diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index a0d1812167..ce659f72c1 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -155,6 +155,14 @@ components: required: false schema: $ref: '#/components/schemas/ApplicationKeysSort' + ApplicationSecurityPolicyIDParam: + description: The ID of the policy. + example: recommended + in: path + name: policy_id + required: true + schema: + type: string ApplicationSecurityWafCustomRuleIDParam: description: The ID of the custom rule. example: 3b5-v82-ns6 @@ -3159,6 +3167,292 @@ components: type: string x-enum-varnames: - APPLICATION_KEYS + ApplicationSecurityPolicyAttributes: + description: A WAF policy. + properties: + description: + description: Description of the WAF policy. + example: Policy applied to internal web applications. + type: string + isDefault: + description: Make this policy the default policy. The default policy is + applied to every services not specifically added to another policy. + example: false + type: boolean + name: + description: The Name of the WAF policy. + example: Internal Network Policy + type: string + protectionPresets: + description: Presets enabled on this policy. + items: + example: attack-tools + type: string + type: array + rules: + description: Rule overrides applied by the policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride' + type: array + scope: + description: The scope of the WAF policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyScope' + type: array + version: + default: 0 + description: Version of the WAF ruleset maintained by Datadog used by this + policy. 0 is the default value. + example: 0 + format: int64 + type: integer + required: + - name + - description + type: object + ApplicationSecurityPolicyCreateAttributes: + description: Create a new WAF policy. + properties: + basedOn: + description: When creating a new policy, clone the policy indicated by this + identifier. + example: recommended + type: string + description: + description: Description of the WAF policy. + example: Policy applied to internal web applications. + type: string + isDefault: + description: Make this policy the default policy. The default policy is + applied to every services not specifically added to another policy. + example: false + type: boolean + name: + description: The Name of the WAF policy. + example: Internal Network Policy + type: string + protectionPresets: + description: Presets enabled on this policy. + items: + example: attack-tools + type: string + type: array + rules: + description: Rule overrides applied by the policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride' + type: array + scope: + description: The scope of the WAF policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyScope' + type: array + version: + default: 0 + description: Version of the WAF ruleset maintained by Datadog used by this + policy. 0 is the default value. + example: 0 + format: int64 + type: integer + required: + - name + - description + - basedOn + type: object + ApplicationSecurityPolicyCreateData: + description: Object for a single WAF policy. + properties: + attributes: + $ref: '#/components/schemas/ApplicationSecurityPolicyCreateAttributes' + type: + $ref: '#/components/schemas/ApplicationSecurityPolicyType' + required: + - attributes + - type + type: object + ApplicationSecurityPolicyCreateRequest: + description: Request object that includes the policy to create. + properties: + data: + $ref: '#/components/schemas/ApplicationSecurityPolicyCreateData' + required: + - data + type: object + ApplicationSecurityPolicyData: + description: Object for a single WAF policy. + properties: + attributes: + $ref: '#/components/schemas/ApplicationSecurityPolicyAttributes' + id: + description: The ID of the policy. + example: 2857c47d-1e3a-4300-8b2f-dc24089c084b + readOnly: true + type: string + metadata: + $ref: '#/components/schemas/ApplicationSecurityPolicyMetadata' + type: + $ref: '#/components/schemas/ApplicationSecurityPolicyType' + type: object + ApplicationSecurityPolicyListResponse: + description: Response object that includes a list of WAF policies. + properties: + data: + description: The WAF policy data. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyData' + type: array + type: object + ApplicationSecurityPolicyMetadata: + description: Metadata associated with the WAF policy. + properties: + added_at: + description: The date and time the WAF policy was created. + example: '2021-01-01T00:00:00Z' + format: date-time + type: string + added_by: + description: The handle of the user who created the WAF policy. + example: john.doe@datadoghq.com + type: string + added_by_name: + description: The name of the user who created the WAF policy. + example: John Doe + type: string + modified_at: + description: The date and time the WAF policy was last updated. + example: '2021-01-01T00:00:00Z' + format: date-time + type: string + modified_by: + description: The handle of the user who last updated the WAF policy. + example: john.doe@datadoghq.com + type: string + modified_by_name: + description: The name of the user who last updated the WAF policy. + example: John Doe + type: string + readOnly: true + type: object + ApplicationSecurityPolicyResponse: + description: Response object that includes a single WAF policy. + properties: + data: + $ref: '#/components/schemas/ApplicationSecurityPolicyData' + type: object + ApplicationSecurityPolicyRuleOverride: + description: Override WAF rule parameters for services in a policy. + properties: + blocking: + description: When blocking is enabled, the rule will block the traffic matched + by this rule. + example: false + type: boolean + enabled: + description: When false, this rule will not match any traffic. + example: true + type: boolean + id: + description: Override the parameters for this WAF rule identifier. + example: rasp-001-002 + type: string + required: + - id + - enabled + - blocking + type: object + ApplicationSecurityPolicyScope: + description: The scope of the WAF policy. + properties: + env: + description: The environment scope for the WAF policy. + example: prod + type: string + service: + description: The service scope for the WAF policy. + example: billing-service + type: string + required: + - service + - env + type: object + ApplicationSecurityPolicyType: + default: policy + description: The type of the resource. The value should always be `policy`. + enum: + - policy + example: policy + type: string + x-enum-varnames: + - POLICY + ApplicationSecurityPolicyUpdateAttributes: + description: Update a WAF policy. + properties: + description: + description: Description of the WAF policy. + example: Policy applied to internal web applications. + type: string + isDefault: + description: Make this policy the default policy. The default policy is + applied to every services not specifically added to another policy. + example: false + type: boolean + name: + description: The Name of the WAF policy. + example: Internal Network Policy + type: string + protectionPresets: + description: Presets enabled on this policy. + example: + - attack-tools + items: + example: attack-tools + type: string + type: array + rules: + description: Rule overrides applied by the policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride' + type: array + scope: + description: The scope of the WAF policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyScope' + type: array + version: + default: 0 + description: Version of the WAF ruleset maintained by Datadog used by this + policy. 0 is the default value. + example: 0 + format: int64 + type: integer + required: + - name + - description + - version + - isDefault + - rules + - protectionPresets + - scope + type: object + ApplicationSecurityPolicyUpdateData: + description: Object for a single WAF policy. + properties: + attributes: + $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateAttributes' + type: + $ref: '#/components/schemas/ApplicationSecurityPolicyType' + required: + - attributes + - type + type: object + ApplicationSecurityPolicyUpdateRequest: + description: Request object that includes the policy to update. + properties: + data: + $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateData' + required: + - data + type: object ApplicationSecurityWafCustomRuleAction: description: The definition of `ApplicationSecurityWafCustomRuleAction` object. properties: @@ -67009,6 +67303,130 @@ paths: permissions: - appsec_protect_write x-terraform-resource: appsec_waf_exclusion_filter + /api/v2/remote_config/products/asm/waf/policies: + get: + description: Retrieve a list of WAF policies. + operationId: ListApplicationSecurityWAFPolicies + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyListResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: List all WAF policies + tags: + - Application Security + post: + description: Create a new WAF policy. + operationId: CreateApplicationSecurityWafPolicy + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyCreateRequest' + description: The new WAF policy. + required: true + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyResponse' + description: Created + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Create a WAF Policy + tags: + - Application Security + x-codegen-request-body-name: body + /api/v2/remote_config/products/asm/waf/policies/{policy_id}: + delete: + description: Delete a specific WAF policy. + operationId: DeleteApplicationSecurityWafPolicy + parameters: + - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam' + responses: + '204': + description: No Content + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Delete a WAF Policy + tags: + - Application Security + x-terraform-resource: appsec_waf_policy + get: + description: Retrieve a WAF policy by ID. + operationId: GetApplicationSecurityWafPolicy + parameters: + - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Get a WAF Policy + tags: + - Application Security + x-terraform-resource: appsec_waf_policy + put: + description: 'Update a specific WAF policy. + + Returns the Policy object when the request is successful.' + operationId: UpdateApplicationSecurityWafPolicy + parameters: + - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateRequest' + description: New WAF Policy. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Update a WAF Policy + tags: + - Application Security + x-codegen-request-body-name: body + x-terraform-resource: appsec_waf_policy /api/v2/remote_config/products/cws/agent_rules: get: description: 'Get the list of Workload Protection agent rules. diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index e7d1e36680..5bec04d6f5 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -669,6 +669,104 @@ datadog\_api\_client.v2.model.application\_keys\_type module :members: :show-inheritance: +datadog\_api\_client.v2.model.application\_security\_policy\_attributes module +------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.application_security_policy_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_create\_attributes module +-------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_create_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_create\_data module +-------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_create_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_create\_request module +----------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_create_request + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_data module +------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.application_security_policy_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_list\_response module +---------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_list_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_metadata module +---------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_metadata + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_response module +---------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_rule\_override module +---------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_rule_override + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_scope module +------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_scope + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_type module +------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.application_security_policy_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_update\_attributes module +-------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_update_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_update\_data module +-------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_update_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.application\_security\_policy\_update\_request module +----------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.application_security_policy_update_request + :members: + :show-inheritance: + datadog\_api\_client.v2.model.application\_security\_waf\_custom\_rule\_action module ------------------------------------------------------------------------------------- diff --git a/examples/v2/application-security/CreateApplicationSecurityWafPolicy.py b/examples/v2/application-security/CreateApplicationSecurityWafPolicy.py new file mode 100644 index 0000000000..783fc84672 --- /dev/null +++ b/examples/v2/application-security/CreateApplicationSecurityWafPolicy.py @@ -0,0 +1,52 @@ +""" +Create a WAF Policy returns "Created" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi +from datadog_api_client.v2.model.application_security_policy_create_attributes import ( + ApplicationSecurityPolicyCreateAttributes, +) +from datadog_api_client.v2.model.application_security_policy_create_data import ApplicationSecurityPolicyCreateData +from datadog_api_client.v2.model.application_security_policy_create_request import ( + ApplicationSecurityPolicyCreateRequest, +) +from datadog_api_client.v2.model.application_security_policy_rule_override import ApplicationSecurityPolicyRuleOverride +from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope +from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType + +body = ApplicationSecurityPolicyCreateRequest( + data=ApplicationSecurityPolicyCreateData( + attributes=ApplicationSecurityPolicyCreateAttributes( + based_on="recommended", + description="Policy applied to internal web applications.", + is_default=False, + name="Internal Network Policy", + protection_presets=[ + "attack-tools", + ], + rules=[ + ApplicationSecurityPolicyRuleOverride( + blocking=False, + enabled=True, + id="rasp-001-002", + ), + ], + scope=[ + ApplicationSecurityPolicyScope( + env="prod", + service="billing-service", + ), + ], + version=0, + ), + type=ApplicationSecurityPolicyType.POLICY, + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = ApplicationSecurityApi(api_client) + response = api_instance.create_application_security_waf_policy(body=body) + + print(response) diff --git a/examples/v2/application-security/DeleteApplicationSecurityWafPolicy.py b/examples/v2/application-security/DeleteApplicationSecurityWafPolicy.py new file mode 100644 index 0000000000..5736f107ed --- /dev/null +++ b/examples/v2/application-security/DeleteApplicationSecurityWafPolicy.py @@ -0,0 +1,13 @@ +""" +Delete a WAF Policy returns "No Content" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = ApplicationSecurityApi(api_client) + api_instance.delete_application_security_waf_policy( + policy_id="policy_id", + ) diff --git a/examples/v2/application-security/GetApplicationSecurityWafPolicy.py b/examples/v2/application-security/GetApplicationSecurityWafPolicy.py new file mode 100644 index 0000000000..fc129b3cb0 --- /dev/null +++ b/examples/v2/application-security/GetApplicationSecurityWafPolicy.py @@ -0,0 +1,15 @@ +""" +Get a WAF Policy returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = ApplicationSecurityApi(api_client) + response = api_instance.get_application_security_waf_policy( + policy_id="policy_id", + ) + + print(response) diff --git a/examples/v2/application-security/ListApplicationSecurityWAFPolicies.py b/examples/v2/application-security/ListApplicationSecurityWAFPolicies.py new file mode 100644 index 0000000000..1e0896369a --- /dev/null +++ b/examples/v2/application-security/ListApplicationSecurityWAFPolicies.py @@ -0,0 +1,13 @@ +""" +List all WAF policies returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = ApplicationSecurityApi(api_client) + response = api_instance.list_application_security_waf_policies() + + print(response) diff --git a/examples/v2/application-security/UpdateApplicationSecurityWafPolicy.py b/examples/v2/application-security/UpdateApplicationSecurityWafPolicy.py new file mode 100644 index 0000000000..7dabf11423 --- /dev/null +++ b/examples/v2/application-security/UpdateApplicationSecurityWafPolicy.py @@ -0,0 +1,51 @@ +""" +Update a WAF Policy returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi +from datadog_api_client.v2.model.application_security_policy_rule_override import ApplicationSecurityPolicyRuleOverride +from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope +from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType +from datadog_api_client.v2.model.application_security_policy_update_attributes import ( + ApplicationSecurityPolicyUpdateAttributes, +) +from datadog_api_client.v2.model.application_security_policy_update_data import ApplicationSecurityPolicyUpdateData +from datadog_api_client.v2.model.application_security_policy_update_request import ( + ApplicationSecurityPolicyUpdateRequest, +) + +body = ApplicationSecurityPolicyUpdateRequest( + data=ApplicationSecurityPolicyUpdateData( + attributes=ApplicationSecurityPolicyUpdateAttributes( + description="Policy applied to internal web applications.", + is_default=False, + name="Internal Network Policy", + protection_presets=[ + "attack-tools", + ], + rules=[ + ApplicationSecurityPolicyRuleOverride( + blocking=False, + enabled=True, + id="rasp-001-002", + ), + ], + scope=[ + ApplicationSecurityPolicyScope( + env="prod", + service="billing-service", + ), + ], + version=0, + ), + type=ApplicationSecurityPolicyType.POLICY, + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = ApplicationSecurityApi(api_client) + response = api_instance.update_application_security_waf_policy(policy_id="policy_id", body=body) + + print(response) diff --git a/src/datadog_api_client/v2/api/application_security_api.py b/src/datadog_api_client/v2/api/application_security_api.py index 5b2608c90e..f75f8cde03 100644 --- a/src/datadog_api_client/v2/api/application_security_api.py +++ b/src/datadog_api_client/v2/api/application_security_api.py @@ -31,6 +31,14 @@ from datadog_api_client.v2.model.application_security_waf_exclusion_filter_update_request import ( ApplicationSecurityWafExclusionFilterUpdateRequest, ) +from datadog_api_client.v2.model.application_security_policy_list_response import ApplicationSecurityPolicyListResponse +from datadog_api_client.v2.model.application_security_policy_response import ApplicationSecurityPolicyResponse +from datadog_api_client.v2.model.application_security_policy_create_request import ( + ApplicationSecurityPolicyCreateRequest, +) +from datadog_api_client.v2.model.application_security_policy_update_request import ( + ApplicationSecurityPolicyUpdateRequest, +) class ApplicationSecurityApi: @@ -88,6 +96,26 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._create_application_security_waf_policy_endpoint = _Endpoint( + settings={ + "response_type": (ApplicationSecurityPolicyResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/remote_config/products/asm/waf/policies", + "operation_id": "create_application_security_waf_policy", + "http_method": "POST", + "version": "v2", + }, + params_map={ + "body": { + "required": True, + "openapi_types": (ApplicationSecurityPolicyCreateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + self._delete_application_security_waf_custom_rule_endpoint = _Endpoint( settings={ "response_type": None, @@ -134,6 +162,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._delete_application_security_waf_policy_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/remote_config/products/asm/waf/policies/{policy_id}", + "operation_id": "delete_application_security_waf_policy", + "http_method": "DELETE", + "version": "v2", + }, + params_map={ + "policy_id": { + "required": True, + "openapi_types": (str,), + "attribute": "policy_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + self._get_application_security_waf_custom_rule_endpoint = _Endpoint( settings={ "response_type": (ApplicationSecurityWafCustomRuleResponse,), @@ -180,6 +231,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_application_security_waf_policy_endpoint = _Endpoint( + settings={ + "response_type": (ApplicationSecurityPolicyResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/remote_config/products/asm/waf/policies/{policy_id}", + "operation_id": "get_application_security_waf_policy", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "policy_id": { + "required": True, + "openapi_types": (str,), + "attribute": "policy_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._list_application_security_waf_custom_rules_endpoint = _Endpoint( settings={ "response_type": (ApplicationSecurityWafCustomRuleListResponse,), @@ -212,6 +286,22 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._list_application_security_waf_policies_endpoint = _Endpoint( + settings={ + "response_type": (ApplicationSecurityPolicyListResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/remote_config/products/asm/waf/policies", + "operation_id": "list_application_security_waf_policies", + "http_method": "GET", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._update_application_security_waf_custom_rule_endpoint = _Endpoint( settings={ "response_type": (ApplicationSecurityWafCustomRuleResponse,), @@ -264,6 +354,32 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._update_application_security_waf_policy_endpoint = _Endpoint( + settings={ + "response_type": (ApplicationSecurityPolicyResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/remote_config/products/asm/waf/policies/{policy_id}", + "operation_id": "update_application_security_waf_policy", + "http_method": "PUT", + "version": "v2", + }, + params_map={ + "policy_id": { + "required": True, + "openapi_types": (str,), + "attribute": "policy_id", + "location": "path", + }, + "body": { + "required": True, + "openapi_types": (ApplicationSecurityPolicyUpdateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + def create_application_security_waf_custom_rule( self, body: ApplicationSecurityWafCustomRuleCreateRequest, @@ -301,6 +417,23 @@ def create_application_security_waf_exclusion_filter( return self._create_application_security_waf_exclusion_filter_endpoint.call_with_http_info(**kwargs) + def create_application_security_waf_policy( + self, + body: ApplicationSecurityPolicyCreateRequest, + ) -> ApplicationSecurityPolicyResponse: + """Create a WAF Policy. + + Create a new WAF policy. + + :param body: The new WAF policy. + :type body: ApplicationSecurityPolicyCreateRequest + :rtype: ApplicationSecurityPolicyResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["body"] = body + + return self._create_application_security_waf_policy_endpoint.call_with_http_info(**kwargs) + def delete_application_security_waf_custom_rule( self, custom_rule_id: str, @@ -335,6 +468,23 @@ def delete_application_security_waf_exclusion_filter( return self._delete_application_security_waf_exclusion_filter_endpoint.call_with_http_info(**kwargs) + def delete_application_security_waf_policy( + self, + policy_id: str, + ) -> None: + """Delete a WAF Policy. + + Delete a specific WAF policy. + + :param policy_id: The ID of the policy. + :type policy_id: str + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["policy_id"] = policy_id + + return self._delete_application_security_waf_policy_endpoint.call_with_http_info(**kwargs) + def get_application_security_waf_custom_rule( self, custom_rule_id: str, @@ -369,6 +519,23 @@ def get_application_security_waf_exclusion_filter( return self._get_application_security_waf_exclusion_filter_endpoint.call_with_http_info(**kwargs) + def get_application_security_waf_policy( + self, + policy_id: str, + ) -> ApplicationSecurityPolicyResponse: + """Get a WAF Policy. + + Retrieve a WAF policy by ID. + + :param policy_id: The ID of the policy. + :type policy_id: str + :rtype: ApplicationSecurityPolicyResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["policy_id"] = policy_id + + return self._get_application_security_waf_policy_endpoint.call_with_http_info(**kwargs) + def list_application_security_waf_custom_rules( self, ) -> ApplicationSecurityWafCustomRuleListResponse: @@ -393,6 +560,18 @@ def list_application_security_waf_exclusion_filters( kwargs: Dict[str, Any] = {} return self._list_application_security_waf_exclusion_filters_endpoint.call_with_http_info(**kwargs) + def list_application_security_waf_policies( + self, + ) -> ApplicationSecurityPolicyListResponse: + """List all WAF policies. + + Retrieve a list of WAF policies. + + :rtype: ApplicationSecurityPolicyListResponse + """ + kwargs: Dict[str, Any] = {} + return self._list_application_security_waf_policies_endpoint.call_with_http_info(**kwargs) + def update_application_security_waf_custom_rule( self, custom_rule_id: str, @@ -438,3 +617,26 @@ def update_application_security_waf_exclusion_filter( kwargs["body"] = body return self._update_application_security_waf_exclusion_filter_endpoint.call_with_http_info(**kwargs) + + def update_application_security_waf_policy( + self, + policy_id: str, + body: ApplicationSecurityPolicyUpdateRequest, + ) -> ApplicationSecurityPolicyResponse: + """Update a WAF Policy. + + Update a specific WAF policy. + Returns the Policy object when the request is successful. + + :param policy_id: The ID of the policy. + :type policy_id: str + :param body: New WAF Policy. + :type body: ApplicationSecurityPolicyUpdateRequest + :rtype: ApplicationSecurityPolicyResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["policy_id"] = policy_id + + kwargs["body"] = body + + return self._update_application_security_waf_policy_endpoint.call_with_http_info(**kwargs) diff --git a/src/datadog_api_client/v2/model/application_security_policy_attributes.py b/src/datadog_api_client/v2/model/application_security_policy_attributes.py new file mode 100644 index 0000000000..f17f976385 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_attributes.py @@ -0,0 +1,99 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_rule_override import ( + ApplicationSecurityPolicyRuleOverride, + ) + from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope + + +class ApplicationSecurityPolicyAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_rule_override import ( + ApplicationSecurityPolicyRuleOverride, + ) + from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope + + return { + "description": (str,), + "is_default": (bool,), + "name": (str,), + "protection_presets": ([str],), + "rules": ([ApplicationSecurityPolicyRuleOverride],), + "scope": ([ApplicationSecurityPolicyScope],), + "version": (int,), + } + + attribute_map = { + "description": "description", + "is_default": "isDefault", + "name": "name", + "protection_presets": "protectionPresets", + "rules": "rules", + "scope": "scope", + "version": "version", + } + + def __init__( + self_, + description: str, + name: str, + is_default: Union[bool, UnsetType] = unset, + protection_presets: Union[List[str], UnsetType] = unset, + rules: Union[List[ApplicationSecurityPolicyRuleOverride], UnsetType] = unset, + scope: Union[List[ApplicationSecurityPolicyScope], UnsetType] = unset, + version: Union[int, UnsetType] = unset, + **kwargs, + ): + """ + A WAF policy. + + :param description: Description of the WAF policy. + :type description: str + + :param is_default: Make this policy the default policy. The default policy is applied to every services not specifically added to another policy. + :type is_default: bool, optional + + :param name: The Name of the WAF policy. + :type name: str + + :param protection_presets: Presets enabled on this policy. + :type protection_presets: [str], optional + + :param rules: Rule overrides applied by the policy. + :type rules: [ApplicationSecurityPolicyRuleOverride], optional + + :param scope: The scope of the WAF policy. + :type scope: [ApplicationSecurityPolicyScope], optional + + :param version: Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value. + :type version: int, optional + """ + if is_default is not unset: + kwargs["is_default"] = is_default + if protection_presets is not unset: + kwargs["protection_presets"] = protection_presets + if rules is not unset: + kwargs["rules"] = rules + if scope is not unset: + kwargs["scope"] = scope + if version is not unset: + kwargs["version"] = version + super().__init__(kwargs) + + self_.description = description + self_.name = name diff --git a/src/datadog_api_client/v2/model/application_security_policy_create_attributes.py b/src/datadog_api_client/v2/model/application_security_policy_create_attributes.py new file mode 100644 index 0000000000..6dc4e5c809 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_create_attributes.py @@ -0,0 +1,106 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_rule_override import ( + ApplicationSecurityPolicyRuleOverride, + ) + from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope + + +class ApplicationSecurityPolicyCreateAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_rule_override import ( + ApplicationSecurityPolicyRuleOverride, + ) + from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope + + return { + "based_on": (str,), + "description": (str,), + "is_default": (bool,), + "name": (str,), + "protection_presets": ([str],), + "rules": ([ApplicationSecurityPolicyRuleOverride],), + "scope": ([ApplicationSecurityPolicyScope],), + "version": (int,), + } + + attribute_map = { + "based_on": "basedOn", + "description": "description", + "is_default": "isDefault", + "name": "name", + "protection_presets": "protectionPresets", + "rules": "rules", + "scope": "scope", + "version": "version", + } + + def __init__( + self_, + based_on: str, + description: str, + name: str, + is_default: Union[bool, UnsetType] = unset, + protection_presets: Union[List[str], UnsetType] = unset, + rules: Union[List[ApplicationSecurityPolicyRuleOverride], UnsetType] = unset, + scope: Union[List[ApplicationSecurityPolicyScope], UnsetType] = unset, + version: Union[int, UnsetType] = unset, + **kwargs, + ): + """ + Create a new WAF policy. + + :param based_on: When creating a new policy, clone the policy indicated by this identifier. + :type based_on: str + + :param description: Description of the WAF policy. + :type description: str + + :param is_default: Make this policy the default policy. The default policy is applied to every services not specifically added to another policy. + :type is_default: bool, optional + + :param name: The Name of the WAF policy. + :type name: str + + :param protection_presets: Presets enabled on this policy. + :type protection_presets: [str], optional + + :param rules: Rule overrides applied by the policy. + :type rules: [ApplicationSecurityPolicyRuleOverride], optional + + :param scope: The scope of the WAF policy. + :type scope: [ApplicationSecurityPolicyScope], optional + + :param version: Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value. + :type version: int, optional + """ + if is_default is not unset: + kwargs["is_default"] = is_default + if protection_presets is not unset: + kwargs["protection_presets"] = protection_presets + if rules is not unset: + kwargs["rules"] = rules + if scope is not unset: + kwargs["scope"] = scope + if version is not unset: + kwargs["version"] = version + super().__init__(kwargs) + + self_.based_on = based_on + self_.description = description + self_.name = name diff --git a/src/datadog_api_client/v2/model/application_security_policy_create_data.py b/src/datadog_api_client/v2/model/application_security_policy_create_data.py new file mode 100644 index 0000000000..2f174dd369 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_create_data.py @@ -0,0 +1,54 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_create_attributes import ( + ApplicationSecurityPolicyCreateAttributes, + ) + from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType + + +class ApplicationSecurityPolicyCreateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_create_attributes import ( + ApplicationSecurityPolicyCreateAttributes, + ) + from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType + + return { + "attributes": (ApplicationSecurityPolicyCreateAttributes,), + "type": (ApplicationSecurityPolicyType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__( + self_, attributes: ApplicationSecurityPolicyCreateAttributes, type: ApplicationSecurityPolicyType, **kwargs + ): + """ + Object for a single WAF policy. + + :param attributes: Create a new WAF policy. + :type attributes: ApplicationSecurityPolicyCreateAttributes + + :param type: The type of the resource. The value should always be ``policy``. + :type type: ApplicationSecurityPolicyType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.type = type diff --git a/src/datadog_api_client/v2/model/application_security_policy_create_request.py b/src/datadog_api_client/v2/model/application_security_policy_create_request.py new file mode 100644 index 0000000000..24dc944344 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_create_request.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_create_data import ApplicationSecurityPolicyCreateData + + +class ApplicationSecurityPolicyCreateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_create_data import ( + ApplicationSecurityPolicyCreateData, + ) + + return { + "data": (ApplicationSecurityPolicyCreateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: ApplicationSecurityPolicyCreateData, **kwargs): + """ + Request object that includes the policy to create. + + :param data: Object for a single WAF policy. + :type data: ApplicationSecurityPolicyCreateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/application_security_policy_data.py b/src/datadog_api_client/v2/model/application_security_policy_data.py new file mode 100644 index 0000000000..9cb45513c4 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_data.py @@ -0,0 +1,80 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_attributes import ApplicationSecurityPolicyAttributes + from datadog_api_client.v2.model.application_security_policy_metadata import ApplicationSecurityPolicyMetadata + from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType + + +class ApplicationSecurityPolicyData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_attributes import ( + ApplicationSecurityPolicyAttributes, + ) + from datadog_api_client.v2.model.application_security_policy_metadata import ApplicationSecurityPolicyMetadata + from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType + + return { + "attributes": (ApplicationSecurityPolicyAttributes,), + "id": (str,), + "metadata": (ApplicationSecurityPolicyMetadata,), + "type": (ApplicationSecurityPolicyType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "metadata": "metadata", + "type": "type", + } + read_only_vars = { + "id", + "metadata", + } + + def __init__( + self_, + attributes: Union[ApplicationSecurityPolicyAttributes, UnsetType] = unset, + id: Union[str, UnsetType] = unset, + metadata: Union[ApplicationSecurityPolicyMetadata, UnsetType] = unset, + type: Union[ApplicationSecurityPolicyType, UnsetType] = unset, + **kwargs, + ): + """ + Object for a single WAF policy. + + :param attributes: A WAF policy. + :type attributes: ApplicationSecurityPolicyAttributes, optional + + :param id: The ID of the policy. + :type id: str, optional + + :param metadata: Metadata associated with the WAF policy. + :type metadata: ApplicationSecurityPolicyMetadata, optional + + :param type: The type of the resource. The value should always be ``policy``. + :type type: ApplicationSecurityPolicyType, optional + """ + if attributes is not unset: + kwargs["attributes"] = attributes + if id is not unset: + kwargs["id"] = id + if metadata is not unset: + kwargs["metadata"] = metadata + if type is not unset: + kwargs["type"] = type + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/application_security_policy_list_response.py b/src/datadog_api_client/v2/model/application_security_policy_list_response.py new file mode 100644 index 0000000000..bd0aec2215 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_list_response.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_data import ApplicationSecurityPolicyData + + +class ApplicationSecurityPolicyListResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_data import ApplicationSecurityPolicyData + + return { + "data": ([ApplicationSecurityPolicyData],), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: Union[List[ApplicationSecurityPolicyData], UnsetType] = unset, **kwargs): + """ + Response object that includes a list of WAF policies. + + :param data: The WAF policy data. + :type data: [ApplicationSecurityPolicyData], optional + """ + if data is not unset: + kwargs["data"] = data + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/application_security_policy_metadata.py b/src/datadog_api_client/v2/model/application_security_policy_metadata.py new file mode 100644 index 0000000000..6a1a504bca --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_metadata.py @@ -0,0 +1,81 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + datetime, + unset, + UnsetType, +) + + +class ApplicationSecurityPolicyMetadata(ModelNormal): + @cached_property + def openapi_types(_): + return { + "added_at": (datetime,), + "added_by": (str,), + "added_by_name": (str,), + "modified_at": (datetime,), + "modified_by": (str,), + "modified_by_name": (str,), + } + + attribute_map = { + "added_at": "added_at", + "added_by": "added_by", + "added_by_name": "added_by_name", + "modified_at": "modified_at", + "modified_by": "modified_by", + "modified_by_name": "modified_by_name", + } + + def __init__( + self_, + added_at: Union[datetime, UnsetType] = unset, + added_by: Union[str, UnsetType] = unset, + added_by_name: Union[str, UnsetType] = unset, + modified_at: Union[datetime, UnsetType] = unset, + modified_by: Union[str, UnsetType] = unset, + modified_by_name: Union[str, UnsetType] = unset, + **kwargs, + ): + """ + Metadata associated with the WAF policy. + + :param added_at: The date and time the WAF policy was created. + :type added_at: datetime, optional + + :param added_by: The handle of the user who created the WAF policy. + :type added_by: str, optional + + :param added_by_name: The name of the user who created the WAF policy. + :type added_by_name: str, optional + + :param modified_at: The date and time the WAF policy was last updated. + :type modified_at: datetime, optional + + :param modified_by: The handle of the user who last updated the WAF policy. + :type modified_by: str, optional + + :param modified_by_name: The name of the user who last updated the WAF policy. + :type modified_by_name: str, optional + """ + if added_at is not unset: + kwargs["added_at"] = added_at + if added_by is not unset: + kwargs["added_by"] = added_by + if added_by_name is not unset: + kwargs["added_by_name"] = added_by_name + if modified_at is not unset: + kwargs["modified_at"] = modified_at + if modified_by is not unset: + kwargs["modified_by"] = modified_by + if modified_by_name is not unset: + kwargs["modified_by_name"] = modified_by_name + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/application_security_policy_response.py b/src/datadog_api_client/v2/model/application_security_policy_response.py new file mode 100644 index 0000000000..98d5dc8b1b --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_response.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_data import ApplicationSecurityPolicyData + + +class ApplicationSecurityPolicyResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_data import ApplicationSecurityPolicyData + + return { + "data": (ApplicationSecurityPolicyData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: Union[ApplicationSecurityPolicyData, UnsetType] = unset, **kwargs): + """ + Response object that includes a single WAF policy. + + :param data: Object for a single WAF policy. + :type data: ApplicationSecurityPolicyData, optional + """ + if data is not unset: + kwargs["data"] = data + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/application_security_policy_rule_override.py b/src/datadog_api_client/v2/model/application_security_policy_rule_override.py new file mode 100644 index 0000000000..d6bd39f72a --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_rule_override.py @@ -0,0 +1,45 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +class ApplicationSecurityPolicyRuleOverride(ModelNormal): + @cached_property + def openapi_types(_): + return { + "blocking": (bool,), + "enabled": (bool,), + "id": (str,), + } + + attribute_map = { + "blocking": "blocking", + "enabled": "enabled", + "id": "id", + } + + def __init__(self_, blocking: bool, enabled: bool, id: str, **kwargs): + """ + Override WAF rule parameters for services in a policy. + + :param blocking: When blocking is enabled, the rule will block the traffic matched by this rule. + :type blocking: bool + + :param enabled: When false, this rule will not match any traffic. + :type enabled: bool + + :param id: Override the parameters for this WAF rule identifier. + :type id: str + """ + super().__init__(kwargs) + + self_.blocking = blocking + self_.enabled = enabled + self_.id = id diff --git a/src/datadog_api_client/v2/model/application_security_policy_scope.py b/src/datadog_api_client/v2/model/application_security_policy_scope.py new file mode 100644 index 0000000000..a8cfc31245 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_scope.py @@ -0,0 +1,39 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +class ApplicationSecurityPolicyScope(ModelNormal): + @cached_property + def openapi_types(_): + return { + "env": (str,), + "service": (str,), + } + + attribute_map = { + "env": "env", + "service": "service", + } + + def __init__(self_, env: str, service: str, **kwargs): + """ + The scope of the WAF policy. + + :param env: The environment scope for the WAF policy. + :type env: str + + :param service: The service scope for the WAF policy. + :type service: str + """ + super().__init__(kwargs) + + self_.env = env + self_.service = service diff --git a/src/datadog_api_client/v2/model/application_security_policy_type.py b/src/datadog_api_client/v2/model/application_security_policy_type.py new file mode 100644 index 0000000000..0d21e5358d --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class ApplicationSecurityPolicyType(ModelSimple): + """ + The type of the resource. The value should always be `policy`. + + :param value: If omitted defaults to "policy". Must be one of ["policy"]. + :type value: str + """ + + allowed_values = { + "policy", + } + POLICY: ClassVar["ApplicationSecurityPolicyType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +ApplicationSecurityPolicyType.POLICY = ApplicationSecurityPolicyType("policy") diff --git a/src/datadog_api_client/v2/model/application_security_policy_update_attributes.py b/src/datadog_api_client/v2/model/application_security_policy_update_attributes.py new file mode 100644 index 0000000000..4ff7c8df06 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_update_attributes.py @@ -0,0 +1,92 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_rule_override import ( + ApplicationSecurityPolicyRuleOverride, + ) + from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope + + +class ApplicationSecurityPolicyUpdateAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_rule_override import ( + ApplicationSecurityPolicyRuleOverride, + ) + from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope + + return { + "description": (str,), + "is_default": (bool,), + "name": (str,), + "protection_presets": ([str],), + "rules": ([ApplicationSecurityPolicyRuleOverride],), + "scope": ([ApplicationSecurityPolicyScope],), + "version": (int,), + } + + attribute_map = { + "description": "description", + "is_default": "isDefault", + "name": "name", + "protection_presets": "protectionPresets", + "rules": "rules", + "scope": "scope", + "version": "version", + } + + def __init__( + self_, + description: str, + is_default: bool, + name: str, + protection_presets: List[str], + rules: List[ApplicationSecurityPolicyRuleOverride], + scope: List[ApplicationSecurityPolicyScope], + **kwargs, + ): + """ + Update a WAF policy. + + :param description: Description of the WAF policy. + :type description: str + + :param is_default: Make this policy the default policy. The default policy is applied to every services not specifically added to another policy. + :type is_default: bool + + :param name: The Name of the WAF policy. + :type name: str + + :param protection_presets: Presets enabled on this policy. + :type protection_presets: [str] + + :param rules: Rule overrides applied by the policy. + :type rules: [ApplicationSecurityPolicyRuleOverride] + + :param scope: The scope of the WAF policy. + :type scope: [ApplicationSecurityPolicyScope] + + :param version: Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value. + :type version: int + """ + super().__init__(kwargs) + version = kwargs.get("version", 0) + + self_.description = description + self_.is_default = is_default + self_.name = name + self_.protection_presets = protection_presets + self_.rules = rules + self_.scope = scope + self_.version = version diff --git a/src/datadog_api_client/v2/model/application_security_policy_update_data.py b/src/datadog_api_client/v2/model/application_security_policy_update_data.py new file mode 100644 index 0000000000..dd6c2775a6 --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_update_data.py @@ -0,0 +1,54 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_update_attributes import ( + ApplicationSecurityPolicyUpdateAttributes, + ) + from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType + + +class ApplicationSecurityPolicyUpdateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_update_attributes import ( + ApplicationSecurityPolicyUpdateAttributes, + ) + from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType + + return { + "attributes": (ApplicationSecurityPolicyUpdateAttributes,), + "type": (ApplicationSecurityPolicyType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__( + self_, attributes: ApplicationSecurityPolicyUpdateAttributes, type: ApplicationSecurityPolicyType, **kwargs + ): + """ + Object for a single WAF policy. + + :param attributes: Update a WAF policy. + :type attributes: ApplicationSecurityPolicyUpdateAttributes + + :param type: The type of the resource. The value should always be ``policy``. + :type type: ApplicationSecurityPolicyType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.type = type diff --git a/src/datadog_api_client/v2/model/application_security_policy_update_request.py b/src/datadog_api_client/v2/model/application_security_policy_update_request.py new file mode 100644 index 0000000000..2548862d8b --- /dev/null +++ b/src/datadog_api_client/v2/model/application_security_policy_update_request.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.application_security_policy_update_data import ApplicationSecurityPolicyUpdateData + + +class ApplicationSecurityPolicyUpdateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.application_security_policy_update_data import ( + ApplicationSecurityPolicyUpdateData, + ) + + return { + "data": (ApplicationSecurityPolicyUpdateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: ApplicationSecurityPolicyUpdateData, **kwargs): + """ + Request object that includes the policy to update. + + :param data: Object for a single WAF policy. + :type data: ApplicationSecurityPolicyUpdateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 525d7e1a29..ebec58be44 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -156,6 +156,28 @@ from datadog_api_client.v2.model.application_key_update_request import ApplicationKeyUpdateRequest from datadog_api_client.v2.model.application_keys_sort import ApplicationKeysSort from datadog_api_client.v2.model.application_keys_type import ApplicationKeysType +from datadog_api_client.v2.model.application_security_policy_attributes import ApplicationSecurityPolicyAttributes +from datadog_api_client.v2.model.application_security_policy_create_attributes import ( + ApplicationSecurityPolicyCreateAttributes, +) +from datadog_api_client.v2.model.application_security_policy_create_data import ApplicationSecurityPolicyCreateData +from datadog_api_client.v2.model.application_security_policy_create_request import ( + ApplicationSecurityPolicyCreateRequest, +) +from datadog_api_client.v2.model.application_security_policy_data import ApplicationSecurityPolicyData +from datadog_api_client.v2.model.application_security_policy_list_response import ApplicationSecurityPolicyListResponse +from datadog_api_client.v2.model.application_security_policy_metadata import ApplicationSecurityPolicyMetadata +from datadog_api_client.v2.model.application_security_policy_response import ApplicationSecurityPolicyResponse +from datadog_api_client.v2.model.application_security_policy_rule_override import ApplicationSecurityPolicyRuleOverride +from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope +from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType +from datadog_api_client.v2.model.application_security_policy_update_attributes import ( + ApplicationSecurityPolicyUpdateAttributes, +) +from datadog_api_client.v2.model.application_security_policy_update_data import ApplicationSecurityPolicyUpdateData +from datadog_api_client.v2.model.application_security_policy_update_request import ( + ApplicationSecurityPolicyUpdateRequest, +) from datadog_api_client.v2.model.application_security_waf_custom_rule_action import ( ApplicationSecurityWafCustomRuleAction, ) @@ -4560,6 +4582,20 @@ "ApplicationKeyUpdateRequest", "ApplicationKeysSort", "ApplicationKeysType", + "ApplicationSecurityPolicyAttributes", + "ApplicationSecurityPolicyCreateAttributes", + "ApplicationSecurityPolicyCreateData", + "ApplicationSecurityPolicyCreateRequest", + "ApplicationSecurityPolicyData", + "ApplicationSecurityPolicyListResponse", + "ApplicationSecurityPolicyMetadata", + "ApplicationSecurityPolicyResponse", + "ApplicationSecurityPolicyRuleOverride", + "ApplicationSecurityPolicyScope", + "ApplicationSecurityPolicyType", + "ApplicationSecurityPolicyUpdateAttributes", + "ApplicationSecurityPolicyUpdateData", + "ApplicationSecurityPolicyUpdateRequest", "ApplicationSecurityWafCustomRuleAction", "ApplicationSecurityWafCustomRuleActionAction", "ApplicationSecurityWafCustomRuleActionParameters", diff --git a/tests/v2/features/application_security.feature b/tests/v2/features/application_security.feature index f10a470ff2..fa4288ef7c 100644 --- a/tests/v2/features/application_security.feature +++ b/tests/v2/features/application_security.feature @@ -13,6 +13,27 @@ Feature: Application Security And a valid "appKeyAuth" key in the system And an instance of "ApplicationSecurity" API + @generated @skip @team:DataDog/asm-backend + Scenario: Create a WAF Policy returns "Bad Request" response + Given new "CreateApplicationSecurityWafPolicy" request + And body with value {"data": {"attributes": {"basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/asm-backend + Scenario: Create a WAF Policy returns "Concurrent Modification" response + Given new "CreateApplicationSecurityWafPolicy" request + And body with value {"data": {"attributes": {"basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}} + When the request is sent + Then the response status is 409 Concurrent Modification + + @generated @skip @team:DataDog/asm-backend + Scenario: Create a WAF Policy returns "Created" response + Given new "CreateApplicationSecurityWafPolicy" request + And body with value {"data": {"attributes": {"basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}} + When the request is sent + Then the response status is 201 Created + @generated @skip @team:DataDog/asm-backend Scenario: Create a WAF custom rule returns "Bad Request" response Given new "CreateApplicationSecurityWafCustomRule" request @@ -84,6 +105,27 @@ Feature: Application Security When the request is sent Then the response status is 404 Not Found + @generated @skip @team:DataDog/asm-backend + Scenario: Delete a WAF Policy returns "Concurrent Modification" response + Given new "DeleteApplicationSecurityWafPolicy" request + And request contains "policy_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 409 Concurrent Modification + + @generated @skip @team:DataDog/asm-backend + Scenario: Delete a WAF Policy returns "No Content" response + Given new "DeleteApplicationSecurityWafPolicy" request + And request contains "policy_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 204 No Content + + @generated @skip @team:DataDog/asm-backend + Scenario: Delete a WAF Policy returns "Not Found" response + Given new "DeleteApplicationSecurityWafPolicy" request + And request contains "policy_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + @generated @skip @team:DataDog/asm-backend Scenario: Delete a WAF exclusion filter returns "Concurrent Modification" response Given new "DeleteApplicationSecurityWafExclusionFilter" request @@ -106,6 +148,13 @@ Feature: Application Security When the request is sent Then the response status is 204 OK + @generated @skip @team:DataDog/asm-backend + Scenario: Get a WAF Policy returns "OK" response + Given new "GetApplicationSecurityWafPolicy" request + And request contains "policy_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/asm-backend Scenario: Get a WAF custom rule returns "OK" response Given new "GetApplicationSecurityWafCustomRule" request @@ -140,6 +189,12 @@ Feature: Application Security When the request is sent Then the response status is 200 OK + @generated @skip @team:DataDog/asm-backend + Scenario: List all WAF policies returns "OK" response + Given new "ListApplicationSecurityWAFPolicies" request + When the request is sent + Then the response status is 200 OK + @team:DataDog/asm-backend Scenario: Update a WAF Custom Rule returns "Bad Request" response Given there is a valid "custom_rule" in the system @@ -174,6 +229,38 @@ Feature: Application Security When the request is sent Then the response status is 200 OK + @generated @skip @team:DataDog/asm-backend + Scenario: Update a WAF Policy returns "Bad Request" response + Given new "UpdateApplicationSecurityWafPolicy" request + And request contains "policy_id" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/asm-backend + Scenario: Update a WAF Policy returns "Concurrent Modification" response + Given new "UpdateApplicationSecurityWafPolicy" request + And request contains "policy_id" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}} + When the request is sent + Then the response status is 409 Concurrent Modification + + @generated @skip @team:DataDog/asm-backend + Scenario: Update a WAF Policy returns "Not Found" response + Given new "UpdateApplicationSecurityWafPolicy" request + And request contains "policy_id" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}} + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/asm-backend + Scenario: Update a WAF Policy returns "OK" response + Given new "UpdateApplicationSecurityWafPolicy" request + And request contains "policy_id" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}} + When the request is sent + Then the response status is 200 OK + @team:DataDog/asm-backend Scenario: Update a WAF exclusion filter returns "Bad Request" response Given there is a valid "custom_rule" in the system diff --git a/tests/v2/features/given.json b/tests/v2/features/given.json index 06f7f855c1..24cd82910f 100644 --- a/tests/v2/features/given.json +++ b/tests/v2/features/given.json @@ -693,6 +693,18 @@ "tag": "Application Security", "operationId": "CreateApplicationSecurityWafExclusionFilter" }, + { + "parameters": [ + { + "name": "body", + "value": "{\n \"data\": {\n \"type\": \"policy\",\n \"attributes\": {\n \"name\": \"Test policy\",\n \"description\": \"This is a test policy.\",\n \"basedOn\": \"recommended\"\n }\n }\n}" + } + ], + "step": "there is a valid \"policy\" in the system", + "key": "policy", + "tag": "Application Security", + "operationId": "CreateApplicationSecurityWafPolicy" + }, { "parameters": [ { diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index c4c269d3ca..01cf520a88 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -2715,6 +2715,43 @@ "type": "idempotent" } }, + "ListApplicationSecurityWAFPolicies": { + "tag": "Application Security", + "undo": { + "type": "safe" + } + }, + "CreateApplicationSecurityWafPolicy": { + "tag": "Application Security", + "undo": { + "operationId": "DeleteApplicationSecurityWafPolicy", + "parameters": [ + { + "name": "policy_id", + "source": "data.id" + } + ], + "type": "unsafe" + } + }, + "DeleteApplicationSecurityWafPolicy": { + "tag": "Application Security", + "undo": { + "type": "idempotent" + } + }, + "GetApplicationSecurityWafPolicy": { + "tag": "Application Security", + "undo": { + "type": "safe" + } + }, + "UpdateApplicationSecurityWafPolicy": { + "tag": "Application Security", + "undo": { + "type": "idempotent" + } + }, "ListCSMThreatsAgentRules": { "tag": "CSM Threats", "undo": {