diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index b17c8433bd..a07ab7db9f 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -1932,6 +1932,15 @@ components: required: false schema: $ref: "#/components/schemas/WebhooksAuthMethodProtocol" + WifConfigUUID: + description: The UUID of the WIF configuration to operate on. + example: c5c758c6-18c2-4484-ae3f-46b84128404a + in: path + name: config_uuid + required: true + schema: + format: uuid + type: string WorkflowId: description: The ID of the workflow. in: path @@ -12146,6 +12155,181 @@ components: required: - data type: object + AwsWifIntakeMappingAttributes: + description: Attributes of an AWS WIF intake mapping. + properties: + arn_pattern: + description: |- + The AWS IAM ARN pattern identifying the role or user permitted to obtain an intake API key. + Supports wildcards (`*`) to match multiple principals within an account. + example: "arn:aws:iam::123456789012:role/my-agent-role" + type: string + required: + - arn_pattern + type: object + AwsWifIntakeMappingCreateData: + description: Data for creating an AWS WIF intake mapping. + properties: + attributes: + $ref: "#/components/schemas/AwsWifIntakeMappingAttributes" + type: + $ref: "#/components/schemas/AwsWifIntakeMappingType" + required: + - type + - attributes + type: object + AwsWifIntakeMappingCreateRequest: + description: Request body for creating an AWS WIF intake mapping. + properties: + data: + $ref: "#/components/schemas/AwsWifIntakeMappingCreateData" + required: + - data + type: object + AwsWifIntakeMappingData: + description: An AWS WIF intake mapping resource. + properties: + attributes: + $ref: "#/components/schemas/AwsWifIntakeMappingAttributes" + id: + description: The UUID of the intake mapping. + example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + format: uuid + type: string + type: + $ref: "#/components/schemas/AwsWifIntakeMappingType" + required: + - id + - type + - attributes + type: object + AwsWifIntakeMappingResponse: + description: Response containing a single AWS WIF intake mapping. + properties: + data: + $ref: "#/components/schemas/AwsWifIntakeMappingData" + required: + - data + type: object + AwsWifIntakeMappingType: + description: Type identifier for an AWS WIF intake mapping. + enum: + - aws_wif_intake_mapping + example: aws_wif_intake_mapping + type: string + x-enum-varnames: + - AWS_WIF_INTAKE_MAPPING + AwsWifIntakeMappingsResponse: + description: Response containing a list of AWS WIF intake mappings. + properties: + data: + items: + $ref: "#/components/schemas/AwsWifIntakeMappingData" + type: array + required: + - data + type: object + AwsWifPersonaMappingAttributes: + description: Attributes of an AWS WIF persona mapping. + properties: + account_identifier: + description: The Datadog user handle (email address) to map the AWS principal to. + example: "user@example.com" + type: string + account_uuid: + description: The Datadog user UUID corresponding to `account_identifier`. Read-only — set by the server. + example: "12bbdc5c-5966-47e0-8733-285f9e44bcf4" + format: uuid + type: string + arn_pattern: + description: |- + The AWS IAM ARN pattern identifying the role or user that will be mapped. + Supports wildcards (`*`) to match multiple principals within an account. + example: "arn:aws:iam::123456789012:role/my-workload-role" + type: string + required: + - arn_pattern + - account_identifier + type: object + AwsWifPersonaMappingCreateAttributes: + description: Attributes for creating an AWS WIF persona mapping. + properties: + account_identifier: + description: The Datadog user handle (email address) to map the AWS principal to. + example: "user@example.com" + type: string + arn_pattern: + description: |- + The AWS IAM ARN pattern identifying the role or user that will be mapped. + Supports wildcards (`*`) to match multiple principals within an account. + example: "arn:aws:iam::123456789012:role/my-workload-role" + type: string + required: + - arn_pattern + - account_identifier + type: object + AwsWifPersonaMappingCreateData: + description: Data for creating an AWS WIF persona mapping. + properties: + attributes: + $ref: "#/components/schemas/AwsWifPersonaMappingCreateAttributes" + type: + $ref: "#/components/schemas/AwsWifPersonaMappingType" + required: + - type + - attributes + type: object + AwsWifPersonaMappingCreateRequest: + description: Request body for creating an AWS WIF persona mapping. + properties: + data: + $ref: "#/components/schemas/AwsWifPersonaMappingCreateData" + required: + - data + type: object + AwsWifPersonaMappingData: + description: An AWS WIF persona mapping resource. + properties: + attributes: + $ref: "#/components/schemas/AwsWifPersonaMappingAttributes" + id: + description: The UUID of the persona mapping. + example: "c5c758c6-18c2-4484-ae3f-46b84128404a" + format: uuid + type: string + type: + $ref: "#/components/schemas/AwsWifPersonaMappingType" + required: + - id + - type + - attributes + type: object + AwsWifPersonaMappingResponse: + description: Response containing a single AWS WIF persona mapping. + properties: + data: + $ref: "#/components/schemas/AwsWifPersonaMappingData" + required: + - data + type: object + AwsWifPersonaMappingType: + description: Type identifier for an AWS WIF persona mapping. + enum: + - aws_wif_config + example: aws_wif_config + type: string + x-enum-varnames: + - AWS_WIF_CONFIG + AwsWifPersonaMappingsResponse: + description: Response containing a list of AWS WIF persona mappings. + properties: + data: + items: + $ref: "#/components/schemas/AwsWifPersonaMappingData" + type: array + required: + - data + type: object AzureCredentials: description: The definition of the `AzureCredentials` object. oneOf: @@ -29812,6 +29996,55 @@ components: oneOf: - $ref: "#/components/schemas/StatusPagesUser" - $ref: "#/components/schemas/StatusPageAsIncluded" + DelegatedTokenAttributes: + description: Attributes of a delegated token. + properties: + access_token: + description: A short-lived JWT representing the authenticated Datadog user. Pass this as a bearer token in subsequent API calls. + example: "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9..." + type: string + expires: + description: The expiry time of the token. + example: "2024-01-15T11:30:00Z" + format: date-time + type: string + required: + - access_token + - expires + type: object + DelegatedTokenData: + description: A delegated token resource. + properties: + attributes: + $ref: "#/components/schemas/DelegatedTokenAttributes" + id: + description: A random UUID assigned to this token issuance. + example: "550e8400-e29b-41d4-a716-446655440000" + format: uuid + type: string + type: + $ref: "#/components/schemas/DelegatedTokenType" + required: + - id + - type + - attributes + type: object + DelegatedTokenResponse: + description: Response containing a delegated user token. + properties: + data: + $ref: "#/components/schemas/DelegatedTokenData" + required: + - data + type: object + DelegatedTokenType: + description: The resource type for a delegated token. + enum: + - token + example: token + type: string + x-enum-varnames: + - TOKEN DeleteAppResponse: description: The response object after an app is successfully deleted. properties: @@ -45556,6 +45789,54 @@ components: - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT + IntakeAPIKeyAttributes: + description: Attributes of an intake API key returned after successful authentication. + properties: + api_key: + description: The Datadog API key the workload can use to send telemetry. + example: "abc123def456..." + type: string + org_id: + description: The numeric ID of the Datadog organization the API key belongs to. + example: 123456 + format: int64 + type: integer + required: + - api_key + - org_id + type: object + IntakeAPIKeyData: + description: An intake API key resource. + properties: + attributes: + $ref: "#/components/schemas/IntakeAPIKeyAttributes" + id: + description: A stable identifier for the intake key, scoped to the matched organization. + example: "intake-123456" + type: string + type: + $ref: "#/components/schemas/IntakeAPIKeyType" + required: + - id + - type + - attributes + type: object + IntakeAPIKeyResponse: + description: Response containing an intake API key for the authenticated cloud workload. + properties: + data: + $ref: "#/components/schemas/IntakeAPIKeyData" + required: + - data + type: object + IntakeAPIKeyType: + description: The resource type for an intake API key. + enum: + - intake_api_key + example: intake_api_key + type: string + x-enum-varnames: + - INTAKE_API_KEY IntakePayloadAccepted: description: The payload accepted for intake. properties: @@ -120040,6 +120321,7 @@ paths: - test_optimization_read /api/v2/cloud_auth/aws/persona_mapping: get: + deprecated: true description: List all AWS cloud authentication persona mappings. This endpoint retrieves all configured persona mappings that associate AWS IAM principals with Datadog users. operationId: ListAWSCloudAuthPersonaMappings responses: @@ -120076,10 +120358,14 @@ paths: summary: List AWS cloud authentication persona mappings tags: - Cloud Authentication + x-deprecated: |- + **Deprecated**: Use `ListAwsWifPersonaMappings` (`GET /api/v2/wif/aws/persona_mapping`) instead. + x-sunset: "2027-01-01" x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: + deprecated: true description: Create an AWS cloud authentication persona mapping. This endpoint associates an AWS IAM principal with a Datadog user. operationId: CreateAWSCloudAuthPersonaMapping requestBody: @@ -120137,11 +120423,15 @@ paths: tags: - Cloud Authentication x-codegen-request-body-name: body + x-deprecated: |- + **Deprecated**: Use `CreateAwsWifPersonaMapping` (`POST /api/v2/wif/aws/persona_mapping`) instead. + x-sunset: "2027-01-01" x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cloud_auth/aws/persona_mapping/{persona_mapping_id}: delete: + deprecated: true description: Delete an AWS cloud authentication persona mapping by ID. This removes the association between an AWS IAM principal and a Datadog user. operationId: DeleteAWSCloudAuthPersonaMapping parameters: @@ -120166,10 +120456,14 @@ paths: summary: Delete an AWS cloud authentication persona mapping tags: - Cloud Authentication + x-deprecated: |- + **Deprecated**: Use `DeleteAwsWifPersonaMapping` (`DELETE /api/v2/wif/aws/persona_mapping/{config_uuid}`) instead. + x-sunset: "2027-01-01" x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: + deprecated: true description: Get a specific AWS cloud authentication persona mapping by ID. This endpoint retrieves a single configured persona mapping that associates an AWS IAM principal with a Datadog user. operationId: GetAWSCloudAuthPersonaMapping parameters: @@ -120208,6 +120502,9 @@ paths: summary: Get an AWS cloud authentication persona mapping tags: - Cloud Authentication + x-deprecated: |- + **Deprecated**: Use `GetAwsWifPersonaMapping` (`GET /api/v2/wif/aws/persona_mapping/{config_uuid}`) instead. + x-sunset: "2027-01-01" x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). @@ -127393,6 +127690,54 @@ paths: x-unstable: |- **Note: Data Access is in preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).** + /api/v2/delegated-token: + post: + description: |- + Exchange a Workload Identity Federation (WIF) proof or Datadog credentials for a short-lived access token + scoped to a Datadog user. + + To authenticate with a WIF identity, pass the cloud-provider token in the `Authorization` header using + the `Bearer` or `Delegated` scheme. Datadog resolves the Datadog user from the persona mapping configured + for that cloud identity. + + To obtain a token for the calling user directly, authenticate with standard Datadog API and application keys. + + Use the returned `access_token` as a bearer token in subsequent API calls. + operationId: GetDelegatedToken + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + attributes: + access_token: "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9..." + expires: "2024-01-15T11:30:00Z" + id: "550e8400-e29b-41d4-a716-446655440000" + type: token + schema: + $ref: "#/components/schemas/DelegatedTokenResponse" + description: OK + "401": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Unauthorized — missing or invalid authorization proof. + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden — the cloud identity is not mapped to any Datadog user, or the authenticated user does not have access. + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: [] + summary: Get a delegated token + tags: + - Delegated Token /api/v2/deletion/data/{product}: post: description: Creates a data deletion request by providing a query and a timeframe targeting the proper data. @@ -136004,6 +136349,55 @@ paths: x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). + /api/v2/intake-key: + post: + description: |- + Exchanges a Workload Identity Federation (WIF) identity proof for a Datadog API key associated with the matching WIF intake mapping. + + Pass a cloud-provider token in the `Authorization` header using the `Bearer` or `Delegated` scheme. + The token is validated against the WIF intake mappings configured for the caller's organization. On success, + a managed-rotation API key is returned that the workload can use to send telemetry to Datadog. + + Unlike the delegated-token endpoint (`POST /api/v2/delegated-token`), this endpoint authenticates + the cloud workload at the organization level rather than mapping it to a specific Datadog user. + + Standard Datadog API and application key authentication is not accepted. Authenticate using a + cloud-provider token in the `Authorization: Bearer` header. + operationId: GetIntakeKey + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + attributes: + api_key: "abc123def456..." + org_id: 123456 + id: "intake-123456" + type: intake_api_key + schema: + $ref: "#/components/schemas/IntakeAPIKeyResponse" + description: OK + "401": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Unauthorized — missing or invalid authorization proof. + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden — the cloud identity is not matched by any intake mapping for this organization. + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: [] + summary: Get an intake API key + tags: + - Intake Key /api/v2/integration/aws/accounts: get: description: Get a list of AWS Account Integration Configs. @@ -189631,6 +190025,373 @@ paths: - generate_log_reports - manage_log_reports - product_analytics_saved_widgets_write + /api/v2/wif/aws/intake_mapping: + get: + description: List every AWS WIF intake mapping configured for the caller's organization. + operationId: ListAwsWifIntakeMappings + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + arn_pattern: "arn:aws:iam::123456789012:role/my-agent-role" + id: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + type: aws_wif_intake_mapping + schema: + $ref: "#/components/schemas/AwsWifIntakeMappingsResponse" + description: OK + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - workload_identity_federation_read + summary: List AWS WIF intake mappings + tags: + - AWS WIF + post: + description: Create an AWS WIF intake mapping. The mapping binds an IAM role ARN pattern to a managed-rotation API key, allowing AWS workloads to send telemetry to Datadog without requiring a delegated user token. + operationId: CreateAwsWifIntakeMapping + requestBody: + content: + application/json: + examples: + default: + value: + data: + attributes: + arn_pattern: "arn:aws:iam::123456789012:role/my-agent-role" + type: aws_wif_intake_mapping + schema: + $ref: "#/components/schemas/AwsWifIntakeMappingCreateRequest" + required: true + responses: + "201": + content: + application/json: + examples: + default: + value: + data: + attributes: + arn_pattern: "arn:aws:iam::123456789012:role/my-agent-role" + id: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + type: aws_wif_intake_mapping + schema: + $ref: "#/components/schemas/AwsWifIntakeMappingResponse" + description: Created + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "409": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Conflict + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - workload_identity_federation_write + summary: Create an AWS WIF intake mapping + tags: + - AWS WIF + x-codegen-request-body-name: body + /api/v2/wif/aws/intake_mapping/{config_uuid}: + delete: + description: Delete an AWS WIF intake mapping by UUID. The associated managed-rotation API key is left intact, but AWS workloads that previously matched this mapping will lose intake access. + operationId: DeleteAwsWifIntakeMapping + parameters: + - $ref: "#/components/parameters/WifConfigUUID" + responses: + "204": + description: No Content + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "404": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Not Found + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - workload_identity_federation_write + summary: Delete an AWS WIF intake mapping + tags: + - AWS WIF + get: + description: Retrieve a single AWS WIF intake mapping by UUID. + operationId: GetAwsWifIntakeMapping + parameters: + - $ref: "#/components/parameters/WifConfigUUID" + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + attributes: + arn_pattern: "arn:aws:iam::123456789012:role/my-agent-role" + id: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + type: aws_wif_intake_mapping + schema: + $ref: "#/components/schemas/AwsWifIntakeMappingResponse" + description: OK + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "404": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Not Found + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - workload_identity_federation_read + summary: Get an AWS WIF intake mapping + tags: + - AWS WIF + /api/v2/wif/aws/persona_mapping: + get: + description: List every AWS WIF persona mapping configured for the caller's organization. + operationId: ListAwsWifPersonaMappings + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + account_identifier: "user@example.com" + account_uuid: "12bbdc5c-5966-47e0-8733-285f9e44bcf4" + arn_pattern: "arn:aws:iam::123456789012:role/my-workload-role" + id: "c5c758c6-18c2-4484-ae3f-46b84128404a" + type: aws_wif_config + schema: + $ref: "#/components/schemas/AwsWifPersonaMappingsResponse" + description: OK + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - workload_identity_federation_read + summary: List AWS WIF persona mappings + tags: + - AWS WIF + post: + description: Create an AWS Workload Identity Federation (WIF) persona mapping. The mapping binds an IAM role ARN pattern to a Datadog user handle, which is used to authenticate delegated-token requests from that AWS identity. + operationId: CreateAwsWifPersonaMapping + requestBody: + content: + application/json: + examples: + default: + value: + data: + attributes: + account_identifier: "user@example.com" + arn_pattern: "arn:aws:iam::123456789012:role/my-workload-role" + type: aws_wif_config + schema: + $ref: "#/components/schemas/AwsWifPersonaMappingCreateRequest" + required: true + responses: + "201": + content: + application/json: + examples: + default: + value: + data: + attributes: + account_identifier: "user@example.com" + account_uuid: "12bbdc5c-5966-47e0-8733-285f9e44bcf4" + arn_pattern: "arn:aws:iam::123456789012:role/my-workload-role" + id: "c5c758c6-18c2-4484-ae3f-46b84128404a" + type: aws_wif_config + schema: + $ref: "#/components/schemas/AwsWifPersonaMappingResponse" + description: Created + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "409": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Conflict + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - workload_identity_federation_write + summary: Create an AWS WIF persona mapping + tags: + - AWS WIF + x-codegen-request-body-name: body + /api/v2/wif/aws/persona_mapping/{config_uuid}: + delete: + description: Delete an AWS WIF persona mapping by UUID. Subsequent delegated-token requests from the previously mapped AWS identity will be denied. + operationId: DeleteAwsWifPersonaMapping + parameters: + - $ref: "#/components/parameters/WifConfigUUID" + responses: + "204": + description: No Content + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "404": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Not Found + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - workload_identity_federation_write + summary: Delete an AWS WIF persona mapping + tags: + - AWS WIF + get: + description: Retrieve a single AWS WIF persona mapping by UUID. + operationId: GetAwsWifPersonaMapping + parameters: + - $ref: "#/components/parameters/WifConfigUUID" + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + attributes: + account_identifier: "user@example.com" + account_uuid: "12bbdc5c-5966-47e0-8733-285f9e44bcf4" + arn_pattern: "arn:aws:iam::123456789012:role/my-workload-role" + id: "c5c758c6-18c2-4484-ae3f-46b84128404a" + type: aws_wif_config + schema: + $ref: "#/components/schemas/AwsWifPersonaMappingResponse" + description: OK + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "404": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Not Found + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - workload_identity_federation_read + summary: Get an AWS WIF persona mapping + tags: + - AWS WIF /api/v2/workflows: get: description: List all workflows in your organization. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). @@ -190292,6 +191053,11 @@ tags: externalDocs: url: https://docs.datadoghq.com/integrations/amazon_web_services/#log-collection name: AWS Logs Integration + - description: |- + Manage AWS Workload Identity Federation (WIF) mappings. + Persona mappings link IAM role ARN patterns to Datadog users for delegated-token authentication. + Intake mappings link IAM role ARN patterns to managed-rotation API keys for agent telemetry ingestion. + name: AWS WIF - description: |- Action connections extend your installed integrations and allow you to take action in your third-party systems (e.g. AWS, GitLab, and Statuspage) with Datadog’s Workflow Automation and App Builder products. @@ -190463,6 +191229,10 @@ tags: access to sensitive data. By defining Restricted Datasets, you can ensure that only specific teams or roles can view certain types of telemetry (for example, logs, traces, metrics, and RUM data). name: Datasets + - description: |- + Exchange a cloud-provider identity proof or Datadog credential for a short-lived delegated-user JWT + via Workload Identity Federation. + name: Delegated Token - description: |- Manage Deployment Gates using this API to reduce the likelihood and impact of incidents caused by deployments. See the [Deployment Gates documentation](https://docs.datadoghq.com/deployment_gates/) for more information. name: Deployment Gates @@ -190547,6 +191317,9 @@ tags: name: IP Allowlist - description: Manage incident response, as well as associated attachments, metadata, and todos. See the [Incident Management page](https://docs.datadoghq.com/service_management/incident_management/) for more information. name: Incidents + - description: |- + Exchange a cloud-provider identity proof for a Datadog API key via Workload Identity Federation intake mappings. + name: Intake Key - description: |- The Integrations API is used to list available integrations and retrieve information about their installation status. diff --git a/docs/datadog_api_client.v2.api.rst b/docs/datadog_api_client.v2.api.rst index 60b434f7e3..6fde4f1968 100644 --- a/docs/datadog_api_client.v2.api.rst +++ b/docs/datadog_api_client.v2.api.rst @@ -102,6 +102,13 @@ datadog\_api\_client.v2.api.aws\_logs\_integration\_api module :members: :show-inheritance: +datadog\_api\_client.v2.api.aws\_wif\_api module +------------------------------------------------ + +.. automodule:: datadog_api_client.v2.api.aws_wif_api + :members: + :show-inheritance: + datadog\_api\_client.v2.api.bits\_ai\_api module ------------------------------------------------ @@ -305,6 +312,13 @@ datadog\_api\_client.v2.api.datasets\_api module :members: :show-inheritance: +datadog\_api\_client.v2.api.delegated\_token\_api module +-------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.api.delegated_token_api + :members: + :show-inheritance: + datadog\_api\_client.v2.api.deployment\_gates\_api module --------------------------------------------------------- @@ -424,6 +438,13 @@ datadog\_api\_client.v2.api.incidents\_api module :members: :show-inheritance: +datadog\_api\_client.v2.api.intake\_key\_api module +--------------------------------------------------- + +.. automodule:: datadog_api_client.v2.api.intake_key_api + :members: + :show-inheritance: + datadog\_api\_client.v2.api.integrations\_api module ---------------------------------------------------- diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index 95baa66cec..bef87fb498 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -4001,6 +4001,111 @@ datadog\_api\_client.v2.model.aws\_traces\_config module :members: :show-inheritance: +datadog\_api\_client.v2.model.aws\_wif\_intake\_mapping\_attributes module +-------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_intake_mapping_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_intake\_mapping\_create\_data module +---------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_intake_mapping_create_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_intake\_mapping\_create\_request module +------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_intake_mapping_create_request + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_intake\_mapping\_data module +-------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_intake_mapping_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_intake\_mapping\_response module +------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.aws_wif_intake_mapping_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_intake\_mapping\_type module +-------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_intake_mapping_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_intake\_mappings\_response module +------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_intake_mappings_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_persona\_mapping\_attributes module +--------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_persona_mapping_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_persona\_mapping\_create\_attributes module +----------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_persona_mapping_create_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_persona\_mapping\_create\_data module +----------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_persona_mapping_create_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_persona\_mapping\_create\_request module +-------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_persona_mapping_create_request + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_persona\_mapping\_data module +--------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_persona_mapping_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_persona\_mapping\_response module +------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_persona_mapping_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_persona\_mapping\_type module +--------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_persona_mapping_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_wif\_persona\_mappings\_response module +-------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_wif_persona_mappings_response + :members: + :show-inheritance: + datadog\_api\_client.v2.model.azure\_credentials module ------------------------------------------------------- @@ -11372,6 +11477,34 @@ datadog\_api\_client.v2.model.degradation\_included module :members: :show-inheritance: +datadog\_api\_client.v2.model.delegated\_token\_attributes module +----------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.delegated_token_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.delegated\_token\_data module +----------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.delegated_token_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.delegated\_token\_response module +--------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.delegated_token_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.delegated\_token\_type module +----------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.delegated_token_type + :members: + :show-inheritance: + datadog\_api\_client.v2.model.delete\_app\_response module ---------------------------------------------------------- @@ -18505,6 +18638,34 @@ datadog\_api\_client.v2.model.input\_schema\_parameters\_type module :members: :show-inheritance: +datadog\_api\_client.v2.model.intake\_api\_key\_attributes module +----------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.intake_api_key_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.intake\_api\_key\_data module +----------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.intake_api_key_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.intake\_api\_key\_response module +--------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.intake_api_key_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.intake\_api\_key\_type module +----------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.intake_api_key_type + :members: + :show-inheritance: + datadog\_api\_client.v2.model.intake\_payload\_accepted module -------------------------------------------------------------- diff --git a/examples/v2/aws-wif/CreateAwsWifIntakeMapping.py b/examples/v2/aws-wif/CreateAwsWifIntakeMapping.py new file mode 100644 index 0000000000..8fd8f8e412 --- /dev/null +++ b/examples/v2/aws-wif/CreateAwsWifIntakeMapping.py @@ -0,0 +1,26 @@ +""" +Create an AWS WIF intake mapping returns "Created" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.awswif_api import AWSWIFApi +from datadog_api_client.v2.model.aws_wif_intake_mapping_attributes import AwsWifIntakeMappingAttributes +from datadog_api_client.v2.model.aws_wif_intake_mapping_create_data import AwsWifIntakeMappingCreateData +from datadog_api_client.v2.model.aws_wif_intake_mapping_create_request import AwsWifIntakeMappingCreateRequest +from datadog_api_client.v2.model.aws_wif_intake_mapping_type import AwsWifIntakeMappingType + +body = AwsWifIntakeMappingCreateRequest( + data=AwsWifIntakeMappingCreateData( + attributes=AwsWifIntakeMappingAttributes( + arn_pattern="arn:aws:iam::123456789012:role/my-agent-role", + ), + type=AwsWifIntakeMappingType.AWS_WIF_INTAKE_MAPPING, + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = AWSWIFApi(api_client) + response = api_instance.create_aws_wif_intake_mapping(body=body) + + print(response) diff --git a/examples/v2/aws-wif/CreateAwsWifPersonaMapping.py b/examples/v2/aws-wif/CreateAwsWifPersonaMapping.py new file mode 100644 index 0000000000..9310624c6e --- /dev/null +++ b/examples/v2/aws-wif/CreateAwsWifPersonaMapping.py @@ -0,0 +1,27 @@ +""" +Create an AWS WIF persona mapping returns "Created" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.awswif_api import AWSWIFApi +from datadog_api_client.v2.model.aws_wif_persona_mapping_create_attributes import AwsWifPersonaMappingCreateAttributes +from datadog_api_client.v2.model.aws_wif_persona_mapping_create_data import AwsWifPersonaMappingCreateData +from datadog_api_client.v2.model.aws_wif_persona_mapping_create_request import AwsWifPersonaMappingCreateRequest +from datadog_api_client.v2.model.aws_wif_persona_mapping_type import AwsWifPersonaMappingType + +body = AwsWifPersonaMappingCreateRequest( + data=AwsWifPersonaMappingCreateData( + attributes=AwsWifPersonaMappingCreateAttributes( + account_identifier="user@example.com", + arn_pattern="arn:aws:iam::123456789012:role/my-workload-role", + ), + type=AwsWifPersonaMappingType.AWS_WIF_CONFIG, + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = AWSWIFApi(api_client) + response = api_instance.create_aws_wif_persona_mapping(body=body) + + print(response) diff --git a/examples/v2/aws-wif/DeleteAwsWifIntakeMapping.py b/examples/v2/aws-wif/DeleteAwsWifIntakeMapping.py new file mode 100644 index 0000000000..0bf6e890fb --- /dev/null +++ b/examples/v2/aws-wif/DeleteAwsWifIntakeMapping.py @@ -0,0 +1,14 @@ +""" +Delete an AWS WIF intake mapping returns "No Content" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.awswif_api import AWSWIFApi +from uuid import UUID + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = AWSWIFApi(api_client) + api_instance.delete_aws_wif_intake_mapping( + config_uuid=UUID("9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d"), + ) diff --git a/examples/v2/aws-wif/DeleteAwsWifPersonaMapping.py b/examples/v2/aws-wif/DeleteAwsWifPersonaMapping.py new file mode 100644 index 0000000000..d829e9c173 --- /dev/null +++ b/examples/v2/aws-wif/DeleteAwsWifPersonaMapping.py @@ -0,0 +1,14 @@ +""" +Delete an AWS WIF persona mapping returns "No Content" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.awswif_api import AWSWIFApi +from uuid import UUID + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = AWSWIFApi(api_client) + api_instance.delete_aws_wif_persona_mapping( + config_uuid=UUID("9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d"), + ) diff --git a/examples/v2/aws-wif/GetAwsWifIntakeMapping.py b/examples/v2/aws-wif/GetAwsWifIntakeMapping.py new file mode 100644 index 0000000000..1297346ee9 --- /dev/null +++ b/examples/v2/aws-wif/GetAwsWifIntakeMapping.py @@ -0,0 +1,16 @@ +""" +Get an AWS WIF intake mapping returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.awswif_api import AWSWIFApi +from uuid import UUID + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = AWSWIFApi(api_client) + response = api_instance.get_aws_wif_intake_mapping( + config_uuid=UUID("9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d"), + ) + + print(response) diff --git a/examples/v2/aws-wif/GetAwsWifPersonaMapping.py b/examples/v2/aws-wif/GetAwsWifPersonaMapping.py new file mode 100644 index 0000000000..86cf2bda61 --- /dev/null +++ b/examples/v2/aws-wif/GetAwsWifPersonaMapping.py @@ -0,0 +1,16 @@ +""" +Get an AWS WIF persona mapping returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.awswif_api import AWSWIFApi +from uuid import UUID + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = AWSWIFApi(api_client) + response = api_instance.get_aws_wif_persona_mapping( + config_uuid=UUID("9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d"), + ) + + print(response) diff --git a/examples/v2/aws-wif/ListAwsWifIntakeMappings.py b/examples/v2/aws-wif/ListAwsWifIntakeMappings.py new file mode 100644 index 0000000000..7cc80c7e4c --- /dev/null +++ b/examples/v2/aws-wif/ListAwsWifIntakeMappings.py @@ -0,0 +1,13 @@ +""" +List AWS WIF intake mappings returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.awswif_api import AWSWIFApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = AWSWIFApi(api_client) + response = api_instance.list_aws_wif_intake_mappings() + + print(response) diff --git a/examples/v2/aws-wif/ListAwsWifPersonaMappings.py b/examples/v2/aws-wif/ListAwsWifPersonaMappings.py new file mode 100644 index 0000000000..3ab09e4b6a --- /dev/null +++ b/examples/v2/aws-wif/ListAwsWifPersonaMappings.py @@ -0,0 +1,13 @@ +""" +List AWS WIF persona mappings returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.awswif_api import AWSWIFApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = AWSWIFApi(api_client) + response = api_instance.list_aws_wif_persona_mappings() + + print(response) diff --git a/examples/v2/delegated-token/GetDelegatedToken.py b/examples/v2/delegated-token/GetDelegatedToken.py new file mode 100644 index 0000000000..f2f7478ad6 --- /dev/null +++ b/examples/v2/delegated-token/GetDelegatedToken.py @@ -0,0 +1,13 @@ +""" +Get a delegated token returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.delegated_token_api import DelegatedTokenApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = DelegatedTokenApi(api_client) + response = api_instance.get_delegated_token() + + print(response) diff --git a/examples/v2/intake-key/GetIntakeKey.py b/examples/v2/intake-key/GetIntakeKey.py new file mode 100644 index 0000000000..7767417c43 --- /dev/null +++ b/examples/v2/intake-key/GetIntakeKey.py @@ -0,0 +1,13 @@ +""" +Get an intake API key returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.intake_key_api import IntakeKeyApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = IntakeKeyApi(api_client) + response = api_instance.get_intake_key() + + print(response) diff --git a/src/datadog_api_client/v2/api/aws_wif_api.py b/src/datadog_api_client/v2/api/aws_wif_api.py new file mode 100644 index 0000000000..77dc66899d --- /dev/null +++ b/src/datadog_api_client/v2/api/aws_wif_api.py @@ -0,0 +1,319 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Any, Dict + +from datadog_api_client.api_client import ApiClient, Endpoint as _Endpoint +from datadog_api_client.configuration import Configuration +from datadog_api_client.model_utils import ( + UUID, +) +from datadog_api_client.v2.model.aws_wif_intake_mappings_response import AwsWifIntakeMappingsResponse +from datadog_api_client.v2.model.aws_wif_intake_mapping_response import AwsWifIntakeMappingResponse +from datadog_api_client.v2.model.aws_wif_intake_mapping_create_request import AwsWifIntakeMappingCreateRequest +from datadog_api_client.v2.model.aws_wif_persona_mappings_response import AwsWifPersonaMappingsResponse +from datadog_api_client.v2.model.aws_wif_persona_mapping_response import AwsWifPersonaMappingResponse +from datadog_api_client.v2.model.aws_wif_persona_mapping_create_request import AwsWifPersonaMappingCreateRequest + + +class AWSWIFApi: + """ + Manage AWS Workload Identity Federation (WIF) mappings. + Persona mappings link IAM role ARN patterns to Datadog users for delegated-token authentication. + Intake mappings link IAM role ARN patterns to managed-rotation API keys for agent telemetry ingestion. + """ + + def __init__(self, api_client=None): + if api_client is None: + api_client = ApiClient(Configuration()) + self.api_client = api_client + + self._create_aws_wif_intake_mapping_endpoint = _Endpoint( + settings={ + "response_type": (AwsWifIntakeMappingResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/wif/aws/intake_mapping", + "operation_id": "create_aws_wif_intake_mapping", + "http_method": "POST", + "version": "v2", + }, + params_map={ + "body": { + "required": True, + "openapi_types": (AwsWifIntakeMappingCreateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + + self._create_aws_wif_persona_mapping_endpoint = _Endpoint( + settings={ + "response_type": (AwsWifPersonaMappingResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/wif/aws/persona_mapping", + "operation_id": "create_aws_wif_persona_mapping", + "http_method": "POST", + "version": "v2", + }, + params_map={ + "body": { + "required": True, + "openapi_types": (AwsWifPersonaMappingCreateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + + self._delete_aws_wif_intake_mapping_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/wif/aws/intake_mapping/{config_uuid}", + "operation_id": "delete_aws_wif_intake_mapping", + "http_method": "DELETE", + "version": "v2", + }, + params_map={ + "config_uuid": { + "required": True, + "openapi_types": (UUID,), + "attribute": "config_uuid", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + + self._delete_aws_wif_persona_mapping_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/wif/aws/persona_mapping/{config_uuid}", + "operation_id": "delete_aws_wif_persona_mapping", + "http_method": "DELETE", + "version": "v2", + }, + params_map={ + "config_uuid": { + "required": True, + "openapi_types": (UUID,), + "attribute": "config_uuid", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + + self._get_aws_wif_intake_mapping_endpoint = _Endpoint( + settings={ + "response_type": (AwsWifIntakeMappingResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/wif/aws/intake_mapping/{config_uuid}", + "operation_id": "get_aws_wif_intake_mapping", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "config_uuid": { + "required": True, + "openapi_types": (UUID,), + "attribute": "config_uuid", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + self._get_aws_wif_persona_mapping_endpoint = _Endpoint( + settings={ + "response_type": (AwsWifPersonaMappingResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/wif/aws/persona_mapping/{config_uuid}", + "operation_id": "get_aws_wif_persona_mapping", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "config_uuid": { + "required": True, + "openapi_types": (UUID,), + "attribute": "config_uuid", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + self._list_aws_wif_intake_mappings_endpoint = _Endpoint( + settings={ + "response_type": (AwsWifIntakeMappingsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/wif/aws/intake_mapping", + "operation_id": "list_aws_wif_intake_mappings", + "http_method": "GET", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + self._list_aws_wif_persona_mappings_endpoint = _Endpoint( + settings={ + "response_type": (AwsWifPersonaMappingsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/wif/aws/persona_mapping", + "operation_id": "list_aws_wif_persona_mappings", + "http_method": "GET", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + def create_aws_wif_intake_mapping( + self, + body: AwsWifIntakeMappingCreateRequest, + ) -> AwsWifIntakeMappingResponse: + """Create an AWS WIF intake mapping. + + Create an AWS WIF intake mapping. The mapping binds an IAM role ARN pattern to a managed-rotation API key, allowing AWS workloads to send telemetry to Datadog without requiring a delegated user token. + + :type body: AwsWifIntakeMappingCreateRequest + :rtype: AwsWifIntakeMappingResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["body"] = body + + return self._create_aws_wif_intake_mapping_endpoint.call_with_http_info(**kwargs) + + def create_aws_wif_persona_mapping( + self, + body: AwsWifPersonaMappingCreateRequest, + ) -> AwsWifPersonaMappingResponse: + """Create an AWS WIF persona mapping. + + Create an AWS Workload Identity Federation (WIF) persona mapping. The mapping binds an IAM role ARN pattern to a Datadog user handle, which is used to authenticate delegated-token requests from that AWS identity. + + :type body: AwsWifPersonaMappingCreateRequest + :rtype: AwsWifPersonaMappingResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["body"] = body + + return self._create_aws_wif_persona_mapping_endpoint.call_with_http_info(**kwargs) + + def delete_aws_wif_intake_mapping( + self, + config_uuid: UUID, + ) -> None: + """Delete an AWS WIF intake mapping. + + Delete an AWS WIF intake mapping by UUID. The associated managed-rotation API key is left intact, but AWS workloads that previously matched this mapping will lose intake access. + + :param config_uuid: The UUID of the WIF configuration to operate on. + :type config_uuid: UUID + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["config_uuid"] = config_uuid + + return self._delete_aws_wif_intake_mapping_endpoint.call_with_http_info(**kwargs) + + def delete_aws_wif_persona_mapping( + self, + config_uuid: UUID, + ) -> None: + """Delete an AWS WIF persona mapping. + + Delete an AWS WIF persona mapping by UUID. Subsequent delegated-token requests from the previously mapped AWS identity will be denied. + + :param config_uuid: The UUID of the WIF configuration to operate on. + :type config_uuid: UUID + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["config_uuid"] = config_uuid + + return self._delete_aws_wif_persona_mapping_endpoint.call_with_http_info(**kwargs) + + def get_aws_wif_intake_mapping( + self, + config_uuid: UUID, + ) -> AwsWifIntakeMappingResponse: + """Get an AWS WIF intake mapping. + + Retrieve a single AWS WIF intake mapping by UUID. + + :param config_uuid: The UUID of the WIF configuration to operate on. + :type config_uuid: UUID + :rtype: AwsWifIntakeMappingResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["config_uuid"] = config_uuid + + return self._get_aws_wif_intake_mapping_endpoint.call_with_http_info(**kwargs) + + def get_aws_wif_persona_mapping( + self, + config_uuid: UUID, + ) -> AwsWifPersonaMappingResponse: + """Get an AWS WIF persona mapping. + + Retrieve a single AWS WIF persona mapping by UUID. + + :param config_uuid: The UUID of the WIF configuration to operate on. + :type config_uuid: UUID + :rtype: AwsWifPersonaMappingResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["config_uuid"] = config_uuid + + return self._get_aws_wif_persona_mapping_endpoint.call_with_http_info(**kwargs) + + def list_aws_wif_intake_mappings( + self, + ) -> AwsWifIntakeMappingsResponse: + """List AWS WIF intake mappings. + + List every AWS WIF intake mapping configured for the caller's organization. + + :rtype: AwsWifIntakeMappingsResponse + """ + kwargs: Dict[str, Any] = {} + return self._list_aws_wif_intake_mappings_endpoint.call_with_http_info(**kwargs) + + def list_aws_wif_persona_mappings( + self, + ) -> AwsWifPersonaMappingsResponse: + """List AWS WIF persona mappings. + + List every AWS WIF persona mapping configured for the caller's organization. + + :rtype: AwsWifPersonaMappingsResponse + """ + kwargs: Dict[str, Any] = {} + return self._list_aws_wif_persona_mappings_endpoint.call_with_http_info(**kwargs) diff --git a/src/datadog_api_client/v2/api/cloud_authentication_api.py b/src/datadog_api_client/v2/api/cloud_authentication_api.py index 4c2729cade..d5d21ca347 100644 --- a/src/datadog_api_client/v2/api/cloud_authentication_api.py +++ b/src/datadog_api_client/v2/api/cloud_authentication_api.py @@ -4,6 +4,7 @@ from __future__ import annotations from typing import Any, Dict +import warnings from datadog_api_client.api_client import ApiClient, Endpoint as _Endpoint from datadog_api_client.configuration import Configuration @@ -110,7 +111,7 @@ def create_aws_cloud_auth_persona_mapping( self, body: AWSCloudAuthPersonaMappingCreateRequest, ) -> AWSCloudAuthPersonaMappingResponse: - """Create an AWS cloud authentication persona mapping. + """Create an AWS cloud authentication persona mapping. **Deprecated**. Create an AWS cloud authentication persona mapping. This endpoint associates an AWS IAM principal with a Datadog user. @@ -120,13 +121,14 @@ def create_aws_cloud_auth_persona_mapping( kwargs: Dict[str, Any] = {} kwargs["body"] = body + warnings.warn("create_aws_cloud_auth_persona_mapping is deprecated", DeprecationWarning, stacklevel=2) return self._create_aws_cloud_auth_persona_mapping_endpoint.call_with_http_info(**kwargs) def delete_aws_cloud_auth_persona_mapping( self, persona_mapping_id: str, ) -> None: - """Delete an AWS cloud authentication persona mapping. + """Delete an AWS cloud authentication persona mapping. **Deprecated**. Delete an AWS cloud authentication persona mapping by ID. This removes the association between an AWS IAM principal and a Datadog user. @@ -137,13 +139,14 @@ def delete_aws_cloud_auth_persona_mapping( kwargs: Dict[str, Any] = {} kwargs["persona_mapping_id"] = persona_mapping_id + warnings.warn("delete_aws_cloud_auth_persona_mapping is deprecated", DeprecationWarning, stacklevel=2) return self._delete_aws_cloud_auth_persona_mapping_endpoint.call_with_http_info(**kwargs) def get_aws_cloud_auth_persona_mapping( self, persona_mapping_id: str, ) -> AWSCloudAuthPersonaMappingResponse: - """Get an AWS cloud authentication persona mapping. + """Get an AWS cloud authentication persona mapping. **Deprecated**. Get a specific AWS cloud authentication persona mapping by ID. This endpoint retrieves a single configured persona mapping that associates an AWS IAM principal with a Datadog user. @@ -154,16 +157,18 @@ def get_aws_cloud_auth_persona_mapping( kwargs: Dict[str, Any] = {} kwargs["persona_mapping_id"] = persona_mapping_id + warnings.warn("get_aws_cloud_auth_persona_mapping is deprecated", DeprecationWarning, stacklevel=2) return self._get_aws_cloud_auth_persona_mapping_endpoint.call_with_http_info(**kwargs) def list_aws_cloud_auth_persona_mappings( self, ) -> AWSCloudAuthPersonaMappingsResponse: - """List AWS cloud authentication persona mappings. + """List AWS cloud authentication persona mappings. **Deprecated**. List all AWS cloud authentication persona mappings. This endpoint retrieves all configured persona mappings that associate AWS IAM principals with Datadog users. :rtype: AWSCloudAuthPersonaMappingsResponse """ kwargs: Dict[str, Any] = {} + warnings.warn("list_aws_cloud_auth_persona_mappings is deprecated", DeprecationWarning, stacklevel=2) return self._list_aws_cloud_auth_persona_mappings_endpoint.call_with_http_info(**kwargs) diff --git a/src/datadog_api_client/v2/api/delegated_token_api.py b/src/datadog_api_client/v2/api/delegated_token_api.py new file mode 100644 index 0000000000..6150db9b26 --- /dev/null +++ b/src/datadog_api_client/v2/api/delegated_token_api.py @@ -0,0 +1,59 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Any, Dict + +from datadog_api_client.api_client import ApiClient, Endpoint as _Endpoint +from datadog_api_client.configuration import Configuration +from datadog_api_client.v2.model.delegated_token_response import DelegatedTokenResponse + + +class DelegatedTokenApi: + """ + Exchange a cloud-provider identity proof or Datadog credential for a short-lived delegated-user JWT + via Workload Identity Federation. + """ + + def __init__(self, api_client=None): + if api_client is None: + api_client = ApiClient(Configuration()) + self.api_client = api_client + + self._get_delegated_token_endpoint = _Endpoint( + settings={ + "response_type": (DelegatedTokenResponse,), + "auth": [], + "endpoint_path": "/api/v2/delegated-token", + "operation_id": "get_delegated_token", + "http_method": "POST", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + def get_delegated_token( + self, + ) -> DelegatedTokenResponse: + """Get a delegated token. + + Exchange a Workload Identity Federation (WIF) proof or Datadog credentials for a short-lived access token + scoped to a Datadog user. + + To authenticate with a WIF identity, pass the cloud-provider token in the ``Authorization`` header using + the ``Bearer`` or ``Delegated`` scheme. Datadog resolves the Datadog user from the persona mapping configured + for that cloud identity. + + To obtain a token for the calling user directly, authenticate with standard Datadog API and application keys. + + Use the returned ``access_token`` as a bearer token in subsequent API calls. + + :rtype: DelegatedTokenResponse + """ + kwargs: Dict[str, Any] = {} + return self._get_delegated_token_endpoint.call_with_http_info(**kwargs) diff --git a/src/datadog_api_client/v2/api/intake_key_api.py b/src/datadog_api_client/v2/api/intake_key_api.py new file mode 100644 index 0000000000..bc0d24ca6b --- /dev/null +++ b/src/datadog_api_client/v2/api/intake_key_api.py @@ -0,0 +1,59 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Any, Dict + +from datadog_api_client.api_client import ApiClient, Endpoint as _Endpoint +from datadog_api_client.configuration import Configuration +from datadog_api_client.v2.model.intake_api_key_response import IntakeAPIKeyResponse + + +class IntakeKeyApi: + """ + Exchange a cloud-provider identity proof for a Datadog API key via Workload Identity Federation intake mappings. + """ + + def __init__(self, api_client=None): + if api_client is None: + api_client = ApiClient(Configuration()) + self.api_client = api_client + + self._get_intake_key_endpoint = _Endpoint( + settings={ + "response_type": (IntakeAPIKeyResponse,), + "auth": [], + "endpoint_path": "/api/v2/intake-key", + "operation_id": "get_intake_key", + "http_method": "POST", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + def get_intake_key( + self, + ) -> IntakeAPIKeyResponse: + """Get an intake API key. + + Exchanges a Workload Identity Federation (WIF) identity proof for a Datadog API key associated with the matching WIF intake mapping. + + Pass a cloud-provider token in the ``Authorization`` header using the ``Bearer`` or ``Delegated`` scheme. + The token is validated against the WIF intake mappings configured for the caller's organization. On success, + a managed-rotation API key is returned that the workload can use to send telemetry to Datadog. + + Unlike the delegated-token endpoint ( ``POST /api/v2/delegated-token`` ), this endpoint authenticates + the cloud workload at the organization level rather than mapping it to a specific Datadog user. + + Standard Datadog API and application key authentication is not accepted. Authenticate using a + cloud-provider token in the ``Authorization: Bearer`` header. + + :rtype: IntakeAPIKeyResponse + """ + kwargs: Dict[str, Any] = {} + return self._get_intake_key_endpoint.call_with_http_info(**kwargs) diff --git a/src/datadog_api_client/v2/apis/__init__.py b/src/datadog_api_client/v2/apis/__init__.py index 64095ed8e2..df4b18a98c 100644 --- a/src/datadog_api_client/v2/apis/__init__.py +++ b/src/datadog_api_client/v2/apis/__init__.py @@ -4,6 +4,7 @@ from datadog_api_client.v2.api.apm_trace_api import APMTraceApi from datadog_api_client.v2.api.aws_integration_api import AWSIntegrationApi from datadog_api_client.v2.api.aws_logs_integration_api import AWSLogsIntegrationApi +from datadog_api_client.v2.api.awswif_api import AWSWIFApi from datadog_api_client.v2.api.action_connection_api import ActionConnectionApi from datadog_api_client.v2.api.actions_datastores_api import ActionsDatastoresApi from datadog_api_client.v2.api.agentless_scanning_api import AgentlessScanningApi @@ -42,6 +43,7 @@ from datadog_api_client.v2.api.data_deletion_api import DataDeletionApi from datadog_api_client.v2.api.data_observability_api import DataObservabilityApi from datadog_api_client.v2.api.datasets_api import DatasetsApi +from datadog_api_client.v2.api.delegated_token_api import DelegatedTokenApi from datadog_api_client.v2.api.deployment_gates_api import DeploymentGatesApi from datadog_api_client.v2.api.domain_allowlist_api import DomainAllowlistApi from datadog_api_client.v2.api.downtimes_api import DowntimesApi @@ -59,6 +61,7 @@ from datadog_api_client.v2.api.high_availability_multi_region_api import HighAvailabilityMultiRegionApi from datadog_api_client.v2.api.ip_allowlist_api import IPAllowlistApi from datadog_api_client.v2.api.incidents_api import IncidentsApi +from datadog_api_client.v2.api.intake_key_api import IntakeKeyApi from datadog_api_client.v2.api.integrations_api import IntegrationsApi from datadog_api_client.v2.api.jira_integration_api import JiraIntegrationApi from datadog_api_client.v2.api.key_management_api import KeyManagementApi @@ -139,6 +142,7 @@ "APMTraceApi", "AWSIntegrationApi", "AWSLogsIntegrationApi", + "AWSWIFApi", "ActionConnectionApi", "ActionsDatastoresApi", "AgentlessScanningApi", @@ -177,6 +181,7 @@ "DataDeletionApi", "DataObservabilityApi", "DatasetsApi", + "DelegatedTokenApi", "DeploymentGatesApi", "DomainAllowlistApi", "DowntimesApi", @@ -194,6 +199,7 @@ "HighAvailabilityMultiRegionApi", "IPAllowlistApi", "IncidentsApi", + "IntakeKeyApi", "IntegrationsApi", "JiraIntegrationApi", "KeyManagementApi", diff --git a/src/datadog_api_client/v2/model/aws_wif_intake_mapping_attributes.py b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_attributes.py new file mode 100644 index 0000000000..e42bb91e9a --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_attributes.py @@ -0,0 +1,34 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +class AwsWifIntakeMappingAttributes(ModelNormal): + @cached_property + def openapi_types(_): + return { + "arn_pattern": (str,), + } + + attribute_map = { + "arn_pattern": "arn_pattern", + } + + def __init__(self_, arn_pattern: str, **kwargs): + """ + Attributes of an AWS WIF intake mapping. + + :param arn_pattern: The AWS IAM ARN pattern identifying the role or user permitted to obtain an intake API key. + Supports wildcards ( ``*`` ) to match multiple principals within an account. + :type arn_pattern: str + """ + super().__init__(kwargs) + + self_.arn_pattern = arn_pattern diff --git a/src/datadog_api_client/v2/model/aws_wif_intake_mapping_create_data.py b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_create_data.py new file mode 100644 index 0000000000..6c37995f6c --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_create_data.py @@ -0,0 +1,48 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_intake_mapping_attributes import AwsWifIntakeMappingAttributes + from datadog_api_client.v2.model.aws_wif_intake_mapping_type import AwsWifIntakeMappingType + + +class AwsWifIntakeMappingCreateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_intake_mapping_attributes import AwsWifIntakeMappingAttributes + from datadog_api_client.v2.model.aws_wif_intake_mapping_type import AwsWifIntakeMappingType + + return { + "attributes": (AwsWifIntakeMappingAttributes,), + "type": (AwsWifIntakeMappingType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__(self_, attributes: AwsWifIntakeMappingAttributes, type: AwsWifIntakeMappingType, **kwargs): + """ + Data for creating an AWS WIF intake mapping. + + :param attributes: Attributes of an AWS WIF intake mapping. + :type attributes: AwsWifIntakeMappingAttributes + + :param type: Type identifier for an AWS WIF intake mapping. + :type type: AwsWifIntakeMappingType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.type = type diff --git a/src/datadog_api_client/v2/model/aws_wif_intake_mapping_create_request.py b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_create_request.py new file mode 100644 index 0000000000..8e3d8ef80b --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_create_request.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_intake_mapping_create_data import AwsWifIntakeMappingCreateData + + +class AwsWifIntakeMappingCreateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_intake_mapping_create_data import AwsWifIntakeMappingCreateData + + return { + "data": (AwsWifIntakeMappingCreateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: AwsWifIntakeMappingCreateData, **kwargs): + """ + Request body for creating an AWS WIF intake mapping. + + :param data: Data for creating an AWS WIF intake mapping. + :type data: AwsWifIntakeMappingCreateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/aws_wif_intake_mapping_data.py b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_data.py new file mode 100644 index 0000000000..07be2662da --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_data.py @@ -0,0 +1,55 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + UUID, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_intake_mapping_attributes import AwsWifIntakeMappingAttributes + from datadog_api_client.v2.model.aws_wif_intake_mapping_type import AwsWifIntakeMappingType + + +class AwsWifIntakeMappingData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_intake_mapping_attributes import AwsWifIntakeMappingAttributes + from datadog_api_client.v2.model.aws_wif_intake_mapping_type import AwsWifIntakeMappingType + + return { + "attributes": (AwsWifIntakeMappingAttributes,), + "id": (UUID,), + "type": (AwsWifIntakeMappingType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__(self_, attributes: AwsWifIntakeMappingAttributes, id: UUID, type: AwsWifIntakeMappingType, **kwargs): + """ + An AWS WIF intake mapping resource. + + :param attributes: Attributes of an AWS WIF intake mapping. + :type attributes: AwsWifIntakeMappingAttributes + + :param id: The UUID of the intake mapping. + :type id: UUID + + :param type: Type identifier for an AWS WIF intake mapping. + :type type: AwsWifIntakeMappingType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.id = id + self_.type = type diff --git a/src/datadog_api_client/v2/model/aws_wif_intake_mapping_response.py b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_response.py new file mode 100644 index 0000000000..e3bb1a7564 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_response.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_intake_mapping_data import AwsWifIntakeMappingData + + +class AwsWifIntakeMappingResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_intake_mapping_data import AwsWifIntakeMappingData + + return { + "data": (AwsWifIntakeMappingData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: AwsWifIntakeMappingData, **kwargs): + """ + Response containing a single AWS WIF intake mapping. + + :param data: An AWS WIF intake mapping resource. + :type data: AwsWifIntakeMappingData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/aws_wif_intake_mapping_type.py b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_type.py new file mode 100644 index 0000000000..2624a1b19a --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_intake_mapping_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class AwsWifIntakeMappingType(ModelSimple): + """ + Type identifier for an AWS WIF intake mapping. + + :param value: If omitted defaults to "aws_wif_intake_mapping". Must be one of ["aws_wif_intake_mapping"]. + :type value: str + """ + + allowed_values = { + "aws_wif_intake_mapping", + } + AWS_WIF_INTAKE_MAPPING: ClassVar["AwsWifIntakeMappingType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +AwsWifIntakeMappingType.AWS_WIF_INTAKE_MAPPING = AwsWifIntakeMappingType("aws_wif_intake_mapping") diff --git a/src/datadog_api_client/v2/model/aws_wif_intake_mappings_response.py b/src/datadog_api_client/v2/model/aws_wif_intake_mappings_response.py new file mode 100644 index 0000000000..2293ded75d --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_intake_mappings_response.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_intake_mapping_data import AwsWifIntakeMappingData + + +class AwsWifIntakeMappingsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_intake_mapping_data import AwsWifIntakeMappingData + + return { + "data": ([AwsWifIntakeMappingData],), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: List[AwsWifIntakeMappingData], **kwargs): + """ + Response containing a list of AWS WIF intake mappings. + + :param data: + :type data: [AwsWifIntakeMappingData] + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/aws_wif_persona_mapping_attributes.py b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_attributes.py new file mode 100644 index 0000000000..bb48b2ee54 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_attributes.py @@ -0,0 +1,53 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, + UUID, +) + + +class AwsWifPersonaMappingAttributes(ModelNormal): + @cached_property + def openapi_types(_): + return { + "account_identifier": (str,), + "account_uuid": (UUID,), + "arn_pattern": (str,), + } + + attribute_map = { + "account_identifier": "account_identifier", + "account_uuid": "account_uuid", + "arn_pattern": "arn_pattern", + } + + def __init__( + self_, account_identifier: str, arn_pattern: str, account_uuid: Union[UUID, UnsetType] = unset, **kwargs + ): + """ + Attributes of an AWS WIF persona mapping. + + :param account_identifier: The Datadog user handle (email address) to map the AWS principal to. + :type account_identifier: str + + :param account_uuid: The Datadog user UUID corresponding to ``account_identifier``. Read-only — set by the server. + :type account_uuid: UUID, optional + + :param arn_pattern: The AWS IAM ARN pattern identifying the role or user that will be mapped. + Supports wildcards ( ``*`` ) to match multiple principals within an account. + :type arn_pattern: str + """ + if account_uuid is not unset: + kwargs["account_uuid"] = account_uuid + super().__init__(kwargs) + + self_.account_identifier = account_identifier + self_.arn_pattern = arn_pattern diff --git a/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_attributes.py b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_attributes.py new file mode 100644 index 0000000000..ba80244782 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_attributes.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +class AwsWifPersonaMappingCreateAttributes(ModelNormal): + @cached_property + def openapi_types(_): + return { + "account_identifier": (str,), + "arn_pattern": (str,), + } + + attribute_map = { + "account_identifier": "account_identifier", + "arn_pattern": "arn_pattern", + } + + def __init__(self_, account_identifier: str, arn_pattern: str, **kwargs): + """ + Attributes for creating an AWS WIF persona mapping. + + :param account_identifier: The Datadog user handle (email address) to map the AWS principal to. + :type account_identifier: str + + :param arn_pattern: The AWS IAM ARN pattern identifying the role or user that will be mapped. + Supports wildcards ( ``*`` ) to match multiple principals within an account. + :type arn_pattern: str + """ + super().__init__(kwargs) + + self_.account_identifier = account_identifier + self_.arn_pattern = arn_pattern diff --git a/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_data.py b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_data.py new file mode 100644 index 0000000000..235f8cb852 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_data.py @@ -0,0 +1,52 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_persona_mapping_create_attributes import ( + AwsWifPersonaMappingCreateAttributes, + ) + from datadog_api_client.v2.model.aws_wif_persona_mapping_type import AwsWifPersonaMappingType + + +class AwsWifPersonaMappingCreateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_persona_mapping_create_attributes import ( + AwsWifPersonaMappingCreateAttributes, + ) + from datadog_api_client.v2.model.aws_wif_persona_mapping_type import AwsWifPersonaMappingType + + return { + "attributes": (AwsWifPersonaMappingCreateAttributes,), + "type": (AwsWifPersonaMappingType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__(self_, attributes: AwsWifPersonaMappingCreateAttributes, type: AwsWifPersonaMappingType, **kwargs): + """ + Data for creating an AWS WIF persona mapping. + + :param attributes: Attributes for creating an AWS WIF persona mapping. + :type attributes: AwsWifPersonaMappingCreateAttributes + + :param type: Type identifier for an AWS WIF persona mapping. + :type type: AwsWifPersonaMappingType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.type = type diff --git a/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_request.py b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_request.py new file mode 100644 index 0000000000..2ffc5bc372 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_create_request.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_persona_mapping_create_data import AwsWifPersonaMappingCreateData + + +class AwsWifPersonaMappingCreateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_persona_mapping_create_data import AwsWifPersonaMappingCreateData + + return { + "data": (AwsWifPersonaMappingCreateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: AwsWifPersonaMappingCreateData, **kwargs): + """ + Request body for creating an AWS WIF persona mapping. + + :param data: Data for creating an AWS WIF persona mapping. + :type data: AwsWifPersonaMappingCreateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/aws_wif_persona_mapping_data.py b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_data.py new file mode 100644 index 0000000000..0664cd6ddd --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_data.py @@ -0,0 +1,55 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + UUID, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_persona_mapping_attributes import AwsWifPersonaMappingAttributes + from datadog_api_client.v2.model.aws_wif_persona_mapping_type import AwsWifPersonaMappingType + + +class AwsWifPersonaMappingData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_persona_mapping_attributes import AwsWifPersonaMappingAttributes + from datadog_api_client.v2.model.aws_wif_persona_mapping_type import AwsWifPersonaMappingType + + return { + "attributes": (AwsWifPersonaMappingAttributes,), + "id": (UUID,), + "type": (AwsWifPersonaMappingType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__(self_, attributes: AwsWifPersonaMappingAttributes, id: UUID, type: AwsWifPersonaMappingType, **kwargs): + """ + An AWS WIF persona mapping resource. + + :param attributes: Attributes of an AWS WIF persona mapping. + :type attributes: AwsWifPersonaMappingAttributes + + :param id: The UUID of the persona mapping. + :type id: UUID + + :param type: Type identifier for an AWS WIF persona mapping. + :type type: AwsWifPersonaMappingType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.id = id + self_.type = type diff --git a/src/datadog_api_client/v2/model/aws_wif_persona_mapping_response.py b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_response.py new file mode 100644 index 0000000000..b67fee95c5 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_response.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_persona_mapping_data import AwsWifPersonaMappingData + + +class AwsWifPersonaMappingResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_persona_mapping_data import AwsWifPersonaMappingData + + return { + "data": (AwsWifPersonaMappingData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: AwsWifPersonaMappingData, **kwargs): + """ + Response containing a single AWS WIF persona mapping. + + :param data: An AWS WIF persona mapping resource. + :type data: AwsWifPersonaMappingData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/aws_wif_persona_mapping_type.py b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_type.py new file mode 100644 index 0000000000..e3095656a2 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_persona_mapping_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class AwsWifPersonaMappingType(ModelSimple): + """ + Type identifier for an AWS WIF persona mapping. + + :param value: If omitted defaults to "aws_wif_config". Must be one of ["aws_wif_config"]. + :type value: str + """ + + allowed_values = { + "aws_wif_config", + } + AWS_WIF_CONFIG: ClassVar["AwsWifPersonaMappingType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +AwsWifPersonaMappingType.AWS_WIF_CONFIG = AwsWifPersonaMappingType("aws_wif_config") diff --git a/src/datadog_api_client/v2/model/aws_wif_persona_mappings_response.py b/src/datadog_api_client/v2/model/aws_wif_persona_mappings_response.py new file mode 100644 index 0000000000..90897beceb --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_wif_persona_mappings_response.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_wif_persona_mapping_data import AwsWifPersonaMappingData + + +class AwsWifPersonaMappingsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_wif_persona_mapping_data import AwsWifPersonaMappingData + + return { + "data": ([AwsWifPersonaMappingData],), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: List[AwsWifPersonaMappingData], **kwargs): + """ + Response containing a list of AWS WIF persona mappings. + + :param data: + :type data: [AwsWifPersonaMappingData] + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/delegated_token_attributes.py b/src/datadog_api_client/v2/model/delegated_token_attributes.py new file mode 100644 index 0000000000..538787c2f5 --- /dev/null +++ b/src/datadog_api_client/v2/model/delegated_token_attributes.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + datetime, +) + + +class DelegatedTokenAttributes(ModelNormal): + @cached_property + def openapi_types(_): + return { + "access_token": (str,), + "expires": (datetime,), + } + + attribute_map = { + "access_token": "access_token", + "expires": "expires", + } + + def __init__(self_, access_token: str, expires: datetime, **kwargs): + """ + Attributes of a delegated token. + + :param access_token: A short-lived JWT representing the authenticated Datadog user. Pass this as a bearer token in subsequent API calls. + :type access_token: str + + :param expires: The expiry time of the token. + :type expires: datetime + """ + super().__init__(kwargs) + + self_.access_token = access_token + self_.expires = expires diff --git a/src/datadog_api_client/v2/model/delegated_token_data.py b/src/datadog_api_client/v2/model/delegated_token_data.py new file mode 100644 index 0000000000..013ac46e61 --- /dev/null +++ b/src/datadog_api_client/v2/model/delegated_token_data.py @@ -0,0 +1,55 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + UUID, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.delegated_token_attributes import DelegatedTokenAttributes + from datadog_api_client.v2.model.delegated_token_type import DelegatedTokenType + + +class DelegatedTokenData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.delegated_token_attributes import DelegatedTokenAttributes + from datadog_api_client.v2.model.delegated_token_type import DelegatedTokenType + + return { + "attributes": (DelegatedTokenAttributes,), + "id": (UUID,), + "type": (DelegatedTokenType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__(self_, attributes: DelegatedTokenAttributes, id: UUID, type: DelegatedTokenType, **kwargs): + """ + A delegated token resource. + + :param attributes: Attributes of a delegated token. + :type attributes: DelegatedTokenAttributes + + :param id: A random UUID assigned to this token issuance. + :type id: UUID + + :param type: The resource type for a delegated token. + :type type: DelegatedTokenType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.id = id + self_.type = type diff --git a/src/datadog_api_client/v2/model/delegated_token_response.py b/src/datadog_api_client/v2/model/delegated_token_response.py new file mode 100644 index 0000000000..b6e7667a1f --- /dev/null +++ b/src/datadog_api_client/v2/model/delegated_token_response.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.delegated_token_data import DelegatedTokenData + + +class DelegatedTokenResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.delegated_token_data import DelegatedTokenData + + return { + "data": (DelegatedTokenData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: DelegatedTokenData, **kwargs): + """ + Response containing a delegated user token. + + :param data: A delegated token resource. + :type data: DelegatedTokenData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/delegated_token_type.py b/src/datadog_api_client/v2/model/delegated_token_type.py new file mode 100644 index 0000000000..b50ff94980 --- /dev/null +++ b/src/datadog_api_client/v2/model/delegated_token_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class DelegatedTokenType(ModelSimple): + """ + The resource type for a delegated token. + + :param value: If omitted defaults to "token". Must be one of ["token"]. + :type value: str + """ + + allowed_values = { + "token", + } + TOKEN: ClassVar["DelegatedTokenType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +DelegatedTokenType.TOKEN = DelegatedTokenType("token") diff --git a/src/datadog_api_client/v2/model/intake_api_key_attributes.py b/src/datadog_api_client/v2/model/intake_api_key_attributes.py new file mode 100644 index 0000000000..1724e923e6 --- /dev/null +++ b/src/datadog_api_client/v2/model/intake_api_key_attributes.py @@ -0,0 +1,39 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +class IntakeAPIKeyAttributes(ModelNormal): + @cached_property + def openapi_types(_): + return { + "api_key": (str,), + "org_id": (int,), + } + + attribute_map = { + "api_key": "api_key", + "org_id": "org_id", + } + + def __init__(self_, api_key: str, org_id: int, **kwargs): + """ + Attributes of an intake API key returned after successful authentication. + + :param api_key: The Datadog API key the workload can use to send telemetry. + :type api_key: str + + :param org_id: The numeric ID of the Datadog organization the API key belongs to. + :type org_id: int + """ + super().__init__(kwargs) + + self_.api_key = api_key + self_.org_id = org_id diff --git a/src/datadog_api_client/v2/model/intake_api_key_data.py b/src/datadog_api_client/v2/model/intake_api_key_data.py new file mode 100644 index 0000000000..bfa63931f5 --- /dev/null +++ b/src/datadog_api_client/v2/model/intake_api_key_data.py @@ -0,0 +1,54 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.intake_api_key_attributes import IntakeAPIKeyAttributes + from datadog_api_client.v2.model.intake_api_key_type import IntakeAPIKeyType + + +class IntakeAPIKeyData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.intake_api_key_attributes import IntakeAPIKeyAttributes + from datadog_api_client.v2.model.intake_api_key_type import IntakeAPIKeyType + + return { + "attributes": (IntakeAPIKeyAttributes,), + "id": (str,), + "type": (IntakeAPIKeyType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__(self_, attributes: IntakeAPIKeyAttributes, id: str, type: IntakeAPIKeyType, **kwargs): + """ + An intake API key resource. + + :param attributes: Attributes of an intake API key returned after successful authentication. + :type attributes: IntakeAPIKeyAttributes + + :param id: A stable identifier for the intake key, scoped to the matched organization. + :type id: str + + :param type: The resource type for an intake API key. + :type type: IntakeAPIKeyType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.id = id + self_.type = type diff --git a/src/datadog_api_client/v2/model/intake_api_key_response.py b/src/datadog_api_client/v2/model/intake_api_key_response.py new file mode 100644 index 0000000000..5d7421cdad --- /dev/null +++ b/src/datadog_api_client/v2/model/intake_api_key_response.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.intake_api_key_data import IntakeAPIKeyData + + +class IntakeAPIKeyResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.intake_api_key_data import IntakeAPIKeyData + + return { + "data": (IntakeAPIKeyData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: IntakeAPIKeyData, **kwargs): + """ + Response containing an intake API key for the authenticated cloud workload. + + :param data: An intake API key resource. + :type data: IntakeAPIKeyData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/intake_api_key_type.py b/src/datadog_api_client/v2/model/intake_api_key_type.py new file mode 100644 index 0000000000..aafc5d174d --- /dev/null +++ b/src/datadog_api_client/v2/model/intake_api_key_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class IntakeAPIKeyType(ModelSimple): + """ + The resource type for an intake API key. + + :param value: If omitted defaults to "intake_api_key". Must be one of ["intake_api_key"]. + :type value: str + """ + + allowed_values = { + "intake_api_key", + } + INTAKE_API_KEY: ClassVar["IntakeAPIKeyType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +IntakeAPIKeyType.INTAKE_API_KEY = IntakeAPIKeyType("intake_api_key") diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 0910910737..69be3cba87 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -735,6 +735,21 @@ from datadog_api_client.v2.model.aws_scan_options_update_attributes import AwsScanOptionsUpdateAttributes from datadog_api_client.v2.model.aws_scan_options_update_data import AwsScanOptionsUpdateData from datadog_api_client.v2.model.aws_scan_options_update_request import AwsScanOptionsUpdateRequest +from datadog_api_client.v2.model.aws_wif_intake_mapping_attributes import AwsWifIntakeMappingAttributes +from datadog_api_client.v2.model.aws_wif_intake_mapping_create_data import AwsWifIntakeMappingCreateData +from datadog_api_client.v2.model.aws_wif_intake_mapping_create_request import AwsWifIntakeMappingCreateRequest +from datadog_api_client.v2.model.aws_wif_intake_mapping_data import AwsWifIntakeMappingData +from datadog_api_client.v2.model.aws_wif_intake_mapping_response import AwsWifIntakeMappingResponse +from datadog_api_client.v2.model.aws_wif_intake_mapping_type import AwsWifIntakeMappingType +from datadog_api_client.v2.model.aws_wif_intake_mappings_response import AwsWifIntakeMappingsResponse +from datadog_api_client.v2.model.aws_wif_persona_mapping_attributes import AwsWifPersonaMappingAttributes +from datadog_api_client.v2.model.aws_wif_persona_mapping_create_attributes import AwsWifPersonaMappingCreateAttributes +from datadog_api_client.v2.model.aws_wif_persona_mapping_create_data import AwsWifPersonaMappingCreateData +from datadog_api_client.v2.model.aws_wif_persona_mapping_create_request import AwsWifPersonaMappingCreateRequest +from datadog_api_client.v2.model.aws_wif_persona_mapping_data import AwsWifPersonaMappingData +from datadog_api_client.v2.model.aws_wif_persona_mapping_response import AwsWifPersonaMappingResponse +from datadog_api_client.v2.model.aws_wif_persona_mapping_type import AwsWifPersonaMappingType +from datadog_api_client.v2.model.aws_wif_persona_mappings_response import AwsWifPersonaMappingsResponse from datadog_api_client.v2.model.azure_credentials import AzureCredentials from datadog_api_client.v2.model.azure_credentials_update import AzureCredentialsUpdate from datadog_api_client.v2.model.azure_integration import AzureIntegration @@ -2194,6 +2209,10 @@ DegradationDataRelationshipsStatusPageData, ) from datadog_api_client.v2.model.degradation_included import DegradationIncluded +from datadog_api_client.v2.model.delegated_token_attributes import DelegatedTokenAttributes +from datadog_api_client.v2.model.delegated_token_data import DelegatedTokenData +from datadog_api_client.v2.model.delegated_token_response import DelegatedTokenResponse +from datadog_api_client.v2.model.delegated_token_type import DelegatedTokenType from datadog_api_client.v2.model.delete_app_response import DeleteAppResponse from datadog_api_client.v2.model.delete_app_response_data import DeleteAppResponseData from datadog_api_client.v2.model.delete_apps_datastore_item_request import DeleteAppsDatastoreItemRequest @@ -3456,6 +3475,10 @@ from datadog_api_client.v2.model.input_schema import InputSchema from datadog_api_client.v2.model.input_schema_parameters import InputSchemaParameters from datadog_api_client.v2.model.input_schema_parameters_type import InputSchemaParametersType +from datadog_api_client.v2.model.intake_api_key_attributes import IntakeAPIKeyAttributes +from datadog_api_client.v2.model.intake_api_key_data import IntakeAPIKeyData +from datadog_api_client.v2.model.intake_api_key_response import IntakeAPIKeyResponse +from datadog_api_client.v2.model.intake_api_key_type import IntakeAPIKeyType from datadog_api_client.v2.model.intake_payload_accepted import IntakePayloadAccepted from datadog_api_client.v2.model.integration import Integration from datadog_api_client.v2.model.integration_attributes import IntegrationAttributes @@ -9850,6 +9873,21 @@ "AwsScanOptionsUpdateAttributes", "AwsScanOptionsUpdateData", "AwsScanOptionsUpdateRequest", + "AwsWifIntakeMappingAttributes", + "AwsWifIntakeMappingCreateData", + "AwsWifIntakeMappingCreateRequest", + "AwsWifIntakeMappingData", + "AwsWifIntakeMappingResponse", + "AwsWifIntakeMappingType", + "AwsWifIntakeMappingsResponse", + "AwsWifPersonaMappingAttributes", + "AwsWifPersonaMappingCreateAttributes", + "AwsWifPersonaMappingCreateData", + "AwsWifPersonaMappingCreateRequest", + "AwsWifPersonaMappingData", + "AwsWifPersonaMappingResponse", + "AwsWifPersonaMappingType", + "AwsWifPersonaMappingsResponse", "AzureCredentials", "AzureCredentialsUpdate", "AzureIntegration", @@ -10941,6 +10979,10 @@ "DegradationDataRelationshipsStatusPage", "DegradationDataRelationshipsStatusPageData", "DegradationIncluded", + "DelegatedTokenAttributes", + "DelegatedTokenData", + "DelegatedTokenResponse", + "DelegatedTokenType", "DeleteAppResponse", "DeleteAppResponseData", "DeleteAppsDatastoreItemRequest", @@ -11937,6 +11979,10 @@ "InputSchema", "InputSchemaParameters", "InputSchemaParametersType", + "IntakeAPIKeyAttributes", + "IntakeAPIKeyData", + "IntakeAPIKeyResponse", + "IntakeAPIKeyType", "IntakePayloadAccepted", "Integration", "IntegrationAttributes", diff --git a/tests/v2/features/aws_wif.feature b/tests/v2/features/aws_wif.feature new file mode 100644 index 0000000000..922431ffee --- /dev/null +++ b/tests/v2/features/aws_wif.feature @@ -0,0 +1,149 @@ +@endpoint(aws-wif) @endpoint(aws-wif-v2) +Feature: AWS WIF + Manage AWS Workload Identity Federation (WIF) mappings. Persona mappings + link IAM role ARN patterns to Datadog users for delegated-token + authentication. Intake mappings link IAM role ARN patterns to managed- + rotation API keys for agent telemetry ingestion. + + Background: + Given a valid "apiKeyAuth" key in the system + And a valid "appKeyAuth" key in the system + And an instance of "AWSWIF" API + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Create an AWS WIF intake mapping returns "Bad Request" response + Given new "CreateAwsWifIntakeMapping" request + And body with value {"data": {"attributes": {"arn_pattern": "arn:aws:iam::123456789012:role/my-agent-role"}, "type": "aws_wif_intake_mapping"}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Create an AWS WIF intake mapping returns "Conflict" response + Given new "CreateAwsWifIntakeMapping" request + And body with value {"data": {"attributes": {"arn_pattern": "arn:aws:iam::123456789012:role/my-agent-role"}, "type": "aws_wif_intake_mapping"}} + When the request is sent + Then the response status is 409 Conflict + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Create an AWS WIF intake mapping returns "Created" response + Given new "CreateAwsWifIntakeMapping" request + And body with value {"data": {"attributes": {"arn_pattern": "arn:aws:iam::123456789012:role/my-agent-role"}, "type": "aws_wif_intake_mapping"}} + When the request is sent + Then the response status is 201 Created + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Create an AWS WIF persona mapping returns "Bad Request" response + Given new "CreateAwsWifPersonaMapping" request + And body with value {"data": {"attributes": {"account_identifier": "user@example.com", "arn_pattern": "arn:aws:iam::123456789012:role/my-workload-role"}, "type": "aws_wif_config"}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Create an AWS WIF persona mapping returns "Conflict" response + Given new "CreateAwsWifPersonaMapping" request + And body with value {"data": {"attributes": {"account_identifier": "user@example.com", "arn_pattern": "arn:aws:iam::123456789012:role/my-workload-role"}, "type": "aws_wif_config"}} + When the request is sent + Then the response status is 409 Conflict + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Create an AWS WIF persona mapping returns "Created" response + Given new "CreateAwsWifPersonaMapping" request + And body with value {"data": {"attributes": {"account_identifier": "user@example.com", "arn_pattern": "arn:aws:iam::123456789012:role/my-workload-role"}, "type": "aws_wif_config"}} + When the request is sent + Then the response status is 201 Created + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Delete an AWS WIF intake mapping returns "Bad Request" response + Given new "DeleteAwsWifIntakeMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Delete an AWS WIF intake mapping returns "No Content" response + Given new "DeleteAwsWifIntakeMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 204 No Content + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Delete an AWS WIF intake mapping returns "Not Found" response + Given new "DeleteAwsWifIntakeMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Delete an AWS WIF persona mapping returns "Bad Request" response + Given new "DeleteAwsWifPersonaMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Delete an AWS WIF persona mapping returns "No Content" response + Given new "DeleteAwsWifPersonaMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 204 No Content + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Delete an AWS WIF persona mapping returns "Not Found" response + Given new "DeleteAwsWifPersonaMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Get an AWS WIF intake mapping returns "Bad Request" response + Given new "GetAwsWifIntakeMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Get an AWS WIF intake mapping returns "Not Found" response + Given new "GetAwsWifIntakeMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Get an AWS WIF intake mapping returns "OK" response + Given new "GetAwsWifIntakeMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Get an AWS WIF persona mapping returns "Bad Request" response + Given new "GetAwsWifPersonaMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Get an AWS WIF persona mapping returns "Not Found" response + Given new "GetAwsWifPersonaMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Get an AWS WIF persona mapping returns "OK" response + Given new "GetAwsWifPersonaMapping" request + And request contains "config_uuid" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: List AWS WIF intake mappings returns "OK" response + Given new "ListAwsWifIntakeMappings" request + When the request is sent + Then the response status is 200 OK + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: List AWS WIF persona mappings returns "OK" response + Given new "ListAwsWifPersonaMappings" request + When the request is sent + Then the response status is 200 OK diff --git a/tests/v2/features/cloud_authentication.feature b/tests/v2/features/cloud_authentication.feature index c444f1469c..03888e59bb 100644 --- a/tests/v2/features/cloud_authentication.feature +++ b/tests/v2/features/cloud_authentication.feature @@ -8,7 +8,7 @@ Feature: Cloud Authentication And a valid "appKeyAuth" key in the system And an instance of "CloudAuthentication" API - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: Create an AWS cloud authentication persona mapping returns "Bad Request" response Given operation "CreateAWSCloudAuthPersonaMapping" enabled And new "CreateAWSCloudAuthPersonaMapping" request @@ -16,7 +16,7 @@ Feature: Cloud Authentication When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: Create an AWS cloud authentication persona mapping returns "Conflict" response Given operation "CreateAWSCloudAuthPersonaMapping" enabled And new "CreateAWSCloudAuthPersonaMapping" request @@ -24,7 +24,7 @@ Feature: Cloud Authentication When the request is sent Then the response status is 409 Conflict - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: Create an AWS cloud authentication persona mapping returns "Created" response Given operation "CreateAWSCloudAuthPersonaMapping" enabled And new "CreateAWSCloudAuthPersonaMapping" request @@ -32,7 +32,7 @@ Feature: Cloud Authentication When the request is sent Then the response status is 201 Created - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: Delete an AWS cloud authentication persona mapping returns "No Content" response Given operation "DeleteAWSCloudAuthPersonaMapping" enabled And new "DeleteAWSCloudAuthPersonaMapping" request @@ -40,7 +40,7 @@ Feature: Cloud Authentication When the request is sent Then the response status is 204 No Content - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: Delete an AWS cloud authentication persona mapping returns "Not Found" response Given operation "DeleteAWSCloudAuthPersonaMapping" enabled And new "DeleteAWSCloudAuthPersonaMapping" request @@ -48,7 +48,7 @@ Feature: Cloud Authentication When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: Get an AWS cloud authentication persona mapping returns "Not Found" response Given operation "GetAWSCloudAuthPersonaMapping" enabled And new "GetAWSCloudAuthPersonaMapping" request @@ -56,7 +56,7 @@ Feature: Cloud Authentication When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: Get an AWS cloud authentication persona mapping returns "OK" response Given operation "GetAWSCloudAuthPersonaMapping" enabled And new "GetAWSCloudAuthPersonaMapping" request @@ -64,14 +64,14 @@ Feature: Cloud Authentication When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: List AWS cloud authentication persona mappings returns "Bad Request" response Given operation "ListAWSCloudAuthPersonaMappings" enabled And new "ListAWSCloudAuthPersonaMappings" request When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/team-aaaauthn + @generated @skip @team:DataDog/delegated-auth-login Scenario: List AWS cloud authentication persona mappings returns "OK" response Given operation "ListAWSCloudAuthPersonaMappings" enabled And new "ListAWSCloudAuthPersonaMappings" request diff --git a/tests/v2/features/delegated_token.feature b/tests/v2/features/delegated_token.feature new file mode 100644 index 0000000000..343463af38 --- /dev/null +++ b/tests/v2/features/delegated_token.feature @@ -0,0 +1,13 @@ +@endpoint(delegated-token) @endpoint(delegated-token-v2) +Feature: Delegated Token + Exchange a cloud-provider identity proof or Datadog credential for a + short-lived delegated-user JWT via Workload Identity Federation. + + @generated @skip @team:DataDog/delegated-auth-login + Scenario: Get a delegated token returns "OK" response + Given a valid "apiKeyAuth" key in the system + And a valid "appKeyAuth" key in the system + And an instance of "DelegatedToken" API + And new "GetDelegatedToken" request + When the request is sent + Then the response status is 200 OK diff --git a/tests/v2/features/intake_key.feature b/tests/v2/features/intake_key.feature new file mode 100644 index 0000000000..ddcc5a81f1 --- /dev/null +++ b/tests/v2/features/intake_key.feature @@ -0,0 +1,13 @@ +@endpoint(intake-key) @endpoint(intake-key-v2) +Feature: Intake Key + Exchange a cloud-provider identity proof for a Datadog API key via + Workload Identity Federation intake mappings. + + @generated @skip @team:DataDog/credentials-management + Scenario: Get an intake API key returns "OK" response + Given a valid "apiKeyAuth" key in the system + And a valid "appKeyAuth" key in the system + And an instance of "IntakeKey" API + And new "GetIntakeKey" request + When the request is sent + Then the response status is 200 OK diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index 049cc12522..d96495cf27 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -2255,6 +2255,12 @@ "type": "idempotent" } }, + "GetDelegatedToken": { + "tag": "Delegated Token", + "undo": { + "type": "idempotent" + } + }, "CreateDataDeletionRequest": { "tag": "Data Deletion", "undo": { @@ -3233,6 +3239,12 @@ "type": "idempotent" } }, + "GetIntakeKey": { + "tag": "Intake Key", + "undo": { + "type": "idempotent" + } + }, "ListAWSAccounts": { "tag": "AWS Integration", "undo": { @@ -9246,6 +9258,68 @@ "type": "safe" } }, + "ListAwsWifIntakeMappings": { + "tag": "AWS WIF", + "undo": { + "type": "safe" + } + }, + "CreateAwsWifIntakeMapping": { + "tag": "AWS WIF", + "undo": { + "operationId": "DeleteAwsWifIntakeMapping", + "parameters": [ + { + "name": "config_uuid", + "source": "data.id" + } + ], + "type": "unsafe" + } + }, + "DeleteAwsWifIntakeMapping": { + "tag": "AWS WIF", + "undo": { + "type": "idempotent" + } + }, + "GetAwsWifIntakeMapping": { + "tag": "AWS WIF", + "undo": { + "type": "safe" + } + }, + "ListAwsWifPersonaMappings": { + "tag": "AWS WIF", + "undo": { + "type": "safe" + } + }, + "CreateAwsWifPersonaMapping": { + "tag": "AWS WIF", + "undo": { + "operationId": "DeleteAwsWifPersonaMapping", + "parameters": [ + { + "name": "config_uuid", + "source": "data.id" + } + ], + "type": "unsafe" + } + }, + "DeleteAwsWifPersonaMapping": { + "tag": "AWS WIF", + "undo": { + "type": "idempotent" + } + }, + "GetAwsWifPersonaMapping": { + "tag": "AWS WIF", + "undo": { + "type": "safe" + } + }, "ListWorkflows": { "tag": "Workflow Automation", "undo": {