gkehub.organizations.locations.fleets.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.features.create

enum_ConfigManagementMembershipSpecManagement := [ "MANAGEMENT_UNSPECIFIED", "MANAGEMENT_AUTOMATIC", "MANAGEMENT_MANUAL" ]
enum_ConfigManagementPolicyControllerMonitoringBackends := [ "MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING" ]
enum_FleetObservabilityRoutingConfigMode := [ "MODE_UNSPECIFIED", "COPY", "MOVE" ]
enum_OriginType := [ "TYPE_UNSPECIFIED", "FLEET", "FLEET_OUT_OF_SYNC", "USER" ]
enum_PolicyControllerHubConfigInstallSpec := [ "INSTALL_SPEC_UNSPECIFIED", "INSTALL_SPEC_NOT_INSTALLED", "INSTALL_SPEC_ENABLED", "INSTALL_SPEC_SUSPENDED", "INSTALL_SPEC_DETACHED" ]
enum_PolicyControllerMonitoringConfigBackends := [ "MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING" ]
enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity := [ "AFFINITY_UNSPECIFIED", "NO_AFFINITY", "ANTI_AFFINITY" ]
enum_PolicyControllerTemplateLibraryConfigInstallation := [ "INSTALLATION_UNSPECIFIED", "NOT_INSTALLED", "ALL" ]
enum_ServiceMeshMembershipSpecConfigApi := [ "CONFIG_API_UNSPECIFIED", "CONFIG_API_ISTIO", "CONFIG_API_GATEWAY" ]
enum_ServiceMeshMembershipSpecControlPlane := [ "CONTROL_PLANE_MANAGEMENT_UNSPECIFIED", "AUTOMATIC", "MANUAL" ]
enum_ServiceMeshMembershipSpecManagement := [ "MANAGEMENT_UNSPECIFIED", "MANAGEMENT_AUTOMATIC", "MANAGEMENT_MANUAL" ]

valid {
    input.Body.fleetDefaultMemberConfig.configmanagement.cluster == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.allowVerticalScale == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.enabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.gcpServiceAccountEmail == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.httpsProxy == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.policyDir == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.secretType == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.syncBranch == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.syncRepo == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.syncRev == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.syncWaitSecs == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.metricsGcpServiceAccountEmail == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.gcpServiceAccountEmail == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.policyDir == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.secretType == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.syncRepo == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.syncWaitSecs == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.preventDrift == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.sourceFormat == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.stopSyncing == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.hierarchyController.enableHierarchicalResourceQuota == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.hierarchyController.enablePodTreeLabels == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.hierarchyController.enabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.management == enum_ConfigManagementMembershipSpecManagement[_]
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.auditIntervalSeconds == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.enabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.exemptableNamespaces[_] == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.logDeniesEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.monitoring.backends[_] == enum_ConfigManagementPolicyControllerMonitoringBackends[_]
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.mutationEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.referentialRulesEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.templateLibraryInstalled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.version == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.clientId == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.clientSecret == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.groupFormat == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.kubectlRedirectUri == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.tenant == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.userClaim == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].googleConfig.disable == BOOLEAN
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.group.baseDn == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.group.filter == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.group.idAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.server.certificateAuthorityData == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.server.connectionType == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.server.host == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.dn == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.password == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.user.baseDn == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.user.filter == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.user.idAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.user.loginAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].name == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.certificateAuthorityData == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.clientId == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.clientSecret == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.deployCloudConsoleProxy == BOOLEAN
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.enableAccessToken == BOOLEAN
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.extraParams == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.groupPrefix == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.groupsClaim == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.issuerUri == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.kubectlRedirectUri == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.scopes == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.userClaim == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.userPrefix == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].proxy == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.attributeMapping.STRING == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.groupPrefix == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.groupsAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.identityProviderCertificates[_] == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.identityProviderId == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.identityProviderSsoUri == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.userAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.userPrefix == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.identityServiceOptions.diagnosticInterface.enabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.identityservice.identityServiceOptions.diagnosticInterface.expirationTime == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.identityServiceOptions.sessionDuration == STRING
    input.Body.fleetDefaultMemberConfig.mesh.configApi == enum_ServiceMeshMembershipSpecConfigApi[_]
    input.Body.fleetDefaultMemberConfig.mesh.controlPlane == enum_ServiceMeshMembershipSpecControlPlane[_]
    input.Body.fleetDefaultMemberConfig.mesh.management == enum_ServiceMeshMembershipSpecManagement[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.auditIntervalSeconds == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.constraintViolationLimit == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.cpu == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.memory == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.cpu == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.memory == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAffinity == enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAntiAffinity == BOOLEAN
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].effect == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].key == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].operator == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].value == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.replicaCount == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.exemptableNamespaces[_] == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.installSpec == enum_PolicyControllerHubConfigInstallSpec[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.logDeniesEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.monitoring.backends[_] == enum_PolicyControllerMonitoringConfigBackends[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.mutationEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.policyContent.bundles.STRING.exemptedNamespaces[_] == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.policyContent.templateLibrary.installation == enum_PolicyControllerTemplateLibraryConfigInstallation[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.referentialRulesEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.policycontroller.version == STRING
    input.Body.labels.STRING == STRING
    input.Body.membershipSpecs.STRING.configmanagement.cluster == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.allowVerticalScale == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.configSync.enabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.gcpServiceAccountEmail == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.httpsProxy == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.policyDir == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.secretType == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.syncBranch == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.syncRepo == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.syncRev == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.syncWaitSecs == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.metricsGcpServiceAccountEmail == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.gcpServiceAccountEmail == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.policyDir == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.secretType == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.syncRepo == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.syncWaitSecs == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.preventDrift == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.configSync.sourceFormat == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.stopSyncing == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.hierarchyController.enableHierarchicalResourceQuota == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.hierarchyController.enablePodTreeLabels == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.hierarchyController.enabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.management == enum_ConfigManagementMembershipSpecManagement[_]
    input.Body.membershipSpecs.STRING.configmanagement.policyController.auditIntervalSeconds == STRING
    input.Body.membershipSpecs.STRING.configmanagement.policyController.enabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.policyController.exemptableNamespaces[_] == STRING
    input.Body.membershipSpecs.STRING.configmanagement.policyController.logDeniesEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.policyController.monitoring.backends[_] == enum_ConfigManagementPolicyControllerMonitoringBackends[_]
    input.Body.membershipSpecs.STRING.configmanagement.policyController.mutationEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.policyController.referentialRulesEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.policyController.templateLibraryInstalled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.version == STRING
    input.Body.membershipSpecs.STRING.fleetobservability.STRING == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.clientId == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.clientSecret == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.groupFormat == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.kubectlRedirectUri == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.tenant == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.userClaim == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].googleConfig.disable == BOOLEAN
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.group.baseDn == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.group.filter == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.group.idAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.server.certificateAuthorityData == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.server.connectionType == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.server.host == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.dn == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.password == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.user.baseDn == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.user.filter == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.user.idAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.user.loginAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].name == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.certificateAuthorityData == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.clientId == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.clientSecret == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.deployCloudConsoleProxy == BOOLEAN
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.enableAccessToken == BOOLEAN
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.extraParams == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.groupPrefix == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.groupsClaim == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.issuerUri == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.kubectlRedirectUri == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.scopes == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.userClaim == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.userPrefix == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].proxy == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.attributeMapping.STRING == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.groupPrefix == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.groupsAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.identityProviderCertificates[_] == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.identityProviderId == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.identityProviderSsoUri == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.userAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.userPrefix == STRING
    input.Body.membershipSpecs.STRING.identityservice.identityServiceOptions.diagnosticInterface.enabled == BOOLEAN
    input.Body.membershipSpecs.STRING.identityservice.identityServiceOptions.diagnosticInterface.expirationTime == STRING
    input.Body.membershipSpecs.STRING.identityservice.identityServiceOptions.sessionDuration == STRING
    input.Body.membershipSpecs.STRING.mesh.configApi == enum_ServiceMeshMembershipSpecConfigApi[_]
    input.Body.membershipSpecs.STRING.mesh.controlPlane == enum_ServiceMeshMembershipSpecControlPlane[_]
    input.Body.membershipSpecs.STRING.mesh.management == enum_ServiceMeshMembershipSpecManagement[_]
    input.Body.membershipSpecs.STRING.origin.type == enum_OriginType[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.auditIntervalSeconds == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.constraintViolationLimit == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.cpu == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.memory == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.cpu == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.memory == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAffinity == enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAntiAffinity == BOOLEAN
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].effect == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].key == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].operator == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].value == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.replicaCount == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.exemptableNamespaces[_] == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.installSpec == enum_PolicyControllerHubConfigInstallSpec[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.logDeniesEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.monitoring.backends[_] == enum_PolicyControllerMonitoringConfigBackends[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.mutationEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.policyContent.bundles.STRING.exemptedNamespaces[_] == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.policyContent.templateLibrary.installation == enum_PolicyControllerTemplateLibraryConfigInstallation[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.referentialRulesEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.policycontroller.version == STRING
    input.Body.scopeSpecs.STRING.STRING == STRING
    input.Body.spec.appdevexperience.STRING == STRING
    input.Body.spec.clusterupgrade.gkeUpgradeOverrides[_].postConditions.soaking == STRING
    input.Body.spec.clusterupgrade.gkeUpgradeOverrides[_].upgrade.name == STRING
    input.Body.spec.clusterupgrade.gkeUpgradeOverrides[_].upgrade.version == STRING
    input.Body.spec.clusterupgrade.postConditions.soaking == STRING
    input.Body.spec.clusterupgrade.upstreamFleets[_] == STRING
    input.Body.spec.dataplanev2.enableEncryption == BOOLEAN
    input.Body.spec.fleetobservability.loggingConfig.defaultConfig.mode == enum_FleetObservabilityRoutingConfigMode[_]
    input.Body.spec.fleetobservability.loggingConfig.fleetScopeLogsConfig.mode == enum_FleetObservabilityRoutingConfigMode[_]
    input.Body.spec.multiclusteringress.configMembership == STRING
    input.ReqMap.parent == STRING
    input.Qs.featureId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.features.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.force == BOOLEAN
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.features.get

valid {
    input.ReqMap.name == STRING
    input.Qs.returnPartialSuccess == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.features.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.features.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.returnPartialSuccess == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.features.patch

enum_ConfigManagementMembershipSpecManagement := [ "MANAGEMENT_UNSPECIFIED", "MANAGEMENT_AUTOMATIC", "MANAGEMENT_MANUAL" ]
enum_ConfigManagementPolicyControllerMonitoringBackends := [ "MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING" ]
enum_FleetObservabilityRoutingConfigMode := [ "MODE_UNSPECIFIED", "COPY", "MOVE" ]
enum_OriginType := [ "TYPE_UNSPECIFIED", "FLEET", "FLEET_OUT_OF_SYNC", "USER" ]
enum_PolicyControllerHubConfigInstallSpec := [ "INSTALL_SPEC_UNSPECIFIED", "INSTALL_SPEC_NOT_INSTALLED", "INSTALL_SPEC_ENABLED", "INSTALL_SPEC_SUSPENDED", "INSTALL_SPEC_DETACHED" ]
enum_PolicyControllerMonitoringConfigBackends := [ "MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING" ]
enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity := [ "AFFINITY_UNSPECIFIED", "NO_AFFINITY", "ANTI_AFFINITY" ]
enum_PolicyControllerTemplateLibraryConfigInstallation := [ "INSTALLATION_UNSPECIFIED", "NOT_INSTALLED", "ALL" ]
enum_ServiceMeshMembershipSpecConfigApi := [ "CONFIG_API_UNSPECIFIED", "CONFIG_API_ISTIO", "CONFIG_API_GATEWAY" ]
enum_ServiceMeshMembershipSpecControlPlane := [ "CONTROL_PLANE_MANAGEMENT_UNSPECIFIED", "AUTOMATIC", "MANUAL" ]
enum_ServiceMeshMembershipSpecManagement := [ "MANAGEMENT_UNSPECIFIED", "MANAGEMENT_AUTOMATIC", "MANAGEMENT_MANUAL" ]

valid {
    input.Body.fleetDefaultMemberConfig.configmanagement.cluster == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.allowVerticalScale == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.enabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.gcpServiceAccountEmail == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.httpsProxy == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.policyDir == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.secretType == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.syncBranch == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.syncRepo == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.syncRev == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.git.syncWaitSecs == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.metricsGcpServiceAccountEmail == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.gcpServiceAccountEmail == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.policyDir == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.secretType == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.syncRepo == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.oci.syncWaitSecs == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.preventDrift == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.sourceFormat == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.configSync.stopSyncing == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.hierarchyController.enableHierarchicalResourceQuota == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.hierarchyController.enablePodTreeLabels == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.hierarchyController.enabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.management == enum_ConfigManagementMembershipSpecManagement[_]
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.auditIntervalSeconds == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.enabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.exemptableNamespaces[_] == STRING
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.logDeniesEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.monitoring.backends[_] == enum_ConfigManagementPolicyControllerMonitoringBackends[_]
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.mutationEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.referentialRulesEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.policyController.templateLibraryInstalled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.configmanagement.version == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.clientId == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.clientSecret == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.groupFormat == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.kubectlRedirectUri == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.tenant == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].azureadConfig.userClaim == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].googleConfig.disable == BOOLEAN
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.group.baseDn == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.group.filter == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.group.idAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.server.certificateAuthorityData == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.server.connectionType == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.server.host == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.dn == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.password == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.user.baseDn == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.user.filter == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.user.idAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].ldapConfig.user.loginAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].name == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.certificateAuthorityData == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.clientId == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.clientSecret == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.deployCloudConsoleProxy == BOOLEAN
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.enableAccessToken == BOOLEAN
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.extraParams == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.groupPrefix == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.groupsClaim == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.issuerUri == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.kubectlRedirectUri == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.scopes == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.userClaim == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].oidcConfig.userPrefix == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].proxy == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.attributeMapping.STRING == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.groupPrefix == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.groupsAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.identityProviderCertificates[_] == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.identityProviderId == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.identityProviderSsoUri == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.userAttribute == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.authMethods[_].samlConfig.userPrefix == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.identityServiceOptions.diagnosticInterface.enabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.identityservice.identityServiceOptions.diagnosticInterface.expirationTime == STRING
    input.Body.fleetDefaultMemberConfig.identityservice.identityServiceOptions.sessionDuration == STRING
    input.Body.fleetDefaultMemberConfig.mesh.configApi == enum_ServiceMeshMembershipSpecConfigApi[_]
    input.Body.fleetDefaultMemberConfig.mesh.controlPlane == enum_ServiceMeshMembershipSpecControlPlane[_]
    input.Body.fleetDefaultMemberConfig.mesh.management == enum_ServiceMeshMembershipSpecManagement[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.auditIntervalSeconds == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.constraintViolationLimit == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.cpu == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.memory == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.cpu == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.memory == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAffinity == enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAntiAffinity == BOOLEAN
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].effect == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].key == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].operator == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].value == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.replicaCount == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.exemptableNamespaces[_] == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.installSpec == enum_PolicyControllerHubConfigInstallSpec[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.logDeniesEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.monitoring.backends[_] == enum_PolicyControllerMonitoringConfigBackends[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.mutationEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.policyContent.bundles.STRING.exemptedNamespaces[_] == STRING
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.policyContent.templateLibrary.installation == enum_PolicyControllerTemplateLibraryConfigInstallation[_]
    input.Body.fleetDefaultMemberConfig.policycontroller.policyControllerHubConfig.referentialRulesEnabled == BOOLEAN
    input.Body.fleetDefaultMemberConfig.policycontroller.version == STRING
    input.Body.labels.STRING == STRING
    input.Body.membershipSpecs.STRING.configmanagement.cluster == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.allowVerticalScale == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.configSync.enabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.gcpServiceAccountEmail == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.httpsProxy == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.policyDir == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.secretType == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.syncBranch == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.syncRepo == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.syncRev == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.git.syncWaitSecs == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.metricsGcpServiceAccountEmail == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.gcpServiceAccountEmail == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.policyDir == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.secretType == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.syncRepo == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.oci.syncWaitSecs == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.preventDrift == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.configSync.sourceFormat == STRING
    input.Body.membershipSpecs.STRING.configmanagement.configSync.stopSyncing == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.hierarchyController.enableHierarchicalResourceQuota == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.hierarchyController.enablePodTreeLabels == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.hierarchyController.enabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.management == enum_ConfigManagementMembershipSpecManagement[_]
    input.Body.membershipSpecs.STRING.configmanagement.policyController.auditIntervalSeconds == STRING
    input.Body.membershipSpecs.STRING.configmanagement.policyController.enabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.policyController.exemptableNamespaces[_] == STRING
    input.Body.membershipSpecs.STRING.configmanagement.policyController.logDeniesEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.policyController.monitoring.backends[_] == enum_ConfigManagementPolicyControllerMonitoringBackends[_]
    input.Body.membershipSpecs.STRING.configmanagement.policyController.mutationEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.policyController.referentialRulesEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.policyController.templateLibraryInstalled == BOOLEAN
    input.Body.membershipSpecs.STRING.configmanagement.version == STRING
    input.Body.membershipSpecs.STRING.fleetobservability.STRING == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.clientId == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.clientSecret == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.groupFormat == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.kubectlRedirectUri == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.tenant == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].azureadConfig.userClaim == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].googleConfig.disable == BOOLEAN
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.group.baseDn == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.group.filter == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.group.idAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.server.certificateAuthorityData == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.server.connectionType == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.server.host == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.dn == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.password == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.user.baseDn == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.user.filter == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.user.idAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].ldapConfig.user.loginAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].name == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.certificateAuthorityData == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.clientId == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.clientSecret == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.deployCloudConsoleProxy == BOOLEAN
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.enableAccessToken == BOOLEAN
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.extraParams == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.groupPrefix == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.groupsClaim == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.issuerUri == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.kubectlRedirectUri == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.scopes == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.userClaim == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].oidcConfig.userPrefix == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].proxy == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.attributeMapping.STRING == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.groupPrefix == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.groupsAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.identityProviderCertificates[_] == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.identityProviderId == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.identityProviderSsoUri == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.userAttribute == STRING
    input.Body.membershipSpecs.STRING.identityservice.authMethods[_].samlConfig.userPrefix == STRING
    input.Body.membershipSpecs.STRING.identityservice.identityServiceOptions.diagnosticInterface.enabled == BOOLEAN
    input.Body.membershipSpecs.STRING.identityservice.identityServiceOptions.diagnosticInterface.expirationTime == STRING
    input.Body.membershipSpecs.STRING.identityservice.identityServiceOptions.sessionDuration == STRING
    input.Body.membershipSpecs.STRING.mesh.configApi == enum_ServiceMeshMembershipSpecConfigApi[_]
    input.Body.membershipSpecs.STRING.mesh.controlPlane == enum_ServiceMeshMembershipSpecControlPlane[_]
    input.Body.membershipSpecs.STRING.mesh.management == enum_ServiceMeshMembershipSpecManagement[_]
    input.Body.membershipSpecs.STRING.origin.type == enum_OriginType[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.auditIntervalSeconds == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.constraintViolationLimit == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.cpu == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.memory == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.cpu == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.memory == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAffinity == enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAntiAffinity == BOOLEAN
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].effect == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].key == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].operator == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].value == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.replicaCount == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.exemptableNamespaces[_] == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.installSpec == enum_PolicyControllerHubConfigInstallSpec[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.logDeniesEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.monitoring.backends[_] == enum_PolicyControllerMonitoringConfigBackends[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.mutationEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.policyContent.bundles.STRING.exemptedNamespaces[_] == STRING
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.policyContent.templateLibrary.installation == enum_PolicyControllerTemplateLibraryConfigInstallation[_]
    input.Body.membershipSpecs.STRING.policycontroller.policyControllerHubConfig.referentialRulesEnabled == BOOLEAN
    input.Body.membershipSpecs.STRING.policycontroller.version == STRING
    input.Body.scopeSpecs.STRING.STRING == STRING
    input.Body.spec.appdevexperience.STRING == STRING
    input.Body.spec.clusterupgrade.gkeUpgradeOverrides[_].postConditions.soaking == STRING
    input.Body.spec.clusterupgrade.gkeUpgradeOverrides[_].upgrade.name == STRING
    input.Body.spec.clusterupgrade.gkeUpgradeOverrides[_].upgrade.version == STRING
    input.Body.spec.clusterupgrade.postConditions.soaking == STRING
    input.Body.spec.clusterupgrade.upstreamFleets[_] == STRING
    input.Body.spec.dataplanev2.enableEncryption == BOOLEAN
    input.Body.spec.fleetobservability.loggingConfig.defaultConfig.mode == enum_FleetObservabilityRoutingConfigMode[_]
    input.Body.spec.fleetobservability.loggingConfig.fleetScopeLogsConfig.mode == enum_FleetObservabilityRoutingConfigMode[_]
    input.Body.spec.multiclusteringress.configMembership == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.features.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.features.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.fleets.create

enum_BinaryAuthorizationConfigEvaluationMode := [ "EVALUATION_MODE_UNSPECIFIED", "DISABLED", "POLICY_BINDINGS" ]
enum_CompliancePostureConfigMode := [ "MODE_UNSPECIFIED", "DISABLED", "ENABLED" ]
enum_SecurityPostureConfigMode := [ "MODE_UNSPECIFIED", "DISABLED", "BASIC", "ENTERPRISE" ]
enum_SecurityPostureConfigVulnerabilityMode := [ "VULNERABILITY_MODE_UNSPECIFIED", "VULNERABILITY_DISABLED", "VULNERABILITY_BASIC", "VULNERABILITY_ENTERPRISE" ]

valid {
    input.Body.defaultClusterConfig.binaryAuthorizationConfig.evaluationMode == enum_BinaryAuthorizationConfigEvaluationMode[_]
    input.Body.defaultClusterConfig.binaryAuthorizationConfig.policyBindings[_].name == STRING
    input.Body.defaultClusterConfig.compliancePostureConfig.complianceStandards[_].standard == STRING
    input.Body.defaultClusterConfig.compliancePostureConfig.mode == enum_CompliancePostureConfigMode[_]
    input.Body.defaultClusterConfig.securityPostureConfig.mode == enum_SecurityPostureConfigMode[_]
    input.Body.defaultClusterConfig.securityPostureConfig.vulnerabilityMode == enum_SecurityPostureConfigVulnerabilityMode[_]
    input.Body.displayName == STRING
    input.Body.labels.STRING == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.fleets.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.fleets.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.fleets.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.fleets.patch

enum_BinaryAuthorizationConfigEvaluationMode := [ "EVALUATION_MODE_UNSPECIFIED", "DISABLED", "POLICY_BINDINGS" ]
enum_CompliancePostureConfigMode := [ "MODE_UNSPECIFIED", "DISABLED", "ENABLED" ]
enum_SecurityPostureConfigMode := [ "MODE_UNSPECIFIED", "DISABLED", "BASIC", "ENTERPRISE" ]
enum_SecurityPostureConfigVulnerabilityMode := [ "VULNERABILITY_MODE_UNSPECIFIED", "VULNERABILITY_DISABLED", "VULNERABILITY_BASIC", "VULNERABILITY_ENTERPRISE" ]

valid {
    input.Body.defaultClusterConfig.binaryAuthorizationConfig.evaluationMode == enum_BinaryAuthorizationConfigEvaluationMode[_]
    input.Body.defaultClusterConfig.binaryAuthorizationConfig.policyBindings[_].name == STRING
    input.Body.defaultClusterConfig.compliancePostureConfig.complianceStandards[_].standard == STRING
    input.Body.defaultClusterConfig.compliancePostureConfig.mode == enum_CompliancePostureConfigMode[_]
    input.Body.defaultClusterConfig.securityPostureConfig.mode == enum_SecurityPostureConfigMode[_]
    input.Body.defaultClusterConfig.securityPostureConfig.vulnerabilityMode == enum_SecurityPostureConfigVulnerabilityMode[_]
    input.Body.displayName == STRING
    input.Body.labels.STRING == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.global.memberships.initializeHub

valid {
    input.Body.STRING == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

gkehub.projects.locations.list

valid {
    input.ReqMap.name == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.bindings.create

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.scope == STRING
    input.ReqMap.parent == STRING
    input.Qs.membershipBindingId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.bindings.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.bindings.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.bindings.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.bindings.patch

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.scope == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.create

enum_OnPremClusterClusterType := [ "CLUSTERTYPE_UNSPECIFIED", "BOOTSTRAP", "HYBRID", "STANDALONE", "USER" ]

valid {
    input.Body.authority.issuer == STRING
    input.Body.authority.oidcJwks == STRING
    input.Body.endpoint.applianceCluster.resourceLink == STRING
    input.Body.endpoint.edgeCluster.resourceLink == STRING
    input.Body.endpoint.gkeCluster.resourceLink == STRING
    input.Body.endpoint.kubernetesResource.membershipCrManifest == STRING
    input.Body.endpoint.kubernetesResource.resourceOptions.connectVersion == STRING
    input.Body.endpoint.kubernetesResource.resourceOptions.k8sVersion == STRING
    input.Body.endpoint.kubernetesResource.resourceOptions.v1beta1Crd == BOOLEAN
    input.Body.endpoint.multiCloudCluster.resourceLink == STRING
    input.Body.endpoint.onPremCluster.adminCluster == BOOLEAN
    input.Body.endpoint.onPremCluster.clusterType == enum_OnPremClusterClusterType[_]
    input.Body.endpoint.onPremCluster.resourceLink == STRING
    input.Body.externalId == STRING
    input.Body.labels.STRING == STRING
    input.Body.monitoringConfig.cluster == STRING
    input.Body.monitoringConfig.clusterHash == STRING
    input.Body.monitoringConfig.kubernetesMetricsPrefix == STRING
    input.Body.monitoringConfig.location == STRING
    input.Body.monitoringConfig.projectId == STRING
    input.ReqMap.parent == STRING
    input.Qs.membershipId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.force == BOOLEAN
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.features.create

enum_CloudBuildSpecSecurityPolicy := [ "SECURITY_POLICY_UNSPECIFIED", "NON_PRIVILEGED", "PRIVILEGED" ]
enum_ConfigManagementPolicyControllerMonitoringBackends := [ "MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING" ]
enum_ConfigManagementSpecManagement := [ "MANAGEMENT_UNSPECIFIED", "MANAGEMENT_AUTOMATIC", "MANAGEMENT_MANUAL" ]
enum_OriginType := [ "TYPE_UNSPECIFIED", "FLEET", "FLEET_OUT_OF_SYNC", "USER" ]
enum_PolicyControllerHubConfigInstallSpec := [ "INSTALL_SPEC_UNSPECIFIED", "INSTALL_SPEC_NOT_INSTALLED", "INSTALL_SPEC_ENABLED", "INSTALL_SPEC_SUSPENDED", "INSTALL_SPEC_DETACHED" ]
enum_PolicyControllerMonitoringConfigBackends := [ "MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING" ]
enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity := [ "AFFINITY_UNSPECIFIED", "NO_AFFINITY", "ANTI_AFFINITY" ]
enum_PolicyControllerTemplateLibraryConfigInstallation := [ "INSTALLATION_UNSPECIFIED", "NOT_INSTALLED", "ALL" ]
enum_ServiceMeshSpecConfigApi := [ "CONFIG_API_UNSPECIFIED", "CONFIG_API_ISTIO", "CONFIG_API_GATEWAY" ]
enum_ServiceMeshSpecControlPlane := [ "CONTROL_PLANE_MANAGEMENT_UNSPECIFIED", "AUTOMATIC", "MANUAL" ]
enum_ServiceMeshSpecDefaultChannel := [ "CHANNEL_UNSPECIFIED", "RAPID", "REGULAR", "STABLE" ]
enum_ServiceMeshSpecManagement := [ "MANAGEMENT_UNSPECIFIED", "MANAGEMENT_AUTOMATIC", "MANAGEMENT_MANUAL" ]
enum_WorkloadCertificateSpecCertificateManagement := [ "CERTIFICATE_MANAGEMENT_UNSPECIFIED", "DISABLED", "ENABLED" ]

valid {
    input.Body.featureConfigRef.config == STRING
    input.Body.labels.STRING == STRING
    input.Body.spec.cloudbuild.securityPolicy == enum_CloudBuildSpecSecurityPolicy[_]
    input.Body.spec.cloudbuild.version == STRING
    input.Body.spec.configmanagement.binauthz.enabled == BOOLEAN
    input.Body.spec.configmanagement.cluster == STRING
    input.Body.spec.configmanagement.configSync.allowVerticalScale == BOOLEAN
    input.Body.spec.configmanagement.configSync.enabled == BOOLEAN
    input.Body.spec.configmanagement.configSync.git.gcpServiceAccountEmail == STRING
    input.Body.spec.configmanagement.configSync.git.httpsProxy == STRING
    input.Body.spec.configmanagement.configSync.git.policyDir == STRING
    input.Body.spec.configmanagement.configSync.git.secretType == STRING
    input.Body.spec.configmanagement.configSync.git.syncBranch == STRING
    input.Body.spec.configmanagement.configSync.git.syncRepo == STRING
    input.Body.spec.configmanagement.configSync.git.syncRev == STRING
    input.Body.spec.configmanagement.configSync.git.syncWaitSecs == STRING
    input.Body.spec.configmanagement.configSync.metricsGcpServiceAccountEmail == STRING
    input.Body.spec.configmanagement.configSync.oci.gcpServiceAccountEmail == STRING
    input.Body.spec.configmanagement.configSync.oci.policyDir == STRING
    input.Body.spec.configmanagement.configSync.oci.secretType == STRING
    input.Body.spec.configmanagement.configSync.oci.syncRepo == STRING
    input.Body.spec.configmanagement.configSync.oci.syncWaitSecs == STRING
    input.Body.spec.configmanagement.configSync.preventDrift == BOOLEAN
    input.Body.spec.configmanagement.configSync.sourceFormat == STRING
    input.Body.spec.configmanagement.configSync.stopSyncing == BOOLEAN
    input.Body.spec.configmanagement.hierarchyController.enableHierarchicalResourceQuota == BOOLEAN
    input.Body.spec.configmanagement.hierarchyController.enablePodTreeLabels == BOOLEAN
    input.Body.spec.configmanagement.hierarchyController.enabled == BOOLEAN
    input.Body.spec.configmanagement.management == enum_ConfigManagementSpecManagement[_]
    input.Body.spec.configmanagement.policyController.auditIntervalSeconds == STRING
    input.Body.spec.configmanagement.policyController.enabled == BOOLEAN
    input.Body.spec.configmanagement.policyController.exemptableNamespaces[_] == STRING
    input.Body.spec.configmanagement.policyController.logDeniesEnabled == BOOLEAN
    input.Body.spec.configmanagement.policyController.monitoring.backends[_] == enum_ConfigManagementPolicyControllerMonitoringBackends[_]
    input.Body.spec.configmanagement.policyController.mutationEnabled == BOOLEAN
    input.Body.spec.configmanagement.policyController.referentialRulesEnabled == BOOLEAN
    input.Body.spec.configmanagement.policyController.templateLibraryInstalled == BOOLEAN
    input.Body.spec.configmanagement.version == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.clientId == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.clientSecret == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.groupFormat == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.kubectlRedirectUri == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.tenant == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.userClaim == STRING
    input.Body.spec.identityservice.authMethods[_].googleConfig.disable == BOOLEAN
    input.Body.spec.identityservice.authMethods[_].ldapConfig.group.baseDn == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.group.filter == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.group.idAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.server.certificateAuthorityData == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.server.connectionType == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.server.host == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.dn == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.password == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.user.baseDn == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.user.filter == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.user.idAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.user.loginAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].name == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.certificateAuthorityData == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.clientId == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.clientSecret == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.deployCloudConsoleProxy == BOOLEAN
    input.Body.spec.identityservice.authMethods[_].oidcConfig.enableAccessToken == BOOLEAN
    input.Body.spec.identityservice.authMethods[_].oidcConfig.extraParams == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.groupPrefix == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.groupsClaim == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.issuerUri == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.kubectlRedirectUri == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.scopes == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.userClaim == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.userPrefix == STRING
    input.Body.spec.identityservice.authMethods[_].proxy == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.attributeMapping.STRING == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.groupPrefix == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.groupsAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.identityProviderCertificates[_] == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.identityProviderId == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.identityProviderSsoUri == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.userAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.userPrefix == STRING
    input.Body.spec.identityservice.identityServiceOptions.diagnosticInterface.enabled == BOOLEAN
    input.Body.spec.identityservice.identityServiceOptions.diagnosticInterface.expirationTime == STRING
    input.Body.spec.identityservice.identityServiceOptions.sessionDuration == STRING
    input.Body.spec.origin.type == enum_OriginType[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.auditIntervalSeconds == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.constraintViolationLimit == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.cpu == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.memory == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.cpu == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.memory == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAffinity == enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAntiAffinity == BOOLEAN
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].effect == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].key == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].operator == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].value == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.replicaCount == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.exemptableNamespaces[_] == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.installSpec == enum_PolicyControllerHubConfigInstallSpec[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.logDeniesEnabled == BOOLEAN
    input.Body.spec.policycontroller.policyControllerHubConfig.monitoring.backends[_] == enum_PolicyControllerMonitoringConfigBackends[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.mutationEnabled == BOOLEAN
    input.Body.spec.policycontroller.policyControllerHubConfig.policyContent.bundles.STRING.exemptedNamespaces[_] == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.policyContent.templateLibrary.installation == enum_PolicyControllerTemplateLibraryConfigInstallation[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.referentialRulesEnabled == BOOLEAN
    input.Body.spec.policycontroller.version == STRING
    input.Body.spec.servicemesh.configApi == enum_ServiceMeshSpecConfigApi[_]
    input.Body.spec.servicemesh.controlPlane == enum_ServiceMeshSpecControlPlane[_]
    input.Body.spec.servicemesh.defaultChannel == enum_ServiceMeshSpecDefaultChannel[_]
    input.Body.spec.servicemesh.management == enum_ServiceMeshSpecManagement[_]
    input.Body.spec.workloadcertificate.certificateManagement == enum_WorkloadCertificateSpecCertificateManagement[_]
    input.ReqMap.parent == STRING
    input.Qs.featureId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.features.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.features.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.features.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.features.patch

enum_CloudBuildSpecSecurityPolicy := [ "SECURITY_POLICY_UNSPECIFIED", "NON_PRIVILEGED", "PRIVILEGED" ]
enum_ConfigManagementPolicyControllerMonitoringBackends := [ "MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING" ]
enum_ConfigManagementSpecManagement := [ "MANAGEMENT_UNSPECIFIED", "MANAGEMENT_AUTOMATIC", "MANAGEMENT_MANUAL" ]
enum_OriginType := [ "TYPE_UNSPECIFIED", "FLEET", "FLEET_OUT_OF_SYNC", "USER" ]
enum_PolicyControllerHubConfigInstallSpec := [ "INSTALL_SPEC_UNSPECIFIED", "INSTALL_SPEC_NOT_INSTALLED", "INSTALL_SPEC_ENABLED", "INSTALL_SPEC_SUSPENDED", "INSTALL_SPEC_DETACHED" ]
enum_PolicyControllerMonitoringConfigBackends := [ "MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING" ]
enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity := [ "AFFINITY_UNSPECIFIED", "NO_AFFINITY", "ANTI_AFFINITY" ]
enum_PolicyControllerTemplateLibraryConfigInstallation := [ "INSTALLATION_UNSPECIFIED", "NOT_INSTALLED", "ALL" ]
enum_ServiceMeshSpecConfigApi := [ "CONFIG_API_UNSPECIFIED", "CONFIG_API_ISTIO", "CONFIG_API_GATEWAY" ]
enum_ServiceMeshSpecControlPlane := [ "CONTROL_PLANE_MANAGEMENT_UNSPECIFIED", "AUTOMATIC", "MANUAL" ]
enum_ServiceMeshSpecDefaultChannel := [ "CHANNEL_UNSPECIFIED", "RAPID", "REGULAR", "STABLE" ]
enum_ServiceMeshSpecManagement := [ "MANAGEMENT_UNSPECIFIED", "MANAGEMENT_AUTOMATIC", "MANAGEMENT_MANUAL" ]
enum_WorkloadCertificateSpecCertificateManagement := [ "CERTIFICATE_MANAGEMENT_UNSPECIFIED", "DISABLED", "ENABLED" ]

valid {
    input.Body.featureConfigRef.config == STRING
    input.Body.labels.STRING == STRING
    input.Body.spec.cloudbuild.securityPolicy == enum_CloudBuildSpecSecurityPolicy[_]
    input.Body.spec.cloudbuild.version == STRING
    input.Body.spec.configmanagement.binauthz.enabled == BOOLEAN
    input.Body.spec.configmanagement.cluster == STRING
    input.Body.spec.configmanagement.configSync.allowVerticalScale == BOOLEAN
    input.Body.spec.configmanagement.configSync.enabled == BOOLEAN
    input.Body.spec.configmanagement.configSync.git.gcpServiceAccountEmail == STRING
    input.Body.spec.configmanagement.configSync.git.httpsProxy == STRING
    input.Body.spec.configmanagement.configSync.git.policyDir == STRING
    input.Body.spec.configmanagement.configSync.git.secretType == STRING
    input.Body.spec.configmanagement.configSync.git.syncBranch == STRING
    input.Body.spec.configmanagement.configSync.git.syncRepo == STRING
    input.Body.spec.configmanagement.configSync.git.syncRev == STRING
    input.Body.spec.configmanagement.configSync.git.syncWaitSecs == STRING
    input.Body.spec.configmanagement.configSync.metricsGcpServiceAccountEmail == STRING
    input.Body.spec.configmanagement.configSync.oci.gcpServiceAccountEmail == STRING
    input.Body.spec.configmanagement.configSync.oci.policyDir == STRING
    input.Body.spec.configmanagement.configSync.oci.secretType == STRING
    input.Body.spec.configmanagement.configSync.oci.syncRepo == STRING
    input.Body.spec.configmanagement.configSync.oci.syncWaitSecs == STRING
    input.Body.spec.configmanagement.configSync.preventDrift == BOOLEAN
    input.Body.spec.configmanagement.configSync.sourceFormat == STRING
    input.Body.spec.configmanagement.configSync.stopSyncing == BOOLEAN
    input.Body.spec.configmanagement.hierarchyController.enableHierarchicalResourceQuota == BOOLEAN
    input.Body.spec.configmanagement.hierarchyController.enablePodTreeLabels == BOOLEAN
    input.Body.spec.configmanagement.hierarchyController.enabled == BOOLEAN
    input.Body.spec.configmanagement.management == enum_ConfigManagementSpecManagement[_]
    input.Body.spec.configmanagement.policyController.auditIntervalSeconds == STRING
    input.Body.spec.configmanagement.policyController.enabled == BOOLEAN
    input.Body.spec.configmanagement.policyController.exemptableNamespaces[_] == STRING
    input.Body.spec.configmanagement.policyController.logDeniesEnabled == BOOLEAN
    input.Body.spec.configmanagement.policyController.monitoring.backends[_] == enum_ConfigManagementPolicyControllerMonitoringBackends[_]
    input.Body.spec.configmanagement.policyController.mutationEnabled == BOOLEAN
    input.Body.spec.configmanagement.policyController.referentialRulesEnabled == BOOLEAN
    input.Body.spec.configmanagement.policyController.templateLibraryInstalled == BOOLEAN
    input.Body.spec.configmanagement.version == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.clientId == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.clientSecret == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.groupFormat == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.kubectlRedirectUri == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.tenant == STRING
    input.Body.spec.identityservice.authMethods[_].azureadConfig.userClaim == STRING
    input.Body.spec.identityservice.authMethods[_].googleConfig.disable == BOOLEAN
    input.Body.spec.identityservice.authMethods[_].ldapConfig.group.baseDn == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.group.filter == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.group.idAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.server.certificateAuthorityData == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.server.connectionType == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.server.host == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.dn == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.serviceAccount.simpleBindCredentials.password == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.user.baseDn == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.user.filter == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.user.idAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].ldapConfig.user.loginAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].name == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.certificateAuthorityData == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.clientId == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.clientSecret == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.deployCloudConsoleProxy == BOOLEAN
    input.Body.spec.identityservice.authMethods[_].oidcConfig.enableAccessToken == BOOLEAN
    input.Body.spec.identityservice.authMethods[_].oidcConfig.extraParams == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.groupPrefix == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.groupsClaim == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.issuerUri == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.kubectlRedirectUri == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.scopes == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.userClaim == STRING
    input.Body.spec.identityservice.authMethods[_].oidcConfig.userPrefix == STRING
    input.Body.spec.identityservice.authMethods[_].proxy == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.attributeMapping.STRING == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.groupPrefix == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.groupsAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.identityProviderCertificates[_] == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.identityProviderId == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.identityProviderSsoUri == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.userAttribute == STRING
    input.Body.spec.identityservice.authMethods[_].samlConfig.userPrefix == STRING
    input.Body.spec.identityservice.identityServiceOptions.diagnosticInterface.enabled == BOOLEAN
    input.Body.spec.identityservice.identityServiceOptions.diagnosticInterface.expirationTime == STRING
    input.Body.spec.identityservice.identityServiceOptions.sessionDuration == STRING
    input.Body.spec.origin.type == enum_OriginType[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.auditIntervalSeconds == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.constraintViolationLimit == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.cpu == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.limits.memory == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.cpu == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.containerResources.requests.memory == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAffinity == enum_PolicyControllerPolicyControllerDeploymentConfigPodAffinity[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podAntiAffinity == BOOLEAN
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].effect == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].key == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].operator == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.podTolerations[_].value == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.deploymentConfigs.STRING.replicaCount == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.exemptableNamespaces[_] == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.installSpec == enum_PolicyControllerHubConfigInstallSpec[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.logDeniesEnabled == BOOLEAN
    input.Body.spec.policycontroller.policyControllerHubConfig.monitoring.backends[_] == enum_PolicyControllerMonitoringConfigBackends[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.mutationEnabled == BOOLEAN
    input.Body.spec.policycontroller.policyControllerHubConfig.policyContent.bundles.STRING.exemptedNamespaces[_] == STRING
    input.Body.spec.policycontroller.policyControllerHubConfig.policyContent.templateLibrary.installation == enum_PolicyControllerTemplateLibraryConfigInstallation[_]
    input.Body.spec.policycontroller.policyControllerHubConfig.referentialRulesEnabled == BOOLEAN
    input.Body.spec.policycontroller.version == STRING
    input.Body.spec.servicemesh.configApi == enum_ServiceMeshSpecConfigApi[_]
    input.Body.spec.servicemesh.controlPlane == enum_ServiceMeshSpecControlPlane[_]
    input.Body.spec.servicemesh.defaultChannel == enum_ServiceMeshSpecDefaultChannel[_]
    input.Body.spec.servicemesh.management == enum_ServiceMeshSpecManagement[_]
    input.Body.spec.workloadcertificate.certificateManagement == enum_WorkloadCertificateSpecCertificateManagement[_]
    input.ReqMap.name == STRING
    input.Qs.allowMissing == BOOLEAN
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.generateConnectManifest

valid {
    input.ReqMap.name == STRING
    input.Qs.imagePullSecretContent == STRING
    input.Qs.isUpgrade == BOOLEAN
    input.Qs.namespace == STRING
    input.Qs.proxy == STRING
    input.Qs.registry == STRING
    input.Qs.version == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.generateExclusivityManifest

valid {
    input.ReqMap.name == STRING
    input.Qs.crManifest == STRING
    input.Qs.crdManifest == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.listAdmin

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.patch

enum_OnPremClusterClusterType := [ "CLUSTERTYPE_UNSPECIFIED", "BOOTSTRAP", "HYBRID", "STANDALONE", "USER" ]

valid {
    input.Body.authority.issuer == STRING
    input.Body.authority.oidcJwks == STRING
    input.Body.endpoint.applianceCluster.resourceLink == STRING
    input.Body.endpoint.edgeCluster.resourceLink == STRING
    input.Body.endpoint.gkeCluster.resourceLink == STRING
    input.Body.endpoint.kubernetesResource.membershipCrManifest == STRING
    input.Body.endpoint.kubernetesResource.resourceOptions.connectVersion == STRING
    input.Body.endpoint.kubernetesResource.resourceOptions.k8sVersion == STRING
    input.Body.endpoint.kubernetesResource.resourceOptions.v1beta1Crd == BOOLEAN
    input.Body.endpoint.multiCloudCluster.resourceLink == STRING
    input.Body.endpoint.onPremCluster.adminCluster == BOOLEAN
    input.Body.endpoint.onPremCluster.clusterType == enum_OnPremClusterClusterType[_]
    input.Body.endpoint.onPremCluster.resourceLink == STRING
    input.Body.externalId == STRING
    input.Body.labels.STRING == STRING
    input.Body.monitoringConfig.cluster == STRING
    input.Body.monitoringConfig.clusterHash == STRING
    input.Body.monitoringConfig.kubernetesMetricsPrefix == STRING
    input.Body.monitoringConfig.location == STRING
    input.Body.monitoringConfig.projectId == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.rbacrolebindings.create

enum_RolePredefinedRole := [ "UNKNOWN", "ADMIN", "EDIT", "VIEW", "ANTHOS_SUPPORT" ]

valid {
    input.Body.group == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.role.predefinedRole == enum_RolePredefinedRole[_]
    input.Body.user == STRING
    input.ReqMap.parent == STRING
    input.Qs.rbacrolebindingId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.rbacrolebindings.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.rbacrolebindings.generateMembershipRBACRoleBindingYAML

enum_RolePredefinedRole := [ "UNKNOWN", "ADMIN", "EDIT", "VIEW", "ANTHOS_SUPPORT" ]

valid {
    input.Body.group == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.role.predefinedRole == enum_RolePredefinedRole[_]
    input.Body.user == STRING
    input.ReqMap.parent == STRING
    input.Qs.rbacrolebindingId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.rbacrolebindings.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.rbacrolebindings.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.rbacrolebindings.patch

enum_RolePredefinedRole := [ "UNKNOWN", "ADMIN", "EDIT", "VIEW", "ANTHOS_SUPPORT" ]

valid {
    input.Body.group == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.role.predefinedRole == enum_RolePredefinedRole[_]
    input.Body.user == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.validateCreate

enum_OnPremClusterClusterType := [ "CLUSTERTYPE_UNSPECIFIED", "BOOTSTRAP", "HYBRID", "STANDALONE", "USER" ]

valid {
    input.Body.membership.authority.issuer == STRING
    input.Body.membership.authority.oidcJwks == STRING
    input.Body.membership.endpoint.applianceCluster.resourceLink == STRING
    input.Body.membership.endpoint.edgeCluster.resourceLink == STRING
    input.Body.membership.endpoint.gkeCluster.resourceLink == STRING
    input.Body.membership.endpoint.kubernetesResource.membershipCrManifest == STRING
    input.Body.membership.endpoint.kubernetesResource.resourceOptions.connectVersion == STRING
    input.Body.membership.endpoint.kubernetesResource.resourceOptions.k8sVersion == STRING
    input.Body.membership.endpoint.kubernetesResource.resourceOptions.v1beta1Crd == BOOLEAN
    input.Body.membership.endpoint.multiCloudCluster.resourceLink == STRING
    input.Body.membership.endpoint.onPremCluster.adminCluster == BOOLEAN
    input.Body.membership.endpoint.onPremCluster.clusterType == enum_OnPremClusterClusterType[_]
    input.Body.membership.endpoint.onPremCluster.resourceLink == STRING
    input.Body.membership.externalId == STRING
    input.Body.membership.labels.STRING == STRING
    input.Body.membership.monitoringConfig.cluster == STRING
    input.Body.membership.monitoringConfig.clusterHash == STRING
    input.Body.membership.monitoringConfig.kubernetesMetricsPrefix == STRING
    input.Body.membership.monitoringConfig.location == STRING
    input.Body.membership.monitoringConfig.projectId == STRING
    input.Body.membershipId == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.memberships.validateExclusivity

valid {
    input.ReqMap.parent == STRING
    input.Qs.crManifest == STRING
    input.Qs.intendedMembership == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.operations.cancel

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.operations.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.operations.list

valid {
    input.ReqMap.name == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.create

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.namespaceLabels.STRING == STRING
    input.ReqMap.parent == STRING
    input.Qs.scopeId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.listMemberships

valid {
    input.ReqMap.scopeName == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.listPermitted

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.namespaces.create

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.namespaceLabels.STRING == STRING
    input.Body.scope == STRING
    input.ReqMap.parent == STRING
    input.Qs.scopeNamespaceId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.namespaces.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.namespaces.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.namespaces.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.namespaces.patch

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.namespaceLabels.STRING == STRING
    input.Body.scope == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.patch

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.namespaceLabels.STRING == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.rbacrolebindings.create

enum_RolePredefinedRole := [ "UNKNOWN", "ADMIN", "EDIT", "VIEW", "ANTHOS_SUPPORT" ]

valid {
    input.Body.group == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.role.predefinedRole == enum_RolePredefinedRole[_]
    input.Body.user == STRING
    input.ReqMap.parent == STRING
    input.Qs.rbacrolebindingId == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.rbacrolebindings.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.rbacrolebindings.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.rbacrolebindings.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.rbacrolebindings.patch

enum_RolePredefinedRole := [ "UNKNOWN", "ADMIN", "EDIT", "VIEW", "ANTHOS_SUPPORT" ]

valid {
    input.Body.group == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.role.predefinedRole == enum_RolePredefinedRole[_]
    input.Body.user == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

gkehub.projects.locations.scopes.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}