BatchAssociateScramSecret

valid {
    input.Body.secretArnList[_] == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchDisassociateScramSecret

valid {
    input.Body.secretArnList[_] == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCluster

enum_BrokerAZDistribution := [ "DEFAULT" ]
enum_ClientBroker := [ "TLS", "TLS_PLAINTEXT", "PLAINTEXT" ]
enum_EnhancedMonitoring := [ "DEFAULT", "PER_BROKER", "PER_TOPIC_PER_BROKER", "PER_TOPIC_PER_PARTITION" ]
enum_StorageMode := [ "LOCAL", "TIERED" ]

valid {
    input.Body.brokerNodeGroupInfo.brokerAZDistribution == enum_BrokerAZDistribution[_]
    input.Body.brokerNodeGroupInfo.clientSubnets[_] == STRING
    input.Body.brokerNodeGroupInfo.instanceType == STRING
    input.Body.brokerNodeGroupInfo.securityGroups[_] == STRING
    input.Body.brokerNodeGroupInfo.storageInfo.ebsStorageInfo.provisionedThroughput.enabled == BOOLEAN
    input.Body.brokerNodeGroupInfo.storageInfo.ebsStorageInfo.provisionedThroughput.volumeThroughput == INTEGER
    input.Body.brokerNodeGroupInfo.storageInfo.ebsStorageInfo.volumeSize == INTEGER
    input.Body.brokerNodeGroupInfo.connectivityInfo.publicAccess.type == STRING
    input.Body.brokerNodeGroupInfo.connectivityInfo.vpcConnectivity.clientAuthentication.sasl.scram.enabled == BOOLEAN
    input.Body.brokerNodeGroupInfo.connectivityInfo.vpcConnectivity.clientAuthentication.sasl.iam.enabled == BOOLEAN
    input.Body.brokerNodeGroupInfo.connectivityInfo.vpcConnectivity.clientAuthentication.tls.enabled == BOOLEAN
    input.Body.brokerNodeGroupInfo.zoneIds[_] == STRING
    input.Body.clientAuthentication.sasl.scram.enabled == BOOLEAN
    input.Body.clientAuthentication.sasl.iam.enabled == BOOLEAN
    input.Body.clientAuthentication.tls.certificateAuthorityArnList[_] == STRING
    input.Body.clientAuthentication.tls.enabled == BOOLEAN
    input.Body.clientAuthentication.unauthenticated.enabled == BOOLEAN
    input.Body.clusterName == STRING
    input.Body.configurationInfo.arn == STRING
    input.Body.configurationInfo.revision == LONG
    input.Body.encryptionInfo.encryptionAtRest.dataVolumeKMSKeyId == STRING
    input.Body.encryptionInfo.encryptionInTransit.clientBroker == enum_ClientBroker[_]
    input.Body.encryptionInfo.encryptionInTransit.inCluster == BOOLEAN
    input.Body.enhancedMonitoring == enum_EnhancedMonitoring[_]
    input.Body.openMonitoring.prometheus.jmxExporter.enabledInBroker == BOOLEAN
    input.Body.openMonitoring.prometheus.nodeExporter.enabledInBroker == BOOLEAN
    input.Body.kafkaVersion == STRING
    input.Body.loggingInfo.brokerLogs.cloudWatchLogs.enabled == BOOLEAN
    input.Body.loggingInfo.brokerLogs.cloudWatchLogs.logGroup == STRING
    input.Body.loggingInfo.brokerLogs.firehose.deliveryStream == STRING
    input.Body.loggingInfo.brokerLogs.firehose.enabled == BOOLEAN
    input.Body.loggingInfo.brokerLogs.s3.bucket == STRING
    input.Body.loggingInfo.brokerLogs.s3.enabled == BOOLEAN
    input.Body.loggingInfo.brokerLogs.s3.prefix == STRING
    input.Body.numberOfBrokerNodes == INTEGER
    input.Body.tags.STRING == STRING
    input.Body.storageMode == enum_StorageMode[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateClusterV2

enum_BrokerAZDistribution := [ "DEFAULT" ]
enum_ClientBroker := [ "TLS", "TLS_PLAINTEXT", "PLAINTEXT" ]
enum_EnhancedMonitoring := [ "DEFAULT", "PER_BROKER", "PER_TOPIC_PER_BROKER", "PER_TOPIC_PER_PARTITION" ]
enum_StorageMode := [ "LOCAL", "TIERED" ]

valid {
    input.Body.clusterName == STRING
    input.Body.tags.STRING == STRING
    input.Body.provisioned.brokerNodeGroupInfo.brokerAZDistribution == enum_BrokerAZDistribution[_]
    input.Body.provisioned.brokerNodeGroupInfo.clientSubnets[_] == STRING
    input.Body.provisioned.brokerNodeGroupInfo.instanceType == STRING
    input.Body.provisioned.brokerNodeGroupInfo.securityGroups[_] == STRING
    input.Body.provisioned.brokerNodeGroupInfo.storageInfo.ebsStorageInfo.provisionedThroughput.enabled == BOOLEAN
    input.Body.provisioned.brokerNodeGroupInfo.storageInfo.ebsStorageInfo.provisionedThroughput.volumeThroughput == INTEGER
    input.Body.provisioned.brokerNodeGroupInfo.storageInfo.ebsStorageInfo.volumeSize == INTEGER
    input.Body.provisioned.brokerNodeGroupInfo.connectivityInfo.publicAccess.type == STRING
    input.Body.provisioned.brokerNodeGroupInfo.connectivityInfo.vpcConnectivity.clientAuthentication.sasl.scram.enabled == BOOLEAN
    input.Body.provisioned.brokerNodeGroupInfo.connectivityInfo.vpcConnectivity.clientAuthentication.sasl.iam.enabled == BOOLEAN
    input.Body.provisioned.brokerNodeGroupInfo.connectivityInfo.vpcConnectivity.clientAuthentication.tls.enabled == BOOLEAN
    input.Body.provisioned.brokerNodeGroupInfo.zoneIds[_] == STRING
    input.Body.provisioned.clientAuthentication.sasl.scram.enabled == BOOLEAN
    input.Body.provisioned.clientAuthentication.sasl.iam.enabled == BOOLEAN
    input.Body.provisioned.clientAuthentication.tls.certificateAuthorityArnList[_] == STRING
    input.Body.provisioned.clientAuthentication.tls.enabled == BOOLEAN
    input.Body.provisioned.clientAuthentication.unauthenticated.enabled == BOOLEAN
    input.Body.provisioned.configurationInfo.arn == STRING
    input.Body.provisioned.configurationInfo.revision == LONG
    input.Body.provisioned.encryptionInfo.encryptionAtRest.dataVolumeKMSKeyId == STRING
    input.Body.provisioned.encryptionInfo.encryptionInTransit.clientBroker == enum_ClientBroker[_]
    input.Body.provisioned.encryptionInfo.encryptionInTransit.inCluster == BOOLEAN
    input.Body.provisioned.enhancedMonitoring == enum_EnhancedMonitoring[_]
    input.Body.provisioned.openMonitoring.prometheus.jmxExporter.enabledInBroker == BOOLEAN
    input.Body.provisioned.openMonitoring.prometheus.nodeExporter.enabledInBroker == BOOLEAN
    input.Body.provisioned.kafkaVersion == STRING
    input.Body.provisioned.loggingInfo.brokerLogs.cloudWatchLogs.enabled == BOOLEAN
    input.Body.provisioned.loggingInfo.brokerLogs.cloudWatchLogs.logGroup == STRING
    input.Body.provisioned.loggingInfo.brokerLogs.firehose.deliveryStream == STRING
    input.Body.provisioned.loggingInfo.brokerLogs.firehose.enabled == BOOLEAN
    input.Body.provisioned.loggingInfo.brokerLogs.s3.bucket == STRING
    input.Body.provisioned.loggingInfo.brokerLogs.s3.enabled == BOOLEAN
    input.Body.provisioned.loggingInfo.brokerLogs.s3.prefix == STRING
    input.Body.provisioned.numberOfBrokerNodes == INTEGER
    input.Body.provisioned.storageMode == enum_StorageMode[_]
    input.Body.serverless.vpcConfigs[_].subnetIds[_] == STRING
    input.Body.serverless.vpcConfigs[_].securityGroupIds[_] == STRING
    input.Body.serverless.clientAuthentication.sasl.iam.enabled == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateConfiguration

valid {
    input.Body.description == STRING
    input.Body.kafkaVersions[_] == STRING
    input.Body.name == STRING
    input.Body.serverProperties == BLOB
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateReplicator

enum_ReplicationStartingPositionType := [ "LATEST", "EARLIEST" ]
enum_ReplicationTopicNameConfigurationType := [ "PREFIXED_WITH_SOURCE_CLUSTER_ALIAS", "IDENTICAL" ]
enum_TargetCompressionType := [ "NONE", "GZIP", "SNAPPY", "LZ4", "ZSTD" ]

valid {
    input.Body.description == STRING
    input.Body.kafkaClusters[_].amazonMskCluster.mskClusterArn == STRING
    input.Body.kafkaClusters[_].vpcConfig.securityGroupIds[_] == STRING
    input.Body.kafkaClusters[_].vpcConfig.subnetIds[_] == STRING
    input.Body.replicationInfoList[_].consumerGroupReplication.consumerGroupsToExclude[_] == STRING
    input.Body.replicationInfoList[_].consumerGroupReplication.consumerGroupsToReplicate[_] == STRING
    input.Body.replicationInfoList[_].consumerGroupReplication.detectAndCopyNewConsumerGroups == BOOLEAN
    input.Body.replicationInfoList[_].consumerGroupReplication.synchroniseConsumerGroupOffsets == BOOLEAN
    input.Body.replicationInfoList[_].sourceKafkaClusterArn == STRING
    input.Body.replicationInfoList[_].targetCompressionType == enum_TargetCompressionType[_]
    input.Body.replicationInfoList[_].targetKafkaClusterArn == STRING
    input.Body.replicationInfoList[_].topicReplication.copyAccessControlListsForTopics == BOOLEAN
    input.Body.replicationInfoList[_].topicReplication.copyTopicConfigurations == BOOLEAN
    input.Body.replicationInfoList[_].topicReplication.detectAndCopyNewTopics == BOOLEAN
    input.Body.replicationInfoList[_].topicReplication.startingPosition.type == enum_ReplicationStartingPositionType[_]
    input.Body.replicationInfoList[_].topicReplication.topicNameConfiguration.type == enum_ReplicationTopicNameConfigurationType[_]
    input.Body.replicationInfoList[_].topicReplication.topicsToExclude[_] == STRING
    input.Body.replicationInfoList[_].topicReplication.topicsToReplicate[_] == STRING
    input.Body.replicatorName == STRING
    input.Body.serviceExecutionRoleArn == STRING
    input.Body.tags.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateVpcConnection

valid {
    input.Body.targetClusterArn == STRING
    input.Body.authentication == STRING
    input.Body.vpcId == STRING
    input.Body.clientSubnets[_] == STRING
    input.Body.securityGroups[_] == STRING
    input.Body.tags.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCluster

valid {
    input.ReqMap.clusterArn == STRING
    input.Qs.currentVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteClusterPolicy

valid {
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteConfiguration

valid {
    input.ReqMap.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteReplicator

valid {
    input.ReqMap.replicatorArn == STRING
    input.Qs.currentVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteVpcConnection

valid {
    input.ReqMap.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCluster

valid {
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeClusterOperation

valid {
    input.ReqMap.clusterOperationArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeClusterOperationV2

valid {
    input.ReqMap.clusterOperationArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeClusterV2

valid {
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeConfiguration

valid {
    input.ReqMap.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeConfigurationRevision

valid {
    input.ReqMap.arn == STRING
    input.ReqMap.revision == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeReplicator

valid {
    input.ReqMap.replicatorArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeVpcConnection

valid {
    input.ReqMap.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBootstrapBrokers

valid {
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetClusterPolicy

valid {
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCompatibleKafkaVersions

valid {
    input.Qs.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListClientVpcConnections

valid {
    input.ReqMap.clusterArn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListClusterOperations

valid {
    input.ReqMap.clusterArn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListClusterOperationsV2

valid {
    input.ReqMap.clusterArn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListClusters

valid {
    input.Qs.clusterNameFilter == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListClustersV2

valid {
    input.Qs.clusterNameFilter == STRING
    input.Qs.clusterTypeFilter == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListConfigurationRevisions

valid {
    input.ReqMap.arn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListConfigurations

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListKafkaVersions

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListNodes

valid {
    input.ReqMap.clusterArn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListReplicators

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.replicatorNameFilter == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListScramSecrets

valid {
    input.ReqMap.clusterArn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListVpcConnections

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutClusterPolicy

valid {
    input.Body.currentVersion == STRING
    input.Body.policy == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RebootBroker

valid {
    input.Body.brokerIds[_] == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RejectClientVpcConnection

valid {
    input.Body.vpcConnectionArn == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.tags.STRING == STRING
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.ReqMap.resourceArn == STRING
    input.Qs.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateBrokerCount

valid {
    input.Body.currentVersion == STRING
    input.Body.targetNumberOfBrokerNodes == INTEGER
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateBrokerStorage

valid {
    input.Body.currentVersion == STRING
    input.Body.targetBrokerEBSVolumeInfo[_].kafkaBrokerNodeId == STRING
    input.Body.targetBrokerEBSVolumeInfo[_].provisionedThroughput.enabled == BOOLEAN
    input.Body.targetBrokerEBSVolumeInfo[_].provisionedThroughput.volumeThroughput == INTEGER
    input.Body.targetBrokerEBSVolumeInfo[_].volumeSizeGB == INTEGER
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateBrokerType

valid {
    input.Body.currentVersion == STRING
    input.Body.targetInstanceType == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateClusterConfiguration

valid {
    input.Body.configurationInfo.arn == STRING
    input.Body.configurationInfo.revision == LONG
    input.Body.currentVersion == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateClusterKafkaVersion

valid {
    input.Body.configurationInfo.arn == STRING
    input.Body.configurationInfo.revision == LONG
    input.Body.currentVersion == STRING
    input.Body.targetKafkaVersion == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateConfiguration

valid {
    input.Body.description == STRING
    input.Body.serverProperties == BLOB
    input.ReqMap.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateConnectivity

valid {
    input.Body.connectivityInfo.publicAccess.type == STRING
    input.Body.connectivityInfo.vpcConnectivity.clientAuthentication.sasl.scram.enabled == BOOLEAN
    input.Body.connectivityInfo.vpcConnectivity.clientAuthentication.sasl.iam.enabled == BOOLEAN
    input.Body.connectivityInfo.vpcConnectivity.clientAuthentication.tls.enabled == BOOLEAN
    input.Body.currentVersion == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateMonitoring

enum_EnhancedMonitoring := [ "DEFAULT", "PER_BROKER", "PER_TOPIC_PER_BROKER", "PER_TOPIC_PER_PARTITION" ]

valid {
    input.Body.currentVersion == STRING
    input.Body.enhancedMonitoring == enum_EnhancedMonitoring[_]
    input.Body.openMonitoring.prometheus.jmxExporter.enabledInBroker == BOOLEAN
    input.Body.openMonitoring.prometheus.nodeExporter.enabledInBroker == BOOLEAN
    input.Body.loggingInfo.brokerLogs.cloudWatchLogs.enabled == BOOLEAN
    input.Body.loggingInfo.brokerLogs.cloudWatchLogs.logGroup == STRING
    input.Body.loggingInfo.brokerLogs.firehose.deliveryStream == STRING
    input.Body.loggingInfo.brokerLogs.firehose.enabled == BOOLEAN
    input.Body.loggingInfo.brokerLogs.s3.bucket == STRING
    input.Body.loggingInfo.brokerLogs.s3.enabled == BOOLEAN
    input.Body.loggingInfo.brokerLogs.s3.prefix == STRING
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateReplicationInfo

valid {
    input.Body.consumerGroupReplication.consumerGroupsToExclude[_] == STRING
    input.Body.consumerGroupReplication.consumerGroupsToReplicate[_] == STRING
    input.Body.consumerGroupReplication.detectAndCopyNewConsumerGroups == BOOLEAN
    input.Body.consumerGroupReplication.synchroniseConsumerGroupOffsets == BOOLEAN
    input.Body.currentVersion == STRING
    input.Body.sourceKafkaClusterArn == STRING
    input.Body.targetKafkaClusterArn == STRING
    input.Body.topicReplication.copyAccessControlListsForTopics == BOOLEAN
    input.Body.topicReplication.copyTopicConfigurations == BOOLEAN
    input.Body.topicReplication.detectAndCopyNewTopics == BOOLEAN
    input.Body.topicReplication.topicsToExclude[_] == STRING
    input.Body.topicReplication.topicsToReplicate[_] == STRING
    input.ReqMap.replicatorArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSecurity

enum_ClientBroker := [ "TLS", "TLS_PLAINTEXT", "PLAINTEXT" ]

valid {
    input.Body.clientAuthentication.sasl.scram.enabled == BOOLEAN
    input.Body.clientAuthentication.sasl.iam.enabled == BOOLEAN
    input.Body.clientAuthentication.tls.certificateAuthorityArnList[_] == STRING
    input.Body.clientAuthentication.tls.enabled == BOOLEAN
    input.Body.clientAuthentication.unauthenticated.enabled == BOOLEAN
    input.Body.currentVersion == STRING
    input.Body.encryptionInfo.encryptionAtRest.dataVolumeKMSKeyId == STRING
    input.Body.encryptionInfo.encryptionInTransit.clientBroker == enum_ClientBroker[_]
    input.Body.encryptionInfo.encryptionInTransit.inCluster == BOOLEAN
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateStorage

enum_StorageMode := [ "LOCAL", "TIERED" ]

valid {
    input.Body.currentVersion == STRING
    input.Body.provisionedThroughput.enabled == BOOLEAN
    input.Body.provisionedThroughput.volumeThroughput == INTEGER
    input.Body.storageMode == enum_StorageMode[_]
    input.Body.volumeSizeGB == INTEGER
    input.ReqMap.clusterArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}