MICROSOFT.SECURITY

APICollectionOffboarding_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.serviceName == STRING
    input.ReqMap.apiCollectionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

APICollectionOnboarding_Create

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.serviceName == STRING
    input.ReqMap.apiCollectionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

APICollection_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.serviceName == STRING
    input.ReqMap.apiCollectionId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

APICollections_GetByAzureApiManagementService

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.serviceName == STRING
    input.ReqMap.apiId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

APICollections_ListByAzureApiManagementService

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.serviceName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

APICollections_ListByResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

APICollections_ListBySubscription

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

APICollections_OffboardAzureApiManagementApi

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.serviceName == STRING
    input.ReqMap.apiId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

APICollections_OnboardAzureApiManagementApi

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.serviceName == STRING
    input.ReqMap.apiId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AdaptiveApplicationControls_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.groupName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AdaptiveApplicationControls_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.groupName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AdaptiveApplicationControls_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.includePathRecommendations == BOOLEAN
    input.Qs.summary == BOOLEAN
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AdaptiveApplicationControls_Put

enum_ConfigurationStatus := [ "Configured", "NotConfigured", "InProgress", "Failed", "NoStatus" ]
enum_EnforcementMode := [ "Audit", "Enforce", "None" ]
enum_EnforcementSupport := [ "Supported", "NotSupported", "Unknown" ]
enum_FileType := [ "Exe", "Dll", "Msi", "Script", "Executable", "Unknown" ]
enum_RecommendationAction := [ "Recommended", "Add", "Remove" ]
enum_RecommendationType := [ "File", "FileHash", "PublisherSignature", "ProductSignature", "BinarySignature", "VersionAndAboveSignature" ]

valid {
    input.Body.properties.enforcementMode == enum_EnforcementMode[_]
    input.Body.properties.protectionMode.exe == enum_EnforcementMode[_]
    input.Body.properties.protectionMode.msi == enum_EnforcementMode[_]
    input.Body.properties.protectionMode.script == enum_EnforcementMode[_]
    input.Body.properties.protectionMode.executable == enum_EnforcementMode[_]
    input.Body.properties.vmRecommendations[_].configurationStatus == enum_ConfigurationStatus[_]
    input.Body.properties.vmRecommendations[_].recommendationAction == enum_RecommendationAction[_]
    input.Body.properties.vmRecommendations[_].resourceId == STRING
    input.Body.properties.vmRecommendations[_].enforcementSupport == enum_EnforcementSupport[_]
    input.Body.properties.pathRecommendations[_].path == STRING
    input.Body.properties.pathRecommendations[_].action == enum_RecommendationAction[_]
    input.Body.properties.pathRecommendations[_].type == enum_RecommendationType[_]
    input.Body.properties.pathRecommendations[_].publisherInfo.publisherName == STRING
    input.Body.properties.pathRecommendations[_].publisherInfo.productName == STRING
    input.Body.properties.pathRecommendations[_].publisherInfo.binaryName == STRING
    input.Body.properties.pathRecommendations[_].publisherInfo.version == STRING
    input.Body.properties.pathRecommendations[_].common == BOOLEAN
    input.Body.properties.pathRecommendations[_].userSids[_] == STRING
    input.Body.properties.pathRecommendations[_].usernames[_].username == STRING
    input.Body.properties.pathRecommendations[_].usernames[_].recommendationAction == enum_RecommendationAction[_]
    input.Body.properties.pathRecommendations[_].fileType == enum_FileType[_]
    input.Body.properties.pathRecommendations[_].configurationStatus == enum_ConfigurationStatus[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.groupName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AdaptiveNetworkHardenings_Enforce

enum_AdaptiveNetworkHardeningEnforceAction := [ "enforce" ]
enum_RuleDirection := [ "Inbound", "Outbound" ]
enum_RuleProtocols := [ "TCP", "UDP" ]

valid {
    input.Body.rules[_].name == STRING
    input.Body.rules[_].direction == enum_RuleDirection[_]
    input.Body.rules[_].destinationPort == INTEGER
    input.Body.rules[_].protocols[_] == enum_RuleProtocols[_]
    input.Body.rules[_].ipAddresses[_] == STRING
    input.Body.networkSecurityGroups[_] == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceNamespace == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.ReqMap.adaptiveNetworkHardeningResourceName == STRING
    input.ReqMap.adaptiveNetworkHardeningEnforceAction == enum_AdaptiveNetworkHardeningEnforceAction[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AdaptiveNetworkHardenings_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceNamespace == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.ReqMap.adaptiveNetworkHardeningResourceName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AdaptiveNetworkHardenings_ListByExtendedResource

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.resourceNamespace == STRING
    input.ReqMap.resourceType == STRING
    input.ReqMap.resourceName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AdvancedThreatProtection_Create

enum_AdvancedThreatProtectionSettingName := [ "current" ]

valid {
    input.Body.properties.isEnabled == BOOLEAN
    input.ReqMap.resourceId == STRING
    input.ReqMap.settingName == enum_AdvancedThreatProtectionSettingName[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AdvancedThreatProtection_Get

enum_AdvancedThreatProtectionSettingName := [ "current" ]

valid {
    input.ReqMap.resourceId == STRING
    input.ReqMap.settingName == enum_AdvancedThreatProtectionSettingName[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AlertsSuppressionRules_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.alertsSuppressionRuleName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AlertsSuppressionRules_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.alertsSuppressionRuleName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AlertsSuppressionRules_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.AlertType == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AlertsSuppressionRules_Update

enum_AlertsSuppressionRulePropertiesState := [ "Enabled", "Disabled", "Expired" ]

valid {
    input.Body.properties.alertType == STRING
    input.Body.properties.expirationDateUtc == STRING
    input.Body.properties.reason == STRING
    input.Body.properties.state == enum_AlertsSuppressionRulePropertiesState[_]
    input.Body.properties.comment == STRING
    input.Body.properties.suppressionAlertsScope.allOf[_].field == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.alertsSuppressionRuleName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_GetResourceGroupLevel

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Alerts_GetSubscriptionLevel

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_ListByResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Alerts_ListResourceGroupLevelByRegion

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Alerts_ListSubscriptionLevelByRegion

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_Simulate

enum_AlertSimulatorRequestPropertiesKind := [ "Bundles" ]

valid {
    input.Body.properties.kind == enum_AlertSimulatorRequestPropertiesKind[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_UpdateResourceGroupLevelAlertStateToReactivate

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Alerts_UpdateResourceGroupLevelStateToActivate

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Alerts_UpdateResourceGroupLevelStateToDismiss

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Alerts_UpdateResourceGroupLevelStateToInProgress

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Alerts_UpdateResourceGroupLevelStateToResolve

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Alerts_UpdateSubscriptionLevelAlertStateToReactivate

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_UpdateSubscriptionLevelStateToActivate

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_UpdateSubscriptionLevelStateToDismiss

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_UpdateSubscriptionLevelStateToInProgress

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Alerts_UpdateSubscriptionLevelStateToResolve

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.alertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AllowedConnections_Get

enum_ConnectionType := [ "Internal", "External" ]

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.connectionType == enum_ConnectionType[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AllowedConnections_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AllowedConnections_ListByHomeRegion

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Application_CreateOrUpdate

enum_ApplicationPropertiesSourceResourceType := [ "Assessments" ]

valid {
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.sourceResourceType == enum_ApplicationPropertiesSourceResourceType[_]
    input.Body.properties.conditionSets[_].STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.applicationId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Application_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.applicationId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Application_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.applicationId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Applications_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AssessmentsMetadata_CreateInSubscription

enum_SecurityAssessmentMetadataPropertiesAssessmentType := [ "BuiltIn", "CustomPolicy", "CustomerManaged", "VerifiedPartner" ]
enum_SecurityAssessmentMetadataPropertiesCategories := [ "Compute", "Networking", "Data", "IdentityAndAccess", "IoT" ]
enum_SecurityAssessmentMetadataPropertiesImplementationEffort := [ "Low", "Moderate", "High" ]
enum_SecurityAssessmentMetadataPropertiesResponseTactics := [ "Reconnaissance", "Resource Development", "Initial Access", "Execution", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access", "Discovery", "Lateral Movement", "Collection", "Command and Control", "Exfiltration", "Impact" ]
enum_SecurityAssessmentMetadataPropertiesResponseTechniques := [ "Abuse Elevation Control Mechanism", "Access Token Manipulation", "Account Discovery", "Account Manipulation", "Active Scanning", "Application Layer Protocol", "Audio Capture", "Boot or Logon Autostart Execution", "Boot or Logon Initialization Scripts", "Brute Force", "Cloud Infrastructure Discovery", "Cloud Service Dashboard", "Cloud Service Discovery", "Command and Scripting Interpreter", "Compromise Client Software Binary", "Compromise Infrastructure", "Container and Resource Discovery", "Create Account", "Create or Modify System Process", "Credentials from Password Stores", "Data Destruction", "Data Encrypted for Impact", "Data from Cloud Storage Object", "Data from Configuration Repository", "Data from Information Repositories", "Data from Local System", "Data Manipulation", "Data Staged", "Defacement", "Deobfuscate/Decode Files or Information", "Disk Wipe", "Domain Trust Discovery", "Drive-by Compromise", "Dynamic Resolution", "Endpoint Denial of Service", "Event Triggered Execution", "Exfiltration Over Alternative Protocol", "Exploit Public-Facing Application", "Exploitation for Client Execution", "Exploitation for Credential Access", "Exploitation for Defense Evasion", "Exploitation for Privilege Escalation", "Exploitation of Remote Services", "External Remote Services", "Fallback Channels", "File and Directory Discovery", "Gather Victim Network Information", "Hide Artifacts", "Hijack Execution Flow", "Impair Defenses", "Implant Container Image", "Indicator Removal on Host", "Indirect Command Execution", "Ingress Tool Transfer", "Input Capture", "Inter-Process Communication", "Lateral Tool Transfer", "Man-in-the-Middle", "Masquerading", "Modify Authentication Process", "Modify Registry", "Network Denial of Service", "Network Service Scanning", "Network Sniffing", "Non-Application Layer Protocol", "Non-Standard Port", "Obtain Capabilities", "Obfuscated Files or Information", "Office Application Startup", "OS Credential Dumping", "Permission Groups Discovery", "Phishing", "Pre-OS Boot", "Process Discovery", "Process Injection", "Protocol Tunneling", "Proxy", "Query Registry", "Remote Access Software", "Remote Service Session Hijacking", "Remote Services", "Remote System Discovery", "Resource Hijacking", "Scheduled Task/Job", "Screen Capture", "Search Victim-Owned Websites", "Server Software Component", "Service Stop", "Signed Binary Proxy Execution", "Software Deployment Tools", "SQL Stored Procedures", "Steal or Forge Kerberos Tickets", "Subvert Trust Controls", "Supply Chain Compromise", "System Information Discovery", "Taint Shared Content", "Traffic Signaling", "Transfer Data to Cloud Account", "Trusted Relationship", "Unsecured Credentials", "User Execution", "Valid Accounts", "Windows Management Instrumentation", "File and Directory Permissions Modification" ]
enum_SecurityAssessmentMetadataPropertiesSeverity := [ "Low", "Medium", "High" ]
enum_SecurityAssessmentMetadataPropertiesThreats := [ "accountBreach", "dataExfiltration", "dataSpillage", "maliciousInsider", "elevationOfPrivilege", "threatResistance", "missingCoverage", "denialOfService" ]
enum_SecurityAssessmentMetadataPropertiesUserImpact := [ "Low", "Moderate", "High" ]

valid {
    input.Body.properties.publishDates.GA == STRING
    input.Body.properties.publishDates.public == STRING
    input.Body.properties.plannedDeprecationDate == STRING
    input.Body.properties.tactics[_] == enum_SecurityAssessmentMetadataPropertiesResponseTactics[_]
    input.Body.properties.techniques[_] == enum_SecurityAssessmentMetadataPropertiesResponseTechniques[_]
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.remediationDescription == STRING
    input.Body.properties.categories[_] == enum_SecurityAssessmentMetadataPropertiesCategories[_]
    input.Body.properties.severity == enum_SecurityAssessmentMetadataPropertiesSeverity[_]
    input.Body.properties.userImpact == enum_SecurityAssessmentMetadataPropertiesUserImpact[_]
    input.Body.properties.implementationEffort == enum_SecurityAssessmentMetadataPropertiesImplementationEffort[_]
    input.Body.properties.threats[_] == enum_SecurityAssessmentMetadataPropertiesThreats[_]
    input.Body.properties.preview == BOOLEAN
    input.Body.properties.assessmentType == enum_SecurityAssessmentMetadataPropertiesAssessmentType[_]
    input.Body.properties.partnerData.partnerName == STRING
    input.Body.properties.partnerData.productName == STRING
    input.Body.properties.partnerData.secret == STRING
    input.ReqMap.assessmentMetadataName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AssessmentsMetadata_DeleteInSubscription

valid {
    input.ReqMap.assessmentMetadataName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AssessmentsMetadata_Get

valid {
    input.ReqMap.assessmentMetadataName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AssessmentsMetadata_GetInSubscription

valid {
    input.ReqMap.assessmentMetadataName == STRING
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AssessmentsMetadata_List

valid {
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

AssessmentsMetadata_ListBySubscription

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Assessments_CreateOrUpdate

enum_AssessmentStatusCode := [ "Healthy", "Unhealthy", "NotApplicable" ]
enum_ResourceDetailsSource := [ "Azure", "OnPremise", "OnPremiseSql" ]
enum_SecurityAssessmentMetadataPropertiesAssessmentType := [ "BuiltIn", "CustomPolicy", "CustomerManaged", "VerifiedPartner" ]
enum_SecurityAssessmentMetadataPropertiesCategories := [ "Compute", "Networking", "Data", "IdentityAndAccess", "IoT" ]
enum_SecurityAssessmentMetadataPropertiesImplementationEffort := [ "Low", "Moderate", "High" ]
enum_SecurityAssessmentMetadataPropertiesSeverity := [ "Low", "Medium", "High" ]
enum_SecurityAssessmentMetadataPropertiesThreats := [ "accountBreach", "dataExfiltration", "dataSpillage", "maliciousInsider", "elevationOfPrivilege", "threatResistance", "missingCoverage", "denialOfService" ]
enum_SecurityAssessmentMetadataPropertiesUserImpact := [ "Low", "Moderate", "High" ]

valid {
    input.Body.properties.status.code == enum_AssessmentStatusCode[_]
    input.Body.properties.status.cause == STRING
    input.Body.properties.status.description == STRING
    input.Body.properties.resourceDetails.source == enum_ResourceDetailsSource[_]
    input.Body.properties.additionalData.STRING == STRING
    input.Body.properties.metadata.displayName == STRING
    input.Body.properties.metadata.description == STRING
    input.Body.properties.metadata.remediationDescription == STRING
    input.Body.properties.metadata.categories[_] == enum_SecurityAssessmentMetadataPropertiesCategories[_]
    input.Body.properties.metadata.severity == enum_SecurityAssessmentMetadataPropertiesSeverity[_]
    input.Body.properties.metadata.userImpact == enum_SecurityAssessmentMetadataPropertiesUserImpact[_]
    input.Body.properties.metadata.implementationEffort == enum_SecurityAssessmentMetadataPropertiesImplementationEffort[_]
    input.Body.properties.metadata.threats[_] == enum_SecurityAssessmentMetadataPropertiesThreats[_]
    input.Body.properties.metadata.preview == BOOLEAN
    input.Body.properties.metadata.assessmentType == enum_SecurityAssessmentMetadataPropertiesAssessmentType[_]
    input.Body.properties.metadata.partnerData.partnerName == STRING
    input.Body.properties.metadata.partnerData.productName == STRING
    input.Body.properties.metadata.partnerData.secret == STRING
    input.Body.properties.partnersData.partnerName == STRING
    input.Body.properties.partnersData.secret == STRING
    input.ReqMap.resourceId == STRING
    input.ReqMap.assessmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Assessments_Delete

valid {
    input.ReqMap.resourceId == STRING
    input.ReqMap.assessmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Assessments_Get

enum_ExpandAssessments := [ "links", "metadata" ]

valid {
    input.ReqMap.resourceId == STRING
    input.ReqMap.assessmentName == STRING
    input.Qs.api-version == STRING
    input.Qs.$expand == enum_ExpandAssessments[_]
    input.ProviderMetadata.Region == STRING
}

Assessments_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Assignments_CreateOrUpdate

valid {
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.assignedStandard.id == STRING
    input.Body.properties.assignedComponent.key == STRING
    input.Body.properties.scope == STRING
    input.Body.properties.effect == STRING
    input.Body.properties.expiresOn == STRING
    input.Body.properties.additionalData.exemptionCategory == STRING
    input.Body.properties.metadata.STRING == STRING
    input.Body.STRING == STRING
    input.Body.location == STRING
    input.Body.kind == STRING
    input.Body.etag == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.assignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Assignments_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.assignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Assignments_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.assignmentId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Assignments_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Assignments_ListBySubscription

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AutoProvisioningSettings_Create

enum_AutoProvisioningSettingPropertiesAutoProvision := [ "On", "Off" ]

valid {
    input.Body.properties.autoProvision == enum_AutoProvisioningSettingPropertiesAutoProvision[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.settingName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AutoProvisioningSettings_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.settingName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

AutoProvisioningSettings_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Automations_CreateOrUpdate

enum_AutomationActionActionType := [ "LogicApp", "EventHub", "Workspace" ]
enum_AutomationSourceEventSource := [ "Assessments", "AssessmentsSnapshot", "SubAssessments", "SubAssessmentsSnapshot", "Alerts", "SecureScores", "SecureScoresSnapshot", "SecureScoreControls", "SecureScoreControlsSnapshot", "RegulatoryComplianceAssessment", "RegulatoryComplianceAssessmentSnapshot", "AttackPaths", "AttackPathsSnapshot" ]
enum_AutomationTriggeringRuleOperator := [ "Equals", "GreaterThan", "GreaterThanOrEqualTo", "LesserThan", "LesserThanOrEqualTo", "NotEquals", "Contains", "StartsWith", "EndsWith" ]
enum_AutomationTriggeringRulePropertyType := [ "String", "Integer", "Number", "Boolean" ]

valid {
    input.Body.properties.description == STRING
    input.Body.properties.isEnabled == BOOLEAN
    input.Body.properties.scopes[_].description == STRING
    input.Body.properties.scopes[_].scopePath == STRING
    input.Body.properties.sources[_].eventSource == enum_AutomationSourceEventSource[_]
    input.Body.properties.sources[_].ruleSets[_].rules[_].propertyJPath == STRING
    input.Body.properties.sources[_].ruleSets[_].rules[_].propertyType == enum_AutomationTriggeringRulePropertyType[_]
    input.Body.properties.sources[_].ruleSets[_].rules[_].expectedValue == STRING
    input.Body.properties.sources[_].ruleSets[_].rules[_].operator == enum_AutomationTriggeringRuleOperator[_]
    input.Body.properties.actions[_].actionType == enum_AutomationActionActionType[_]
    input.Body.STRING == STRING
    input.Body.location == STRING
    input.Body.kind == STRING
    input.Body.etag == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.automationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Automations_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.automationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Automations_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.automationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Automations_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Automations_ListByResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Automations_Update

enum_AutomationActionActionType := [ "LogicApp", "EventHub", "Workspace" ]
enum_AutomationSourceEventSource := [ "Assessments", "AssessmentsSnapshot", "SubAssessments", "SubAssessmentsSnapshot", "Alerts", "SecureScores", "SecureScoresSnapshot", "SecureScoreControls", "SecureScoreControlsSnapshot", "RegulatoryComplianceAssessment", "RegulatoryComplianceAssessmentSnapshot", "AttackPaths", "AttackPathsSnapshot" ]
enum_AutomationTriggeringRuleOperator := [ "Equals", "GreaterThan", "GreaterThanOrEqualTo", "LesserThan", "LesserThanOrEqualTo", "NotEquals", "Contains", "StartsWith", "EndsWith" ]
enum_AutomationTriggeringRulePropertyType := [ "String", "Integer", "Number", "Boolean" ]

valid {
    input.Body.properties.description == STRING
    input.Body.properties.isEnabled == BOOLEAN
    input.Body.properties.scopes[_].description == STRING
    input.Body.properties.scopes[_].scopePath == STRING
    input.Body.properties.sources[_].eventSource == enum_AutomationSourceEventSource[_]
    input.Body.properties.sources[_].ruleSets[_].rules[_].propertyJPath == STRING
    input.Body.properties.sources[_].ruleSets[_].rules[_].propertyType == enum_AutomationTriggeringRulePropertyType[_]
    input.Body.properties.sources[_].ruleSets[_].rules[_].expectedValue == STRING
    input.Body.properties.sources[_].ruleSets[_].rules[_].operator == enum_AutomationTriggeringRuleOperator[_]
    input.Body.properties.actions[_].actionType == enum_AutomationActionActionType[_]
    input.Body.tags.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.automationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Automations_Validate

enum_AutomationActionActionType := [ "LogicApp", "EventHub", "Workspace" ]
enum_AutomationSourceEventSource := [ "Assessments", "AssessmentsSnapshot", "SubAssessments", "SubAssessmentsSnapshot", "Alerts", "SecureScores", "SecureScoresSnapshot", "SecureScoreControls", "SecureScoreControlsSnapshot", "RegulatoryComplianceAssessment", "RegulatoryComplianceAssessmentSnapshot", "AttackPaths", "AttackPathsSnapshot" ]
enum_AutomationTriggeringRuleOperator := [ "Equals", "GreaterThan", "GreaterThanOrEqualTo", "LesserThan", "LesserThanOrEqualTo", "NotEquals", "Contains", "StartsWith", "EndsWith" ]
enum_AutomationTriggeringRulePropertyType := [ "String", "Integer", "Number", "Boolean" ]

valid {
    input.Body.properties.description == STRING
    input.Body.properties.isEnabled == BOOLEAN
    input.Body.properties.scopes[_].description == STRING
    input.Body.properties.scopes[_].scopePath == STRING
    input.Body.properties.sources[_].eventSource == enum_AutomationSourceEventSource[_]
    input.Body.properties.sources[_].ruleSets[_].rules[_].propertyJPath == STRING
    input.Body.properties.sources[_].ruleSets[_].rules[_].propertyType == enum_AutomationTriggeringRulePropertyType[_]
    input.Body.properties.sources[_].ruleSets[_].rules[_].expectedValue == STRING
    input.Body.properties.sources[_].ruleSets[_].rules[_].operator == enum_AutomationTriggeringRuleOperator[_]
    input.Body.properties.actions[_].actionType == enum_AutomationActionActionType[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.automationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsOrgs_CreateOrUpdate

enum_ActionableRemediationState := [ "None", "Disabled", "Enabled" ]
enum_AnnotateDefaultBranchState := [ "Disabled", "Enabled" ]
enum_DevOpsProvisioningState := [ "Succeeded", "Failed", "Canceled", "Pending", "PendingDeletion", "DeletionSuccess", "DeletionFailure" ]
enum_InheritFromParentState := [ "Disabled", "Enabled" ]
enum_OnboardingState := [ "NotApplicable", "OnboardedByOtherConnector", "Onboarded", "NotOnboarded" ]
enum_RuleCategory := [ "Code", "Artifacts", "Dependencies", "Secrets", "IaC", "Containers" ]

valid {
    input.Body.properties.provisioningState == enum_DevOpsProvisioningState[_]
    input.Body.properties.onboardingState == enum_OnboardingState[_]
    input.Body.properties.actionableRemediation.state == enum_ActionableRemediationState[_]
    input.Body.properties.actionableRemediation.categoryConfigurations[_].minimumSeverityLevel == STRING
    input.Body.properties.actionableRemediation.categoryConfigurations[_].category == enum_RuleCategory[_]
    input.Body.properties.actionableRemediation.branchConfiguration.branchNames[_] == STRING
    input.Body.properties.actionableRemediation.branchConfiguration.annotateDefaultBranch == enum_AnnotateDefaultBranchState[_]
    input.Body.properties.actionableRemediation.inheritFromParentState == enum_InheritFromParentState[_]
    input.Body.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsOrgs_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsOrgs_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsOrgs_ListAvailable

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsOrgs_Update

enum_ActionableRemediationState := [ "None", "Disabled", "Enabled" ]
enum_AnnotateDefaultBranchState := [ "Disabled", "Enabled" ]
enum_DevOpsProvisioningState := [ "Succeeded", "Failed", "Canceled", "Pending", "PendingDeletion", "DeletionSuccess", "DeletionFailure" ]
enum_InheritFromParentState := [ "Disabled", "Enabled" ]
enum_OnboardingState := [ "NotApplicable", "OnboardedByOtherConnector", "Onboarded", "NotOnboarded" ]
enum_RuleCategory := [ "Code", "Artifacts", "Dependencies", "Secrets", "IaC", "Containers" ]

valid {
    input.Body.properties.provisioningState == enum_DevOpsProvisioningState[_]
    input.Body.properties.onboardingState == enum_OnboardingState[_]
    input.Body.properties.actionableRemediation.state == enum_ActionableRemediationState[_]
    input.Body.properties.actionableRemediation.categoryConfigurations[_].minimumSeverityLevel == STRING
    input.Body.properties.actionableRemediation.categoryConfigurations[_].category == enum_RuleCategory[_]
    input.Body.properties.actionableRemediation.branchConfiguration.branchNames[_] == STRING
    input.Body.properties.actionableRemediation.branchConfiguration.annotateDefaultBranch == enum_AnnotateDefaultBranchState[_]
    input.Body.properties.actionableRemediation.inheritFromParentState == enum_InheritFromParentState[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsProjects_CreateOrUpdate

enum_ActionableRemediationState := [ "None", "Disabled", "Enabled" ]
enum_AnnotateDefaultBranchState := [ "Disabled", "Enabled" ]
enum_DevOpsProvisioningState := [ "Succeeded", "Failed", "Canceled", "Pending", "PendingDeletion", "DeletionSuccess", "DeletionFailure" ]
enum_InheritFromParentState := [ "Disabled", "Enabled" ]
enum_OnboardingState := [ "NotApplicable", "OnboardedByOtherConnector", "Onboarded", "NotOnboarded" ]
enum_RuleCategory := [ "Code", "Artifacts", "Dependencies", "Secrets", "IaC", "Containers" ]

valid {
    input.Body.properties.provisioningState == enum_DevOpsProvisioningState[_]
    input.Body.properties.parentOrgName == STRING
    input.Body.properties.onboardingState == enum_OnboardingState[_]
    input.Body.properties.actionableRemediation.state == enum_ActionableRemediationState[_]
    input.Body.properties.actionableRemediation.categoryConfigurations[_].minimumSeverityLevel == STRING
    input.Body.properties.actionableRemediation.categoryConfigurations[_].category == enum_RuleCategory[_]
    input.Body.properties.actionableRemediation.branchConfiguration.branchNames[_] == STRING
    input.Body.properties.actionableRemediation.branchConfiguration.annotateDefaultBranch == enum_AnnotateDefaultBranchState[_]
    input.Body.properties.actionableRemediation.inheritFromParentState == enum_InheritFromParentState[_]
    input.Body.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.ReqMap.projectName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsProjects_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.ReqMap.projectName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsProjects_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsProjects_Update

enum_ActionableRemediationState := [ "None", "Disabled", "Enabled" ]
enum_AnnotateDefaultBranchState := [ "Disabled", "Enabled" ]
enum_DevOpsProvisioningState := [ "Succeeded", "Failed", "Canceled", "Pending", "PendingDeletion", "DeletionSuccess", "DeletionFailure" ]
enum_InheritFromParentState := [ "Disabled", "Enabled" ]
enum_OnboardingState := [ "NotApplicable", "OnboardedByOtherConnector", "Onboarded", "NotOnboarded" ]
enum_RuleCategory := [ "Code", "Artifacts", "Dependencies", "Secrets", "IaC", "Containers" ]

valid {
    input.Body.properties.provisioningState == enum_DevOpsProvisioningState[_]
    input.Body.properties.parentOrgName == STRING
    input.Body.properties.onboardingState == enum_OnboardingState[_]
    input.Body.properties.actionableRemediation.state == enum_ActionableRemediationState[_]
    input.Body.properties.actionableRemediation.categoryConfigurations[_].minimumSeverityLevel == STRING
    input.Body.properties.actionableRemediation.categoryConfigurations[_].category == enum_RuleCategory[_]
    input.Body.properties.actionableRemediation.branchConfiguration.branchNames[_] == STRING
    input.Body.properties.actionableRemediation.branchConfiguration.annotateDefaultBranch == enum_AnnotateDefaultBranchState[_]
    input.Body.properties.actionableRemediation.inheritFromParentState == enum_InheritFromParentState[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.ReqMap.projectName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsRepos_CreateOrUpdate

enum_ActionableRemediationState := [ "None", "Disabled", "Enabled" ]
enum_AnnotateDefaultBranchState := [ "Disabled", "Enabled" ]
enum_DevOpsProvisioningState := [ "Succeeded", "Failed", "Canceled", "Pending", "PendingDeletion", "DeletionSuccess", "DeletionFailure" ]
enum_InheritFromParentState := [ "Disabled", "Enabled" ]
enum_OnboardingState := [ "NotApplicable", "OnboardedByOtherConnector", "Onboarded", "NotOnboarded" ]
enum_RuleCategory := [ "Code", "Artifacts", "Dependencies", "Secrets", "IaC", "Containers" ]

valid {
    input.Body.properties.provisioningState == enum_DevOpsProvisioningState[_]
    input.Body.properties.parentOrgName == STRING
    input.Body.properties.parentProjectName == STRING
    input.Body.properties.onboardingState == enum_OnboardingState[_]
    input.Body.properties.actionableRemediation.state == enum_ActionableRemediationState[_]
    input.Body.properties.actionableRemediation.categoryConfigurations[_].minimumSeverityLevel == STRING
    input.Body.properties.actionableRemediation.categoryConfigurations[_].category == enum_RuleCategory[_]
    input.Body.properties.actionableRemediation.branchConfiguration.branchNames[_] == STRING
    input.Body.properties.actionableRemediation.branchConfiguration.annotateDefaultBranch == enum_AnnotateDefaultBranchState[_]
    input.Body.properties.actionableRemediation.inheritFromParentState == enum_InheritFromParentState[_]
    input.Body.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.ReqMap.projectName == STRING
    input.ReqMap.repoName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsRepos_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.ReqMap.projectName == STRING
    input.ReqMap.repoName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsRepos_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.ReqMap.projectName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

AzureDevOpsRepos_Update

enum_ActionableRemediationState := [ "None", "Disabled", "Enabled" ]
enum_AnnotateDefaultBranchState := [ "Disabled", "Enabled" ]
enum_DevOpsProvisioningState := [ "Succeeded", "Failed", "Canceled", "Pending", "PendingDeletion", "DeletionSuccess", "DeletionFailure" ]
enum_InheritFromParentState := [ "Disabled", "Enabled" ]
enum_OnboardingState := [ "NotApplicable", "OnboardedByOtherConnector", "Onboarded", "NotOnboarded" ]
enum_RuleCategory := [ "Code", "Artifacts", "Dependencies", "Secrets", "IaC", "Containers" ]

valid {
    input.Body.properties.provisioningState == enum_DevOpsProvisioningState[_]
    input.Body.properties.parentOrgName == STRING
    input.Body.properties.parentProjectName == STRING
    input.Body.properties.onboardingState == enum_OnboardingState[_]
    input.Body.properties.actionableRemediation.state == enum_ActionableRemediationState[_]
    input.Body.properties.actionableRemediation.categoryConfigurations[_].minimumSeverityLevel == STRING
    input.Body.properties.actionableRemediation.categoryConfigurations[_].category == enum_RuleCategory[_]
    input.Body.properties.actionableRemediation.branchConfiguration.branchNames[_] == STRING
    input.Body.properties.actionableRemediation.branchConfiguration.annotateDefaultBranch == enum_AnnotateDefaultBranchState[_]
    input.Body.properties.actionableRemediation.inheritFromParentState == enum_InheritFromParentState[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.orgName == STRING
    input.ReqMap.projectName == STRING
    input.ReqMap.repoName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ComplianceResults_Get

valid {
    input.ReqMap.resourceId == STRING
    input.ReqMap.complianceResultName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

ComplianceResults_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Compliances_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.complianceName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Compliances_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Connectors_CreateOrUpdate

enum_AuthenticationDetailsPropertiesAuthenticationType := [ "awsCreds", "awsAssumeRole", "gcpCredentials" ]
enum_HybridComputeSettingsPropertiesAutoProvision := [ "On", "Off" ]

valid {
    input.Body.properties.hybridComputeSettings.autoProvision == enum_HybridComputeSettingsPropertiesAutoProvision[_]
    input.Body.properties.hybridComputeSettings.resourceGroupName == STRING
    input.Body.properties.hybridComputeSettings.region == STRING
    input.Body.properties.hybridComputeSettings.proxyServer.ip == STRING
    input.Body.properties.hybridComputeSettings.proxyServer.port == STRING
    input.Body.properties.hybridComputeSettings.servicePrincipal.applicationId == STRING
    input.Body.properties.hybridComputeSettings.servicePrincipal.secret == STRING
    input.Body.properties.authenticationDetails.authenticationType == enum_AuthenticationDetailsPropertiesAuthenticationType[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.connectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Connectors_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.connectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Connectors_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.connectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Connectors_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

CustomAssessmentAutomations_Create

enum_customAssessmentAutomationRequestPropertiesSeverity := [ "High", "Medium", "Low" ]
enum_customAssessmentAutomationRequestPropertiesSupportedCloud := [ "AWS", "GCP" ]

valid {
    input.Body.properties.compressedQuery == STRING
    input.Body.properties.supportedCloud == enum_customAssessmentAutomationRequestPropertiesSupportedCloud[_]
    input.Body.properties.severity == enum_customAssessmentAutomationRequestPropertiesSeverity[_]
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.remediationDescription == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.customAssessmentAutomationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

CustomAssessmentAutomations_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.customAssessmentAutomationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

CustomAssessmentAutomations_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.customAssessmentAutomationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

CustomAssessmentAutomations_ListByResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

CustomAssessmentAutomations_ListBySubscription

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

CustomEntityStoreAssignments_Create

valid {
    input.Body.properties.principal == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.customEntityStoreAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

CustomEntityStoreAssignments_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.customEntityStoreAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

CustomEntityStoreAssignments_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.customEntityStoreAssignmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

CustomEntityStoreAssignments_ListByResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

CustomEntityStoreAssignments_ListBySubscription

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

DefenderForStorage_Create

enum_DefenderForStorageSettingName := [ "current" ]

valid {
    input.Body.properties.isEnabled == BOOLEAN
    input.Body.properties.malwareScanning.onUpload.isEnabled == BOOLEAN
    input.Body.properties.malwareScanning.onUpload.capGBPerMonth == INTEGER
    input.Body.properties.malwareScanning.scanResultsEventGridTopicResourceId == STRING
    input.Body.properties.sensitiveDataDiscovery.isEnabled == BOOLEAN
    input.Body.properties.overrideSubscriptionLevelSettings == BOOLEAN
    input.ReqMap.resourceId == STRING
    input.ReqMap.settingName == enum_DefenderForStorageSettingName[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DefenderForStorage_Get

enum_DefenderForStorageSettingName := [ "current" ]

valid {
    input.ReqMap.resourceId == STRING
    input.ReqMap.settingName == enum_DefenderForStorageSettingName[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DevOpsConfigurations_CreateOrUpdate

enum_AutoDiscovery := [ "Disabled", "Enabled", "NotApplicable" ]
enum_DevOpsProvisioningState := [ "Succeeded", "Failed", "Canceled", "Pending", "PendingDeletion", "DeletionSuccess", "DeletionFailure" ]

valid {
    input.Body.properties.provisioningState == enum_DevOpsProvisioningState[_]
    input.Body.properties.authorization.code == STRING
    input.Body.properties.autoDiscovery == enum_AutoDiscovery[_]
    input.Body.properties.topLevelInventoryList[_] == STRING
    input.Body.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DevOpsConfigurations_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DevOpsConfigurations_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DevOpsConfigurations_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DevOpsConfigurations_Update

enum_AutoDiscovery := [ "Disabled", "Enabled", "NotApplicable" ]
enum_DevOpsProvisioningState := [ "Succeeded", "Failed", "Canceled", "Pending", "PendingDeletion", "DeletionSuccess", "DeletionFailure" ]

valid {
    input.Body.properties.provisioningState == enum_DevOpsProvisioningState[_]
    input.Body.properties.authorization.code == STRING
    input.Body.properties.autoDiscovery == enum_AutoDiscovery[_]
    input.Body.properties.topLevelInventoryList[_] == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DevOpsOperationResults_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.operationResultId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DeviceSecurityGroups_CreateOrUpdate

valid {
    input.Body.properties.thresholdRules[_].minThreshold == INTEGER
    input.Body.properties.thresholdRules[_].maxThreshold == INTEGER
    input.Body.properties.thresholdRules[_].isEnabled == BOOLEAN
    input.Body.properties.thresholdRules[_].ruleType == STRING
    input.Body.properties.timeWindowRules[_].timeWindowSize == STRING
    input.Body.properties.timeWindowRules[_].minThreshold == INTEGER
    input.Body.properties.timeWindowRules[_].maxThreshold == INTEGER
    input.Body.properties.allowlistRules[_].allowlistValues[_] == STRING
    input.Body.properties.allowlistRules[_].isEnabled == BOOLEAN
    input.Body.properties.allowlistRules[_].ruleType == STRING
    input.Body.properties.denylistRules[_].denylistValues[_] == STRING
    input.ReqMap.resourceId == STRING
    input.ReqMap.deviceSecurityGroupName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DeviceSecurityGroups_Delete

valid {
    input.ReqMap.resourceId == STRING
    input.ReqMap.deviceSecurityGroupName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DeviceSecurityGroups_Get

valid {
    input.ReqMap.resourceId == STRING
    input.ReqMap.deviceSecurityGroupName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DeviceSecurityGroups_List

valid {
    input.ReqMap.resourceId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

DiscoveredSecuritySolutions_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.discoveredSecuritySolutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

DiscoveredSecuritySolutions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

DiscoveredSecuritySolutions_ListByHomeRegion

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

ExternalSecuritySolutions_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.externalSecuritySolutionsName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

ExternalSecuritySolutions_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

ExternalSecuritySolutions_ListByHomeRegion

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

GitHubOwners_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.ownerName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitHubOwners_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitHubOwners_ListAvailable

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitHubRepos_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.ownerName == STRING
    input.ReqMap.repoName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitHubRepos_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.ownerName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitLabGroups_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.groupFQName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitLabGroups_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitLabGroups_ListAvailable

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitLabProjects_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.groupFQName == STRING
    input.ReqMap.projectName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitLabProjects_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.groupFQName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GitLabSubgroups_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.securityConnectorName == STRING
    input.ReqMap.groupFQName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

GovernanceAssignments_CreateOrUpdate

valid {
    input.Body.properties.owner == STRING
    input.Body.properties.remediationDueDate == STRING
    input.Body.properties.remediationEta.eta == STRING
    input.Body.properties.remediationEta.justification == STRING
    input.Body.properties.isGracePeriod == BOOLEAN
    input.Body.properties.governanceEmailNotification.disableManagerEmailNotification == BOOLEAN
    input.Body.properties.governanceEmailNotification.disableOwnerEmailNotification == BOOLEAN
    input.Body.properties.additionalData.ticketNumber == INTEGER
    input.Body.properties.additionalData.ticketLink == STRING
    input.Body.properties.additionalData.ticketStatus == STRING
    input.ReqMap.scope == STRING
    input.ReqMap.assessmentName == STRING
    input.ReqMap.assignmentKey == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceAssignments_Delete

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.assessmentName == STRING
    input.ReqMap.assignmentKey == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceAssignments_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.assessmentName == STRING
    input.ReqMap.assignmentKey == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceAssignments_List

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.assessmentName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceRules_CreateOrUpdate

enum_GovernanceRuleOwnerSourceType := [ "ByTag", "Manually" ]
enum_GovernanceRulePropertiesRuleType := [ "Integrated", "ServiceNow" ]
enum_GovernanceRulePropertiesSourceResourceType := [ "Assessments" ]

valid {
    input.Body.properties.displayName == STRING
    input.Body.properties.description == STRING
    input.Body.properties.remediationTimeframe == STRING
    input.Body.properties.isGracePeriod == BOOLEAN
    input.Body.properties.rulePriority == INTEGER
    input.Body.properties.isDisabled == BOOLEAN
    input.Body.properties.ruleType == enum_GovernanceRulePropertiesRuleType[_]
    input.Body.properties.sourceResourceType == enum_GovernanceRulePropertiesSourceResourceType[_]
    input.Body.properties.excludedScopes[_] == STRING
    input.Body.properties.conditionSets[_].STRING == STRING
    input.Body.properties.includeMemberScopes == BOOLEAN
    input.Body.properties.ownerSource.type == enum_GovernanceRuleOwnerSourceType[_]
    input.Body.properties.ownerSource.value == STRING
    input.Body.properties.governanceEmailNotification.disableManagerEmailNotification == BOOLEAN
    input.Body.properties.governanceEmailNotification.disableOwnerEmailNotification == BOOLEAN
    input.Body.properties.metadata == {}
    input.ReqMap.scope == STRING
    input.ReqMap.ruleId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceRules_Delete

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.ruleId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceRules_Execute

valid {
    input.Body.override == BOOLEAN
    input.ReqMap.scope == STRING
    input.ReqMap.ruleId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceRules_Get

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.ruleId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceRules_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

GovernanceRules_OperationResults

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.ruleId == STRING
    input.ReqMap.operationId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

HealthReports_Get

valid {
    input.ReqMap.resourceId == STRING
    input.ReqMap.healthReportName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

HealthReports_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

InformationProtectionPolicies_CreateOrUpdate

enum_InformationProtectionPolicyName := [ "effective", "custom" ]
enum_SensitivityLabelRank := [ "None", "Low", "Medium", "High", "Critical" ]

valid {
    input.Body.properties.labels.STRING.displayName == STRING
    input.Body.properties.labels.STRING.description == STRING
    input.Body.properties.labels.STRING.rank == enum_SensitivityLabelRank[_]
    input.Body.properties.labels.STRING.order == INTEGER
    input.Body.properties.labels.STRING.enabled == BOOLEAN
    input.Body.properties.informationTypes.STRING.displayName == STRING
    input.Body.properties.informationTypes.STRING.description == STRING
    input.Body.properties.informationTypes.STRING.order == INTEGER
    input.Body.properties.informationTypes.STRING.recommendedLabelId == STRING
    input.Body.properties.informationTypes.STRING.enabled == BOOLEAN
    input.Body.properties.informationTypes.STRING.custom == BOOLEAN
    input.Body.properties.informationTypes.STRING.keywords[_].pattern == STRING
    input.Body.properties.informationTypes.STRING.keywords[_].custom == BOOLEAN
    input.Body.properties.informationTypes.STRING.keywords[_].canBeNumeric == BOOLEAN
    input.Body.properties.informationTypes.STRING.keywords[_].excluded == BOOLEAN
    input.ReqMap.scope == STRING
    input.ReqMap.informationProtectionPolicyName == enum_InformationProtectionPolicyName[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

InformationProtectionPolicies_Get

enum_InformationProtectionPolicyName := [ "effective", "custom" ]

valid {
    input.ReqMap.scope == STRING
    input.ReqMap.informationProtectionPolicyName == enum_InformationProtectionPolicyName[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

InformationProtectionPolicies_List

valid {
    input.ReqMap.scope == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

IotAlertTypes_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.ReqMap.iotAlertTypeName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotAlertTypes_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotAlerts_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.ReqMap.iotAlertId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotAlerts_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.Qs.startTimeUtc> == STRING
    input.Qs.startTimeUtc< == STRING
    input.Qs.alertType == STRING
    input.Qs.compromisedEntity == STRING
    input.Qs.$limit == INTEGER
    input.Qs.$skipToken == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotRecommendationTypes_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.ReqMap.iotRecommendationTypeName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotRecommendationTypes_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotRecommendations_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.ReqMap.iotRecommendationId == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotRecommendations_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.Qs.recommendationType == STRING
    input.Qs.deviceId == STRING
    input.Qs.$limit == INTEGER
    input.Qs.$skipToken == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolutionAnalytics_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolutionAnalytics_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolution_CreateOrUpdate

enum_AdditionalWorkspacesPropertiesDataTypes := [ "Alerts", "RawEvents" ]
enum_AdditionalWorkspacesPropertiesType := [ "Sentinel" ]
enum_IoTSecuritySolutionPropertiesDisabledDataSources := [ "TwinData" ]
enum_IoTSecuritySolutionPropertiesExport := [ "RawEvents" ]
enum_IoTSecuritySolutionPropertiesStatus := [ "Enabled", "Disabled" ]
enum_IoTSecuritySolutionPropertiesUnmaskedIpLoggingStatus := [ "Disabled", "Enabled" ]
enum_RecommendationConfigurationPropertiesRecommendationType := [ "IoT_ACRAuthentication", "IoT_AgentSendsUnutilizedMessages", "IoT_Baseline", "IoT_EdgeHubMemOptimize", "IoT_EdgeLoggingOptions", "IoT_InconsistentModuleSettings", "IoT_InstallAgent", "IoT_IPFilter_DenyAll", "IoT_IPFilter_PermissiveRule", "IoT_OpenPorts", "IoT_PermissiveFirewallPolicy", "IoT_PermissiveInputFirewallRules", "IoT_PermissiveOutputFirewallRules", "IoT_PrivilegedDockerOptions", "IoT_SharedCredentials", "IoT_VulnerableTLSCipherSuite" ]
enum_RecommendationConfigurationPropertiesStatus := [ "Disabled", "Enabled" ]

valid {
    input.Body.location == STRING
    input.Body.properties.workspace == STRING
    input.Body.properties.displayName == STRING
    input.Body.properties.status == enum_IoTSecuritySolutionPropertiesStatus[_]
    input.Body.properties.export[_] == enum_IoTSecuritySolutionPropertiesExport[_]
    input.Body.properties.disabledDataSources[_] == enum_IoTSecuritySolutionPropertiesDisabledDataSources[_]
    input.Body.properties.iotHubs[_] == STRING
    input.Body.properties.userDefinedResources.query == STRING
    input.Body.properties.userDefinedResources.querySubscriptions[_] == STRING
    input.Body.properties.recommendationsConfiguration[_].recommendationType == enum_RecommendationConfigurationPropertiesRecommendationType[_]
    input.Body.properties.recommendationsConfiguration[_].status == enum_RecommendationConfigurationPropertiesStatus[_]
    input.Body.properties.unmaskedIpLoggingStatus == enum_IoTSecuritySolutionPropertiesUnmaskedIpLoggingStatus[_]
    input.Body.properties.additionalWorkspaces[_].workspace == STRING
    input.Body.properties.additionalWorkspaces[_].type == enum_AdditionalWorkspacesPropertiesType[_]
    input.Body.properties.additionalWorkspaces[_].dataTypes[_] == enum_AdditionalWorkspacesPropertiesDataTypes[_]
    input.Body.tags.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolution_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolution_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolution_ListByResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolution_ListBySubscription

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.Qs.$filter == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

IotSecuritySolution_Update

enum_RecommendationConfigurationPropertiesRecommendationType := [ "IoT_ACRAuthentication", "IoT_AgentSendsUnutilizedMessages", "IoT_Baseline", "IoT_EdgeHubMemOptimize", "IoT_EdgeLoggingOptions", "IoT_InconsistentModuleSettings", "IoT_InstallAgent", "IoT_IPFilter_DenyAll", "IoT_IPFilter_PermissiveRule", "IoT_OpenPorts", "IoT_PermissiveFirewallPolicy", "IoT_PermissiveInputFirewallRules", "IoT_PermissiveOutputFirewallRules", "IoT_PrivilegedDockerOptions", "IoT_SharedCredentials", "IoT_VulnerableTLSCipherSuite" ]
enum_RecommendationConfigurationPropertiesStatus := [ "Disabled", "Enabled" ]

valid {
    input.Body.properties.userDefinedResources.query == STRING
    input.Body.properties.userDefinedResources.querySubscriptions[_] == STRING
    input.Body.properties.recommendationsConfiguration[_].recommendationType == enum_RecommendationConfigurationPropertiesRecommendationType[_]
    input.Body.properties.recommendationsConfiguration[_].status == enum_RecommendationConfigurationPropertiesStatus[_]
    input.Body.tags.STRING == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolutionsAnalyticsAggregatedAlert_Dismiss

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.ReqMap.aggregatedAlertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolutionsAnalyticsAggregatedAlert_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.ReqMap.aggregatedAlertName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolutionsAnalyticsAggregatedAlert_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolutionsAnalyticsRecommendation_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.ReqMap.aggregatedRecommendationName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

IotSecuritySolutionsAnalyticsRecommendation_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.solutionName == STRING
    input.Qs.api-version == STRING
    input.Qs.$top == INTEGER
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

JitNetworkAccessPolicies_CreateOrUpdate

enum_JitNetworkAccessPortRuleProtocol := [ "TCP", "UDP", "*" ]
enum_JitNetworkAccessRequestPortStatus := [ "Revoked", "Initiated" ]
enum_JitNetworkAccessRequestPortStatusReason := [ "Expired", "UserRequested", "NewerRequestInitiated" ]

valid {
    input.Body.properties.virtualMachines[_].id == STRING
    input.Body.properties.virtualMachines[_].ports[_].number == INTEGER
    input.Body.properties.virtualMachines[_].ports[_].protocol == enum_JitNetworkAccessPortRuleProtocol[_]
    input.Body.properties.virtualMachines[_].ports[_].allowedSourceAddressPrefix == STRING
    input.Body.properties.virtualMachines[_].ports[_].allowedSourceAddressPrefixes[_] == STRING
    input.Body.properties.virtualMachines[_].ports[_].maxRequestAccessDuration == STRING
    input.Body.properties.virtualMachines[_].publicIpAddress == STRING
    input.Body.properties.requests[_].virtualMachines[_].id == STRING
    input.Body.properties.requests[_].virtualMachines[_].ports[_].number == INTEGER
    input.Body.properties.requests[_].virtualMachines[_].ports[_].allowedSourceAddressPrefix == STRING
    input.Body.properties.requests[_].virtualMachines[_].ports[_].allowedSourceAddressPrefixes[_] == STRING
    input.Body.properties.requests[_].virtualMachines[_].ports[_].endTimeUtc == STRING
    input.Body.properties.requests[_].virtualMachines[_].ports[_].status == enum_JitNetworkAccessRequestPortStatus[_]
    input.Body.properties.requests[_].virtualMachines[_].ports[_].statusReason == enum_JitNetworkAccessRequestPortStatusReason[_]
    input.Body.properties.requests[_].virtualMachines[_].ports[_].mappedPort == INTEGER
    input.Body.properties.requests[_].startTimeUtc == STRING
    input.Body.properties.requests[_].requestor == STRING
    input.Body.properties.requests[_].justification == STRING
    input.Body.kind == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.jitNetworkAccessPolicyName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

JitNetworkAccessPolicies_Delete

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.jitNetworkAccessPolicyName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

JitNetworkAccessPolicies_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.jitNetworkAccessPolicyName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

JitNetworkAccessPolicies_Initiate

enum_JitNetworkAccessPolicyInitiateType := [ "initiate" ]

valid {
    input.Body.virtualMachines[_].id == STRING
    input.Body.virtualMachines[_].ports[_].number == INTEGER
    input.Body.virtualMachines[_].ports[_].allowedSourceAddressPrefix == STRING
    input.Body.virtualMachines[_].ports[_].endTimeUtc == STRING
    input.Body.justification == STRING
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.ReqMap.jitNetworkAccessPolicyName == STRING
    input.ReqMap.jitNetworkAccessPolicyInitiateType == enum_JitNetworkAccessPolicyInitiateType[_]
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

JitNetworkAccessPolicies_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

JitNetworkAccessPolicies_ListByRegion

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

JitNetworkAccessPolicies_ListByResourceGroup

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

JitNetworkAccessPolicies_ListByResourceGroupAndRegion

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.ascLocation == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Locations_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ascLocation == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Locations_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

MdeOnboardings_Get

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

MdeOnboardings_List

valid {
    input.ReqMap.SubscriptionID == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
}

Operations_List

valid {
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}

Pricings_CreateOrUpdateResourceGroupPricing

enum_PricingPropertiesPricingTier := [ "Free", "Standard" ]

valid {
    input.Body.properties.pricingTier == enum_PricingPropertiesPricingTier[_]
    input.ReqMap.SubscriptionID == STRING
    input.ReqMap.ResourceGroup == STRING
    input.ReqMap.pricingName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.SubscriptionID == STRING
    input.ProviderMetadata.ResourceGroup == STRING
}

Pricings_Delete

valid {
    input.ReqMap.scopeId == STRING
    input.ReqMap.pricingName == STRING
    input.Qs.api-version == STRING
    input.ProviderMetadata.Region == STRING
}