[pull] master from DataDog:master

.generator/schemas/v2/openapi.yaml

@@ -64151,6 +64151,63 @@ components:
         - TWO_DAYS
         - ONE_WEEK
         - TWO_WEEKS
+    SecurityMonitoringRuleBulkDeleteAttributes:
+      description: Attributes for bulk deleting security monitoring rules.
+      properties:
+        ruleIds:
+          description: List of rule IDs to delete.
+          example:
+            - abc-000-u7q
+            - abc-000-7dd
+          items:
+            description: A rule ID to delete.
+            type: string
+          minItems: 1
+          type: array
+      required:
+        - ruleIds
+      type: object
+    SecurityMonitoringRuleBulkDeleteData:
+      description: Data for bulk deleting security monitoring rules.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteAttributes"
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteRequestDataType"
+      required:
+        - attributes
+        - type
+      type: object
+    SecurityMonitoringRuleBulkDeletePayload:
+      description: Payload for bulk deleting security monitoring rules.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteData"
+      required:
+        - data
+      type: object
+    SecurityMonitoringRuleBulkDeleteRequestDataType:
+      description: The resource type for a bulk delete request.
+      enum:
+        - bulk_delete_rules
+      example: bulk_delete_rules
+      type: string
+      x-enum-varnames:
+        - BULK_DELETE_RULES
+    SecurityMonitoringRuleBulkDeleteResponse:
+      description: Response for bulk deleting security monitoring rules.
+      properties:
+        deletedRules:
+          description: List of successfully deleted rule IDs.
+          items:
+            type: string
+          type: array
+        failedRules:
+          description: List of rule IDs that could not be deleted.
+          items:
+            type: string
+          type: array
+      type: object
     SecurityMonitoringRuleBulkExportAttributes:
       description: Attributes for bulk exporting security monitoring rules.
       properties:
@@ -107887,6 +107944,8 @@ paths:
     get:
       description: |-
         Get a list of actively reporting metrics for your organization. Pagination is optional using the `page[cursor]` and `page[size]` query parameters.
+
+        Query parameters use bracket notation (for example, `filter[tags]`, `filter[queried][window][seconds]`). Pass them as standard URL query strings, URL-encoding the brackets if your client does not handle them. For example: `GET /api/v2/metrics?filter[tags]=env:prod&window[seconds]=86400&page[size]=500`.
       operationId: ListTagConfigurations
       parameters:
         - description: Only return custom metrics that have been configured with Metrics Without Limits.
@@ -107926,7 +107985,7 @@ paths:
           schema:
             type: boolean
         - description: |-
-            Only return metrics that have been queried or not queried in the specified window. Dependent on being sent with `filter[queried]`. The default value is 2,592,000 seconds (30 days), the maximum value is 15,552,000 seconds (180 days), and the minimum value is 1 second.
+            This parameter has no effect unless `filter[queried]` is also set. Only return metrics that have been queried or not queried in the specified window. The default value is 2,592,000 seconds (30 days), the maximum value is 15,552,000 seconds (180 days), and the minimum value is 1 second. For example: `filter[queried]=true&filter[queried][window][seconds]=604800`.
           example: 15552000
           in: query
           name: filter[queried][window][seconds]
@@ -107938,7 +107997,7 @@ paths:
             minimum: 1
             type: integer
         - description: |-
-            Only return metrics that were submitted with tags matching this expression. You can use AND, OR, IN, and wildcards (for example, service:web*).
+            Only return metrics that were submitted with tags matching this expression. You can use AND, OR, IN, and wildcards. For example: `filter[tags]=env IN (staging,test) AND service:web*`.
           example: "env IN (staging,test) AND service:web*"
           in: query
           name: filter[tags]
@@ -107965,7 +108024,8 @@ paths:
             maximum: 2592000
             minimum: 1
             type: integer
-        - description: Maximum number of results per page. Use with `page[cursor]` for pagination. The default value is 10000, the maximum value is 10000, and the minimum value is 1.
+        - description: |-
+            Maximum number of results per page. Send `page[size]` on the first request to opt in to pagination. On each subsequent request, send `page[cursor]` set to the value of `meta.pagination.next_cursor` from the previous response. The default value is 10000, the maximum value is 10000, and the minimum value is 1.
           in: query
           name: page[size]
           required: false
@@ -108369,7 +108429,8 @@ paths:
       operationId: EstimateMetricsOutputSeries
       parameters:
         - $ref: "#/components/parameters/MetricName"
-        - description: Filtered tag keys that the metric is configured to query with.
+        - description: |-
+            Comma-separated list of tag keys that the metric is configured to query with. For example: `filter[groups]=app,host`.
           example: "app,host"
           in: query
           name: filter[groups]
@@ -123130,6 +123191,53 @@ paths:
         operator: OR
         permissions:
           - security_monitoring_rules_write
+  /api/v2/security_monitoring/rules/bulk_delete:
+    delete:
+      description: |-
+        Delete multiple security monitoring rules in a single request. Default rules cannot be deleted.
+      operationId: BulkDeleteSecurityMonitoringRules
+      requestBody:
+        content:
+          application/json:
+            examples:
+              default:
+                value:
+                  data:
+                    attributes:
+                      ruleIds:
+                        - abc-000-u7q
+                        - abc-000-7dd
+                    type: bulk_delete_rules
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeletePayload"
+        required: true
+      responses:
+        "200":
+          content:
+            "application/json":
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteResponse"
+          description: OK
+        "400":
+          $ref: "#/components/responses/BadRequestResponse"
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "404":
+          $ref: "#/components/responses/NotFoundResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_rules_write
+      summary: Bulk delete security monitoring rules
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_rules_write
   /api/v2/security_monitoring/rules/bulk_export:
     post:
       description: |-
@@ -134587,16 +134695,45 @@ paths:
           application/json:
             examples:
               default:
+                summary: CCM cost summary widget
                 value:
                   data:
                     attributes:
                       definition:
-                        title: My Widget
-                        type: bar_chart
+                        graph_options:
+                          - type: query_value
+                            view: total
+                          - type: query_value
+                            view: change
+                          - display_type: bars
+                            type: timeseries
+                          - type: cloud_cost_table
+                            view: summary
+                        requests:
+                          - formulas:
+                              - formula: query1
+                            queries:
+                              - data_source: cloud_cost
+                                name: query1
+                                query: sum:aws.cost.amortized{*} by {aws_product}.rollup(sum, daily)
+                            response_format: timeseries
+                        time:
+                          type: live
+                          unit: day
+                          value: 30
+                        title: AWS spend by service (last 30 days)
+                        type: cloud_cost_summary
+                      tags: ["finops", "aws"]
                     type: widgets
             schema:
               $ref: "#/components/schemas/CreateOrUpdateWidgetRequest"
-        description: Widget request body.
+        description: |-
+          Widget request body. The `definition` object's required fields vary
+          by `widget.definition.type`: every type requires `requests`, and
+          some types require additional fields (e.g. `cloud_cost_summary`
+          requires `graph_options`, `geomap` requires `style` and `view`).
+          The example below shows a complete `cloud_cost_summary` payload
+          for the `ccm_reports` experience type.
         required: true
       responses:
         "200":
@@ -134766,16 +134903,42 @@ paths:
           application/json:
             examples:
               default:
+                summary: CCM cost summary widget
                 value:
                   data:
                     attributes:
                       definition:
-                        title: My Widget
-                        type: bar_chart
+                        graph_options:
+                          - type: query_value
+                            view: total
+                          - type: query_value
+                            view: change
+                          - display_type: bars
+                            type: timeseries
+                          - type: cloud_cost_table
+                            view: summary
+                        requests:
+                          - formulas:
+                              - formula: query1
+                            queries:
+                              - data_source: cloud_cost
+                                name: query1
+                                query: sum:aws.cost.amortized{*} by {aws_product}.rollup(sum, daily)
+                            response_format: timeseries
+                        time:
+                          type: live
+                          unit: day
+                          value: 30
+                        title: AWS spend by service (last 30 days)
+                        type: cloud_cost_summary
+                      tags: ["finops", "aws"]
                     type: widgets
             schema:
               $ref: "#/components/schemas/CreateOrUpdateWidgetRequest"
-        description: Widget request body.
+        description: |-
+          Widget request body. The `definition` object's required fields vary
+          by `widget.definition.type`; see `CreateWidget` above for a complete
+          worked payload. Update is a full replacement of the widget definition.
         required: true
       responses:
         "200":

examples/v2/security-monitoring/BulkDeleteSecurityMonitoringRules.rb

@@ -0,0 +1,17 @@
+# Bulk delete security monitoring rules returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringRuleBulkDeletePayload.new({
+  data: DatadogAPIClient::V2::SecurityMonitoringRuleBulkDeleteData.new({
+    attributes: DatadogAPIClient::V2::SecurityMonitoringRuleBulkDeleteAttributes.new({
+      rule_ids: [
+        "abc-000-u7q",
+        "abc-000-7dd",
+      ],
+    }),
+    type: DatadogAPIClient::V2::SecurityMonitoringRuleBulkDeleteRequestDataType::BULK_DELETE_RULES,
+  }),
+})
+p api_instance.bulk_delete_security_monitoring_rules(body)

features/scenarios_model_mapping.rb

@@ -1934,6 +1934,9 @@
     "v2.CreateSecurityMonitoringRule" => {
             "body" => "SecurityMonitoringRuleCreatePayload",
     },
+    "v2.BulkDeleteSecurityMonitoringRules" => {
+            "body" => "SecurityMonitoringRuleBulkDeletePayload",
+    },
     "v2.BulkExportSecurityMonitoringRules" => {
             "body" => "SecurityMonitoringRuleBulkExportPayload",
     },

features/v2/security_monitoring.feature

@@ -99,6 +99,27 @@ Feature: Security Monitoring
     And the response "data.attributes.insights" has item with field "resource_id" with value "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y="
     And the response "data.attributes.insights" has item with field "resource_id" with value "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ="
 
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk delete security monitoring rules returns "Bad Request" response
+    Given new "BulkDeleteSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk delete security monitoring rules returns "Not Found" response
+    Given new "BulkDeleteSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}}
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk delete security monitoring rules returns "OK" response
+    Given new "BulkDeleteSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}}
+    When the request is sent
+    Then the response status is 200 OK
+
   @skip @team:DataDog/k9-cloud-siem
   Scenario: Bulk export security monitoring rules returns "Bad Request" response
     Given new "BulkExportSecurityMonitoringRules" request

features/v2/undo.json

@@ -5675,6 +5675,12 @@
       "type": "unsafe"
     }
   },
+  "BulkDeleteSecurityMonitoringRules": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "BulkExportSecurityMonitoringRules": {
     "tag": "Security Monitoring",
     "undo": {

lib/datadog_api_client/inflector.rb

@@ -5149,6 +5149,11 @@ def overrides
           "v2.security_monitoring_rule_anomaly_detection_options_bucket_duration" => "SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration",
           "v2.security_monitoring_rule_anomaly_detection_options_detection_tolerance" => "SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance",
           "v2.security_monitoring_rule_anomaly_detection_options_learning_duration" => "SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration",
+          "v2.security_monitoring_rule_bulk_delete_attributes" => "SecurityMonitoringRuleBulkDeleteAttributes",
+          "v2.security_monitoring_rule_bulk_delete_data" => "SecurityMonitoringRuleBulkDeleteData",
+          "v2.security_monitoring_rule_bulk_delete_payload" => "SecurityMonitoringRuleBulkDeletePayload",
+          "v2.security_monitoring_rule_bulk_delete_request_data_type" => "SecurityMonitoringRuleBulkDeleteRequestDataType",
+          "v2.security_monitoring_rule_bulk_delete_response" => "SecurityMonitoringRuleBulkDeleteResponse",
           "v2.security_monitoring_rule_bulk_export_attributes" => "SecurityMonitoringRuleBulkExportAttributes",
           "v2.security_monitoring_rule_bulk_export_data" => "SecurityMonitoringRuleBulkExportData",
           "v2.security_monitoring_rule_bulk_export_data_type" => "SecurityMonitoringRuleBulkExportDataType",