NETWORKSECURITY

networksecurity.organizations.locations.addressGroups.addItems

valid {
    input.Body.items[_] == STRING
    input.Body.requestId == STRING
    input.ReqMap.addressGroup == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.addressGroups.cloneItems

valid {
    input.Body.requestId == STRING
    input.Body.sourceAddressGroup == STRING
    input.ReqMap.addressGroup == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.addressGroups.create

enum_AddressGroupPurpose := [ "PURPOSE_UNSPECIFIED", "DEFAULT", "CLOUD_ARMOR" ]
enum_AddressGroupType := [ "TYPE_UNSPECIFIED", "IPV4", "IPV6" ]

valid {
    input.Body.capacity == INTEGER
    input.Body.description == STRING
    input.Body.items[_] == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.purpose[_] == enum_AddressGroupPurpose[_]
    input.Body.type == enum_AddressGroupType[_]
    input.ReqMap.parent == STRING
    input.Qs.addressGroupId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.addressGroups.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.addressGroups.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.addressGroups.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.addressGroups.listReferences

valid {
    input.ReqMap.addressGroup == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.addressGroups.patch

enum_AddressGroupPurpose := [ "PURPOSE_UNSPECIFIED", "DEFAULT", "CLOUD_ARMOR" ]
enum_AddressGroupType := [ "TYPE_UNSPECIFIED", "IPV4", "IPV6" ]

valid {
    input.Body.capacity == INTEGER
    input.Body.description == STRING
    input.Body.items[_] == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.purpose[_] == enum_AddressGroupPurpose[_]
    input.Body.type == enum_AddressGroupType[_]
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.addressGroups.removeItems

valid {
    input.Body.items[_] == STRING
    input.Body.requestId == STRING
    input.ReqMap.addressGroup == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.firewallEndpoints.create

valid {
    input.Body.billingProjectId == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.firewallEndpointId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.firewallEndpoints.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.firewallEndpoints.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.firewallEndpoints.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.firewallEndpoints.patch

valid {
    input.Body.billingProjectId == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.operations.cancel

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.operations.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.operations.list

valid {
    input.ReqMap.name == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfileGroups.create

valid {
    input.Body.customInterceptProfile == STRING
    input.Body.customMirroringProfile == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.threatPreventionProfile == STRING
    input.ReqMap.parent == STRING
    input.Qs.securityProfileGroupId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfileGroups.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.etag == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfileGroups.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfileGroups.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfileGroups.patch

valid {
    input.Body.customInterceptProfile == STRING
    input.Body.customMirroringProfile == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.threatPreventionProfile == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfiles.create

enum_SecurityProfileType := [ "PROFILE_TYPE_UNSPECIFIED", "THREAT_PREVENTION", "CUSTOM_MIRRORING", "CUSTOM_INTERCEPT" ]
enum_SeverityOverrideAction := [ "THREAT_ACTION_UNSPECIFIED", "DEFAULT_ACTION", "ALLOW", "ALERT", "DENY" ]
enum_SeverityOverrideSeverity := [ "SEVERITY_UNSPECIFIED", "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_ThreatOverrideAction := [ "THREAT_ACTION_UNSPECIFIED", "DEFAULT_ACTION", "ALLOW", "ALERT", "DENY" ]

valid {
    input.Body.customInterceptProfile.interceptEndpointGroup == STRING
    input.Body.customMirroringProfile.mirroringEndpointGroup == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.threatPreventionProfile.severityOverrides[_].action == enum_SeverityOverrideAction[_]
    input.Body.threatPreventionProfile.severityOverrides[_].severity == enum_SeverityOverrideSeverity[_]
    input.Body.threatPreventionProfile.threatOverrides[_].action == enum_ThreatOverrideAction[_]
    input.Body.threatPreventionProfile.threatOverrides[_].threatId == STRING
    input.Body.type == enum_SecurityProfileType[_]
    input.ReqMap.parent == STRING
    input.Qs.securityProfileId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfiles.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.etag == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfiles.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfiles.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.organizations.locations.securityProfiles.patch

enum_SecurityProfileType := [ "PROFILE_TYPE_UNSPECIFIED", "THREAT_PREVENTION", "CUSTOM_MIRRORING", "CUSTOM_INTERCEPT" ]
enum_SeverityOverrideAction := [ "THREAT_ACTION_UNSPECIFIED", "DEFAULT_ACTION", "ALLOW", "ALERT", "DENY" ]
enum_SeverityOverrideSeverity := [ "SEVERITY_UNSPECIFIED", "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_ThreatOverrideAction := [ "THREAT_ACTION_UNSPECIFIED", "DEFAULT_ACTION", "ALLOW", "ALERT", "DENY" ]

valid {
    input.Body.customInterceptProfile.interceptEndpointGroup == STRING
    input.Body.customMirroringProfile.mirroringEndpointGroup == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.threatPreventionProfile.severityOverrides[_].action == enum_SeverityOverrideAction[_]
    input.Body.threatPreventionProfile.severityOverrides[_].severity == enum_SeverityOverrideSeverity[_]
    input.Body.threatPreventionProfile.threatOverrides[_].action == enum_ThreatOverrideAction[_]
    input.Body.threatPreventionProfile.threatOverrides[_].threatId == STRING
    input.Body.type == enum_SecurityProfileType[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.addItems

valid {
    input.Body.items[_] == STRING
    input.Body.requestId == STRING
    input.ReqMap.addressGroup == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.cloneItems

valid {
    input.Body.requestId == STRING
    input.Body.sourceAddressGroup == STRING
    input.ReqMap.addressGroup == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.create

enum_AddressGroupPurpose := [ "PURPOSE_UNSPECIFIED", "DEFAULT", "CLOUD_ARMOR" ]
enum_AddressGroupType := [ "TYPE_UNSPECIFIED", "IPV4", "IPV6" ]

valid {
    input.Body.capacity == INTEGER
    input.Body.description == STRING
    input.Body.items[_] == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.purpose[_] == enum_AddressGroupPurpose[_]
    input.Body.type == enum_AddressGroupType[_]
    input.ReqMap.parent == STRING
    input.Qs.addressGroupId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.listReferences

valid {
    input.ReqMap.addressGroup == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.patch

enum_AddressGroupPurpose := [ "PURPOSE_UNSPECIFIED", "DEFAULT", "CLOUD_ARMOR" ]
enum_AddressGroupType := [ "TYPE_UNSPECIFIED", "IPV4", "IPV6" ]

valid {
    input.Body.capacity == INTEGER
    input.Body.description == STRING
    input.Body.items[_] == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.purpose[_] == enum_AddressGroupPurpose[_]
    input.Body.type == enum_AddressGroupType[_]
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.removeItems

valid {
    input.Body.items[_] == STRING
    input.Body.requestId == STRING
    input.ReqMap.addressGroup == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.setIamPolicy

enum_GoogleIamV1AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_GoogleIamV1AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.addressGroups.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authorizationPolicies.create

enum_AuthorizationPolicyAction := [ "ACTION_UNSPECIFIED", "ALLOW", "DENY" ]

valid {
    input.Body.action == enum_AuthorizationPolicyAction[_]
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.rules[_].destinations[_].hosts[_] == STRING
    input.Body.rules[_].destinations[_].httpHeaderMatch.headerName == STRING
    input.Body.rules[_].destinations[_].httpHeaderMatch.regexMatch == STRING
    input.Body.rules[_].destinations[_].methods[_] == STRING
    input.Body.rules[_].destinations[_].ports[_] == INTEGER
    input.Body.rules[_].sources[_].ipBlocks[_] == STRING
    input.Body.rules[_].sources[_].principals[_] == STRING
    input.ReqMap.parent == STRING
    input.Qs.authorizationPolicyId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authorizationPolicies.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authorizationPolicies.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authorizationPolicies.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authorizationPolicies.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authorizationPolicies.patch

enum_AuthorizationPolicyAction := [ "ACTION_UNSPECIFIED", "ALLOW", "DENY" ]

valid {
    input.Body.action == enum_AuthorizationPolicyAction[_]
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.rules[_].destinations[_].hosts[_] == STRING
    input.Body.rules[_].destinations[_].httpHeaderMatch.headerName == STRING
    input.Body.rules[_].destinations[_].httpHeaderMatch.regexMatch == STRING
    input.Body.rules[_].destinations[_].methods[_] == STRING
    input.Body.rules[_].destinations[_].ports[_] == INTEGER
    input.Body.rules[_].sources[_].ipBlocks[_] == STRING
    input.Body.rules[_].sources[_].principals[_] == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authorizationPolicies.setIamPolicy

enum_GoogleIamV1AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_GoogleIamV1AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authorizationPolicies.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authzPolicies.create

enum_AuthzPolicyAction := [ "AUTHZ_ACTION_UNSPECIFIED", "ALLOW", "DENY", "CUSTOM" ]
enum_AuthzPolicyTargetLoadBalancingScheme := [ "LOAD_BALANCING_SCHEME_UNSPECIFIED", "INTERNAL_MANAGED", "EXTERNAL_MANAGED", "INTERNAL_SELF_MANAGED" ]

valid {
    input.Body.action == enum_AuthzPolicyAction[_]
    input.Body.customProvider.authzExtension.resources[_] == STRING
    input.Body.customProvider.cloudIap.STRING == STRING
    input.Body.description == STRING
    input.Body.httpRules[_].from.notSources[_].principals[_].contains == STRING
    input.Body.httpRules[_].from.notSources[_].principals[_].exact == STRING
    input.Body.httpRules[_].from.notSources[_].principals[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].from.notSources[_].principals[_].prefix == STRING
    input.Body.httpRules[_].from.notSources[_].principals[_].suffix == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.contains == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.exact == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.ignoreCase == BOOLEAN
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.prefix == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.suffix == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].tagValueIdSet.ids[_] == STRING
    input.Body.httpRules[_].from.sources[_].principals[_].contains == STRING
    input.Body.httpRules[_].from.sources[_].principals[_].exact == STRING
    input.Body.httpRules[_].from.sources[_].principals[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].from.sources[_].principals[_].prefix == STRING
    input.Body.httpRules[_].from.sources[_].principals[_].suffix == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.contains == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.exact == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.ignoreCase == BOOLEAN
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.prefix == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.suffix == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].tagValueIdSet.ids[_] == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].name == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.contains == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.exact == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.prefix == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.suffix == STRING
    input.Body.httpRules[_].to.notOperations[_].hosts[_].contains == STRING
    input.Body.httpRules[_].to.notOperations[_].hosts[_].exact == STRING
    input.Body.httpRules[_].to.notOperations[_].hosts[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.notOperations[_].hosts[_].prefix == STRING
    input.Body.httpRules[_].to.notOperations[_].hosts[_].suffix == STRING
    input.Body.httpRules[_].to.notOperations[_].methods[_] == STRING
    input.Body.httpRules[_].to.notOperations[_].paths[_].contains == STRING
    input.Body.httpRules[_].to.notOperations[_].paths[_].exact == STRING
    input.Body.httpRules[_].to.notOperations[_].paths[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.notOperations[_].paths[_].prefix == STRING
    input.Body.httpRules[_].to.notOperations[_].paths[_].suffix == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].name == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.contains == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.exact == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.prefix == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.suffix == STRING
    input.Body.httpRules[_].to.operations[_].hosts[_].contains == STRING
    input.Body.httpRules[_].to.operations[_].hosts[_].exact == STRING
    input.Body.httpRules[_].to.operations[_].hosts[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.operations[_].hosts[_].prefix == STRING
    input.Body.httpRules[_].to.operations[_].hosts[_].suffix == STRING
    input.Body.httpRules[_].to.operations[_].methods[_] == STRING
    input.Body.httpRules[_].to.operations[_].paths[_].contains == STRING
    input.Body.httpRules[_].to.operations[_].paths[_].exact == STRING
    input.Body.httpRules[_].to.operations[_].paths[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.operations[_].paths[_].prefix == STRING
    input.Body.httpRules[_].to.operations[_].paths[_].suffix == STRING
    input.Body.httpRules[_].when == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.target.loadBalancingScheme == enum_AuthzPolicyTargetLoadBalancingScheme[_]
    input.Body.target.resources[_] == STRING
    input.ReqMap.parent == STRING
    input.Qs.authzPolicyId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authzPolicies.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authzPolicies.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authzPolicies.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authzPolicies.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authzPolicies.patch

enum_AuthzPolicyAction := [ "AUTHZ_ACTION_UNSPECIFIED", "ALLOW", "DENY", "CUSTOM" ]
enum_AuthzPolicyTargetLoadBalancingScheme := [ "LOAD_BALANCING_SCHEME_UNSPECIFIED", "INTERNAL_MANAGED", "EXTERNAL_MANAGED", "INTERNAL_SELF_MANAGED" ]

valid {
    input.Body.action == enum_AuthzPolicyAction[_]
    input.Body.customProvider.authzExtension.resources[_] == STRING
    input.Body.customProvider.cloudIap.STRING == STRING
    input.Body.description == STRING
    input.Body.httpRules[_].from.notSources[_].principals[_].contains == STRING
    input.Body.httpRules[_].from.notSources[_].principals[_].exact == STRING
    input.Body.httpRules[_].from.notSources[_].principals[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].from.notSources[_].principals[_].prefix == STRING
    input.Body.httpRules[_].from.notSources[_].principals[_].suffix == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.contains == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.exact == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.ignoreCase == BOOLEAN
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.prefix == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].iamServiceAccount.suffix == STRING
    input.Body.httpRules[_].from.notSources[_].resources[_].tagValueIdSet.ids[_] == STRING
    input.Body.httpRules[_].from.sources[_].principals[_].contains == STRING
    input.Body.httpRules[_].from.sources[_].principals[_].exact == STRING
    input.Body.httpRules[_].from.sources[_].principals[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].from.sources[_].principals[_].prefix == STRING
    input.Body.httpRules[_].from.sources[_].principals[_].suffix == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.contains == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.exact == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.ignoreCase == BOOLEAN
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.prefix == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].iamServiceAccount.suffix == STRING
    input.Body.httpRules[_].from.sources[_].resources[_].tagValueIdSet.ids[_] == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].name == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.contains == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.exact == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.prefix == STRING
    input.Body.httpRules[_].to.notOperations[_].headerSet.headers[_].value.suffix == STRING
    input.Body.httpRules[_].to.notOperations[_].hosts[_].contains == STRING
    input.Body.httpRules[_].to.notOperations[_].hosts[_].exact == STRING
    input.Body.httpRules[_].to.notOperations[_].hosts[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.notOperations[_].hosts[_].prefix == STRING
    input.Body.httpRules[_].to.notOperations[_].hosts[_].suffix == STRING
    input.Body.httpRules[_].to.notOperations[_].methods[_] == STRING
    input.Body.httpRules[_].to.notOperations[_].paths[_].contains == STRING
    input.Body.httpRules[_].to.notOperations[_].paths[_].exact == STRING
    input.Body.httpRules[_].to.notOperations[_].paths[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.notOperations[_].paths[_].prefix == STRING
    input.Body.httpRules[_].to.notOperations[_].paths[_].suffix == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].name == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.contains == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.exact == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.prefix == STRING
    input.Body.httpRules[_].to.operations[_].headerSet.headers[_].value.suffix == STRING
    input.Body.httpRules[_].to.operations[_].hosts[_].contains == STRING
    input.Body.httpRules[_].to.operations[_].hosts[_].exact == STRING
    input.Body.httpRules[_].to.operations[_].hosts[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.operations[_].hosts[_].prefix == STRING
    input.Body.httpRules[_].to.operations[_].hosts[_].suffix == STRING
    input.Body.httpRules[_].to.operations[_].methods[_] == STRING
    input.Body.httpRules[_].to.operations[_].paths[_].contains == STRING
    input.Body.httpRules[_].to.operations[_].paths[_].exact == STRING
    input.Body.httpRules[_].to.operations[_].paths[_].ignoreCase == BOOLEAN
    input.Body.httpRules[_].to.operations[_].paths[_].prefix == STRING
    input.Body.httpRules[_].to.operations[_].paths[_].suffix == STRING
    input.Body.httpRules[_].when == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.target.loadBalancingScheme == enum_AuthzPolicyTargetLoadBalancingScheme[_]
    input.Body.target.resources[_] == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authzPolicies.setIamPolicy

enum_GoogleIamV1AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_GoogleIamV1AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.authzPolicies.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.clientTlsPolicies.create

valid {
    input.Body.clientCertificate.certificateProviderInstance.pluginInstance == STRING
    input.Body.clientCertificate.grpcEndpoint.targetUri == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.serverValidationCa[_].certificateProviderInstance.pluginInstance == STRING
    input.Body.serverValidationCa[_].grpcEndpoint.targetUri == STRING
    input.Body.sni == STRING
    input.ReqMap.parent == STRING
    input.Qs.clientTlsPolicyId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.clientTlsPolicies.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.clientTlsPolicies.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.clientTlsPolicies.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.clientTlsPolicies.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.clientTlsPolicies.patch

valid {
    input.Body.clientCertificate.certificateProviderInstance.pluginInstance == STRING
    input.Body.clientCertificate.grpcEndpoint.targetUri == STRING
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.serverValidationCa[_].certificateProviderInstance.pluginInstance == STRING
    input.Body.serverValidationCa[_].grpcEndpoint.targetUri == STRING
    input.Body.sni == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.clientTlsPolicies.setIamPolicy

enum_GoogleIamV1AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_GoogleIamV1AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.clientTlsPolicies.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.firewallEndpointAssociations.create

valid {
    input.Body.disabled == BOOLEAN
    input.Body.firewallEndpoint == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.Body.tlsInspectionPolicy == STRING
    input.ReqMap.parent == STRING
    input.Qs.firewallEndpointAssociationId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.firewallEndpointAssociations.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.firewallEndpointAssociations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.firewallEndpointAssociations.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.firewallEndpointAssociations.patch

valid {
    input.Body.disabled == BOOLEAN
    input.Body.firewallEndpoint == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.Body.tlsInspectionPolicy == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.create

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.tlsInspectionPolicy == STRING
    input.ReqMap.parent == STRING
    input.Qs.gatewaySecurityPolicyId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.patch

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.tlsInspectionPolicy == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.rules.create

enum_GatewaySecurityPolicyRuleBasicProfile := [ "BASIC_PROFILE_UNSPECIFIED", "ALLOW", "DENY" ]

valid {
    input.Body.applicationMatcher == STRING
    input.Body.basicProfile == enum_GatewaySecurityPolicyRuleBasicProfile[_]
    input.Body.description == STRING
    input.Body.enabled == BOOLEAN
    input.Body.name == STRING
    input.Body.priority == INTEGER
    input.Body.sessionMatcher == STRING
    input.Body.tlsInspectionEnabled == BOOLEAN
    input.ReqMap.parent == STRING
    input.Qs.gatewaySecurityPolicyRuleId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.rules.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.rules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.rules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.gatewaySecurityPolicies.rules.patch

enum_GatewaySecurityPolicyRuleBasicProfile := [ "BASIC_PROFILE_UNSPECIFIED", "ALLOW", "DENY" ]

valid {
    input.Body.applicationMatcher == STRING
    input.Body.basicProfile == enum_GatewaySecurityPolicyRuleBasicProfile[_]
    input.Body.description == STRING
    input.Body.enabled == BOOLEAN
    input.Body.name == STRING
    input.Body.priority == INTEGER
    input.Body.sessionMatcher == STRING
    input.Body.tlsInspectionEnabled == BOOLEAN
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeploymentGroups.create

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.ReqMap.parent == STRING
    input.Qs.interceptDeploymentGroupId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeploymentGroups.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeploymentGroups.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeploymentGroups.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeploymentGroups.patch

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeployments.create

valid {
    input.Body.forwardingRule == STRING
    input.Body.interceptDeploymentGroup == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.interceptDeploymentId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeployments.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeployments.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeployments.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptDeployments.patch

valid {
    input.Body.forwardingRule == STRING
    input.Body.interceptDeploymentGroup == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroupAssociations.create

valid {
    input.Body.interceptEndpointGroup == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.ReqMap.parent == STRING
    input.Qs.interceptEndpointGroupAssociationId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroupAssociations.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroupAssociations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroupAssociations.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroupAssociations.patch

valid {
    input.Body.interceptEndpointGroup == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroups.create

valid {
    input.Body.description == STRING
    input.Body.interceptDeploymentGroup == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.interceptEndpointGroupId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroups.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroups.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroups.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.interceptEndpointGroups.patch

valid {
    input.Body.description == STRING
    input.Body.interceptDeploymentGroup == STRING
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.list

valid {
    input.ReqMap.name == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeploymentGroups.create

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.ReqMap.parent == STRING
    input.Qs.mirroringDeploymentGroupId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeploymentGroups.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeploymentGroups.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeploymentGroups.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeploymentGroups.patch

valid {
    input.Body.labels.STRING == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeployments.create

valid {
    input.Body.forwardingRule == STRING
    input.Body.labels.STRING == STRING
    input.Body.mirroringDeploymentGroup == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.mirroringDeploymentId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeployments.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeployments.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeployments.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringDeployments.patch

valid {
    input.Body.forwardingRule == STRING
    input.Body.labels.STRING == STRING
    input.Body.mirroringDeploymentGroup == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroupAssociations.create

valid {
    input.Body.labels.STRING == STRING
    input.Body.mirroringEndpointGroup == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.ReqMap.parent == STRING
    input.Qs.mirroringEndpointGroupAssociationId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroupAssociations.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroupAssociations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroupAssociations.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroupAssociations.patch

valid {
    input.Body.labels.STRING == STRING
    input.Body.mirroringEndpointGroup == STRING
    input.Body.name == STRING
    input.Body.network == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroups.create

valid {
    input.Body.labels.STRING == STRING
    input.Body.mirroringDeploymentGroup == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.mirroringEndpointGroupId == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroups.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroups.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroups.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.mirroringEndpointGroups.patch

valid {
    input.Body.labels.STRING == STRING
    input.Body.mirroringDeploymentGroup == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.requestId == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.operations.cancel

valid {
    input.Body.STRING == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.operations.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.operations.list

valid {
    input.ReqMap.name == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.serverTlsPolicies.create

enum_MTLSPolicyClientValidationMode := [ "CLIENT_VALIDATION_MODE_UNSPECIFIED", "ALLOW_INVALID_OR_MISSING_CLIENT_CERT", "REJECT_INVALID" ]

valid {
    input.Body.allowOpen == BOOLEAN
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.mtlsPolicy.clientValidationCa[_].certificateProviderInstance.pluginInstance == STRING
    input.Body.mtlsPolicy.clientValidationCa[_].grpcEndpoint.targetUri == STRING
    input.Body.mtlsPolicy.clientValidationMode == enum_MTLSPolicyClientValidationMode[_]
    input.Body.mtlsPolicy.clientValidationTrustConfig == STRING
    input.Body.name == STRING
    input.Body.serverCertificate.certificateProviderInstance.pluginInstance == STRING
    input.Body.serverCertificate.grpcEndpoint.targetUri == STRING
    input.ReqMap.parent == STRING
    input.Qs.serverTlsPolicyId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.serverTlsPolicies.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.serverTlsPolicies.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.serverTlsPolicies.getIamPolicy

valid {
    input.ReqMap.resource == STRING
    input.Qs.options.requestedPolicyVersion == INTEGER
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.serverTlsPolicies.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.serverTlsPolicies.patch

enum_MTLSPolicyClientValidationMode := [ "CLIENT_VALIDATION_MODE_UNSPECIFIED", "ALLOW_INVALID_OR_MISSING_CLIENT_CERT", "REJECT_INVALID" ]

valid {
    input.Body.allowOpen == BOOLEAN
    input.Body.description == STRING
    input.Body.labels.STRING == STRING
    input.Body.mtlsPolicy.clientValidationCa[_].certificateProviderInstance.pluginInstance == STRING
    input.Body.mtlsPolicy.clientValidationCa[_].grpcEndpoint.targetUri == STRING
    input.Body.mtlsPolicy.clientValidationMode == enum_MTLSPolicyClientValidationMode[_]
    input.Body.mtlsPolicy.clientValidationTrustConfig == STRING
    input.Body.name == STRING
    input.Body.serverCertificate.certificateProviderInstance.pluginInstance == STRING
    input.Body.serverCertificate.grpcEndpoint.targetUri == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.serverTlsPolicies.setIamPolicy

enum_GoogleIamV1AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_GoogleIamV1AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.serverTlsPolicies.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.tlsInspectionPolicies.create

enum_TlsInspectionPolicyMinTlsVersion := [ "TLS_VERSION_UNSPECIFIED", "TLS_1_0", "TLS_1_1", "TLS_1_2", "TLS_1_3" ]
enum_TlsInspectionPolicyTlsFeatureProfile := [ "PROFILE_UNSPECIFIED", "PROFILE_COMPATIBLE", "PROFILE_MODERN", "PROFILE_RESTRICTED", "PROFILE_CUSTOM" ]

valid {
    input.Body.caPool == STRING
    input.Body.customTlsFeatures[_] == STRING
    input.Body.description == STRING
    input.Body.excludePublicCaSet == BOOLEAN
    input.Body.minTlsVersion == enum_TlsInspectionPolicyMinTlsVersion[_]
    input.Body.name == STRING
    input.Body.tlsFeatureProfile == enum_TlsInspectionPolicyTlsFeatureProfile[_]
    input.Body.trustConfig == STRING
    input.ReqMap.parent == STRING
    input.Qs.tlsInspectionPolicyId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.tlsInspectionPolicies.delete

valid {
    input.ReqMap.name == STRING
    input.Qs.force == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.tlsInspectionPolicies.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.tlsInspectionPolicies.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.tlsInspectionPolicies.patch

enum_TlsInspectionPolicyMinTlsVersion := [ "TLS_VERSION_UNSPECIFIED", "TLS_1_0", "TLS_1_1", "TLS_1_2", "TLS_1_3" ]
enum_TlsInspectionPolicyTlsFeatureProfile := [ "PROFILE_UNSPECIFIED", "PROFILE_COMPATIBLE", "PROFILE_MODERN", "PROFILE_RESTRICTED", "PROFILE_CUSTOM" ]

valid {
    input.Body.caPool == STRING
    input.Body.customTlsFeatures[_] == STRING
    input.Body.description == STRING
    input.Body.excludePublicCaSet == BOOLEAN
    input.Body.minTlsVersion == enum_TlsInspectionPolicyMinTlsVersion[_]
    input.Body.name == STRING
    input.Body.tlsFeatureProfile == enum_TlsInspectionPolicyTlsFeatureProfile[_]
    input.Body.trustConfig == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.urlLists.create

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.values[_] == STRING
    input.ReqMap.parent == STRING
    input.Qs.urlListId == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.urlLists.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.urlLists.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.urlLists.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

networksecurity.projects.locations.urlLists.patch

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.values[_] == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}