diff --git a/.apigentools-info b/.apigentools-info index 6db19ca931a7..033d528ca250 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2025-01-07 19:53:42.897987", - "spec_repo_commit": "d63fa330" + "regenerated": "2025-01-08 14:02:31.156850", + "spec_repo_commit": "1920836f" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2025-01-07 19:53:42.913387", - "spec_repo_commit": "d63fa330" + "regenerated": "2025-01-08 14:02:31.172021", + "spec_repo_commit": "1920836f" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index ede090899d55..fadab8d3ec6e 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -2732,6 +2732,57 @@ components: $ref: '#/components/schemas/AwsCURConfig' type: array type: object + AwsScanOptionsAttributes: + description: Attributes for the AWS scan options. + properties: + lambda: + description: Indicates if scanning of Lambda functions is enabled. + example: true + type: boolean + sensitive_data: + description: Indicates if scanning for sensitive data is enabled. + example: false + type: boolean + vuln_containers_os: + description: Indicates if scanning for vulnerabilities in containers is + enabled. + example: true + type: boolean + vuln_host_os: + description: Indicates if scanning for vulnerabilities in hosts is enabled. + example: true + type: boolean + type: object + AwsScanOptionsData: + description: Single AWS Scan Options entry. + properties: + attributes: + $ref: '#/components/schemas/AwsScanOptionsAttributes' + id: + description: The ID of the AWS account. + example: '184366314700' + type: string + type: + $ref: '#/components/schemas/AwsScanOptionsType' + type: object + AwsScanOptionsResponse: + description: Response object that includes a list of AWS scan options. + properties: + data: + description: A list of AWS scan options. + items: + $ref: '#/components/schemas/AwsScanOptionsData' + type: array + type: object + AwsScanOptionsType: + default: aws_scan_options + description: The type of the resource. The value should always be `aws_scan_options`. + enum: + - aws_scan_options + example: aws_scan_options + type: string + x-enum-varnames: + - AWS_SCAN_OPTIONS AzureUCConfig: description: Azure config. properties: @@ -30222,6 +30273,24 @@ info: version: '1.0' openapi: 3.0.0 paths: + /api/v2/agentless_scanning/accounts/aws: + get: + description: Fetches the scan options configured for AWS accounts. + operationId: ListAwsScanOptions + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AwsScanOptionsResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Get AWS Scan Options + tags: + - Agentless Scanning /api/v2/api_keys: get: description: List all API keys available for your account. @@ -48131,6 +48200,11 @@ tags: externalDocs: url: https://docs.datadoghq.com/integrations/amazon_web_services/#log-collection name: AWS Logs Integration +- description: "Datadog Agentless Scanning provides visibility into risks and vulnerabilities\nwithin + your hosts, running containers, and serverless functions\u2014all without\nrequiring + teams to install Agents on every host or where Agents cannot be installed.\nGo + to https://www.datadoghq.com/blog/agentless-scanning/ to learn more" + name: Agentless Scanning - description: Datadog App Builder provides a low-code solution to rapidly develop and integrate secure, customized applications into your monitoring stack that are built to accelerate remediation at scale. These API endpoints allow you to diff --git a/cassettes/v2/Agentless-Scanning_730042230/Get-AWS-Scan-Options-returns-OK-response_2545056747/frozen.json b/cassettes/v2/Agentless-Scanning_730042230/Get-AWS-Scan-Options-returns-OK-response_2545056747/frozen.json new file mode 100644 index 000000000000..146bd55a6d4f --- /dev/null +++ b/cassettes/v2/Agentless-Scanning_730042230/Get-AWS-Scan-Options-returns-OK-response_2545056747/frozen.json @@ -0,0 +1 @@ +"2024-12-18T15:40:11.636Z" diff --git a/cassettes/v2/Agentless-Scanning_730042230/Get-AWS-Scan-Options-returns-OK-response_2545056747/recording.har b/cassettes/v2/Agentless-Scanning_730042230/Get-AWS-Scan-Options-returns-OK-response_2545056747/recording.har new file mode 100644 index 000000000000..5f2fa4457896 --- /dev/null +++ b/cassettes/v2/Agentless-Scanning_730042230/Get-AWS-Scan-Options-returns-OK-response_2545056747/recording.har @@ -0,0 +1,57 @@ +{ + "log": { + "_recordingName": "Agentless Scanning/Get AWS Scan Options returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "2cb6ecfe386c3349268926da480a6b5d", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 530, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/agentless_scanning/accounts/aws" + }, + "response": { + "bodySize": 11, + "content": { + "mimeType": "application/vnd.api+json", + "size": 11, + "text": "{\"data\":[]}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 674, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2024-12-18T15:40:11.830Z", + "time": 308 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/examples/v2/agentless-scanning/ListAwsScanOptions.ts b/examples/v2/agentless-scanning/ListAwsScanOptions.ts new file mode 100644 index 000000000000..1272d5abce69 --- /dev/null +++ b/examples/v2/agentless-scanning/ListAwsScanOptions.ts @@ -0,0 +1,17 @@ +/** + * Get AWS Scan Options returns "OK" response + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +const apiInstance = new v2.AgentlessScanningApi(configuration); + +apiInstance + .listAwsScanOptions() + .then((data: v2.AwsScanOptionsResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/features/support/scenarios_model_mapping.ts b/features/support/scenarios_model_mapping.ts index 2009146cd831..8f8294e34508 100644 --- a/features/support/scenarios_model_mapping.ts +++ b/features/support/scenarios_model_mapping.ts @@ -2306,6 +2306,9 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = { "v1.Validate": { "operationResponseType": "AuthenticationValidationResponse", }, + "v2.ListAwsScanOptions": { + "operationResponseType": "AwsScanOptionsResponse", + }, "v2.ListAPIKeys": { "pageSize": { "type": "number", diff --git a/features/v2/agentless_scanning.feature b/features/v2/agentless_scanning.feature new file mode 100644 index 000000000000..d37dfee5eef1 --- /dev/null +++ b/features/v2/agentless_scanning.feature @@ -0,0 +1,16 @@ +@endpoint(agentless-scanning) @endpoint(agentless-scanning-v2) +Feature: Agentless Scanning + Datadog Agentless Scanning provides visibility into risks and + vulnerabilities within your hosts, running containers, and serverless + functions—all without requiring teams to install Agents on every host or + where Agents cannot be installed. Go to + https://www.datadoghq.com/blog/agentless-scanning/ to learn more + + @team:DataDog/k9-cloud-security-platform + Scenario: Get AWS Scan Options returns "OK" response + Given a valid "apiKeyAuth" key in the system + And a valid "appKeyAuth" key in the system + And an instance of "AgentlessScanning" API + And new "ListAwsScanOptions" request + When the request is sent + Then the response status is 200 OK diff --git a/features/v2/undo.json b/features/v2/undo.json index 80ce197c9313..d6c6e9de87c6 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -1,4 +1,10 @@ { + "ListAwsScanOptions": { + "tag": "Agentless Scanning", + "undo": { + "type": "safe" + } + }, "ListAPIKeys": { "tag": "Key Management", "undo": { diff --git a/packages/datadog-api-client-v2/apis/AgentlessScanningApi.ts b/packages/datadog-api-client-v2/apis/AgentlessScanningApi.ts new file mode 100644 index 000000000000..be154a1d586e --- /dev/null +++ b/packages/datadog-api-client-v2/apis/AgentlessScanningApi.ts @@ -0,0 +1,139 @@ +import { BaseAPIRequestFactory } from "../../datadog-api-client-common/baseapi"; +import { + Configuration, + applySecurityAuthentication, +} from "../../datadog-api-client-common/configuration"; +import { + RequestContext, + HttpMethod, + ResponseContext, +} from "../../datadog-api-client-common/http/http"; + +import { logger } from "../../../logger"; +import { ObjectSerializer } from "../models/ObjectSerializer"; +import { ApiException } from "../../datadog-api-client-common/exception"; + +import { APIErrorResponse } from "../models/APIErrorResponse"; +import { AwsScanOptionsResponse } from "../models/AwsScanOptionsResponse"; + +export class AgentlessScanningApiRequestFactory extends BaseAPIRequestFactory { + public async listAwsScanOptions( + _options?: Configuration + ): Promise { + const _config = _options || this.configuration; + + // Path Params + const localVarPath = "/api/v2/agentless_scanning/accounts/aws"; + + // Make Request Context + const requestContext = _config + .getServer("v2.AgentlessScanningApi.listAwsScanOptions") + .makeRequestContext(localVarPath, HttpMethod.GET); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + ]); + + return requestContext; + } +} + +export class AgentlessScanningApiResponseProcessor { + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to listAwsScanOptions + * @throws ApiException if the response code was not in [200, 299] + */ + public async listAwsScanOptions( + response: ResponseContext + ): Promise { + const contentType = ObjectSerializer.normalizeMediaType( + response.headers["content-type"] + ); + if (response.httpStatusCode === 200) { + const body: AwsScanOptionsResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "AwsScanOptionsResponse" + ) as AwsScanOptionsResponse; + return body; + } + if (response.httpStatusCode === 403 || response.httpStatusCode === 429) { + const bodyText = ObjectSerializer.parse( + await response.body.text(), + contentType + ); + let body: APIErrorResponse; + try { + body = ObjectSerializer.deserialize( + bodyText, + "APIErrorResponse" + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + const body: AwsScanOptionsResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "AwsScanOptionsResponse", + "" + ) as AwsScanOptionsResponse; + return body; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"' + ); + } +} + +export class AgentlessScanningApi { + private requestFactory: AgentlessScanningApiRequestFactory; + private responseProcessor: AgentlessScanningApiResponseProcessor; + private configuration: Configuration; + + public constructor( + configuration: Configuration, + requestFactory?: AgentlessScanningApiRequestFactory, + responseProcessor?: AgentlessScanningApiResponseProcessor + ) { + this.configuration = configuration; + this.requestFactory = + requestFactory || new AgentlessScanningApiRequestFactory(configuration); + this.responseProcessor = + responseProcessor || new AgentlessScanningApiResponseProcessor(); + } + + /** + * Fetches the scan options configured for AWS accounts. + * @param param The request object + */ + public listAwsScanOptions( + options?: Configuration + ): Promise { + const requestContextPromise = + this.requestFactory.listAwsScanOptions(options); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.listAwsScanOptions(responseContext); + }); + }); + } +} diff --git a/packages/datadog-api-client-v2/index.ts b/packages/datadog-api-client-v2/index.ts index 635977a878b8..86cf9b204f91 100644 --- a/packages/datadog-api-client-v2/index.ts +++ b/packages/datadog-api-client-v2/index.ts @@ -27,6 +27,8 @@ export { export { AWSLogsIntegrationApi } from "./apis/AWSLogsIntegrationApi"; +export { AgentlessScanningApi } from "./apis/AgentlessScanningApi"; + export { AppsApiCreateAppRequest, AppsApiDeleteAppRequest, @@ -742,6 +744,10 @@ export { AWSRegions } from "./models/AWSRegions"; export { AWSRegionsIncludeAll } from "./models/AWSRegionsIncludeAll"; export { AWSRegionsIncludeOnly } from "./models/AWSRegionsIncludeOnly"; export { AWSResourcesConfig } from "./models/AWSResourcesConfig"; +export { AwsScanOptionsAttributes } from "./models/AwsScanOptionsAttributes"; +export { AwsScanOptionsData } from "./models/AwsScanOptionsData"; +export { AwsScanOptionsResponse } from "./models/AwsScanOptionsResponse"; +export { AwsScanOptionsType } from "./models/AwsScanOptionsType"; export { AWSTracesConfig } from "./models/AWSTracesConfig"; export { AzureUCConfig } from "./models/AzureUCConfig"; export { AzureUCConfigPair } from "./models/AzureUCConfigPair"; diff --git a/packages/datadog-api-client-v2/models/AwsScanOptionsAttributes.ts b/packages/datadog-api-client-v2/models/AwsScanOptionsAttributes.ts new file mode 100644 index 000000000000..fb062815a221 --- /dev/null +++ b/packages/datadog-api-client-v2/models/AwsScanOptionsAttributes.ts @@ -0,0 +1,76 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Attributes for the AWS scan options. + */ +export class AwsScanOptionsAttributes { + /** + * Indicates if scanning of Lambda functions is enabled. + */ + "lambda"?: boolean; + /** + * Indicates if scanning for sensitive data is enabled. + */ + "sensitiveData"?: boolean; + /** + * Indicates if scanning for vulnerabilities in containers is enabled. + */ + "vulnContainersOs"?: boolean; + /** + * Indicates if scanning for vulnerabilities in hosts is enabled. + */ + "vulnHostOs"?: boolean; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + lambda: { + baseName: "lambda", + type: "boolean", + }, + sensitiveData: { + baseName: "sensitive_data", + type: "boolean", + }, + vulnContainersOs: { + baseName: "vuln_containers_os", + type: "boolean", + }, + vulnHostOs: { + baseName: "vuln_host_os", + type: "boolean", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "any", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return AwsScanOptionsAttributes.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/AwsScanOptionsData.ts b/packages/datadog-api-client-v2/models/AwsScanOptionsData.ts new file mode 100644 index 000000000000..de3b1351b47f --- /dev/null +++ b/packages/datadog-api-client-v2/models/AwsScanOptionsData.ts @@ -0,0 +1,70 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { AwsScanOptionsAttributes } from "./AwsScanOptionsAttributes"; +import { AwsScanOptionsType } from "./AwsScanOptionsType"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Single AWS Scan Options entry. + */ +export class AwsScanOptionsData { + /** + * Attributes for the AWS scan options. + */ + "attributes"?: AwsScanOptionsAttributes; + /** + * The ID of the AWS account. + */ + "id"?: string; + /** + * The type of the resource. The value should always be `aws_scan_options`. + */ + "type"?: AwsScanOptionsType; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "AwsScanOptionsAttributes", + }, + id: { + baseName: "id", + type: "string", + }, + type: { + baseName: "type", + type: "AwsScanOptionsType", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "any", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return AwsScanOptionsData.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/AwsScanOptionsResponse.ts b/packages/datadog-api-client-v2/models/AwsScanOptionsResponse.ts new file mode 100644 index 000000000000..e70afe22c83c --- /dev/null +++ b/packages/datadog-api-client-v2/models/AwsScanOptionsResponse.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { AwsScanOptionsData } from "./AwsScanOptionsData"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Response object that includes a list of AWS scan options. + */ +export class AwsScanOptionsResponse { + /** + * A list of AWS scan options. + */ + "data"?: Array; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "Array", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "any", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return AwsScanOptionsResponse.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/AwsScanOptionsType.ts b/packages/datadog-api-client-v2/models/AwsScanOptionsType.ts new file mode 100644 index 000000000000..7d8310d41405 --- /dev/null +++ b/packages/datadog-api-client-v2/models/AwsScanOptionsType.ts @@ -0,0 +1,14 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * The type of the resource. The value should always be `aws_scan_options`. + */ + +export type AwsScanOptionsType = typeof AWS_SCAN_OPTIONS | UnparsedObject; +export const AWS_SCAN_OPTIONS = "aws_scan_options"; diff --git a/packages/datadog-api-client-v2/models/ObjectSerializer.ts b/packages/datadog-api-client-v2/models/ObjectSerializer.ts index 825c82d6ce6e..b67d3443ecac 100644 --- a/packages/datadog-api-client-v2/models/ObjectSerializer.ts +++ b/packages/datadog-api-client-v2/models/ObjectSerializer.ts @@ -98,6 +98,9 @@ import { AwsCURConfigPostRequest } from "./AwsCURConfigPostRequest"; import { AwsCURConfigPostRequestAttributes } from "./AwsCURConfigPostRequestAttributes"; import { AwsCURConfigResponse } from "./AwsCURConfigResponse"; import { AwsCURConfigsResponse } from "./AwsCURConfigsResponse"; +import { AwsScanOptionsAttributes } from "./AwsScanOptionsAttributes"; +import { AwsScanOptionsData } from "./AwsScanOptionsData"; +import { AwsScanOptionsResponse } from "./AwsScanOptionsResponse"; import { AzureUCConfig } from "./AzureUCConfig"; import { AzureUCConfigPair } from "./AzureUCConfigPair"; import { AzureUCConfigPairAttributes } from "./AzureUCConfigPairAttributes"; @@ -1572,6 +1575,7 @@ const enumsMap: { [key: string]: any[] } = { AwsCURConfigPatchRequestType: ["aws_cur_config_patch_request"], AwsCURConfigPostRequestType: ["aws_cur_config_post_request"], AwsCURConfigType: ["aws_cur_config"], + AwsScanOptionsType: ["aws_scan_options"], AzureUCConfigPairType: ["azure_uc_configs"], AzureUCConfigPatchRequestType: ["azure_uc_config_patch_request"], AzureUCConfigPostRequestType: ["azure_uc_config_post_request"], @@ -2391,6 +2395,9 @@ const typeMap: { [index: string]: any } = { AwsCURConfigPostRequestAttributes: AwsCURConfigPostRequestAttributes, AwsCURConfigResponse: AwsCURConfigResponse, AwsCURConfigsResponse: AwsCURConfigsResponse, + AwsScanOptionsAttributes: AwsScanOptionsAttributes, + AwsScanOptionsData: AwsScanOptionsData, + AwsScanOptionsResponse: AwsScanOptionsResponse, AzureUCConfig: AzureUCConfig, AzureUCConfigPair: AzureUCConfigPair, AzureUCConfigPairAttributes: AzureUCConfigPairAttributes,