BatchGetUserAccessTasks

valid {
    input.Body.appBundleIdentifier == STRING
    input.Body.taskIdList[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ConnectAppAuthorization

valid {
    input.Body.authRequest.redirectUri == STRING
    input.Body.authRequest.code == STRING
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.appAuthorizationIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAppAuthorization

enum_AuthType := [ "oauth2", "apiKey" ]

valid {
    input.Body.app == STRING
    input.Body.credential.oauth2Credential.clientId == STRING
    input.Body.credential.oauth2Credential.clientSecret == STRING
    input.Body.credential.apiKeyCredential.apiKey == STRING
    input.Body.tenant.tenantIdentifier == STRING
    input.Body.tenant.tenantDisplayName == STRING
    input.Body.authType == enum_AuthType[_]
    input.Body.clientToken == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ReqMap.appBundleIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAppBundle

valid {
    input.Body.clientToken == STRING
    input.Body.customerManagedKeyIdentifier == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateIngestion

enum_IngestionType := [ "auditLog" ]

valid {
    input.Body.app == STRING
    input.Body.tenantId == STRING
    input.Body.ingestionType == enum_IngestionType[_]
    input.Body.clientToken == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ReqMap.appBundleIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateIngestionDestination

enum_Format := [ "json", "parquet" ]
enum_Schema := [ "ocsf", "raw" ]

valid {
    input.Body.processingConfiguration.auditLog.schema == enum_Schema[_]
    input.Body.processingConfiguration.auditLog.format == enum_Format[_]
    input.Body.destinationConfiguration.auditLog.destination.s3Bucket.bucketName == STRING
    input.Body.destinationConfiguration.auditLog.destination.s3Bucket.prefix == STRING
    input.Body.destinationConfiguration.auditLog.destination.firehoseStream.streamName == STRING
    input.Body.clientToken == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.ingestionIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAppAuthorization

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.appAuthorizationIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAppBundle

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteIngestion

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.ingestionIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteIngestionDestination

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.ingestionIdentifier == STRING
    input.ReqMap.ingestionDestinationIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAppAuthorization

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.appAuthorizationIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAppBundle

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetIngestion

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.ingestionIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetIngestionDestination

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.ingestionIdentifier == STRING
    input.ReqMap.ingestionDestinationIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAppAuthorizations

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAppBundles

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListIngestionDestinations

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.ingestionIdentifier == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListIngestions

valid {
    input.ReqMap.appBundleIdentifier == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartIngestion

valid {
    input.ReqMap.ingestionIdentifier == STRING
    input.ReqMap.appBundleIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartUserAccessTasks

valid {
    input.Body.appBundleIdentifier == STRING
    input.Body.email == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StopIngestion

valid {
    input.ReqMap.ingestionIdentifier == STRING
    input.ReqMap.appBundleIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.ReqMap.resourceArn == STRING
    input.Qs.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAppAuthorization

valid {
    input.Body.credential.oauth2Credential.clientId == STRING
    input.Body.credential.oauth2Credential.clientSecret == STRING
    input.Body.credential.apiKeyCredential.apiKey == STRING
    input.Body.tenant.tenantIdentifier == STRING
    input.Body.tenant.tenantDisplayName == STRING
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.appAuthorizationIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateIngestionDestination

valid {
    input.Body.destinationConfiguration.auditLog.destination.s3Bucket.bucketName == STRING
    input.Body.destinationConfiguration.auditLog.destination.s3Bucket.prefix == STRING
    input.Body.destinationConfiguration.auditLog.destination.firehoseStream.streamName == STRING
    input.ReqMap.appBundleIdentifier == STRING
    input.ReqMap.ingestionIdentifier == STRING
    input.ReqMap.ingestionDestinationIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}