Merge branch 'master' into datadog-api-spec/generated/3882

Author: filipelteixeira

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-02 13:31:14.108910",
-            "spec_repo_commit": "a6273f07"
+            "regenerated": "2025-06-04 09:10:40.335493",
+            "spec_repo_commit": "6c99bb98"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-02 13:31:14.145494",
-            "spec_repo_commit": "a6273f07"
+            "regenerated": "2025-06-04 09:10:40.351166",
+            "spec_repo_commit": "6c99bb98"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -743,7 +743,7 @@ components:
       description: 'Identifier, formatted as `type:id`. Supported types: `connection`,
         `dashboard`, `integration-account`, `integration-service`, `integration-webhook`,
         `notebook`, `reference-table`, `security-rule`, `slo`, `workflow`, `app-builder-app`,
-        `connection`, `connection-group`.'
+        `connection`, `connection-group`, `rum-application`.'
       example: dashboard:abc-def-ghi
       in: path
       name: resource_id
@@ -7526,6 +7526,50 @@ components:
           type: string
         kill:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill'
+        metadata:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionMetadata'
+        set:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionSet'
+      type: object
+    CloudWorkloadSecurityAgentRuleActionMetadata:
+      description: The metadata action applied on the scope matching the rule
+      properties:
+        image_tag:
+          description: The image tag of the metadata action
+          type: string
+        service:
+          description: The service of the metadata action
+          type: string
+        short_image:
+          description: The short image of the metadata action
+          type: string
+      type: object
+    CloudWorkloadSecurityAgentRuleActionSet:
+      description: The set action applied on the scope matching the rule
+      properties:
+        append:
+          description: Whether the value should be appended to the field
+          type: boolean
+        field:
+          description: The field of the set action
+          type: string
+        name:
+          description: The name of the set action
+          type: string
+        scope:
+          description: The scope of the set action
+          type: string
+        size:
+          description: The size of the set action
+          format: int64
+          type: integer
+        ttl:
+          description: The time to live of the set action
+          format: int64
+          type: integer
+        value:
+          description: The value of the set action
+          type: string
       type: object
     CloudWorkloadSecurityAgentRuleActions:
       description: The array of actions the rule can perform if triggered
@@ -7541,6 +7585,11 @@ components:
         agentConstraint:
           description: The version of the Agent
           type: string
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         category:
           description: The category of the Agent rule
           example: Process Activity
@@ -7564,6 +7613,11 @@ components:
           description: The description of the Agent rule
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7577,6 +7631,11 @@ components:
           items:
             type: string
           type: array
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         name:
           description: The name of the Agent rule
           example: my_agent_rule
@@ -7611,10 +7670,22 @@ components:
     CloudWorkloadSecurityAgentRuleCreateAttributes:
       description: Create a new Cloud Workload Security Agent rule.
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         description:
           description: The description of the Agent rule.
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7628,6 +7699,11 @@ components:
           items:
             type: string
           type: array
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         name:
           description: The name of the Agent rule.
           example: my_agent_rule
@@ -7718,10 +7794,22 @@ components:
     CloudWorkloadSecurityAgentRuleUpdateAttributes:
       description: Update an existing Cloud Workload Security Agent rule
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         description:
           description: The description of the Agent rule
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7730,6 +7818,11 @@ components:
           description: The SECL expression of the Agent rule
           example: exec.file.name == "sh"
           type: string
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         policy_id:
           description: The ID of the policy where the Agent rule is saved
           example: a8c8e364-6556-434d-b798-a4c23de29c0b
@@ -54255,6 +54348,8 @@ paths:
 
         - Connection Groups: `connection-group`
 
+        - RUM Applications: `rum-application`
+
 
         #### Supported relations for resources
 
@@ -54294,7 +54389,9 @@ paths:
 
         Connections                 | `viewer`, `resolver`, `editor`
 
-        Connection Groups           | `viewer`, `editor`'
+        Connection Groups           | `viewer`, `editor`
+
+        RUM Application             | `viewer`, `editor`'
       operationId: UpdateRestrictionPolicy
       parameters:
       - $ref: '#/components/parameters/ResourceID'

docs/datadog_api_client.v2.model.rst

@@ -2839,6 +2839,20 @@ datadog\_api\_client.v2.model.cloud\_workload\_security\_agent\_rule\_action mod
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.cloud\_workload\_security\_agent\_rule\_action\_metadata module
+---------------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_metadata
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.cloud\_workload\_security\_agent\_rule\_action\_set module
+----------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_set
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.cloud\_workload\_security\_agent\_rule\_attributes module
 ---------------------------------------------------------------------------------------
 

examples/v2/csm-threats/CreateCSMThreatsAgentRule_1295653933.py

@@ -0,0 +1,55 @@
+"""
+Create a Workload Protection agent rule with set action returns "OK" response
+"""
+
+from os import environ
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action import CloudWorkloadSecurityAgentRuleAction
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_set import (
+    CloudWorkloadSecurityAgentRuleActionSet,
+)
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_attributes import (
+    CloudWorkloadSecurityAgentRuleCreateAttributes,
+)
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_data import (
+    CloudWorkloadSecurityAgentRuleCreateData,
+)
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_request import (
+    CloudWorkloadSecurityAgentRuleCreateRequest,
+)
+from datadog_api_client.v2.model.cloud_workload_security_agent_rule_type import CloudWorkloadSecurityAgentRuleType
+
+# there is a valid "policy_rc" in the system
+POLICY_DATA_ID = environ["POLICY_DATA_ID"]
+
+body = CloudWorkloadSecurityAgentRuleCreateRequest(
+    data=CloudWorkloadSecurityAgentRuleCreateData(
+        attributes=CloudWorkloadSecurityAgentRuleCreateAttributes(
+            description="My Agent rule with set action",
+            enabled=True,
+            expression='exec.file.name == "sh"',
+            filters=[],
+            name="examplecsmthreat",
+            policy_id=POLICY_DATA_ID,
+            product_tags=[],
+            actions=[
+                CloudWorkloadSecurityAgentRuleAction(
+                    set=CloudWorkloadSecurityAgentRuleActionSet(
+                        name="test_set",
+                        value="test_value",
+                        scope="process",
+                    ),
+                ),
+            ],
+        ),
+        type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,
+    ),
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = CSMThreatsApi(api_client)
+    response = api_instance.create_csm_threats_agent_rule(body=body)
+
+    print(response)

src/datadog_api_client/v2/api/restriction_policies_api.py

@@ -112,7 +112,7 @@ def delete_restriction_policy(
 
         Deletes the restriction policy associated with a specified resource.
 
-        :param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-service`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group``.
+        :param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-service`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group`` , ``rum-application``.
         :type resource_id: str
         :rtype: None
         """
@@ -129,7 +129,7 @@ def get_restriction_policy(
 
         Retrieves the restriction policy associated with a specified resource.
 
-        :param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-service`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group``.
+        :param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-service`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group`` , ``rum-application``.
         :type resource_id: str
         :rtype: RestrictionPolicyResponse
         """
@@ -170,6 +170,7 @@ def update_restriction_policy(
         * App Builder Apps: ``app-builder-app``
         * Connections: ``connection``
         * Connection Groups: ``connection-group``
+        * RUM Applications: ``rum-application``
 
         **Supported relations for resources**
 
@@ -212,9 +213,11 @@ def update_restriction_policy(
              - ``viewer`` , ``resolver`` , ``editor``
            * - Connection Groups
              - ``viewer`` , ``editor``
+           * - RUM Application
+             - ``viewer`` , ``editor``
 
 
-        :param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-service`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group``.
+        :param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-service`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group`` , ``rum-application``.
         :type resource_id: str
         :param body: Restriction policy payload
         :type body: RestrictionPolicyUpdateRequest

src/datadog_api_client/v2/model/cloud_workload_security_agent_rule_action.py

@@ -15,6 +15,12 @@
 
 if TYPE_CHECKING:
     from datadog_api_client.v2.model.cloud_workload_security_agent_rule_kill import CloudWorkloadSecurityAgentRuleKill
+    from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_metadata import (
+        CloudWorkloadSecurityAgentRuleActionMetadata,
+    )
+    from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_set import (
+        CloudWorkloadSecurityAgentRuleActionSet,
+    )
 
 
 class CloudWorkloadSecurityAgentRuleAction(ModelNormal):
@@ -23,21 +29,33 @@ def openapi_types(_):
         from datadog_api_client.v2.model.cloud_workload_security_agent_rule_kill import (
             CloudWorkloadSecurityAgentRuleKill,
         )
+        from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_metadata import (
+            CloudWorkloadSecurityAgentRuleActionMetadata,
+        )
+        from datadog_api_client.v2.model.cloud_workload_security_agent_rule_action_set import (
+            CloudWorkloadSecurityAgentRuleActionSet,
+        )
 
         return {
             "filter": (str,),
             "kill": (CloudWorkloadSecurityAgentRuleKill,),
+            "metadata": (CloudWorkloadSecurityAgentRuleActionMetadata,),
+            "set": (CloudWorkloadSecurityAgentRuleActionSet,),
         }
 
     attribute_map = {
         "filter": "filter",
         "kill": "kill",
+        "metadata": "metadata",
+        "set": "set",
     }
 
     def __init__(
         self_,
         filter: Union[str, UnsetType] = unset,
         kill: Union[CloudWorkloadSecurityAgentRuleKill, UnsetType] = unset,
+        metadata: Union[CloudWorkloadSecurityAgentRuleActionMetadata, UnsetType] = unset,
+        set: Union[CloudWorkloadSecurityAgentRuleActionSet, UnsetType] = unset,
         **kwargs,
     ):
         """
@@ -48,9 +66,19 @@ def __init__(
 
         :param kill: Kill system call applied on the container matching the rule
         :type kill: CloudWorkloadSecurityAgentRuleKill, optional
+
+        :param metadata: The metadata action applied on the scope matching the rule
+        :type metadata: CloudWorkloadSecurityAgentRuleActionMetadata, optional
+
+        :param set: The set action applied on the scope matching the rule
+        :type set: CloudWorkloadSecurityAgentRuleActionSet, optional
         """
         if filter is not unset:
             kwargs["filter"] = filter
         if kill is not unset:
             kwargs["kill"] = kill
+        if metadata is not unset:
+            kwargs["metadata"] = metadata
+        if set is not unset:
+            kwargs["set"] = set
         super().__init__(kwargs)