Regenerate client from commit b980d49f of spec repo (#2237)

Co-authored-by: ci.datadog-api-spec <[email protected]>

Author: api-clients-generation-pipeline[bot]

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-10 19:09:34.070491",
-            "spec_repo_commit": "824f78a1"
+            "regenerated": "2025-02-11 09:59:41.128574",
+            "spec_repo_commit": "b980d49f"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-10 19:09:34.086424",
-            "spec_repo_commit": "824f78a1"
+            "regenerated": "2025-02-11 09:59:41.144563",
+            "spec_repo_commit": "b980d49f"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -15657,6 +15657,15 @@ components:
           example: 1729843470000
           format: int64
           type: integer
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         index:
           description: Index used to load the data.
           example: cloud_siem
@@ -24242,6 +24251,11 @@ components:
     SecurityMonitoringRuleCase:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24260,9 +24274,42 @@ components:
         status:
           $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
       type: object
+    SecurityMonitoringRuleCaseAction:
+      description: Action to perform when a signal is triggered. Only available for
+        Application Security rule type.
+      properties:
+        options:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions'
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType'
+      type: object
+    SecurityMonitoringRuleCaseActionOptions:
+      description: Options for the rule action
+      properties:
+        duration:
+          description: Duration of the action in seconds. 0 indicates no expiration.
+          example: 0
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SecurityMonitoringRuleCaseActionType:
+      description: The action type.
+      enum:
+      - block_ip
+      - block_user
+      type: string
+      x-enum-varnames:
+      - BLOCK_IP
+      - BLOCK_USER
     SecurityMonitoringRuleCaseCreate:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24724,6 +24771,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25429,6 +25485,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25501,6 +25566,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25642,6 +25716,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25719,6 +25802,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.

cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen

@@ -0,0 +1 @@
+2025-02-06T16:50:39.787Z

cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.yml

@@ -0,0 +1,50 @@
+# Create a detection rule with type 'application_security 'returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::APPLICATION_SECURITY,
+  name: "Example-Security-Monitoring_appsec_rule",
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      query: "@appsec.security_activity:business_logic.users.login.failure",
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      group_by_fields: [
+        "service",
+        "@http.client_ip",
+      ],
+      distinct_fields: [],
+    }),
+  ],
+  filters: [],
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      notifications: [],
+      condition: "a > 100000",
+      actions: [
+        DatadogAPIClient::V2::SecurityMonitoringRuleCaseAction.new({
+          type: DatadogAPIClient::V2::SecurityMonitoringRuleCaseActionType::BLOCK_IP,
+          options: DatadogAPIClient::V2::SecurityMonitoringRuleCaseActionOptions.new({
+            duration: 900,
+          }),
+        }),
+      ],
+    }),
+  ],
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY,
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
+    detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::THRESHOLD,
+  }),
+  is_enabled: true,
+  message: "Test rule",
+  tags: [],
+  group_signals_by: [
+    "service",
+  ],
+})
+p api_instance.create_security_monitoring_rule(body)

examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.rb

@@ -200,6 +200,16 @@ Feature: Security Monitoring
     And the response "options.detectionMethod" is equal to "third_party"
     And the response "thirdPartyCases[0].query" is equal to "status:error"
 
+  @skip-validation @team:DataDog/k9-cloud-security-platform
+  Scenario: Create a detection rule with type 'application_security 'returns "OK" response
+    Given new "CreateSecurityMonitoringRule" request
+    And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]}
+    When the request is sent
+    Then the response status is 200 OK
+    And the response "name" is equal to "{{ unique }}_appsec_rule"
+    And the response "type" is equal to "application_security"
+    And the response "message" is equal to "Test rule"
+
   @skip-validation @team:DataDog/k9-cloud-security-platform
   Scenario: Create a detection rule with type 'impossible_travel' returns "OK" response
     Given new "CreateSecurityMonitoringRule" request

features/v2/security_monitoring.feature

@@ -2420,6 +2420,9 @@ def overrides
           "v2.security_monitoring_list_rules_response" => "SecurityMonitoringListRulesResponse",
           "v2.security_monitoring_reference_table" => "SecurityMonitoringReferenceTable",
           "v2.security_monitoring_rule_case" => "SecurityMonitoringRuleCase",
+          "v2.security_monitoring_rule_case_action" => "SecurityMonitoringRuleCaseAction",
+          "v2.security_monitoring_rule_case_action_options" => "SecurityMonitoringRuleCaseActionOptions",
+          "v2.security_monitoring_rule_case_action_type" => "SecurityMonitoringRuleCaseActionType",
           "v2.security_monitoring_rule_case_create" => "SecurityMonitoringRuleCaseCreate",
           "v2.security_monitoring_rule_convert_payload" => "SecurityMonitoringRuleConvertPayload",
           "v2.security_monitoring_rule_convert_response" => "SecurityMonitoringRuleConvertResponse",

lib/datadog_api_client/inflector.rb

@@ -30,6 +30,9 @@ class JobDefinition
     # Starting time of data analyzed by the job.
     attr_reader :from
 
+    # Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.
+    attr_accessor :group_signals_by
+
     # Index used to load the data.
     attr_reader :index
 
@@ -69,6 +72,7 @@ def self.attribute_map
         :'calculated_fields' => :'calculatedFields',
         :'cases' => :'cases',
         :'from' => :'from',
+        :'group_signals_by' => :'groupSignalsBy',
         :'index' => :'index',
         :'message' => :'message',
         :'name' => :'name',
@@ -89,6 +93,7 @@ def self.openapi_types
         :'calculated_fields' => :'Array<CalculatedField>',
         :'cases' => :'Array<SecurityMonitoringRuleCaseCreate>',
         :'from' => :'Integer',
+        :'group_signals_by' => :'Array<String>',
         :'index' => :'String',
         :'message' => :'String',
         :'name' => :'String',
@@ -136,6 +141,12 @@ def initialize(attributes = {})
         self.from = attributes[:'from']
       end
 
+      if attributes.key?(:'group_signals_by')
+        if (value = attributes[:'group_signals_by']).is_a?(Array)
+          self.group_signals_by = value
+        end
+      end
+
       if attributes.key?(:'index')
         self.index = attributes[:'index']
       end
@@ -298,6 +309,7 @@ def ==(o)
           calculated_fields == o.calculated_fields &&
           cases == o.cases &&
           from == o.from &&
+          group_signals_by == o.group_signals_by &&
           index == o.index &&
           message == o.message &&
           name == o.name &&
@@ -315,7 +327,7 @@ def ==(o)
     # @return [Integer] Hash code
     # @!visibility private
     def hash
-      [calculated_fields, cases, from, index, message, name, options, queries, reference_tables, tags, third_party_cases, to, type, additional_properties].hash
+      [calculated_fields, cases, from, group_signals_by, index, message, name, options, queries, reference_tables, tags, third_party_cases, to, type, additional_properties].hash
     end
   end
 end