sql.backupRuns.delete

valid {
    input.ReqMap.id == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.backupRuns.get

valid {
    input.ReqMap.id == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.backupRuns.insert

enum_BackupRunBackupKind := [ "SQL_BACKUP_KIND_UNSPECIFIED", "SNAPSHOT", "PHYSICAL" ]
enum_BackupRunStatus := [ "SQL_BACKUP_RUN_STATUS_UNSPECIFIED", "ENQUEUED", "OVERDUE", "RUNNING", "FAILED", "SUCCESSFUL", "SKIPPED", "DELETION_PENDING", "DELETION_FAILED", "DELETED" ]
enum_BackupRunType := [ "SQL_BACKUP_RUN_TYPE_UNSPECIFIED", "AUTOMATED", "ON_DEMAND" ]

valid {
    input.Body.backupKind == enum_BackupRunBackupKind[_]
    input.Body.description == STRING
    input.Body.diskEncryptionConfiguration.kind == STRING
    input.Body.diskEncryptionConfiguration.kmsKeyName == STRING
    input.Body.diskEncryptionStatus.kind == STRING
    input.Body.diskEncryptionStatus.kmsKeyVersionName == STRING
    input.Body.endTime == STRING
    input.Body.enqueuedTime == STRING
    input.Body.error.code == STRING
    input.Body.error.kind == STRING
    input.Body.error.message == STRING
    input.Body.id == STRING
    input.Body.instance == STRING
    input.Body.kind == STRING
    input.Body.location == STRING
    input.Body.selfLink == STRING
    input.Body.startTime == STRING
    input.Body.status == enum_BackupRunStatus[_]
    input.Body.timeZone == STRING
    input.Body.type == enum_BackupRunType[_]
    input.Body.windowStartTime == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.backupRuns.list

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.connect.generateEphemeral

valid {
    input.Body.access_token == STRING
    input.Body.public_key == STRING
    input.Body.readTime == STRING
    input.Body.validDuration == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.connect.get

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.readTime == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.databases.delete

valid {
    input.ReqMap.database == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.databases.get

valid {
    input.ReqMap.database == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.databases.insert

valid {
    input.Body.charset == STRING
    input.Body.collation == STRING
    input.Body.etag == STRING
    input.Body.instance == STRING
    input.Body.kind == STRING
    input.Body.name == STRING
    input.Body.project == STRING
    input.Body.selfLink == STRING
    input.Body.sqlserverDatabaseDetails.compatibilityLevel == INTEGER
    input.Body.sqlserverDatabaseDetails.recoveryModel == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.databases.list

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.databases.patch

valid {
    input.Body.charset == STRING
    input.Body.collation == STRING
    input.Body.etag == STRING
    input.Body.instance == STRING
    input.Body.kind == STRING
    input.Body.name == STRING
    input.Body.project == STRING
    input.Body.selfLink == STRING
    input.Body.sqlserverDatabaseDetails.compatibilityLevel == INTEGER
    input.Body.sqlserverDatabaseDetails.recoveryModel == STRING
    input.ReqMap.database == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.databases.update

valid {
    input.Body.charset == STRING
    input.Body.collation == STRING
    input.Body.etag == STRING
    input.Body.instance == STRING
    input.Body.kind == STRING
    input.Body.name == STRING
    input.Body.project == STRING
    input.Body.selfLink == STRING
    input.Body.sqlserverDatabaseDetails.compatibilityLevel == INTEGER
    input.Body.sqlserverDatabaseDetails.recoveryModel == STRING
    input.ReqMap.database == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.flags.list

valid {
    input.Qs.databaseVersion == STRING
    input.ProviderMetadata.Region == STRING
}

sql.instances.addServerCa

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.clone

valid {
    input.Body.cloneContext.allocatedIpRange == STRING
    input.Body.cloneContext.binLogCoordinates.binLogFileName == STRING
    input.Body.cloneContext.binLogCoordinates.binLogPosition == STRING
    input.Body.cloneContext.binLogCoordinates.kind == STRING
    input.Body.cloneContext.databaseNames[_] == STRING
    input.Body.cloneContext.destinationInstanceName == STRING
    input.Body.cloneContext.kind == STRING
    input.Body.cloneContext.pitrTimestampMs == STRING
    input.Body.cloneContext.pointInTime == STRING
    input.Body.cloneContext.preferredZone == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.delete

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.demote

valid {
    input.Body.demoteContext.kind == STRING
    input.Body.demoteContext.sourceRepresentativeInstanceName == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.demoteMaster

valid {
    input.Body.demoteMasterContext.kind == STRING
    input.Body.demoteMasterContext.masterInstanceName == STRING
    input.Body.demoteMasterContext.replicaConfiguration.kind == STRING
    input.Body.demoteMasterContext.replicaConfiguration.mysqlReplicaConfiguration.caCertificate == STRING
    input.Body.demoteMasterContext.replicaConfiguration.mysqlReplicaConfiguration.clientCertificate == STRING
    input.Body.demoteMasterContext.replicaConfiguration.mysqlReplicaConfiguration.clientKey == STRING
    input.Body.demoteMasterContext.replicaConfiguration.mysqlReplicaConfiguration.kind == STRING
    input.Body.demoteMasterContext.replicaConfiguration.mysqlReplicaConfiguration.password == STRING
    input.Body.demoteMasterContext.replicaConfiguration.mysqlReplicaConfiguration.username == STRING
    input.Body.demoteMasterContext.skipReplicationSetup == BOOLEAN
    input.Body.demoteMasterContext.verifyGtidConsistency == BOOLEAN
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.export

enum_ExportContextBakExportOptionsBakType := [ "BAK_TYPE_UNSPECIFIED", "FULL", "DIFF", "TLOG" ]
enum_ExportContextFileType := [ "SQL_FILE_TYPE_UNSPECIFIED", "SQL", "CSV", "BAK" ]

valid {
    input.Body.exportContext.bakExportOptions.bakType == enum_ExportContextBakExportOptionsBakType[_]
    input.Body.exportContext.bakExportOptions.copyOnly == BOOLEAN
    input.Body.exportContext.bakExportOptions.differentialBase == BOOLEAN
    input.Body.exportContext.bakExportOptions.stripeCount == INTEGER
    input.Body.exportContext.bakExportOptions.striped == BOOLEAN
    input.Body.exportContext.csvExportOptions.escapeCharacter == STRING
    input.Body.exportContext.csvExportOptions.fieldsTerminatedBy == STRING
    input.Body.exportContext.csvExportOptions.linesTerminatedBy == STRING
    input.Body.exportContext.csvExportOptions.quoteCharacter == STRING
    input.Body.exportContext.csvExportOptions.selectQuery == STRING
    input.Body.exportContext.databases[_] == STRING
    input.Body.exportContext.fileType == enum_ExportContextFileType[_]
    input.Body.exportContext.kind == STRING
    input.Body.exportContext.offload == BOOLEAN
    input.Body.exportContext.sqlExportOptions.mysqlExportOptions.masterData == INTEGER
    input.Body.exportContext.sqlExportOptions.parallel == BOOLEAN
    input.Body.exportContext.sqlExportOptions.schemaOnly == BOOLEAN
    input.Body.exportContext.sqlExportOptions.tables[_] == STRING
    input.Body.exportContext.sqlExportOptions.threads == INTEGER
    input.Body.exportContext.uri == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.failover

valid {
    input.Body.failoverContext.kind == STRING
    input.Body.failoverContext.settingsVersion == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.get

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.import

enum_ImportContextBakImportOptionsBakType := [ "BAK_TYPE_UNSPECIFIED", "FULL", "DIFF", "TLOG" ]
enum_ImportContextFileType := [ "SQL_FILE_TYPE_UNSPECIFIED", "SQL", "CSV", "BAK" ]

valid {
    input.Body.importContext.bakImportOptions.bakType == enum_ImportContextBakImportOptionsBakType[_]
    input.Body.importContext.bakImportOptions.encryptionOptions.certPath == STRING
    input.Body.importContext.bakImportOptions.encryptionOptions.pvkPassword == STRING
    input.Body.importContext.bakImportOptions.encryptionOptions.pvkPath == STRING
    input.Body.importContext.bakImportOptions.noRecovery == BOOLEAN
    input.Body.importContext.bakImportOptions.recoveryOnly == BOOLEAN
    input.Body.importContext.bakImportOptions.stopAt == STRING
    input.Body.importContext.bakImportOptions.stopAtMark == STRING
    input.Body.importContext.bakImportOptions.striped == BOOLEAN
    input.Body.importContext.csvImportOptions.columns[_] == STRING
    input.Body.importContext.csvImportOptions.escapeCharacter == STRING
    input.Body.importContext.csvImportOptions.fieldsTerminatedBy == STRING
    input.Body.importContext.csvImportOptions.linesTerminatedBy == STRING
    input.Body.importContext.csvImportOptions.quoteCharacter == STRING
    input.Body.importContext.csvImportOptions.table == STRING
    input.Body.importContext.database == STRING
    input.Body.importContext.fileType == enum_ImportContextFileType[_]
    input.Body.importContext.importUser == STRING
    input.Body.importContext.kind == STRING
    input.Body.importContext.uri == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.insert

enum_BackupRetentionSettingsRetentionUnit := [ "RETENTION_UNIT_UNSPECIFIED", "COUNT" ]
enum_DatabaseInstanceBackendType := [ "SQL_BACKEND_TYPE_UNSPECIFIED", "FIRST_GEN", "SECOND_GEN", "EXTERNAL" ]
enum_DatabaseInstanceDatabaseVersion := [ "SQL_DATABASE_VERSION_UNSPECIFIED", "MYSQL_5_1", "MYSQL_5_5", "MYSQL_5_6", "MYSQL_5_7", "SQLSERVER_2017_STANDARD", "SQLSERVER_2017_ENTERPRISE", "SQLSERVER_2017_EXPRESS", "SQLSERVER_2017_WEB", "POSTGRES_9_6", "POSTGRES_10", "POSTGRES_11", "POSTGRES_12", "POSTGRES_13", "POSTGRES_14", "POSTGRES_15", "MYSQL_8_0", "MYSQL_8_0_18", "MYSQL_8_0_26", "MYSQL_8_0_27", "MYSQL_8_0_28", "MYSQL_8_0_29", "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", "MYSQL_8_0_33", "MYSQL_8_0_34", "MYSQL_8_0_35", "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", "SQLSERVER_2019_WEB", "SQLSERVER_2022_STANDARD", "SQLSERVER_2022_ENTERPRISE", "SQLSERVER_2022_EXPRESS", "SQLSERVER_2022_WEB" ]
enum_DatabaseInstanceInstanceType := [ "SQL_INSTANCE_TYPE_UNSPECIFIED", "CLOUD_SQL_INSTANCE", "ON_PREMISES_INSTANCE", "READ_REPLICA_INSTANCE" ]
enum_DatabaseInstanceSqlNetworkArchitecture := [ "SQL_NETWORK_ARCHITECTURE_UNSPECIFIED", "NEW_NETWORK_ARCHITECTURE", "OLD_NETWORK_ARCHITECTURE" ]
enum_DatabaseInstanceState := [ "SQL_INSTANCE_STATE_UNSPECIFIED", "RUNNABLE", "SUSPENDED", "PENDING_DELETE", "PENDING_CREATE", "MAINTENANCE", "FAILED", "ONLINE_MAINTENANCE" ]
enum_DatabaseInstanceSuspensionReason := [ "SQL_SUSPENSION_REASON_UNSPECIFIED", "BILLING_ISSUE", "LEGAL_ISSUE", "OPERATIONAL_ISSUE", "KMS_KEY_ISSUE" ]
enum_IpConfigurationSslMode := [ "SSL_MODE_UNSPECIFIED", "ALLOW_UNENCRYPTED_AND_ENCRYPTED", "ENCRYPTED_ONLY", "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" ]
enum_IpMappingType := [ "SQL_IP_ADDRESS_TYPE_UNSPECIFIED", "PRIMARY", "OUTGOING", "PRIVATE", "MIGRATED_1ST_GEN" ]
enum_MaintenanceWindowUpdateTrack := [ "SQL_UPDATE_TRACK_UNSPECIFIED", "canary", "stable", "week5" ]
enum_PasswordValidationPolicyComplexity := [ "COMPLEXITY_UNSPECIFIED", "COMPLEXITY_DEFAULT" ]
enum_SettingsActivationPolicy := [ "SQL_ACTIVATION_POLICY_UNSPECIFIED", "ALWAYS", "NEVER", "ON_DEMAND" ]
enum_SettingsAvailabilityType := [ "SQL_AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL" ]
enum_SettingsConnectorEnforcement := [ "CONNECTOR_ENFORCEMENT_UNSPECIFIED", "NOT_REQUIRED", "REQUIRED" ]
enum_SettingsDataDiskType := [ "SQL_DATA_DISK_TYPE_UNSPECIFIED", "PD_SSD", "PD_HDD", "OBSOLETE_LOCAL_SSD" ]
enum_SettingsEdition := [ "EDITION_UNSPECIFIED", "ENTERPRISE", "ENTERPRISE_PLUS" ]
enum_SettingsPricingPlan := [ "SQL_PRICING_PLAN_UNSPECIFIED", "PACKAGE", "PER_USE" ]
enum_SettingsReplicationType := [ "SQL_REPLICATION_TYPE_UNSPECIFIED", "SYNCHRONOUS", "ASYNCHRONOUS" ]
enum_SqlOutOfDiskReportSqlOutOfDiskState := [ "SQL_OUT_OF_DISK_STATE_UNSPECIFIED", "NORMAL", "SOFT_SHUTDOWN" ]

valid {
    input.Body.backendType == enum_DatabaseInstanceBackendType[_]
    input.Body.connectionName == STRING
    input.Body.currentDiskSize == STRING
    input.Body.databaseVersion == enum_DatabaseInstanceDatabaseVersion[_]
    input.Body.diskEncryptionConfiguration.kind == STRING
    input.Body.diskEncryptionConfiguration.kmsKeyName == STRING
    input.Body.diskEncryptionStatus.kind == STRING
    input.Body.diskEncryptionStatus.kmsKeyVersionName == STRING
    input.Body.etag == STRING
    input.Body.failoverReplica.available == BOOLEAN
    input.Body.failoverReplica.name == STRING
    input.Body.gceZone == STRING
    input.Body.instanceType == enum_DatabaseInstanceInstanceType[_]
    input.Body.ipAddresses[_].ipAddress == STRING
    input.Body.ipAddresses[_].timeToRetire == STRING
    input.Body.ipAddresses[_].type == enum_IpMappingType[_]
    input.Body.ipv6Address == STRING
    input.Body.kind == STRING
    input.Body.maintenanceVersion == STRING
    input.Body.masterInstanceName == STRING
    input.Body.maxDiskSize == STRING
    input.Body.name == STRING
    input.Body.onPremisesConfiguration.caCertificate == STRING
    input.Body.onPremisesConfiguration.clientCertificate == STRING
    input.Body.onPremisesConfiguration.clientKey == STRING
    input.Body.onPremisesConfiguration.dumpFilePath == STRING
    input.Body.onPremisesConfiguration.hostPort == STRING
    input.Body.onPremisesConfiguration.kind == STRING
    input.Body.onPremisesConfiguration.password == STRING
    input.Body.onPremisesConfiguration.sourceInstance.name == STRING
    input.Body.onPremisesConfiguration.sourceInstance.project == STRING
    input.Body.onPremisesConfiguration.sourceInstance.region == STRING
    input.Body.onPremisesConfiguration.username == STRING
    input.Body.outOfDiskReport.sqlMinRecommendedIncreaseSizeGb == INTEGER
    input.Body.outOfDiskReport.sqlOutOfDiskState == enum_SqlOutOfDiskReportSqlOutOfDiskState[_]
    input.Body.project == STRING
    input.Body.region == STRING
    input.Body.replicaConfiguration.cascadableReplica == BOOLEAN
    input.Body.replicaConfiguration.failoverTarget == BOOLEAN
    input.Body.replicaConfiguration.kind == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.caCertificate == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.clientCertificate == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.clientKey == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.connectRetryInterval == INTEGER
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.dumpFilePath == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.kind == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.masterHeartbeatPeriod == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.password == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.sslCipher == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.username == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.verifyServerCertificate == BOOLEAN
    input.Body.replicaNames[_] == STRING
    input.Body.rootPassword == STRING
    input.Body.satisfiesPzs == BOOLEAN
    input.Body.scheduledMaintenance.canDefer == BOOLEAN
    input.Body.scheduledMaintenance.canReschedule == BOOLEAN
    input.Body.scheduledMaintenance.scheduleDeadlineTime == STRING
    input.Body.scheduledMaintenance.startTime == STRING
    input.Body.secondaryGceZone == STRING
    input.Body.selfLink == STRING
    input.Body.serverCaCert.cert == STRING
    input.Body.serverCaCert.certSerialNumber == STRING
    input.Body.serverCaCert.commonName == STRING
    input.Body.serverCaCert.createTime == STRING
    input.Body.serverCaCert.expirationTime == STRING
    input.Body.serverCaCert.instance == STRING
    input.Body.serverCaCert.kind == STRING
    input.Body.serverCaCert.selfLink == STRING
    input.Body.serverCaCert.sha1Fingerprint == STRING
    input.Body.serviceAccountEmailAddress == STRING
    input.Body.settings.activationPolicy == enum_SettingsActivationPolicy[_]
    input.Body.settings.activeDirectoryConfig.domain == STRING
    input.Body.settings.activeDirectoryConfig.kind == STRING
    input.Body.settings.advancedMachineFeatures.threadsPerCore == INTEGER
    input.Body.settings.authorizedGaeApplications[_] == STRING
    input.Body.settings.availabilityType == enum_SettingsAvailabilityType[_]
    input.Body.settings.backupConfiguration.backupRetentionSettings.retainedBackups == INTEGER
    input.Body.settings.backupConfiguration.backupRetentionSettings.retentionUnit == enum_BackupRetentionSettingsRetentionUnit[_]
    input.Body.settings.backupConfiguration.binaryLogEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.enabled == BOOLEAN
    input.Body.settings.backupConfiguration.kind == STRING
    input.Body.settings.backupConfiguration.location == STRING
    input.Body.settings.backupConfiguration.pointInTimeRecoveryEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.replicationLogArchivingEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.startTime == STRING
    input.Body.settings.backupConfiguration.transactionLogRetentionDays == INTEGER
    input.Body.settings.collation == STRING
    input.Body.settings.connectorEnforcement == enum_SettingsConnectorEnforcement[_]
    input.Body.settings.crashSafeReplicationEnabled == BOOLEAN
    input.Body.settings.dataCacheConfig.dataCacheEnabled == BOOLEAN
    input.Body.settings.dataDiskSizeGb == STRING
    input.Body.settings.dataDiskType == enum_SettingsDataDiskType[_]
    input.Body.settings.databaseFlags[_].name == STRING
    input.Body.settings.databaseFlags[_].value == STRING
    input.Body.settings.databaseReplicationEnabled == BOOLEAN
    input.Body.settings.deletionProtectionEnabled == BOOLEAN
    input.Body.settings.denyMaintenancePeriods[_].endDate == STRING
    input.Body.settings.denyMaintenancePeriods[_].startDate == STRING
    input.Body.settings.denyMaintenancePeriods[_].time == STRING
    input.Body.settings.edition == enum_SettingsEdition[_]
    input.Body.settings.insightsConfig.queryInsightsEnabled == BOOLEAN
    input.Body.settings.insightsConfig.queryPlansPerMinute == INTEGER
    input.Body.settings.insightsConfig.queryStringLength == INTEGER
    input.Body.settings.insightsConfig.recordApplicationTags == BOOLEAN
    input.Body.settings.insightsConfig.recordClientAddress == BOOLEAN
    input.Body.settings.ipConfiguration.allocatedIpRange == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].expirationTime == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].kind == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].name == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].value == STRING
    input.Body.settings.ipConfiguration.enablePrivatePathForGoogleCloudServices == BOOLEAN
    input.Body.settings.ipConfiguration.ipv4Enabled == BOOLEAN
    input.Body.settings.ipConfiguration.privateNetwork == STRING
    input.Body.settings.ipConfiguration.pscConfig.allowedConsumerProjects[_] == STRING
    input.Body.settings.ipConfiguration.pscConfig.pscEnabled == BOOLEAN
    input.Body.settings.ipConfiguration.requireSsl == BOOLEAN
    input.Body.settings.ipConfiguration.sslMode == enum_IpConfigurationSslMode[_]
    input.Body.settings.kind == STRING
    input.Body.settings.locationPreference.followGaeApplication == STRING
    input.Body.settings.locationPreference.kind == STRING
    input.Body.settings.locationPreference.secondaryZone == STRING
    input.Body.settings.locationPreference.zone == STRING
    input.Body.settings.maintenanceWindow.day == INTEGER
    input.Body.settings.maintenanceWindow.hour == INTEGER
    input.Body.settings.maintenanceWindow.kind == STRING
    input.Body.settings.maintenanceWindow.updateTrack == enum_MaintenanceWindowUpdateTrack[_]
    input.Body.settings.passwordValidationPolicy.complexity == enum_PasswordValidationPolicyComplexity[_]
    input.Body.settings.passwordValidationPolicy.disallowCompromisedCredentials == BOOLEAN
    input.Body.settings.passwordValidationPolicy.disallowUsernameSubstring == BOOLEAN
    input.Body.settings.passwordValidationPolicy.enablePasswordPolicy == BOOLEAN
    input.Body.settings.passwordValidationPolicy.minLength == INTEGER
    input.Body.settings.passwordValidationPolicy.passwordChangeInterval == STRING
    input.Body.settings.passwordValidationPolicy.reuseInterval == INTEGER
    input.Body.settings.pricingPlan == enum_SettingsPricingPlan[_]
    input.Body.settings.replicationType == enum_SettingsReplicationType[_]
    input.Body.settings.settingsVersion == STRING
    input.Body.settings.sqlServerAuditConfig.bucket == STRING
    input.Body.settings.sqlServerAuditConfig.kind == STRING
    input.Body.settings.sqlServerAuditConfig.retentionInterval == STRING
    input.Body.settings.sqlServerAuditConfig.uploadInterval == STRING
    input.Body.settings.storageAutoResize == BOOLEAN
    input.Body.settings.storageAutoResizeLimit == STRING
    input.Body.settings.tier == STRING
    input.Body.settings.timeZone == STRING
    input.Body.settings.userLabels.STRING == STRING
    input.Body.sqlNetworkArchitecture == enum_DatabaseInstanceSqlNetworkArchitecture[_]
    input.Body.state == enum_DatabaseInstanceState[_]
    input.Body.suspensionReason[_] == enum_DatabaseInstanceSuspensionReason[_]
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.list

valid {
    input.ReqMap.ProjectID == STRING
    input.Qs.filter == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.listServerCas

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.patch

enum_BackupRetentionSettingsRetentionUnit := [ "RETENTION_UNIT_UNSPECIFIED", "COUNT" ]
enum_DatabaseInstanceBackendType := [ "SQL_BACKEND_TYPE_UNSPECIFIED", "FIRST_GEN", "SECOND_GEN", "EXTERNAL" ]
enum_DatabaseInstanceDatabaseVersion := [ "SQL_DATABASE_VERSION_UNSPECIFIED", "MYSQL_5_1", "MYSQL_5_5", "MYSQL_5_6", "MYSQL_5_7", "SQLSERVER_2017_STANDARD", "SQLSERVER_2017_ENTERPRISE", "SQLSERVER_2017_EXPRESS", "SQLSERVER_2017_WEB", "POSTGRES_9_6", "POSTGRES_10", "POSTGRES_11", "POSTGRES_12", "POSTGRES_13", "POSTGRES_14", "POSTGRES_15", "MYSQL_8_0", "MYSQL_8_0_18", "MYSQL_8_0_26", "MYSQL_8_0_27", "MYSQL_8_0_28", "MYSQL_8_0_29", "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", "MYSQL_8_0_33", "MYSQL_8_0_34", "MYSQL_8_0_35", "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", "SQLSERVER_2019_WEB", "SQLSERVER_2022_STANDARD", "SQLSERVER_2022_ENTERPRISE", "SQLSERVER_2022_EXPRESS", "SQLSERVER_2022_WEB" ]
enum_DatabaseInstanceInstanceType := [ "SQL_INSTANCE_TYPE_UNSPECIFIED", "CLOUD_SQL_INSTANCE", "ON_PREMISES_INSTANCE", "READ_REPLICA_INSTANCE" ]
enum_DatabaseInstanceSqlNetworkArchitecture := [ "SQL_NETWORK_ARCHITECTURE_UNSPECIFIED", "NEW_NETWORK_ARCHITECTURE", "OLD_NETWORK_ARCHITECTURE" ]
enum_DatabaseInstanceState := [ "SQL_INSTANCE_STATE_UNSPECIFIED", "RUNNABLE", "SUSPENDED", "PENDING_DELETE", "PENDING_CREATE", "MAINTENANCE", "FAILED", "ONLINE_MAINTENANCE" ]
enum_DatabaseInstanceSuspensionReason := [ "SQL_SUSPENSION_REASON_UNSPECIFIED", "BILLING_ISSUE", "LEGAL_ISSUE", "OPERATIONAL_ISSUE", "KMS_KEY_ISSUE" ]
enum_IpConfigurationSslMode := [ "SSL_MODE_UNSPECIFIED", "ALLOW_UNENCRYPTED_AND_ENCRYPTED", "ENCRYPTED_ONLY", "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" ]
enum_IpMappingType := [ "SQL_IP_ADDRESS_TYPE_UNSPECIFIED", "PRIMARY", "OUTGOING", "PRIVATE", "MIGRATED_1ST_GEN" ]
enum_MaintenanceWindowUpdateTrack := [ "SQL_UPDATE_TRACK_UNSPECIFIED", "canary", "stable", "week5" ]
enum_PasswordValidationPolicyComplexity := [ "COMPLEXITY_UNSPECIFIED", "COMPLEXITY_DEFAULT" ]
enum_SettingsActivationPolicy := [ "SQL_ACTIVATION_POLICY_UNSPECIFIED", "ALWAYS", "NEVER", "ON_DEMAND" ]
enum_SettingsAvailabilityType := [ "SQL_AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL" ]
enum_SettingsConnectorEnforcement := [ "CONNECTOR_ENFORCEMENT_UNSPECIFIED", "NOT_REQUIRED", "REQUIRED" ]
enum_SettingsDataDiskType := [ "SQL_DATA_DISK_TYPE_UNSPECIFIED", "PD_SSD", "PD_HDD", "OBSOLETE_LOCAL_SSD" ]
enum_SettingsEdition := [ "EDITION_UNSPECIFIED", "ENTERPRISE", "ENTERPRISE_PLUS" ]
enum_SettingsPricingPlan := [ "SQL_PRICING_PLAN_UNSPECIFIED", "PACKAGE", "PER_USE" ]
enum_SettingsReplicationType := [ "SQL_REPLICATION_TYPE_UNSPECIFIED", "SYNCHRONOUS", "ASYNCHRONOUS" ]
enum_SqlOutOfDiskReportSqlOutOfDiskState := [ "SQL_OUT_OF_DISK_STATE_UNSPECIFIED", "NORMAL", "SOFT_SHUTDOWN" ]

valid {
    input.Body.backendType == enum_DatabaseInstanceBackendType[_]
    input.Body.connectionName == STRING
    input.Body.currentDiskSize == STRING
    input.Body.databaseVersion == enum_DatabaseInstanceDatabaseVersion[_]
    input.Body.diskEncryptionConfiguration.kind == STRING
    input.Body.diskEncryptionConfiguration.kmsKeyName == STRING
    input.Body.diskEncryptionStatus.kind == STRING
    input.Body.diskEncryptionStatus.kmsKeyVersionName == STRING
    input.Body.etag == STRING
    input.Body.failoverReplica.available == BOOLEAN
    input.Body.failoverReplica.name == STRING
    input.Body.gceZone == STRING
    input.Body.instanceType == enum_DatabaseInstanceInstanceType[_]
    input.Body.ipAddresses[_].ipAddress == STRING
    input.Body.ipAddresses[_].timeToRetire == STRING
    input.Body.ipAddresses[_].type == enum_IpMappingType[_]
    input.Body.ipv6Address == STRING
    input.Body.kind == STRING
    input.Body.maintenanceVersion == STRING
    input.Body.masterInstanceName == STRING
    input.Body.maxDiskSize == STRING
    input.Body.name == STRING
    input.Body.onPremisesConfiguration.caCertificate == STRING
    input.Body.onPremisesConfiguration.clientCertificate == STRING
    input.Body.onPremisesConfiguration.clientKey == STRING
    input.Body.onPremisesConfiguration.dumpFilePath == STRING
    input.Body.onPremisesConfiguration.hostPort == STRING
    input.Body.onPremisesConfiguration.kind == STRING
    input.Body.onPremisesConfiguration.password == STRING
    input.Body.onPremisesConfiguration.sourceInstance.name == STRING
    input.Body.onPremisesConfiguration.sourceInstance.project == STRING
    input.Body.onPremisesConfiguration.sourceInstance.region == STRING
    input.Body.onPremisesConfiguration.username == STRING
    input.Body.outOfDiskReport.sqlMinRecommendedIncreaseSizeGb == INTEGER
    input.Body.outOfDiskReport.sqlOutOfDiskState == enum_SqlOutOfDiskReportSqlOutOfDiskState[_]
    input.Body.project == STRING
    input.Body.region == STRING
    input.Body.replicaConfiguration.cascadableReplica == BOOLEAN
    input.Body.replicaConfiguration.failoverTarget == BOOLEAN
    input.Body.replicaConfiguration.kind == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.caCertificate == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.clientCertificate == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.clientKey == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.connectRetryInterval == INTEGER
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.dumpFilePath == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.kind == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.masterHeartbeatPeriod == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.password == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.sslCipher == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.username == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.verifyServerCertificate == BOOLEAN
    input.Body.replicaNames[_] == STRING
    input.Body.rootPassword == STRING
    input.Body.satisfiesPzs == BOOLEAN
    input.Body.scheduledMaintenance.canDefer == BOOLEAN
    input.Body.scheduledMaintenance.canReschedule == BOOLEAN
    input.Body.scheduledMaintenance.scheduleDeadlineTime == STRING
    input.Body.scheduledMaintenance.startTime == STRING
    input.Body.secondaryGceZone == STRING
    input.Body.selfLink == STRING
    input.Body.serverCaCert.cert == STRING
    input.Body.serverCaCert.certSerialNumber == STRING
    input.Body.serverCaCert.commonName == STRING
    input.Body.serverCaCert.createTime == STRING
    input.Body.serverCaCert.expirationTime == STRING
    input.Body.serverCaCert.instance == STRING
    input.Body.serverCaCert.kind == STRING
    input.Body.serverCaCert.selfLink == STRING
    input.Body.serverCaCert.sha1Fingerprint == STRING
    input.Body.serviceAccountEmailAddress == STRING
    input.Body.settings.activationPolicy == enum_SettingsActivationPolicy[_]
    input.Body.settings.activeDirectoryConfig.domain == STRING
    input.Body.settings.activeDirectoryConfig.kind == STRING
    input.Body.settings.advancedMachineFeatures.threadsPerCore == INTEGER
    input.Body.settings.authorizedGaeApplications[_] == STRING
    input.Body.settings.availabilityType == enum_SettingsAvailabilityType[_]
    input.Body.settings.backupConfiguration.backupRetentionSettings.retainedBackups == INTEGER
    input.Body.settings.backupConfiguration.backupRetentionSettings.retentionUnit == enum_BackupRetentionSettingsRetentionUnit[_]
    input.Body.settings.backupConfiguration.binaryLogEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.enabled == BOOLEAN
    input.Body.settings.backupConfiguration.kind == STRING
    input.Body.settings.backupConfiguration.location == STRING
    input.Body.settings.backupConfiguration.pointInTimeRecoveryEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.replicationLogArchivingEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.startTime == STRING
    input.Body.settings.backupConfiguration.transactionLogRetentionDays == INTEGER
    input.Body.settings.collation == STRING
    input.Body.settings.connectorEnforcement == enum_SettingsConnectorEnforcement[_]
    input.Body.settings.crashSafeReplicationEnabled == BOOLEAN
    input.Body.settings.dataCacheConfig.dataCacheEnabled == BOOLEAN
    input.Body.settings.dataDiskSizeGb == STRING
    input.Body.settings.dataDiskType == enum_SettingsDataDiskType[_]
    input.Body.settings.databaseFlags[_].name == STRING
    input.Body.settings.databaseFlags[_].value == STRING
    input.Body.settings.databaseReplicationEnabled == BOOLEAN
    input.Body.settings.deletionProtectionEnabled == BOOLEAN
    input.Body.settings.denyMaintenancePeriods[_].endDate == STRING
    input.Body.settings.denyMaintenancePeriods[_].startDate == STRING
    input.Body.settings.denyMaintenancePeriods[_].time == STRING
    input.Body.settings.edition == enum_SettingsEdition[_]
    input.Body.settings.insightsConfig.queryInsightsEnabled == BOOLEAN
    input.Body.settings.insightsConfig.queryPlansPerMinute == INTEGER
    input.Body.settings.insightsConfig.queryStringLength == INTEGER
    input.Body.settings.insightsConfig.recordApplicationTags == BOOLEAN
    input.Body.settings.insightsConfig.recordClientAddress == BOOLEAN
    input.Body.settings.ipConfiguration.allocatedIpRange == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].expirationTime == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].kind == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].name == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].value == STRING
    input.Body.settings.ipConfiguration.enablePrivatePathForGoogleCloudServices == BOOLEAN
    input.Body.settings.ipConfiguration.ipv4Enabled == BOOLEAN
    input.Body.settings.ipConfiguration.privateNetwork == STRING
    input.Body.settings.ipConfiguration.pscConfig.allowedConsumerProjects[_] == STRING
    input.Body.settings.ipConfiguration.pscConfig.pscEnabled == BOOLEAN
    input.Body.settings.ipConfiguration.requireSsl == BOOLEAN
    input.Body.settings.ipConfiguration.sslMode == enum_IpConfigurationSslMode[_]
    input.Body.settings.kind == STRING
    input.Body.settings.locationPreference.followGaeApplication == STRING
    input.Body.settings.locationPreference.kind == STRING
    input.Body.settings.locationPreference.secondaryZone == STRING
    input.Body.settings.locationPreference.zone == STRING
    input.Body.settings.maintenanceWindow.day == INTEGER
    input.Body.settings.maintenanceWindow.hour == INTEGER
    input.Body.settings.maintenanceWindow.kind == STRING
    input.Body.settings.maintenanceWindow.updateTrack == enum_MaintenanceWindowUpdateTrack[_]
    input.Body.settings.passwordValidationPolicy.complexity == enum_PasswordValidationPolicyComplexity[_]
    input.Body.settings.passwordValidationPolicy.disallowCompromisedCredentials == BOOLEAN
    input.Body.settings.passwordValidationPolicy.disallowUsernameSubstring == BOOLEAN
    input.Body.settings.passwordValidationPolicy.enablePasswordPolicy == BOOLEAN
    input.Body.settings.passwordValidationPolicy.minLength == INTEGER
    input.Body.settings.passwordValidationPolicy.passwordChangeInterval == STRING
    input.Body.settings.passwordValidationPolicy.reuseInterval == INTEGER
    input.Body.settings.pricingPlan == enum_SettingsPricingPlan[_]
    input.Body.settings.replicationType == enum_SettingsReplicationType[_]
    input.Body.settings.settingsVersion == STRING
    input.Body.settings.sqlServerAuditConfig.bucket == STRING
    input.Body.settings.sqlServerAuditConfig.kind == STRING
    input.Body.settings.sqlServerAuditConfig.retentionInterval == STRING
    input.Body.settings.sqlServerAuditConfig.uploadInterval == STRING
    input.Body.settings.storageAutoResize == BOOLEAN
    input.Body.settings.storageAutoResizeLimit == STRING
    input.Body.settings.tier == STRING
    input.Body.settings.timeZone == STRING
    input.Body.settings.userLabels.STRING == STRING
    input.Body.sqlNetworkArchitecture == enum_DatabaseInstanceSqlNetworkArchitecture[_]
    input.Body.state == enum_DatabaseInstanceState[_]
    input.Body.suspensionReason[_] == enum_DatabaseInstanceSuspensionReason[_]
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.promoteReplica

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.failover == BOOLEAN
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.reencrypt

enum_BackupReencryptionConfigBackupType := [ "BACKUP_TYPE_UNSPECIFIED", "AUTOMATED", "ON_DEMAND" ]

valid {
    input.Body.backupReencryptionConfig.backupLimit == INTEGER
    input.Body.backupReencryptionConfig.backupType == enum_BackupReencryptionConfigBackupType[_]
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.resetSslConfig

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.restart

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.restoreBackup

valid {
    input.Body.restoreBackupContext.backupRunId == STRING
    input.Body.restoreBackupContext.instanceId == STRING
    input.Body.restoreBackupContext.kind == STRING
    input.Body.restoreBackupContext.project == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.rotateServerCa

valid {
    input.Body.rotateServerCaContext.kind == STRING
    input.Body.rotateServerCaContext.nextVersion == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.startReplica

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.stopReplica

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.switchover

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.dbTimeout == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.truncateLog

valid {
    input.Body.truncateLogContext.kind == STRING
    input.Body.truncateLogContext.logType == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.instances.update

enum_BackupRetentionSettingsRetentionUnit := [ "RETENTION_UNIT_UNSPECIFIED", "COUNT" ]
enum_DatabaseInstanceBackendType := [ "SQL_BACKEND_TYPE_UNSPECIFIED", "FIRST_GEN", "SECOND_GEN", "EXTERNAL" ]
enum_DatabaseInstanceDatabaseVersion := [ "SQL_DATABASE_VERSION_UNSPECIFIED", "MYSQL_5_1", "MYSQL_5_5", "MYSQL_5_6", "MYSQL_5_7", "SQLSERVER_2017_STANDARD", "SQLSERVER_2017_ENTERPRISE", "SQLSERVER_2017_EXPRESS", "SQLSERVER_2017_WEB", "POSTGRES_9_6", "POSTGRES_10", "POSTGRES_11", "POSTGRES_12", "POSTGRES_13", "POSTGRES_14", "POSTGRES_15", "MYSQL_8_0", "MYSQL_8_0_18", "MYSQL_8_0_26", "MYSQL_8_0_27", "MYSQL_8_0_28", "MYSQL_8_0_29", "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", "MYSQL_8_0_33", "MYSQL_8_0_34", "MYSQL_8_0_35", "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", "SQLSERVER_2019_WEB", "SQLSERVER_2022_STANDARD", "SQLSERVER_2022_ENTERPRISE", "SQLSERVER_2022_EXPRESS", "SQLSERVER_2022_WEB" ]
enum_DatabaseInstanceInstanceType := [ "SQL_INSTANCE_TYPE_UNSPECIFIED", "CLOUD_SQL_INSTANCE", "ON_PREMISES_INSTANCE", "READ_REPLICA_INSTANCE" ]
enum_DatabaseInstanceSqlNetworkArchitecture := [ "SQL_NETWORK_ARCHITECTURE_UNSPECIFIED", "NEW_NETWORK_ARCHITECTURE", "OLD_NETWORK_ARCHITECTURE" ]
enum_DatabaseInstanceState := [ "SQL_INSTANCE_STATE_UNSPECIFIED", "RUNNABLE", "SUSPENDED", "PENDING_DELETE", "PENDING_CREATE", "MAINTENANCE", "FAILED", "ONLINE_MAINTENANCE" ]
enum_DatabaseInstanceSuspensionReason := [ "SQL_SUSPENSION_REASON_UNSPECIFIED", "BILLING_ISSUE", "LEGAL_ISSUE", "OPERATIONAL_ISSUE", "KMS_KEY_ISSUE" ]
enum_IpConfigurationSslMode := [ "SSL_MODE_UNSPECIFIED", "ALLOW_UNENCRYPTED_AND_ENCRYPTED", "ENCRYPTED_ONLY", "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" ]
enum_IpMappingType := [ "SQL_IP_ADDRESS_TYPE_UNSPECIFIED", "PRIMARY", "OUTGOING", "PRIVATE", "MIGRATED_1ST_GEN" ]
enum_MaintenanceWindowUpdateTrack := [ "SQL_UPDATE_TRACK_UNSPECIFIED", "canary", "stable", "week5" ]
enum_PasswordValidationPolicyComplexity := [ "COMPLEXITY_UNSPECIFIED", "COMPLEXITY_DEFAULT" ]
enum_SettingsActivationPolicy := [ "SQL_ACTIVATION_POLICY_UNSPECIFIED", "ALWAYS", "NEVER", "ON_DEMAND" ]
enum_SettingsAvailabilityType := [ "SQL_AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL" ]
enum_SettingsConnectorEnforcement := [ "CONNECTOR_ENFORCEMENT_UNSPECIFIED", "NOT_REQUIRED", "REQUIRED" ]
enum_SettingsDataDiskType := [ "SQL_DATA_DISK_TYPE_UNSPECIFIED", "PD_SSD", "PD_HDD", "OBSOLETE_LOCAL_SSD" ]
enum_SettingsEdition := [ "EDITION_UNSPECIFIED", "ENTERPRISE", "ENTERPRISE_PLUS" ]
enum_SettingsPricingPlan := [ "SQL_PRICING_PLAN_UNSPECIFIED", "PACKAGE", "PER_USE" ]
enum_SettingsReplicationType := [ "SQL_REPLICATION_TYPE_UNSPECIFIED", "SYNCHRONOUS", "ASYNCHRONOUS" ]
enum_SqlOutOfDiskReportSqlOutOfDiskState := [ "SQL_OUT_OF_DISK_STATE_UNSPECIFIED", "NORMAL", "SOFT_SHUTDOWN" ]

valid {
    input.Body.backendType == enum_DatabaseInstanceBackendType[_]
    input.Body.connectionName == STRING
    input.Body.currentDiskSize == STRING
    input.Body.databaseVersion == enum_DatabaseInstanceDatabaseVersion[_]
    input.Body.diskEncryptionConfiguration.kind == STRING
    input.Body.diskEncryptionConfiguration.kmsKeyName == STRING
    input.Body.diskEncryptionStatus.kind == STRING
    input.Body.diskEncryptionStatus.kmsKeyVersionName == STRING
    input.Body.etag == STRING
    input.Body.failoverReplica.available == BOOLEAN
    input.Body.failoverReplica.name == STRING
    input.Body.gceZone == STRING
    input.Body.instanceType == enum_DatabaseInstanceInstanceType[_]
    input.Body.ipAddresses[_].ipAddress == STRING
    input.Body.ipAddresses[_].timeToRetire == STRING
    input.Body.ipAddresses[_].type == enum_IpMappingType[_]
    input.Body.ipv6Address == STRING
    input.Body.kind == STRING
    input.Body.maintenanceVersion == STRING
    input.Body.masterInstanceName == STRING
    input.Body.maxDiskSize == STRING
    input.Body.name == STRING
    input.Body.onPremisesConfiguration.caCertificate == STRING
    input.Body.onPremisesConfiguration.clientCertificate == STRING
    input.Body.onPremisesConfiguration.clientKey == STRING
    input.Body.onPremisesConfiguration.dumpFilePath == STRING
    input.Body.onPremisesConfiguration.hostPort == STRING
    input.Body.onPremisesConfiguration.kind == STRING
    input.Body.onPremisesConfiguration.password == STRING
    input.Body.onPremisesConfiguration.sourceInstance.name == STRING
    input.Body.onPremisesConfiguration.sourceInstance.project == STRING
    input.Body.onPremisesConfiguration.sourceInstance.region == STRING
    input.Body.onPremisesConfiguration.username == STRING
    input.Body.outOfDiskReport.sqlMinRecommendedIncreaseSizeGb == INTEGER
    input.Body.outOfDiskReport.sqlOutOfDiskState == enum_SqlOutOfDiskReportSqlOutOfDiskState[_]
    input.Body.project == STRING
    input.Body.region == STRING
    input.Body.replicaConfiguration.cascadableReplica == BOOLEAN
    input.Body.replicaConfiguration.failoverTarget == BOOLEAN
    input.Body.replicaConfiguration.kind == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.caCertificate == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.clientCertificate == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.clientKey == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.connectRetryInterval == INTEGER
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.dumpFilePath == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.kind == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.masterHeartbeatPeriod == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.password == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.sslCipher == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.username == STRING
    input.Body.replicaConfiguration.mysqlReplicaConfiguration.verifyServerCertificate == BOOLEAN
    input.Body.replicaNames[_] == STRING
    input.Body.rootPassword == STRING
    input.Body.satisfiesPzs == BOOLEAN
    input.Body.scheduledMaintenance.canDefer == BOOLEAN
    input.Body.scheduledMaintenance.canReschedule == BOOLEAN
    input.Body.scheduledMaintenance.scheduleDeadlineTime == STRING
    input.Body.scheduledMaintenance.startTime == STRING
    input.Body.secondaryGceZone == STRING
    input.Body.selfLink == STRING
    input.Body.serverCaCert.cert == STRING
    input.Body.serverCaCert.certSerialNumber == STRING
    input.Body.serverCaCert.commonName == STRING
    input.Body.serverCaCert.createTime == STRING
    input.Body.serverCaCert.expirationTime == STRING
    input.Body.serverCaCert.instance == STRING
    input.Body.serverCaCert.kind == STRING
    input.Body.serverCaCert.selfLink == STRING
    input.Body.serverCaCert.sha1Fingerprint == STRING
    input.Body.serviceAccountEmailAddress == STRING
    input.Body.settings.activationPolicy == enum_SettingsActivationPolicy[_]
    input.Body.settings.activeDirectoryConfig.domain == STRING
    input.Body.settings.activeDirectoryConfig.kind == STRING
    input.Body.settings.advancedMachineFeatures.threadsPerCore == INTEGER
    input.Body.settings.authorizedGaeApplications[_] == STRING
    input.Body.settings.availabilityType == enum_SettingsAvailabilityType[_]
    input.Body.settings.backupConfiguration.backupRetentionSettings.retainedBackups == INTEGER
    input.Body.settings.backupConfiguration.backupRetentionSettings.retentionUnit == enum_BackupRetentionSettingsRetentionUnit[_]
    input.Body.settings.backupConfiguration.binaryLogEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.enabled == BOOLEAN
    input.Body.settings.backupConfiguration.kind == STRING
    input.Body.settings.backupConfiguration.location == STRING
    input.Body.settings.backupConfiguration.pointInTimeRecoveryEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.replicationLogArchivingEnabled == BOOLEAN
    input.Body.settings.backupConfiguration.startTime == STRING
    input.Body.settings.backupConfiguration.transactionLogRetentionDays == INTEGER
    input.Body.settings.collation == STRING
    input.Body.settings.connectorEnforcement == enum_SettingsConnectorEnforcement[_]
    input.Body.settings.crashSafeReplicationEnabled == BOOLEAN
    input.Body.settings.dataCacheConfig.dataCacheEnabled == BOOLEAN
    input.Body.settings.dataDiskSizeGb == STRING
    input.Body.settings.dataDiskType == enum_SettingsDataDiskType[_]
    input.Body.settings.databaseFlags[_].name == STRING
    input.Body.settings.databaseFlags[_].value == STRING
    input.Body.settings.databaseReplicationEnabled == BOOLEAN
    input.Body.settings.deletionProtectionEnabled == BOOLEAN
    input.Body.settings.denyMaintenancePeriods[_].endDate == STRING
    input.Body.settings.denyMaintenancePeriods[_].startDate == STRING
    input.Body.settings.denyMaintenancePeriods[_].time == STRING
    input.Body.settings.edition == enum_SettingsEdition[_]
    input.Body.settings.insightsConfig.queryInsightsEnabled == BOOLEAN
    input.Body.settings.insightsConfig.queryPlansPerMinute == INTEGER
    input.Body.settings.insightsConfig.queryStringLength == INTEGER
    input.Body.settings.insightsConfig.recordApplicationTags == BOOLEAN
    input.Body.settings.insightsConfig.recordClientAddress == BOOLEAN
    input.Body.settings.ipConfiguration.allocatedIpRange == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].expirationTime == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].kind == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].name == STRING
    input.Body.settings.ipConfiguration.authorizedNetworks[_].value == STRING
    input.Body.settings.ipConfiguration.enablePrivatePathForGoogleCloudServices == BOOLEAN
    input.Body.settings.ipConfiguration.ipv4Enabled == BOOLEAN
    input.Body.settings.ipConfiguration.privateNetwork == STRING
    input.Body.settings.ipConfiguration.pscConfig.allowedConsumerProjects[_] == STRING
    input.Body.settings.ipConfiguration.pscConfig.pscEnabled == BOOLEAN
    input.Body.settings.ipConfiguration.requireSsl == BOOLEAN
    input.Body.settings.ipConfiguration.sslMode == enum_IpConfigurationSslMode[_]
    input.Body.settings.kind == STRING
    input.Body.settings.locationPreference.followGaeApplication == STRING
    input.Body.settings.locationPreference.kind == STRING
    input.Body.settings.locationPreference.secondaryZone == STRING
    input.Body.settings.locationPreference.zone == STRING
    input.Body.settings.maintenanceWindow.day == INTEGER
    input.Body.settings.maintenanceWindow.hour == INTEGER
    input.Body.settings.maintenanceWindow.kind == STRING
    input.Body.settings.maintenanceWindow.updateTrack == enum_MaintenanceWindowUpdateTrack[_]
    input.Body.settings.passwordValidationPolicy.complexity == enum_PasswordValidationPolicyComplexity[_]
    input.Body.settings.passwordValidationPolicy.disallowCompromisedCredentials == BOOLEAN
    input.Body.settings.passwordValidationPolicy.disallowUsernameSubstring == BOOLEAN
    input.Body.settings.passwordValidationPolicy.enablePasswordPolicy == BOOLEAN
    input.Body.settings.passwordValidationPolicy.minLength == INTEGER
    input.Body.settings.passwordValidationPolicy.passwordChangeInterval == STRING
    input.Body.settings.passwordValidationPolicy.reuseInterval == INTEGER
    input.Body.settings.pricingPlan == enum_SettingsPricingPlan[_]
    input.Body.settings.replicationType == enum_SettingsReplicationType[_]
    input.Body.settings.settingsVersion == STRING
    input.Body.settings.sqlServerAuditConfig.bucket == STRING
    input.Body.settings.sqlServerAuditConfig.kind == STRING
    input.Body.settings.sqlServerAuditConfig.retentionInterval == STRING
    input.Body.settings.sqlServerAuditConfig.uploadInterval == STRING
    input.Body.settings.storageAutoResize == BOOLEAN
    input.Body.settings.storageAutoResizeLimit == STRING
    input.Body.settings.tier == STRING
    input.Body.settings.timeZone == STRING
    input.Body.settings.userLabels.STRING == STRING
    input.Body.sqlNetworkArchitecture == enum_DatabaseInstanceSqlNetworkArchitecture[_]
    input.Body.state == enum_DatabaseInstanceState[_]
    input.Body.suspensionReason[_] == enum_DatabaseInstanceSuspensionReason[_]
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.operations.cancel

valid {
    input.ReqMap.operation == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.operations.get

valid {
    input.ReqMap.operation == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.operations.list

valid {
    input.ReqMap.ProjectID == STRING
    input.Qs.instance == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.projects.instances.getDiskShrinkConfig

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.projects.instances.getLatestRecoveryTime

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.projects.instances.performDiskShrink

valid {
    input.Body.targetSizeGb == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.projects.instances.rescheduleMaintenance

enum_RescheduleRescheduleType := [ "RESCHEDULE_TYPE_UNSPECIFIED", "IMMEDIATE", "NEXT_AVAILABLE_WINDOW", "SPECIFIC_TIME" ]

valid {
    input.Body.reschedule.rescheduleType == enum_RescheduleRescheduleType[_]
    input.Body.reschedule.scheduleTime == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.projects.instances.resetReplicaSize

valid {
    input.Body.STRING == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.projects.instances.startExternalSync

enum_SqlInstancesStartExternalSyncRequestSyncMode := [ "EXTERNAL_SYNC_MODE_UNSPECIFIED", "ONLINE", "OFFLINE" ]
enum_SqlInstancesStartExternalSyncRequestSyncParallelLevel := [ "EXTERNAL_SYNC_PARALLEL_LEVEL_UNSPECIFIED", "MIN", "OPTIMAL", "MAX" ]

valid {
    input.Body.mysqlSyncConfig.initialSyncFlags[_].name == STRING
    input.Body.mysqlSyncConfig.initialSyncFlags[_].value == STRING
    input.Body.skipVerification == BOOLEAN
    input.Body.syncMode == enum_SqlInstancesStartExternalSyncRequestSyncMode[_]
    input.Body.syncParallelLevel == enum_SqlInstancesStartExternalSyncRequestSyncParallelLevel[_]
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.projects.instances.verifyExternalSyncSettings

enum_SqlInstancesVerifyExternalSyncSettingsRequestSyncMode := [ "EXTERNAL_SYNC_MODE_UNSPECIFIED", "ONLINE", "OFFLINE" ]

valid {
    input.Body.mysqlSyncConfig.initialSyncFlags[_].name == STRING
    input.Body.mysqlSyncConfig.initialSyncFlags[_].value == STRING
    input.Body.syncMode == enum_SqlInstancesVerifyExternalSyncSettingsRequestSyncMode[_]
    input.Body.verifyConnectionOnly == BOOLEAN
    input.Body.verifyReplicationOnly == BOOLEAN
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.sslCerts.createEphemeral

valid {
    input.Body.access_token == STRING
    input.Body.public_key == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.sslCerts.delete

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ReqMap.sha1Fingerprint == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.sslCerts.get

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ReqMap.sha1Fingerprint == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.sslCerts.insert

valid {
    input.Body.commonName == STRING
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.sslCerts.list

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.tiers.list

valid {
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.users.delete

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.host == STRING
    input.Qs.name == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.users.get

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.name == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.host == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.users.insert

enum_UserDualPasswordType := [ "DUAL_PASSWORD_TYPE_UNSPECIFIED", "NO_MODIFY_DUAL_PASSWORD", "NO_DUAL_PASSWORD", "DUAL_PASSWORD" ]
enum_UserType := [ "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER", "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" ]

valid {
    input.Body.dualPasswordType == enum_UserDualPasswordType[_]
    input.Body.etag == STRING
    input.Body.host == STRING
    input.Body.instance == STRING
    input.Body.kind == STRING
    input.Body.name == STRING
    input.Body.password == STRING
    input.Body.passwordPolicy.allowedFailedAttempts == INTEGER
    input.Body.passwordPolicy.enableFailedAttemptsCheck == BOOLEAN
    input.Body.passwordPolicy.enablePasswordVerification == BOOLEAN
    input.Body.passwordPolicy.passwordExpirationDuration == STRING
    input.Body.project == STRING
    input.Body.sqlserverUserDetails.disabled == BOOLEAN
    input.Body.sqlserverUserDetails.serverRoles[_] == STRING
    input.Body.type == enum_UserType[_]
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.users.list

valid {
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}

sql.users.update

enum_UserDualPasswordType := [ "DUAL_PASSWORD_TYPE_UNSPECIFIED", "NO_MODIFY_DUAL_PASSWORD", "NO_DUAL_PASSWORD", "DUAL_PASSWORD" ]
enum_UserType := [ "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER", "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" ]

valid {
    input.Body.dualPasswordType == enum_UserDualPasswordType[_]
    input.Body.etag == STRING
    input.Body.host == STRING
    input.Body.instance == STRING
    input.Body.kind == STRING
    input.Body.name == STRING
    input.Body.password == STRING
    input.Body.passwordPolicy.allowedFailedAttempts == INTEGER
    input.Body.passwordPolicy.enableFailedAttemptsCheck == BOOLEAN
    input.Body.passwordPolicy.enablePasswordVerification == BOOLEAN
    input.Body.passwordPolicy.passwordExpirationDuration == STRING
    input.Body.project == STRING
    input.Body.sqlserverUserDetails.disabled == BOOLEAN
    input.Body.sqlserverUserDetails.serverRoles[_] == STRING
    input.Body.type == enum_UserType[_]
    input.ReqMap.instance == STRING
    input.ReqMap.ProjectID == STRING
    input.Qs.host == STRING
    input.Qs.name == STRING
    input.ProviderMetadata.Region == STRING
    input.ProviderMetadata.ProjectID == STRING
}