Security Monitoring - Validation Endpoint for Suppressions (#887)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 428a70768713 · 2025-09-03T11:54:02.000Z
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -64816,6 +64816,38 @@ paths:
       summary: Get suppressions affecting a specific rule
       tags:
       - Security Monitoring
+  /api/v2/security_monitoring/configuration/suppressions/validation:
+    post:
+      description: Validate a suppression rule.
+      operationId: ValidateSecurityMonitoringSuppression
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateRequest'
+        required: true
+      responses:
+        '204':
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_suppressions_write
+      summary: Validate a suppression rule
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_suppressions_write
   /api/v2/security_monitoring/configuration/suppressions/{suppression_id}:
     delete:
       description: Delete a specific suppression rule.
diff --git a/examples/v2_security-monitoring_ValidateSecurityMonitoringSuppression.rs b/examples/v2_security-monitoring_ValidateSecurityMonitoringSuppression.rs
@@ -0,0 +1,33 @@
+// Validate a suppression rule returns "OK" response
+use datadog_api_client::datadog;
+use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
+use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;
+use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateAttributes;
+use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateData;
+use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateRequest;
+
+#[tokio::main]
+async fn main() {
+    let body = SecurityMonitoringSuppressionUpdateRequest::new(
+        SecurityMonitoringSuppressionUpdateData::new(
+            SecurityMonitoringSuppressionUpdateAttributes::new()
+                .data_exclusion_query("source:cloudtrail account_id:12345".to_string())
+                .description(
+                    "This rule suppresses low-severity signals in staging environments."
+                        .to_string(),
+                )
+                .enabled(true)
+                .name("Custom suppression".to_string())
+                .rule_query("type:log_detection source:cloudtrail".to_string()),
+            SecurityMonitoringSuppressionType::SUPPRESSIONS,
+        ),
+    );
+    let configuration = datadog::Configuration::new();
+    let api = SecurityMonitoringAPI::with_config(configuration);
+    let resp = api.validate_security_monitoring_suppression(body).await;
+    if let Ok(value) = resp {
+        println!("{:#?}", value);
+    } else {
+        println!("{:#?}", resp.unwrap_err());
+    }
+}
diff --git a/src/datadogV2/api/api_security_monitoring.rs b/src/datadogV2/api/api_security_monitoring.rs
@@ -1324,6 +1324,14 @@ pub enum ValidateSecurityMonitoringRuleError {
     UnknownValue(serde_json::Value),
 }
 
+/// ValidateSecurityMonitoringSuppressionError is a struct for typed errors of method [`SecurityMonitoringAPI::validate_security_monitoring_suppression`]
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(untagged)]
+pub enum ValidateSecurityMonitoringSuppressionError {
+    APIErrorResponse(crate::datadogV2::model::APIErrorResponse),
+    UnknownValue(serde_json::Value),
+}
+
 /// Create and manage your security rules, signals, filters, and more. See the [Datadog Security page](<https://docs.datadoghq.com/security/>) for more information.
 #[derive(Debug, Clone)]
 pub struct SecurityMonitoringAPI {
@@ -9975,4 +9983,143 @@ impl SecurityMonitoringAPI {
             Err(datadog::Error::ResponseError(local_error))
         }
     }
+
+    /// Validate a suppression rule.
+    pub async fn validate_security_monitoring_suppression(
+        &self,
+        body: crate::datadogV2::model::SecurityMonitoringSuppressionUpdateRequest,
+    ) -> Result<(), datadog::Error<ValidateSecurityMonitoringSuppressionError>> {
+        match self
+            .validate_security_monitoring_suppression_with_http_info(body)
+            .await
+        {
+            Ok(_) => Ok(()),
+            Err(err) => Err(err),
+        }
+    }
+
+    /// Validate a suppression rule.
+    pub async fn validate_security_monitoring_suppression_with_http_info(
+        &self,
+        body: crate::datadogV2::model::SecurityMonitoringSuppressionUpdateRequest,
+    ) -> Result<
+        datadog::ResponseContent<()>,
+        datadog::Error<ValidateSecurityMonitoringSuppressionError>,
+    > {
+        let local_configuration = &self.config;
+        let operation_id = "v2.validate_security_monitoring_suppression";
+
+        let local_client = &self.client;
+
+        let local_uri_str = format!(
+            "{}/api/v2/security_monitoring/configuration/suppressions/validation",
+            local_configuration.get_operation_host(operation_id)
+        );
+        let mut local_req_builder =
+            local_client.request(reqwest::Method::POST, local_uri_str.as_str());
+
+        // build headers
+        let mut headers = HeaderMap::new();
+        headers.insert("Content-Type", HeaderValue::from_static("application/json"));
+        headers.insert("Accept", HeaderValue::from_static("*/*"));
+
+        // build user agent
+        match HeaderValue::from_str(local_configuration.user_agent.as_str()) {
+            Ok(user_agent) => headers.insert(reqwest::header::USER_AGENT, user_agent),
+            Err(e) => {
+                log::warn!("Failed to parse user agent header: {e}, falling back to default");
+                headers.insert(
+                    reqwest::header::USER_AGENT,
+                    HeaderValue::from_static(datadog::DEFAULT_USER_AGENT.as_str()),
+                )
+            }
+        };
+
+        // build auth
+        if let Some(local_key) = local_configuration.auth_keys.get("apiKeyAuth") {
+            headers.insert(
+                "DD-API-KEY",
+                HeaderValue::from_str(local_key.key.as_str())
+                    .expect("failed to parse DD-API-KEY header"),
+            );
+        };
+        if let Some(local_key) = local_configuration.auth_keys.get("appKeyAuth") {
+            headers.insert(
+                "DD-APPLICATION-KEY",
+                HeaderValue::from_str(local_key.key.as_str())
+                    .expect("failed to parse DD-APPLICATION-KEY header"),
+            );
+        };
+
+        // build body parameters
+        let output = Vec::new();
+        let mut ser = serde_json::Serializer::with_formatter(output, datadog::DDFormatter);
+        if body.serialize(&mut ser).is_ok() {
+            if let Some(content_encoding) = headers.get("Content-Encoding") {
+                match content_encoding.to_str().unwrap_or_default() {
+                    "gzip" => {
+                        let mut enc = GzEncoder::new(Vec::new(), Compression::default());
+                        let _ = enc.write_all(ser.into_inner().as_slice());
+                        match enc.finish() {
+                            Ok(buf) => {
+                                local_req_builder = local_req_builder.body(buf);
+                            }
+                            Err(e) => return Err(datadog::Error::Io(e)),
+                        }
+                    }
+                    "deflate" => {
+                        let mut enc = ZlibEncoder::new(Vec::new(), Compression::default());
+                        let _ = enc.write_all(ser.into_inner().as_slice());
+                        match enc.finish() {
+                            Ok(buf) => {
+                                local_req_builder = local_req_builder.body(buf);
+                            }
+                            Err(e) => return Err(datadog::Error::Io(e)),
+                        }
+                    }
+                    "zstd1" => {
+                        let mut enc = zstd::stream::Encoder::new(Vec::new(), 0).unwrap();
+                        let _ = enc.write_all(ser.into_inner().as_slice());
+                        match enc.finish() {
+                            Ok(buf) => {
+                                local_req_builder = local_req_builder.body(buf);
+                            }
+                            Err(e) => return Err(datadog::Error::Io(e)),
+                        }
+                    }
+                    _ => {
+                        local_req_builder = local_req_builder.body(ser.into_inner());
+                    }
+                }
+            } else {
+                local_req_builder = local_req_builder.body(ser.into_inner());
+            }
+        }
+
+        local_req_builder = local_req_builder.headers(headers);
+        let local_req = local_req_builder.build()?;
+        log::debug!("request content: {:?}", local_req.body());
+        let local_resp = local_client.execute(local_req).await?;
+
+        let local_status = local_resp.status();
+        let local_content = local_resp.text().await?;
+        log::debug!("response content: {}", local_content);
+
+        if !local_status.is_client_error() && !local_status.is_server_error() {
+            Ok(datadog::ResponseContent {
+                status: local_status,
+                content: local_content,
+                entity: None,
+            })
+        } else {
+            let local_entity: Option<ValidateSecurityMonitoringSuppressionError> =
+                serde_json::from_str(&local_content).ok();
+            let local_error = datadog::ResponseContent {
+                status: local_status,
+                content: local_content,
+                entity: local_entity,
+            };
+            Err(datadog::Error::ResponseError(local_error))
+        }
+    }
 }
diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Validate-a-suppression-rule-returns-Bad-Request-response.frozen b/tests/scenarios/cassettes/v2/security_monitoring/Validate-a-suppression-rule-returns-Bad-Request-response.frozen
@@ -0,0 +1 @@
+2025-09-01T21:36:42.334Z
diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Validate-a-suppression-rule-returns-Bad-Request-response.json b/tests/scenarios/cassettes/v2/security_monitoring/Validate-a-suppression-rule-returns-Bad-Request-response.json
@@ -0,0 +1,39 @@
+{
+  "http_interactions": [
+    {
+      "request": {
+        "body": {
+          "string": "{\"data\":{\"attributes\":{\"data_exclusion_query\":\"not enough attributes\"},\"type\":\"suppressions\"}}",
+          "encoding": null
+        },
+        "headers": {
+          "Accept": [
+            "*/*"
+          ],
+          "Content-Type": [
+            "application/json"
+          ]
+        },
+        "method": "post",
+        "uri": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation"
+      },
+      "response": {
+        "body": {
+          "string": "{\"errors\":[\"input_validation_error(Field 'data.attributes.rule_query' is invalid: field 'rule_query' is required)\",\"input_validation_error(Field 'data.attributes.name' is invalid: name cannot be empty)\"]}",
+          "encoding": null
+        },
+        "headers": {
+          "Content-Type": [
+            "application/json"
+          ]
+        },
+        "status": {
+          "code": 400,
+          "message": "Bad Request"
+        }
+      },
+      "recorded_at": "Mon, 01 Sep 2025 21:36:42 GMT"
+    }
+  ],
+  "recorded_with": "VCR 6.0.0"
+}
diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Validate-a-suppression-rule-returns-OK-response.frozen b/tests/scenarios/cassettes/v2/security_monitoring/Validate-a-suppression-rule-returns-OK-response.frozen
@@ -0,0 +1 @@
+2025-09-01T21:36:20.593Z
diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Validate-a-suppression-rule-returns-OK-response.json b/tests/scenarios/cassettes/v2/security_monitoring/Validate-a-suppression-rule-returns-OK-response.json
@@ -0,0 +1,35 @@
+{
+  "http_interactions": [
+    {
+      "request": {
+        "body": {
+          "string": "{\"data\":{\"attributes\":{\"data_exclusion_query\":\"source:cloudtrail account_id:12345\",\"description\":\"This rule suppresses low-severity signals in staging environments.\",\"enabled\":true,\"name\":\"Custom suppression\",\"rule_query\":\"type:log_detection source:cloudtrail\"},\"type\":\"suppressions\"}}",
+          "encoding": null
+        },
+        "headers": {
+          "Accept": [
+            "*/*"
+          ],
+          "Content-Type": [
+            "application/json"
+          ]
+        },
+        "method": "post",
+        "uri": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation"
+      },
+      "response": {
+        "body": {
+          "string": "",
+          "encoding": null
+        },
+        "headers": {},
+        "status": {
+          "code": 204,
+          "message": "No Content"
+        }
+      },
+      "recorded_at": "Mon, 01 Sep 2025 21:36:20 GMT"
+    }
+  ],
+  "recorded_with": "VCR 6.0.0"
+}
diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature
@@ -1389,3 +1389,17 @@ Feature: Security Monitoring
     And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":1800,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
     When the request is sent
     Then the response status is 204 OK
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a suppression rule returns "Bad Request" response
+    Given new "ValidateSecurityMonitoringSuppression" request
+    And body with value {"data": {"attributes": {"data_exclusion_query": "not enough attributes"}, "type": "suppressions"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a suppression rule returns "OK" response
+    Given new "ValidateSecurityMonitoringSuppression" request
+    And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail"}, "type": "suppressions"}}
+    When the request is sent
+    Then the response status is 204 OK
diff --git a/tests/scenarios/features/v2/undo.json b/tests/scenarios/features/v2/undo.json
@@ -3024,6 +3024,12 @@
       "type": "safe"
     }
   },
+  "ValidateSecurityMonitoringSuppression": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "DeleteSecurityMonitoringSuppression": {
     "tag": "Security Monitoring",
     "undo": {
diff --git a/tests/scenarios/function_mappings.rs b/tests/scenarios/function_mappings.rs
@@ -2205,6 +2205,10 @@ pub fn collect_function_calls(world: &mut DatadogWorld) {
         "v2.GetSuppressionsAffectingRule".into(),
         test_v2_get_suppressions_affecting_rule,
     );
+    world.function_mappings.insert(
+        "v2.ValidateSecurityMonitoringSuppression".into(),
+        test_v2_validate_security_monitoring_suppression,
+    );
     world.function_mappings.insert(
         "v2.DeleteSecurityMonitoringSuppression".into(),
         test_v2_delete_security_monitoring_suppression,
@@ -15719,6 +15723,35 @@ fn test_v2_get_suppressions_affecting_rule(
     world.response.code = response.status.as_u16();
 }
 
+fn test_v2_validate_security_monitoring_suppression(
+    world: &mut DatadogWorld,
+    _parameters: &HashMap<String, Value>,
+) {
+    let api = world
+        .api_instances
+        .v2_api_security_monitoring
+        .as_ref()
+        .expect("api instance not found");
+    let body = serde_json::from_value(_parameters.get("body").unwrap().clone()).unwrap();
+    let response = match block_on(api.validate_security_monitoring_suppression_with_http_info(body))
+    {
+        Ok(response) => response,
+        Err(error) => {
+            return match error {
+                Error::ResponseError(e) => {
+                    world.response.code = e.status.as_u16();
+                    if let Some(entity) = e.entity {
+                        world.response.object = serde_json::to_value(entity).unwrap();
+                    }
+                }
+                _ => panic!("error parsing response: {error}"),
+            };
+        }
+    };
+    world.response.object = serde_json::to_value(response.entity).unwrap();
+    world.response.code = response.status.as_u16();
+}
+
 fn test_v2_delete_security_monitoring_suppression(
     world: &mut DatadogWorld,
     _parameters: &HashMap<String, Value>,
