Regenerate client from commit ccc8320 of spec repo

Author: ci.datadog-api-spec

.generated-info

@@ -1,4 +1,4 @@
 {
-  "spec_repo_commit": "35630f3",
-  "generated": "2025-08-01 18:22:37.503"
+  "spec_repo_commit": "ccc8320",
+  "generated": "2025-08-04 12:22:49.162"
 }

.generator/schemas/v2/openapi.yaml

@@ -36339,6 +36339,27 @@ components:
       - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload'
       - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload'
       - $ref: '#/components/schemas/CloudConfigurationRulePayload'
+    SecurityMonitoringSchedulingOptions:
+      description: Options for scheduled rules. When this field is present, the rule
+        runs based on the schedule. When absent, it runs real-time on ingested logs.
+      nullable: true
+      properties:
+        rrule:
+          description: Schedule for the rule queries, written in RRULE syntax. See
+            [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html)
+            for syntax reference.
+          example: FREQ=HOURLY;INTERVAL=1;
+          type: string
+        start:
+          description: Start date for the schedule, in ISO 8601 format without timezone.
+          example: '2025-07-14T12:00:00'
+          type: string
+        timezone:
+          description: Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
+            format.
+          example: America/New_York
+          type: string
+      type: object
     SecurityMonitoringSignal:
       description: Object description of a security signal.
       properties:
@@ -37017,6 +37038,12 @@ components:
     SecurityMonitoringStandardRuleCreatePayload:
       description: Create a new rule.
       properties:
+        calculatedFields:
+          description: Calculated fields. Only allowed for scheduled rules - in other
+            words, when schedulingOptions is also defined.
+          items:
+            $ref: '#/components/schemas/CalculatedField'
+          type: array
         cases:
           description: Cases for generating signals.
           example: []
@@ -37069,6 +37096,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
           type: array
+        schedulingOptions:
+          $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions'
         tags:
           description: Tags for generated signals.
           example:
@@ -37214,6 +37243,14 @@ components:
           example: false
           readOnly: true
           type: boolean
+        index:
+          description: '**This field is currently unstable and might be removed in
+            a minor version upgrade.**
+
+            The index to run the query on, if the `dataSource` is `logs`. Only used
+            for scheduled rules - in other words, when the `schedulingOptions` field
+            is present in the rule payload.'
+          type: string
         metric:
           deprecated: true
           description: '(Deprecated) The target field to aggregate over when using
@@ -37241,6 +37278,12 @@ components:
     SecurityMonitoringStandardRuleResponse:
       description: Rule.
       properties:
+        calculatedFields:
+          description: Calculated fields. Only allowed for scheduled rules - in other
+            words, when schedulingOptions is also defined.
+          items:
+            $ref: '#/components/schemas/CalculatedField'
+          type: array
         cases:
           description: Cases for generating signals.
           items:
@@ -37326,6 +37369,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
           type: array
+        schedulingOptions:
+          $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions'
         tags:
           description: Tags for generated signals.
           items:

examples/v2_security-monitoring_CreateSecurityMonitoringRule_868881438.rs

@@ -0,0 +1,60 @@
+// Create a scheduled detection rule returns "OK" response
+use datadog_api_client::datadog;
+use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleEvaluationWindow;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleKeepAlive;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleMaxSignalDuration;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryAggregation;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTypeCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringSchedulingOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleQuery;
+
+#[tokio::main]
+async fn main() {
+    let body =
+        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
+            SecurityMonitoringStandardRuleCreatePayload::new(
+                vec![
+                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
+                        .condition("a > 0".to_string())
+                        .name("".to_string())
+                        .notifications(vec![]),
+                ],
+                true,
+                "Test rule".to_string(),
+                "Example-Security-Monitoring".to_string(),
+                SecurityMonitoringRuleOptions::new()
+                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
+                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
+                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
+                vec![SecurityMonitoringStandardRuleQuery::new()
+                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
+                    .distinct_fields(vec![])
+                    .group_by_fields(vec![])
+                    .index("main".to_string())
+                    .query("@test:true".to_string())],
+            )
+            .filters(vec![])
+            .scheduling_options(Some(
+                SecurityMonitoringSchedulingOptions::new()
+                    .rrule("FREQ=HOURLY;INTERVAL=2;".to_string())
+                    .start("2025-06-18T12:00:00".to_string())
+                    .timezone("Europe/Paris".to_string()),
+            ))
+            .tags(vec![])
+            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
+        ));
+    let configuration = datadog::Configuration::new();
+    let api = SecurityMonitoringAPI::with_config(configuration);
+    let resp = api.create_security_monitoring_rule(body).await;
+    if let Ok(value) = resp {
+        println!("{:#?}", value);
+    } else {
+        println!("{:#?}", resp.unwrap_err());
+    }
+}

src/datadogV2/model/mod.rs

@@ -4638,6 +4638,8 @@ pub mod model_security_monitoring_list_rules_response;
 pub use self::model_security_monitoring_list_rules_response::SecurityMonitoringListRulesResponse;
 pub mod model_security_monitoring_standard_rule_response;
 pub use self::model_security_monitoring_standard_rule_response::SecurityMonitoringStandardRuleResponse;
+pub mod model_calculated_field;
+pub use self::model_calculated_field::CalculatedField;
 pub mod model_security_monitoring_rule_case;
 pub use self::model_security_monitoring_rule_case::SecurityMonitoringRuleCase;
 pub mod model_security_monitoring_rule_case_action;
@@ -4696,6 +4698,8 @@ pub mod model_security_monitoring_standard_data_source;
 pub use self::model_security_monitoring_standard_data_source::SecurityMonitoringStandardDataSource;
 pub mod model_security_monitoring_reference_table;
 pub use self::model_security_monitoring_reference_table::SecurityMonitoringReferenceTable;
+pub mod model_security_monitoring_scheduling_options;
+pub use self::model_security_monitoring_scheduling_options::SecurityMonitoringSchedulingOptions;
 pub mod model_security_monitoring_third_party_rule_case;
 pub use self::model_security_monitoring_third_party_rule_case::SecurityMonitoringThirdPartyRuleCase;
 pub mod model_security_monitoring_rule_type_read;
@@ -5120,8 +5124,6 @@ pub mod model_historical_job_response_attributes;
 pub use self::model_historical_job_response_attributes::HistoricalJobResponseAttributes;
 pub mod model_job_definition;
 pub use self::model_job_definition::JobDefinition;
-pub mod model_calculated_field;
-pub use self::model_calculated_field::CalculatedField;
 pub mod model_historical_job_options;
 pub use self::model_historical_job_options::HistoricalJobOptions;
 pub mod model_historical_job_query;

src/datadogV2/model/model_security_monitoring_scheduling_options.rs

@@ -0,0 +1,139 @@
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2019-Present Datadog, Inc.
+use serde::de::{Error, MapAccess, Visitor};
+use serde::{Deserialize, Deserializer, Serialize};
+use serde_with::skip_serializing_none;
+use std::fmt::{self, Formatter};
+
+/// Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.
+#[non_exhaustive]
+#[skip_serializing_none]
+#[derive(Clone, Debug, PartialEq, Serialize)]
+pub struct SecurityMonitoringSchedulingOptions {
+    /// Schedule for the rule queries, written in RRULE syntax. See [RFC](<https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html>) for syntax reference.
+    #[serde(rename = "rrule")]
+    pub rrule: Option<String>,
+    /// Start date for the schedule, in ISO 8601 format without timezone.
+    #[serde(rename = "start")]
+    pub start: Option<String>,
+    /// Time zone of the start date, in the [tz database](<https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>) format.
+    #[serde(rename = "timezone")]
+    pub timezone: Option<String>,
+    #[serde(flatten)]
+    pub additional_properties: std::collections::BTreeMap<String, serde_json::Value>,
+    #[serde(skip)]
+    #[serde(default)]
+    pub(crate) _unparsed: bool,
+}
+
+impl SecurityMonitoringSchedulingOptions {
+    pub fn new() -> SecurityMonitoringSchedulingOptions {
+        SecurityMonitoringSchedulingOptions {
+            rrule: None,
+            start: None,
+            timezone: None,
+            additional_properties: std::collections::BTreeMap::new(),
+            _unparsed: false,
+        }
+    }
+
+    pub fn rrule(mut self, value: String) -> Self {
+        self.rrule = Some(value);
+        self
+    }
+
+    pub fn start(mut self, value: String) -> Self {
+        self.start = Some(value);
+        self
+    }
+
+    pub fn timezone(mut self, value: String) -> Self {
+        self.timezone = Some(value);
+        self
+    }
+
+    pub fn additional_properties(
+        mut self,
+        value: std::collections::BTreeMap<String, serde_json::Value>,
+    ) -> Self {
+        self.additional_properties = value;
+        self
+    }
+}
+
+impl Default for SecurityMonitoringSchedulingOptions {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl<'de> Deserialize<'de> for SecurityMonitoringSchedulingOptions {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        struct SecurityMonitoringSchedulingOptionsVisitor;
+        impl<'a> Visitor<'a> for SecurityMonitoringSchedulingOptionsVisitor {
+            type Value = SecurityMonitoringSchedulingOptions;
+
+            fn expecting(&self, f: &mut Formatter<'_>) -> fmt::Result {
+                f.write_str("a mapping")
+            }
+
+            fn visit_map<M>(self, mut map: M) -> Result<Self::Value, M::Error>
+            where
+                M: MapAccess<'a>,
+            {
+                let mut rrule: Option<String> = None;
+                let mut start: Option<String> = None;
+                let mut timezone: Option<String> = None;
+                let mut additional_properties: std::collections::BTreeMap<
+                    String,
+                    serde_json::Value,
+                > = std::collections::BTreeMap::new();
+                let mut _unparsed = false;
+
+                while let Some((k, v)) = map.next_entry::<String, serde_json::Value>()? {
+                    match k.as_str() {
+                        "rrule" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            rrule = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        "start" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            start = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        "timezone" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            timezone = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        &_ => {
+                            if let Ok(value) = serde_json::from_value(v.clone()) {
+                                additional_properties.insert(k, value);
+                            }
+                        }
+                    }
+                }
+
+                let content = SecurityMonitoringSchedulingOptions {
+                    rrule,
+                    start,
+                    timezone,
+                    additional_properties,
+                    _unparsed,
+                };
+
+                Ok(content)
+            }
+        }
+
+        deserializer.deserialize_any(SecurityMonitoringSchedulingOptionsVisitor)
+    }
+}