ACCESSCONTEXTMANAGER

accesscontextmanager.accessPolicies.accessLevels.create

enum_BasicLevelCombiningFunction := [ "AND", "OR" ]
enum_DevicePolicyAllowedDeviceManagementLevels := [ "MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE" ]
enum_DevicePolicyAllowedEncryptionStatuses := [ "ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED" ]
enum_OsConstraintOsType := [ "OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS" ]

valid {
    input.Body.basic.combiningFunction == enum_BasicLevelCombiningFunction[_]
    input.Body.basic.conditions[_].devicePolicy.allowedDeviceManagementLevels[_] == enum_DevicePolicyAllowedDeviceManagementLevels[_]
    input.Body.basic.conditions[_].devicePolicy.allowedEncryptionStatuses[_] == enum_DevicePolicyAllowedEncryptionStatuses[_]
    input.Body.basic.conditions[_].devicePolicy.osConstraints[_].minimumVersion == STRING
    input.Body.basic.conditions[_].devicePolicy.osConstraints[_].osType == enum_OsConstraintOsType[_]
    input.Body.basic.conditions[_].devicePolicy.osConstraints[_].requireVerifiedChromeOs == BOOLEAN
    input.Body.basic.conditions[_].devicePolicy.requireAdminApproval == BOOLEAN
    input.Body.basic.conditions[_].devicePolicy.requireCorpOwned == BOOLEAN
    input.Body.basic.conditions[_].devicePolicy.requireScreenlock == BOOLEAN
    input.Body.basic.conditions[_].ipSubnetworks[_] == STRING
    input.Body.basic.conditions[_].members[_] == STRING
    input.Body.basic.conditions[_].negate == BOOLEAN
    input.Body.basic.conditions[_].regions[_] == STRING
    input.Body.basic.conditions[_].requiredAccessLevels[_] == STRING
    input.Body.basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.network == STRING
    input.Body.basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.vpcIpSubnetworks[_] == STRING
    input.Body.custom.expr.description == STRING
    input.Body.custom.expr.expression == STRING
    input.Body.custom.expr.location == STRING
    input.Body.custom.expr.title == STRING
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.title == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.accessLevels.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.accessLevels.get

enum_AccessLevelFormatParameter := [ "LEVEL_FORMAT_UNSPECIFIED", "AS_DEFINED", "CEL" ]

valid {
    input.ReqMap.name == STRING
    input.Qs.accessLevelFormat == enum_AccessLevelFormatParameter[_]
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.accessLevels.list

enum_AccessLevelFormatParameter := [ "LEVEL_FORMAT_UNSPECIFIED", "AS_DEFINED", "CEL" ]

valid {
    input.ReqMap.parent == STRING
    input.Qs.accessLevelFormat == enum_AccessLevelFormatParameter[_]
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.accessLevels.patch

enum_BasicLevelCombiningFunction := [ "AND", "OR" ]
enum_DevicePolicyAllowedDeviceManagementLevels := [ "MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE" ]
enum_DevicePolicyAllowedEncryptionStatuses := [ "ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED" ]
enum_OsConstraintOsType := [ "OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS" ]

valid {
    input.Body.basic.combiningFunction == enum_BasicLevelCombiningFunction[_]
    input.Body.basic.conditions[_].devicePolicy.allowedDeviceManagementLevels[_] == enum_DevicePolicyAllowedDeviceManagementLevels[_]
    input.Body.basic.conditions[_].devicePolicy.allowedEncryptionStatuses[_] == enum_DevicePolicyAllowedEncryptionStatuses[_]
    input.Body.basic.conditions[_].devicePolicy.osConstraints[_].minimumVersion == STRING
    input.Body.basic.conditions[_].devicePolicy.osConstraints[_].osType == enum_OsConstraintOsType[_]
    input.Body.basic.conditions[_].devicePolicy.osConstraints[_].requireVerifiedChromeOs == BOOLEAN
    input.Body.basic.conditions[_].devicePolicy.requireAdminApproval == BOOLEAN
    input.Body.basic.conditions[_].devicePolicy.requireCorpOwned == BOOLEAN
    input.Body.basic.conditions[_].devicePolicy.requireScreenlock == BOOLEAN
    input.Body.basic.conditions[_].ipSubnetworks[_] == STRING
    input.Body.basic.conditions[_].members[_] == STRING
    input.Body.basic.conditions[_].negate == BOOLEAN
    input.Body.basic.conditions[_].regions[_] == STRING
    input.Body.basic.conditions[_].requiredAccessLevels[_] == STRING
    input.Body.basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.network == STRING
    input.Body.basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.vpcIpSubnetworks[_] == STRING
    input.Body.custom.expr.description == STRING
    input.Body.custom.expr.expression == STRING
    input.Body.custom.expr.location == STRING
    input.Body.custom.expr.title == STRING
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.title == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.accessLevels.replaceAll

enum_BasicLevelCombiningFunction := [ "AND", "OR" ]
enum_DevicePolicyAllowedDeviceManagementLevels := [ "MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE" ]
enum_DevicePolicyAllowedEncryptionStatuses := [ "ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED" ]
enum_OsConstraintOsType := [ "OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS" ]

valid {
    input.Body.accessLevels[_].basic.combiningFunction == enum_BasicLevelCombiningFunction[_]
    input.Body.accessLevels[_].basic.conditions[_].devicePolicy.allowedDeviceManagementLevels[_] == enum_DevicePolicyAllowedDeviceManagementLevels[_]
    input.Body.accessLevels[_].basic.conditions[_].devicePolicy.allowedEncryptionStatuses[_] == enum_DevicePolicyAllowedEncryptionStatuses[_]
    input.Body.accessLevels[_].basic.conditions[_].devicePolicy.osConstraints[_].minimumVersion == STRING
    input.Body.accessLevels[_].basic.conditions[_].devicePolicy.osConstraints[_].osType == enum_OsConstraintOsType[_]
    input.Body.accessLevels[_].basic.conditions[_].devicePolicy.osConstraints[_].requireVerifiedChromeOs == BOOLEAN
    input.Body.accessLevels[_].basic.conditions[_].devicePolicy.requireAdminApproval == BOOLEAN
    input.Body.accessLevels[_].basic.conditions[_].devicePolicy.requireCorpOwned == BOOLEAN
    input.Body.accessLevels[_].basic.conditions[_].devicePolicy.requireScreenlock == BOOLEAN
    input.Body.accessLevels[_].basic.conditions[_].ipSubnetworks[_] == STRING
    input.Body.accessLevels[_].basic.conditions[_].members[_] == STRING
    input.Body.accessLevels[_].basic.conditions[_].negate == BOOLEAN
    input.Body.accessLevels[_].basic.conditions[_].regions[_] == STRING
    input.Body.accessLevels[_].basic.conditions[_].requiredAccessLevels[_] == STRING
    input.Body.accessLevels[_].basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.network == STRING
    input.Body.accessLevels[_].basic.conditions[_].vpcNetworkSources[_].vpcSubnetwork.vpcIpSubnetworks[_] == STRING
    input.Body.accessLevels[_].custom.expr.description == STRING
    input.Body.accessLevels[_].custom.expr.expression == STRING
    input.Body.accessLevels[_].custom.expr.location == STRING
    input.Body.accessLevels[_].custom.expr.title == STRING
    input.Body.accessLevels[_].description == STRING
    input.Body.accessLevels[_].name == STRING
    input.Body.accessLevels[_].title == STRING
    input.Body.etag == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.accessLevels.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.authorizedOrgsDescs.create

enum_AuthorizedOrgsDescAssetType := [ "ASSET_TYPE_UNSPECIFIED", "ASSET_TYPE_DEVICE", "ASSET_TYPE_CREDENTIAL_STRENGTH" ]
enum_AuthorizedOrgsDescAuthorizationDirection := [ "AUTHORIZATION_DIRECTION_UNSPECIFIED", "AUTHORIZATION_DIRECTION_TO", "AUTHORIZATION_DIRECTION_FROM" ]
enum_AuthorizedOrgsDescAuthorizationType := [ "AUTHORIZATION_TYPE_UNSPECIFIED", "AUTHORIZATION_TYPE_TRUST" ]

valid {
    input.Body.assetType == enum_AuthorizedOrgsDescAssetType[_]
    input.Body.authorizationDirection == enum_AuthorizedOrgsDescAuthorizationDirection[_]
    input.Body.authorizationType == enum_AuthorizedOrgsDescAuthorizationType[_]
    input.Body.name == STRING
    input.Body.orgs[_] == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.authorizedOrgsDescs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.authorizedOrgsDescs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.authorizedOrgsDescs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.authorizedOrgsDescs.patch

enum_AuthorizedOrgsDescAssetType := [ "ASSET_TYPE_UNSPECIFIED", "ASSET_TYPE_DEVICE", "ASSET_TYPE_CREDENTIAL_STRENGTH" ]
enum_AuthorizedOrgsDescAuthorizationDirection := [ "AUTHORIZATION_DIRECTION_UNSPECIFIED", "AUTHORIZATION_DIRECTION_TO", "AUTHORIZATION_DIRECTION_FROM" ]
enum_AuthorizedOrgsDescAuthorizationType := [ "AUTHORIZATION_TYPE_UNSPECIFIED", "AUTHORIZATION_TYPE_TRUST" ]

valid {
    input.Body.assetType == enum_AuthorizedOrgsDescAssetType[_]
    input.Body.authorizationDirection == enum_AuthorizedOrgsDescAuthorizationDirection[_]
    input.Body.authorizationType == enum_AuthorizedOrgsDescAuthorizationType[_]
    input.Body.name == STRING
    input.Body.orgs[_] == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.create

valid {
    input.Body.name == STRING
    input.Body.parent == STRING
    input.Body.scopes[_] == STRING
    input.Body.title == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.getIamPolicy

valid {
    input.Body.options.requestedPolicyVersion == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.parent == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.patch

valid {
    input.Body.name == STRING
    input.Body.parent == STRING
    input.Body.scopes[_] == STRING
    input.Body.title == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.servicePerimeters.commit

valid {
    input.Body.etag == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.servicePerimeters.create

enum_EgressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_EgressFromSourceRestriction := [ "SOURCE_RESTRICTION_UNSPECIFIED", "SOURCE_RESTRICTION_ENABLED", "SOURCE_RESTRICTION_DISABLED" ]
enum_IngressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_ServicePerimeterPerimeterType := [ "PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE" ]

valid {
    input.Body.description == STRING
    input.Body.etag == STRING
    input.Body.name == STRING
    input.Body.perimeterType == enum_ServicePerimeterPerimeterType[_]
    input.Body.spec.accessLevels[_] == STRING
    input.Body.spec.egressPolicies[_].egressFrom.identities[_] == STRING
    input.Body.spec.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
    input.Body.spec.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
    input.Body.spec.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
    input.Body.spec.egressPolicies[_].egressTo.externalResources[_] == STRING
    input.Body.spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.spec.egressPolicies[_].egressTo.operations[_].serviceName == STRING
    input.Body.spec.egressPolicies[_].egressTo.resources[_] == STRING
    input.Body.spec.ingressPolicies[_].ingressFrom.identities[_] == STRING
    input.Body.spec.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
    input.Body.spec.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
    input.Body.spec.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
    input.Body.spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.spec.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
    input.Body.spec.ingressPolicies[_].ingressTo.resources[_] == STRING
    input.Body.spec.resources[_] == STRING
    input.Body.spec.restrictedServices[_] == STRING
    input.Body.spec.vpcAccessibleServices.allowedServices[_] == STRING
    input.Body.spec.vpcAccessibleServices.enableRestriction == BOOLEAN
    input.Body.status.accessLevels[_] == STRING
    input.Body.status.egressPolicies[_].egressFrom.identities[_] == STRING
    input.Body.status.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
    input.Body.status.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
    input.Body.status.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
    input.Body.status.egressPolicies[_].egressTo.externalResources[_] == STRING
    input.Body.status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.status.egressPolicies[_].egressTo.operations[_].serviceName == STRING
    input.Body.status.egressPolicies[_].egressTo.resources[_] == STRING
    input.Body.status.ingressPolicies[_].ingressFrom.identities[_] == STRING
    input.Body.status.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
    input.Body.status.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
    input.Body.status.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
    input.Body.status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.status.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
    input.Body.status.ingressPolicies[_].ingressTo.resources[_] == STRING
    input.Body.status.resources[_] == STRING
    input.Body.status.restrictedServices[_] == STRING
    input.Body.status.vpcAccessibleServices.allowedServices[_] == STRING
    input.Body.status.vpcAccessibleServices.enableRestriction == BOOLEAN
    input.Body.title == STRING
    input.Body.useExplicitDryRunSpec == BOOLEAN
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.servicePerimeters.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.servicePerimeters.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.servicePerimeters.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.servicePerimeters.patch

enum_EgressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_EgressFromSourceRestriction := [ "SOURCE_RESTRICTION_UNSPECIFIED", "SOURCE_RESTRICTION_ENABLED", "SOURCE_RESTRICTION_DISABLED" ]
enum_IngressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_ServicePerimeterPerimeterType := [ "PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE" ]

valid {
    input.Body.description == STRING
    input.Body.etag == STRING
    input.Body.name == STRING
    input.Body.perimeterType == enum_ServicePerimeterPerimeterType[_]
    input.Body.spec.accessLevels[_] == STRING
    input.Body.spec.egressPolicies[_].egressFrom.identities[_] == STRING
    input.Body.spec.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
    input.Body.spec.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
    input.Body.spec.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
    input.Body.spec.egressPolicies[_].egressTo.externalResources[_] == STRING
    input.Body.spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.spec.egressPolicies[_].egressTo.operations[_].serviceName == STRING
    input.Body.spec.egressPolicies[_].egressTo.resources[_] == STRING
    input.Body.spec.ingressPolicies[_].ingressFrom.identities[_] == STRING
    input.Body.spec.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
    input.Body.spec.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
    input.Body.spec.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
    input.Body.spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.spec.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
    input.Body.spec.ingressPolicies[_].ingressTo.resources[_] == STRING
    input.Body.spec.resources[_] == STRING
    input.Body.spec.restrictedServices[_] == STRING
    input.Body.spec.vpcAccessibleServices.allowedServices[_] == STRING
    input.Body.spec.vpcAccessibleServices.enableRestriction == BOOLEAN
    input.Body.status.accessLevels[_] == STRING
    input.Body.status.egressPolicies[_].egressFrom.identities[_] == STRING
    input.Body.status.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
    input.Body.status.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
    input.Body.status.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
    input.Body.status.egressPolicies[_].egressTo.externalResources[_] == STRING
    input.Body.status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.status.egressPolicies[_].egressTo.operations[_].serviceName == STRING
    input.Body.status.egressPolicies[_].egressTo.resources[_] == STRING
    input.Body.status.ingressPolicies[_].ingressFrom.identities[_] == STRING
    input.Body.status.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
    input.Body.status.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
    input.Body.status.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
    input.Body.status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.status.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
    input.Body.status.ingressPolicies[_].ingressTo.resources[_] == STRING
    input.Body.status.resources[_] == STRING
    input.Body.status.restrictedServices[_] == STRING
    input.Body.status.vpcAccessibleServices.allowedServices[_] == STRING
    input.Body.status.vpcAccessibleServices.enableRestriction == BOOLEAN
    input.Body.title == STRING
    input.Body.useExplicitDryRunSpec == BOOLEAN
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.servicePerimeters.replaceAll

enum_EgressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_EgressFromSourceRestriction := [ "SOURCE_RESTRICTION_UNSPECIFIED", "SOURCE_RESTRICTION_ENABLED", "SOURCE_RESTRICTION_DISABLED" ]
enum_IngressFromIdentityType := [ "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT" ]
enum_ServicePerimeterPerimeterType := [ "PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE" ]

valid {
    input.Body.etag == STRING
    input.Body.servicePerimeters[_].description == STRING
    input.Body.servicePerimeters[_].etag == STRING
    input.Body.servicePerimeters[_].name == STRING
    input.Body.servicePerimeters[_].perimeterType == enum_ServicePerimeterPerimeterType[_]
    input.Body.servicePerimeters[_].spec.accessLevels[_] == STRING
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressFrom.identities[_] == STRING
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.externalResources[_] == STRING
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.operations[_].serviceName == STRING
    input.Body.servicePerimeters[_].spec.egressPolicies[_].egressTo.resources[_] == STRING
    input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressFrom.identities[_] == STRING
    input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
    input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
    input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
    input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
    input.Body.servicePerimeters[_].spec.ingressPolicies[_].ingressTo.resources[_] == STRING
    input.Body.servicePerimeters[_].spec.resources[_] == STRING
    input.Body.servicePerimeters[_].spec.restrictedServices[_] == STRING
    input.Body.servicePerimeters[_].spec.vpcAccessibleServices.allowedServices[_] == STRING
    input.Body.servicePerimeters[_].spec.vpcAccessibleServices.enableRestriction == BOOLEAN
    input.Body.servicePerimeters[_].status.accessLevels[_] == STRING
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressFrom.identities[_] == STRING
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressFrom.identityType == enum_EgressFromIdentityType[_]
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressFrom.sourceRestriction == enum_EgressFromSourceRestriction[_]
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressFrom.sources[_].accessLevel == STRING
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.externalResources[_] == STRING
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.operations[_].serviceName == STRING
    input.Body.servicePerimeters[_].status.egressPolicies[_].egressTo.resources[_] == STRING
    input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressFrom.identities[_] == STRING
    input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressFrom.identityType == enum_IngressFromIdentityType[_]
    input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressFrom.sources[_].accessLevel == STRING
    input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressFrom.sources[_].resource == STRING
    input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].method == STRING
    input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressTo.operations[_].methodSelectors[_].permission == STRING
    input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressTo.operations[_].serviceName == STRING
    input.Body.servicePerimeters[_].status.ingressPolicies[_].ingressTo.resources[_] == STRING
    input.Body.servicePerimeters[_].status.resources[_] == STRING
    input.Body.servicePerimeters[_].status.restrictedServices[_] == STRING
    input.Body.servicePerimeters[_].status.vpcAccessibleServices.allowedServices[_] == STRING
    input.Body.servicePerimeters[_].status.vpcAccessibleServices.enableRestriction == BOOLEAN
    input.Body.servicePerimeters[_].title == STRING
    input.Body.servicePerimeters[_].useExplicitDryRunSpec == BOOLEAN
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.servicePerimeters.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.accessPolicies.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.operations.cancel

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.operations.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.operations.list

valid {
    input.ReqMap.name == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.organizations.gcpUserAccessBindings.create

enum_SessionSettingsSessionReauthMethod := [ "SESSION_REAUTH_METHOD_UNSPECIFIED", "LOGIN", "SECURITY_KEY", "PASSWORD" ]

valid {
    input.Body.accessLevels[_] == STRING
    input.Body.dryRunAccessLevels[_] == STRING
    input.Body.groupKey == STRING
    input.Body.name == STRING
    input.Body.restrictedClientApplications[_].clientId == STRING
    input.Body.restrictedClientApplications[_].name == STRING
    input.Body.scopedAccessSettings[_].activeSettings.accessLevels[_] == STRING
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.maxInactivity == STRING
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.sessionLength == STRING
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.sessionLengthEnabled == BOOLEAN
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.sessionReauthMethod == enum_SessionSettingsSessionReauthMethod[_]
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.useOidcMaxAge == BOOLEAN
    input.Body.scopedAccessSettings[_].dryRunSettings.accessLevels[_] == STRING
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.maxInactivity == STRING
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.sessionLength == STRING
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.sessionLengthEnabled == BOOLEAN
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.sessionReauthMethod == enum_SessionSettingsSessionReauthMethod[_]
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.useOidcMaxAge == BOOLEAN
    input.Body.scopedAccessSettings[_].scope.clientScope.restrictedClientApplication.clientId == STRING
    input.Body.scopedAccessSettings[_].scope.clientScope.restrictedClientApplication.name == STRING
    input.Body.sessionSettings.maxInactivity == STRING
    input.Body.sessionSettings.sessionLength == STRING
    input.Body.sessionSettings.sessionLengthEnabled == BOOLEAN
    input.Body.sessionSettings.sessionReauthMethod == enum_SessionSettingsSessionReauthMethod[_]
    input.Body.sessionSettings.useOidcMaxAge == BOOLEAN
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.organizations.gcpUserAccessBindings.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.organizations.gcpUserAccessBindings.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.organizations.gcpUserAccessBindings.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.organizations.gcpUserAccessBindings.patch

enum_SessionSettingsSessionReauthMethod := [ "SESSION_REAUTH_METHOD_UNSPECIFIED", "LOGIN", "SECURITY_KEY", "PASSWORD" ]

valid {
    input.Body.accessLevels[_] == STRING
    input.Body.dryRunAccessLevels[_] == STRING
    input.Body.groupKey == STRING
    input.Body.name == STRING
    input.Body.restrictedClientApplications[_].clientId == STRING
    input.Body.restrictedClientApplications[_].name == STRING
    input.Body.scopedAccessSettings[_].activeSettings.accessLevels[_] == STRING
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.maxInactivity == STRING
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.sessionLength == STRING
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.sessionLengthEnabled == BOOLEAN
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.sessionReauthMethod == enum_SessionSettingsSessionReauthMethod[_]
    input.Body.scopedAccessSettings[_].activeSettings.sessionSettings.useOidcMaxAge == BOOLEAN
    input.Body.scopedAccessSettings[_].dryRunSettings.accessLevels[_] == STRING
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.maxInactivity == STRING
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.sessionLength == STRING
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.sessionLengthEnabled == BOOLEAN
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.sessionReauthMethod == enum_SessionSettingsSessionReauthMethod[_]
    input.Body.scopedAccessSettings[_].dryRunSettings.sessionSettings.useOidcMaxAge == BOOLEAN
    input.Body.scopedAccessSettings[_].scope.clientScope.restrictedClientApplication.clientId == STRING
    input.Body.scopedAccessSettings[_].scope.clientScope.restrictedClientApplication.name == STRING
    input.Body.sessionSettings.maxInactivity == STRING
    input.Body.sessionSettings.sessionLength == STRING
    input.Body.sessionSettings.sessionLengthEnabled == BOOLEAN
    input.Body.sessionSettings.sessionReauthMethod == enum_SessionSettingsSessionReauthMethod[_]
    input.Body.sessionSettings.useOidcMaxAge == BOOLEAN
    input.ReqMap.name == STRING
    input.Qs.append == BOOLEAN
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.services.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

accesscontextmanager.services.list

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}