AssociateLicense

enum_LicenseType := [ "ENTERPRISE", "ENTERPRISE_FREE_TRIAL" ]

valid {
    input.ReqMap.licenseType == enum_LicenseType[_]
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateWorkspace

enum_AccountAccessType := [ "CURRENT_ACCOUNT", "ORGANIZATION" ]
enum_AuthenticationProviderTypes := [ "AWS_SSO", "SAML" ]
enum_DataSourceType := [ "AMAZON_OPENSEARCH_SERVICE", "CLOUDWATCH", "PROMETHEUS", "XRAY", "TIMESTREAM", "SITEWISE", "ATHENA", "REDSHIFT", "TWINMAKER" ]
enum_NotificationDestinationType := [ "SNS" ]
enum_PermissionType := [ "CUSTOMER_MANAGED", "SERVICE_MANAGED" ]

valid {
    input.Body.accountAccessType == enum_AccountAccessType[_]
    input.Body.authenticationProviders[_] == enum_AuthenticationProviderTypes[_]
    input.Body.clientToken == STRING
    input.Body.configuration == STRING
    input.Body.grafanaVersion == STRING
    input.Body.networkAccessControl.prefixListIds[_] == STRING
    input.Body.networkAccessControl.vpceIds[_] == STRING
    input.Body.organizationRoleName == STRING
    input.Body.permissionType == enum_PermissionType[_]
    input.Body.stackSetName == STRING
    input.Body.tags.STRING == STRING
    input.Body.vpcConfiguration.securityGroupIds[_] == STRING
    input.Body.vpcConfiguration.subnetIds[_] == STRING
    input.Body.workspaceDataSources[_] == enum_DataSourceType[_]
    input.Body.workspaceDescription == STRING
    input.Body.workspaceName == STRING
    input.Body.workspaceNotificationDestinations[_] == enum_NotificationDestinationType[_]
    input.Body.workspaceOrganizationalUnits[_] == STRING
    input.Body.workspaceRoleArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateWorkspaceApiKey

valid {
    input.Body.keyName == STRING
    input.Body.keyRole == STRING
    input.Body.secondsToLive == INTEGER
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateWorkspaceServiceAccount

enum_Role := [ "ADMIN", "EDITOR", "VIEWER" ]

valid {
    input.Body.grafanaRole == enum_Role[_]
    input.Body.name == STRING
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateWorkspaceServiceAccountToken

valid {
    input.Body.name == STRING
    input.Body.secondsToLive == INTEGER
    input.ReqMap.serviceAccountId == STRING
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteWorkspace

valid {
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteWorkspaceApiKey

valid {
    input.ReqMap.keyName == STRING
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteWorkspaceServiceAccount

valid {
    input.ReqMap.serviceAccountId == STRING
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteWorkspaceServiceAccountToken

valid {
    input.ReqMap.serviceAccountId == STRING
    input.ReqMap.tokenId == STRING
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeWorkspace

valid {
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeWorkspaceAuthentication

valid {
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeWorkspaceConfiguration

valid {
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateLicense

enum_LicenseType := [ "ENTERPRISE", "ENTERPRISE_FREE_TRIAL" ]

valid {
    input.ReqMap.licenseType == enum_LicenseType[_]
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPermissions

enum_UserType := [ "SSO_USER", "SSO_GROUP" ]

valid {
    input.ReqMap.workspaceId == STRING
    input.Qs.groupId == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.userId == STRING
    input.Qs.userType == enum_UserType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListVersions

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.workspace-id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListWorkspaceServiceAccountTokens

valid {
    input.ReqMap.serviceAccountId == STRING
    input.ReqMap.workspaceId == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListWorkspaceServiceAccounts

valid {
    input.ReqMap.workspaceId == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListWorkspaces

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.tags.STRING == STRING
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.ReqMap.resourceArn == STRING
    input.Qs.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePermissions

enum_Role := [ "ADMIN", "EDITOR", "VIEWER" ]
enum_UpdateAction := [ "ADD", "REVOKE" ]
enum_UserType := [ "SSO_USER", "SSO_GROUP" ]

valid {
    input.Body.updateInstructionBatch[_].action == enum_UpdateAction[_]
    input.Body.updateInstructionBatch[_].role == enum_Role[_]
    input.Body.updateInstructionBatch[_].users[_].id == STRING
    input.Body.updateInstructionBatch[_].users[_].type == enum_UserType[_]
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateWorkspace

enum_AccountAccessType := [ "CURRENT_ACCOUNT", "ORGANIZATION" ]
enum_DataSourceType := [ "AMAZON_OPENSEARCH_SERVICE", "CLOUDWATCH", "PROMETHEUS", "XRAY", "TIMESTREAM", "SITEWISE", "ATHENA", "REDSHIFT", "TWINMAKER" ]
enum_NotificationDestinationType := [ "SNS" ]
enum_PermissionType := [ "CUSTOMER_MANAGED", "SERVICE_MANAGED" ]

valid {
    input.Body.accountAccessType == enum_AccountAccessType[_]
    input.Body.networkAccessControl.prefixListIds[_] == STRING
    input.Body.networkAccessControl.vpceIds[_] == STRING
    input.Body.organizationRoleName == STRING
    input.Body.permissionType == enum_PermissionType[_]
    input.Body.removeNetworkAccessConfiguration == BOOLEAN
    input.Body.removeVpcConfiguration == BOOLEAN
    input.Body.stackSetName == STRING
    input.Body.vpcConfiguration.securityGroupIds[_] == STRING
    input.Body.vpcConfiguration.subnetIds[_] == STRING
    input.Body.workspaceDataSources[_] == enum_DataSourceType[_]
    input.Body.workspaceDescription == STRING
    input.Body.workspaceName == STRING
    input.Body.workspaceNotificationDestinations[_] == enum_NotificationDestinationType[_]
    input.Body.workspaceOrganizationalUnits[_] == STRING
    input.Body.workspaceRoleArn == STRING
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateWorkspaceAuthentication

enum_AuthenticationProviderTypes := [ "AWS_SSO", "SAML" ]

valid {
    input.Body.authenticationProviders[_] == enum_AuthenticationProviderTypes[_]
    input.Body.samlConfiguration.allowedOrganizations[_] == STRING
    input.Body.samlConfiguration.assertionAttributes.email == STRING
    input.Body.samlConfiguration.assertionAttributes.groups == STRING
    input.Body.samlConfiguration.assertionAttributes.login == STRING
    input.Body.samlConfiguration.assertionAttributes.name == STRING
    input.Body.samlConfiguration.assertionAttributes.org == STRING
    input.Body.samlConfiguration.assertionAttributes.role == STRING
    input.Body.samlConfiguration.idpMetadata.url == STRING
    input.Body.samlConfiguration.idpMetadata.xml == STRING
    input.Body.samlConfiguration.loginValidityDuration == INTEGER
    input.Body.samlConfiguration.roleValues.admin[_] == STRING
    input.Body.samlConfiguration.roleValues.editor[_] == STRING
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateWorkspaceConfiguration

valid {
    input.Body.configuration == STRING
    input.Body.grafanaVersion == STRING
    input.ReqMap.workspaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}