From cae2390b7ff7c09d0ad2b86719ddd7f17510ee47 Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Tue, 22 Jul 2025 07:19:53 +0000 Subject: [PATCH] Regenerate client from commit 8ca2883 of spec repo --- .generated-info | 4 +- .generator/schemas/v2/openapi.yaml | 15 ++++++ ...CreateSecurityMonitoringRule_1965169892.rs | 30 ++++++----- src/datadogV2/model/mod.rs | 2 + ...ity_monitoring_rule_case_action_options.rs | 32 ++++++++++++ ...ule_case_action_options_flagged_ip_type.rs | 51 +++++++++++++++++++ ...curity_monitoring_rule_case_action_type.rs | 3 ++ ...cation-security-returns-OK-response.frozen | 2 +- ...lication-security-returns-OK-response.json | 10 ++-- .../features/v2/security_monitoring.feature | 2 +- 10 files changed, 130 insertions(+), 21 deletions(-) create mode 100644 src/datadogV2/model/model_security_monitoring_rule_case_action_options_flagged_ip_type.rs diff --git a/.generated-info b/.generated-info index a851edc62..ad7d1f549 100644 --- a/.generated-info +++ b/.generated-info @@ -1,4 +1,4 @@ { - "spec_repo_commit": "06ccc32", - "generated": "2025-07-21 14:00:09.710" + "spec_repo_commit": "8ca2883", + "generated": "2025-07-22 07:19:53.580" } diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 28f8b98b0..a4af6732f 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -34296,9 +34296,22 @@ components: format: int64 minimum: 0 type: integer + flaggedIPType: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptionsFlaggedIPType' userBehaviorName: $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptionsUserBehaviorName' type: object + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType: + description: Used with the case action of type 'flag_ip'. The value specified + in this field is applied as a flag to the IP addresses. + enum: + - SUSPICIOUS + - FLAGGED + example: FLAGGED + type: string + x-enum-varnames: + - SUSPICIOUS + - FLAGGED SecurityMonitoringRuleCaseActionOptionsUserBehaviorName: description: Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule. @@ -34309,11 +34322,13 @@ components: - block_ip - block_user - user_behavior + - flag_ip type: string x-enum-varnames: - BLOCK_IP - BLOCK_USER - USER_BEHAVIOR + - FLAG_IP SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: diff --git a/examples/v2_security-monitoring_CreateSecurityMonitoringRule_1965169892.rs b/examples/v2_security-monitoring_CreateSecurityMonitoringRule_1965169892.rs index 250692654..962be2071 100644 --- a/examples/v2_security-monitoring_CreateSecurityMonitoringRule_1965169892.rs +++ b/examples/v2_security-monitoring_CreateSecurityMonitoringRule_1965169892.rs @@ -3,6 +3,7 @@ use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseAction; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseActionOptions; +use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseActionOptionsFlaggedIPType; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseActionType; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCreatePayload; @@ -25,18 +26,23 @@ async fn main() { vec![ SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO) .actions(vec![ - SecurityMonitoringRuleCaseAction::new() - .options( - SecurityMonitoringRuleCaseActionOptions::new().duration(900), - ) - .type_(SecurityMonitoringRuleCaseActionType::BLOCK_IP), - SecurityMonitoringRuleCaseAction::new() - .options( - SecurityMonitoringRuleCaseActionOptions::new() - .user_behavior_name("behavior".to_string()), - ) - .type_(SecurityMonitoringRuleCaseActionType::USER_BEHAVIOR), - ]) + SecurityMonitoringRuleCaseAction::new() + .options(SecurityMonitoringRuleCaseActionOptions::new().duration(900)) + .type_(SecurityMonitoringRuleCaseActionType::BLOCK_IP), + SecurityMonitoringRuleCaseAction::new() + .options( + SecurityMonitoringRuleCaseActionOptions::new() + .user_behavior_name("behavior".to_string()), + ) + .type_(SecurityMonitoringRuleCaseActionType::USER_BEHAVIOR), + SecurityMonitoringRuleCaseAction::new() + .options( + SecurityMonitoringRuleCaseActionOptions::new().flagged_ip_type( + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType::FLAGGED, + ), + ) + .type_(SecurityMonitoringRuleCaseActionType::FLAG_IP), + ]) .condition("a > 100000".to_string()) .name("".to_string()) .notifications(vec![]), diff --git a/src/datadogV2/model/mod.rs b/src/datadogV2/model/mod.rs index 37180685c..eb6a63cd6 100644 --- a/src/datadogV2/model/mod.rs +++ b/src/datadogV2/model/mod.rs @@ -4290,6 +4290,8 @@ pub mod model_security_monitoring_rule_case_action; pub use self::model_security_monitoring_rule_case_action::SecurityMonitoringRuleCaseAction; pub mod model_security_monitoring_rule_case_action_options; pub use self::model_security_monitoring_rule_case_action_options::SecurityMonitoringRuleCaseActionOptions; +pub mod model_security_monitoring_rule_case_action_options_flagged_ip_type; +pub use self::model_security_monitoring_rule_case_action_options_flagged_ip_type::SecurityMonitoringRuleCaseActionOptionsFlaggedIPType; pub mod model_security_monitoring_rule_case_action_type; pub use self::model_security_monitoring_rule_case_action_type::SecurityMonitoringRuleCaseActionType; pub mod model_security_monitoring_rule_severity; diff --git a/src/datadogV2/model/model_security_monitoring_rule_case_action_options.rs b/src/datadogV2/model/model_security_monitoring_rule_case_action_options.rs index d465a0634..390ec65b8 100644 --- a/src/datadogV2/model/model_security_monitoring_rule_case_action_options.rs +++ b/src/datadogV2/model/model_security_monitoring_rule_case_action_options.rs @@ -14,6 +14,10 @@ pub struct SecurityMonitoringRuleCaseActionOptions { /// Duration of the action in seconds. 0 indicates no expiration. #[serde(rename = "duration")] pub duration: Option, + /// Used with the case action of type 'flag_ip'. The value specified in this field is applied as a flag to the IP addresses. + #[serde(rename = "flaggedIPType")] + pub flagged_ip_type: + Option, /// Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule. #[serde(rename = "userBehaviorName")] pub user_behavior_name: Option, @@ -28,6 +32,7 @@ impl SecurityMonitoringRuleCaseActionOptions { pub fn new() -> SecurityMonitoringRuleCaseActionOptions { SecurityMonitoringRuleCaseActionOptions { duration: None, + flagged_ip_type: None, user_behavior_name: None, additional_properties: std::collections::BTreeMap::new(), _unparsed: false, @@ -39,6 +44,14 @@ impl SecurityMonitoringRuleCaseActionOptions { self } + pub fn flagged_ip_type( + mut self, + value: crate::datadogV2::model::SecurityMonitoringRuleCaseActionOptionsFlaggedIPType, + ) -> Self { + self.flagged_ip_type = Some(value); + self + } + pub fn user_behavior_name(mut self, value: String) -> Self { self.user_behavior_name = Some(value); self @@ -77,6 +90,9 @@ impl<'de> Deserialize<'de> for SecurityMonitoringRuleCaseActionOptions { M: MapAccess<'a>, { let mut duration: Option = None; + let mut flagged_ip_type: Option< + crate::datadogV2::model::SecurityMonitoringRuleCaseActionOptionsFlaggedIPType, + > = None; let mut user_behavior_name: Option = None; let mut additional_properties: std::collections::BTreeMap< String, @@ -92,6 +108,21 @@ impl<'de> Deserialize<'de> for SecurityMonitoringRuleCaseActionOptions { } duration = Some(serde_json::from_value(v).map_err(M::Error::custom)?); } + "flaggedIPType" => { + if v.is_null() { + continue; + } + flagged_ip_type = + Some(serde_json::from_value(v).map_err(M::Error::custom)?); + if let Some(ref _flagged_ip_type) = flagged_ip_type { + match _flagged_ip_type { + crate::datadogV2::model::SecurityMonitoringRuleCaseActionOptionsFlaggedIPType::UnparsedObject(_flagged_ip_type) => { + _unparsed = true; + }, + _ => {} + } + } + } "userBehaviorName" => { if v.is_null() { continue; @@ -109,6 +140,7 @@ impl<'de> Deserialize<'de> for SecurityMonitoringRuleCaseActionOptions { let content = SecurityMonitoringRuleCaseActionOptions { duration, + flagged_ip_type, user_behavior_name, additional_properties, _unparsed, diff --git a/src/datadogV2/model/model_security_monitoring_rule_case_action_options_flagged_ip_type.rs b/src/datadogV2/model/model_security_monitoring_rule_case_action_options_flagged_ip_type.rs new file mode 100644 index 000000000..93ef5559a --- /dev/null +++ b/src/datadogV2/model/model_security_monitoring_rule_case_action_options_flagged_ip_type.rs @@ -0,0 +1,51 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +use serde::{Deserialize, Deserializer, Serialize, Serializer}; + +#[non_exhaustive] +#[derive(Clone, Debug, Eq, PartialEq)] +pub enum SecurityMonitoringRuleCaseActionOptionsFlaggedIPType { + SUSPICIOUS, + FLAGGED, + UnparsedObject(crate::datadog::UnparsedObject), +} + +impl ToString for SecurityMonitoringRuleCaseActionOptionsFlaggedIPType { + fn to_string(&self) -> String { + match self { + Self::SUSPICIOUS => String::from("SUSPICIOUS"), + Self::FLAGGED => String::from("FLAGGED"), + Self::UnparsedObject(v) => v.value.to_string(), + } + } +} + +impl Serialize for SecurityMonitoringRuleCaseActionOptionsFlaggedIPType { + fn serialize(&self, serializer: S) -> Result + where + S: Serializer, + { + match self { + Self::UnparsedObject(v) => v.serialize(serializer), + _ => serializer.serialize_str(self.to_string().as_str()), + } + } +} + +impl<'de> Deserialize<'de> for SecurityMonitoringRuleCaseActionOptionsFlaggedIPType { + fn deserialize(deserializer: D) -> Result + where + D: Deserializer<'de>, + { + let s: String = String::deserialize(deserializer)?; + Ok(match s.as_str() { + "SUSPICIOUS" => Self::SUSPICIOUS, + "FLAGGED" => Self::FLAGGED, + _ => Self::UnparsedObject(crate::datadog::UnparsedObject { + value: serde_json::Value::String(s.into()), + }), + }) + } +} diff --git a/src/datadogV2/model/model_security_monitoring_rule_case_action_type.rs b/src/datadogV2/model/model_security_monitoring_rule_case_action_type.rs index f9ef68a0d..ea35813ac 100644 --- a/src/datadogV2/model/model_security_monitoring_rule_case_action_type.rs +++ b/src/datadogV2/model/model_security_monitoring_rule_case_action_type.rs @@ -10,6 +10,7 @@ pub enum SecurityMonitoringRuleCaseActionType { BLOCK_IP, BLOCK_USER, USER_BEHAVIOR, + FLAG_IP, UnparsedObject(crate::datadog::UnparsedObject), } @@ -19,6 +20,7 @@ impl ToString for SecurityMonitoringRuleCaseActionType { Self::BLOCK_IP => String::from("block_ip"), Self::BLOCK_USER => String::from("block_user"), Self::USER_BEHAVIOR => String::from("user_behavior"), + Self::FLAG_IP => String::from("flag_ip"), Self::UnparsedObject(v) => v.value.to_string(), } } @@ -46,6 +48,7 @@ impl<'de> Deserialize<'de> for SecurityMonitoringRuleCaseActionType { "block_ip" => Self::BLOCK_IP, "block_user" => Self::BLOCK_USER, "user_behavior" => Self::USER_BEHAVIOR, + "flag_ip" => Self::FLAG_IP, _ => Self::UnparsedObject(crate::datadog::UnparsedObject { value: serde_json::Value::String(s.into()), }), diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen b/tests/scenarios/cassettes/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen index 3dfeb208e..543b88fcc 100644 --- a/tests/scenarios/cassettes/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen +++ b/tests/scenarios/cassettes/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen @@ -1 +1 @@ -2025-04-09T15:02:05.047Z \ No newline at end of file +2025-07-17T10:35:24.061Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.json b/tests/scenarios/cassettes/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.json index 14cbd8077..dfd2b6703 100644 --- a/tests/scenarios/cassettes/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.json +++ b/tests/scenarios/cassettes/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.json @@ -3,7 +3,7 @@ { "request": { "body": { - "string": "{\"cases\":[{\"actions\":[{\"options\":{\"duration\":900},\"type\":\"block_ip\"},{\"options\":{\"userBehaviorName\":\"behavior\"},\"type\":\"user_behavior\"}],\"condition\":\"a > 100000\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"groupSignalsBy\":[\"service\"],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_detection_rule_with_type_application_security_returns_OK_response-1744210925_appsec_rule\",\"options\":{\"detectionMethod\":\"threshold\",\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[\"service\",\"@http.client_ip\"],\"query\":\"@appsec.security_activity:business_logic.users.login.failure\"}],\"tags\":[],\"type\":\"application_security\"}", + "string": "{\"cases\":[{\"actions\":[{\"options\":{\"duration\":900},\"type\":\"block_ip\"},{\"options\":{\"userBehaviorName\":\"behavior\"},\"type\":\"user_behavior\"},{\"options\":{\"flaggedIPType\":\"FLAGGED\"},\"type\":\"flag_ip\"}],\"condition\":\"a > 100000\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"groupSignalsBy\":[\"service\"],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_detection_rule_with_type_application_security_returns_OK_response-1752748524_appsec_rule\",\"options\":{\"detectionMethod\":\"threshold\",\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[\"service\",\"@http.client_ip\"],\"query\":\"@appsec.security_activity:business_logic.users.login.failure\"}],\"tags\":[],\"type\":\"application_security\"}", "encoding": null }, "headers": { @@ -19,7 +19,7 @@ }, "response": { "body": { - "string": "{\"name\":\"Test-Create_a_detection_rule_with_type_application_security_returns_OK_response-1744210925_appsec_rule\",\"createdAt\":1744210925675,\"isDefault\":false,\"isPartner\":false,\"isEnabled\":true,\"isBeta\":false,\"isDeleted\":false,\"isDeprecated\":false,\"queries\":[{\"query\":\"@appsec.security_activity:business_logic.users.login.failure\",\"groupByFields\":[\"service\",\"@http.client_ip\"],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"app_sec_spans\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"cases\":[{\"name\":\"\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 100000\",\"actions\":[{\"type\":\"block_ip\",\"options\":{\"duration\":900}},{\"type\":\"user_behavior\",\"options\":{\"userBehaviorName\":\"behavior\"}}]}],\"message\":\"Test rule\",\"tags\":[],\"hasExtendedTitle\":false,\"type\":\"application_security\",\"filters\":[],\"version\":1,\"id\":\"lfr-zxg-fyc\",\"blocking\":true,\"groupSignalsBy\":[\"service\"],\"dependencies\":[\"business_logic.users.login.failure\"],\"metadata\":{\"entities\":null,\"sources\":null},\"creationAuthorId\":2320499,\"creator\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"updater\":{\"handle\":\"\",\"name\":\"\"}}", + "string": "{\"name\":\"Test-Create_a_detection_rule_with_type_application_security_returns_OK_response-1752748524_appsec_rule\",\"createdAt\":1752748524806,\"isDefault\":false,\"isPartner\":false,\"isEnabled\":true,\"isBeta\":false,\"isDeleted\":false,\"isDeprecated\":false,\"queries\":[{\"query\":\"@appsec.security_activity:business_logic.users.login.failure\",\"groupByFields\":[\"service\",\"@http.client_ip\"],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"app_sec_spans\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"cases\":[{\"name\":\"\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 100000\",\"actions\":[{\"type\":\"block_ip\",\"options\":{\"duration\":900}},{\"type\":\"user_behavior\",\"options\":{\"userBehaviorName\":\"behavior\"}},{\"type\":\"flag_ip\",\"options\":{\"flaggedIPType\":\"FLAGGED\"}}]}],\"message\":\"Test rule\",\"tags\":[],\"hasExtendedTitle\":false,\"type\":\"application_security\",\"filters\":[],\"version\":1,\"id\":\"wgo-lgy-ajy\",\"blocking\":true,\"groupSignalsBy\":[\"service\"],\"dependencies\":[\"business_logic.users.login.failure\"],\"metadata\":{\"entities\":null,\"sources\":null},\"creationAuthorId\":2320499,\"creator\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"updater\":{\"handle\":\"\",\"name\":\"\"}}", "encoding": null }, "headers": { @@ -32,7 +32,7 @@ "message": "OK" } }, - "recorded_at": "Wed, 09 Apr 2025 15:02:05 GMT" + "recorded_at": "Thu, 17 Jul 2025 10:35:24 GMT" }, { "request": { @@ -43,7 +43,7 @@ ] }, "method": "delete", - "uri": "https://api.datadoghq.com/api/v2/security_monitoring/rules/lfr-zxg-fyc" + "uri": "https://api.datadoghq.com/api/v2/security_monitoring/rules/wgo-lgy-ajy" }, "response": { "body": { @@ -56,7 +56,7 @@ "message": "No Content" } }, - "recorded_at": "Wed, 09 Apr 2025 15:02:05 GMT" + "recorded_at": "Thu, 17 Jul 2025 10:35:24 GMT" } ], "recorded_with": "VCR 6.0.0" diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature index 1ec6ed14e..28df5a064 100644 --- a/tests/scenarios/features/v2/security_monitoring.feature +++ b/tests/scenarios/features/v2/security_monitoring.feature @@ -225,7 +225,7 @@ Feature: Security Monitoring @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with type 'application_security 'returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}, {"type":"user_behavior","options":{"userBehaviorName":"behavior"}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} + And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}, {"type":"user_behavior","options":{"userBehaviorName":"behavior"}}, {"type":"flag_ip","options":{"flaggedIPType":"FLAGGED"}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} When the request is sent Then the response status is 200 OK And the response "name" is equal to "{{ unique }}_appsec_rule"