MICROSOFT.AUTHORIZATION

AccessReviewDefaultSettings_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewDefaultSettings_Put

enum_AccessReviewRecurrencePatternType := [ "weekly", "absoluteMonthly" ]
enum_AccessReviewRecurrenceRangeType := [ "endDate", "noEnd", "numbered" ]
enum_AccessReviewScheduleSettingsDefaultDecision := [ "Approve", "Deny", "Recommendation" ]

valid {
    input.Body.mailNotificationsEnabled == BOOLEAN
    input.Body.reminderNotificationsEnabled == BOOLEAN
    input.Body.defaultDecisionEnabled == BOOLEAN
    input.Body.justificationRequiredOnApproval == BOOLEAN
    input.Body.defaultDecision == enum_AccessReviewScheduleSettingsDefaultDecision[_]
    input.Body.autoApplyDecisionsEnabled == BOOLEAN
    input.Body.recommendationsEnabled == BOOLEAN
    input.Body.recommendationLookBackDuration == STRING
    input.Body.instanceDurationInDays == INTEGER
    input.Body.recurrence.pattern.type == enum_AccessReviewRecurrencePatternType[_]
    input.Body.recurrence.pattern.interval == INTEGER
    input.Body.recurrence.range.type == enum_AccessReviewRecurrenceRangeType[_]
    input.Body.recurrence.range.numberOfOccurrences == INTEGER
    input.Body.recurrence.range.startDate == STRING
    input.Body.recurrence.range.endDate == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewHistoryDefinitionInstance_GenerateDownloadUri

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.ReqMap.instanceId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewHistoryDefinitionInstances_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewHistoryDefinition_Create

enum_AccessReviewHistoryDefinitionPropertiesDecisions := [ "Approve", "Deny", "NotReviewed", "DontKnow", "NotNotified" ]
enum_AccessReviewRecurrencePatternType := [ "weekly", "absoluteMonthly" ]
enum_AccessReviewRecurrenceRangeType := [ "endDate", "noEnd", "numbered" ]

valid {
    input.Body.displayName == STRING
    input.Body.decisions[_] == enum_AccessReviewHistoryDefinitionPropertiesDecisions[_]
    input.Body.scopes[_].inactiveDuration == STRING
    input.Body.scopes[_].expandNestedMemberships == BOOLEAN
    input.Body.scopes[_].includeInheritedAccess == BOOLEAN
    input.Body.scopes[_].includeAccessBelowResource == BOOLEAN
    input.Body.scopes[_].excludeResourceId == STRING
    input.Body.scopes[_].excludeRoleDefinitionId == STRING
    input.Body.settings.pattern.type == enum_AccessReviewRecurrencePatternType[_]
    input.Body.settings.pattern.interval == INTEGER
    input.Body.settings.range.type == enum_AccessReviewRecurrenceRangeType[_]
    input.Body.settings.range.numberOfOccurrences == INTEGER
    input.Body.settings.range.startDate == STRING
    input.Body.settings.range.endDate == STRING
    input.Body.instances[_].properties.reviewHistoryPeriodStartDateTime == STRING
    input.Body.instances[_].properties.reviewHistoryPeriodEndDateTime == STRING
    input.Body.instances[_].properties.displayName == STRING
    input.Body.instances[_].properties.runDateTime == STRING
    input.Body.instances[_].properties.fulfilledDateTime == STRING
    input.Body.instances[_].properties.expiration == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewHistoryDefinition_DeleteById

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewHistoryDefinitions_GetById

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewHistoryDefinitions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstanceContactedReviewers_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstanceDecisions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstanceMyDecisions_GetById

valid {
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.ReqMap.decisionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AccessReviewInstanceMyDecisions_List

valid {
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

AccessReviewInstanceMyDecisions_Patch

enum_AccessReviewDecisionInsightPropertiesType := [ "userSignInInsight" ]
enum_AccessReviewDecisionPropertiesDecision := [ "Approve", "Deny", "NotReviewed", "DontKnow", "NotNotified" ]

valid {
    input.Body.decision == enum_AccessReviewDecisionPropertiesDecision[_]
    input.Body.justification == STRING
    input.Body.insights[_].properties.type == enum_AccessReviewDecisionInsightPropertiesType[_]
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.ReqMap.decisionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AccessReviewInstance_AcceptRecommendations

valid {
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AccessReviewInstance_ApplyDecisions

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstance_ResetDecisions

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstance_SendReminders

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstance_Stop

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstancesAssignedForMyApproval_GetById

valid {
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AccessReviewInstancesAssignedForMyApproval_List

valid {
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

AccessReviewInstances_Create

valid {
    input.Body.startDateTime == STRING
    input.Body.endDateTime == STRING
    input.Body.reviewers[_].principalId == STRING
    input.Body.backupReviewers[_].principalId == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstances_GetById

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewInstances_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewScheduleDefinitionsAssignedForMyApproval_List

valid {
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

AccessReviewScheduleDefinitions_CreateOrUpdateById

enum_AccessReviewRecurrencePatternType := [ "weekly", "absoluteMonthly" ]
enum_AccessReviewRecurrenceRangeType := [ "endDate", "noEnd", "numbered" ]
enum_AccessReviewScheduleSettingsDefaultDecision := [ "Approve", "Deny", "Recommendation" ]

valid {
    input.Body.displayName == STRING
    input.Body.descriptionForAdmins == STRING
    input.Body.descriptionForReviewers == STRING
    input.Body.settings.mailNotificationsEnabled == BOOLEAN
    input.Body.settings.reminderNotificationsEnabled == BOOLEAN
    input.Body.settings.defaultDecisionEnabled == BOOLEAN
    input.Body.settings.justificationRequiredOnApproval == BOOLEAN
    input.Body.settings.defaultDecision == enum_AccessReviewScheduleSettingsDefaultDecision[_]
    input.Body.settings.autoApplyDecisionsEnabled == BOOLEAN
    input.Body.settings.recommendationsEnabled == BOOLEAN
    input.Body.settings.recommendationLookBackDuration == STRING
    input.Body.settings.instanceDurationInDays == INTEGER
    input.Body.settings.recurrence.pattern.type == enum_AccessReviewRecurrencePatternType[_]
    input.Body.settings.recurrence.pattern.interval == INTEGER
    input.Body.settings.recurrence.range.type == enum_AccessReviewRecurrenceRangeType[_]
    input.Body.settings.recurrence.range.numberOfOccurrences == INTEGER
    input.Body.settings.recurrence.range.startDate == STRING
    input.Body.settings.recurrence.range.endDate == STRING
    input.Body.reviewers[_].principalId == STRING
    input.Body.backupReviewers[_].principalId == STRING
    input.Body.instances[_].properties.startDateTime == STRING
    input.Body.instances[_].properties.endDateTime == STRING
    input.Body.instances[_].properties.reviewers[_].principalId == STRING
    input.Body.instances[_].properties.backupReviewers[_].principalId == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewScheduleDefinitions_DeleteById

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewScheduleDefinitions_GetById

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewScheduleDefinitions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AccessReviewScheduleDefinitions_Stop

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AlertConfigurations_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.alertId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertConfigurations_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertConfigurations_Update

valid {
    input.Body.properties.isEnabled == BOOLEAN
    input.Body.properties.alertConfigurationType == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.alertId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertDefinitions_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.alertDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertDefinitions_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertIncidents_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.alertId == STRING
    input.ReqMap.alertIncidentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertIncidents_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.alertId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertIncidents_Remediate

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.alertId == STRING
    input.ReqMap.alertIncidentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertOperation_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.operationId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Alerts_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.alertId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Alerts_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Alerts_Refresh

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.alertId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Alerts_RefreshAll

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Alerts_Update

valid {
    input.Body.properties.isActive == BOOLEAN
    input.ReqMap.scope == STRING
    input.ReqMap.alertId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ClassicAdministrators_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

DataPolicyManifests_GetByPolicyMode

valid {
    input.ReqMap.policyMode == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DataPolicyManifests_List

valid {
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

DenyAssignments_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.denyAssignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DenyAssignments_GetById

valid {
    input.ReqMap.denyAssignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DenyAssignments_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

DenyAssignments_ListForResource

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.parentResourcePath == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DenyAssignments_ListForResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DenyAssignments_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

EligibleChildResources_Get

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GlobalAdministrator_ElevateAccess

valid {
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ManagementLocks_CreateOrUpdateAtResourceGroupLevel

enum_ManagementLockPropertiesLevel := [ "NotSpecified", "CanNotDelete", "ReadOnly" ]

valid {
    input.Body.properties.level == enum_ManagementLockPropertiesLevel[_]
    input.Body.properties.notes == STRING
    input.Body.properties.owners[_].applicationId == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ManagementLocks_CreateOrUpdateAtResourceLevel

enum_ManagementLockPropertiesLevel := [ "NotSpecified", "CanNotDelete", "ReadOnly" ]

valid {
    input.Body.properties.level == enum_ManagementLockPropertiesLevel[_]
    input.Body.properties.notes == STRING
    input.Body.properties.owners[_].applicationId == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.parentResourcePath == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ManagementLocks_CreateOrUpdateAtSubscriptionLevel

enum_ManagementLockPropertiesLevel := [ "NotSpecified", "CanNotDelete", "ReadOnly" ]

valid {
    input.Body.properties.level == enum_ManagementLockPropertiesLevel[_]
    input.Body.properties.notes == STRING
    input.Body.properties.owners[_].applicationId == STRING
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

ManagementLocks_CreateOrUpdateByScope

enum_ManagementLockPropertiesLevel := [ "NotSpecified", "CanNotDelete", "ReadOnly" ]

valid {
    input.Body.properties.level == enum_ManagementLockPropertiesLevel[_]
    input.Body.properties.notes == STRING
    input.Body.properties.owners[_].applicationId == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.lockName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ManagementLocks_DeleteAtResourceGroupLevel

valid {
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ManagementLocks_DeleteAtResourceLevel

valid {
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.parentResourcePath == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ManagementLocks_DeleteAtSubscriptionLevel

valid {
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

ManagementLocks_DeleteByScope

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.lockName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ManagementLocks_GetAtResourceGroupLevel

valid {
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ManagementLocks_GetAtResourceLevel

valid {
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.parentResourcePath == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ManagementLocks_GetAtSubscriptionLevel

valid {
    input.ReqMap.lockName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

ManagementLocks_GetByScope

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.lockName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ManagementLocks_ListAtResourceGroupLevel

valid {
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ManagementLocks_ListAtResourceLevel

valid {
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.parentResourcePath == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ManagementLocks_ListAtSubscriptionLevel

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

ManagementLocks_ListByScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Operations_List

valid {
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Permissions_ListForResource

valid {
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.parentResourcePath == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Permissions_ListForResourceGroup

valid {
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

PolicyAssignments_Create

enum_IdentityType := [ "SystemAssigned", "UserAssigned", "None" ]
enum_OverrideKind := [ "policyEffect" ]
enum_PolicyAssignmentPropertiesEnforcementMode := [ "Default", "DoNotEnforce" ]
enum_SelectorKind := [ "resourceLocation", "resourceType", "resourceWithoutLocation", "policyDefinitionReferenceId" ]

valid {
    input.Body.properties.displayName == STRING
    input.Body.properties.policyDefinitionId == STRING
    input.Body.properties.notScopes[_] == STRING
    input.Body.properties.parameters.STRING.value.STRING == STRING
    input.Body.properties.description == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.enforcementMode == enum_PolicyAssignmentPropertiesEnforcementMode[_]
    input.Body.properties.nonComplianceMessages[_].message == STRING
    input.Body.properties.nonComplianceMessages[_].policyDefinitionReferenceId == STRING
    input.Body.properties.resourceSelectors[_].name == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.resourceSelectors[_].selectors[_].in[_] == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].notIn[_] == STRING
    input.Body.properties.overrides[_].kind == enum_OverrideKind[_]
    input.Body.properties.overrides[_].value == STRING
    input.Body.properties.overrides[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.overrides[_].selectors[_].in[_] == STRING
    input.Body.properties.overrides[_].selectors[_].notIn[_] == STRING
    input.Body.properties.isSystemPolicy == BOOLEAN
    input.Body.location == STRING
    input.Body.identity.type == enum_IdentityType[_]
    input.Body.identity.userAssignedIdentities.STRING == {}
    input.ReqMap.scope == STRING
    input.ReqMap.policyAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyAssignments_CreateById

enum_IdentityType := [ "SystemAssigned", "UserAssigned", "None" ]
enum_OverrideKind := [ "policyEffect" ]
enum_PolicyAssignmentPropertiesEnforcementMode := [ "Default", "DoNotEnforce" ]
enum_SelectorKind := [ "resourceLocation", "resourceType", "resourceWithoutLocation", "policyDefinitionReferenceId" ]

valid {
    input.Body.properties.displayName == STRING
    input.Body.properties.policyDefinitionId == STRING
    input.Body.properties.notScopes[_] == STRING
    input.Body.properties.parameters.STRING.value.STRING == STRING
    input.Body.properties.description == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.enforcementMode == enum_PolicyAssignmentPropertiesEnforcementMode[_]
    input.Body.properties.nonComplianceMessages[_].message == STRING
    input.Body.properties.nonComplianceMessages[_].policyDefinitionReferenceId == STRING
    input.Body.properties.resourceSelectors[_].name == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.resourceSelectors[_].selectors[_].in[_] == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].notIn[_] == STRING
    input.Body.properties.overrides[_].kind == enum_OverrideKind[_]
    input.Body.properties.overrides[_].value == STRING
    input.Body.properties.overrides[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.overrides[_].selectors[_].in[_] == STRING
    input.Body.properties.overrides[_].selectors[_].notIn[_] == STRING
    input.Body.properties.isSystemPolicy == BOOLEAN
    input.Body.location == STRING
    input.Body.identity.type == enum_IdentityType[_]
    input.Body.identity.userAssignedIdentities.STRING == {}
    input.ReqMap.policyAssignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyAssignments_Delete

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.policyAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyAssignments_DeleteById

valid {
    input.ReqMap.policyAssignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyAssignments_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.policyAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyAssignments_GetById

valid {
    input.ReqMap.policyAssignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyAssignments_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyAssignments_ListForManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyAssignments_ListForResource

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.parentResourcePath == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

PolicyAssignments_ListForResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

PolicyAssignments_Update

enum_IdentityType := [ "SystemAssigned", "UserAssigned", "None" ]
enum_OverrideKind := [ "policyEffect" ]
enum_SelectorKind := [ "resourceLocation", "resourceType", "resourceWithoutLocation", "policyDefinitionReferenceId" ]

valid {
    input.Body.properties.resourceSelectors[_].name == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.resourceSelectors[_].selectors[_].in[_] == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].notIn[_] == STRING
    input.Body.properties.overrides[_].kind == enum_OverrideKind[_]
    input.Body.properties.overrides[_].value == STRING
    input.Body.properties.overrides[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.overrides[_].selectors[_].in[_] == STRING
    input.Body.properties.overrides[_].selectors[_].notIn[_] == STRING
    input.Body.location == STRING
    input.Body.identity.type == enum_IdentityType[_]
    input.Body.identity.userAssignedIdentities.STRING == {}
    input.ReqMap.scope == STRING
    input.ReqMap.policyAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyAssignments_UpdateById

enum_IdentityType := [ "SystemAssigned", "UserAssigned", "None" ]
enum_OverrideKind := [ "policyEffect" ]
enum_SelectorKind := [ "resourceLocation", "resourceType", "resourceWithoutLocation", "policyDefinitionReferenceId" ]

valid {
    input.Body.properties.resourceSelectors[_].name == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.resourceSelectors[_].selectors[_].in[_] == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].notIn[_] == STRING
    input.Body.properties.overrides[_].kind == enum_OverrideKind[_]
    input.Body.properties.overrides[_].value == STRING
    input.Body.properties.overrides[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.overrides[_].selectors[_].in[_] == STRING
    input.Body.properties.overrides[_].selectors[_].notIn[_] == STRING
    input.Body.location == STRING
    input.Body.identity.type == enum_IdentityType[_]
    input.Body.identity.userAssignedIdentities.STRING == {}
    input.ReqMap.policyAssignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitionVersions_CreateOrUpdate

enum_ParameterDefinitionsValueType := [ "String", "Array", "Object", "Boolean", "Integer", "Float", "DateTime" ]
enum_PolicyDefinitionVersionPropertiesPolicyType := [ "NotSpecified", "BuiltIn", "Custom", "Static" ]

valid {
    input.Body.properties.policyType == enum_PolicyDefinitionVersionPropertiesPolicyType[_]
    input.Body.properties.mode == STRING
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.policyRule.STRING == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.parameters.STRING.type == enum_ParameterDefinitionsValueType[_]
    input.Body.properties.parameters.STRING.allowedValues[_].STRING == STRING
    input.Body.properties.parameters.STRING.defaultValue.STRING == STRING
    input.Body.properties.parameters.STRING.schema.STRING == STRING
    input.Body.properties.parameters.STRING.metadata.displayName == STRING
    input.Body.properties.parameters.STRING.metadata.description == STRING
    input.Body.properties.parameters.STRING.metadata.strongType == STRING
    input.Body.properties.parameters.STRING.metadata.assignPermissions == BOOLEAN
    input.Body.properties.version == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup

enum_ParameterDefinitionsValueType := [ "String", "Array", "Object", "Boolean", "Integer", "Float", "DateTime" ]
enum_PolicyDefinitionVersionPropertiesPolicyType := [ "NotSpecified", "BuiltIn", "Custom", "Static" ]

valid {
    input.Body.properties.policyType == enum_PolicyDefinitionVersionPropertiesPolicyType[_]
    input.Body.properties.mode == STRING
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.policyRule.STRING == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.parameters.STRING.type == enum_ParameterDefinitionsValueType[_]
    input.Body.properties.parameters.STRING.allowedValues[_].STRING == STRING
    input.Body.properties.parameters.STRING.defaultValue.STRING == STRING
    input.Body.properties.parameters.STRING.schema.STRING == STRING
    input.Body.properties.parameters.STRING.metadata.displayName == STRING
    input.Body.properties.parameters.STRING.metadata.description == STRING
    input.Body.properties.parameters.STRING.metadata.strongType == STRING
    input.Body.properties.parameters.STRING.metadata.assignPermissions == BOOLEAN
    input.Body.properties.version == STRING
    input.ReqMap.managementGroupName == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitionVersions_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitionVersions_DeleteAtManagementGroup

valid {
    input.ReqMap.managementGroupName == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitionVersions_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitionVersions_GetAtManagementGroup

valid {
    input.ReqMap.managementGroupName == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitionVersions_GetBuiltIn

valid {
    input.ReqMap.policyDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitionVersions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitionVersions_ListAll

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitionVersions_ListAllAtManagementGroup

valid {
    input.ReqMap.managementGroupName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitionVersions_ListAllBuiltins

valid {
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitionVersions_ListBuiltIn

valid {
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitionVersions_ListByManagementGroup

valid {
    input.ReqMap.managementGroupName == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitions_CreateOrUpdate

enum_ParameterDefinitionsValueType := [ "String", "Array", "Object", "Boolean", "Integer", "Float", "DateTime" ]
enum_PolicyDefinitionPropertiesPolicyType := [ "NotSpecified", "BuiltIn", "Custom", "Static" ]

valid {
    input.Body.properties.policyType == enum_PolicyDefinitionPropertiesPolicyType[_]
    input.Body.properties.mode == STRING
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.policyRule.STRING == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.parameters.STRING.type == enum_ParameterDefinitionsValueType[_]
    input.Body.properties.parameters.STRING.allowedValues[_].STRING == STRING
    input.Body.properties.parameters.STRING.defaultValue.STRING == STRING
    input.Body.properties.parameters.STRING.schema.STRING == STRING
    input.Body.properties.parameters.STRING.metadata.displayName == STRING
    input.Body.properties.parameters.STRING.metadata.description == STRING
    input.Body.properties.parameters.STRING.metadata.strongType == STRING
    input.Body.properties.parameters.STRING.metadata.assignPermissions == BOOLEAN
    input.Body.properties.version == STRING
    input.Body.properties.versions[_] == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitions_CreateOrUpdateAtManagementGroup

enum_ParameterDefinitionsValueType := [ "String", "Array", "Object", "Boolean", "Integer", "Float", "DateTime" ]
enum_PolicyDefinitionPropertiesPolicyType := [ "NotSpecified", "BuiltIn", "Custom", "Static" ]

valid {
    input.Body.properties.policyType == enum_PolicyDefinitionPropertiesPolicyType[_]
    input.Body.properties.mode == STRING
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.policyRule.STRING == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.parameters.STRING.type == enum_ParameterDefinitionsValueType[_]
    input.Body.properties.parameters.STRING.allowedValues[_].STRING == STRING
    input.Body.properties.parameters.STRING.defaultValue.STRING == STRING
    input.Body.properties.parameters.STRING.schema.STRING == STRING
    input.Body.properties.parameters.STRING.metadata.displayName == STRING
    input.Body.properties.parameters.STRING.metadata.description == STRING
    input.Body.properties.parameters.STRING.metadata.strongType == STRING
    input.Body.properties.parameters.STRING.metadata.assignPermissions == BOOLEAN
    input.Body.properties.version == STRING
    input.Body.properties.versions[_] == STRING
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitions_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitions_DeleteAtManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitions_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitions_GetAtManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitions_GetBuiltIn

valid {
    input.ReqMap.policyDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyDefinitions_ListBuiltIn

valid {
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
}

PolicyDefinitions_ListByManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
}

PolicyExemptions_CreateOrUpdate

enum_PolicyExemptionPropertiesAssignmentScopeValidation := [ "Default", "DoNotValidate" ]
enum_PolicyExemptionPropertiesExemptionCategory := [ "Waiver", "Mitigated" ]
enum_SelectorKind := [ "resourceLocation", "resourceType", "resourceWithoutLocation", "policyDefinitionReferenceId" ]

valid {
    input.Body.properties.policyAssignmentId == STRING
    input.Body.properties.policyDefinitionReferenceIds[_] == STRING
    input.Body.properties.exemptionCategory == enum_PolicyExemptionPropertiesExemptionCategory[_]
    input.Body.properties.expiresOn == STRING
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.resourceSelectors[_].name == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.resourceSelectors[_].selectors[_].in[_] == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].notIn[_] == STRING
    input.Body.properties.assignmentScopeValidation == enum_PolicyExemptionPropertiesAssignmentScopeValidation[_]
    input.ReqMap.scope == STRING
    input.ReqMap.policyExemptionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyExemptions_Delete

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.policyExemptionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyExemptions_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.policyExemptionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyExemptions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicyExemptions_ListForManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicyExemptions_ListForResource

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.parentResourcePath == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

PolicyExemptions_ListForResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

PolicyExemptions_Update

enum_PolicyExemptionUpdatePropertiesAssignmentScopeValidation := [ "Default", "DoNotValidate" ]
enum_SelectorKind := [ "resourceLocation", "resourceType", "resourceWithoutLocation", "policyDefinitionReferenceId" ]

valid {
    input.Body.properties.resourceSelectors[_].name == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].kind == enum_SelectorKind[_]
    input.Body.properties.resourceSelectors[_].selectors[_].in[_] == STRING
    input.Body.properties.resourceSelectors[_].selectors[_].notIn[_] == STRING
    input.Body.properties.assignmentScopeValidation == enum_PolicyExemptionUpdatePropertiesAssignmentScopeValidation[_]
    input.ReqMap.scope == STRING
    input.ReqMap.policyExemptionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitionVersions_CreateOrUpdate

enum_ParameterDefinitionsValueType := [ "String", "Array", "Object", "Boolean", "Integer", "Float", "DateTime" ]
enum_PolicySetDefinitionVersionPropertiesPolicyType := [ "NotSpecified", "BuiltIn", "Custom", "Static" ]

valid {
    input.Body.properties.policyType == enum_PolicySetDefinitionVersionPropertiesPolicyType[_]
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.parameters.STRING.type == enum_ParameterDefinitionsValueType[_]
    input.Body.properties.parameters.STRING.allowedValues[_].STRING == STRING
    input.Body.properties.parameters.STRING.defaultValue.STRING == STRING
    input.Body.properties.parameters.STRING.schema.STRING == STRING
    input.Body.properties.parameters.STRING.metadata.displayName == STRING
    input.Body.properties.parameters.STRING.metadata.description == STRING
    input.Body.properties.parameters.STRING.metadata.strongType == STRING
    input.Body.properties.parameters.STRING.metadata.assignPermissions == BOOLEAN
    input.Body.properties.policyDefinitions[_].policyDefinitionId == STRING
    input.Body.properties.policyDefinitions[_].parameters.STRING.value.STRING == STRING
    input.Body.properties.policyDefinitions[_].policyDefinitionReferenceId == STRING
    input.Body.properties.policyDefinitions[_].groupNames[_] == STRING
    input.Body.properties.policyDefinitionGroups[_].name == STRING
    input.Body.properties.policyDefinitionGroups[_].displayName == STRING
    input.Body.properties.policyDefinitionGroups[_].category == STRING
    input.Body.properties.policyDefinitionGroups[_].description == STRING
    input.Body.properties.policyDefinitionGroups[_].additionalMetadataId == STRING
    input.Body.properties.version == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup

enum_ParameterDefinitionsValueType := [ "String", "Array", "Object", "Boolean", "Integer", "Float", "DateTime" ]
enum_PolicySetDefinitionVersionPropertiesPolicyType := [ "NotSpecified", "BuiltIn", "Custom", "Static" ]

valid {
    input.Body.properties.policyType == enum_PolicySetDefinitionVersionPropertiesPolicyType[_]
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.parameters.STRING.type == enum_ParameterDefinitionsValueType[_]
    input.Body.properties.parameters.STRING.allowedValues[_].STRING == STRING
    input.Body.properties.parameters.STRING.defaultValue.STRING == STRING
    input.Body.properties.parameters.STRING.schema.STRING == STRING
    input.Body.properties.parameters.STRING.metadata.displayName == STRING
    input.Body.properties.parameters.STRING.metadata.description == STRING
    input.Body.properties.parameters.STRING.metadata.strongType == STRING
    input.Body.properties.parameters.STRING.metadata.assignPermissions == BOOLEAN
    input.Body.properties.policyDefinitions[_].policyDefinitionId == STRING
    input.Body.properties.policyDefinitions[_].parameters.STRING.value.STRING == STRING
    input.Body.properties.policyDefinitions[_].policyDefinitionReferenceId == STRING
    input.Body.properties.policyDefinitions[_].groupNames[_] == STRING
    input.Body.properties.policyDefinitionGroups[_].name == STRING
    input.Body.properties.policyDefinitionGroups[_].displayName == STRING
    input.Body.properties.policyDefinitionGroups[_].category == STRING
    input.Body.properties.policyDefinitionGroups[_].description == STRING
    input.Body.properties.policyDefinitionGroups[_].additionalMetadataId == STRING
    input.Body.properties.version == STRING
    input.ReqMap.managementGroupName == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitionVersions_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitionVersions_DeleteAtManagementGroup

valid {
    input.ReqMap.managementGroupName == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitionVersions_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitionVersions_GetAtManagementGroup

valid {
    input.ReqMap.managementGroupName == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitionVersions_GetBuiltIn

valid {
    input.ReqMap.policySetDefinitionName == STRING
    input.ReqMap.policyDefinitionVersion == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitionVersions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitionVersions_ListAll

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitionVersions_ListAllAtManagementGroup

valid {
    input.ReqMap.managementGroupName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitionVersions_ListAllBuiltins

valid {
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitionVersions_ListBuiltIn

valid {
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitionVersions_ListByManagementGroup

valid {
    input.ReqMap.managementGroupName == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitions_CreateOrUpdate

enum_ParameterDefinitionsValueType := [ "String", "Array", "Object", "Boolean", "Integer", "Float", "DateTime" ]
enum_PolicySetDefinitionPropertiesPolicyType := [ "NotSpecified", "BuiltIn", "Custom", "Static" ]

valid {
    input.Body.properties.policyType == enum_PolicySetDefinitionPropertiesPolicyType[_]
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.parameters.STRING.type == enum_ParameterDefinitionsValueType[_]
    input.Body.properties.parameters.STRING.allowedValues[_].STRING == STRING
    input.Body.properties.parameters.STRING.defaultValue.STRING == STRING
    input.Body.properties.parameters.STRING.schema.STRING == STRING
    input.Body.properties.parameters.STRING.metadata.displayName == STRING
    input.Body.properties.parameters.STRING.metadata.description == STRING
    input.Body.properties.parameters.STRING.metadata.strongType == STRING
    input.Body.properties.parameters.STRING.metadata.assignPermissions == BOOLEAN
    input.Body.properties.policyDefinitions[_].policyDefinitionId == STRING
    input.Body.properties.policyDefinitions[_].parameters.STRING.value.STRING == STRING
    input.Body.properties.policyDefinitions[_].policyDefinitionReferenceId == STRING
    input.Body.properties.policyDefinitions[_].groupNames[_] == STRING
    input.Body.properties.policyDefinitionGroups[_].name == STRING
    input.Body.properties.policyDefinitionGroups[_].displayName == STRING
    input.Body.properties.policyDefinitionGroups[_].category == STRING
    input.Body.properties.policyDefinitionGroups[_].description == STRING
    input.Body.properties.policyDefinitionGroups[_].additionalMetadataId == STRING
    input.Body.properties.version == STRING
    input.Body.properties.versions[_] == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitions_CreateOrUpdateAtManagementGroup

enum_ParameterDefinitionsValueType := [ "String", "Array", "Object", "Boolean", "Integer", "Float", "DateTime" ]
enum_PolicySetDefinitionPropertiesPolicyType := [ "NotSpecified", "BuiltIn", "Custom", "Static" ]

valid {
    input.Body.properties.policyType == enum_PolicySetDefinitionPropertiesPolicyType[_]
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.properties.parameters.STRING.type == enum_ParameterDefinitionsValueType[_]
    input.Body.properties.parameters.STRING.allowedValues[_].STRING == STRING
    input.Body.properties.parameters.STRING.defaultValue.STRING == STRING
    input.Body.properties.parameters.STRING.schema.STRING == STRING
    input.Body.properties.parameters.STRING.metadata.displayName == STRING
    input.Body.properties.parameters.STRING.metadata.description == STRING
    input.Body.properties.parameters.STRING.metadata.strongType == STRING
    input.Body.properties.parameters.STRING.metadata.assignPermissions == BOOLEAN
    input.Body.properties.policyDefinitions[_].policyDefinitionId == STRING
    input.Body.properties.policyDefinitions[_].parameters.STRING.value.STRING == STRING
    input.Body.properties.policyDefinitions[_].policyDefinitionReferenceId == STRING
    input.Body.properties.policyDefinitions[_].groupNames[_] == STRING
    input.Body.properties.policyDefinitionGroups[_].name == STRING
    input.Body.properties.policyDefinitionGroups[_].displayName == STRING
    input.Body.properties.policyDefinitionGroups[_].category == STRING
    input.Body.properties.policyDefinitionGroups[_].description == STRING
    input.Body.properties.policyDefinitionGroups[_].additionalMetadataId == STRING
    input.Body.properties.version == STRING
    input.Body.properties.versions[_] == STRING
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitions_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitions_DeleteAtManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitions_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitions_GetAtManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitions_GetBuiltIn

valid {
    input.ReqMap.policySetDefinitionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

PolicySetDefinitions_ListBuiltIn

valid {
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
}

PolicySetDefinitions_ListByManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
}

PrivateLinkAssociation_Delete

valid {
    input.ReqMap.groupId == STRING
    input.ReqMap.plaId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PrivateLinkAssociation_Get

valid {
    input.ReqMap.groupId == STRING
    input.ReqMap.plaId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PrivateLinkAssociation_List

valid {
    input.ReqMap.groupId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

PrivateLinkAssociation_Put

enum_PrivateLinkAssociationPropertiesPublicNetworkAccess := [ "Enabled", "Disabled" ]

valid {
    input.Body.properties.privateLink == STRING
    input.Body.properties.publicNetworkAccess == enum_PrivateLinkAssociationPropertiesPublicNetworkAccess[_]
    input.ReqMap.groupId == STRING
    input.ReqMap.plaId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ProviderOperationsMetadata_Get

valid {
    input.ReqMap.resourceProviderNamespace == STRING
    input.Qs.api-version == STRING
    input.Qs.$expand == STRING
    input.ProviderMetadata.Region == STRING
}

ProviderOperationsMetadata_List

valid {
    input.Qs.api-version == STRING
    input.Qs.$expand == STRING
    input.ProviderMetadata.Region == STRING
}

ResourceManagementPrivateLink_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.rmplName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ResourceManagementPrivateLink_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.rmplName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ResourceManagementPrivateLink_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

ResourceManagementPrivateLink_ListByResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ResourceManagementPrivateLink_Put

valid {
    input.Body.location == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.rmplName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

RoleAssignmentApprovalStep_GetById

valid {
    input.ReqMap.approvalId == STRING
    input.ReqMap.stageId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentApprovalStep_Patch

enum_RoleAssignmentApprovalStepPropertiesReviewResult := [ "Approve", "Deny", "NotReviewed" ]

valid {
    input.Body.displayName == STRING
    input.Body.reviewResult == enum_RoleAssignmentApprovalStepPropertiesReviewResult[_]
    input.Body.justification == STRING
    input.ReqMap.approvalId == STRING
    input.ReqMap.stageId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentApprovalStep_Put

enum_RoleAssignmentApprovalStepPropertiesReviewResult := [ "Approve", "Deny", "NotReviewed" ]

valid {
    input.Body.displayName == STRING
    input.Body.reviewResult == enum_RoleAssignmentApprovalStepPropertiesReviewResult[_]
    input.Body.justification == STRING
    input.ReqMap.approvalId == STRING
    input.ReqMap.stageId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentApprovalSteps_List

valid {
    input.ReqMap.approvalId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentApproval_GetById

valid {
    input.ReqMap.approvalId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentApproval_List

valid {
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentMetrics_GetMetricsForSubscription

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

RoleAssignmentScheduleInstances_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentScheduleInstanceName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentScheduleInstances_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentScheduleRequests_Cancel

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentScheduleRequestName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentScheduleRequests_Create

enum_RoleAssignmentScheduleRequestPropertiesRequestType := [ "AdminAssign", "AdminRemove", "AdminUpdate", "AdminExtend", "AdminRenew", "SelfActivate", "SelfDeactivate", "SelfExtend", "SelfRenew" ]
enum_RoleAssignmentScheduleRequestPropertiesScheduleInfoExpirationType := [ "AfterDuration", "AfterDateTime", "NoExpiration" ]

valid {
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.principalId == STRING
    input.Body.properties.requestType == enum_RoleAssignmentScheduleRequestPropertiesRequestType[_]
    input.Body.properties.targetRoleAssignmentScheduleId == STRING
    input.Body.properties.targetRoleAssignmentScheduleInstanceId == STRING
    input.Body.properties.scheduleInfo.startDateTime == STRING
    input.Body.properties.scheduleInfo.expiration.type == enum_RoleAssignmentScheduleRequestPropertiesScheduleInfoExpirationType[_]
    input.Body.properties.scheduleInfo.expiration.endDateTime == STRING
    input.Body.properties.scheduleInfo.expiration.duration == STRING
    input.Body.properties.linkedRoleEligibilityScheduleId == STRING
    input.Body.properties.justification == STRING
    input.Body.properties.ticketInfo.ticketNumber == STRING
    input.Body.properties.ticketInfo.ticketSystem == STRING
    input.Body.properties.condition == STRING
    input.Body.properties.conditionVersion == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentScheduleRequestName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentScheduleRequests_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentScheduleRequestName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentScheduleRequests_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentScheduleRequests_Validate

enum_RoleAssignmentScheduleRequestPropertiesRequestType := [ "AdminAssign", "AdminRemove", "AdminUpdate", "AdminExtend", "AdminRenew", "SelfActivate", "SelfDeactivate", "SelfExtend", "SelfRenew" ]
enum_RoleAssignmentScheduleRequestPropertiesScheduleInfoExpirationType := [ "AfterDuration", "AfterDateTime", "NoExpiration" ]

valid {
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.principalId == STRING
    input.Body.properties.requestType == enum_RoleAssignmentScheduleRequestPropertiesRequestType[_]
    input.Body.properties.targetRoleAssignmentScheduleId == STRING
    input.Body.properties.targetRoleAssignmentScheduleInstanceId == STRING
    input.Body.properties.scheduleInfo.startDateTime == STRING
    input.Body.properties.scheduleInfo.expiration.type == enum_RoleAssignmentScheduleRequestPropertiesScheduleInfoExpirationType[_]
    input.Body.properties.scheduleInfo.expiration.endDateTime == STRING
    input.Body.properties.scheduleInfo.expiration.duration == STRING
    input.Body.properties.linkedRoleEligibilityScheduleId == STRING
    input.Body.properties.justification == STRING
    input.Body.properties.ticketInfo.ticketNumber == STRING
    input.Body.properties.ticketInfo.ticketSystem == STRING
    input.Body.properties.condition == STRING
    input.Body.properties.conditionVersion == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentScheduleRequestName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentSchedules_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentScheduleName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignmentSchedules_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_Create

enum_RoleAssignmentPropertiesPrincipalType := [ "User", "Group", "ServicePrincipal", "ForeignGroup", "Device" ]

valid {
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.principalId == STRING
    input.Body.properties.principalType == enum_RoleAssignmentPropertiesPrincipalType[_]
    input.Body.properties.description == STRING
    input.Body.properties.condition == STRING
    input.Body.properties.conditionVersion == STRING
    input.Body.properties.delegatedManagedIdentityResourceId == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_CreateById

enum_RoleAssignmentPropertiesPrincipalType := [ "User", "Group", "ServicePrincipal", "ForeignGroup", "Device" ]

valid {
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.principalId == STRING
    input.Body.properties.principalType == enum_RoleAssignmentPropertiesPrincipalType[_]
    input.Body.properties.description == STRING
    input.Body.properties.condition == STRING
    input.Body.properties.conditionVersion == STRING
    input.Body.properties.delegatedManagedIdentityResourceId == STRING
    input.ReqMap.roleAssignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_Delete

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentName == STRING
    input.Qs.api-version == STRING
    input.Qs.tenantId == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_DeleteById

valid {
    input.ReqMap.roleAssignmentId == STRING
    input.Qs.api-version == STRING
    input.Qs.tenantId == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentName == STRING
    input.Qs.api-version == STRING
    input.Qs.tenantId == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_GetById

valid {
    input.ReqMap.roleAssignmentId == STRING
    input.Qs.api-version == STRING
    input.Qs.tenantId == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_ListForResource

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceProviderNamespace == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.tenantId == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

RoleAssignments_ListForResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.tenantId == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

RoleAssignments_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.Qs.tenantId == STRING
    input.Qs.$skipToken == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_ListForSubscription

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.Qs.tenantId == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

RoleAssignments_Validate

enum_RoleAssignmentPropertiesPrincipalType := [ "User", "Group", "ServicePrincipal", "ForeignGroup", "Device" ]

valid {
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.principalId == STRING
    input.Body.properties.principalType == enum_RoleAssignmentPropertiesPrincipalType[_]
    input.Body.properties.description == STRING
    input.Body.properties.condition == STRING
    input.Body.properties.conditionVersion == STRING
    input.Body.properties.delegatedManagedIdentityResourceId == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleAssignments_ValidateById

enum_RoleAssignmentPropertiesPrincipalType := [ "User", "Group", "ServicePrincipal", "ForeignGroup", "Device" ]

valid {
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.principalId == STRING
    input.Body.properties.principalType == enum_RoleAssignmentPropertiesPrincipalType[_]
    input.Body.properties.description == STRING
    input.Body.properties.condition == STRING
    input.Body.properties.conditionVersion == STRING
    input.Body.properties.delegatedManagedIdentityResourceId == STRING
    input.ReqMap.roleAssignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleDefinitions_CreateOrUpdate

valid {
    input.Body.properties.roleName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.type == STRING
    input.Body.properties.permissions[_].actions[_] == STRING
    input.Body.properties.permissions[_].notActions[_] == STRING
    input.Body.properties.permissions[_].dataActions[_] == STRING
    input.Body.properties.permissions[_].notDataActions[_] == STRING
    input.Body.properties.assignableScopes[_] == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleDefinitions_Delete

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleDefinitions_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleDefinitions_GetById

valid {
    input.ReqMap.roleId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleDefinitions_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilityScheduleInstances_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleEligibilityScheduleInstanceName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilityScheduleInstances_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilityScheduleRequests_Cancel

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleEligibilityScheduleRequestName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilityScheduleRequests_Create

enum_RoleEligibilityScheduleRequestPropertiesRequestType := [ "AdminAssign", "AdminRemove", "AdminUpdate", "AdminExtend", "AdminRenew", "SelfActivate", "SelfDeactivate", "SelfExtend", "SelfRenew" ]
enum_RoleEligibilityScheduleRequestPropertiesScheduleInfoExpirationType := [ "AfterDuration", "AfterDateTime", "NoExpiration" ]

valid {
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.principalId == STRING
    input.Body.properties.requestType == enum_RoleEligibilityScheduleRequestPropertiesRequestType[_]
    input.Body.properties.scheduleInfo.startDateTime == STRING
    input.Body.properties.scheduleInfo.expiration.type == enum_RoleEligibilityScheduleRequestPropertiesScheduleInfoExpirationType[_]
    input.Body.properties.scheduleInfo.expiration.endDateTime == STRING
    input.Body.properties.scheduleInfo.expiration.duration == STRING
    input.Body.properties.targetRoleEligibilityScheduleId == STRING
    input.Body.properties.targetRoleEligibilityScheduleInstanceId == STRING
    input.Body.properties.justification == STRING
    input.Body.properties.ticketInfo.ticketNumber == STRING
    input.Body.properties.ticketInfo.ticketSystem == STRING
    input.Body.properties.condition == STRING
    input.Body.properties.conditionVersion == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleEligibilityScheduleRequestName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilityScheduleRequests_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleEligibilityScheduleRequestName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilityScheduleRequests_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilityScheduleRequests_Validate

enum_RoleEligibilityScheduleRequestPropertiesRequestType := [ "AdminAssign", "AdminRemove", "AdminUpdate", "AdminExtend", "AdminRenew", "SelfActivate", "SelfDeactivate", "SelfExtend", "SelfRenew" ]
enum_RoleEligibilityScheduleRequestPropertiesScheduleInfoExpirationType := [ "AfterDuration", "AfterDateTime", "NoExpiration" ]

valid {
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.principalId == STRING
    input.Body.properties.requestType == enum_RoleEligibilityScheduleRequestPropertiesRequestType[_]
    input.Body.properties.scheduleInfo.startDateTime == STRING
    input.Body.properties.scheduleInfo.expiration.type == enum_RoleEligibilityScheduleRequestPropertiesScheduleInfoExpirationType[_]
    input.Body.properties.scheduleInfo.expiration.endDateTime == STRING
    input.Body.properties.scheduleInfo.expiration.duration == STRING
    input.Body.properties.targetRoleEligibilityScheduleId == STRING
    input.Body.properties.targetRoleEligibilityScheduleInstanceId == STRING
    input.Body.properties.justification == STRING
    input.Body.properties.ticketInfo.ticketNumber == STRING
    input.Body.properties.ticketInfo.ticketSystem == STRING
    input.Body.properties.condition == STRING
    input.Body.properties.conditionVersion == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleEligibilityScheduleRequestName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilitySchedules_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleEligibilityScheduleName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleEligibilitySchedules_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.$filter == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleManagementPolicies_Delete

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleManagementPolicyName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleManagementPolicies_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleManagementPolicyName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleManagementPolicies_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleManagementPolicies_Update

enum_RoleManagementPolicyRuleType := [ "RoleManagementPolicyApprovalRule", "RoleManagementPolicyAuthenticationContextRule", "RoleManagementPolicyEnablementRule", "RoleManagementPolicyExpirationRule", "RoleManagementPolicyNotificationRule" ]

valid {
    input.Body.properties.scope == STRING
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.isOrganizationDefault == BOOLEAN
    input.Body.properties.rules[_].id == STRING
    input.Body.properties.rules[_].ruleType == enum_RoleManagementPolicyRuleType[_]
    input.Body.properties.rules[_].target.caller == STRING
    input.Body.properties.rules[_].target.operations[_] == STRING
    input.Body.properties.rules[_].target.level == STRING
    input.Body.properties.rules[_].target.targetObjects[_] == STRING
    input.Body.properties.rules[_].target.inheritableSettings[_] == STRING
    input.Body.properties.rules[_].target.enforcedSettings[_] == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleManagementPolicyName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleManagementPolicyAssignments_Create

valid {
    input.Body.properties.scope == STRING
    input.Body.properties.roleDefinitionId == STRING
    input.Body.properties.policyId == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.roleManagementPolicyAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleManagementPolicyAssignments_Delete

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleManagementPolicyAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleManagementPolicyAssignments_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.roleManagementPolicyAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

RoleManagementPolicyAssignments_ListForScope

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewDefaultSettings_Get

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewDefaultSettings_Put

enum_AccessReviewRecurrencePatternType := [ "weekly", "absoluteMonthly" ]
enum_AccessReviewRecurrenceRangeType := [ "endDate", "noEnd", "numbered" ]
enum_AccessReviewScheduleSettingsDefaultDecision := [ "Approve", "Deny", "Recommendation" ]

valid {
    input.Body.mailNotificationsEnabled == BOOLEAN
    input.Body.reminderNotificationsEnabled == BOOLEAN
    input.Body.defaultDecisionEnabled == BOOLEAN
    input.Body.justificationRequiredOnApproval == BOOLEAN
    input.Body.defaultDecision == enum_AccessReviewScheduleSettingsDefaultDecision[_]
    input.Body.autoApplyDecisionsEnabled == BOOLEAN
    input.Body.recommendationsEnabled == BOOLEAN
    input.Body.recommendationLookBackDuration == STRING
    input.Body.instanceDurationInDays == INTEGER
    input.Body.recurrence.pattern.type == enum_AccessReviewRecurrencePatternType[_]
    input.Body.recurrence.pattern.interval == INTEGER
    input.Body.recurrence.range.type == enum_AccessReviewRecurrenceRangeType[_]
    input.Body.recurrence.range.numberOfOccurrences == INTEGER
    input.Body.recurrence.range.startDate == STRING
    input.Body.recurrence.range.endDate == STRING
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewHistoryDefinitionInstance_GenerateDownloadUri

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.ReqMap.instanceId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewHistoryDefinitionInstances_List

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewHistoryDefinition_Create

enum_AccessReviewHistoryDefinitionPropertiesDecisions := [ "Approve", "Deny", "NotReviewed", "DontKnow", "NotNotified" ]
enum_AccessReviewRecurrencePatternType := [ "weekly", "absoluteMonthly" ]
enum_AccessReviewRecurrenceRangeType := [ "endDate", "noEnd", "numbered" ]

valid {
    input.Body.displayName == STRING
    input.Body.decisions[_] == enum_AccessReviewHistoryDefinitionPropertiesDecisions[_]
    input.Body.scopes[_].inactiveDuration == STRING
    input.Body.scopes[_].expandNestedMemberships == BOOLEAN
    input.Body.scopes[_].includeInheritedAccess == BOOLEAN
    input.Body.scopes[_].includeAccessBelowResource == BOOLEAN
    input.Body.scopes[_].excludeResourceId == STRING
    input.Body.scopes[_].excludeRoleDefinitionId == STRING
    input.Body.settings.pattern.type == enum_AccessReviewRecurrencePatternType[_]
    input.Body.settings.pattern.interval == INTEGER
    input.Body.settings.range.type == enum_AccessReviewRecurrenceRangeType[_]
    input.Body.settings.range.numberOfOccurrences == INTEGER
    input.Body.settings.range.startDate == STRING
    input.Body.settings.range.endDate == STRING
    input.Body.instances[_].properties.reviewHistoryPeriodStartDateTime == STRING
    input.Body.instances[_].properties.reviewHistoryPeriodEndDateTime == STRING
    input.Body.instances[_].properties.displayName == STRING
    input.Body.instances[_].properties.runDateTime == STRING
    input.Body.instances[_].properties.fulfilledDateTime == STRING
    input.Body.instances[_].properties.expiration == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewHistoryDefinition_DeleteById

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewHistoryDefinitions_GetById

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.historyDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewHistoryDefinitions_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstanceContactedReviewers_List

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstanceDecisions_List

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstance_ApplyDecisions

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstance_RecordAllDecisions

enum_RecordAllDecisionsPropertiesDecision := [ "Approve", "Deny" ]

valid {
    input.Body.decision == enum_RecordAllDecisionsPropertiesDecision[_]
    input.Body.justification == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstance_ResetDecisions

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstance_SendReminders

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstance_Stop

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstances_Create

valid {
    input.Body.startDateTime == STRING
    input.Body.endDateTime == STRING
    input.Body.reviewers[_].principalId == STRING
    input.Body.backupReviewers[_].principalId == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstances_GetById

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewInstances_List

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewScheduleDefinitions_CreateOrUpdateById

enum_AccessReviewRecurrencePatternType := [ "weekly", "absoluteMonthly" ]
enum_AccessReviewRecurrenceRangeType := [ "endDate", "noEnd", "numbered" ]
enum_AccessReviewScheduleSettingsDefaultDecision := [ "Approve", "Deny", "Recommendation" ]

valid {
    input.Body.displayName == STRING
    input.Body.descriptionForAdmins == STRING
    input.Body.descriptionForReviewers == STRING
    input.Body.settings.mailNotificationsEnabled == BOOLEAN
    input.Body.settings.reminderNotificationsEnabled == BOOLEAN
    input.Body.settings.defaultDecisionEnabled == BOOLEAN
    input.Body.settings.justificationRequiredOnApproval == BOOLEAN
    input.Body.settings.defaultDecision == enum_AccessReviewScheduleSettingsDefaultDecision[_]
    input.Body.settings.autoApplyDecisionsEnabled == BOOLEAN
    input.Body.settings.recommendationsEnabled == BOOLEAN
    input.Body.settings.recommendationLookBackDuration == STRING
    input.Body.settings.instanceDurationInDays == INTEGER
    input.Body.settings.recurrence.pattern.type == enum_AccessReviewRecurrencePatternType[_]
    input.Body.settings.recurrence.pattern.interval == INTEGER
    input.Body.settings.recurrence.range.type == enum_AccessReviewRecurrenceRangeType[_]
    input.Body.settings.recurrence.range.numberOfOccurrences == INTEGER
    input.Body.settings.recurrence.range.startDate == STRING
    input.Body.settings.recurrence.range.endDate == STRING
    input.Body.reviewers[_].principalId == STRING
    input.Body.backupReviewers[_].principalId == STRING
    input.Body.instances[_].properties.startDateTime == STRING
    input.Body.instances[_].properties.endDateTime == STRING
    input.Body.instances[_].properties.reviewers[_].principalId == STRING
    input.Body.instances[_].properties.backupReviewers[_].principalId == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewScheduleDefinitions_DeleteById

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewScheduleDefinitions_GetById

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewScheduleDefinitions_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeAccessReviewScheduleDefinitions_Stop

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.scheduleDefinitionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeRoleAssignmentApprovalStep_GetById

valid {
    input.ReqMap.approvalId == STRING
    input.ReqMap.stageId == STRING
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeRoleAssignmentApprovalStep_Patch

enum_RoleAssignmentApprovalStepPropertiesReviewResult := [ "Approve", "Deny", "NotReviewed" ]

valid {
    input.Body.displayName == STRING
    input.Body.reviewResult == enum_RoleAssignmentApprovalStepPropertiesReviewResult[_]
    input.Body.justification == STRING
    input.ReqMap.approvalId == STRING
    input.ReqMap.stageId == STRING
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeRoleAssignmentApprovalStep_Put

enum_RoleAssignmentApprovalStepPropertiesReviewResult := [ "Approve", "Deny", "NotReviewed" ]

valid {
    input.Body.displayName == STRING
    input.Body.reviewResult == enum_RoleAssignmentApprovalStepPropertiesReviewResult[_]
    input.Body.justification == STRING
    input.ReqMap.approvalId == STRING
    input.ReqMap.stageId == STRING
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeRoleAssignmentApprovalSteps_List

valid {
    input.ReqMap.approvalId == STRING
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeRoleAssignmentApproval_GetById

valid {
    input.ReqMap.approvalId == STRING
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ScopeRoleAssignmentApproval_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
}

TenantLevelAccessReviewInstanceContactedReviewers_List

valid {
    input.ReqMap.scheduleDefinitionId == STRING
    input.ReqMap.id == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

VariableValues_CreateOrUpdate

valid {
    input.Body.properties.values[_].columnName == STRING
    input.Body.properties.values[_].columnValue.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.variableName == STRING
    input.ReqMap.variableValueName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

VariableValues_CreateOrUpdateAtManagementGroup

valid {
    input.Body.properties.values[_].columnName == STRING
    input.Body.properties.values[_].columnValue.STRING == STRING
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.variableName == STRING
    input.ReqMap.variableValueName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

VariableValues_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.variableName == STRING
    input.ReqMap.variableValueName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

VariableValues_DeleteAtManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.variableName == STRING
    input.ReqMap.variableValueName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

VariableValues_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.variableName == STRING
    input.ReqMap.variableValueName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

VariableValues_GetAtManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.variableName == STRING
    input.ReqMap.variableValueName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

VariableValues_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.variableName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

VariableValues_ListForManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.variableName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Variables_CreateOrUpdate

valid {
    input.Body.properties.columns[_].columnName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.variableName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Variables_CreateOrUpdateAtManagementGroup

valid {
    input.Body.properties.columns[_].columnName == STRING
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.variableName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Variables_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.variableName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Variables_DeleteAtManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.variableName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Variables_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.variableName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Variables_GetAtManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.ReqMap.variableName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Variables_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Variables_ListForManagementGroup

valid {
    input.ReqMap.managementGroupId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}