diff --git a/.apigentools-info b/.apigentools-info index f2e06059a8..6cab9243b7 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.5", - "regenerated": "2023-07-19 18:05:01.077070", - "spec_repo_commit": "e9066fe1" + "regenerated": "2023-07-20 14:24:44.624557", + "spec_repo_commit": "878f93fe" }, "v2": { "apigentools_version": "1.6.5", - "regenerated": "2023-07-19 18:05:01.093411", - "spec_repo_commit": "e9066fe1" + "regenerated": "2023-07-20 14:24:44.636983", + "spec_repo_commit": "878f93fe" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 20be2bc459..7041b38cc6 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -2696,6 +2696,12 @@ components: type: array complianceSignalOptions: $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions' + filters: + description: Additional queries to filter matched events before they are + processed. + items: + $ref: '#/components/schemas/SecurityMonitoringFilter' + type: array isEnabled: description: Whether the rule is enabled. example: true diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1092490364.py b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1092490364.py index 13a593e91d..79410affc2 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1092490364.py +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1092490364.py @@ -15,6 +15,8 @@ from datadog_api_client.v2.model.cloud_configuration_rule_create_payload import CloudConfigurationRuleCreatePayload from datadog_api_client.v2.model.cloud_configuration_rule_options import CloudConfigurationRuleOptions from datadog_api_client.v2.model.cloud_configuration_rule_type import CloudConfigurationRuleType +from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter +from datadog_api_client.v2.model.security_monitoring_filter_action import SecurityMonitoringFilterAction from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity body = CloudConfigurationRuleCreatePayload( @@ -51,6 +53,16 @@ "@account_id", ], ), + filters=[ + SecurityMonitoringFilter( + action=SecurityMonitoringFilterAction.REQUIRE, + query="resource_id:helo*", + ), + SecurityMonitoringFilter( + action=SecurityMonitoringFilterAction.SUPPRESS, + query="control:helo*", + ), + ], ) configuration = Configuration() diff --git a/src/datadog_api_client/v2/model/cloud_configuration_rule_create_payload.py b/src/datadog_api_client/v2/model/cloud_configuration_rule_create_payload.py index 31048c665a..0ab0f51d58 100644 --- a/src/datadog_api_client/v2/model/cloud_configuration_rule_create_payload.py +++ b/src/datadog_api_client/v2/model/cloud_configuration_rule_create_payload.py @@ -18,6 +18,7 @@ from datadog_api_client.v2.model.cloud_configuration_rule_compliance_signal_options import ( CloudConfigurationRuleComplianceSignalOptions, ) + from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.cloud_configuration_rule_options import CloudConfigurationRuleOptions from datadog_api_client.v2.model.cloud_configuration_rule_type import CloudConfigurationRuleType @@ -29,12 +30,14 @@ def openapi_types(_): from datadog_api_client.v2.model.cloud_configuration_rule_compliance_signal_options import ( CloudConfigurationRuleComplianceSignalOptions, ) + from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.cloud_configuration_rule_options import CloudConfigurationRuleOptions from datadog_api_client.v2.model.cloud_configuration_rule_type import CloudConfigurationRuleType return { "cases": ([CloudConfigurationRuleCaseCreate],), "compliance_signal_options": (CloudConfigurationRuleComplianceSignalOptions,), + "filters": ([SecurityMonitoringFilter],), "is_enabled": (bool,), "message": (str,), "name": (str,), @@ -46,6 +49,7 @@ def openapi_types(_): attribute_map = { "cases": "cases", "compliance_signal_options": "complianceSignalOptions", + "filters": "filters", "is_enabled": "isEnabled", "message": "message", "name": "name", @@ -62,6 +66,7 @@ def __init__( message: str, name: str, options: CloudConfigurationRuleOptions, + filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset, tags: Union[List[str], UnsetType] = unset, type: Union[CloudConfigurationRuleType, UnsetType] = unset, **kwargs, @@ -75,6 +80,9 @@ def __init__( :param compliance_signal_options: How to generate compliance signals. Useful for cloud_configuration rules only. :type compliance_signal_options: CloudConfigurationRuleComplianceSignalOptions + :param filters: Additional queries to filter matched events before they are processed. + :type filters: [SecurityMonitoringFilter], optional + :param is_enabled: Whether the rule is enabled. :type is_enabled: bool @@ -93,6 +101,8 @@ def __init__( :param type: The rule type. :type type: CloudConfigurationRuleType, optional """ + if filters is not unset: + kwargs["filters"] = filters if tags is not unset: kwargs["tags"] = tags if type is not unset: diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_cloud_configuration_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_create_a_cloud_configuration_rule_returns_ok_response.frozen index d5e553d385..2d5072815d 100644 --- a/tests/v2/cassettes/test_scenarios/test_create_a_cloud_configuration_rule_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_create_a_cloud_configuration_rule_returns_ok_response.frozen @@ -1 +1 @@ -2022-12-16T18:53:53.418Z \ No newline at end of file +2023-07-20T12:27:33.661Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_cloud_configuration_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_create_a_cloud_configuration_rule_returns_ok_response.yaml index 9a6eacae1b..92c6f34b48 100644 --- a/tests/v2/cassettes/test_scenarios/test_create_a_cloud_configuration_rule_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_create_a_cloud_configuration_rule_returns_ok_response.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: '{"cases":[{"notifications":["channel"],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"isEnabled":false,"message":"ddd","name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1671216833_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package + body: '{"cases":[{"notifications":["channel"],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}],"isEnabled":false,"message":"ddd","name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1689856053_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package datadog\n","resourceTypes":["gcp_compute_disk"]},"resourceType":"gcp_compute_disk"}},"tags":["my:tag"],"type":"cloud_configuration"}' headers: accept: @@ -11,9 +11,9 @@ interactions: uri: https://api.datadoghq.com/api/v2/security_monitoring/rules response: body: - string: '{"creationAuthorId":1445416,"tags":["my:tag"],"type":"cloud_configuration","isEnabled":false,"hasExtendedTitle":true,"message":"ddd","options":{"detectionMethod":"threshold","evaluationWindow":7200,"maxSignalDuration":86400,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package - datadog\n","resourceTypes":["gcp_compute_disk"]},"complexRule":false},"keepAlive":21600},"version":1,"createdAt":1671216834196,"filters":[],"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"aggregation":"count","name":"a","distinctFields":[]}],"isDeleted":false,"complianceSignalOptions":{"defaultActivationStatus":null,"userActivationStatus":true,"defaultGroupByFields":null,"userGroupByFields":["@account_id"]},"cases":[{"status":"info","notifications":["channel"],"name":"","condition":"a - > 0"}],"id":"fat-bma-9yo","isDefault":false,"name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1671216833_cloud"} + string: '{"id":"rmr-xkf-scr","version":1,"name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1689856053_cloud","createdAt":1689856054469,"creationAuthorId":1445416,"isDefault":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package + datadog\n","resourceTypes":["gcp_compute_disk"]},"complexRule":false}},"complianceSignalOptions":{"defaultActivationStatus":null,"defaultGroupByFields":null,"userActivationStatus":true,"userGroupByFields":["@account_id"]},"cases":[{"condition":"a + > 0","name":"","status":"info","notifications":["channel"]}],"message":"ddd","tags":["my:tag"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}]} ' headers: @@ -28,7 +28,7 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/fat-bma-9yo + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/rmr-xkf-scr response: body: string: '' diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index c8c8357f4e..af8dadabbb 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -58,7 +58,7 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Create a cloud_configuration rule returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"type":"cloud_configuration","name":"{{ unique }}_cloud","isEnabled":false,"cases":[{"status":"info","notifications":["channel"]}],"options":{"complianceRuleOptions":{"resourceType":"gcp_compute_disk","complexRule": false,"regoRule":{"policy":"package datadog\n","resourceTypes":["gcp_compute_disk"]}}},"message":"ddd","tags":["my:tag"],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]}} + And body with value {"type":"cloud_configuration","name":"{{ unique }}_cloud","isEnabled":false,"cases":[{"status":"info","notifications":["channel"]}],"options":{"complianceRuleOptions":{"resourceType":"gcp_compute_disk","complexRule": false,"regoRule":{"policy":"package datadog\n","resourceTypes":["gcp_compute_disk"]}}},"message":"ddd","tags":["my:tag"],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}]} When the request is sent Then the response status is 200 OK And the response "name" is equal to "{{ unique }}_cloud"