Remove deprecated AgentRule field in Security Rules API for CWS

.generator/schemas/v2/openapi.yaml

@@ -4695,8 +4695,6 @@ components:
     SecurityMonitoringRuleQuery:
       description: Query for matching rule.
       properties:
-        agentRule:
-          $ref: '#/components/schemas/SecurityMonitoringRuntimeAgentRule'
         aggregation:
           $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
         distinctFields:
@@ -4741,8 +4739,6 @@ components:
     SecurityMonitoringRuleQueryCreate:
       description: Query for matching rule.
       properties:
-        agentRule:
-          $ref: '#/components/schemas/SecurityMonitoringRuntimeAgentRule'
         aggregation:
           $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
         distinctFields:
@@ -4925,24 +4921,6 @@ components:
           maximum: 2147483647
           type: integer
       type: object
-    SecurityMonitoringRuntimeAgentRule:
-      description: The Agent rule.
-      properties:
-        agentRuleId:
-          description: The Agent rule ID. Must be unique within the rule.
-          example: etc_shadow
-          type: string
-        expression:
-          description: 'A Runtime Security expression determines what activity should
-            be collected by the Datadog Agent.
-
-            These logical expressions can use predefined operators and attributes.
-            Tags cannot be used in Runtime
-
-            Security expressions. Instead, allow or deny based on tags under the advanced
-            option.'
-          type: string
-      type: object
     SecurityMonitoringSignal:
       description: Object description of a security signal.
       properties:

Makefile

@@ -1,5 +1,6 @@
 .PHONY: all
 all: .generator .env
+	@rm -rf ./lib/v1 ./lib/v2 ./spec/v1/api ./spec/v1/models ./spec/v2/api ./spec/v2/models
 	@docker-compose -f docker-compose.generator.yaml up
 	@mkdir -p docs/v1 docs/v2 spec/v1 spec/v2
 	@cp -r v1/lib/datadog_api_client ./lib/

cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-workload-security-returns-OK-response.frozen

@@ -1 +1 @@
-2021-08-16T07:49:00.464Z
+2021-12-22T16:20:11.758Z

docs/v2/README.md

@@ -433,7 +433,6 @@ All URIs are relative to *https://api.datadoghq.com*
 - [DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate](SecurityMonitoringRuleTypeCreate.md)
 - [DatadogAPIClient::V2::SecurityMonitoringRuleTypeRead](SecurityMonitoringRuleTypeRead.md)
 - [DatadogAPIClient::V2::SecurityMonitoringRuleUpdatePayload](SecurityMonitoringRuleUpdatePayload.md)
-- [DatadogAPIClient::V2::SecurityMonitoringRuntimeAgentRule](SecurityMonitoringRuntimeAgentRule.md)
 - [DatadogAPIClient::V2::SecurityMonitoringSignal](SecurityMonitoringSignal.md)
 - [DatadogAPIClient::V2::SecurityMonitoringSignalAttributes](SecurityMonitoringSignalAttributes.md)
 - [DatadogAPIClient::V2::SecurityMonitoringSignalListRequest](SecurityMonitoringSignalListRequest.md)

docs/v2/SecurityMonitoringRuleQuery.md

@@ -4,7 +4,6 @@
 
 | Name                | Type                                                                                    | Description                                                                | Notes      |
 | ------------------- | --------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- | ---------- |
-| **agent_rule**      | [**SecurityMonitoringRuntimeAgentRule**](SecurityMonitoringRuntimeAgentRule.md)         |                                                                            | [optional] |
 | **aggregation**     | [**SecurityMonitoringRuleQueryAggregation**](SecurityMonitoringRuleQueryAggregation.md) |                                                                            | [optional] |
 | **distinct_fields** | **Array<String>**                                                                 | Field for which the cardinality is measured. Sent as an array.             | [optional] |
 | **group_by_fields** | **Array<String>**                                                                 | Fields to group by.                                                        | [optional] |
@@ -18,7 +17,6 @@
 require 'datadog_api_client/v2'
 
 instance = DatadogAPIClient::V2::SecurityMonitoringRuleQuery.new(
-  agent_rule: null,
   aggregation: null,
   distinct_fields: null,
   group_by_fields: null,

docs/v2/SecurityMonitoringRuleQueryCreate.md

@@ -4,7 +4,6 @@
 
 | Name                | Type                                                                                    | Description                                                                | Notes      |
 | ------------------- | --------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- | ---------- |
-| **agent_rule**      | [**SecurityMonitoringRuntimeAgentRule**](SecurityMonitoringRuntimeAgentRule.md)         |                                                                            | [optional] |
 | **aggregation**     | [**SecurityMonitoringRuleQueryAggregation**](SecurityMonitoringRuleQueryAggregation.md) |                                                                            | [optional] |
 | **distinct_fields** | **Array<String>**                                                                 | Field for which the cardinality is measured. Sent as an array.             | [optional] |
 | **group_by_fields** | **Array<String>**                                                                 | Fields to group by.                                                        | [optional] |
@@ -18,7 +17,6 @@
 require 'datadog_api_client/v2'
 
 instance = DatadogAPIClient::V2::SecurityMonitoringRuleQueryCreate.new(
-  agent_rule: null,
   aggregation: null,
   distinct_fields: null,
   group_by_fields: null,

examples/v2/security-monitoring/CreateSecurityMonitoringRule_498211763.rb

@@ -12,10 +12,6 @@
       group_by_fields: [],
       distinct_fields: [],
       metric: "",
-      agent_rule: DatadogAPIClient::V2::SecurityMonitoringRuntimeAgentRule.new({
-        agent_rule_id: "kernel_module_unlink_2",
-        expression: "(open.flags & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)",
-      }),
     }),
   ],
   filters: [],

features/v2/security_monitoring.feature

@@ -24,7 +24,7 @@ Feature: Security Monitoring
   @team:DataDog/security-monitoring
   Scenario: Create a detection rule with type 'workload_security' returns "OK" response
     Given new "CreateSecurityMonitoringRule" request
-    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":"", "agentRule":{"agentRuleId": "kernel_module_unlink_2", "expression": "(open.flags & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)"}}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type": "workload_security"}
+    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type": "workload_security"}
     When the request is sent
     Then the response status is 200 OK
 
@@ -207,22 +207,22 @@ Feature: Security Monitoring
   Scenario: Update an existing rule returns "Bad Request" response
     Given new "UpdateSecurityMonitoringRule" request
     And request contains "rule_id" parameter from "REPLACE.ME"
-    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"agentRule": {"agentRuleId": "etc_shadow", "expression": null}, "aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
+    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
     When the request is sent
     Then the response status is 400 Bad Request
 
   @generated @skip @team:DataDog/security-monitoring
   Scenario: Update an existing rule returns "Not Found" response
     Given new "UpdateSecurityMonitoringRule" request
     And request contains "rule_id" parameter from "REPLACE.ME"
-    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"agentRule": {"agentRuleId": "etc_shadow", "expression": null}, "aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
+    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
     When the request is sent
     Then the response status is 404 Not Found
 
   @generated @skip @team:DataDog/security-monitoring
   Scenario: Update an existing rule returns "OK" response
     Given new "UpdateSecurityMonitoringRule" request
     And request contains "rule_id" parameter from "REPLACE.ME"
-    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"agentRule": {"agentRuleId": "etc_shadow", "expression": null}, "aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
+    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
     When the request is sent
     Then the response status is 200 OK

lib/datadog_api_client/v2.rb

@@ -318,7 +318,6 @@
 require 'datadog_api_client/v2/models/security_monitoring_rule_type_create'
 require 'datadog_api_client/v2/models/security_monitoring_rule_type_read'
 require 'datadog_api_client/v2/models/security_monitoring_rule_update_payload'
-require 'datadog_api_client/v2/models/security_monitoring_runtime_agent_rule'
 require 'datadog_api_client/v2/models/security_monitoring_signal'
 require 'datadog_api_client/v2/models/security_monitoring_signal_attributes'
 require 'datadog_api_client/v2/models/security_monitoring_signal_list_request'

lib/datadog_api_client/v2/models/security_monitoring_rule_query.rb

@@ -22,8 +22,6 @@ class SecurityMonitoringRuleQuery
     # whether the object has unparsed attributes
     attr_accessor :_unparsed
 
-    attr_accessor :agent_rule
-
     attr_accessor :aggregation
 
     # Field for which the cardinality is measured. Sent as an array.
@@ -44,7 +42,6 @@ class SecurityMonitoringRuleQuery
     # Attribute mapping from ruby-style variable name to JSON key.
     def self.attribute_map
       {
-        :'agent_rule' => :'agentRule',
         :'aggregation' => :'aggregation',
         :'distinct_fields' => :'distinctFields',
         :'group_by_fields' => :'groupByFields',
@@ -62,7 +59,6 @@ def self.acceptable_attributes
     # Attribute type mapping.
     def self.openapi_types
       {
-        :'agent_rule' => :'SecurityMonitoringRuntimeAgentRule',
         :'aggregation' => :'SecurityMonitoringRuleQueryAggregation',
         :'distinct_fields' => :'Array<String>',
         :'group_by_fields' => :'Array<String>',
@@ -93,10 +89,6 @@ def initialize(attributes = {})
         h[k.to_sym] = v
       }
 
-      if attributes.key?(:'agent_rule')
-        self.agent_rule = attributes[:'agent_rule']
-      end
-
       if attributes.key?(:'aggregation')
         self.aggregation = attributes[:'aggregation']
       end
@@ -144,7 +136,6 @@ def valid?
     def ==(o)
       return true if self.equal?(o)
       self.class == o.class &&
-          agent_rule == o.agent_rule &&
           aggregation == o.aggregation &&
           distinct_fields == o.distinct_fields &&
           group_by_fields == o.group_by_fields &&
@@ -162,7 +153,7 @@ def eql?(o)
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [agent_rule, aggregation, distinct_fields, group_by_fields, metric, name, query].hash
+      [aggregation, distinct_fields, group_by_fields, metric, name, query].hash
     end
 
     # Builds the object from hash