AssociateAccessPolicy

enum_AccessScopeType := [ "cluster", "namespace" ]

valid {
    input.Body.policyArn == STRING
    input.Body.accessScope.type == enum_AccessScopeType[_]
    input.Body.accessScope.namespaces[_] == STRING
    input.ReqMap.name == STRING
    input.ReqMap.principalArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateEncryptionConfig

valid {
    input.Body.encryptionConfig[_].resources[_] == STRING
    input.Body.encryptionConfig[_].provider.keyArn == STRING
    input.Body.clientRequestToken == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateIdentityProviderConfig

valid {
    input.Body.oidc.identityProviderConfigName == STRING
    input.Body.oidc.issuerUrl == STRING
    input.Body.oidc.clientId == STRING
    input.Body.oidc.usernameClaim == STRING
    input.Body.oidc.usernamePrefix == STRING
    input.Body.oidc.groupsClaim == STRING
    input.Body.oidc.groupsPrefix == STRING
    input.Body.oidc.requiredClaims.STRING == STRING
    input.Body.tags.STRING == STRING
    input.Body.clientRequestToken == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAccessEntry

valid {
    input.Body.principalArn == STRING
    input.Body.kubernetesGroups[_] == STRING
    input.Body.tags.STRING == STRING
    input.Body.clientRequestToken == STRING
    input.Body.username == STRING
    input.Body.type == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAddon

enum_ResolveConflicts := [ "OVERWRITE", "NONE", "PRESERVE" ]

valid {
    input.Body.addonName == STRING
    input.Body.addonVersion == STRING
    input.Body.serviceAccountRoleArn == STRING
    input.Body.resolveConflicts == enum_ResolveConflicts[_]
    input.Body.clientRequestToken == STRING
    input.Body.tags.STRING == STRING
    input.Body.configurationValues == STRING
    input.Body.podIdentityAssociations[_].serviceAccount == STRING
    input.Body.podIdentityAssociations[_].roleArn == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCluster

enum_AuthenticationMode := [ "API", "API_AND_CONFIG_MAP", "CONFIG_MAP" ]
enum_IpFamily := [ "ipv4", "ipv6" ]
enum_LogType := [ "api", "audit", "authenticator", "controllerManager", "scheduler" ]
enum_SupportType := [ "STANDARD", "EXTENDED" ]

valid {
    input.Body.name == STRING
    input.Body.version == STRING
    input.Body.roleArn == STRING
    input.Body.resourcesVpcConfig.subnetIds[_] == STRING
    input.Body.resourcesVpcConfig.securityGroupIds[_] == STRING
    input.Body.resourcesVpcConfig.endpointPublicAccess == BOOLEAN
    input.Body.resourcesVpcConfig.endpointPrivateAccess == BOOLEAN
    input.Body.resourcesVpcConfig.publicAccessCidrs[_] == STRING
    input.Body.kubernetesNetworkConfig.serviceIpv4Cidr == STRING
    input.Body.kubernetesNetworkConfig.ipFamily == enum_IpFamily[_]
    input.Body.kubernetesNetworkConfig.elasticLoadBalancing.enabled == BOOLEAN
    input.Body.logging.clusterLogging[_].types[_] == enum_LogType[_]
    input.Body.logging.clusterLogging[_].enabled == BOOLEAN
    input.Body.clientRequestToken == STRING
    input.Body.tags.STRING == STRING
    input.Body.encryptionConfig[_].resources[_] == STRING
    input.Body.encryptionConfig[_].provider.keyArn == STRING
    input.Body.outpostConfig.outpostArns[_] == STRING
    input.Body.outpostConfig.controlPlaneInstanceType == STRING
    input.Body.outpostConfig.controlPlanePlacement.groupName == STRING
    input.Body.accessConfig.bootstrapClusterCreatorAdminPermissions == BOOLEAN
    input.Body.accessConfig.authenticationMode == enum_AuthenticationMode[_]
    input.Body.bootstrapSelfManagedAddons == BOOLEAN
    input.Body.upgradePolicy.supportType == enum_SupportType[_]
    input.Body.zonalShiftConfig.enabled == BOOLEAN
    input.Body.remoteNetworkConfig.remoteNodeNetworks[_].cidrs[_] == STRING
    input.Body.remoteNetworkConfig.remotePodNetworks[_].cidrs[_] == STRING
    input.Body.computeConfig.enabled == BOOLEAN
    input.Body.computeConfig.nodePools[_] == STRING
    input.Body.computeConfig.nodeRoleArn == STRING
    input.Body.storageConfig.blockStorage.enabled == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateEksAnywhereSubscription

enum_EksAnywhereSubscriptionLicenseType := [ "Cluster" ]
enum_EksAnywhereSubscriptionTermUnit := [ "MONTHS" ]

valid {
    input.Body.name == STRING
    input.Body.term.duration == INTEGER
    input.Body.term.unit == enum_EksAnywhereSubscriptionTermUnit[_]
    input.Body.licenseQuantity == INTEGER
    input.Body.licenseType == enum_EksAnywhereSubscriptionLicenseType[_]
    input.Body.autoRenew == BOOLEAN
    input.Body.clientRequestToken == STRING
    input.Body.tags.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateFargateProfile

valid {
    input.Body.fargateProfileName == STRING
    input.Body.podExecutionRoleArn == STRING
    input.Body.subnets[_] == STRING
    input.Body.selectors[_].namespace == STRING
    input.Body.selectors[_].labels.STRING == STRING
    input.Body.clientRequestToken == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateNodegroup

enum_AMITypes := [ "AL2_x86_64", "AL2_x86_64_GPU", "AL2_ARM_64", "CUSTOM", "BOTTLEROCKET_ARM_64", "BOTTLEROCKET_x86_64", "BOTTLEROCKET_ARM_64_NVIDIA", "BOTTLEROCKET_x86_64_NVIDIA", "WINDOWS_CORE_2019_x86_64", "WINDOWS_FULL_2019_x86_64", "WINDOWS_CORE_2022_x86_64", "WINDOWS_FULL_2022_x86_64", "AL2023_x86_64_STANDARD", "AL2023_ARM_64_STANDARD", "AL2023_x86_64_NEURON", "AL2023_x86_64_NVIDIA" ]
enum_CapacityTypes := [ "ON_DEMAND", "SPOT", "CAPACITY_BLOCK" ]
enum_TaintEffect := [ "NO_SCHEDULE", "NO_EXECUTE", "PREFER_NO_SCHEDULE" ]

valid {
    input.Body.nodegroupName == STRING
    input.Body.scalingConfig.minSize == INTEGER
    input.Body.scalingConfig.maxSize == INTEGER
    input.Body.scalingConfig.desiredSize == INTEGER
    input.Body.diskSize == INTEGER
    input.Body.subnets[_] == STRING
    input.Body.instanceTypes[_] == STRING
    input.Body.amiType == enum_AMITypes[_]
    input.Body.remoteAccess.ec2SshKey == STRING
    input.Body.remoteAccess.sourceSecurityGroups[_] == STRING
    input.Body.nodeRole == STRING
    input.Body.labels.STRING == STRING
    input.Body.taints[_].key == STRING
    input.Body.taints[_].value == STRING
    input.Body.taints[_].effect == enum_TaintEffect[_]
    input.Body.tags.STRING == STRING
    input.Body.clientRequestToken == STRING
    input.Body.launchTemplate.name == STRING
    input.Body.launchTemplate.version == STRING
    input.Body.launchTemplate.id == STRING
    input.Body.updateConfig.maxUnavailable == INTEGER
    input.Body.updateConfig.maxUnavailablePercentage == INTEGER
    input.Body.nodeRepairConfig.enabled == BOOLEAN
    input.Body.capacityType == enum_CapacityTypes[_]
    input.Body.version == STRING
    input.Body.releaseVersion == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePodIdentityAssociation

valid {
    input.Body.namespace == STRING
    input.Body.serviceAccount == STRING
    input.Body.roleArn == STRING
    input.Body.clientRequestToken == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAccessEntry

valid {
    input.ReqMap.name == STRING
    input.ReqMap.principalArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAddon

valid {
    input.ReqMap.name == STRING
    input.ReqMap.addonName == STRING
    input.Qs.preserve == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCluster

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteEksAnywhereSubscription

valid {
    input.ReqMap.id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteFargateProfile

valid {
    input.ReqMap.name == STRING
    input.ReqMap.fargateProfileName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteNodegroup

valid {
    input.ReqMap.name == STRING
    input.ReqMap.nodegroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePodIdentityAssociation

valid {
    input.ReqMap.name == STRING
    input.ReqMap.associationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeregisterCluster

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAccessEntry

valid {
    input.ReqMap.name == STRING
    input.ReqMap.principalArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAddon

valid {
    input.ReqMap.name == STRING
    input.ReqMap.addonName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAddonConfiguration

valid {
    input.Qs.addonName == STRING
    input.Qs.addonVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAddonVersions

valid {
    input.Qs.kubernetesVersion == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.addonName == STRING
    input.Qs.types[_] == STRING
    input.Qs.publishers[_] == STRING
    input.Qs.owners[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCluster

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeEksAnywhereSubscription

valid {
    input.ReqMap.id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeFargateProfile

valid {
    input.ReqMap.name == STRING
    input.ReqMap.fargateProfileName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeIdentityProviderConfig

valid {
    input.Body.identityProviderConfig.type == STRING
    input.Body.identityProviderConfig.name == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeInsight

valid {
    input.ReqMap.name == STRING
    input.ReqMap.id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeNodegroup

valid {
    input.ReqMap.name == STRING
    input.ReqMap.nodegroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribePodIdentityAssociation

valid {
    input.ReqMap.name == STRING
    input.ReqMap.associationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeUpdate

valid {
    input.ReqMap.name == STRING
    input.ReqMap.updateId == STRING
    input.Qs.nodegroupName == STRING
    input.Qs.addonName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateAccessPolicy

valid {
    input.ReqMap.name == STRING
    input.ReqMap.principalArn == STRING
    input.ReqMap.policyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateIdentityProviderConfig

valid {
    input.Body.identityProviderConfig.type == STRING
    input.Body.identityProviderConfig.name == STRING
    input.Body.clientRequestToken == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccessEntries

valid {
    input.ReqMap.name == STRING
    input.Qs.associatedPolicyArn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccessPolicies

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAddons

valid {
    input.ReqMap.name == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAssociatedAccessPolicies

valid {
    input.ReqMap.name == STRING
    input.ReqMap.principalArn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListClusters

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.include[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListEksAnywhereSubscriptions

enum_EksAnywhereSubscriptionStatus := [ "CREATING", "ACTIVE", "UPDATING", "EXPIRING", "EXPIRED", "DELETING" ]

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.includeStatus[_] == enum_EksAnywhereSubscriptionStatus[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFargateProfiles

valid {
    input.ReqMap.name == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListIdentityProviderConfigs

valid {
    input.ReqMap.name == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListInsights

enum_Category := [ "UPGRADE_READINESS" ]
enum_InsightStatusValue := [ "PASSING", "WARNING", "ERROR", "UNKNOWN" ]

valid {
    input.Body.filter.categories[_] == enum_Category[_]
    input.Body.filter.kubernetesVersions[_] == STRING
    input.Body.filter.statuses[_] == enum_InsightStatusValue[_]
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListNodegroups

valid {
    input.ReqMap.name == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPodIdentityAssociations

valid {
    input.ReqMap.name == STRING
    input.Qs.namespace == STRING
    input.Qs.serviceAccount == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListUpdates

valid {
    input.ReqMap.name == STRING
    input.Qs.nodegroupName == STRING
    input.Qs.addonName == STRING
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterCluster

enum_ConnectorConfigProvider := [ "EKS_ANYWHERE", "ANTHOS", "GKE", "AKS", "OPENSHIFT", "TANZU", "RANCHER", "EC2", "OTHER" ]

valid {
    input.Body.name == STRING
    input.Body.connectorConfig.roleArn == STRING
    input.Body.connectorConfig.provider == enum_ConnectorConfigProvider[_]
    input.Body.clientRequestToken == STRING
    input.Body.tags.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.tags.STRING == STRING
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.ReqMap.resourceArn == STRING
    input.Qs.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAccessEntry

valid {
    input.Body.kubernetesGroups[_] == STRING
    input.Body.clientRequestToken == STRING
    input.Body.username == STRING
    input.ReqMap.name == STRING
    input.ReqMap.principalArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAddon

enum_ResolveConflicts := [ "OVERWRITE", "NONE", "PRESERVE" ]

valid {
    input.Body.addonVersion == STRING
    input.Body.serviceAccountRoleArn == STRING
    input.Body.resolveConflicts == enum_ResolveConflicts[_]
    input.Body.clientRequestToken == STRING
    input.Body.configurationValues == STRING
    input.Body.podIdentityAssociations[_].serviceAccount == STRING
    input.Body.podIdentityAssociations[_].roleArn == STRING
    input.ReqMap.name == STRING
    input.ReqMap.addonName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateClusterConfig

enum_AuthenticationMode := [ "API", "API_AND_CONFIG_MAP", "CONFIG_MAP" ]
enum_IpFamily := [ "ipv4", "ipv6" ]
enum_LogType := [ "api", "audit", "authenticator", "controllerManager", "scheduler" ]
enum_SupportType := [ "STANDARD", "EXTENDED" ]

valid {
    input.Body.resourcesVpcConfig.subnetIds[_] == STRING
    input.Body.resourcesVpcConfig.securityGroupIds[_] == STRING
    input.Body.resourcesVpcConfig.endpointPublicAccess == BOOLEAN
    input.Body.resourcesVpcConfig.endpointPrivateAccess == BOOLEAN
    input.Body.resourcesVpcConfig.publicAccessCidrs[_] == STRING
    input.Body.logging.clusterLogging[_].types[_] == enum_LogType[_]
    input.Body.logging.clusterLogging[_].enabled == BOOLEAN
    input.Body.clientRequestToken == STRING
    input.Body.accessConfig.authenticationMode == enum_AuthenticationMode[_]
    input.Body.upgradePolicy.supportType == enum_SupportType[_]
    input.Body.zonalShiftConfig.enabled == BOOLEAN
    input.Body.computeConfig.enabled == BOOLEAN
    input.Body.computeConfig.nodePools[_] == STRING
    input.Body.computeConfig.nodeRoleArn == STRING
    input.Body.kubernetesNetworkConfig.serviceIpv4Cidr == STRING
    input.Body.kubernetesNetworkConfig.ipFamily == enum_IpFamily[_]
    input.Body.kubernetesNetworkConfig.elasticLoadBalancing.enabled == BOOLEAN
    input.Body.storageConfig.blockStorage.enabled == BOOLEAN
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateClusterVersion

valid {
    input.Body.version == STRING
    input.Body.clientRequestToken == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateEksAnywhereSubscription

valid {
    input.Body.autoRenew == BOOLEAN
    input.Body.clientRequestToken == STRING
    input.ReqMap.id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateNodegroupConfig

enum_TaintEffect := [ "NO_SCHEDULE", "NO_EXECUTE", "PREFER_NO_SCHEDULE" ]

valid {
    input.Body.labels.addOrUpdateLabels.STRING == STRING
    input.Body.labels.removeLabels[_] == STRING
    input.Body.taints.addOrUpdateTaints[_].key == STRING
    input.Body.taints.addOrUpdateTaints[_].value == STRING
    input.Body.taints.addOrUpdateTaints[_].effect == enum_TaintEffect[_]
    input.Body.taints.removeTaints[_].key == STRING
    input.Body.taints.removeTaints[_].value == STRING
    input.Body.taints.removeTaints[_].effect == enum_TaintEffect[_]
    input.Body.scalingConfig.minSize == INTEGER
    input.Body.scalingConfig.maxSize == INTEGER
    input.Body.scalingConfig.desiredSize == INTEGER
    input.Body.updateConfig.maxUnavailable == INTEGER
    input.Body.updateConfig.maxUnavailablePercentage == INTEGER
    input.Body.nodeRepairConfig.enabled == BOOLEAN
    input.Body.clientRequestToken == STRING
    input.ReqMap.name == STRING
    input.ReqMap.nodegroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateNodegroupVersion

valid {
    input.Body.version == STRING
    input.Body.releaseVersion == STRING
    input.Body.launchTemplate.name == STRING
    input.Body.launchTemplate.version == STRING
    input.Body.launchTemplate.id == STRING
    input.Body.force == BOOLEAN
    input.Body.clientRequestToken == STRING
    input.ReqMap.name == STRING
    input.ReqMap.nodegroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePodIdentityAssociation

valid {
    input.Body.roleArn == STRING
    input.Body.clientRequestToken == STRING
    input.ReqMap.name == STRING
    input.ReqMap.associationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}