diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 99b25f0ac8..f7df9e1075 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -41606,6 +41606,404 @@ components: - impact_hint - status type: object + GovernanceControlAttributes: + description: The attributes of a governance control. + properties: + active_detections_count: + description: The number of active detections for the control. + example: 12 + format: int64 + type: integer + category: + description: The value driver the control is grouped under, such as `security` or `cost`. + example: "security" + type: string + created_at: + description: The time the control configuration was created. + example: "2024-01-15T09:30:00Z" + format: date-time + type: string + created_by: + description: The UUID of the user who created the control configuration. + example: "11111111-2222-3333-4444-555555555555" + type: string + description: + description: A human-readable description of what the control detects. + example: "Identifies API keys that have not been used within your specified time threshold, helping reduce security risks from dormant credentials." + type: string + detection_frequency: + description: How often detections are evaluated for the control. + example: "daily" + type: string + detection_parameters: + $ref: "#/components/schemas/GovernanceControlParametersMap" + nullable: true + detection_type: + description: The detection type that uniquely identifies the control. + example: "unused_api_keys" + type: string + feature_flags: + description: The feature flags that gate the control. + example: [] + items: + description: A feature flag that gates the control. + type: string + type: array + insights: + description: The insight slugs associated with the control. + example: [] + items: + description: An insight slug associated with the control. + type: string + type: array + last_detection_at: + description: The time of the most recent detection for the control. `null` when there are no detections. + example: "2024-03-01T12:00:00Z" + format: date-time + nullable: true + type: string + mitigated_detections_count: + description: The number of mitigated detections for the control. + example: 3 + format: int64 + type: integer + mitigation_parameters: + $ref: "#/components/schemas/GovernanceControlParametersMap" + nullable: true + mitigation_type: + description: The configured mitigation type for the control. Empty when not configured. + example: "revoke_api_key" + type: string + mitigations: + $ref: "#/components/schemas/GovernanceControlMitigationDefinitionArray" + name: + description: Human-readable name of the control. + example: "Unused API Keys" + type: string + next_steps: + description: Guidance on the next steps to remediate detections for the control. + example: "Review and revoke API keys that are no longer in use to maintain a secure authentication posture." + type: string + notification_frequency: + description: The configured notification frequency for the control. Empty when not configured. + example: "" + type: string + notification_parameters: + $ref: "#/components/schemas/GovernanceControlParametersMap" + nullable: true + notification_type: + description: The configured notification type for the control. Empty when not configured. + example: "" + type: string + priority: + description: The priority of the control, such as `High`. + example: "High" + type: string + product: + description: The product the control belongs to. + example: "api_keys" + type: string + release_status: + description: The release status of the control, such as `prod` or `beta`. + example: "prod" + type: string + resource_type: + description: The type of resource the control evaluates. + example: "api_key" + type: string + resource_type_display_name: + description: The human-readable name of the resource type. + example: "API Key" + type: string + supported_detection_parameters: + $ref: "#/components/schemas/GovernanceControlParameterDefinitionArray" + supported_notification_parameters: + $ref: "#/components/schemas/GovernanceControlParameterDefinitionArray" + task: + description: A short description of the remediation task for the control. + example: "Review and revoke unused API keys." + type: string + type: + description: The control type, such as `Proactive` or `Detection`. + example: "Proactive" + type: string + usage_concern: + description: The usage concern the control addresses, such as `Security` or `Cost Optimization`. + example: "Security" + type: string + required: + - name + - description + - detection_type + - supported_detection_parameters + - supported_notification_parameters + - resource_type + - resource_type_display_name + - product + - category + - insights + - mitigations + - task + - next_steps + - release_status + - feature_flags + - type + - priority + - usage_concern + - detection_parameters + - detection_frequency + - notification_type + - notification_parameters + - notification_frequency + - mitigation_type + - mitigation_parameters + - created_at + - created_by + - active_detections_count + - mitigated_detections_count + - last_detection_at + type: object + GovernanceControlData: + description: A governance control resource. + properties: + attributes: + $ref: "#/components/schemas/GovernanceControlAttributes" + id: + description: The unique identifier of the control. + example: "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a" + type: string + type: + $ref: "#/components/schemas/GovernanceControlResourceType" + required: + - id + - type + - attributes + type: object + GovernanceControlMitigationDefinition: + description: The definition of a mitigation available for a control. + properties: + action_verb: + description: The verb describing the mitigation action, such as `revoke` or `delete`. + example: "revoke" + type: string + description: + description: A human-readable description of the mitigation. + example: "Automatically identifies and revokes inactive API keys to improve security and reduce potential attack surface." + type: string + execution_modes: + description: The execution modes the mitigation supports, such as `manual` or `automatic`. + example: + - "manual" + - "automatic" + items: + description: An execution mode the mitigation supports. + type: string + type: array + feature_flags: + description: The feature flags that gate the mitigation. + example: [] + items: + description: A feature flag that gates the mitigation. + type: string + type: array + id: + description: The unique identifier of the mitigation. + example: "revoke_api_key" + type: string + manual_mitigation_warning: + description: A warning shown to the user before applying the mitigation manually. + example: "These API keys will be revoked immediately upon confirmation. To revoke future API keys, you will go through this flow again." + type: string + permissions: + description: The permissions required to apply the mitigation. + example: + - "api_keys_write" + - "api_keys_delete" + items: + description: A permission required to apply the mitigation. + type: string + type: array + requires_ai: + description: Whether the mitigation requires AI to be enabled. + example: false + type: boolean + supported_parameters: + $ref: "#/components/schemas/GovernanceControlParameterDefinitionArray" + title: + description: A short, human-readable name for the mitigation. + example: "Revoke Unused API Keys" + type: string + required: + - id + - title + - description + - action_verb + - supported_parameters + - permissions + - manual_mitigation_warning + - feature_flags + - requires_ai + type: object + GovernanceControlMitigationDefinitionArray: + description: The mitigations available for a control. + items: + $ref: "#/components/schemas/GovernanceControlMitigationDefinition" + type: array + GovernanceControlParameterDefinition: + description: The definition of a configurable parameter on a control or mitigation. + properties: + default_value: + description: The default value of the parameter. The JSON type depends on the parameter's `type`. + example: 30 + description: + description: A human-readable description of the parameter. + example: "Number of days of inactivity before an API key is considered unused." + type: string + display_name: + description: The human-readable name of the parameter. + example: "Unused API Key Threshold" + type: string + hidden: + description: Whether the parameter is hidden from the UI. + example: false + type: boolean + name: + description: The machine-readable name of the parameter. + example: "api_key_threshold" + type: string + required: + description: Whether the parameter must be provided. + example: false + type: boolean + supported_values: + $ref: "#/components/schemas/GovernanceControlSupportedValueArray" + type: + description: The type of the parameter, such as `integer`, `string`, `boolean`, `enum`, or `pattern_list`. + example: "integer" + type: string + required: + - name + - display_name + - description + - type + - required + - hidden + - supported_values + - default_value + type: object + GovernanceControlParameterDefinitionArray: + description: An array of parameter definitions. + items: + $ref: "#/components/schemas/GovernanceControlParameterDefinition" + type: array + GovernanceControlParametersMap: + additionalProperties: {} + description: A free-form map of parameter names to their configured values. + type: object + GovernanceControlResourceType: + description: JSON:API resource type for a governance control. + enum: + - governance_control + example: "governance_control" + type: string + x-enum-varnames: + - GOVERNANCE_CONTROL + GovernanceControlResponse: + description: A single governance control. + properties: + data: + $ref: "#/components/schemas/GovernanceControlData" + required: + - data + type: object + GovernanceControlSupportedValue: + description: A supported value for an enumerated parameter. + properties: + label: + description: The human-readable label for the value. + example: "30 days" + type: string + value: + description: The machine-readable value. + example: "thirty" + type: string + required: + - value + - label + type: object + GovernanceControlSupportedValueArray: + description: The supported values for an enumerated parameter. + items: + $ref: "#/components/schemas/GovernanceControlSupportedValue" + type: array + GovernanceControlUpdateAttributes: + description: The attributes of a governance control that can be updated. Only the attributes present in the request are modified. + properties: + detection_frequency: + description: How often detections should be evaluated for the control. + example: "daily" + type: string + detection_parameters: + $ref: "#/components/schemas/GovernanceControlParametersMap" + nullable: true + mitigation_parameters: + $ref: "#/components/schemas/GovernanceControlParametersMap" + nullable: true + mitigation_type: + description: The mitigation type to configure for the control. + example: "revoke_api_key" + type: string + name: + description: A new human-readable name for the control. + example: "Unused API Keys" + type: string + notification_frequency: + description: The notification frequency to configure for the control. + example: "daily" + type: string + notification_parameters: + $ref: "#/components/schemas/GovernanceControlParametersMap" + nullable: true + notification_type: + description: The notification type to configure for the control. + example: "slack" + type: string + type: object + GovernanceControlUpdateData: + description: The data of a governance control update request. + properties: + attributes: + $ref: "#/components/schemas/GovernanceControlUpdateAttributes" + id: + description: The unique identifier of the control. + example: "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a" + type: string + type: + $ref: "#/components/schemas/GovernanceControlResourceType" + required: + - type + type: object + GovernanceControlUpdateRequest: + description: A request to update a governance control. + properties: + data: + $ref: "#/components/schemas/GovernanceControlUpdateData" + required: + - data + type: object + GovernanceControlsDataArray: + description: An array of governance control resources. + items: + $ref: "#/components/schemas/GovernanceControlData" + type: array + GovernanceControlsResponse: + description: A list of governance controls. + properties: + data: + $ref: "#/components/schemas/GovernanceControlsDataArray" + required: + - data + type: object GovernanceInsightAttributes: description: The attributes of a governance insight. properties: @@ -133746,6 +134144,319 @@ paths: operator: OR permissions: - user_access_read + /api/v2/governance/control: + get: + description: |- + Retrieve the list of governance controls configured for the organization. Each control pairs a + detection definition with the organization's current detection, notification, and mitigation + configuration, along with counts of active and mitigated detections. + operationId: ListGovernanceControls + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + active_detections_count: 12 + category: "security" + created_at: "2024-01-15T09:30:00Z" + created_by: "11111111-2222-3333-4444-555555555555" + description: "Identifies API keys that have not been used within your specified time threshold, helping reduce security risks from dormant credentials." + detection_frequency: "daily" + detection_parameters: + api_key_threshold: 30 + detection_type: "unused_api_keys" + feature_flags: [] + insights: [] + last_detection_at: "2024-03-01T12:00:00Z" + mitigated_detections_count: 3 + mitigation_parameters: {} + mitigation_type: "" + mitigations: + - action_verb: "revoke" + description: "Automatically identifies and revokes inactive API keys to improve security and reduce potential attack surface." + execution_modes: + - "manual" + - "automatic" + feature_flags: [] + id: "revoke_api_key" + manual_mitigation_warning: "These API keys will be revoked immediately upon confirmation. To revoke future API keys, you will go through this flow again." + permissions: + - "api_keys_write" + - "api_keys_delete" + requires_ai: false + supported_parameters: [] + title: "Revoke Unused API Keys" + name: "Unused API Keys" + next_steps: "Review and revoke API keys that are no longer in use to maintain a secure authentication posture." + notification_frequency: "" + notification_parameters: {} + notification_type: "" + priority: "High" + product: "api_keys" + release_status: "prod" + resource_type: "api_key" + resource_type_display_name: "API Key" + supported_detection_parameters: + - default_value: 30 + description: "Number of days of inactivity before an API key is considered unused." + display_name: "Unused API Key Threshold" + hidden: false + name: "api_key_threshold" + required: false + supported_values: [] + type: "integer" + supported_notification_parameters: + - default_value: false + description: "Enables the Governance Console to automatically assign ownership of detections based off of tagging and other internal heuristics." + display_name: "Automatic Ownership Assignment" + hidden: false + name: "governance_auto_assignment" + required: false + supported_values: [] + type: "boolean" + task: "Review and revoke unused API keys." + type: "Proactive" + usage_concern: "Security" + id: "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a" + type: "governance_control" + schema: + $ref: "#/components/schemas/GovernanceControlsResponse" + description: OK + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "401": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Unauthorized + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + summary: List governance controls + tags: + - Governance Controls + x-unstable: |- + **Note**: This endpoint is in preview and is subject to change. + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). + /api/v2/governance/control/{detection_type}: + get: + description: |- + Retrieve a single governance control by its detection type, including the organization's current + detection, notification, and mitigation configuration and detection counts. + operationId: GetGovernanceControl + parameters: + - description: The detection type that identifies the control, for example `unused_api_keys`. + example: "unused_api_keys" + in: path + name: detection_type + required: true + schema: + type: string + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + attributes: + active_detections_count: 12 + category: "security" + created_at: "2024-01-15T09:30:00Z" + created_by: "11111111-2222-3333-4444-555555555555" + description: "Identifies API keys that have not been used within your specified time threshold, helping reduce security risks from dormant credentials." + detection_frequency: "daily" + detection_parameters: + api_key_threshold: 30 + detection_type: "unused_api_keys" + feature_flags: [] + insights: [] + last_detection_at: "2024-03-01T12:00:00Z" + mitigated_detections_count: 3 + mitigation_parameters: {} + mitigation_type: "revoke_api_key" + mitigations: [] + name: "Unused API Keys" + next_steps: "Review and revoke API keys that are no longer in use to maintain a secure authentication posture." + notification_frequency: "" + notification_parameters: {} + notification_type: "" + priority: "High" + product: "api_keys" + release_status: "prod" + resource_type: "api_key" + resource_type_display_name: "API Key" + supported_detection_parameters: + - default_value: 30 + description: "Number of days of inactivity before an API key is considered unused." + display_name: "Unused API Key Threshold" + hidden: false + name: "api_key_threshold" + required: false + supported_values: [] + type: "integer" + supported_notification_parameters: [] + task: "Review and revoke unused API keys." + type: "Proactive" + usage_concern: "Security" + id: "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a" + type: "governance_control" + schema: + $ref: "#/components/schemas/GovernanceControlResponse" + description: OK + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "401": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Unauthorized + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "404": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Not Found + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + summary: Get a governance control + tags: + - Governance Controls + x-unstable: |- + **Note**: This endpoint is in preview and is subject to change. + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). + patch: + description: |- + Update the detection, notification, and mitigation configuration of a governance control. Only + the attributes present in the request are modified. Changing the mitigation type or its + parameters may require additional permissions. + operationId: UpdateGovernanceControl + parameters: + - description: The detection type that identifies the control, for example `unused_api_keys`. + example: "unused_api_keys" + in: path + name: detection_type + required: true + schema: + type: string + requestBody: + content: + application/json: + examples: + default: + value: + data: + attributes: + detection_parameters: + api_key_threshold: 60 + mitigation_type: "revoke_api_key" + type: "governance_control" + schema: + $ref: "#/components/schemas/GovernanceControlUpdateRequest" + required: true + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + attributes: + active_detections_count: 12 + category: "security" + created_at: "2024-01-15T09:30:00Z" + created_by: "11111111-2222-3333-4444-555555555555" + description: "Identifies API keys that have not been used within your specified time threshold, helping reduce security risks from dormant credentials." + detection_frequency: "daily" + detection_parameters: + api_key_threshold: 60 + detection_type: "unused_api_keys" + feature_flags: [] + insights: [] + last_detection_at: "2024-03-01T12:00:00Z" + mitigated_detections_count: 3 + mitigation_parameters: {} + mitigation_type: "revoke_api_key" + mitigations: [] + name: "Unused API Keys" + next_steps: "Review and revoke API keys that are no longer in use to maintain a secure authentication posture." + notification_frequency: "" + notification_parameters: {} + notification_type: "" + priority: "High" + product: "api_keys" + release_status: "prod" + resource_type: "api_key" + resource_type_display_name: "API Key" + supported_detection_parameters: [] + supported_notification_parameters: [] + task: "Review and revoke unused API keys." + type: "Proactive" + usage_concern: "Security" + id: "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a" + type: "governance_control" + schema: + $ref: "#/components/schemas/GovernanceControlResponse" + description: OK + "400": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Bad Request + "401": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Unauthorized + "403": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Forbidden + "404": + content: + application/json: + schema: + $ref: "#/components/schemas/JSONAPIErrorResponse" + description: Not Found + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + summary: Update a governance control + tags: + - Governance Controls + x-unstable: |- + **Note**: This endpoint is in preview and is subject to change. + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/governance/insights: get: description: |- @@ -193621,6 +194332,12 @@ tags: description: For more information about the Datadog Google Chat integration, see the integration page. url: https://docs.datadoghq.com/integrations/google-hangouts-chat/ name: Google Chat Integration + - description: |- + Governance Controls pair a detection definition with an organization's detection, notification, + and mitigation configuration within the Governance Console. Each control reports how a class of + governance issue (such as unused API keys or unqueried metrics) is detected and remediated, along + with counts of active and mitigated detections. + name: Governance Controls - description: |- Governance Insights surface key usage, configuration, and best-practice signals for an organization within the Governance Console. Each insight reports a current value (and, diff --git a/docs/datadog_api_client.v2.api.rst b/docs/datadog_api_client.v2.api.rst index 972863d62b..e56164d879 100644 --- a/docs/datadog_api_client.v2.api.rst +++ b/docs/datadog_api_client.v2.api.rst @@ -403,6 +403,13 @@ datadog\_api\_client.v2.api.google\_chat\_integration\_api module :members: :show-inheritance: +datadog\_api\_client.v2.api.governance\_controls\_api module +------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.api.governance_controls_api + :members: + :show-inheritance: + datadog\_api\_client.v2.api.governance\_insights\_api module ------------------------------------------------------------ diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index 14023429c7..baaf350a95 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -16930,6 +16930,90 @@ datadog\_api\_client.v2.model.governance\_best\_practice\_definition module :members: :show-inheritance: +datadog\_api\_client.v2.model.governance\_control\_attributes module +-------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_data module +-------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_mitigation\_definition module +-------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_mitigation_definition + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_parameter\_definition module +------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_parameter_definition + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_parameters\_map module +------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_parameters_map + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_resource\_type module +------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.governance_control_resource_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_response module +------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.governance_control_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_supported\_value module +-------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_supported_value + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_update\_attributes module +---------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_update_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_update\_data module +---------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_update_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_control\_update\_request module +------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_control_update_request + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.governance\_controls\_response module +------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.governance_controls_response + :members: + :show-inheritance: + datadog\_api\_client.v2.model.governance\_insight\_attributes module -------------------------------------------------------------------- diff --git a/examples/v2/governance-controls/GetGovernanceControl.py b/examples/v2/governance-controls/GetGovernanceControl.py new file mode 100644 index 0000000000..c958545e3e --- /dev/null +++ b/examples/v2/governance-controls/GetGovernanceControl.py @@ -0,0 +1,16 @@ +""" +Get a governance control returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.governance_controls_api import GovernanceControlsApi + +configuration = Configuration() +configuration.unstable_operations["get_governance_control"] = True +with ApiClient(configuration) as api_client: + api_instance = GovernanceControlsApi(api_client) + response = api_instance.get_governance_control( + detection_type="detection_type", + ) + + print(response) diff --git a/examples/v2/governance-controls/ListGovernanceControls.py b/examples/v2/governance-controls/ListGovernanceControls.py new file mode 100644 index 0000000000..32f54398f4 --- /dev/null +++ b/examples/v2/governance-controls/ListGovernanceControls.py @@ -0,0 +1,14 @@ +""" +List governance controls returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.governance_controls_api import GovernanceControlsApi + +configuration = Configuration() +configuration.unstable_operations["list_governance_controls"] = True +with ApiClient(configuration) as api_client: + api_instance = GovernanceControlsApi(api_client) + response = api_instance.list_governance_controls() + + print(response) diff --git a/examples/v2/governance-controls/UpdateGovernanceControl.py b/examples/v2/governance-controls/UpdateGovernanceControl.py new file mode 100644 index 0000000000..3567269f7a --- /dev/null +++ b/examples/v2/governance-controls/UpdateGovernanceControl.py @@ -0,0 +1,32 @@ +""" +Update a governance control returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.governance_controls_api import GovernanceControlsApi +from datadog_api_client.v2.model.governance_control_resource_type import GovernanceControlResourceType +from datadog_api_client.v2.model.governance_control_update_attributes import GovernanceControlUpdateAttributes +from datadog_api_client.v2.model.governance_control_update_data import GovernanceControlUpdateData +from datadog_api_client.v2.model.governance_control_update_request import GovernanceControlUpdateRequest + +body = GovernanceControlUpdateRequest( + data=GovernanceControlUpdateData( + attributes=GovernanceControlUpdateAttributes( + detection_frequency="daily", + mitigation_type="revoke_api_key", + name="Unused API Keys", + notification_frequency="daily", + notification_type="slack", + ), + id="0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a", + type=GovernanceControlResourceType.GOVERNANCE_CONTROL, + ), +) + +configuration = Configuration() +configuration.unstable_operations["update_governance_control"] = True +with ApiClient(configuration) as api_client: + api_instance = GovernanceControlsApi(api_client) + response = api_instance.update_governance_control(detection_type="detection_type", body=body) + + print(response) diff --git a/src/datadog_api_client/configuration.py b/src/datadog_api_client/configuration.py index 0694277a12..93df6b6a26 100644 --- a/src/datadog_api_client/configuration.py +++ b/src/datadog_api_client/configuration.py @@ -544,6 +544,9 @@ def __init__( "v2.upsert_and_publish_form_version": False, "v2.upsert_form_version": False, "v2.update_org_saml_configurations": False, + "v2.get_governance_control": False, + "v2.list_governance_controls": False, + "v2.update_governance_control": False, "v2.list_governance_insights": False, "v2.create_hamr_org_connection": False, "v2.get_hamr_org_connection": False, diff --git a/src/datadog_api_client/v2/api/governance_controls_api.py b/src/datadog_api_client/v2/api/governance_controls_api.py new file mode 100644 index 0000000000..445f511093 --- /dev/null +++ b/src/datadog_api_client/v2/api/governance_controls_api.py @@ -0,0 +1,146 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Any, Dict + +from datadog_api_client.api_client import ApiClient, Endpoint as _Endpoint +from datadog_api_client.configuration import Configuration +from datadog_api_client.v2.model.governance_controls_response import GovernanceControlsResponse +from datadog_api_client.v2.model.governance_control_response import GovernanceControlResponse +from datadog_api_client.v2.model.governance_control_update_request import GovernanceControlUpdateRequest + + +class GovernanceControlsApi: + """ + Governance Controls pair a detection definition with an organization's detection, notification, + and mitigation configuration within the Governance Console. Each control reports how a class of + governance issue (such as unused API keys or unqueried metrics) is detected and remediated, along + with counts of active and mitigated detections. + """ + + def __init__(self, api_client=None): + if api_client is None: + api_client = ApiClient(Configuration()) + self.api_client = api_client + + self._get_governance_control_endpoint = _Endpoint( + settings={ + "response_type": (GovernanceControlResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/governance/control/{detection_type}", + "operation_id": "get_governance_control", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "detection_type": { + "required": True, + "openapi_types": (str,), + "attribute": "detection_type", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + self._list_governance_controls_endpoint = _Endpoint( + settings={ + "response_type": (GovernanceControlsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/governance/control", + "operation_id": "list_governance_controls", + "http_method": "GET", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + self._update_governance_control_endpoint = _Endpoint( + settings={ + "response_type": (GovernanceControlResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/governance/control/{detection_type}", + "operation_id": "update_governance_control", + "http_method": "PATCH", + "version": "v2", + }, + params_map={ + "detection_type": { + "required": True, + "openapi_types": (str,), + "attribute": "detection_type", + "location": "path", + }, + "body": { + "required": True, + "openapi_types": (GovernanceControlUpdateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + + def get_governance_control( + self, + detection_type: str, + ) -> GovernanceControlResponse: + """Get a governance control. + + Retrieve a single governance control by its detection type, including the organization's current + detection, notification, and mitigation configuration and detection counts. + + :param detection_type: The detection type that identifies the control, for example ``unused_api_keys``. + :type detection_type: str + :rtype: GovernanceControlResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["detection_type"] = detection_type + + return self._get_governance_control_endpoint.call_with_http_info(**kwargs) + + def list_governance_controls( + self, + ) -> GovernanceControlsResponse: + """List governance controls. + + Retrieve the list of governance controls configured for the organization. Each control pairs a + detection definition with the organization's current detection, notification, and mitigation + configuration, along with counts of active and mitigated detections. + + :rtype: GovernanceControlsResponse + """ + kwargs: Dict[str, Any] = {} + return self._list_governance_controls_endpoint.call_with_http_info(**kwargs) + + def update_governance_control( + self, + detection_type: str, + body: GovernanceControlUpdateRequest, + ) -> GovernanceControlResponse: + """Update a governance control. + + Update the detection, notification, and mitigation configuration of a governance control. Only + the attributes present in the request are modified. Changing the mitigation type or its + parameters may require additional permissions. + + :param detection_type: The detection type that identifies the control, for example ``unused_api_keys``. + :type detection_type: str + :type body: GovernanceControlUpdateRequest + :rtype: GovernanceControlResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["detection_type"] = detection_type + + kwargs["body"] = body + + return self._update_governance_control_endpoint.call_with_http_info(**kwargs) diff --git a/src/datadog_api_client/v2/apis/__init__.py b/src/datadog_api_client/v2/apis/__init__.py index f37e2eebe2..1e147db9bf 100644 --- a/src/datadog_api_client/v2/apis/__init__.py +++ b/src/datadog_api_client/v2/apis/__init__.py @@ -55,6 +55,7 @@ from datadog_api_client.v2.api.forms_api import FormsApi from datadog_api_client.v2.api.gcp_integration_api import GCPIntegrationApi from datadog_api_client.v2.api.google_chat_integration_api import GoogleChatIntegrationApi +from datadog_api_client.v2.api.governance_controls_api import GovernanceControlsApi from datadog_api_client.v2.api.governance_insights_api import GovernanceInsightsApi from datadog_api_client.v2.api.high_availability_multi_region_api import HighAvailabilityMultiRegionApi from datadog_api_client.v2.api.ip_allowlist_api import IPAllowlistApi @@ -191,6 +192,7 @@ "FormsApi", "GCPIntegrationApi", "GoogleChatIntegrationApi", + "GovernanceControlsApi", "GovernanceInsightsApi", "HighAvailabilityMultiRegionApi", "IPAllowlistApi", diff --git a/src/datadog_api_client/v2/model/governance_control_attributes.py b/src/datadog_api_client/v2/model/governance_control_attributes.py new file mode 100644 index 0000000000..09d6f6e622 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_attributes.py @@ -0,0 +1,259 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + datetime, + none_type, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_parameters_map import GovernanceControlParametersMap + from datadog_api_client.v2.model.governance_control_mitigation_definition import ( + GovernanceControlMitigationDefinition, + ) + from datadog_api_client.v2.model.governance_control_parameter_definition import GovernanceControlParameterDefinition + + +class GovernanceControlAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_parameters_map import GovernanceControlParametersMap + from datadog_api_client.v2.model.governance_control_mitigation_definition import ( + GovernanceControlMitigationDefinition, + ) + from datadog_api_client.v2.model.governance_control_parameter_definition import ( + GovernanceControlParameterDefinition, + ) + + return { + "active_detections_count": (int,), + "category": (str,), + "created_at": (datetime,), + "created_by": (str,), + "description": (str,), + "detection_frequency": (str,), + "detection_parameters": (GovernanceControlParametersMap,), + "detection_type": (str,), + "feature_flags": ([str],), + "insights": ([str],), + "last_detection_at": (datetime, none_type), + "mitigated_detections_count": (int,), + "mitigation_parameters": (GovernanceControlParametersMap,), + "mitigation_type": (str,), + "mitigations": ([GovernanceControlMitigationDefinition],), + "name": (str,), + "next_steps": (str,), + "notification_frequency": (str,), + "notification_parameters": (GovernanceControlParametersMap,), + "notification_type": (str,), + "priority": (str,), + "product": (str,), + "release_status": (str,), + "resource_type": (str,), + "resource_type_display_name": (str,), + "supported_detection_parameters": ([GovernanceControlParameterDefinition],), + "supported_notification_parameters": ([GovernanceControlParameterDefinition],), + "task": (str,), + "type": (str,), + "usage_concern": (str,), + } + + attribute_map = { + "active_detections_count": "active_detections_count", + "category": "category", + "created_at": "created_at", + "created_by": "created_by", + "description": "description", + "detection_frequency": "detection_frequency", + "detection_parameters": "detection_parameters", + "detection_type": "detection_type", + "feature_flags": "feature_flags", + "insights": "insights", + "last_detection_at": "last_detection_at", + "mitigated_detections_count": "mitigated_detections_count", + "mitigation_parameters": "mitigation_parameters", + "mitigation_type": "mitigation_type", + "mitigations": "mitigations", + "name": "name", + "next_steps": "next_steps", + "notification_frequency": "notification_frequency", + "notification_parameters": "notification_parameters", + "notification_type": "notification_type", + "priority": "priority", + "product": "product", + "release_status": "release_status", + "resource_type": "resource_type", + "resource_type_display_name": "resource_type_display_name", + "supported_detection_parameters": "supported_detection_parameters", + "supported_notification_parameters": "supported_notification_parameters", + "task": "task", + "type": "type", + "usage_concern": "usage_concern", + } + + def __init__( + self_, + active_detections_count: int, + category: str, + created_at: datetime, + created_by: str, + description: str, + detection_frequency: str, + detection_parameters: GovernanceControlParametersMap, + detection_type: str, + feature_flags: List[str], + insights: List[str], + last_detection_at: Union[datetime, none_type], + mitigated_detections_count: int, + mitigation_parameters: GovernanceControlParametersMap, + mitigation_type: str, + mitigations: List[GovernanceControlMitigationDefinition], + name: str, + next_steps: str, + notification_frequency: str, + notification_parameters: GovernanceControlParametersMap, + notification_type: str, + priority: str, + product: str, + release_status: str, + resource_type: str, + resource_type_display_name: str, + supported_detection_parameters: List[GovernanceControlParameterDefinition], + supported_notification_parameters: List[GovernanceControlParameterDefinition], + task: str, + type: str, + usage_concern: str, + **kwargs, + ): + """ + The attributes of a governance control. + + :param active_detections_count: The number of active detections for the control. + :type active_detections_count: int + + :param category: The value driver the control is grouped under, such as ``security`` or ``cost``. + :type category: str + + :param created_at: The time the control configuration was created. + :type created_at: datetime + + :param created_by: The UUID of the user who created the control configuration. + :type created_by: str + + :param description: A human-readable description of what the control detects. + :type description: str + + :param detection_frequency: How often detections are evaluated for the control. + :type detection_frequency: str + + :param detection_parameters: A free-form map of parameter names to their configured values. + :type detection_parameters: GovernanceControlParametersMap + + :param detection_type: The detection type that uniquely identifies the control. + :type detection_type: str + + :param feature_flags: The feature flags that gate the control. + :type feature_flags: [str] + + :param insights: The insight slugs associated with the control. + :type insights: [str] + + :param last_detection_at: The time of the most recent detection for the control. ``null`` when there are no detections. + :type last_detection_at: datetime, none_type + + :param mitigated_detections_count: The number of mitigated detections for the control. + :type mitigated_detections_count: int + + :param mitigation_parameters: A free-form map of parameter names to their configured values. + :type mitigation_parameters: GovernanceControlParametersMap + + :param mitigation_type: The configured mitigation type for the control. Empty when not configured. + :type mitigation_type: str + + :param mitigations: The mitigations available for a control. + :type mitigations: [GovernanceControlMitigationDefinition] + + :param name: Human-readable name of the control. + :type name: str + + :param next_steps: Guidance on the next steps to remediate detections for the control. + :type next_steps: str + + :param notification_frequency: The configured notification frequency for the control. Empty when not configured. + :type notification_frequency: str + + :param notification_parameters: A free-form map of parameter names to their configured values. + :type notification_parameters: GovernanceControlParametersMap + + :param notification_type: The configured notification type for the control. Empty when not configured. + :type notification_type: str + + :param priority: The priority of the control, such as ``High``. + :type priority: str + + :param product: The product the control belongs to. + :type product: str + + :param release_status: The release status of the control, such as ``prod`` or ``beta``. + :type release_status: str + + :param resource_type: The type of resource the control evaluates. + :type resource_type: str + + :param resource_type_display_name: The human-readable name of the resource type. + :type resource_type_display_name: str + + :param supported_detection_parameters: An array of parameter definitions. + :type supported_detection_parameters: [GovernanceControlParameterDefinition] + + :param supported_notification_parameters: An array of parameter definitions. + :type supported_notification_parameters: [GovernanceControlParameterDefinition] + + :param task: A short description of the remediation task for the control. + :type task: str + + :param type: The control type, such as ``Proactive`` or ``Detection``. + :type type: str + + :param usage_concern: The usage concern the control addresses, such as ``Security`` or ``Cost Optimization``. + :type usage_concern: str + """ + super().__init__(kwargs) + + self_.active_detections_count = active_detections_count + self_.category = category + self_.created_at = created_at + self_.created_by = created_by + self_.description = description + self_.detection_frequency = detection_frequency + self_.detection_parameters = detection_parameters + self_.detection_type = detection_type + self_.feature_flags = feature_flags + self_.insights = insights + self_.last_detection_at = last_detection_at + self_.mitigated_detections_count = mitigated_detections_count + self_.mitigation_parameters = mitigation_parameters + self_.mitigation_type = mitigation_type + self_.mitigations = mitigations + self_.name = name + self_.next_steps = next_steps + self_.notification_frequency = notification_frequency + self_.notification_parameters = notification_parameters + self_.notification_type = notification_type + self_.priority = priority + self_.product = product + self_.release_status = release_status + self_.resource_type = resource_type + self_.resource_type_display_name = resource_type_display_name + self_.supported_detection_parameters = supported_detection_parameters + self_.supported_notification_parameters = supported_notification_parameters + self_.task = task + self_.type = type + self_.usage_concern = usage_concern diff --git a/src/datadog_api_client/v2/model/governance_control_data.py b/src/datadog_api_client/v2/model/governance_control_data.py new file mode 100644 index 0000000000..92fa274920 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_data.py @@ -0,0 +1,56 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_attributes import GovernanceControlAttributes + from datadog_api_client.v2.model.governance_control_resource_type import GovernanceControlResourceType + + +class GovernanceControlData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_attributes import GovernanceControlAttributes + from datadog_api_client.v2.model.governance_control_resource_type import GovernanceControlResourceType + + return { + "attributes": (GovernanceControlAttributes,), + "id": (str,), + "type": (GovernanceControlResourceType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__( + self_, attributes: GovernanceControlAttributes, id: str, type: GovernanceControlResourceType, **kwargs + ): + """ + A governance control resource. + + :param attributes: The attributes of a governance control. + :type attributes: GovernanceControlAttributes + + :param id: The unique identifier of the control. + :type id: str + + :param type: JSON:API resource type for a governance control. + :type type: GovernanceControlResourceType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.id = id + self_.type = type diff --git a/src/datadog_api_client/v2/model/governance_control_mitigation_definition.py b/src/datadog_api_client/v2/model/governance_control_mitigation_definition.py new file mode 100644 index 0000000000..39fcd7f6ef --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_mitigation_definition.py @@ -0,0 +1,112 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_parameter_definition import GovernanceControlParameterDefinition + + +class GovernanceControlMitigationDefinition(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_parameter_definition import ( + GovernanceControlParameterDefinition, + ) + + return { + "action_verb": (str,), + "description": (str,), + "execution_modes": ([str],), + "feature_flags": ([str],), + "id": (str,), + "manual_mitigation_warning": (str,), + "permissions": ([str],), + "requires_ai": (bool,), + "supported_parameters": ([GovernanceControlParameterDefinition],), + "title": (str,), + } + + attribute_map = { + "action_verb": "action_verb", + "description": "description", + "execution_modes": "execution_modes", + "feature_flags": "feature_flags", + "id": "id", + "manual_mitigation_warning": "manual_mitigation_warning", + "permissions": "permissions", + "requires_ai": "requires_ai", + "supported_parameters": "supported_parameters", + "title": "title", + } + + def __init__( + self_, + action_verb: str, + description: str, + feature_flags: List[str], + id: str, + manual_mitigation_warning: str, + permissions: List[str], + requires_ai: bool, + supported_parameters: List[GovernanceControlParameterDefinition], + title: str, + execution_modes: Union[List[str], UnsetType] = unset, + **kwargs, + ): + """ + The definition of a mitigation available for a control. + + :param action_verb: The verb describing the mitigation action, such as ``revoke`` or ``delete``. + :type action_verb: str + + :param description: A human-readable description of the mitigation. + :type description: str + + :param execution_modes: The execution modes the mitigation supports, such as ``manual`` or ``automatic``. + :type execution_modes: [str], optional + + :param feature_flags: The feature flags that gate the mitigation. + :type feature_flags: [str] + + :param id: The unique identifier of the mitigation. + :type id: str + + :param manual_mitigation_warning: A warning shown to the user before applying the mitigation manually. + :type manual_mitigation_warning: str + + :param permissions: The permissions required to apply the mitigation. + :type permissions: [str] + + :param requires_ai: Whether the mitigation requires AI to be enabled. + :type requires_ai: bool + + :param supported_parameters: An array of parameter definitions. + :type supported_parameters: [GovernanceControlParameterDefinition] + + :param title: A short, human-readable name for the mitigation. + :type title: str + """ + if execution_modes is not unset: + kwargs["execution_modes"] = execution_modes + super().__init__(kwargs) + + self_.action_verb = action_verb + self_.description = description + self_.feature_flags = feature_flags + self_.id = id + self_.manual_mitigation_warning = manual_mitigation_warning + self_.permissions = permissions + self_.requires_ai = requires_ai + self_.supported_parameters = supported_parameters + self_.title = title diff --git a/src/datadog_api_client/v2/model/governance_control_parameter_definition.py b/src/datadog_api_client/v2/model/governance_control_parameter_definition.py new file mode 100644 index 0000000000..f5d9419f56 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_parameter_definition.py @@ -0,0 +1,108 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Any, List, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + date, + datetime, + none_type, + UUID, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_supported_value import GovernanceControlSupportedValue + + +class GovernanceControlParameterDefinition(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_supported_value import GovernanceControlSupportedValue + + return { + "default_value": ( + bool, + date, + datetime, + dict, + float, + int, + list, + str, + UUID, + none_type, + ), + "description": (str,), + "display_name": (str,), + "hidden": (bool,), + "name": (str,), + "required": (bool,), + "supported_values": ([GovernanceControlSupportedValue],), + "type": (str,), + } + + attribute_map = { + "default_value": "default_value", + "description": "description", + "display_name": "display_name", + "hidden": "hidden", + "name": "name", + "required": "required", + "supported_values": "supported_values", + "type": "type", + } + + def __init__( + self_, + default_value: Any, + description: str, + display_name: str, + hidden: bool, + name: str, + required: bool, + supported_values: List[GovernanceControlSupportedValue], + type: str, + **kwargs, + ): + """ + The definition of a configurable parameter on a control or mitigation. + + :param default_value: The default value of the parameter. The JSON type depends on the parameter's ``type``. + :type default_value: bool, date, datetime, dict, float, int, list, str, UUID, none_type + + :param description: A human-readable description of the parameter. + :type description: str + + :param display_name: The human-readable name of the parameter. + :type display_name: str + + :param hidden: Whether the parameter is hidden from the UI. + :type hidden: bool + + :param name: The machine-readable name of the parameter. + :type name: str + + :param required: Whether the parameter must be provided. + :type required: bool + + :param supported_values: The supported values for an enumerated parameter. + :type supported_values: [GovernanceControlSupportedValue] + + :param type: The type of the parameter, such as ``integer`` , ``string`` , ``boolean`` , ``enum`` , or ``pattern_list``. + :type type: str + """ + super().__init__(kwargs) + + self_.default_value = default_value + self_.description = description + self_.display_name = display_name + self_.hidden = hidden + self_.name = name + self_.required = required + self_.supported_values = supported_values + self_.type = type diff --git a/src/datadog_api_client/v2/model/governance_control_parameters_map.py b/src/datadog_api_client/v2/model/governance_control_parameters_map.py new file mode 100644 index 0000000000..d4bf9a407b --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_parameters_map.py @@ -0,0 +1,17 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, +) + + +class GovernanceControlParametersMap(ModelNormal): + def __init__(self_, **kwargs): + """ + A free-form map of parameter names to their configured values. + """ + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/governance_control_resource_type.py b/src/datadog_api_client/v2/model/governance_control_resource_type.py new file mode 100644 index 0000000000..cd575b0b29 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_resource_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class GovernanceControlResourceType(ModelSimple): + """ + JSON:API resource type for a governance control. + + :param value: If omitted defaults to "governance_control". Must be one of ["governance_control"]. + :type value: str + """ + + allowed_values = { + "governance_control", + } + GOVERNANCE_CONTROL: ClassVar["GovernanceControlResourceType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +GovernanceControlResourceType.GOVERNANCE_CONTROL = GovernanceControlResourceType("governance_control") diff --git a/src/datadog_api_client/v2/model/governance_control_response.py b/src/datadog_api_client/v2/model/governance_control_response.py new file mode 100644 index 0000000000..8f06e4dbaa --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_response.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_data import GovernanceControlData + + +class GovernanceControlResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_data import GovernanceControlData + + return { + "data": (GovernanceControlData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: GovernanceControlData, **kwargs): + """ + A single governance control. + + :param data: A governance control resource. + :type data: GovernanceControlData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/governance_control_supported_value.py b/src/datadog_api_client/v2/model/governance_control_supported_value.py new file mode 100644 index 0000000000..66dca9fd03 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_supported_value.py @@ -0,0 +1,39 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +class GovernanceControlSupportedValue(ModelNormal): + @cached_property + def openapi_types(_): + return { + "label": (str,), + "value": (str,), + } + + attribute_map = { + "label": "label", + "value": "value", + } + + def __init__(self_, label: str, value: str, **kwargs): + """ + A supported value for an enumerated parameter. + + :param label: The human-readable label for the value. + :type label: str + + :param value: The machine-readable value. + :type value: str + """ + super().__init__(kwargs) + + self_.label = label + self_.value = value diff --git a/src/datadog_api_client/v2/model/governance_control_update_attributes.py b/src/datadog_api_client/v2/model/governance_control_update_attributes.py new file mode 100644 index 0000000000..4634dbb6a6 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_update_attributes.py @@ -0,0 +1,102 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_parameters_map import GovernanceControlParametersMap + + +class GovernanceControlUpdateAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_parameters_map import GovernanceControlParametersMap + + return { + "detection_frequency": (str,), + "detection_parameters": (GovernanceControlParametersMap,), + "mitigation_parameters": (GovernanceControlParametersMap,), + "mitigation_type": (str,), + "name": (str,), + "notification_frequency": (str,), + "notification_parameters": (GovernanceControlParametersMap,), + "notification_type": (str,), + } + + attribute_map = { + "detection_frequency": "detection_frequency", + "detection_parameters": "detection_parameters", + "mitigation_parameters": "mitigation_parameters", + "mitigation_type": "mitigation_type", + "name": "name", + "notification_frequency": "notification_frequency", + "notification_parameters": "notification_parameters", + "notification_type": "notification_type", + } + + def __init__( + self_, + detection_frequency: Union[str, UnsetType] = unset, + detection_parameters: Union[GovernanceControlParametersMap, UnsetType] = unset, + mitigation_parameters: Union[GovernanceControlParametersMap, UnsetType] = unset, + mitigation_type: Union[str, UnsetType] = unset, + name: Union[str, UnsetType] = unset, + notification_frequency: Union[str, UnsetType] = unset, + notification_parameters: Union[GovernanceControlParametersMap, UnsetType] = unset, + notification_type: Union[str, UnsetType] = unset, + **kwargs, + ): + """ + The attributes of a governance control that can be updated. Only the attributes present in the request are modified. + + :param detection_frequency: How often detections should be evaluated for the control. + :type detection_frequency: str, optional + + :param detection_parameters: A free-form map of parameter names to their configured values. + :type detection_parameters: GovernanceControlParametersMap, optional + + :param mitigation_parameters: A free-form map of parameter names to their configured values. + :type mitigation_parameters: GovernanceControlParametersMap, optional + + :param mitigation_type: The mitigation type to configure for the control. + :type mitigation_type: str, optional + + :param name: A new human-readable name for the control. + :type name: str, optional + + :param notification_frequency: The notification frequency to configure for the control. + :type notification_frequency: str, optional + + :param notification_parameters: A free-form map of parameter names to their configured values. + :type notification_parameters: GovernanceControlParametersMap, optional + + :param notification_type: The notification type to configure for the control. + :type notification_type: str, optional + """ + if detection_frequency is not unset: + kwargs["detection_frequency"] = detection_frequency + if detection_parameters is not unset: + kwargs["detection_parameters"] = detection_parameters + if mitigation_parameters is not unset: + kwargs["mitigation_parameters"] = mitigation_parameters + if mitigation_type is not unset: + kwargs["mitigation_type"] = mitigation_type + if name is not unset: + kwargs["name"] = name + if notification_frequency is not unset: + kwargs["notification_frequency"] = notification_frequency + if notification_parameters is not unset: + kwargs["notification_parameters"] = notification_parameters + if notification_type is not unset: + kwargs["notification_type"] = notification_type + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/governance_control_update_data.py b/src/datadog_api_client/v2/model/governance_control_update_data.py new file mode 100644 index 0000000000..cb4377dd60 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_update_data.py @@ -0,0 +1,64 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_update_attributes import GovernanceControlUpdateAttributes + from datadog_api_client.v2.model.governance_control_resource_type import GovernanceControlResourceType + + +class GovernanceControlUpdateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_update_attributes import GovernanceControlUpdateAttributes + from datadog_api_client.v2.model.governance_control_resource_type import GovernanceControlResourceType + + return { + "attributes": (GovernanceControlUpdateAttributes,), + "id": (str,), + "type": (GovernanceControlResourceType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__( + self_, + type: GovernanceControlResourceType, + attributes: Union[GovernanceControlUpdateAttributes, UnsetType] = unset, + id: Union[str, UnsetType] = unset, + **kwargs, + ): + """ + The data of a governance control update request. + + :param attributes: The attributes of a governance control that can be updated. Only the attributes present in the request are modified. + :type attributes: GovernanceControlUpdateAttributes, optional + + :param id: The unique identifier of the control. + :type id: str, optional + + :param type: JSON:API resource type for a governance control. + :type type: GovernanceControlResourceType + """ + if attributes is not unset: + kwargs["attributes"] = attributes + if id is not unset: + kwargs["id"] = id + super().__init__(kwargs) + + self_.type = type diff --git a/src/datadog_api_client/v2/model/governance_control_update_request.py b/src/datadog_api_client/v2/model/governance_control_update_request.py new file mode 100644 index 0000000000..29826139d8 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_control_update_request.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_update_data import GovernanceControlUpdateData + + +class GovernanceControlUpdateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_update_data import GovernanceControlUpdateData + + return { + "data": (GovernanceControlUpdateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: GovernanceControlUpdateData, **kwargs): + """ + A request to update a governance control. + + :param data: The data of a governance control update request. + :type data: GovernanceControlUpdateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/governance_controls_response.py b/src/datadog_api_client/v2/model/governance_controls_response.py new file mode 100644 index 0000000000..947dc51411 --- /dev/null +++ b/src/datadog_api_client/v2/model/governance_controls_response.py @@ -0,0 +1,40 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.governance_control_data import GovernanceControlData + + +class GovernanceControlsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.governance_control_data import GovernanceControlData + + return { + "data": ([GovernanceControlData],), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: List[GovernanceControlData], **kwargs): + """ + A list of governance controls. + + :param data: An array of governance control resources. + :type data: [GovernanceControlData] + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 9413425cce..8a7c70556e 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -3170,6 +3170,18 @@ from datadog_api_client.v2.model.google_meet_configuration_reference import GoogleMeetConfigurationReference from datadog_api_client.v2.model.google_meet_configuration_reference_data import GoogleMeetConfigurationReferenceData from datadog_api_client.v2.model.governance_best_practice_definition import GovernanceBestPracticeDefinition +from datadog_api_client.v2.model.governance_control_attributes import GovernanceControlAttributes +from datadog_api_client.v2.model.governance_control_data import GovernanceControlData +from datadog_api_client.v2.model.governance_control_mitigation_definition import GovernanceControlMitigationDefinition +from datadog_api_client.v2.model.governance_control_parameter_definition import GovernanceControlParameterDefinition +from datadog_api_client.v2.model.governance_control_parameters_map import GovernanceControlParametersMap +from datadog_api_client.v2.model.governance_control_resource_type import GovernanceControlResourceType +from datadog_api_client.v2.model.governance_control_response import GovernanceControlResponse +from datadog_api_client.v2.model.governance_control_supported_value import GovernanceControlSupportedValue +from datadog_api_client.v2.model.governance_control_update_attributes import GovernanceControlUpdateAttributes +from datadog_api_client.v2.model.governance_control_update_data import GovernanceControlUpdateData +from datadog_api_client.v2.model.governance_control_update_request import GovernanceControlUpdateRequest +from datadog_api_client.v2.model.governance_controls_response import GovernanceControlsResponse from datadog_api_client.v2.model.governance_insight_attributes import GovernanceInsightAttributes from datadog_api_client.v2.model.governance_insight_audit_compute import GovernanceInsightAuditCompute from datadog_api_client.v2.model.governance_insight_audit_query import GovernanceInsightAuditQuery @@ -11810,6 +11822,18 @@ "GoogleMeetConfigurationReference", "GoogleMeetConfigurationReferenceData", "GovernanceBestPracticeDefinition", + "GovernanceControlAttributes", + "GovernanceControlData", + "GovernanceControlMitigationDefinition", + "GovernanceControlParameterDefinition", + "GovernanceControlParametersMap", + "GovernanceControlResourceType", + "GovernanceControlResponse", + "GovernanceControlSupportedValue", + "GovernanceControlUpdateAttributes", + "GovernanceControlUpdateData", + "GovernanceControlUpdateRequest", + "GovernanceControlsResponse", "GovernanceInsightAttributes", "GovernanceInsightAuditCompute", "GovernanceInsightAuditQuery", diff --git a/tests/v2/features/governance_controls.feature b/tests/v2/features/governance_controls.feature new file mode 100644 index 0000000000..1207f5cf50 --- /dev/null +++ b/tests/v2/features/governance_controls.feature @@ -0,0 +1,77 @@ +@endpoint(governance-controls) @endpoint(governance-controls-v2) +Feature: Governance Controls + Governance Controls pair a detection definition with an organization's + detection, notification, and mitigation configuration within the + Governance Console. Each control reports how a class of governance issue + (such as unused API keys or unqueried metrics) is detected and remediated, + along with counts of active and mitigated detections. + + Background: + Given a valid "apiKeyAuth" key in the system + And a valid "appKeyAuth" key in the system + And an instance of "GovernanceControls" API + + @generated @skip @team:DataDog/aaa-governance-console + Scenario: Get a governance control returns "Bad Request" response + Given operation "GetGovernanceControl" enabled + And new "GetGovernanceControl" request + And request contains "detection_type" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/aaa-governance-console + Scenario: Get a governance control returns "Not Found" response + Given operation "GetGovernanceControl" enabled + And new "GetGovernanceControl" request + And request contains "detection_type" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/aaa-governance-console + Scenario: Get a governance control returns "OK" response + Given operation "GetGovernanceControl" enabled + And new "GetGovernanceControl" request + And request contains "detection_type" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + + @generated @skip @team:DataDog/aaa-governance-console + Scenario: List governance controls returns "Bad Request" response + Given operation "ListGovernanceControls" enabled + And new "ListGovernanceControls" request + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/aaa-governance-console + Scenario: List governance controls returns "OK" response + Given operation "ListGovernanceControls" enabled + And new "ListGovernanceControls" request + When the request is sent + Then the response status is 200 OK + + @generated @skip @team:DataDog/aaa-governance-console + Scenario: Update a governance control returns "Bad Request" response + Given operation "UpdateGovernanceControl" enabled + And new "UpdateGovernanceControl" request + And request contains "detection_type" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"detection_frequency": "daily", "mitigation_type": "revoke_api_key", "name": "Unused API Keys", "notification_frequency": "daily", "notification_type": "slack"}, "id": "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a", "type": "governance_control"}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/aaa-governance-console + Scenario: Update a governance control returns "Not Found" response + Given operation "UpdateGovernanceControl" enabled + And new "UpdateGovernanceControl" request + And request contains "detection_type" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"detection_frequency": "daily", "mitigation_type": "revoke_api_key", "name": "Unused API Keys", "notification_frequency": "daily", "notification_type": "slack"}, "id": "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a", "type": "governance_control"}} + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/aaa-governance-console + Scenario: Update a governance control returns "OK" response + Given operation "UpdateGovernanceControl" enabled + And new "UpdateGovernanceControl" request + And request contains "detection_type" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"detection_frequency": "daily", "mitigation_type": "revoke_api_key", "name": "Unused API Keys", "notification_frequency": "daily", "notification_type": "slack"}, "id": "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a", "type": "governance_control"}} + When the request is sent + Then the response status is 200 OK diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index a5c43f6c0f..c45de176e3 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -2762,6 +2762,24 @@ "type": "safe" } }, + "ListGovernanceControls": { + "tag": "Governance Controls", + "undo": { + "type": "safe" + } + }, + "GetGovernanceControl": { + "tag": "Governance Controls", + "undo": { + "type": "safe" + } + }, + "UpdateGovernanceControl": { + "tag": "Governance Controls", + "undo": { + "type": "idempotent" + } + }, "ListGovernanceInsights": { "tag": "Governance Insights", "undo": {