Add validation endpoint for Security Monitoring Rules (#58)

Co-authored-by: ci.datadog-api-spec <[email protected]>
Co-authored-by: api-clients-generation-pipeline[bot] <54105614+api-clients-generation-pipeline[bot]@users.noreply.github.com>

Author: api-clients-generation-pipeline[bot]

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-03-26 15:17:41.342524",
-            "spec_repo_commit": "46383d02"
+            "regenerated": "2024-03-27 22:12:41.503072",
+            "spec_repo_commit": "85625198"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-03-26 15:17:41.373837",
-            "spec_repo_commit": "46383d02"
+            "regenerated": "2024-03-27 22:12:41.520431",
+            "spec_repo_commit": "85625198"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -32287,6 +32287,34 @@ paths:
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
+  /api/v2/security_monitoring/rules/validation:
+    post:
+      description: Validate a detection rule.
+      operationId: ValidateSecurityMonitoringRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload'
+        required: true
+      responses:
+        '204':
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_write
+      summary: Validate a detection rule
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
   /api/v2/security_monitoring/rules/{rule_id}:
     delete:
       description: Delete an existing rule. Default rules cannot be deleted.

examples/v2_security-monitoring_validate_security_monitoring_rule.rs

@@ -0,0 +1,55 @@
+// Validate a detection rule returns "OK" response
+use datadog_api_client::datadog::configuration::Configuration;
+use datadog_api_client::datadogV2::api::api_security_monitoring::SecurityMonitoringAPI;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleDetectionMethod;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleEvaluationWindow;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleKeepAlive;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleMaxSignalDuration;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryAggregation;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTypeCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleQuery;
+
+#[tokio::main]
+async fn main() {
+    let body =
+        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
+            SecurityMonitoringStandardRuleCreatePayload::new(
+                vec![
+                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
+                        .condition("a > 0".to_string())
+                        .name("".to_string())
+                        .notifications(vec![]),
+                ],
+                true,
+                "My security monitoring rule".to_string(),
+                "My security monitoring rule".to_string(),
+                SecurityMonitoringRuleOptions::new()
+                    .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
+                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::THIRTY_MINUTES)
+                    .keep_alive(SecurityMonitoringRuleKeepAlive::THIRTY_MINUTES)
+                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::THIRTY_MINUTES),
+                vec![SecurityMonitoringStandardRuleQuery::new()
+                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
+                    .distinct_fields(vec![])
+                    .group_by_fields(vec!["@userIdentity.assumed_role".to_string()])
+                    .name("".to_string())
+                    .query("source:source_here".to_string())],
+            )
+            .has_extended_title(true)
+            .tags(vec!["env:prod".to_string(), "team:security".to_string()])
+            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
+        ));
+    let configuration = Configuration::new();
+    let api = SecurityMonitoringAPI::with_config(configuration);
+    let resp = api.validate_security_monitoring_rule(body).await;
+    if let Ok(value) = resp {
+        println!("{:#?}", value);
+    } else {
+        println!("{:#?}", resp.unwrap_err());
+    }
+}

src/datadogV2/api/api_security_monitoring.rs

@@ -458,6 +458,16 @@ pub enum UpdateSecurityMonitoringSuppressionError {
     UnknownValue(serde_json::Value),
 }
 
+/// ValidateSecurityMonitoringRuleError is a struct for typed errors of method [`SecurityMonitoringAPI::validate_security_monitoring_rule`]
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(untagged)]
+pub enum ValidateSecurityMonitoringRuleError {
+    Status400(Option<crate::datadogV2::model::APIErrorResponse>),
+    Status403(Option<crate::datadogV2::model::APIErrorResponse>),
+    Status429(Option<crate::datadogV2::model::APIErrorResponse>),
+    UnknownValue(serde_json::Value),
+}
+
 #[derive(Debug, Clone)]
 pub struct SecurityMonitoringAPI {
     config: configuration::Configuration,
@@ -3015,4 +3025,80 @@ impl SecurityMonitoringAPI {
             Err(Error::ResponseError(local_error))
         }
     }
+
+    /// Validate a detection rule.
+    pub async fn validate_security_monitoring_rule(
+        &self,
+        body: crate::datadogV2::model::SecurityMonitoringRuleCreatePayload,
+    ) -> Result<(), Error<ValidateSecurityMonitoringRuleError>> {
+        match self
+            .validate_security_monitoring_rule_with_http_info(body)
+            .await
+        {
+            Ok(_) => Ok(()),
+            Err(err) => Err(err),
+        }
+    }
+
+    /// Validate a detection rule.
+    pub async fn validate_security_monitoring_rule_with_http_info(
+        &self,
+        body: crate::datadogV2::model::SecurityMonitoringRuleCreatePayload,
+    ) -> Result<ResponseContent<()>, Error<ValidateSecurityMonitoringRuleError>> {
+        let local_configuration = &self.config;
+        let operation_id = "v2.validate_security_monitoring_rule";
+
+        let local_client = &self.client;
+
+        let local_uri_str = format!(
+            "{}/api/v2/security_monitoring/rules/validation",
+            local_configuration.get_operation_host(operation_id)
+        );
+        let mut local_req_builder =
+            local_client.request(reqwest::Method::POST, local_uri_str.as_str());
+
+        // build user agent
+        local_req_builder = local_req_builder.header(
+            reqwest::header::USER_AGENT,
+            local_configuration.user_agent.clone(),
+        );
+
+        // build auth
+        if let Some(local_key) = local_configuration.auth_keys.get("apiKeyAuth") {
+            local_req_builder = local_req_builder.header("DD-API-KEY", &local_key.key);
+        };
+        if let Some(local_key) = local_configuration.auth_keys.get("appKeyAuth") {
+            local_req_builder = local_req_builder.header("DD-APPLICATION-KEY", &local_key.key);
+        };
+
+        // build body parameters
+        let output = Vec::new();
+        let mut ser = serde_json::Serializer::with_formatter(output, DDFormatter);
+        if body.serialize(&mut ser).is_ok() {
+            local_req_builder = local_req_builder.body(ser.into_inner());
+        }
+
+        let local_req = local_req_builder.build()?;
+        let local_resp = local_client.execute(local_req).await?;
+
+        let local_status = local_resp.status();
+        let local_content = local_resp.text().await?;
+
+        if !local_status.is_client_error() && !local_status.is_server_error() {
+            Ok(ResponseContent {
+                status: local_status,
+                content: local_content,
+                entity: None,
+            })
+        } else {
+            let local_entity: Option<ValidateSecurityMonitoringRuleError> =
+                serde_json::from_str(&local_content).ok();
+            let local_error = ResponseContent {
+                status: local_status,
+                content: local_content,
+                entity: local_entity,
+            };
+            Err(Error::ResponseError(local_error))
+        }
+    }
 }

tests/scenarios/cassettes/v2/security_monitoring/Validate-a-detection-rule-returns-Bad-Request-response.frozen

@@ -0,0 +1 @@
+2024-03-27T16:23:09.814Z

tests/scenarios/cassettes/v2/security_monitoring/Validate-a-detection-rule-returns-Bad-Request-response.json

@@ -0,0 +1,39 @@
+{
+  "http_interactions": [
+    {
+      "request": {
+        "body": {
+          "string": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"hasExtendedTitle\":true,\"isEnabled\":true,\"message\":\"My security monitoring rule\",\"name\":\"My security monitoring rule\",\"options\":{\"detectionMethod\":\"threshold\",\"evaluationWindow\":1800,\"keepAlive\":999999,\"maxSignalDuration\":1800},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[\"@userIdentity.assumed_role\"],\"name\":\"\",\"query\":\"source:source_here\"}],\"tags\":[\"env:prod\",\"team:security\"],\"type\":\"log_detection\"}",
+          "encoding": null
+        },
+        "headers": {
+          "Accept": [
+            "*/*"
+          ],
+          "Content-Type": [
+            "application/json"
+          ]
+        },
+        "method": "post",
+        "uri": "https://api.datadoghq.com/api/v2/security_monitoring/rules/validation"
+      },
+      "response": {
+        "body": {
+          "string": "{\"error\":{\"code\":\"InvalidArgument\",\"message\":\"Invalid rule configuration\",\"details\":[{\"code\":\"InvalidArgument\",\"message\":\"Max signal duration must be greater than or equal to keep alive\",\"target\":\"maxSignalDuration\"},{\"code\":\"InvalidArgument\",\"message\":\"Keep alive is not in allowed durations: 0, 1, 5, 10, 15, 30, 60, 120, 180, 360 (in minutes)\",\"target\":\"keepAlive\"}]}}\n",
+          "encoding": null
+        },
+        "headers": {
+          "Content-Type": [
+            "application/json"
+          ]
+        },
+        "status": {
+          "code": 400,
+          "message": "Bad Request"
+        }
+      },
+      "recorded_at": "Wed, 27 Mar 2024 16:23:09 GMT"
+    }
+  ],
+  "recorded_with": "VCR 6.0.0"
+}

tests/scenarios/cassettes/v2/security_monitoring/Validate-a-detection-rule-returns-OK-response.frozen

@@ -0,0 +1 @@
+2024-03-27T16:23:10.157Z

tests/scenarios/cassettes/v2/security_monitoring/Validate-a-detection-rule-returns-OK-response.json

@@ -0,0 +1,39 @@
+{
+  "http_interactions": [
+    {
+      "request": {
+        "body": {
+          "string": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"hasExtendedTitle\":true,\"isEnabled\":true,\"message\":\"My security monitoring rule\",\"name\":\"My security monitoring rule\",\"options\":{\"detectionMethod\":\"threshold\",\"evaluationWindow\":1800,\"keepAlive\":1800,\"maxSignalDuration\":1800},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[\"@userIdentity.assumed_role\"],\"name\":\"\",\"query\":\"source:source_here\"}],\"tags\":[\"env:prod\",\"team:security\"],\"type\":\"log_detection\"}",
+          "encoding": null
+        },
+        "headers": {
+          "Accept": [
+            "*/*"
+          ],
+          "Content-Type": [
+            "application/json"
+          ]
+        },
+        "method": "post",
+        "uri": "https://api.datadoghq.com/api/v2/security_monitoring/rules/validation"
+      },
+      "response": {
+        "body": {
+          "string": "",
+          "encoding": null
+        },
+        "headers": {
+          "Content-Type": [
+            "text/html; charset=utf-8"
+          ]
+        },
+        "status": {
+          "code": 204,
+          "message": "No Content"
+        }
+      },
+      "recorded_at": "Wed, 27 Mar 2024 16:23:10 GMT"
+    }
+  ],
+  "recorded_with": "VCR 6.0.0"
+}

tests/scenarios/features/v2/security_monitoring.feature

@@ -606,3 +606,17 @@ Feature: Security Monitoring
     Then the response status is 200 OK
     And the response "name" is equal to "{{ unique }}-Updated"
     And the response "id" has the same value as "security_rule.id"
+
+  @skip-go @skip-java @skip-python @skip-ruby @skip-rust @skip-typescript @skip-validation @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a detection rule returns "Bad Request" response
+    Given new "ValidateSecurityMonitoringRule" request
+    And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":999999,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a detection rule returns "OK" response
+    Given new "ValidateSecurityMonitoringRule" request
+    And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":1800,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
+    When the request is sent
+    Then the response status is 204 OK

tests/scenarios/features/v2/undo.json

@@ -1751,6 +1751,12 @@
       "type": "unsafe"
     }
   },
+  "ValidateSecurityMonitoringRule": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "DeleteSecurityMonitoringRule": {
     "tag": "Security Monitoring",
     "undo": {

tests/scenarios/function_mappings.rs

@@ -2347,6 +2347,10 @@ pub fn collect_function_calls(world: &mut DatadogWorld) {
         "v2.CreateSecurityMonitoringRule".into(),
         test_v2_create_security_monitoring_rule,
     );
+    world.function_mappings.insert(
+        "v2.ValidateSecurityMonitoringRule".into(),
+        test_v2_validate_security_monitoring_rule,
+    );
     world.function_mappings.insert(
         "v2.DeleteSecurityMonitoringRule".into(),
         test_v2_delete_security_monitoring_rule,
@@ -17660,6 +17664,34 @@ fn test_v2_create_security_monitoring_rule(
     world.response.code = response.status.as_u16();
 }
 
+fn test_v2_validate_security_monitoring_rule(
+    world: &mut DatadogWorld,
+    _parameters: &HashMap<String, Value>,
+) {
+    let api = world
+        .api_instances
+        .v2_api_security_monitoring
+        .as_ref()
+        .expect("api instance not found");
+    let body = serde_json::from_value(_parameters.get("body").unwrap().clone()).unwrap();
+    let response = match block_on(api.validate_security_monitoring_rule_with_http_info(body)) {
+        Ok(response) => response,
+        Err(error) => {
+            return match error {
+                Error::ResponseError(e) => {
+                    world.response.code = e.status.as_u16();
+                    if let Some(entity) = e.entity {
+                        world.response.object = serde_json::to_value(entity).unwrap();
+                    }
+                }
+                _ => panic!("error parsing response: {error}"),
+            };
+        }
+    };
+    world.response.object = serde_json::to_value(response.entity).unwrap();
+    world.response.code = response.status.as_u16();
+}
+
 fn test_v2_delete_security_monitoring_rule(
     world: &mut DatadogWorld,
     _parameters: &HashMap<String, Value>,