Add support for new CRUD agent rules endpoints (#1892)

Co-authored-by: ci.datadog-api-spec <[email protected]>

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-03-07 17:19:46.108857",
-            "spec_repo_commit": "52e6d7fb"
+            "regenerated": "2024-03-08 14:49:36.540934",
+            "spec_repo_commit": "f5ed7e52"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-03-07 17:19:46.151702",
-            "spec_repo_commit": "52e6d7fb"
+            "regenerated": "2024-03-08 14:49:36.567217",
+            "spec_repo_commit": "f5ed7e52"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -3919,9 +3919,27 @@ components:
       type: string
       x-enum-varnames:
       - CLOUD_COST_ACTIVITY
+    CloudWorkloadSecurityAgentRuleAction:
+      description: The action the rule can perform if triggered.
+      properties:
+        filter:
+          description: SECL expression used to target the container to apply the action
+            on
+          type: string
+        kill:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill'
+      type: object
+    CloudWorkloadSecurityAgentRuleActions:
+      description: The array of actions the rule can perform if triggered.
+      items:
+        $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleAction'
+      nullable: true
+      type: array
     CloudWorkloadSecurityAgentRuleAttributes:
       description: A Cloud Workload Security Agent rule returned by the API.
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
         agentConstraint:
           description: The version of the agent.
           type: string
@@ -4054,6 +4072,17 @@ components:
         type:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType'
       type: object
+    CloudWorkloadSecurityAgentRuleID:
+      description: The ID of the agent rule.
+      example: 3dd-0uc-h1s
+      type: string
+    CloudWorkloadSecurityAgentRuleKill:
+      description: Kill system call applied on the container matching the rule
+      properties:
+        signal:
+          description: Supported signals for the kill system call.
+          type: string
+      type: object
     CloudWorkloadSecurityAgentRuleResponse:
       description: Response object that includes an Agent rule.
       properties:
@@ -4090,6 +4119,8 @@ components:
       properties:
         attributes:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateAttributes'
+        id:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleID'
         type:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType'
       required:
@@ -29582,6 +29613,154 @@ paths:
         We are gradually onboarding support for more sources. If you have any
 
         feedback, contact [Datadog Support](https://docs.datadoghq.com/help/).'
+  /api/v2/remote_config/products/cws/agent_rules:
+    get:
+      description: Get the list of Cloud Security Management Threats Agent rules.
+      operationId: ListCSMThreatsAgentRules
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get all CSM Threats Agent rules
+      tags:
+      - Cloud Workload Security
+    post:
+      description: Create a new Cloud Security Management Threats Agent rule with
+        the given parameters.
+      operationId: CreateCSMThreatsAgentRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest'
+        description: The definition of the new Agent rule.
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '409':
+          $ref: '#/components/responses/ConflictResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Create a CSM Threats Agent rule
+      tags:
+      - Cloud Workload Security
+      x-codegen-request-body-name: body
+  /api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}:
+    delete:
+      description: Delete a specific Cloud Security Management Threats Agent rule.
+      operationId: DeleteCSMThreatsAgentRule
+      parameters:
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      responses:
+        '204':
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Delete a CSM Threats Agent rule
+      tags:
+      - Cloud Workload Security
+    get:
+      description: Get the details of a specific Cloud Security Management Threats
+        Agent rule.
+      operationId: GetCSMThreatsAgentRule
+      parameters:
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get a CSM Threats Agent rule
+      tags:
+      - Cloud Workload Security
+    patch:
+      description: 'Update a specific Cloud Security Management Threats Agent rule.
+
+        Returns the Agent rule object when the request is successful.'
+      operationId: UpdateCSMThreatsAgentRule
+      parameters:
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest'
+        description: New definition of the Agent rule.
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '409':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Update a CSM Threats Agent rule
+      tags:
+      - Cloud Workload Security
+      x-codegen-request-body-name: body
+  /api/v2/remote_config/products/cws/policy/download:
+    get:
+      description: 'The download endpoint generates a CSM Threats policy file from
+        your currently active
+
+        CSM Threats rules, and downloads them as a `.policy` file. This file can then
+        be deployed to
+
+        your Agents to update the policy running in your environment.'
+      operationId: DownloadCSMThreatsPolicy
+      responses:
+        '200':
+          content:
+            application/zip:
+              schema:
+                format: binary
+                type: string
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get the latest CSM Threats policy
+      tags:
+      - Cloud Workload Security
   /api/v2/restriction_policy/{resource_id}:
     delete:
       description: Deletes the restriction policy associated with a specified resource.
@@ -34821,6 +35000,11 @@ tags:
     [Test Visibility in Datadog page](https://docs.datadoghq.com/tests/) for more
     information.
   name: CI Visibility Tests
+- description: Cloud Security Management Threats (CSM Threats) monitors file, network,
+    and process activity across your environment to detect real-time threats to your
+    infrastructure. See [Cloud Security Management Threats](https://docs.datadoghq.com/security/threats/)
+    for more information on setting up CSM Threats.
+  name: CSM Threats
 - description: View and manage cases and projects within Case Management. See the
     [Case Management page](https://docs.datadoghq.com/service_management/case_management/)
     for more information.

docs/datadog_api_client.v2.model.rst

@@ -1492,6 +1492,13 @@ cloud\_cost\_activity\_type
    :members:
    :show-inheritance:
 
+cloud\_workload\_security\_agent\_rule\_action
+----------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cloud_workload_security_agent_rule_action
+   :members:
+   :show-inheritance:
+
 cloud\_workload\_security\_agent\_rule\_attributes
 --------------------------------------------------
 
@@ -1534,6 +1541,13 @@ cloud\_workload\_security\_agent\_rule\_data
    :members:
    :show-inheritance:
 
+cloud\_workload\_security\_agent\_rule\_kill
+--------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cloud_workload_security_agent_rule_kill
+   :members:
+   :show-inheritance:
+
 cloud\_workload\_security\_agent\_rule\_response
 ------------------------------------------------
 

examples/v2/cloud-workload-security/CreateCSMThreatsAgentRule.py

@@ -0,0 +1,35 @@
+"""
+Create a CSM Threats Agent rule returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.cloud_workload_security_api import CloudWorkloadSecurityApi
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_attributes import (
+    CloudWorkloadSecurityAgentRuleCreateAttributes,
+)
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_data import (
+    CloudWorkloadSecurityAgentRuleCreateData,
+)
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_request import (
+    CloudWorkloadSecurityAgentRuleCreateRequest,
+)
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_type import CloudWorkloadSecurityAgentRuleType
+
+body = CloudWorkloadSecurityAgentRuleCreateRequest(
+    data=CloudWorkloadSecurityAgentRuleCreateData(
+        attributes=CloudWorkloadSecurityAgentRuleCreateAttributes(
+            description="My Agent rule",
+            enabled=True,
+            expression='exec.file.name == "sh"',
+            name="my_agent_rule",
+        ),
+        type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,
+    ),
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = CloudWorkloadSecurityApi(api_client)
+    response = api_instance.create_csm_threats_agent_rule(body=body)
+
+    print(response)

examples/v2/cloud-workload-security/DeleteCSMThreatsAgentRule.py

@@ -0,0 +1,17 @@
+"""
+Delete a CSM Threats Agent rule returns "OK" response
+"""
+
+from os import environ
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.cloud_workload_security_api import CloudWorkloadSecurityApi
+
+# there is a valid "agent_rule_rc" in the system
+AGENT_RULE_DATA_ID = environ["AGENT_RULE_DATA_ID"]
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = CloudWorkloadSecurityApi(api_client)
+    api_instance.delete_csm_threats_agent_rule(
+        agent_rule_id=AGENT_RULE_DATA_ID,
+    )

examples/v2/cloud-workload-security/DownloadCSMThreatsPolicy.py

@@ -0,0 +1,13 @@
+"""
+Get the latest CSM Threats policy returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.cloud_workload_security_api import CloudWorkloadSecurityApi
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = CloudWorkloadSecurityApi(api_client)
+    response = api_instance.download_csm_threats_policy()
+
+    print(response.read())

examples/v2/cloud-workload-security/GetCSMThreatsAgentRule.py

@@ -0,0 +1,19 @@
+"""
+Get a CSM Threats Agent rule returns "OK" response
+"""
+
+from os import environ
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.cloud_workload_security_api import CloudWorkloadSecurityApi
+
+# there is a valid "agent_rule_rc" in the system
+AGENT_RULE_DATA_ID = environ["AGENT_RULE_DATA_ID"]
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = CloudWorkloadSecurityApi(api_client)
+    response = api_instance.get_csm_threats_agent_rule(
+        agent_rule_id=AGENT_RULE_DATA_ID,
+    )
+
+    print(response)

examples/v2/cloud-workload-security/ListCSMThreatsAgentRules.py

@@ -0,0 +1,13 @@
+"""
+Get all CSM Threats Agent rules returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.cloud_workload_security_api import CloudWorkloadSecurityApi
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = CloudWorkloadSecurityApi(api_client)
+    response = api_instance.list_csm_threats_agent_rules()
+
+    print(response)