Exposing set action on Terraform V2 (#662)

Co-authored-by: ci.datadog-api-spec <[email protected]>

Author: api-clients-generation-pipeline[bot]

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-03 09:24:13.740178",
-            "spec_repo_commit": "5906d277"
+            "regenerated": "2025-06-04 09:10:39.421656",
+            "spec_repo_commit": "6c99bb98"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-03 09:24:13.756322",
-            "spec_repo_commit": "5906d277"
+            "regenerated": "2025-06-04 09:10:39.437589",
+            "spec_repo_commit": "6c99bb98"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -7526,6 +7526,50 @@ components:
           type: string
         kill:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill'
+        metadata:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionMetadata'
+        set:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionSet'
+      type: object
+    CloudWorkloadSecurityAgentRuleActionMetadata:
+      description: The metadata action applied on the scope matching the rule
+      properties:
+        image_tag:
+          description: The image tag of the metadata action
+          type: string
+        service:
+          description: The service of the metadata action
+          type: string
+        short_image:
+          description: The short image of the metadata action
+          type: string
+      type: object
+    CloudWorkloadSecurityAgentRuleActionSet:
+      description: The set action applied on the scope matching the rule
+      properties:
+        append:
+          description: Whether the value should be appended to the field
+          type: boolean
+        field:
+          description: The field of the set action
+          type: string
+        name:
+          description: The name of the set action
+          type: string
+        scope:
+          description: The scope of the set action
+          type: string
+        size:
+          description: The size of the set action
+          format: int64
+          type: integer
+        ttl:
+          description: The time to live of the set action
+          format: int64
+          type: integer
+        value:
+          description: The value of the set action
+          type: string
       type: object
     CloudWorkloadSecurityAgentRuleActions:
       description: The array of actions the rule can perform if triggered
@@ -7541,6 +7585,11 @@ components:
         agentConstraint:
           description: The version of the Agent
           type: string
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         category:
           description: The category of the Agent rule
           example: Process Activity
@@ -7564,6 +7613,11 @@ components:
           description: The description of the Agent rule
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7577,6 +7631,11 @@ components:
           items:
             type: string
           type: array
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         name:
           description: The name of the Agent rule
           example: my_agent_rule
@@ -7611,10 +7670,22 @@ components:
     CloudWorkloadSecurityAgentRuleCreateAttributes:
       description: Create a new Cloud Workload Security Agent rule.
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         description:
           description: The description of the Agent rule.
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7628,6 +7699,11 @@ components:
           items:
             type: string
           type: array
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         name:
           description: The name of the Agent rule.
           example: my_agent_rule
@@ -7718,10 +7794,22 @@ components:
     CloudWorkloadSecurityAgentRuleUpdateAttributes:
       description: Update an existing Cloud Workload Security Agent rule
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         description:
           description: The description of the Agent rule
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7730,6 +7818,11 @@ components:
           description: The SECL expression of the Agent rule
           example: exec.file.name == "sh"
           type: string
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         policy_id:
           description: The ID of the policy where the Agent rule is saved
           example: a8c8e364-6556-434d-b798-a4c23de29c0b

examples/v2_csm-threats_CreateCSMThreatsAgentRule_1295653933.rs

@@ -0,0 +1,43 @@
+// Create a Workload Protection agent rule with set action returns "OK" response
+use datadog_api_client::datadog;
+use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
+use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleAction;
+use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleActionSet;
+use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateAttributes;
+use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateData;
+use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateRequest;
+use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleType;
+
+#[tokio::main]
+async fn main() {
+    // there is a valid "policy_rc" in the system
+    let policy_data_id = std::env::var("POLICY_DATA_ID").unwrap();
+    let body = CloudWorkloadSecurityAgentRuleCreateRequest::new(
+        CloudWorkloadSecurityAgentRuleCreateData::new(
+            CloudWorkloadSecurityAgentRuleCreateAttributes::new(
+                r#"exec.file.name == "sh""#.to_string(),
+                "examplecsmthreat".to_string(),
+            )
+            .actions(Some(vec![CloudWorkloadSecurityAgentRuleAction::new().set(
+                CloudWorkloadSecurityAgentRuleActionSet::new()
+                    .name("test_set".to_string())
+                    .scope("process".to_string())
+                    .value("test_value".to_string()),
+            )]))
+            .description("My Agent rule with set action".to_string())
+            .enabled(true)
+            .filters(vec![])
+            .policy_id(policy_data_id.clone())
+            .product_tags(vec![]),
+            CloudWorkloadSecurityAgentRuleType::AGENT_RULE,
+        ),
+    );
+    let configuration = datadog::Configuration::new();
+    let api = CSMThreatsAPI::with_config(configuration);
+    let resp = api.create_csm_threats_agent_rule(body).await;
+    if let Ok(value) = resp {
+        println!("{:#?}", value);
+    } else {
+        println!("{:#?}", resp.unwrap_err());
+    }
+}

src/datadogV2/model/mod.rs

@@ -3160,6 +3160,10 @@ pub mod model_cloud_workload_security_agent_rule_action;
 pub use self::model_cloud_workload_security_agent_rule_action::CloudWorkloadSecurityAgentRuleAction;
 pub mod model_cloud_workload_security_agent_rule_kill;
 pub use self::model_cloud_workload_security_agent_rule_kill::CloudWorkloadSecurityAgentRuleKill;
+pub mod model_cloud_workload_security_agent_rule_action_metadata;
+pub use self::model_cloud_workload_security_agent_rule_action_metadata::CloudWorkloadSecurityAgentRuleActionMetadata;
+pub mod model_cloud_workload_security_agent_rule_action_set;
+pub use self::model_cloud_workload_security_agent_rule_action_set::CloudWorkloadSecurityAgentRuleActionSet;
 pub mod model_cloud_workload_security_agent_rule_creator_attributes;
 pub use self::model_cloud_workload_security_agent_rule_creator_attributes::CloudWorkloadSecurityAgentRuleCreatorAttributes;
 pub mod model_cloud_workload_security_agent_rule_updater_attributes;

src/datadogV2/model/model_cloud_workload_security_agent_rule_action.rs

@@ -17,6 +17,12 @@ pub struct CloudWorkloadSecurityAgentRuleAction {
     /// Kill system call applied on the container matching the rule
     #[serde(rename = "kill")]
     pub kill: Option<crate::datadogV2::model::CloudWorkloadSecurityAgentRuleKill>,
+    /// The metadata action applied on the scope matching the rule
+    #[serde(rename = "metadata")]
+    pub metadata: Option<crate::datadogV2::model::CloudWorkloadSecurityAgentRuleActionMetadata>,
+    /// The set action applied on the scope matching the rule
+    #[serde(rename = "set")]
+    pub set: Option<crate::datadogV2::model::CloudWorkloadSecurityAgentRuleActionSet>,
     #[serde(flatten)]
     pub additional_properties: std::collections::BTreeMap<String, serde_json::Value>,
     #[serde(skip)]
@@ -29,6 +35,8 @@ impl CloudWorkloadSecurityAgentRuleAction {
         CloudWorkloadSecurityAgentRuleAction {
             filter: None,
             kill: None,
+            metadata: None,
+            set: None,
             additional_properties: std::collections::BTreeMap::new(),
             _unparsed: false,
         }
@@ -47,6 +55,22 @@ impl CloudWorkloadSecurityAgentRuleAction {
         self
     }
 
+    pub fn metadata(
+        mut self,
+        value: crate::datadogV2::model::CloudWorkloadSecurityAgentRuleActionMetadata,
+    ) -> Self {
+        self.metadata = Some(value);
+        self
+    }
+
+    pub fn set(
+        mut self,
+        value: crate::datadogV2::model::CloudWorkloadSecurityAgentRuleActionSet,
+    ) -> Self {
+        self.set = Some(value);
+        self
+    }
+
     pub fn additional_properties(
         mut self,
         value: std::collections::BTreeMap<String, serde_json::Value>,
@@ -82,6 +106,12 @@ impl<'de> Deserialize<'de> for CloudWorkloadSecurityAgentRuleAction {
                 let mut filter: Option<String> = None;
                 let mut kill: Option<crate::datadogV2::model::CloudWorkloadSecurityAgentRuleKill> =
                     None;
+                let mut metadata: Option<
+                    crate::datadogV2::model::CloudWorkloadSecurityAgentRuleActionMetadata,
+                > = None;
+                let mut set: Option<
+                    crate::datadogV2::model::CloudWorkloadSecurityAgentRuleActionSet,
+                > = None;
                 let mut additional_properties: std::collections::BTreeMap<
                     String,
                     serde_json::Value,
@@ -102,6 +132,18 @@ impl<'de> Deserialize<'de> for CloudWorkloadSecurityAgentRuleAction {
                             }
                             kill = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
                         }
+                        "metadata" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            metadata = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        "set" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            set = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
                         &_ => {
                             if let Ok(value) = serde_json::from_value(v.clone()) {
                                 additional_properties.insert(k, value);
@@ -113,6 +155,8 @@ impl<'de> Deserialize<'de> for CloudWorkloadSecurityAgentRuleAction {
                 let content = CloudWorkloadSecurityAgentRuleAction {
                     filter,
                     kill,
+                    metadata,
+                    set,
                     additional_properties,
                     _unparsed,
                 };