Definitions for @turbot/gcp-iam
- basicString
- bindings
- customRoleFolderDefinition
- customRoleFolderDefinitionList
- customRoleOrganizationDefinition
- customRoleOrganizationDefinitionList
- customRoleProjectDefinition
- customRoleProjectDefinitionList
- expr
- gcpLevelDefinition
- gcpLevelDefinitionList
- gcpModifier
- gcpModifierLevelReference
- gcpModifierList
- gcpPermissionLevelReference
- gcpPermissionReference
- gcpPermissionTypeReference
- gcpRightDefinition
- gcpRightDefinitionList
- iam
- iamAka
- iamName
- iamPolicyAuditConfigs
- iamPolicyAuditConfigsObj
- iamPolicyAuditLogConfigsLogType
- iamPolicyAuditLogConfigsObj
- iamPolicyBinding
- iamPolicyBindingMembers
- item
- member
- memberAka
- memberName
- memberTitle
- projectIamPolicy
- projectIamPolicyAka
- projectRole
- projectRoleAka
- projectRoleId
- projectRoleName
- projectRoleStage
- projectRoleTitle
- projectUser
- projectUserAka
- projectUserId
- role
- Role
- serviceAccount
- serviceAccountAka
- serviceAccountKey
- serviceAccountKeyAka
- serviceAccountKeyName
- turbotGcpLevelDefinitionList
basicString
{ "type": "string", "tests": [], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/basicString", "modUri": "tmod:@turbot/gcp-iam" }}
bindings
{ "type": "array", "properties": { "role": { "type": "string" }, "members": { "type": "array", "item": { "$ref": "#/definitions/item" } }, "condition": { "type": "object", "properties": { "Expr": { "$ref": "#/definitions/expr" } } } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/bindings", "modUri": "tmod:@turbot/gcp-iam" }}
customRoleFolderDefinition
{ "description": "Internal format for GCP folder role.", "pattern": "roles/[A-Za-z0-9._]+", "tests": [ { "description": "base", "input": "roles/resourcemanager.admin" }, { "description": "invalid roles", "input": "role/resourcemanager.admin", "expected": false }, { "description": "Valid org roles", "input": "organizations/702969400827/roles/orgAdmin" } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleFolderDefinition", "modUri": "tmod:@turbot/gcp-iam" }}
customRoleFolderDefinitionList
{ "description": "Internal format for GCP folder roles.", "type": "array", "items": { "description": "Internal format for GCP folder role.", "pattern": "roles/[A-Za-z0-9._]+", "tests": [ { "description": "base", "input": "roles/resourcemanager.admin" }, { "description": "invalid roles", "input": "role/resourcemanager.admin", "expected": false }, { "description": "Valid org roles", "input": "organizations/702969400827/roles/orgAdmin" } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleFolderDefinition", "modUri": "tmod:@turbot/gcp-iam" } }, "default": [ "roles/resourcemanager.folderAdmin", "roles/resourcemanager.folderCreator", "roles/resourcemanager.folderEditor", "roles/resourcemanager.folderIamAdmin", "roles/resourcemanager.folderMover", "roles/resourcemanager.folderViewer", "roles/resourcemanager.lienModifier", "roles/resourcemanager.projectCreator", "roles/resourcemanager.projectDeleter", "roles/resourcemanager.projectIamAdmin", "roles/resourcemanager.projectMover" ], "tests": [ { "description": "base", "input": [ "roles/resourcemanager.admin", "roles/resourcemanager.operator" ] }, { "description": "GCP Custom and user defined roles", "input": [ "roles/resourcemanager.admin", "roles/resourcemanager.operator", "organizations/702969400827/roles/orgAdmin" ] }, { "description": "Invalid org roles", "input": [ "organizations/702969400827/role/orgAdmin" ], "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleFolderDefinitionList", "modUri": "tmod:@turbot/gcp-iam" }}
customRoleOrganizationDefinition
{ "description": "Internal format for GCP organization role.", "pattern": "roles/[A-Za-z0-9._]+", "tests": [ { "description": "base", "input": "roles/resourcemanager.admin" }, { "description": "invalid roles", "input": "role/resourcemanager.admin", "expected": false }, { "description": "Valid org roles", "input": "organizations/702969400827/roles/orgAdmin" } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleOrganizationDefinition", "modUri": "tmod:@turbot/gcp-iam" }}
customRoleOrganizationDefinitionList
{ "description": "Internal format for GCP organization roles.", "type": "array", "items": { "description": "Internal format for GCP organization role.", "pattern": "roles/[A-Za-z0-9._]+", "tests": [ { "description": "base", "input": "roles/resourcemanager.admin" }, { "description": "invalid roles", "input": "role/resourcemanager.admin", "expected": false }, { "description": "Valid org roles", "input": "organizations/702969400827/roles/orgAdmin" } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleOrganizationDefinition", "modUri": "tmod:@turbot/gcp-iam" } }, "default": [ "roles/resourcemanager.folderAdmin", "roles/resourcemanager.folderCreator", "roles/resourcemanager.folderEditor", "roles/resourcemanager.folderIamAdmin", "roles/resourcemanager.folderMover", "roles/resourcemanager.folderViewer", "roles/resourcemanager.lienModifier", "roles/resourcemanager.organizationAdmin", "roles/resourcemanager.organizationCreator", "roles/resourcemanager.organizationViewer", "roles/resourcemanager.projectCreator", "roles/resourcemanager.projectDeleter", "roles/resourcemanager.projectIamAdmin", "roles/resourcemanager.projectMover" ], "tests": [ { "description": "base", "input": [ "roles/resourcemanager.admin", "roles/resourcemanager.operator" ] }, { "description": "GCP Custom and user defined roles", "input": [ "roles/resourcemanager.admin", "roles/resourcemanager.operator", "organizations/702969400827/roles/orgAdmin" ] }, { "description": "Invalid org roles", "input": [ "organizations/702969400827/role/orgAdmin" ], "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleOrganizationDefinitionList", "modUri": "tmod:@turbot/gcp-iam" }}
customRoleProjectDefinition
{ "description": "Internal format for GCP project role.", "pattern": "roles/[A-Za-z0-9._]+", "tests": [ { "description": "base", "input": "roles/owner" }, { "description": "invalid roles", "input": "role/owner", "expected": false }, { "description": "Valid org roles", "input": "projects/cse-legolas-2/roles/projectAdmin" } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleProjectDefinition", "modUri": "tmod:@turbot/gcp-iam" }}
customRoleProjectDefinitionList
{ "description": "Internal format for GCP project roles.", "type": "array", "items": { "description": "Internal format for GCP folder role.", "pattern": "roles/[A-Za-z0-9._]+", "tests": [ { "description": "base", "input": "roles/resourcemanager.admin" }, { "description": "invalid roles", "input": "role/resourcemanager.admin", "expected": false }, { "description": "Valid org roles", "input": "organizations/702969400827/roles/orgAdmin" } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleFolderDefinition", "modUri": "tmod:@turbot/gcp-iam" } }, "default": [], "tests": [ { "description": "base", "input": [ "roles/owner", "roles/operator" ] }, { "description": "GCP Custom and user defined roles", "input": [ "roles/owner", "roles/operator", "projects/cse-legolas-2/roles/owner" ] }, { "description": "Invalid org roles", "input": [ "projects/cse-legolas-2/role/operator" ], "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/customRoleProjectDefinitionList", "modUri": "tmod:@turbot/gcp-iam" }}
expr
{ "type": "object", "properties": { "expression": { "type": "string" }, "title": { "type": "string" }, "description": { "type": "string" }, "location": { "type": "string" } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/expr", "modUri": "tmod:@turbot/gcp-iam" }}
gcpLevelDefinition
{ "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/gcp" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/gcp-storage#/permission/types/storage" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpLevelDefinition", "modUri": "tmod:@turbot/gcp-iam" }}
gcpLevelDefinitionList
{ "description": "Internal format for Guardrails Levels registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/gcp" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/gcp-storage#/permission/types/storage" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpLevelDefinition", "modUri": "tmod:@turbot/gcp-iam" } }, "tests": [ { "description": "Valid level list", "input": [ { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/gcp-storage#/permission/types/storage" }, { "level": "tmod:@turbot/gcp-sql#/permission/levels/admin", "type": "tmod:@turbot/gcp-sql#/permission/types/storage" } ] }, { "description": "Invalid level list", "expected": false, "input": [ { "level": "tmod:@turbot/aws-storage#/permission/levels/admin", "type": "tmod:@turbot/aws-storage#/permission/types/storage" }, { "level": "tmod:@turbot/gcp-sql#/permission/levels/admin", "type": "tmod:@turbot/gcp-sql#/permission/types/storage" } ] } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpLevelDefinitionList", "modUri": "tmod:@turbot/gcp-iam" }}
gcpModifier
{ "type": "object", "patternProperties": { "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\\.([A-Za-z0-9]+)([A-Za-z0-9\\.]*[a-zA-Z0-9])$": { "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false }, { "description": "invalid - includes none", "input": "none", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpModifierLevelReference", "modUri": "tmod:@turbot/gcp-iam" } } }, "additionalProperties": false, "tests": [ { "description": "valid - base case", "input": { "storage.bucket.create": "metadata" } }, { "description": "invalid - level", "input": { "s3:create": "some" }, "expected": false }, { "description": "invalid - perms", "input": { "s3:": "metadata" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpModifier", "modUri": "tmod:@turbot/gcp-iam" }}
gcpModifierLevelReference
{ "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false }, { "description": "invalid - includes none", "input": "none", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpModifierLevelReference", "modUri": "tmod:@turbot/gcp-iam" }}
gcpModifierList
{ "type": "array", "default": [], "items": { "type": "object", "patternProperties": { "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\\.([A-Za-z0-9]+)([A-Za-z0-9\\.]*[a-zA-Z0-9])$": { "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false }, { "description": "invalid - includes none", "input": "none", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpModifierLevelReference", "modUri": "tmod:@turbot/gcp-iam" } } }, "additionalProperties": false, "tests": [ { "description": "valid - base case", "input": { "storage.bucket.create": "metadata" } }, { "description": "invalid - level", "input": { "s3:create": "some" }, "expected": false }, { "description": "invalid - perms", "input": { "s3:": "metadata" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpModifier", "modUri": "tmod:@turbot/gcp-iam" } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpModifierList", "modUri": "tmod:@turbot/gcp-iam" }}
gcpPermissionLevelReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionLevelReference" }, { "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" } ], "tests": [ { "description": "valid permission type", "input": "tmod:@turbot/gcp-storage#/permission/levels/admin" }, { "description": "invalid - gcp permission type", "input": "tmod:@turbot/azure-storage#/permission/types/storage", "expected": false }, { "description": "invalid - category", "input": "tmod:@turbot/gcp-storage#/control/types/bucketApproved", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpPermissionLevelReference", "modUri": "tmod:@turbot/gcp-iam" }}
gcpPermissionReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionReference" }, { "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\\.([A-Za-z0-9]+)([A-Za-z0-9\\.]*[a-zA-Z0-9])$" } ], "tests": [ { "description": "valid", "input": "storage.create" }, { "description": "valid", "input": "storage.create" }, { "description": "invalid - should not start with -", "input": "-as.t", "expected": false }, { "description": "invalid - should not end with multiple **", "input": "-as.t**", "expected": false }, { "description": "invalid - should not end with period", "input": "storage.", "expected": false }, { "description": "invalid - should not be a single string", "input": "storage", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpPermissionReference", "modUri": "tmod:@turbot/gcp-iam" }}
gcpPermissionTypeReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionTypeReference" }, { "pattern": "^tmod:@turbot/gcp" } ], "tests": [ { "description": "valid permission type", "input": "tmod:@turbot/gcp-storage#/permission/types/storage" }, { "description": "invalid - gcp permission type", "input": "tmod:@turbot/azure-storage#/permission/types/storage", "expected": false }, { "description": "invalid - category", "input": "tmod:@turbot/gcp-storage#/control/types/bucketApproved", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpPermissionTypeReference", "modUri": "tmod:@turbot/gcp-iam" }}
gcpRightDefinition
{ "description": "Internal format for Guardrails Rights registrations.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/gcp" }, "permission": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\\.([A-Za-z0-9]+)([A-Za-z0-9\\.]*[a-zA-Z0-9])$" } }, "required": [ "level", "type", "permission" ], "additionalProperties": false, "tests": [ { "description": "Valid right definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/gcp-storag#/permission/types/storage", "permission": "storage.bucket.create" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3", "permission": "storage.bucket.create" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo", "permission": "storage.bucket.create" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar", "permission": "storage.bucket.create" } } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpRightDefinition", "modUri": "tmod:@turbot/gcp-iam" }}
gcpRightDefinitionList
{ "description": "Internal format for Guardrails Rights registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Rights registrations.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/gcp" }, "permission": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\\.([A-Za-z0-9]+)([A-Za-z0-9\\.]*[a-zA-Z0-9])$" } }, "required": [ "level", "type", "permission" ], "additionalProperties": false, "tests": [ { "description": "Valid right definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/gcp-storag#/permission/types/storage", "permission": "storage.bucket.create" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3", "permission": "storage.bucket.create" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo", "permission": "storage.bucket.create" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar", "permission": "storage.bucket.create" } } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpRightDefinition", "modUri": "tmod:@turbot/gcp-iam" } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpRightDefinitionList", "modUri": "tmod:@turbot/gcp-iam" }}
iam
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/iamName" }, "state": { "$ref": "gcp#/definitions/state" }, "config": { "type": "object" }, "parent": { "type": "string" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/iamAka" } }, "title": { "type": "string" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" } } } } } }, "required": [ "name" ], "tests": [ { "description": "Valid - base test", "input": { "name": "projects/932405488407/services/iam.googleapis.com", "turbot": { "akas": [ "gcp://serviceusage.googleapis.com/projects/932405488407/services/iam.googleapis.com" ], "title": "Identity and Access Management (IAM) API", "custom": { "gcp": { "projectId": "cse-legolas-2" } } } } } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iam", "modUri": "tmod:@turbot/gcp-iam" }}
iamAka
{ "type": "string", "pattern": "^gcp://serviceusage.googleapis.com/projects/[0-9]{12}/services/iam.googleapis.com", "tests": [ { "description": "base", "input": "gcp://serviceusage.googleapis.com/projects/932405488407/services/iam.googleapis.com" }, { "description": "invalid aka", "input": "gcp://serviceusage.googleapis.com/projects/cse-legolas-2/services/iam.googleapis.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iamAka", "modUri": "tmod:@turbot/gcp-iam" }}
iamName
{ "type": "string", "pattern": "^projects/[0-9]{0,12}/services/iam.googleapis.com", "tests": [ { "description": "base", "input": "projects/932405488407/services/iam.googleapis.com" }, { "description": "invalid aka", "input": "gcp://serviceusage.googleapis.com/projects/cse-legolas-2/services/iam.googleapis.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iamName", "modUri": "tmod:@turbot/gcp-iam" }}
iamPolicyAuditConfigs
{ "type": "array", "items": { "$ref": "#/definitions/iamPolicyAuditConfigsObj" }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iamPolicyAuditConfigs", "modUri": "tmod:@turbot/gcp-iam" }}
iamPolicyAuditConfigsObj
{ "type": "object", "properties": { "service": { "type": "string" }, "auditLogConfigs": { "type": "array", "items": { "$ref": "#/definitions/iamPolicyAuditLogConfigsObj" } } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iamPolicyAuditConfigsObj", "modUri": "tmod:@turbot/gcp-iam" }}
iamPolicyAuditLogConfigsLogType
{ "type": "string", "enum": [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iamPolicyAuditLogConfigsLogType", "modUri": "tmod:@turbot/gcp-iam" }}
iamPolicyAuditLogConfigsObj
{ "type": "object", "properties": { "logType": { "$ref": "#/definitions/iamPolicyAuditLogConfigsLogType" }, "exemptedMembers": { "type": "array", "items": { "type": "string" } } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iamPolicyAuditLogConfigsObj", "modUri": "tmod:@turbot/gcp-iam" }}
iamPolicyBinding
{ "type": "array", "items": { "role": { "type": "string" }, "members": { "$ref": "#/definitions/iamPolicyBindingMembers" } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iamPolicyBinding", "modUri": "tmod:@turbot/gcp-iam" }}
iamPolicyBindingMembers
{ "type": "array", "items": { "type": "string" }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/iamPolicyBindingMembers", "modUri": "tmod:@turbot/gcp-iam" }}
item
{ "type": "string", ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/item", "modUri": "tmod:@turbot/gcp-iam" }}
member
{ "type": "object", "properties": { "member": { "$ref": "#/definitions/memberName" }, "role": { "$ref": "#/definitions/projectRoleName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/memberAka" } }, "title": { "$ref": "#/definitions/memberTitle" }, "custom": { "type": "object", "properties": { "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "gcp": { "$ref": "gcp#/definitions/gcpMetadata" } } } } } }, "required": [ "member", "role", "turbot" ], "additionalProperties": true, "tests": [ { "description": "all details provided", "input": { "member": "user:mesubha97@gmail.com", "role": "projects/myproject/roles/mytestrole", "turbot": { "akas": [ "gcp://iam.googleapis.com/projects/cse-legolas-2/roles/mytestrole/members/user:venu@turbot.com" ], "title": "mytestrole - user:test01", "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } } }, { "description": "Invalid - Missing member", "input": { "role": "projects/myproject/roles/mytestrole", "turbot": { "akas": [ "gcp://iam.googleapis.com/projects/cse-legolas-2/roles/mytestrole/members/user:venu@turbot.com" ], "title": "mytestrole - user:test01", "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } }, "expected": false }, { "description": "Invalid - Missing role", "input": { "member": "user:mesubha97@gmail.com", "turbot": { "akas": [ "gcp://iam.googleapis.com/projects/cse-legolas-2/roles/mytestrole/members/user:venu@turbot.com" ], "title": "mytestrole - user:test01", "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/member", "modUri": "tmod:@turbot/gcp-iam" }}
memberAka
{ "type": "string", "pattern": "^gcp://iam.googleapis.com/projects/[a-z][a-z0-9-]{4,28}[a-z0-9]{1}/roles/[a-zA-Z0-9._]{3,30}/members/(user|serviceAccount|group|domain):.+$", "tests": [ { "descritpion": "base case", "input": "gcp://iam.googleapis.com/projects/cse-legolas-2/roles/mytestrole/members/user:mesubha97@gmail.com" }, { "description": "invalid - project ID too short", "input": "gcp://iam.googleapis.com/projects/bad/roles/mytestrole/members/user:mesubha97@gmail.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/memberAka", "modUri": "tmod:@turbot/gcp-iam" }}
memberName
{ "type": "string", "pattern": "^(user|serviceAccount|group|domain):.+$", "tests": [ { "descritpion": "base case", "input": "serviceAccount:my-other-app@appspot.gserviceaccount.com" }, { "description": "invalid - missing starting keyword", "input": "dogs@gmail.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/memberName", "modUri": "tmod:@turbot/gcp-iam" }}
memberTitle
{ "type": "string", "pattern": "^[a-zA-Z0-9._]{3,30} - (user|serviceAccount|group|domain):.+$", "tests": [ { "descritpion": "base case", "input": "mytestrole - serviceAccount:my-other-app@appspot.gserviceaccount.com" }, { "description": "invalid - role ID too shortmissing starting keyword", "input": "ab - serviceAccount:my-other-app@appspot.gserviceaccount.com", "expected": false }, { "description": "invalid - missing starting keyword", "input": "mytestrole - my-other-app@appspot.gserviceaccount.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/memberTitle", "modUri": "tmod:@turbot/gcp-iam" }}
projectIamPolicy
{ "type": "object", "properties": { "auditConfigs": { "$ref": "#/definitions/iamPolicyAuditConfigs" }, "bindings": { "$ref": "#/definitions/iamPolicyBinding" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/projectIamPolicyAka" } }, "title": { "type": "string" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "bindings": [ { "role": "projects/cse-legolas-2/roles/CustomRole722", "members": [ "user:mesubha97@gmail.com", "user:paulami.kwi@gmail.com" ] }, { "role": "roles/bigquery.admin", "members": [ "serviceAccount:testkey01@cse-legolas-2.iam.gserviceaccount.com" ] } ], "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "asia" } } } } } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectIamPolicy", "modUri": "tmod:@turbot/gcp-iam" }}
projectIamPolicyAka
{ "type": "string", "pattern": "^gcp://cloudresourcemanager.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/iamPolicy$", "tests": [ { "descritpion": "base case", "input": "gcp://cloudresourcemanager.googleapis.com/projects/cse-legolas/iamPolicy" } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectIamPolicyAka", "modUri": "tmod:@turbot/gcp-iam" }}
projectRole
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/projectRoleName" }, "title": { "$ref": "#/definitions/projectRoleTitle" }, "deleted": { "type": "boolean" }, "stage": { "$ref": "#/definitions/projectRoleStage" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/projectRoleAka" } }, "title": { "$ref": "#/definitions/projectRoleTitle" }, "custom": { "type": "object", "properties": { "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "roleId": { "$ref": "#/definitions/projectRoleId" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "all details provided", "input": { "name": "projects/cse-legolas-2/roles/CustomRole313", "title": "test role", "stage": "GA", "deleted": false, "turbot": { "akas": [ "gcp://iam.googleapis.com/projects/cse-legolas-2/roles/CustomRole" ], "title": "test01", "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" }, "roleId": "CustomRole" } } } }, { "description": "Invalid - Missing name", "input": { "title": "test role", "stage": "GA", "deleted": false, "turbot": { "akas": [ "gcp://iam.googleapis.com/projects/cse-legolas-2/roles/CustomRole" ], "title": "test01", "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" }, "roleId": "CustomRole" } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "projects/cse-legolas-2/roles/CustomRole313", "title": "test role", "stage": "GA", "deleted": false }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectRole", "modUri": "tmod:@turbot/gcp-iam" }}
projectRoleAka
{ "type": "string", "pattern": "^gcp://iam.googleapis.com/projects/[a-z][a-z0-9-]{4,28}[a-z0-9]{1}/roles/[a-zA-Z0-9._]{3,30}$", "tests": [ { "descritpion": "base case", "input": "gcp://iam.googleapis.com/projects/cse-legolas-2/roles/CustomRole" }, { "description": "invalid - project ID too short", "input": "gcp://iam.googleapis.com/projects/bad/roles/CustomRole", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectRoleAka", "modUri": "tmod:@turbot/gcp-iam" }}
projectRoleId
{ "type": "string", "pattern": "^[a-zA-Z0-9._]{3,30}$", "tests": [ { "description": "base", "input": "custom_role1" }, { "description": "invalid - should not contain hypen", "input": "custom-role", "expected": false }, { "description": "invalid - too long", "input": "a1234567890_a1234567890_a1234567890_a1234567890", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectRoleId", "modUri": "tmod:@turbot/gcp-iam" }}
projectRoleName
{ "type": "string", "pattern": "^(projects/[a-z][a-z0-9-]{4,28}[a-z0-9]{1}/)?roles/[a-zA-Z0-9._]{3,30}$", "tests": [ { "description": "base with projects", "input": "projects/cse-legolas-2/roles/CustomRole313" }, { "description": "base without projects", "input": "roles/CustomRole313" }, { "description": "invalid - should not contain hypen", "input": "custom-role", "expected": false }, { "description": "invalid - too long", "input": "a1234567890_a1234567890_a1234567890_a1234567890", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectRoleName", "modUri": "tmod:@turbot/gcp-iam" }}
projectRoleStage
{ "type": "string", "enum": [ "ALPHA", "BETA", "GA", "DEPRECATED", "DISABLED", "EAP" ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectRoleStage", "modUri": "tmod:@turbot/gcp-iam" }}
projectRoleTitle
{ "type": "string", "minLength": 1, "maxLength": 100, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectRoleTitle", "modUri": "tmod:@turbot/gcp-iam" }}
projectUser
{ "type": "object", "properties": { "userId": { "$ref": "#/definitions/projectUserId" }, "roles": { "type": "array", "items": { "$ref": "#/definitions/projectRoleName" } }, "lastAdminActivity": { "$ref": "turbot#/definitions/isoTimestamp" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/projectUserAka" } }, "title": { "type": "string" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "userId": "lalit@turbot.com", "roles": [ "projects/cse-legolas-2/roles/CustomRole722", "roles/bigquery.admin" ], "turbot": { "akas": [ "gcp://iam.googleapis.com/projects/cse-legolas/users/lalit@turbot.com" ], "title": "lalit@turbot.com", "custom": { "gcp": { "projectId": "cse-legolas-2" } } } } } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectUser", "modUri": "tmod:@turbot/gcp-iam" }}
projectUserAka
{ "type": "string", "pattern": "^gcp://iam.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/users/(([^<>()\\[\\]\\\\.,;:\\s@\"]+(\\.[^<>()\\[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$", "tests": [ { "descritpion": "base case", "input": "gcp://iam.googleapis.com/projects/cse-legolas/users/lalit@turbot.com" }, { "description": "invalid - project ID too short", "input": "gcp://iam.googleapis.com/projects/bad/roles/CustomRole", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectUserAka", "modUri": "tmod:@turbot/gcp-iam" }}
projectUserId
{ "type": "string", "pattern": "^(([^<>()\\[\\]\\\\.,;:\\s@\"]+(\\.[^<>()\\[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$", "tests": [ { "descritpion": "base case", "input": "lalit@turbot.com" }, { "description": "invalid userid", "input": "lalitturbot.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/projectUserId", "modUri": "tmod:@turbot/gcp-iam" }}
role
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/basicString" }, "title": { "$ref": "#/definitions/basicString" }, "description": { "$ref": "#/definitions/basicString" }, "includePermissions": { "$ref": "#/definitions/basicString" }, "stage": { "$ref": "#/definitions/basicString" }, "etag": { "$ref": "#/definitions/basicString" }, "deleted": { "$ref": "#/definitions/basicString" } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/role", "modUri": "tmod:@turbot/gcp-iam" }}
Role
{ "description": "A role in the Identity and Access Management API.", "properties": { "deleted": { "description": "The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.", "type": "boolean" }, "description": { "description": "Optional. A human-readable description for the role.", "type": "string" }, "etag": { "description": "Used to perform a consistent read-modify-write.", "type": "string" }, "includedPermissions": { "description": "The names of the permissions this role grants when bound in an IAM policy.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.", "type": "string" }, "stage": { "description": "The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.", "enum": [ "ALPHA", "BETA", "GA", "DEPRECATED", "DISABLED", "EAP" ], "type": "string" }, "title": { "description": "Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/Role", "modUri": "tmod:@turbot/gcp-iam" }}
serviceAccount
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/basicString" }, "projectId": { "$ref": "#/definitions/basicString" }, "uniqueId": { "$ref": "#/definitions/basicString" }, "email": { "$ref": "#/definitions/basicString" }, "displayName": { "$ref": "#/definitions/basicString" }, "iamPolicy": { "$ref": "gcp-iam#/definitions/projectIamPolicy" }, "etag": { "$ref": "#/definitions/basicString" }, "oauth@ClientId": { "$ref": "#/definitions/basicString" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/serviceAccountAka" } }, "title": { "$ref": "#/definitions/basicString" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "name" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "email": "lalit-service-acct@lalit-dev.iam.gserviceaccount.com", "displayName": "lalit-service-acct", "etag": "MABCMjE5MjA=", "name": "projects/lalit-dev/serviceAccounts/lalit-service-acct@lalit-dev.iam.gserviceaccount.com", "oauth2ClientId": "123456832101612693758", "uniqueId": "123459832101612693758", "turbot": { "custom": { "gcp": { "projectId": "foo-bar" } }, "title": "lalit-service-acct@lalit-dev.iam.gserviceaccount.com" } } }, { "description": "Invalid - Missing name", "input": { "email": "lalit-service-acct@lalit-dev.iam.gserviceaccount.com", "displayName": "lalit-service-acct", "etag": "MABCMjE5MjA=", "oauth2ClientId": "123456832101612693758", "uniqueId": "123459832101612693758", "turbot": { "custom": { "gcp": { "projectId": "foo-bar" } }, "title": "lalit-service-acct@lalit-dev.iam.gserviceaccount.com" } }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/serviceAccount", "modUri": "tmod:@turbot/gcp-iam" }}
serviceAccountAka
{ "type": "string", "pattern": "^gcp://iam.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/serviceAccounts/[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+[a-zA-Z]{2,6}$", "tests": [ { "descritpion": "base case", "input": "gcp://iam.googleapis.com/projects/cse-legolas-2/serviceAccounts/lalit-service-acct@lalit-dev.iam.gserviceaccount.com" }, { "description": "invalid - invalid arn", "input": "i.googleapis.com/projec/cse-legolas-2/serviceAccounts/lalit-service-acct@lalit-dev.iam.gserviceaccount.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/serviceAccountAka", "modUri": "tmod:@turbot/gcp-iam" }}
serviceAccountKey
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/serviceAccountKeyName" }, "privateKeyType": { "$ref": "#/definitions/basicString" }, "keyAlgorithm": { "$ref": "#/definitions/basicString" }, "privateKeyData": { "$ref": "#/definitions/basicString" }, "publicKeyData": { "$ref": "#/definitions/basicString" }, "validAfterTime": { "$ref": "#/definitions/basicString" }, "validBeforeTime": { "$ref": "#/definitions/basicString" }, "bindings": { "$ref": "#/definitions/bindings" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/serviceAccountKeyAka" } }, "title": { "$ref": "#/definitions/basicString" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "email": { "$ref": "#/definitions/basicString" } } } } } }, "required": [ "name" ], "tests": [ { "description": "Valid - All properties", "input": { "name": "projects/cse-legolas/serviceAccounts/cse-legolas-no-permissions@cse-legolas.iam.gserviceaccount.com/keys/3a6f6f165da9f144b277a37aa182503046771111", "turbot": { "custom": { "gcp": { "projectId": "foo-bar" }, "email": "cse-legolas-no-permissions@cse-legolas.iam.gserviceaccount.com" }, "title": "projects/cse-legolas/serviceAccounts/cse-legolas-no-permissions@cse-legolas.iam.gserviceaccount.com/keys/3a6f6f165da9f144b277a37aa182503046771111" } } }, { "description": "Invalid - Missing name", "input": { "turbot": { "custom": { "gcp": { "projectId": "foo-bar" } }, "title": "projects/cse-legolas/serviceAccounts/cse-legolas-no-permissions@cse-legolas.iam.gserviceaccount.com/keys/3a6f6f165da9f144b277a37aa182503046771111" } }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/serviceAccountKey", "modUri": "tmod:@turbot/gcp-iam" }}
serviceAccountKeyAka
{ "type": "string", "pattern": "^gcp://iam.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/serviceAccounts/[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+[a-zA-Z]{2,6}/keys/[a-zA-Z0-9]+$", "tests": [ { "descritpion": "base case", "input": "gcp://iam.googleapis.com/projects/cse-legolas-2/serviceAccounts/lalit-service-acct@lalit-dev.iam.gserviceaccount.com/keys/3a6f6f165da9f144b277a37aa182503046771111" }, { "description": "invalid - invalid arn", "input": "i.googleapis.com/projec/cse-legolas-2/serviceAccounts/lalit-service-acct@lalit-dev.iam.gserviceaccount.com/keys/3a6f6f165da9f144b277a37aa182503046771111", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/serviceAccountKeyAka", "modUri": "tmod:@turbot/gcp-iam" }}
serviceAccountKeyName
{ "type": "string", "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$", "tests": [ { "input": "projects/cse-legolas/serviceAccounts/cse-legolas-no-permissions@cse-legolas.iam.gserviceaccount.com/keys/3a6f6f165da9f144b277a37aa182503046771111" }, { "description": "invalid - should start with projects", "input": "cse-legolas-no-permissions@cse-legolas.iam.gserviceaccount.com", "expected": false }, { "description": "invalid - can not contain special(/) character", "input": "projects/\"cse/legolas\"/serviceAccounts/cse-legolas-no-permissions@cse-legolas.iam.gserviceaccount.com/keys/3a6f6f165da9f144b277a37aa182503046771111", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/serviceAccountKeyName", "modUri": "tmod:@turbot/gcp-iam" }}
turbotGcpLevelDefinitionList
{ "description": "Internal format for Guardrails GCP Levels registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/gcp" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/gcp-storage#/permission/types/storage" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/gcp-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/gcpLevelDefinition", "modUri": "tmod:@turbot/gcp-iam" } }, ".turbot": { "uri": "tmod:@turbot/gcp-iam#/definitions/turbotGcpLevelDefinitionList", "modUri": "tmod:@turbot/gcp-iam" }}