.acl[_].domain == STRING
    input.Body.acl[_].email == STRING
    input.Body.acl[_].entity == STRING
    input.Body.acl[_].entityId == STRING
    input.Body.acl[_].etag == STRING
    input.Body.acl[_].id == STRING
    input.Body.acl[_].kind == STRING
    input.Body.acl[_].projectTeam.projectNumber == STRING
    input.Body.acl[_].projectTeam.team == STRING
    input.Body.acl[_].role == STRING
    input.Body.acl[_].selfLink == STRING
    input.Body.autoclass.enabled == BOOLEAN
    input.Body.autoclass.terminalStorageClass == STRING
    input.Body.autoclass.terminalStorageClassUpdateTime == STRING
    input.Body.autoclass.toggleTime == STRING
    input.Body.billing.requesterPays == BOOLEAN
    input.Body.cors[_].maxAgeSeconds == INTEGER
    input.Body.cors[_].method[_] == STRING
    input.Body.cors[_].origin[_] == STRING
    input.Body.cors[_].responseHeader[_] == STRING
    input.Body.customPlacementConfig.dataLocations[_] == STRING
    input.Body.defaultEventBasedHold == BOOLEAN
    input.Body.defaultObjectAcl[_].bucket == STRING
    input.Body.defaultObjectAcl[_].domain == STRING
    input.Body.defaultObjectAcl[_].email == STRING
    input.Body.defaultObjectAcl[_].entity == STRING
    input.Body.defaultObjectAcl[_].entityId == STRING
    input.Body.defaultObjectAcl[_].etag == STRING
    input.Body.defaultObjectAcl[_].generation == STRING
    input.Body.defaultObjectAcl[_].id == STRING
    input.Body.defaultObjectAcl[_].kind == STRING
    input.Body.defaultObjectAcl[_].object == STRING
    input.Body.defaultObjectAcl[_].projectTeam.projectNumber == STRING
    input.Body.defaultObjectAcl[_].projectTeam.team == STRING
    input.Body.defaultObjectAcl[_].role == STRING
    input.Body.defaultObjectAcl[_].selfLink == STRING
    input.Body.encryption.defaultKmsKeyName == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.hardDeleteTime == STRING
    input.Body.hierarchicalNamespace.enabled == BOOLEAN
    input.Body.iamConfiguration.bucketPolicyOnly.enabled == BOOLEAN
    input.Body.iamConfiguration.bucketPolicyOnly.lockedTime == STRING
    input.Body.iamConfiguration.publicAccessPrevention == STRING
    input.Body.iamConfiguration.uniformBucketLevelAccess.enabled == BOOLEAN
    input.Body.iamConfiguration.uniformBucketLevelAccess.lockedTime == STRING
    input.Body.id == STRING
    input.Body.ipFilter.mode == STRING
    input.Body.ipFilter.publicNetworkSource.allowedIpCidrRanges[_] == STRING
    input.Body.ipFilter.vpcNetworkSources[_].allowedIpCidrRanges[_] == STRING
    input.Body.ipFilter.vpcNetworkSources[_].network == STRING
    input.Body.kind == STRING
    input.Body.labels.STRING == STRING
    input.Body.lifecycle.rule[_].action.storageClass == STRING
    input.Body.lifecycle.rule[_].action.type == STRING
    input.Body.lifecycle.rule[_].condition.age == INTEGER
    input.Body.lifecycle.rule[_].condition.createdBefore == STRING
    input.Body.lifecycle.rule[_].condition.customTimeBefore == STRING
    input.Body.lifecycle.rule[_].condition.daysSinceCustomTime == INTEGER
    input.Body.lifecycle.rule[_].condition.daysSinceNoncurrentTime == INTEGER
    input.Body.lifecycle.rule[_].condition.isLive == BOOLEAN
    input.Body.lifecycle.rule[_].condition.matchesPattern == STRING
    input.Body.lifecycle.rule[_].condition.matchesPrefix[_] == STRING
    input.Body.lifecycle.rule[_].condition.matchesStorageClass[_] == STRING
    input.Body.lifecycle.rule[_].condition.matchesSuffix[_] == STRING
    input.Body.lifecycle.rule[_].condition.noncurrentTimeBefore == STRING
    input.Body.lifecycle.rule[_].condition.numNewerVersions == INTEGER
    input.Body.location == STRING
    input.Body.locationType == STRING
    input.Body.logging.logBucket == STRING
    input.Body.logging.logObjectPrefix == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.objectRetention.mode == STRING
    input.Body.owner.entity == STRING
    input.Body.owner.entityId == STRING
    input.Body.projectNumber == STRING
    input.Body.retentionPolicy.effectiveTime == STRING
    input.Body.retentionPolicy.isLocked == BOOLEAN
    input.Body.retentionPolicy.retentionPeriod == STRING
    input.Body.rpo == STRING
    input.Body.satisfiesPZI == BOOLEAN
    input.Body.satisfiesPZS == BOOLEAN
    input.Body.selfLink == STRING
    input.Body.softDeletePolicy.effectiveTime == STRING
    input.Body.softDeletePolicy.retentionDurationSeconds == STRING
    input.Body.softDeleteTime == STRING
    input.Body.storageClass == STRING
    input.Body.timeCreated == STRING
    input.Body.updated == STRING
    input.Body.versioning.enabled == BOOLEAN
    input.Body.website.mainPageSuffix == STRING
    input.Body.website.notFoundPage == STRING
    input.Qs.enableObjectRetention == BOOLEAN
    input.Qs.predefinedAcl == enum_PredefinedAclParameter[_]
    input.Qs.predefinedDefaultObjectAcl == enum_PredefinedDefaultObjectAclParameter[_]
    input.Qs.project == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.list

enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.prefix == STRING
    input.Qs.project == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.softDeleted == BOOLEAN
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.lockRetentionPolicy

valid {
    input.ReqMap.bucket == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.operations.advanceRelocateBucket

valid {
    input.Body.expireTime == STRING
    input.Body.ttl == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.operationId == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.operations.cancel

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.operationId == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.operations.get

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.operationId == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.operations.list

valid {
    input.ReqMap.bucket == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.patch

enum_PredefinedAclParameter := [ "authenticatedRead", "private", "projectPrivate", "publicRead", "publicReadWrite" ]
enum_PredefinedDefaultObjectAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]
enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.acl[_].bucket == STRING
    input.Body.acl[_].domain == STRING
    input.Body.acl[_].email == STRING
    input.Body.acl[_].entity == STRING
    input.Body.acl[_].entityId == STRING
    input.Body.acl[_].etag == STRING
    input.Body.acl[_].id == STRING
    input.Body.acl[_].kind == STRING
    input.Body.acl[_].projectTeam.projectNumber == STRING
    input.Body.acl[_].projectTeam.team == STRING
    input.Body.acl[_].role == STRING
    input.Body.acl[_].selfLink == STRING
    input.Body.autoclass.enabled == BOOLEAN
    input.Body.autoclass.terminalStorageClass == STRING
    input.Body.autoclass.terminalStorageClassUpdateTime == STRING
    input.Body.autoclass.toggleTime == STRING
    input.Body.billing.requesterPays == BOOLEAN
    input.Body.cors[_].maxAgeSeconds == INTEGER
    input.Body.cors[_].method[_] == STRING
    input.Body.cors[_].origin[_] == STRING
    input.Body.cors[_].responseHeader[_] == STRING
    input.Body.customPlacementConfig.dataLocations[_] == STRING
    input.Body.defaultEventBasedHold == BOOLEAN
    input.Body.defaultObjectAcl[_].bucket == STRING
    input.Body.defaultObjectAcl[_].domain == STRING
    input.Body.defaultObjectAcl[_].email == STRING
    input.Body.defaultObjectAcl[_].entity == STRING
    input.Body.defaultObjectAcl[_].entityId == STRING
    input.Body.defaultObjectAcl[_].etag == STRING
    input.Body.defaultObjectAcl[_].generation == STRING
    input.Body.defaultObjectAcl[_].id == STRING
    input.Body.defaultObjectAcl[_].kind == STRING
    input.Body.defaultObjectAcl[_].object == STRING
    input.Body.defaultObjectAcl[_].projectTeam.projectNumber == STRING
    input.Body.defaultObjectAcl[_].projectTeam.team == STRING
    input.Body.defaultObjectAcl[_].role == STRING
    input.Body.defaultObjectAcl[_].selfLink == STRING
    input.Body.encryption.defaultKmsKeyName == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.hardDeleteTime == STRING
    input.Body.hierarchicalNamespace.enabled == BOOLEAN
    input.Body.iamConfiguration.bucketPolicyOnly.enabled == BOOLEAN
    input.Body.iamConfiguration.bucketPolicyOnly.lockedTime == STRING
    input.Body.iamConfiguration.publicAccessPrevention == STRING
    input.Body.iamConfiguration.uniformBucketLevelAccess.enabled == BOOLEAN
    input.Body.iamConfiguration.uniformBucketLevelAccess.lockedTime == STRING
    input.Body.id == STRING
    input.Body.ipFilter.mode == STRING
    input.Body.ipFilter.publicNetworkSource.allowedIpCidrRanges[_] == STRING
    input.Body.ipFilter.vpcNetworkSources[_].allowedIpCidrRanges[_] == STRING
    input.Body.ipFilter.vpcNetworkSources[_].network == STRING
    input.Body.kind == STRING
    input.Body.labels.STRING == STRING
    input.Body.lifecycle.rule[_].action.storageClass == STRING
    input.Body.lifecycle.rule[_].action.type == STRING
    input.Body.lifecycle.rule[_].condition.age == INTEGER
    input.Body.lifecycle.rule[_].condition.createdBefore == STRING
    input.Body.lifecycle.rule[_].condition.customTimeBefore == STRING
    input.Body.lifecycle.rule[_].condition.daysSinceCustomTime == INTEGER
    input.Body.lifecycle.rule[_].condition.daysSinceNoncurrentTime == INTEGER
    input.Body.lifecycle.rule[_].condition.isLive == BOOLEAN
    input.Body.lifecycle.rule[_].condition.matchesPattern == STRING
    input.Body.lifecycle.rule[_].condition.matchesPrefix[_] == STRING
    input.Body.lifecycle.rule[_].condition.matchesStorageClass[_] == STRING
    input.Body.lifecycle.rule[_].condition.matchesSuffix[_] == STRING
    input.Body.lifecycle.rule[_].condition.noncurrentTimeBefore == STRING
    input.Body.lifecycle.rule[_].condition.numNewerVersions == INTEGER
    input.Body.location == STRING
    input.Body.locationType == STRING
    input.Body.logging.logBucket == STRING
    input.Body.logging.logObjectPrefix == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.objectRetention.mode == STRING
    input.Body.owner.entity == STRING
    input.Body.owner.entityId == STRING
    input.Body.projectNumber == STRING
    input.Body.retentionPolicy.effectiveTime == STRING
    input.Body.retentionPolicy.isLocked == BOOLEAN
    input.Body.retentionPolicy.retentionPeriod == STRING
    input.Body.rpo == STRING
    input.Body.satisfiesPZI == BOOLEAN
    input.Body.satisfiesPZS == BOOLEAN
    input.Body.selfLink == STRING
    input.Body.softDeletePolicy.effectiveTime == STRING
    input.Body.softDeletePolicy.retentionDurationSeconds == STRING
    input.Body.softDeleteTime == STRING
    input.Body.storageClass == STRING
    input.Body.timeCreated == STRING
    input.Body.updated == STRING
    input.Body.versioning.enabled == BOOLEAN
    input.Body.website.mainPageSuffix == STRING
    input.Body.website.notFoundPage == STRING
    input.ReqMap.bucket == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.predefinedAcl == enum_PredefinedAclParameter[_]
    input.Qs.predefinedDefaultObjectAcl == enum_PredefinedDefaultObjectAclParameter[_]
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.relocate

valid {
    input.Body.destinationCustomPlacementConfig.dataLocations[_] == STRING
    input.Body.destinationLocation == STRING
    input.Body.validateOnly == BOOLEAN
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.restore

enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.ReqMap.bucket == STRING
    input.Qs.generation == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.setIamPolicy

valid {
    input.Body.bindings[_].condition.description == STRING
    input.Body.bindings[_].condition.expression == STRING
    input.Body.bindings[_].condition.location == STRING
    input.Body.bindings[_].condition.title == STRING
    input.Body.bindings[_].members[_] == STRING
    input.Body.bindings[_].role == STRING
    input.Body.etag == STRING
    input.Body.kind == STRING
    input.Body.resourceId == STRING
    input.Body.version == INTEGER
    input.ReqMap.bucket == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.testIamPermissions

valid {
    input.ReqMap.bucket == STRING
    input.Qs.permissions == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.buckets.update

enum_PredefinedAclParameter := [ "authenticatedRead", "private", "projectPrivate", "publicRead", "publicReadWrite" ]
enum_PredefinedDefaultObjectAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]
enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.acl[_].bucket == STRING
    input.Body.acl[_].domain == STRING
    input.Body.acl[_].email == STRING
    input.Body.acl[_].entity == STRING
    input.Body.acl[_].entityId == STRING
    input.Body.acl[_].etag == STRING
    input.Body.acl[_].id == STRING
    input.Body.acl[_].kind == STRING
    input.Body.acl[_].projectTeam.projectNumber == STRING
    input.Body.acl[_].projectTeam.team == STRING
    input.Body.acl[_].role == STRING
    input.Body.acl[_].selfLink == STRING
    input.Body.autoclass.enabled == BOOLEAN
    input.Body.autoclass.terminalStorageClass == STRING
    input.Body.autoclass.terminalStorageClassUpdateTime == STRING
    input.Body.autoclass.toggleTime == STRING
    input.Body.billing.requesterPays == BOOLEAN
    input.Body.cors[_].maxAgeSeconds == INTEGER
    input.Body.cors[_].method[_] == STRING
    input.Body.cors[_].origin[_] == STRING
    input.Body.cors[_].responseHeader[_] == STRING
    input.Body.customPlacementConfig.dataLocations[_] == STRING
    input.Body.defaultEventBasedHold == BOOLEAN
    input.Body.defaultObjectAcl[_].bucket == STRING
    input.Body.defaultObjectAcl[_].domain == STRING
    input.Body.defaultObjectAcl[_].email == STRING
    input.Body.defaultObjectAcl[_].entity == STRING
    input.Body.defaultObjectAcl[_].entityId == STRING
    input.Body.defaultObjectAcl[_].etag == STRING
    input.Body.defaultObjectAcl[_].generation == STRING
    input.Body.defaultObjectAcl[_].id == STRING
    input.Body.defaultObjectAcl[_].kind == STRING
    input.Body.defaultObjectAcl[_].object == STRING
    input.Body.defaultObjectAcl[_].projectTeam.projectNumber == STRING
    input.Body.defaultObjectAcl[_].projectTeam.team == STRING
    input.Body.defaultObjectAcl[_].role == STRING
    input.Body.defaultObjectAcl[_].selfLink == STRING
    input.Body.encryption.defaultKmsKeyName == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.hardDeleteTime == STRING
    input.Body.hierarchicalNamespace.enabled == BOOLEAN
    input.Body.iamConfiguration.bucketPolicyOnly.enabled == BOOLEAN
    input.Body.iamConfiguration.bucketPolicyOnly.lockedTime == STRING
    input.Body.iamConfiguration.publicAccessPrevention == STRING
    input.Body.iamConfiguration.uniformBucketLevelAccess.enabled == BOOLEAN
    input.Body.iamConfiguration.uniformBucketLevelAccess.lockedTime == STRING
    input.Body.id == STRING
    input.Body.ipFilter.mode == STRING
    input.Body.ipFilter.publicNetworkSource.allowedIpCidrRanges[_] == STRING
    input.Body.ipFilter.vpcNetworkSources[_].allowedIpCidrRanges[_] == STRING
    input.Body.ipFilter.vpcNetworkSources[_].network == STRING
    input.Body.kind == STRING
    input.Body.labels.STRING == STRING
    input.Body.lifecycle.rule[_].action.storageClass == STRING
    input.Body.lifecycle.rule[_].action.type == STRING
    input.Body.lifecycle.rule[_].condition.age == INTEGER
    input.Body.lifecycle.rule[_].condition.createdBefore == STRING
    input.Body.lifecycle.rule[_].condition.customTimeBefore == STRING
    input.Body.lifecycle.rule[_].condition.daysSinceCustomTime == INTEGER
    input.Body.lifecycle.rule[_].condition.daysSinceNoncurrentTime == INTEGER
    input.Body.lifecycle.rule[_].condition.isLive == BOOLEAN
    input.Body.lifecycle.rule[_].condition.matchesPattern == STRING
    input.Body.lifecycle.rule[_].condition.matchesPrefix[_] == STRING
    input.Body.lifecycle.rule[_].condition.matchesStorageClass[_] == STRING
    input.Body.lifecycle.rule[_].condition.matchesSuffix[_] == STRING
    input.Body.lifecycle.rule[_].condition.noncurrentTimeBefore == STRING
    input.Body.lifecycle.rule[_].condition.numNewerVersions == INTEGER
    input.Body.location == STRING
    input.Body.locationType == STRING
    input.Body.logging.logBucket == STRING
    input.Body.logging.logObjectPrefix == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.objectRetention.mode == STRING
    input.Body.owner.entity == STRING
    input.Body.owner.entityId == STRING
    input.Body.projectNumber == STRING
    input.Body.retentionPolicy.effectiveTime == STRING
    input.Body.retentionPolicy.isLocked == BOOLEAN
    input.Body.retentionPolicy.retentionPeriod == STRING
    input.Body.rpo == STRING
    input.Body.satisfiesPZI == BOOLEAN
    input.Body.satisfiesPZS == BOOLEAN
    input.Body.selfLink == STRING
    input.Body.softDeletePolicy.effectiveTime == STRING
    input.Body.softDeletePolicy.retentionDurationSeconds == STRING
    input.Body.softDeleteTime == STRING
    input.Body.storageClass == STRING
    input.Body.timeCreated == STRING
    input.Body.updated == STRING
    input.Body.versioning.enabled == BOOLEAN
    input.Body.website.mainPageSuffix == STRING
    input.Body.website.notFoundPage == STRING
    input.ReqMap.bucket == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.predefinedAcl == enum_PredefinedAclParameter[_]
    input.Qs.predefinedDefaultObjectAcl == enum_PredefinedDefaultObjectAclParameter[_]
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.channels.stop

valid {
    input.Body.address == STRING
    input.Body.expiration == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.params.STRING == STRING
    input.Body.payload == BOOLEAN
    input.Body.resourceId == STRING
    input.Body.resourceUri == STRING
    input.Body.token == STRING
    input.Body.type == STRING
    input.ProviderMetadata.Region == STRING
}

storage.defaultObjectAccessControls.delete

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.defaultObjectAccessControls.get

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.defaultObjectAccessControls.insert

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.object == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.defaultObjectAccessControls.list

valid {
    input.ReqMap.bucket == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.defaultObjectAccessControls.patch

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.object == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.defaultObjectAccessControls.update

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.object == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.folders.delete

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.folder == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.ProviderMetadata.Region == STRING
}

storage.folders.get

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.folder == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.ProviderMetadata.Region == STRING
}

storage.folders.insert

valid {
    input.Body.bucket == STRING
    input.Body.createTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.pendingRenameInfo.operationId == STRING
    input.Body.selfLink == STRING
    input.Body.updateTime == STRING
    input.ReqMap.bucket == STRING
    input.Qs.recursive == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

storage.folders.list

valid {
    input.ReqMap.bucket == STRING
    input.Qs.delimiter == STRING
    input.Qs.endOffset == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.prefix == STRING
    input.Qs.startOffset == STRING
    input.ProviderMetadata.Region == STRING
}

storage.folders.rename

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.destinationFolder == STRING
    input.ReqMap.sourceFolder == STRING
    input.Qs.ifSourceMetagenerationMatch == STRING
    input.Qs.ifSourceMetagenerationNotMatch == STRING
    input.ProviderMetadata.Region == STRING
}

storage.managedFolders.delete

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.managedFolder == STRING
    input.Qs.allowNonEmpty == BOOLEAN
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.ProviderMetadata.Region == STRING
}

storage.managedFolders.get

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.managedFolder == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.ProviderMetadata.Region == STRING
}

storage.managedFolders.getIamPolicy

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.managedFolder == STRING
    input.Qs.optionsRequestedPolicyVersion == INTEGER
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.managedFolders.insert

valid {
    input.Body.bucket == STRING
    input.Body.createTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.selfLink == STRING
    input.Body.updateTime == STRING
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.managedFolders.list

valid {
    input.ReqMap.bucket == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.prefix == STRING
    input.ProviderMetadata.Region == STRING
}

storage.managedFolders.setIamPolicy

valid {
    input.Body.bindings[_].condition.description == STRING
    input.Body.bindings[_].condition.expression == STRING
    input.Body.bindings[_].condition.location == STRING
    input.Body.bindings[_].condition.title == STRING
    input.Body.bindings[_].members[_] == STRING
    input.Body.bindings[_].role == STRING
    input.Body.etag == STRING
    input.Body.kind == STRING
    input.Body.resourceId == STRING
    input.Body.version == INTEGER
    input.ReqMap.bucket == STRING
    input.ReqMap.managedFolder == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.managedFolders.testIamPermissions

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.managedFolder == STRING
    input.Qs.permissions == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.notifications.delete

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.notification == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.notifications.get

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.notification == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.notifications.insert

valid {
    input.Body.custom_attributes.STRING == STRING
    input.Body.etag == STRING
    input.Body.event_types[_] == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.object_name_prefix == STRING
    input.Body.payload_format == STRING
    input.Body.selfLink == STRING
    input.Body.topic == STRING
    input.ReqMap.bucket == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.notifications.list

valid {
    input.ReqMap.bucket == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objectAccessControls.delete

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objectAccessControls.get

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objectAccessControls.insert

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.object == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objectAccessControls.list

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objectAccessControls.patch

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.object == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objectAccessControls.update

valid {
    input.Body.bucket == STRING
    input.Body.domain == STRING
    input.Body.email == STRING
    input.Body.entity == STRING
    input.Body.entityId == STRING
    input.Body.etag == STRING
    input.Body.generation == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.object == STRING
    input.Body.projectTeam.projectNumber == STRING
    input.Body.projectTeam.team == STRING
    input.Body.role == STRING
    input.Body.selfLink == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.entity == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.bulkRestore

valid {
    input.Body.allowOverwrite == BOOLEAN
    input.Body.copySourceAcl == BOOLEAN
    input.Body.matchGlobs[_] == STRING
    input.Body.softDeletedAfterTime == STRING
    input.Body.softDeletedBeforeTime == STRING
    input.ReqMap.bucket == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.compose

enum_DestinationPredefinedAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]

valid {
    input.Body.destination.acl[_].bucket == STRING
    input.Body.destination.acl[_].domain == STRING
    input.Body.destination.acl[_].email == STRING
    input.Body.destination.acl[_].entity == STRING
    input.Body.destination.acl[_].entityId == STRING
    input.Body.destination.acl[_].etag == STRING
    input.Body.destination.acl[_].generation == STRING
    input.Body.destination.acl[_].id == STRING
    input.Body.destination.acl[_].kind == STRING
    input.Body.destination.acl[_].object == STRING
    input.Body.destination.acl[_].projectTeam.projectNumber == STRING
    input.Body.destination.acl[_].projectTeam.team == STRING
    input.Body.destination.acl[_].role == STRING
    input.Body.destination.acl[_].selfLink == STRING
    input.Body.destination.bucket == STRING
    input.Body.destination.cacheControl == STRING
    input.Body.destination.componentCount == INTEGER
    input.Body.destination.contentDisposition == STRING
    input.Body.destination.contentEncoding == STRING
    input.Body.destination.contentLanguage == STRING
    input.Body.destination.contentType == STRING
    input.Body.destination.crc32c == STRING
    input.Body.destination.customTime == STRING
    input.Body.destination.customerEncryption.encryptionAlgorithm == STRING
    input.Body.destination.customerEncryption.keySha256 == STRING
    input.Body.destination.etag == STRING
    input.Body.destination.eventBasedHold == BOOLEAN
    input.Body.destination.generation == STRING
    input.Body.destination.hardDeleteTime == STRING
    input.Body.destination.id == STRING
    input.Body.destination.kind == STRING
    input.Body.destination.kmsKeyName == STRING
    input.Body.destination.md5Hash == STRING
    input.Body.destination.mediaLink == STRING
    input.Body.destination.metadata.STRING == STRING
    input.Body.destination.metageneration == STRING
    input.Body.destination.name == STRING
    input.Body.destination.owner.entity == STRING
    input.Body.destination.owner.entityId == STRING
    input.Body.destination.restoreToken == STRING
    input.Body.destination.retention.mode == STRING
    input.Body.destination.retention.retainUntilTime == STRING
    input.Body.destination.retentionExpirationTime == STRING
    input.Body.destination.selfLink == STRING
    input.Body.destination.size == STRING
    input.Body.destination.softDeleteTime == STRING
    input.Body.destination.storageClass == STRING
    input.Body.destination.temporaryHold == BOOLEAN
    input.Body.destination.timeCreated == STRING
    input.Body.destination.timeDeleted == STRING
    input.Body.destination.timeFinalized == STRING
    input.Body.destination.timeStorageClassUpdated == STRING
    input.Body.destination.updated == STRING
    input.Body.kind == STRING
    input.Body.sourceObjects[_].generation == STRING
    input.Body.sourceObjects[_].name == STRING
    input.Body.sourceObjects[_].objectPreconditions.ifGenerationMatch == STRING
    input.ReqMap.destinationBucket == STRING
    input.ReqMap.destinationObject == STRING
    input.Qs.destinationPredefinedAcl == enum_DestinationPredefinedAclParameter[_]
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.kmsKeyName == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.copy

enum_DestinationPredefinedAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]
enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.acl[_].bucket == STRING
    input.Body.acl[_].domain == STRING
    input.Body.acl[_].email == STRING
    input.Body.acl[_].entity == STRING
    input.Body.acl[_].entityId == STRING
    input.Body.acl[_].etag == STRING
    input.Body.acl[_].generation == STRING
    input.Body.acl[_].id == STRING
    input.Body.acl[_].kind == STRING
    input.Body.acl[_].object == STRING
    input.Body.acl[_].projectTeam.projectNumber == STRING
    input.Body.acl[_].projectTeam.team == STRING
    input.Body.acl[_].role == STRING
    input.Body.acl[_].selfLink == STRING
    input.Body.bucket == STRING
    input.Body.cacheControl == STRING
    input.Body.componentCount == INTEGER
    input.Body.contentDisposition == STRING
    input.Body.contentEncoding == STRING
    input.Body.contentLanguage == STRING
    input.Body.contentType == STRING
    input.Body.crc32c == STRING
    input.Body.customTime == STRING
    input.Body.customerEncryption.encryptionAlgorithm == STRING
    input.Body.customerEncryption.keySha256 == STRING
    input.Body.etag == STRING
    input.Body.eventBasedHold == BOOLEAN
    input.Body.generation == STRING
    input.Body.hardDeleteTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.kmsKeyName == STRING
    input.Body.md5Hash == STRING
    input.Body.mediaLink == STRING
    input.Body.metadata.STRING == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.owner.entity == STRING
    input.Body.owner.entityId == STRING
    input.Body.restoreToken == STRING
    input.Body.retention.mode == STRING
    input.Body.retention.retainUntilTime == STRING
    input.Body.retentionExpirationTime == STRING
    input.Body.selfLink == STRING
    input.Body.size == STRING
    input.Body.softDeleteTime == STRING
    input.Body.storageClass == STRING
    input.Body.temporaryHold == BOOLEAN
    input.Body.timeCreated == STRING
    input.Body.timeDeleted == STRING
    input.Body.timeFinalized == STRING
    input.Body.timeStorageClassUpdated == STRING
    input.Body.updated == STRING
    input.ReqMap.destinationBucket == STRING
    input.ReqMap.destinationObject == STRING
    input.ReqMap.sourceBucket == STRING
    input.ReqMap.sourceObject == STRING
    input.Qs.destinationKmsKeyName == STRING
    input.Qs.destinationPredefinedAcl == enum_DestinationPredefinedAclParameter[_]
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.ifSourceGenerationMatch == STRING
    input.Qs.ifSourceGenerationNotMatch == STRING
    input.Qs.ifSourceMetagenerationMatch == STRING
    input.Qs.ifSourceMetagenerationNotMatch == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.sourceGeneration == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.delete

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.get

enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.restoreToken == STRING
    input.Qs.softDeleted == BOOLEAN
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.getIamPolicy

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.insert

enum_PredefinedAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]
enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.acl[_].bucket == STRING
    input.Body.acl[_].domain == STRING
    input.Body.acl[_].email == STRING
    input.Body.acl[_].entity == STRING
    input.Body.acl[_].entityId == STRING
    input.Body.acl[_].etag == STRING
    input.Body.acl[_].generation == STRING
    input.Body.acl[_].id == STRING
    input.Body.acl[_].kind == STRING
    input.Body.acl[_].object == STRING
    input.Body.acl[_].projectTeam.projectNumber == STRING
    input.Body.acl[_].projectTeam.team == STRING
    input.Body.acl[_].role == STRING
    input.Body.acl[_].selfLink == STRING
    input.Body.bucket == STRING
    input.Body.cacheControl == STRING
    input.Body.componentCount == INTEGER
    input.Body.contentDisposition == STRING
    input.Body.contentEncoding == STRING
    input.Body.contentLanguage == STRING
    input.Body.contentType == STRING
    input.Body.crc32c == STRING
    input.Body.customTime == STRING
    input.Body.customerEncryption.encryptionAlgorithm == STRING
    input.Body.customerEncryption.keySha256 == STRING
    input.Body.etag == STRING
    input.Body.eventBasedHold == BOOLEAN
    input.Body.generation == STRING
    input.Body.hardDeleteTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.kmsKeyName == STRING
    input.Body.md5Hash == STRING
    input.Body.mediaLink == STRING
    input.Body.metadata.STRING == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.owner.entity == STRING
    input.Body.owner.entityId == STRING
    input.Body.restoreToken == STRING
    input.Body.retention.mode == STRING
    input.Body.retention.retainUntilTime == STRING
    input.Body.retentionExpirationTime == STRING
    input.Body.selfLink == STRING
    input.Body.size == STRING
    input.Body.softDeleteTime == STRING
    input.Body.storageClass == STRING
    input.Body.temporaryHold == BOOLEAN
    input.Body.timeCreated == STRING
    input.Body.timeDeleted == STRING
    input.Body.timeFinalized == STRING
    input.Body.timeStorageClassUpdated == STRING
    input.Body.updated == STRING
    input.ReqMap.bucket == STRING
    input.Qs.contentEncoding == STRING
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.kmsKeyName == STRING
    input.Qs.name == STRING
    input.Qs.predefinedAcl == enum_PredefinedAclParameter[_]
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.list

enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.ReqMap.bucket == STRING
    input.Qs.delimiter == STRING
    input.Qs.endOffset == STRING
    input.Qs.includeFoldersAsPrefixes == BOOLEAN
    input.Qs.includeTrailingDelimiter == BOOLEAN
    input.Qs.matchGlob == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.prefix == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.softDeleted == BOOLEAN
    input.Qs.startOffset == STRING
    input.Qs.userProject == STRING
    input.Qs.versions == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

storage.objects.move

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.destinationObject == STRING
    input.ReqMap.sourceObject == STRING
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.ifSourceGenerationMatch == STRING
    input.Qs.ifSourceGenerationNotMatch == STRING
    input.Qs.ifSourceMetagenerationMatch == STRING
    input.Qs.ifSourceMetagenerationNotMatch == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.patch

enum_PredefinedAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]
enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.acl[_].bucket == STRING
    input.Body.acl[_].domain == STRING
    input.Body.acl[_].email == STRING
    input.Body.acl[_].entity == STRING
    input.Body.acl[_].entityId == STRING
    input.Body.acl[_].etag == STRING
    input.Body.acl[_].generation == STRING
    input.Body.acl[_].id == STRING
    input.Body.acl[_].kind == STRING
    input.Body.acl[_].object == STRING
    input.Body.acl[_].projectTeam.projectNumber == STRING
    input.Body.acl[_].projectTeam.team == STRING
    input.Body.acl[_].role == STRING
    input.Body.acl[_].selfLink == STRING
    input.Body.bucket == STRING
    input.Body.cacheControl == STRING
    input.Body.componentCount == INTEGER
    input.Body.contentDisposition == STRING
    input.Body.contentEncoding == STRING
    input.Body.contentLanguage == STRING
    input.Body.contentType == STRING
    input.Body.crc32c == STRING
    input.Body.customTime == STRING
    input.Body.customerEncryption.encryptionAlgorithm == STRING
    input.Body.customerEncryption.keySha256 == STRING
    input.Body.etag == STRING
    input.Body.eventBasedHold == BOOLEAN
    input.Body.generation == STRING
    input.Body.hardDeleteTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.kmsKeyName == STRING
    input.Body.md5Hash == STRING
    input.Body.mediaLink == STRING
    input.Body.metadata.STRING == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.owner.entity == STRING
    input.Body.owner.entityId == STRING
    input.Body.restoreToken == STRING
    input.Body.retention.mode == STRING
    input.Body.retention.retainUntilTime == STRING
    input.Body.retentionExpirationTime == STRING
    input.Body.selfLink == STRING
    input.Body.size == STRING
    input.Body.softDeleteTime == STRING
    input.Body.storageClass == STRING
    input.Body.temporaryHold == BOOLEAN
    input.Body.timeCreated == STRING
    input.Body.timeDeleted == STRING
    input.Body.timeFinalized == STRING
    input.Body.timeStorageClassUpdated == STRING
    input.Body.updated == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.overrideUnlockedRetention == BOOLEAN
    input.Qs.predefinedAcl == enum_PredefinedAclParameter[_]
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.restore

enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.copySourceAcl == BOOLEAN
    input.Qs.generation == STRING
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.restoreToken == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.rewrite

enum_DestinationPredefinedAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]
enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.acl[_].bucket == STRING
    input.Body.acl[_].domain == STRING
    input.Body.acl[_].email == STRING
    input.Body.acl[_].entity == STRING
    input.Body.acl[_].entityId == STRING
    input.Body.acl[_].etag == STRING
    input.Body.acl[_].generation == STRING
    input.Body.acl[_].id == STRING
    input.Body.acl[_].kind == STRING
    input.Body.acl[_].object == STRING
    input.Body.acl[_].projectTeam.projectNumber == STRING
    input.Body.acl[_].projectTeam.team == STRING
    input.Body.acl[_].role == STRING
    input.Body.acl[_].selfLink == STRING
    input.Body.bucket == STRING
    input.Body.cacheControl == STRING
    input.Body.componentCount == INTEGER
    input.Body.contentDisposition == STRING
    input.Body.contentEncoding == STRING
    input.Body.contentLanguage == STRING
    input.Body.contentType == STRING
    input.Body.crc32c == STRING
    input.Body.customTime == STRING
    input.Body.customerEncryption.encryptionAlgorithm == STRING
    input.Body.customerEncryption.keySha256 == STRING
    input.Body.etag == STRING
    input.Body.eventBasedHold == BOOLEAN
    input.Body.generation == STRING
    input.Body.hardDeleteTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.kmsKeyName == STRING
    input.Body.md5Hash == STRING
    input.Body.mediaLink == STRING
    input.Body.metadata.STRING == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.owner.entity == STRING
    input.Body.owner.entityId == STRING
    input.Body.restoreToken == STRING
    input.Body.retention.mode == STRING
    input.Body.retention.retainUntilTime == STRING
    input.Body.retentionExpirationTime == STRING
    input.Body.selfLink == STRING
    input.Body.size == STRING
    input.Body.softDeleteTime == STRING
    input.Body.storageClass == STRING
    input.Body.temporaryHold == BOOLEAN
    input.Body.timeCreated == STRING
    input.Body.timeDeleted == STRING
    input.Body.timeFinalized == STRING
    input.Body.timeStorageClassUpdated == STRING
    input.Body.updated == STRING
    input.ReqMap.destinationBucket == STRING
    input.ReqMap.destinationObject == STRING
    input.ReqMap.sourceBucket == STRING
    input.ReqMap.sourceObject == STRING
    input.Qs.destinationKmsKeyName == STRING
    input.Qs.destinationPredefinedAcl == enum_DestinationPredefinedAclParameter[_]
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.ifSourceGenerationMatch == STRING
    input.Qs.ifSourceGenerationNotMatch == STRING
    input.Qs.ifSourceMetagenerationMatch == STRING
    input.Qs.ifSourceMetagenerationNotMatch == STRING
    input.Qs.maxBytesRewrittenPerCall == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.rewriteToken == STRING
    input.Qs.sourceGeneration == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.setIamPolicy

valid {
    input.Body.bindings[_].condition.description == STRING
    input.Body.bindings[_].condition.expression == STRING
    input.Body.bindings[_].condition.location == STRING
    input.Body.bindings[_].condition.title == STRING
    input.Body.bindings[_].members[_] == STRING
    input.Body.bindings[_].role == STRING
    input.Body.etag == STRING
    input.Body.kind == STRING
    input.Body.resourceId == STRING
    input.Body.version == INTEGER
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.testIamPermissions

valid {
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.permissions == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.update

enum_PredefinedAclParameter := [ "authenticatedRead", "bucketOwnerFullControl", "bucketOwnerRead", "private", "projectPrivate", "publicRead" ]
enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.acl[_].bucket == STRING
    input.Body.acl[_].domain == STRING
    input.Body.acl[_].email == STRING
    input.Body.acl[_].entity == STRING
    input.Body.acl[_].entityId == STRING
    input.Body.acl[_].etag == STRING
    input.Body.acl[_].generation == STRING
    input.Body.acl[_].id == STRING
    input.Body.acl[_].kind == STRING
    input.Body.acl[_].object == STRING
    input.Body.acl[_].projectTeam.projectNumber == STRING
    input.Body.acl[_].projectTeam.team == STRING
    input.Body.acl[_].role == STRING
    input.Body.acl[_].selfLink == STRING
    input.Body.bucket == STRING
    input.Body.cacheControl == STRING
    input.Body.componentCount == INTEGER
    input.Body.contentDisposition == STRING
    input.Body.contentEncoding == STRING
    input.Body.contentLanguage == STRING
    input.Body.contentType == STRING
    input.Body.crc32c == STRING
    input.Body.customTime == STRING
    input.Body.customerEncryption.encryptionAlgorithm == STRING
    input.Body.customerEncryption.keySha256 == STRING
    input.Body.etag == STRING
    input.Body.eventBasedHold == BOOLEAN
    input.Body.generation == STRING
    input.Body.hardDeleteTime == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.kmsKeyName == STRING
    input.Body.md5Hash == STRING
    input.Body.mediaLink == STRING
    input.Body.metadata.STRING == STRING
    input.Body.metageneration == STRING
    input.Body.name == STRING
    input.Body.owner.entity == STRING
    input.Body.owner.entityId == STRING
    input.Body.restoreToken == STRING
    input.Body.retention.mode == STRING
    input.Body.retention.retainUntilTime == STRING
    input.Body.retentionExpirationTime == STRING
    input.Body.selfLink == STRING
    input.Body.size == STRING
    input.Body.softDeleteTime == STRING
    input.Body.storageClass == STRING
    input.Body.temporaryHold == BOOLEAN
    input.Body.timeCreated == STRING
    input.Body.timeDeleted == STRING
    input.Body.timeFinalized == STRING
    input.Body.timeStorageClassUpdated == STRING
    input.Body.updated == STRING
    input.ReqMap.bucket == STRING
    input.ReqMap.object == STRING
    input.Qs.generation == STRING
    input.Qs.ifGenerationMatch == STRING
    input.Qs.ifGenerationNotMatch == STRING
    input.Qs.ifMetagenerationMatch == STRING
    input.Qs.ifMetagenerationNotMatch == STRING
    input.Qs.overrideUnlockedRetention == BOOLEAN
    input.Qs.predefinedAcl == enum_PredefinedAclParameter[_]
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
}

storage.objects.watchAll

enum_ProjectionParameter := [ "full", "noAcl" ]

valid {
    input.Body.address == STRING
    input.Body.expiration == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.params.STRING == STRING
    input.Body.payload == BOOLEAN
    input.Body.resourceId == STRING
    input.Body.resourceUri == STRING
    input.Body.token == STRING
    input.Body.type == STRING
    input.ReqMap.bucket == STRING
    input.Qs.delimiter == STRING
    input.Qs.endOffset == STRING
    input.Qs.includeTrailingDelimiter == BOOLEAN
    input.Qs.maxResults == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.prefix == STRING
    input.Qs.projection == enum_ProjectionParameter[_]
    input.Qs.startOffset == STRING
    input.Qs.userProject == STRING
    input.Qs.versions == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

storage.projects.hmacKeys.create

valid {
    input.ReqMap.ProjectID == STRING
    input.Qs.serviceAccountEmail == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

storage.projects.hmacKeys.delete

valid {
    input.ReqMap.accessId == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

storage.projects.hmacKeys.get

valid {
    input.ReqMap.accessId == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

storage.projects.hmacKeys.list

valid {
    input.ReqMap.ProjectID == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.serviceAccountEmail == STRING
    input.Qs.showDeletedKeys == BOOLEAN
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

storage.projects.hmacKeys.update

valid {
    input.Body.accessId == STRING
    input.Body.etag == STRING
    input.Body.id == STRING
    input.Body.kind == STRING
    input.Body.projectId == STRING
    input.Body.selfLink == STRING
    input.Body.serviceAccountEmail == STRING
    input.Body.state == STRING
    input.Body.timeCreated == STRING
    input.Body.updated == STRING
    input.ReqMap.accessId == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

storage.projects.serviceAccount.get

valid {
    input.ReqMap.ProjectID == STRING
    input.Qs.userProject == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}