Add validation endpoint for Security Monitoring Rules (#1581)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 05e6e8d63bb8 · 2024-03-28T14:29:21.000Z
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
Co-authored-by: api-clients-generation-pipeline[bot] &lt;54105614+api-clients-generation-pipeline[bot]@users.noreply.github.com&gt;
diff --git a/.apigentools-info b/.apigentools-info
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-03-26 15:17:45.583561",
-            "spec_repo_commit": "46383d02"
+            "regenerated": "2024-03-27 22:12:46.457964",
+            "spec_repo_commit": "85625198"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-03-26 15:17:45.602729",
-            "spec_repo_commit": "46383d02"
+            "regenerated": "2024-03-27 22:12:46.486191",
+            "spec_repo_commit": "85625198"
         }
     }
 }
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -32287,6 +32287,34 @@ paths:
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
+  /api/v2/security_monitoring/rules/validation:
+    post:
+      description: Validate a detection rule.
+      operationId: ValidateSecurityMonitoringRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload'
+        required: true
+      responses:
+        '204':
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_write
+      summary: Validate a detection rule
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
   /api/v2/security_monitoring/rules/{rule_id}:
     delete:
       description: Delete an existing rule. Default rules cannot be deleted.
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-returns-Bad-Request-response_1975779485/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-returns-Bad-Request-response_1975779485/frozen.json
@@ -0,0 +1 @@
+"2024-03-27T16:23:09.814Z"
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-returns-Bad-Request-response_1975779485/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-returns-Bad-Request-response_1975779485/recording.har
@@ -0,0 +1,67 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/Validate a detection rule returns \"Bad Request\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "195f214fcab0861b1336ce2aa07b9cf5",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 507,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "*/*"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 588,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"hasExtendedTitle\":true,\"isEnabled\":true,\"message\":\"My security monitoring rule\",\"name\":\"My security monitoring rule\",\"options\":{\"detectionMethod\":\"threshold\",\"evaluationWindow\":1800,\"keepAlive\":999999,\"maxSignalDuration\":1800},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[\"@userIdentity.assumed_role\"],\"name\":\"\",\"query\":\"source:source_here\"}],\"tags\":[\"env:prod\",\"team:security\"],\"type\":\"log_detection\"}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/security_monitoring/rules/validation"
+        },
+        "response": {
+          "bodySize": 372,
+          "content": {
+            "mimeType": "application/json",
+            "size": 372,
+            "text": "{\"error\":{\"code\":\"InvalidArgument\",\"message\":\"Invalid rule configuration\",\"details\":[{\"code\":\"InvalidArgument\",\"message\":\"Max signal duration must be greater than or equal to keep alive\",\"target\":\"maxSignalDuration\"},{\"code\":\"InvalidArgument\",\"message\":\"Keep alive is not in allowed durations: 0, 1, 5, 10, 15, 30, 60, 120, 180, 360 (in minutes)\",\"target\":\"keepAlive\"}]}}\n"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 655,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 400,
+          "statusText": "Bad Request"
+        },
+        "startedDateTime": "2024-03-27T16:23:09.817Z",
+        "time": 334
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-returns-OK-response_1946162529/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-returns-OK-response_1946162529/frozen.json
@@ -0,0 +1 @@
+"2024-03-27T16:23:10.157Z"
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-returns-OK-response_1946162529/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-returns-OK-response_1946162529/recording.har
@@ -0,0 +1,66 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/Validate a detection rule returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "eff24aa1fc7cd68e58156e52bbac0e73",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 505,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "*/*"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 588,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"hasExtendedTitle\":true,\"isEnabled\":true,\"message\":\"My security monitoring rule\",\"name\":\"My security monitoring rule\",\"options\":{\"detectionMethod\":\"threshold\",\"evaluationWindow\":1800,\"keepAlive\":1800,\"maxSignalDuration\":1800},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[\"@userIdentity.assumed_role\"],\"name\":\"\",\"query\":\"source:source_here\"}],\"tags\":[\"env:prod\",\"team:security\"],\"type\":\"log_detection\"}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/security_monitoring/rules/validation"
+        },
+        "response": {
+          "bodySize": 0,
+          "content": {
+            "mimeType": "text/html; charset=utf-8",
+            "size": 0
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "text/html; charset=utf-8"
+            }
+          ],
+          "headersSize": 642,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 204,
+          "statusText": "No Content"
+        },
+        "startedDateTime": "2024-03-27T16:23:10.159Z",
+        "time": 335
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
diff --git a/examples/v2/security-monitoring/ValidateSecurityMonitoringRule.ts b/examples/v2/security-monitoring/ValidateSecurityMonitoringRule.ts
@@ -0,0 +1,51 @@
+/**
+ * Validate a detection rule returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+const apiInstance = new v2.SecurityMonitoringApi(configuration);
+
+const params: v2.SecurityMonitoringApiValidateSecurityMonitoringRuleRequest = {
+  body: {
+    cases: [
+      {
+        name: "",
+        status: "info",
+        notifications: [],
+        condition: "a > 0",
+      },
+    ],
+    hasExtendedTitle: true,
+    isEnabled: true,
+    message: "My security monitoring rule",
+    name: "My security monitoring rule",
+    options: {
+      evaluationWindow: 1800,
+      keepAlive: 1800,
+      maxSignalDuration: 1800,
+      detectionMethod: "threshold",
+    },
+    queries: [
+      {
+        query: "source:source_here",
+        groupByFields: ["@userIdentity.assumed_role"],
+        distinctFields: [],
+        aggregation: "count",
+        name: "",
+      },
+    ],
+    tags: ["env:prod", "team:security"],
+    type: "log_detection",
+  },
+};
+
+apiInstance
+  .validateSecurityMonitoringRule(params)
+  .then((data: any) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));
diff --git a/features/support/scenarios_model_mapping.ts b/features/support/scenarios_model_mapping.ts
@@ -4573,6 +4573,13 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = {
             },
         "operationResponseType": "SecurityMonitoringRuleResponse",
     },
+    "v2.ValidateSecurityMonitoringRule": {
+        "body": {
+            "type": "SecurityMonitoringRuleCreatePayload",
+            "format": "",
+            },
+        "operationResponseType": "void",
+    },
     "v2.DeleteSecurityMonitoringRule": {
         "ruleId": {
             "type": "string",
diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature
@@ -606,3 +606,17 @@ Feature: Security Monitoring
     Then the response status is 200 OK
     And the response "name" is equal to "{{ unique }}-Updated"
     And the response "id" has the same value as "security_rule.id"
+
+  @skip-go @skip-java @skip-python @skip-ruby @skip-rust @skip-typescript @skip-validation @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a detection rule returns "Bad Request" response
+    Given new "ValidateSecurityMonitoringRule" request
+    And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":999999,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a detection rule returns "OK" response
+    Given new "ValidateSecurityMonitoringRule" request
+    And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":1800,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
+    When the request is sent
+    Then the response status is 204 OK
diff --git a/features/v2/undo.json b/features/v2/undo.json
@@ -1751,6 +1751,12 @@
       "type": "unsafe"
     }
   },
+  "ValidateSecurityMonitoringRule": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "DeleteSecurityMonitoringRule": {
     "tag": "Security Monitoring",
     "undo": {
diff --git a/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts b/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts
diff --git a/packages/datadog-api-client-v2/index.ts b/packages/datadog-api-client-v2/index.ts

Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,13 @@`
`4`	`4`	`"spec_versions": {`
`5`	`5`	`"v1": {`
`6`	`6`	`"apigentools_version": "1.6.6",`
`7`		`- "regenerated": "2024-03-26 15:17:45.583561",`
`8`		`- "spec_repo_commit": "46383d02"`
	`7`	`+ "regenerated": "2024-03-27 22:12:46.457964",`
	`8`	`+ "spec_repo_commit": "85625198"`
`9`	`9`	`},`
`10`	`10`	`"v2": {`
`11`	`11`	`"apigentools_version": "1.6.6",`
`12`		`- "regenerated": "2024-03-26 15:17:45.602729",`
`13`		`- "spec_repo_commit": "46383d02"`
	`12`	`+ "regenerated": "2024-03-27 22:12:46.486191",`
	`13`	`+ "spec_repo_commit": "85625198"`
`14`	`14`	`}`
`15`	`15`	`}`
`16`	`16`	`}`