Add OpenAPI documentation for cloud-auth-config service

.generator/schemas/v2/openapi.yaml

@@ -1769,6 +1769,65 @@ components:
       required:
       - role_name
       type: object
+    AWSCloudAuthPersonaMappingAttributesResponse:
+      description: Attributes for AWS cloud authentication persona mapping response
+      properties:
+        account_identifier:
+          description: Datadog account identifier (email or handle) mapped to the
+            AWS principal
+          example: test@test.com
+          type: string
+        account_uuid:
+          description: Datadog account UUID
+          example: 12bbdc5c-5966-47e0-8733-285f9e44bcf4
+          type: string
+        arn_pattern:
+          description: AWS IAM ARN pattern to match for authentication
+          example: arn:aws:iam::123456789012:user/testuser
+          type: string
+      required:
+      - arn_pattern
+      - account_identifier
+      - account_uuid
+      type: object
+    AWSCloudAuthPersonaMappingDataResponse:
+      description: Data for AWS cloud authentication persona mapping response
+      properties:
+        attributes:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingAttributesResponse'
+        id:
+          description: Unique identifier for the persona mapping
+          example: c5c758c6-18c2-4484-ae3f-46b84128404a
+          type: string
+        type:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingType'
+      required:
+      - id
+      - type
+      - attributes
+      type: object
+    AWSCloudAuthPersonaMappingType:
+      description: Type identifier for AWS cloud authentication persona mapping
+      enum:
+      - aws_cloud_auth_config
+      example: aws_cloud_auth_config
+      type: string
+      x-enum-varnames:
+      - AWS_CLOUD_AUTH_CONFIG
+    AWSCloudAuthPersonaMappingsData:
+      description: List of AWS cloud authentication persona mappings
+      items:
+        $ref: '#/components/schemas/AWSCloudAuthPersonaMappingDataResponse'
+      type: array
+    AWSCloudAuthPersonaMappingsResponse:
+      description: Response containing a list of AWS cloud authentication persona
+        mappings
+      properties:
+        data:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingsData'
+      required:
+      - data
+      type: object
     AWSCredentials:
       description: The definition of `AWSCredentials` object.
       oneOf:
@@ -70916,6 +70975,39 @@ paths:
         permissions:
         - ci_visibility_read
         - test_optimization_read
+  /api/v2/cloud_auth/aws/persona_mapping:
+    get:
+      description: List all AWS cloud authentication persona mappings. This endpoint
+        retrieves all configured persona mappings that associate AWS IAM principals
+        with Datadog users.
+      operationId: ListAWSCloudAuthPersonaMappings
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AWSCloudAuthPersonaMappingsResponse'
+          description: OK
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Forbidden
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: List AWS cloud authentication persona mappings
+      tags:
+      - Cloud Authentication
+      x-unstable: '**Note**: This endpoint is in public beta and is subject to change.
+
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/cloud_security_management/custom_frameworks:
     post:
       description: Create a custom framework.
@@ -99156,6 +99248,9 @@ tags:
     Management page](https://docs.datadoghq.com/service_management/case_management/)
     for more information.
   name: Case Management Type
+- description: Configure AWS cloud authentication mappings for persona and intake
+    authentication through the Datadog API.
+  name: Cloud Authentication
 - description: The Cloud Cost Management API allows you to set up, edit, and delete
     Cloud Cost Management accounts for AWS, Azure, and Google Cloud. You can query
     your cost data by using the [Metrics endpoint](https://docs.datadoghq.com/api/latest/metrics/#query-timeseries-data-across-multiple-products)

examples/v2/cloud-authentication/ListAWSCloudAuthPersonaMappings.rb

@@ -0,0 +1,8 @@
+# List AWS cloud authentication persona mappings returns "OK" response
+
+require "datadog_api_client"
+DatadogAPIClient.configure do |config|
+  config.unstable_operations["v2.list_aws_cloud_auth_persona_mappings".to_sym] = true
+end
+api_instance = DatadogAPIClient::V2::CloudAuthenticationAPI.new
+p api_instance.list_aws_cloud_auth_persona_mappings()

features/v2/cloud_authentication.feature

@@ -0,0 +1,21 @@
+@endpoint(cloud-authentication) @endpoint(cloud-authentication-v2)
+Feature: Cloud Authentication
+  Configure AWS cloud authentication mappings for persona and intake
+  authentication through the Datadog API.
+
+  Background:
+    Given a valid "apiKeyAuth" key in the system
+    And a valid "appKeyAuth" key in the system
+    And an instance of "CloudAuthentication" API
+    And operation "ListAWSCloudAuthPersonaMappings" enabled
+    And new "ListAWSCloudAuthPersonaMappings" request
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: List AWS cloud authentication persona mappings returns "Bad Request" response
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: List AWS cloud authentication persona mappings returns "OK" response
+    When the request is sent
+    Then the response status is 200 OK

features/v2/undo.json

@@ -923,6 +923,12 @@
       "type": "safe"
     }
   },
+  "ListAWSCloudAuthPersonaMappings": {
+    "tag": "Cloud Authentication",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "CreateCustomFramework": {
     "tag": "Security Monitoring",
     "undo": {

lib/datadog_api_client/configuration.rb

@@ -208,6 +208,7 @@ def initialize
             "v2.get_open_api": false,
             "v2.list_apis": false,
             "v2.update_open_api": false,
+            "v2.list_aws_cloud_auth_persona_mappings": false,
             "v2.cancel_threat_hunting_job": false,
             "v2.convert_job_result_to_signal": false,
             "v2.delete_threat_hunting_job": false,

lib/datadog_api_client/inflector.rb

@@ -1222,6 +1222,10 @@ def overrides
           "v2.aws_auth_config" => "AWSAuthConfig",
           "v2.aws_auth_config_keys" => "AWSAuthConfigKeys",
           "v2.aws_auth_config_role" => "AWSAuthConfigRole",
+          "v2.aws_cloud_auth_persona_mapping_attributes_response" => "AWSCloudAuthPersonaMappingAttributesResponse",
+          "v2.aws_cloud_auth_persona_mapping_data_response" => "AWSCloudAuthPersonaMappingDataResponse",
+          "v2.aws_cloud_auth_persona_mappings_response" => "AWSCloudAuthPersonaMappingsResponse",
+          "v2.aws_cloud_auth_persona_mapping_type" => "AWSCloudAuthPersonaMappingType",
           "v2.aws_credentials" => "AWSCredentials",
           "v2.aws_credentials_update" => "AWSCredentialsUpdate",
           "v2.aws_cur_config" => "AwsCURConfig",
@@ -5112,6 +5116,7 @@ def overrides
         "v2.case_management_type_api" => "CaseManagementTypeAPI",
         "v2.ci_visibility_pipelines_api" => "CIVisibilityPipelinesAPI",
         "v2.ci_visibility_tests_api" => "CIVisibilityTestsAPI",
+        "v2.cloud_authentication_api" => "CloudAuthenticationAPI",
         "v2.cloud_cost_management_api" => "CloudCostManagementAPI",
         "v2.cloud_network_monitoring_api" => "CloudNetworkMonitoringAPI",
         "v2.cloudflare_integration_api" => "CloudflareIntegrationAPI",

lib/datadog_api_client/v2/api/cloud_authentication_api.rb

@@ -0,0 +1,92 @@
+=begin
+#Datadog API V2 Collection
+
+#Collection of all Datadog Public endpoints.
+
+The version of the OpenAPI document: 1.0
+Contact: support@datadoghq.com
+Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator
+
+ Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+ This product includes software developed at Datadog (https://www.datadoghq.com/).
+ Copyright 2020-Present Datadog, Inc.
+
+=end
+
+require 'cgi'
+
+module DatadogAPIClient::V2
+  class CloudAuthenticationAPI
+    attr_accessor :api_client
+
+    def initialize(api_client = DatadogAPIClient::APIClient.default)
+      @api_client = api_client
+    end
+
+    # List AWS cloud authentication persona mappings.
+    #
+    # @see #list_aws_cloud_auth_persona_mappings_with_http_info
+    def list_aws_cloud_auth_persona_mappings(opts = {})
+      data, _status_code, _headers = list_aws_cloud_auth_persona_mappings_with_http_info(opts)
+      data
+    end
+
+    # List AWS cloud authentication persona mappings.
+    #
+    # List all AWS cloud authentication persona mappings. This endpoint retrieves all configured persona mappings that associate AWS IAM principals with Datadog users.
+    #
+    # @param opts [Hash] the optional parameters
+    # @return [Array<(AWSCloudAuthPersonaMappingsResponse, Integer, Hash)>] AWSCloudAuthPersonaMappingsResponse data, response status code and response headers
+    def list_aws_cloud_auth_persona_mappings_with_http_info(opts = {})
+      unstable_enabled = @api_client.config.unstable_operations["v2.list_aws_cloud_auth_persona_mappings".to_sym]
+      if unstable_enabled
+        @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.list_aws_cloud_auth_persona_mappings")
+      else
+        raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.list_aws_cloud_auth_persona_mappings"))
+      end
+
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: CloudAuthenticationAPI.list_aws_cloud_auth_persona_mappings ...'
+      end
+      # resource path
+      local_var_path = '/api/v2/cloud_auth/aws/persona_mapping'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'AWSCloudAuthPersonaMappingsResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth]
+
+      new_options = opts.merge(
+        :operation => :list_aws_cloud_auth_persona_mappings,
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type,
+        :api_version => "V2"
+      )
+
+      data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: CloudAuthenticationAPI#list_aws_cloud_auth_persona_mappings\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+  end
+end