Regenerate client from commit 6e838a18 of spec repo

Author: ci.datadog-api-spec

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-06 17:59:35.241509",
-            "spec_repo_commit": "b89b292b"
+            "regenerated": "2025-02-07 10:27:02.214256",
+            "spec_repo_commit": "6e838a18"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-06 17:59:35.256609",
-            "spec_repo_commit": "b89b292b"
+            "regenerated": "2025-02-07 10:27:02.229779",
+            "spec_repo_commit": "6e838a18"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -193,7 +193,7 @@ components:
       schema:
         type: string
     ConfluentAccountID:
-      description: Confluent Account id.
+      description: Confluent Account ID.
       in: path
       name: account_id
       required: true
@@ -15657,6 +15657,15 @@ components:
           example: 1729843470000
           format: int64
           type: integer
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         index:
           description: Index used to load the data.
           example: cloud_siem
@@ -24242,6 +24251,11 @@ components:
     SecurityMonitoringRuleCase:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24260,9 +24274,42 @@ components:
         status:
           $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
       type: object
+    SecurityMonitoringRuleCaseAction:
+      description: Action to perform when a signal is triggered. Only available for
+        Application Security rule type.
+      properties:
+        options:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions'
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType'
+      type: object
+    SecurityMonitoringRuleCaseActionOptions:
+      description: Options for the rule action
+      properties:
+        duration:
+          description: Duration of the action in seconds. 0 indicates no expiration.
+          example: 0
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SecurityMonitoringRuleCaseActionType:
+      description: The action type.
+      enum:
+      - block_ip
+      - block_user
+      type: string
+      x-enum-varnames:
+      - BLOCK_IP
+      - BLOCK_USER
     SecurityMonitoringRuleCaseCreate:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24724,6 +24771,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25429,6 +25485,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25501,6 +25566,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25642,6 +25716,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25719,6 +25802,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.

cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen

@@ -0,0 +1 @@
+2025-02-06T16:50:39.787Z

cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.yml

@@ -0,0 +1,50 @@
+# Create a detection rule with type 'application_security 'returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::APPLICATION_SECURITY,
+  name: "Example-Security-Monitoring_appsec_rule",
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      query: "@appsec.security_activity:business_logic.users.login.failure",
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      group_by_fields: [
+        "service",
+        "@http.client_ip",
+      ],
+      distinct_fields: [],
+    }),
+  ],
+  filters: [],
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      notifications: [],
+      condition: "a > 100000",
+      actions: [
+        DatadogAPIClient::V2::SecurityMonitoringRuleCaseAction.new({
+          type: DatadogAPIClient::V2::SecurityMonitoringRuleCaseActionType::BLOCK_IP,
+          options: DatadogAPIClient::V2::SecurityMonitoringRuleCaseActionOptions.new({
+            duration: 900,
+          }),
+        }),
+      ],
+    }),
+  ],
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY,
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
+    detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::THRESHOLD,
+  }),
+  is_enabled: true,
+  message: "Test rule",
+  tags: [],
+  group_signals_by: [
+    "service",
+  ],
+})
+p api_instance.create_security_monitoring_rule(body)

examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.rb

@@ -200,6 +200,16 @@ Feature: Security Monitoring
     And the response "options.detectionMethod" is equal to "third_party"
     And the response "thirdPartyCases[0].query" is equal to "status:error"
 
+  @skip-validation @team:DataDog/k9-cloud-security-platform
+  Scenario: Create a detection rule with type 'application_security 'returns "OK" response
+    Given new "CreateSecurityMonitoringRule" request
+    And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]}
+    When the request is sent
+    Then the response status is 200 OK
+    And the response "name" is equal to "{{ unique }}_appsec_rule"
+    And the response "type" is equal to "application_security"
+    And the response "message" is equal to "Test rule"
+
   @skip-validation @team:DataDog/k9-cloud-security-platform
   Scenario: Create a detection rule with type 'impossible_travel' returns "OK" response
     Given new "CreateSecurityMonitoringRule" request

features/v2/security_monitoring.feature

@@ -2420,6 +2420,9 @@ def overrides
           "v2.security_monitoring_list_rules_response" => "SecurityMonitoringListRulesResponse",
           "v2.security_monitoring_reference_table" => "SecurityMonitoringReferenceTable",
           "v2.security_monitoring_rule_case" => "SecurityMonitoringRuleCase",
+          "v2.security_monitoring_rule_case_action" => "SecurityMonitoringRuleCaseAction",
+          "v2.security_monitoring_rule_case_action_options" => "SecurityMonitoringRuleCaseActionOptions",
+          "v2.security_monitoring_rule_case_action_type" => "SecurityMonitoringRuleCaseActionType",
           "v2.security_monitoring_rule_case_create" => "SecurityMonitoringRuleCaseCreate",
           "v2.security_monitoring_rule_convert_payload" => "SecurityMonitoringRuleConvertPayload",
           "v2.security_monitoring_rule_convert_response" => "SecurityMonitoringRuleConvertResponse",

lib/datadog_api_client/inflector.rb

@@ -102,7 +102,7 @@ def create_confluent_resource(account_id, body, opts = {})
     #
     # Create a Confluent resource for the account associated with the provided ID.
     #
-    # @param account_id [String] Confluent Account id.
+    # @param account_id [String] Confluent Account ID.
     # @param body [ConfluentResourceRequest] Confluent payload
     # @param opts [Hash] the optional parameters
     # @return [Array<(ConfluentResourceResponse, Integer, Hash)>] ConfluentResourceResponse data, response status code and response headers
@@ -174,7 +174,7 @@ def delete_confluent_account(account_id, opts = {})
     #
     # Delete a Confluent account with the provided account ID.
     #
-    # @param account_id [String] Confluent Account id.
+    # @param account_id [String] Confluent Account ID.
     # @param opts [Hash] the optional parameters
     # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
     def delete_confluent_account_with_http_info(account_id, opts = {})
@@ -239,7 +239,7 @@ def delete_confluent_resource(account_id, resource_id, opts = {})
     #
     # Delete a Confluent resource with the provided resource id for the account associated with the provided account ID.
     #
-    # @param account_id [String] Confluent Account id.
+    # @param account_id [String] Confluent Account ID.
     # @param resource_id [String] Confluent Account Resource ID.
     # @param opts [Hash] the optional parameters
     # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
@@ -309,7 +309,7 @@ def get_confluent_account(account_id, opts = {})
     #
     # Get the Confluent account with the provided account ID.
     #
-    # @param account_id [String] Confluent Account id.
+    # @param account_id [String] Confluent Account ID.
     # @param opts [Hash] the optional parameters
     # @return [Array<(ConfluentAccountResponse, Integer, Hash)>] ConfluentAccountResponse data, response status code and response headers
     def get_confluent_account_with_http_info(account_id, opts = {})
@@ -374,7 +374,7 @@ def get_confluent_resource(account_id, resource_id, opts = {})
     #
     # Get a Confluent resource with the provided resource id for the account associated with the provided account ID.
     #
-    # @param account_id [String] Confluent Account id.
+    # @param account_id [String] Confluent Account ID.
     # @param resource_id [String] Confluent Account Resource ID.
     # @param opts [Hash] the optional parameters
     # @return [Array<(ConfluentResourceResponse, Integer, Hash)>] ConfluentResourceResponse data, response status code and response headers
@@ -504,7 +504,7 @@ def list_confluent_resource(account_id, opts = {})
     #
     # Get a Confluent resource for the account associated with the provided ID.
     #
-    # @param account_id [String] Confluent Account id.
+    # @param account_id [String] Confluent Account ID.
     # @param opts [Hash] the optional parameters
     # @return [Array<(ConfluentResourcesResponse, Integer, Hash)>] ConfluentResourcesResponse data, response status code and response headers
     def list_confluent_resource_with_http_info(account_id, opts = {})
@@ -569,7 +569,7 @@ def update_confluent_account(account_id, body, opts = {})
     #
     # Update the Confluent account with the provided account ID.
     #
-    # @param account_id [String] Confluent Account id.
+    # @param account_id [String] Confluent Account ID.
     # @param body [ConfluentAccountUpdateRequest] Confluent payload
     # @param opts [Hash] the optional parameters
     # @return [Array<(ConfluentAccountResponse, Integer, Hash)>] ConfluentAccountResponse data, response status code and response headers
@@ -641,7 +641,7 @@ def update_confluent_resource(account_id, resource_id, body, opts = {})
     #
     # Update a Confluent resource with the provided resource id for the account associated with the provided account ID.
     #
-    # @param account_id [String] Confluent Account id.
+    # @param account_id [String] Confluent Account ID.
     # @param resource_id [String] Confluent Account Resource ID.
     # @param body [ConfluentResourceRequest] Confluent payload
     # @param opts [Hash] the optional parameters