Add hash field to actions in CWS agent rules

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-17 18:21:59.760405",
-            "spec_repo_commit": "b1a1c000"
+            "regenerated": "2025-06-18 09:42:24.575961",
+            "spec_repo_commit": "b6151f30"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-17 18:21:59.775701",
-            "spec_repo_commit": "b1a1c000"
+            "regenerated": "2025-06-18 09:42:24.630790",
+            "spec_repo_commit": "b6151f30"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -7540,13 +7540,19 @@ components:
           description: SECL expression used to target the container to apply the action
             on
           type: string
+        hash:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionHash'
         kill:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill'
         metadata:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionMetadata'
         set:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionSet'
       type: object
+    CloudWorkloadSecurityAgentRuleActionHash:
+      additionalProperties: {}
+      description: An empty object indicating the hash action
+      type: object
     CloudWorkloadSecurityAgentRuleActionMetadata:
       description: The metadata action applied on the scope matching the rule
       properties:

docs/datadog_api_client.v2.model.rst

@@ -2846,6 +2846,13 @@ datadog\_api\_client.v2.model.cloud\_workload\_security\_agent\_rule\_action mod
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.cloud\_workload\_security\_agent\_rule\_action\_hash module
+-----------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_hash
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.cloud\_workload\_security\_agent\_rule\_action\_metadata module
 ---------------------------------------------------------------------------------------------
 

examples/v2/csm-threats/CreateCSMThreatsAgentRule_1295653933.py

@@ -6,6 +6,9 @@
 from datadog_api_client import ApiClient, Configuration
 from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
 from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action import CloudWorkloadSecurityAgentRuleAction
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_hash import (
+    CloudWorkloadSecurityAgentRuleActionHash,
+)
 from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_set import (
     CloudWorkloadSecurityAgentRuleActionSet,
 )
@@ -41,6 +44,9 @@
                         scope="process",
                     ),
                 ),
+                CloudWorkloadSecurityAgentRuleAction(
+                    hash=CloudWorkloadSecurityAgentRuleActionHash(),
+                ),
             ],
         ),
         type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,

src/datadog_api_client/v2/model/cloud_workload_security_agent_rule_action.py

@@ -14,6 +14,9 @@
 
 
 if TYPE_CHECKING:
+    from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_hash import (
+        CloudWorkloadSecurityAgentRuleActionHash,
+    )
     from datadog_api_client.v2.model.cloud_workload_security_agent_rule_kill import CloudWorkloadSecurityAgentRuleKill
     from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_metadata import (
         CloudWorkloadSecurityAgentRuleActionMetadata,
@@ -26,6 +29,9 @@
 class CloudWorkloadSecurityAgentRuleAction(ModelNormal):
     @cached_property
     def openapi_types(_):
+        from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_hash import (
+            CloudWorkloadSecurityAgentRuleActionHash,
+        )
         from datadog_api_client.v2.model.cloud_workload_security_agent_rule_kill import (
             CloudWorkloadSecurityAgentRuleKill,
         )
@@ -38,13 +44,15 @@ def openapi_types(_):
 
         return {
             "filter": (str,),
+            "hash": (CloudWorkloadSecurityAgentRuleActionHash,),
             "kill": (CloudWorkloadSecurityAgentRuleKill,),
             "metadata": (CloudWorkloadSecurityAgentRuleActionMetadata,),
             "set": (CloudWorkloadSecurityAgentRuleActionSet,),
         }
 
     attribute_map = {
         "filter": "filter",
+        "hash": "hash",
         "kill": "kill",
         "metadata": "metadata",
         "set": "set",
@@ -53,6 +61,7 @@ def openapi_types(_):
     def __init__(
         self_,
         filter: Union[str, UnsetType] = unset,
+        hash: Union[CloudWorkloadSecurityAgentRuleActionHash, UnsetType] = unset,
         kill: Union[CloudWorkloadSecurityAgentRuleKill, UnsetType] = unset,
         metadata: Union[CloudWorkloadSecurityAgentRuleActionMetadata, UnsetType] = unset,
         set: Union[CloudWorkloadSecurityAgentRuleActionSet, UnsetType] = unset,
@@ -64,6 +73,9 @@ def __init__(
         :param filter: SECL expression used to target the container to apply the action on
         :type filter: str, optional
 
+        :param hash: An empty object indicating the hash action
+        :type hash: CloudWorkloadSecurityAgentRuleActionHash, optional
+
         :param kill: Kill system call applied on the container matching the rule
         :type kill: CloudWorkloadSecurityAgentRuleKill, optional
 
@@ -75,6 +87,8 @@ def __init__(
         """
         if filter is not unset:
             kwargs["filter"] = filter
+        if hash is not unset:
+            kwargs["hash"] = hash
         if kill is not unset:
             kwargs["kill"] = kill
         if metadata is not unset:

src/datadog_api_client/v2/model/cloud_workload_security_agent_rule_action_hash.py

@@ -0,0 +1,17 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+
+from datadog_api_client.model_utils import (
+    ModelNormal,
+)
+
+
+class CloudWorkloadSecurityAgentRuleActionHash(ModelNormal):
+    def __init__(self_, **kwargs):
+        """
+        An empty object indicating the hash action
+        """
+        super().__init__(kwargs)

src/datadog_api_client/v2/models/__init__.py

@@ -532,6 +532,9 @@
     CloudWorkloadSecurityAgentPolicyUpdaterAttributes,
 )
 from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action import CloudWorkloadSecurityAgentRuleAction
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_hash import (
+    CloudWorkloadSecurityAgentRuleActionHash,
+)
 from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_metadata import (
     CloudWorkloadSecurityAgentRuleActionMetadata,
 )
@@ -3902,6 +3905,7 @@
     "CloudWorkloadSecurityAgentPolicyUpdateRequest",
     "CloudWorkloadSecurityAgentPolicyUpdaterAttributes",
     "CloudWorkloadSecurityAgentRuleAction",
+    "CloudWorkloadSecurityAgentRuleActionHash",
     "CloudWorkloadSecurityAgentRuleActionMetadata",
     "CloudWorkloadSecurityAgentRuleActionSet",
     "CloudWorkloadSecurityAgentRuleAttributes",

tests/v2/cassettes/test_scenarios/test_create_a_workload_protection_agent_rule_with_set_action_returns_ok_response.frozen

@@ -1 +1 @@
-2025-05-27T10:24:57.049Z
+2025-06-13T15:16:58.034Z

tests/v2/cassettes/test_scenarios/test_create_a_workload_protection_agent_rule_with_set_action_returns_ok_response.yaml

@@ -1,6 +1,6 @@
 interactions:
 - request:
-    body: '{"data":{"attributes":{"description":"My agent policy","enabled":true,"hostTags":["env:staging"],"name":"testcreateaworkloadprotectionagentrulewithsetactionreturnsokresponse1748341497"},"type":"policy"}}'
+    body: '{"data":{"attributes":{"description":"My agent policy","enabled":true,"hostTags":["env:staging"],"name":"testcreateaworkloadprotectionagentrulewithsetactionreturnsokresponse1749827818"},"type":"policy"}}'
     headers:
       accept:
       - application/json
@@ -10,17 +10,17 @@ interactions:
     uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/policy
   response:
     body:
-      string: '{"data":{"id":"qyj-iza-vbu","type":"policy","attributes":{"blockingRulesCount":0,"datadogManaged":false,"description":"My
-        agent policy","disabledRulesCount":1,"enabled":true,"hostTags":["env:staging"],"monitoringRulesCount":225,"name":"testcreateaworkloadprotectionagentrulewithsetactionreturnsokresponse1748341497","policyVersion":"1","priority":1000000011,"ruleCount":226,"updateDate":1748341497346,"updater":{"name":"frog","handle":"[email protected]"}}}}'
+      string: '{"data":{"id":"alt-4q4-baa","type":"policy","attributes":{"blockingRulesCount":0,"datadogManaged":false,"description":"My
+        agent policy","disabledRulesCount":1,"enabled":true,"hostTags":["env:staging"],"monitoringRulesCount":225,"name":"testcreateaworkloadprotectionagentrulewithsetactionreturnsokresponse1749827818","policyVersion":"1","priority":1000000013,"ruleCount":226,"updateDate":1749827818428,"updater":{"name":"frog","handle":"[email protected]"}}}}'
     headers:
       content-type:
       - application/json
     status:
       code: 200
       message: OK
 - request:
-    body: '{"data":{"attributes":{"actions":[{"set":{"name":"test_set","scope":"process","value":"test_value"}}],"description":"My
-      Agent rule with set action","enabled":true,"expression":"exec.file.name == \"sh\"","filters":[],"name":"testcreateaworkloadprotectionagentrulewithsetactionreturnsokresponse1748341497","policy_id":"qyj-iza-vbu","product_tags":[]},"type":"agent_rule"}}'
+    body: '{"data":{"attributes":{"actions":[{"set":{"name":"test_set","scope":"process","value":"test_value"}},{"hash":{}}],"description":"My
+      Agent rule with set action","enabled":true,"expression":"exec.file.name == \"sh\"","filters":[],"name":"testcreateaworkloadprotectionagentrulewithsetactionreturnsokresponse1749827818","policy_id":"alt-4q4-baa","product_tags":[]},"type":"agent_rule"}}'
     headers:
       accept:
       - application/json
@@ -30,10 +30,10 @@ interactions:
     uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules
   response:
     body:
-      string: '{"data":{"id":"zux-bp8-zov","type":"agent_rule","attributes":{"actions":[{"set":{"name":"test_set","value":"test_value","scope":"process"},"disabled":false}],"category":"Process
-        Activity","creationDate":1748341498175,"creator":{"name":"frog","handle":"[email protected]"},"defaultRule":false,"description":"My
+      string: '{"data":{"id":"ps3-64e-shx","type":"agent_rule","attributes":{"actions":[{"set":{"name":"test_set","value":"test_value","scope":"process"},"disabled":false},{"hash":{},"disabled":false}],"category":"Process
+        Activity","creationDate":1749827819065,"creator":{"name":"frog","handle":"[email protected]"},"defaultRule":false,"description":"My
         Agent rule with set action","enabled":true,"expression":"exec.file.name ==
-        \"sh\"","filters":["os == \"linux\""],"monitoring":["qyj-iza-vbu"],"name":"testcreateaworkloadprotectionagentrulewithsetactionreturnsokresponse1748341497","product_tags":[],"updateDate":1748341498175,"updater":{"name":"frog","handle":"[email protected]"}}}}'
+        \"sh\"","filters":["os == \"linux\""],"monitoring":["alt-4q4-baa"],"name":"testcreateaworkloadprotectionagentrulewithsetactionreturnsokresponse1749827818","product_tags":[],"updateDate":1749827819065,"updater":{"name":"frog","handle":"[email protected]"}}}}'
     headers:
       content-type:
       - application/json
@@ -46,7 +46,7 @@ interactions:
       accept:
       - '*/*'
     method: DELETE
-    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/zux-bp8-zov
+    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/ps3-64e-shx
   response:
     body:
       string: ''
@@ -62,7 +62,7 @@ interactions:
       accept:
       - '*/*'
     method: DELETE
-    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/qyj-iza-vbu
+    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/alt-4q4-baa
   response:
     body:
       string: ''

tests/v2/cassettes/test_scenarios/test_delete_a_workload_protection_agent_rule_returns_ok_response.frozen

@@ -1 +1 @@
-2025-05-27T10:25:02.351Z
+2025-06-13T15:16:43.100Z

tests/v2/cassettes/test_scenarios/test_delete_a_workload_protection_agent_rule_returns_ok_response.yaml

@@ -1,6 +1,6 @@
 interactions:
 - request:
-    body: '{"data":{"attributes":{"description":"My agent policy","enabled":true,"hostTags":["env:staging"],"name":"testdeleteaworkloadprotectionagentrulereturnsokresponse1748341502"},"type":"policy"}}'
+    body: '{"data":{"attributes":{"description":"My agent policy","enabled":true,"hostTags":["env:staging"],"name":"testdeleteaworkloadprotectionagentrulereturnsokresponse1749827803"},"type":"policy"}}'
     headers:
       accept:
       - application/json
@@ -10,17 +10,17 @@ interactions:
     uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/policy
   response:
     body:
-      string: '{"data":{"id":"ney-zeu-tex","type":"policy","attributes":{"blockingRulesCount":0,"datadogManaged":false,"description":"My
-        agent policy","disabledRulesCount":1,"enabled":true,"hostTags":["env:staging"],"monitoringRulesCount":225,"name":"testdeleteaworkloadprotectionagentrulereturnsokresponse1748341502","policyVersion":"1","priority":1000000011,"ruleCount":226,"updateDate":1748341502642,"updater":{"name":"frog","handle":"[email protected]"}}}}'
+      string: '{"data":{"id":"tn0-tjy-vwh","type":"policy","attributes":{"blockingRulesCount":0,"datadogManaged":false,"description":"My
+        agent policy","disabledRulesCount":1,"enabled":true,"hostTags":["env:staging"],"monitoringRulesCount":225,"name":"testdeleteaworkloadprotectionagentrulereturnsokresponse1749827803","policyVersion":"1","priority":1000000013,"ruleCount":226,"updateDate":1749827803539,"updater":{"name":"frog","handle":"[email protected]"}}}}'
     headers:
       content-type:
       - application/json
     status:
       code: 200
       message: OK
 - request:
-    body: '{"data":{"attributes":{"actions":[{"set":{"name":"test_set","scope":"process","value":"test_value"}}],"description":"My
-      Agent rule","enabled":true,"expression":"exec.file.name == \"sh\"","name":"testdeleteaworkloadprotectionagentrulereturnsokresponse1748341502","policy_id":"ney-zeu-tex","product_tags":["security:attack","technique:T1059"]},"type":"agent_rule"}}'
+    body: '{"data":{"attributes":{"actions":[{"set":{"name":"test_set","scope":"process","value":"test_value"}},{"hash":{}}],"description":"My
+      Agent rule","enabled":true,"expression":"exec.file.name == \"sh\"","name":"testdeleteaworkloadprotectionagentrulereturnsokresponse1749827803","policy_id":"tn0-tjy-vwh","product_tags":["security:attack","technique:T1059"]},"type":"agent_rule"}}'
     headers:
       accept:
       - application/json
@@ -30,10 +30,10 @@ interactions:
     uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules
   response:
     body:
-      string: '{"data":{"id":"gys-bzk-zs4","type":"agent_rule","attributes":{"actions":[{"set":{"name":"test_set","value":"test_value","scope":"process"},"disabled":false}],"category":"Process
-        Activity","creationDate":1748341503254,"creator":{"name":"frog","handle":"[email protected]"},"defaultRule":false,"description":"My
+      string: '{"data":{"id":"hm0-n7p-hq7","type":"agent_rule","attributes":{"actions":[{"set":{"name":"test_set","value":"test_value","scope":"process"},"disabled":false},{"hash":{},"disabled":false}],"category":"Process
+        Activity","creationDate":1749827804150,"creator":{"name":"frog","handle":"[email protected]"},"defaultRule":false,"description":"My
         Agent rule","enabled":true,"expression":"exec.file.name == \"sh\"","filters":["os
-        == \"linux\""],"monitoring":["ney-zeu-tex"],"name":"testdeleteaworkloadprotectionagentrulereturnsokresponse1748341502","product_tags":["security:attack","technique:T1059"],"updateDate":1748341503254,"updater":{"name":"frog","handle":"[email protected]"}}}}'
+        == \"linux\""],"monitoring":["tn0-tjy-vwh"],"name":"testdeleteaworkloadprotectionagentrulereturnsokresponse1749827803","product_tags":["security:attack","technique:T1059"],"updateDate":1749827804150,"updater":{"name":"frog","handle":"[email protected]"}}}}'
     headers:
       content-type:
       - application/json
@@ -46,7 +46,7 @@ interactions:
       accept:
       - '*/*'
     method: DELETE
-    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/gys-bzk-zs4?policy_id=ney-zeu-tex
+    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/hm0-n7p-hq7?policy_id=tn0-tjy-vwh
   response:
     body:
       string: ''
@@ -62,7 +62,7 @@ interactions:
       accept:
       - '*/*'
     method: DELETE
-    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/gys-bzk-zs4
+    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/hm0-n7p-hq7
   response:
     body:
       string: '{"errors":[{"title":"failed to delete rule"}]}
@@ -80,7 +80,7 @@ interactions:
       accept:
       - '*/*'
     method: DELETE
-    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/ney-zeu-tex
+    uri: https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/tn0-tjy-vwh
   response:
     body:
       string: ''

tests/v2/cassettes/test_scenarios/test_get_a_workload_protection_agent_rule_returns_ok_response.frozen

@@ -1 +1 @@
-2025-05-27T10:25:11.236Z
+2025-06-13T15:16:09.321Z