Add support for new CRUD agent rules endpoints (#1545)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>
Co-authored-by: api-clients-generation-pipeline[bot] <54105614+api-clients-generation-pipeline[bot]@users.noreply.github.com>

Author: api-clients-generation-pipeline[bot]

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-03-07 17:19:33.694024",
-            "spec_repo_commit": "52e6d7fb"
+            "regenerated": "2024-03-08 14:49:41.084247",
+            "spec_repo_commit": "f5ed7e52"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-03-07 17:19:33.710260",
-            "spec_repo_commit": "52e6d7fb"
+            "regenerated": "2024-03-08 14:49:41.101800",
+            "spec_repo_commit": "f5ed7e52"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -3919,9 +3919,27 @@ components:
       type: string
       x-enum-varnames:
       - CLOUD_COST_ACTIVITY
+    CloudWorkloadSecurityAgentRuleAction:
+      description: The action the rule can perform if triggered.
+      properties:
+        filter:
+          description: SECL expression used to target the container to apply the action
+            on
+          type: string
+        kill:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill'
+      type: object
+    CloudWorkloadSecurityAgentRuleActions:
+      description: The array of actions the rule can perform if triggered.
+      items:
+        $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleAction'
+      nullable: true
+      type: array
     CloudWorkloadSecurityAgentRuleAttributes:
       description: A Cloud Workload Security Agent rule returned by the API.
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
         agentConstraint:
           description: The version of the agent.
           type: string
@@ -4054,6 +4072,17 @@ components:
         type:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType'
       type: object
+    CloudWorkloadSecurityAgentRuleID:
+      description: The ID of the agent rule.
+      example: 3dd-0uc-h1s
+      type: string
+    CloudWorkloadSecurityAgentRuleKill:
+      description: Kill system call applied on the container matching the rule
+      properties:
+        signal:
+          description: Supported signals for the kill system call.
+          type: string
+      type: object
     CloudWorkloadSecurityAgentRuleResponse:
       description: Response object that includes an Agent rule.
       properties:
@@ -4090,6 +4119,8 @@ components:
       properties:
         attributes:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateAttributes'
+        id:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleID'
         type:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType'
       required:
@@ -29582,6 +29613,154 @@ paths:
         We are gradually onboarding support for more sources. If you have any
 
         feedback, contact [Datadog Support](https://docs.datadoghq.com/help/).'
+  /api/v2/remote_config/products/cws/agent_rules:
+    get:
+      description: Get the list of Cloud Security Management Threats Agent rules.
+      operationId: ListCSMThreatsAgentRules
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get all CSM Threats Agent rules
+      tags:
+      - Cloud Workload Security
+    post:
+      description: Create a new Cloud Security Management Threats Agent rule with
+        the given parameters.
+      operationId: CreateCSMThreatsAgentRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest'
+        description: The definition of the new Agent rule.
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '409':
+          $ref: '#/components/responses/ConflictResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Create a CSM Threats Agent rule
+      tags:
+      - Cloud Workload Security
+      x-codegen-request-body-name: body
+  /api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}:
+    delete:
+      description: Delete a specific Cloud Security Management Threats Agent rule.
+      operationId: DeleteCSMThreatsAgentRule
+      parameters:
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      responses:
+        '204':
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Delete a CSM Threats Agent rule
+      tags:
+      - Cloud Workload Security
+    get:
+      description: Get the details of a specific Cloud Security Management Threats
+        Agent rule.
+      operationId: GetCSMThreatsAgentRule
+      parameters:
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get a CSM Threats Agent rule
+      tags:
+      - Cloud Workload Security
+    patch:
+      description: 'Update a specific Cloud Security Management Threats Agent rule.
+
+        Returns the Agent rule object when the request is successful.'
+      operationId: UpdateCSMThreatsAgentRule
+      parameters:
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest'
+        description: New definition of the Agent rule.
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '409':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Update a CSM Threats Agent rule
+      tags:
+      - Cloud Workload Security
+      x-codegen-request-body-name: body
+  /api/v2/remote_config/products/cws/policy/download:
+    get:
+      description: 'The download endpoint generates a CSM Threats policy file from
+        your currently active
+
+        CSM Threats rules, and downloads them as a `.policy` file. This file can then
+        be deployed to
+
+        your Agents to update the policy running in your environment.'
+      operationId: DownloadCSMThreatsPolicy
+      responses:
+        '200':
+          content:
+            application/zip:
+              schema:
+                format: binary
+                type: string
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get the latest CSM Threats policy
+      tags:
+      - Cloud Workload Security
   /api/v2/restriction_policy/{resource_id}:
     delete:
       description: Deletes the restriction policy associated with a specified resource.
@@ -34821,6 +35000,11 @@ tags:
     [Test Visibility in Datadog page](https://docs.datadoghq.com/tests/) for more
     information.
   name: CI Visibility Tests
+- description: Cloud Security Management Threats (CSM Threats) monitors file, network,
+    and process activity across your environment to detect real-time threats to your
+    infrastructure. See [Cloud Security Management Threats](https://docs.datadoghq.com/security/threats/)
+    for more information on setting up CSM Threats.
+  name: CSM Threats
 - description: View and manage cases and projects within Case Management. See the
     [Case Management page](https://docs.datadoghq.com/service_management/case_management/)
     for more information.

cassettes/v2/Cloud-Workload-Security_3725750827/Create-a-CSM-Threats-Agent-rule-returns-Bad-Request-response_639435269/frozen.json

@@ -0,0 +1 @@
+"2024-03-08T14:19:01.846Z"

cassettes/v2/Cloud-Workload-Security_3725750827/Create-a-CSM-Threats-Agent-rule-returns-Bad-Request-response_639435269/recording.har

@@ -0,0 +1,67 @@
+{
+  "log": {
+    "_recordingName": "Cloud Workload Security/Create a CSM Threats Agent rule returns \"Bad Request\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "0a69f86145855ad31f75cec2b61dc38b",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 149,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 598,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"data\":{\"attributes\":{\"description\":\"My Agent rule\",\"enabled\":true,\"expression\":\"exec.file.name == sh\",\"name\":\"my_agent_rule\"},\"type\":\"agent_rule\"}}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules"
+        },
+        "response": {
+          "bodySize": 142,
+          "content": {
+            "mimeType": "application/json",
+            "size": 142,
+            "text": "{\"errors\":[\"input_validation_error(Field 'expression' is invalid: rule `my_agent_rule` error: rule compilation error: field `sh` not found)\"]}"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 217,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 400,
+          "statusText": "Bad Request"
+        },
+        "startedDateTime": "2024-03-08T14:19:01.854Z",
+        "time": 480
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}

cassettes/v2/Cloud-Workload-Security_3725750827/Create-a-CSM-Threats-Agent-rule-returns-Conflict-response_3890170597/frozen.json

@@ -0,0 +1 @@
+"2024-03-06T09:58:37.695Z"