DataDog · api-clients-generation-pipeline · May 27, 2025
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-05-26 12:46:03.517132",
-            "spec_repo_commit": "a6954c1c"
+            "regenerated": "2025-05-27 10:38:13.592725",
+            "spec_repo_commit": "17a09163"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-05-26 12:46:03.532550",
-            "spec_repo_commit": "a6954c1c"
+            "regenerated": "2025-05-27 10:38:13.608564",
+            "spec_repo_commit": "17a09163"
         }
     }
 }
@@ -7375,6 +7375,8 @@ components:
     CloudWorkloadSecurityAgentPolicyCreateAttributes:
       description: Create a new Cloud Workload Security Agent policy
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
         description:
           description: The description of the policy
           example: My agent policy
@@ -7456,6 +7458,8 @@ components:
     CloudWorkloadSecurityAgentPolicyUpdateAttributes:
       description: Update an existing Cloud Workload Security Agent policy
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
         description:
           description: The description of the policy
           example: My agent policy
@@ -7526,6 +7530,50 @@ components:
           type: string
         kill:
           $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill'
+        metadata:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionMetadata'
+        set:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionSet'
+      type: object
+    CloudWorkloadSecurityAgentRuleActionMetadata:
+      description: The metadata action applied on the scope matching the rule
+      properties:
+        image_tag:
+          description: The image tag of the metadata action
+          type: string
+        service:
+          description: The service of the metadata action
+          type: string
+        short_image:
+          description: The short image of the metadata action
+          type: string
+      type: object
+    CloudWorkloadSecurityAgentRuleActionSet:
+      description: The set action applied on the scope matching the rule
+      properties:
+        append:
+          description: Whether the value should be appended to the field
+          type: boolean
+        field:
+          description: The field of the set action
+          type: string
+        name:
+          description: The name of the set action
+          type: string
+        scope:
+          description: The scope of the set action
+          type: string
+        size:
+          description: The size of the set action
+          format: int64
+          type: integer
+        ttl:
+          description: The time to live of the set action
+          format: int64
+          type: integer
+        value:
+          description: The value of the set action
+          type: string
       type: object
     CloudWorkloadSecurityAgentRuleActions:
       description: The array of actions the rule can perform if triggered
@@ -7541,6 +7589,11 @@ components:
         agentConstraint:
           description: The version of the Agent
           type: string
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         category:
           description: The category of the Agent rule
           example: Process Activity
@@ -7564,6 +7617,11 @@ components:
           description: The description of the Agent rule
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7577,6 +7635,11 @@ components:
           items:
             type: string
           type: array
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         name:
           description: The name of the Agent rule
           example: my_agent_rule
@@ -7611,10 +7674,22 @@ components:
     CloudWorkloadSecurityAgentRuleCreateAttributes:
       description: Create a new Cloud Workload Security Agent rule.
       properties:
+        actions:
+          $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         description:
           description: The description of the Agent rule.
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7628,6 +7703,11 @@ components:
           items:
             type: string
           type: array
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         name:
           description: The name of the Agent rule.
           example: my_agent_rule
@@ -7718,10 +7798,20 @@ components:
     CloudWorkloadSecurityAgentRuleUpdateAttributes:
       description: Update an existing Cloud Workload Security Agent rule
       properties:
+        blocking:
+          description: The blocking policies that the rule belongs to
+          items:
+            type: string
+          type: array
         description:
           description: The description of the Agent rule
           example: My Agent rule
           type: string
+        disabled:
+          description: The disabled policies that the rule belongs to
+          items:
+            type: string
+          type: array
         enabled:
           description: Whether the Agent rule is enabled
           example: true
@@ -7730,6 +7820,11 @@ components:
           description: The SECL expression of the Agent rule
           example: exec.file.name == "sh"
           type: string
+        monitoring:
+          description: The monitoring policies that the rule belongs to
+          items:
+            type: string
+          type: array
         policy_id:
           description: The ID of the policy where the Agent rule is saved
           example: a8c8e364-6556-434d-b798-a4c23de29c0b

@@ -0,0 +1,57 @@
+// Create a Workload Protection agent rule with set action returns "OK" response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.CsmThreatsApi;
+import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleAction;
+import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleActionSet;
+import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateAttributes;
+import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateData;
+import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateRequest;
+import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;
+import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleType;
+import java.util.Collections;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
+
+    // there is a valid "policy_rc" in the system
+    String POLICY_DATA_ID = System.getenv("POLICY_DATA_ID");
+
+    CloudWorkloadSecurityAgentRuleCreateRequest body =
+        new CloudWorkloadSecurityAgentRuleCreateRequest()
+            .data(
+                new CloudWorkloadSecurityAgentRuleCreateData()
+                    .attributes(
+                        new CloudWorkloadSecurityAgentRuleCreateAttributes()
+                            .description("My Agent rule with set action")
+                            .enabled(true)
+                            .expression("""
+exec.file.name == "sh"
+""")
+                            .name("examplecsmthreat")
+                            .policyId(POLICY_DATA_ID)
+                            .actions(
+                                Collections.singletonList(
+                                    new CloudWorkloadSecurityAgentRuleAction()
+                                        .set(
+                                            new CloudWorkloadSecurityAgentRuleActionSet()
+                                                .name("test_set")
+                                                .value("test_value")
+                                                .scope("process")))))
+                    .type(CloudWorkloadSecurityAgentRuleType.AGENT_RULE));
+
+    try {
+      CloudWorkloadSecurityAgentRuleResponse result = apiInstance.createCSMThreatsAgentRule(body);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println("Exception when calling CsmThreatsApi#createCSMThreatsAgentRule");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
@@ -18,9 +18,11 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import org.openapitools.jackson.nullable.JsonNullable;
 
 /** Create a new Cloud Workload Security Agent policy */
 @JsonPropertyOrder({
+  CloudWorkloadSecurityAgentPolicyCreateAttributes.JSON_PROPERTY_ACTIONS,
   CloudWorkloadSecurityAgentPolicyCreateAttributes.JSON_PROPERTY_DESCRIPTION,
   CloudWorkloadSecurityAgentPolicyCreateAttributes.JSON_PROPERTY_ENABLED,
   CloudWorkloadSecurityAgentPolicyCreateAttributes.JSON_PROPERTY_HOST_TAGS,
@@ -31,6 +33,10 @@
     value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator")
 public class CloudWorkloadSecurityAgentPolicyCreateAttributes {
   @JsonIgnore public boolean unparsed = false;
+  public static final String JSON_PROPERTY_ACTIONS = "actions";
+  private JsonNullable<List<CloudWorkloadSecurityAgentRuleAction>> actions =
+      JsonNullable.<List<CloudWorkloadSecurityAgentRuleAction>>undefined();
+
   public static final String JSON_PROPERTY_DESCRIPTION = "description";
   private String description;
 
@@ -54,6 +60,52 @@ public CloudWorkloadSecurityAgentPolicyCreateAttributes(
     this.name = name;
   }
 
+  public CloudWorkloadSecurityAgentPolicyCreateAttributes actions(
+      List<CloudWorkloadSecurityAgentRuleAction> actions) {
+    this.actions = JsonNullable.<List<CloudWorkloadSecurityAgentRuleAction>>of(actions);
+    return this;
+  }
+
+  public CloudWorkloadSecurityAgentPolicyCreateAttributes addActionsItem(
+      CloudWorkloadSecurityAgentRuleAction actionsItem) {
+    if (this.actions == null || !this.actions.isPresent()) {
+      this.actions = JsonNullable.<List<CloudWorkloadSecurityAgentRuleAction>>of(new ArrayList<>());
+    }
+    try {
+      this.actions.get().add(actionsItem);
+    } catch (java.util.NoSuchElementException e) {
+      // this can never happen, as we make sure above that the value is present
+    }
+    return this;
+  }
+
+  /**
+   * The array of actions the rule can perform if triggered
+   *
+   * @return actions
+   */
+  @jakarta.annotation.Nullable
+  @JsonIgnore
+  public List<CloudWorkloadSecurityAgentRuleAction> getActions() {
+    return actions.orElse(null);
+  }
+
+  @JsonProperty(JSON_PROPERTY_ACTIONS)
+  @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+  public JsonNullable<List<CloudWorkloadSecurityAgentRuleAction>> getActions_JsonNullable() {
+    return actions;
+  }
+
+  @JsonProperty(JSON_PROPERTY_ACTIONS)
+  public void setActions_JsonNullable(
+      JsonNullable<List<CloudWorkloadSecurityAgentRuleAction>> actions) {
+    this.actions = actions;
+  }
+
+  public void setActions(List<CloudWorkloadSecurityAgentRuleAction> actions) {
+    this.actions = JsonNullable.<List<CloudWorkloadSecurityAgentRuleAction>>of(actions);
+  }
+
   public CloudWorkloadSecurityAgentPolicyCreateAttributes description(String description) {
     this.description = description;
     return this;
@@ -236,7 +288,8 @@ public boolean equals(Object o) {
     CloudWorkloadSecurityAgentPolicyCreateAttributes
         cloudWorkloadSecurityAgentPolicyCreateAttributes =
             (CloudWorkloadSecurityAgentPolicyCreateAttributes) o;
-    return Objects.equals(
+    return Objects.equals(this.actions, cloudWorkloadSecurityAgentPolicyCreateAttributes.actions)
+        && Objects.equals(
             this.description, cloudWorkloadSecurityAgentPolicyCreateAttributes.description)
         && Objects.equals(this.enabled, cloudWorkloadSecurityAgentPolicyCreateAttributes.enabled)
         && Objects.equals(this.hostTags, cloudWorkloadSecurityAgentPolicyCreateAttributes.hostTags)
@@ -250,13 +303,15 @@ public boolean equals(Object o) {
 
   @Override
   public int hashCode() {
-    return Objects.hash(description, enabled, hostTags, hostTagsLists, name, additionalProperties);
+    return Objects.hash(
+        actions, description, enabled, hostTags, hostTagsLists, name, additionalProperties);
   }
 
   @Override
   public String toString() {
     StringBuilder sb = new StringBuilder();
     sb.append("class CloudWorkloadSecurityAgentPolicyCreateAttributes {\n");
+    sb.append("    actions: ").append(toIndentedString(actions)).append("\n");
     sb.append("    description: ").append(toIndentedString(description)).append("\n");
     sb.append("    enabled: ").append(toIndentedString(enabled)).append("\n");
     sb.append("    hostTags: ").append(toIndentedString(hostTags)).append("\n");