diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index ca425e6bd9..df0eaf12e9 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -1769,6 +1769,65 @@ components: required: - role_name type: object + AWSCloudAuthPersonaMappingAttributesResponse: + description: Attributes for AWS cloud authentication persona mapping response + properties: + account_identifier: + description: Datadog account identifier (email or handle) mapped to the + AWS principal + example: test@test.com + type: string + account_uuid: + description: Datadog account UUID + example: 12bbdc5c-5966-47e0-8733-285f9e44bcf4 + type: string + arn_pattern: + description: AWS IAM ARN pattern to match for authentication + example: arn:aws:iam::123456789012:user/testuser + type: string + required: + - arn_pattern + - account_identifier + - account_uuid + type: object + AWSCloudAuthPersonaMappingDataResponse: + description: Data for AWS cloud authentication persona mapping response + properties: + attributes: + $ref: '#/components/schemas/AWSCloudAuthPersonaMappingAttributesResponse' + id: + description: Unique identifier for the persona mapping + example: c5c758c6-18c2-4484-ae3f-46b84128404a + type: string + type: + $ref: '#/components/schemas/AWSCloudAuthPersonaMappingType' + required: + - id + - type + - attributes + type: object + AWSCloudAuthPersonaMappingType: + description: Type identifier for AWS cloud authentication persona mapping + enum: + - aws_cloud_auth_config + example: aws_cloud_auth_config + type: string + x-enum-varnames: + - AWS_CLOUD_AUTH_CONFIG + AWSCloudAuthPersonaMappingsData: + description: List of AWS cloud authentication persona mappings + items: + $ref: '#/components/schemas/AWSCloudAuthPersonaMappingDataResponse' + type: array + AWSCloudAuthPersonaMappingsResponse: + description: Response containing a list of AWS cloud authentication persona + mappings + properties: + data: + $ref: '#/components/schemas/AWSCloudAuthPersonaMappingsData' + required: + - data + type: object AWSCredentials: description: The definition of `AWSCredentials` object. oneOf: @@ -70916,6 +70975,39 @@ paths: permissions: - ci_visibility_read - test_optimization_read + /api/v2/cloud_auth/aws/persona_mapping: + get: + description: List all AWS cloud authentication persona mappings. This endpoint + retrieves all configured persona mappings that associate AWS IAM principals + with Datadog users. + operationId: ListAWSCloudAuthPersonaMappings + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AWSCloudAuthPersonaMappingsResponse' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APIErrorResponse' + description: Bad Request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APIErrorResponse' + description: Forbidden + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: List AWS cloud authentication persona mappings + tags: + - Cloud Authentication + x-unstable: '**Note**: This endpoint is in public beta and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/cloud_security_management/custom_frameworks: post: description: Create a custom framework. @@ -99156,6 +99248,9 @@ tags: Management page](https://docs.datadoghq.com/service_management/case_management/) for more information. name: Case Management Type +- description: Configure AWS cloud authentication mappings for persona and intake + authentication through the Datadog API. + name: Cloud Authentication - description: The Cloud Cost Management API allows you to set up, edit, and delete Cloud Cost Management accounts for AWS, Azure, and Google Cloud. You can query your cost data by using the [Metrics endpoint](https://docs.datadoghq.com/api/latest/metrics/#query-timeseries-data-across-multiple-products) diff --git a/docs/datadog_api_client.v2.api.rst b/docs/datadog_api_client.v2.api.rst index 1bb879078c..3d276c958a 100644 --- a/docs/datadog_api_client.v2.api.rst +++ b/docs/datadog_api_client.v2.api.rst @@ -123,6 +123,13 @@ datadog\_api\_client.v2.api.ci\_visibility\_tests\_api module :members: :show-inheritance: +datadog\_api\_client.v2.api.cloud\_authentication\_api module +------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.api.cloud_authentication_api + :members: + :show-inheritance: + datadog\_api\_client.v2.api.cloud\_cost\_management\_api module --------------------------------------------------------------- diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index 41d22bb2b4..274764de77 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -1705,6 +1705,34 @@ datadog\_api\_client.v2.model.aws\_auth\_config\_role module :members: :show-inheritance: +datadog\_api\_client.v2.model.aws\_cloud\_auth\_persona\_mapping\_attributes\_response module +--------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_attributes_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_cloud\_auth\_persona\_mapping\_data\_response module +--------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_data_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_cloud\_auth\_persona\_mapping\_type module +----------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.aws\_cloud\_auth\_persona\_mappings\_response module +---------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.aws_cloud_auth_persona_mappings_response + :members: + :show-inheritance: + datadog\_api\_client.v2.model.aws\_credentials module ----------------------------------------------------- diff --git a/examples/v2/cloud-authentication/ListAWSCloudAuthPersonaMappings.py b/examples/v2/cloud-authentication/ListAWSCloudAuthPersonaMappings.py new file mode 100644 index 0000000000..cdf47e0ae2 --- /dev/null +++ b/examples/v2/cloud-authentication/ListAWSCloudAuthPersonaMappings.py @@ -0,0 +1,14 @@ +""" +List AWS cloud authentication persona mappings returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.cloud_authentication_api import CloudAuthenticationApi + +configuration = Configuration() +configuration.unstable_operations["list_aws_cloud_auth_persona_mappings"] = True +with ApiClient(configuration) as api_client: + api_instance = CloudAuthenticationApi(api_client) + response = api_instance.list_aws_cloud_auth_persona_mappings() + + print(response) diff --git a/src/datadog_api_client/configuration.py b/src/datadog_api_client/configuration.py index cf63f54a1c..bc4325e009 100644 --- a/src/datadog_api_client/configuration.py +++ b/src/datadog_api_client/configuration.py @@ -266,6 +266,7 @@ def __init__( "v2.get_open_api": False, "v2.list_apis": False, "v2.update_open_api": False, + "v2.list_aws_cloud_auth_persona_mappings": False, "v2.cancel_threat_hunting_job": False, "v2.convert_job_result_to_signal": False, "v2.delete_threat_hunting_job": False, diff --git a/src/datadog_api_client/v2/api/cloud_authentication_api.py b/src/datadog_api_client/v2/api/cloud_authentication_api.py new file mode 100644 index 0000000000..00c130a6ea --- /dev/null +++ b/src/datadog_api_client/v2/api/cloud_authentication_api.py @@ -0,0 +1,49 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Any, Dict + +from datadog_api_client.api_client import ApiClient, Endpoint as _Endpoint +from datadog_api_client.configuration import Configuration +from datadog_api_client.v2.model.aws_cloud_auth_persona_mappings_response import AWSCloudAuthPersonaMappingsResponse + + +class CloudAuthenticationApi: + """ + Configure AWS cloud authentication mappings for persona and intake authentication through the Datadog API. + """ + + def __init__(self, api_client=None): + if api_client is None: + api_client = ApiClient(Configuration()) + self.api_client = api_client + + self._list_aws_cloud_auth_persona_mappings_endpoint = _Endpoint( + settings={ + "response_type": (AWSCloudAuthPersonaMappingsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/cloud_auth/aws/persona_mapping", + "operation_id": "list_aws_cloud_auth_persona_mappings", + "http_method": "GET", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + + def list_aws_cloud_auth_persona_mappings( + self, + ) -> AWSCloudAuthPersonaMappingsResponse: + """List AWS cloud authentication persona mappings. + + List all AWS cloud authentication persona mappings. This endpoint retrieves all configured persona mappings that associate AWS IAM principals with Datadog users. + + :rtype: AWSCloudAuthPersonaMappingsResponse + """ + kwargs: Dict[str, Any] = {} + return self._list_aws_cloud_auth_persona_mappings_endpoint.call_with_http_info(**kwargs) diff --git a/src/datadog_api_client/v2/apis/__init__.py b/src/datadog_api_client/v2/apis/__init__.py index a1f0834a09..5c2ccbcd3d 100644 --- a/src/datadog_api_client/v2/apis/__init__.py +++ b/src/datadog_api_client/v2/apis/__init__.py @@ -18,6 +18,7 @@ from datadog_api_client.v2.api.case_management_api import CaseManagementApi from datadog_api_client.v2.api.case_management_attribute_api import CaseManagementAttributeApi from datadog_api_client.v2.api.case_management_type_api import CaseManagementTypeApi +from datadog_api_client.v2.api.cloud_authentication_api import CloudAuthenticationApi from datadog_api_client.v2.api.cloud_cost_management_api import CloudCostManagementApi from datadog_api_client.v2.api.cloud_network_monitoring_api import CloudNetworkMonitoringApi from datadog_api_client.v2.api.cloudflare_integration_api import CloudflareIntegrationApi @@ -112,6 +113,7 @@ "CaseManagementApi", "CaseManagementAttributeApi", "CaseManagementTypeApi", + "CloudAuthenticationApi", "CloudCostManagementApi", "CloudNetworkMonitoringApi", "CloudflareIntegrationApi", diff --git a/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_attributes_response.py b/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_attributes_response.py new file mode 100644 index 0000000000..2e13f17552 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_attributes_response.py @@ -0,0 +1,45 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +class AWSCloudAuthPersonaMappingAttributesResponse(ModelNormal): + @cached_property + def openapi_types(_): + return { + "account_identifier": (str,), + "account_uuid": (str,), + "arn_pattern": (str,), + } + + attribute_map = { + "account_identifier": "account_identifier", + "account_uuid": "account_uuid", + "arn_pattern": "arn_pattern", + } + + def __init__(self_, account_identifier: str, account_uuid: str, arn_pattern: str, **kwargs): + """ + Attributes for AWS cloud authentication persona mapping response + + :param account_identifier: Datadog account identifier (email or handle) mapped to the AWS principal + :type account_identifier: str + + :param account_uuid: Datadog account UUID + :type account_uuid: str + + :param arn_pattern: AWS IAM ARN pattern to match for authentication + :type arn_pattern: str + """ + super().__init__(kwargs) + + self_.account_identifier = account_identifier + self_.account_uuid = account_uuid + self_.arn_pattern = arn_pattern diff --git a/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_data_response.py b/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_data_response.py new file mode 100644 index 0000000000..46b7ce04c4 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_data_response.py @@ -0,0 +1,64 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_attributes_response import ( + AWSCloudAuthPersonaMappingAttributesResponse, + ) + from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_type import AWSCloudAuthPersonaMappingType + + +class AWSCloudAuthPersonaMappingDataResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_attributes_response import ( + AWSCloudAuthPersonaMappingAttributesResponse, + ) + from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_type import AWSCloudAuthPersonaMappingType + + return { + "attributes": (AWSCloudAuthPersonaMappingAttributesResponse,), + "id": (str,), + "type": (AWSCloudAuthPersonaMappingType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__( + self_, + attributes: AWSCloudAuthPersonaMappingAttributesResponse, + id: str, + type: AWSCloudAuthPersonaMappingType, + **kwargs, + ): + """ + Data for AWS cloud authentication persona mapping response + + :param attributes: Attributes for AWS cloud authentication persona mapping response + :type attributes: AWSCloudAuthPersonaMappingAttributesResponse + + :param id: Unique identifier for the persona mapping + :type id: str + + :param type: Type identifier for AWS cloud authentication persona mapping + :type type: AWSCloudAuthPersonaMappingType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.id = id + self_.type = type diff --git a/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_type.py b/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_type.py new file mode 100644 index 0000000000..eb1c705404 --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mapping_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class AWSCloudAuthPersonaMappingType(ModelSimple): + """ + Type identifier for AWS cloud authentication persona mapping + + :param value: If omitted defaults to "aws_cloud_auth_config". Must be one of ["aws_cloud_auth_config"]. + :type value: str + """ + + allowed_values = { + "aws_cloud_auth_config", + } + AWS_CLOUD_AUTH_CONFIG: ClassVar["AWSCloudAuthPersonaMappingType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +AWSCloudAuthPersonaMappingType.AWS_CLOUD_AUTH_CONFIG = AWSCloudAuthPersonaMappingType("aws_cloud_auth_config") diff --git a/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mappings_response.py b/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mappings_response.py new file mode 100644 index 0000000000..7fa4a8382e --- /dev/null +++ b/src/datadog_api_client/v2/model/aws_cloud_auth_persona_mappings_response.py @@ -0,0 +1,44 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_data_response import ( + AWSCloudAuthPersonaMappingDataResponse, + ) + + +class AWSCloudAuthPersonaMappingsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_data_response import ( + AWSCloudAuthPersonaMappingDataResponse, + ) + + return { + "data": ([AWSCloudAuthPersonaMappingDataResponse],), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: List[AWSCloudAuthPersonaMappingDataResponse], **kwargs): + """ + Response containing a list of AWS cloud authentication persona mappings + + :param data: List of AWS cloud authentication persona mappings + :type data: [AWSCloudAuthPersonaMappingDataResponse] + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 010c5fb61c..c6aa7cc9c5 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -33,6 +33,14 @@ from datadog_api_client.v2.model.aws_auth_config import AWSAuthConfig from datadog_api_client.v2.model.aws_auth_config_keys import AWSAuthConfigKeys from datadog_api_client.v2.model.aws_auth_config_role import AWSAuthConfigRole +from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_attributes_response import ( + AWSCloudAuthPersonaMappingAttributesResponse, +) +from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_data_response import ( + AWSCloudAuthPersonaMappingDataResponse, +) +from datadog_api_client.v2.model.aws_cloud_auth_persona_mapping_type import AWSCloudAuthPersonaMappingType +from datadog_api_client.v2.model.aws_cloud_auth_persona_mappings_response import AWSCloudAuthPersonaMappingsResponse from datadog_api_client.v2.model.aws_credentials import AWSCredentials from datadog_api_client.v2.model.aws_credentials_update import AWSCredentialsUpdate from datadog_api_client.v2.model.aws_event_bridge_account_configuration import AWSEventBridgeAccountConfiguration @@ -5818,6 +5826,10 @@ "AWSAuthConfig", "AWSAuthConfigKeys", "AWSAuthConfigRole", + "AWSCloudAuthPersonaMappingAttributesResponse", + "AWSCloudAuthPersonaMappingDataResponse", + "AWSCloudAuthPersonaMappingType", + "AWSCloudAuthPersonaMappingsResponse", "AWSCredentials", "AWSCredentialsUpdate", "AWSEventBridgeAccountConfiguration", diff --git a/tests/v2/features/cloud_authentication.feature b/tests/v2/features/cloud_authentication.feature new file mode 100644 index 0000000000..fe9eb594a7 --- /dev/null +++ b/tests/v2/features/cloud_authentication.feature @@ -0,0 +1,21 @@ +@endpoint(cloud-authentication) @endpoint(cloud-authentication-v2) +Feature: Cloud Authentication + Configure AWS cloud authentication mappings for persona and intake + authentication through the Datadog API. + + Background: + Given a valid "apiKeyAuth" key in the system + And a valid "appKeyAuth" key in the system + And an instance of "CloudAuthentication" API + And operation "ListAWSCloudAuthPersonaMappings" enabled + And new "ListAWSCloudAuthPersonaMappings" request + + @generated @skip @team:DataDog/team-aaaauthn + Scenario: List AWS cloud authentication persona mappings returns "Bad Request" response + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/team-aaaauthn + Scenario: List AWS cloud authentication persona mappings returns "OK" response + When the request is sent + Then the response status is 200 OK diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index 5a347bddf1..2cfcf11b38 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -923,6 +923,12 @@ "type": "safe" } }, + "ListAWSCloudAuthPersonaMappings": { + "tag": "Cloud Authentication", + "undo": { + "type": "safe" + } + }, "CreateCustomFramework": { "tag": "Security Monitoring", "undo": {