DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 653 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 653 additions & 0 deletions
diff --git a/‎features/v2/logs_restriction_queries.feature‎
Lines changed: 233 additions & 0 deletions b/‎features/v2/logs_restriction_queries.feature‎
Lines changed: 233 additions & 0 deletions
diff --git a/‎features/v2/undo.json‎
Lines changed: 67 additions & 0 deletions b/‎features/v2/undo.json‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎packages/datadog-api-client/README.md‎
Lines changed: 1 addition & 0 deletions b/‎packages/datadog-api-client/README.md‎
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,233 @@
+@endpoint(logs-restriction-queries) @endpoint(logs-restriction-queries-v2)
+Feature: Logs Restriction Queries
+  **Note: This endpoint is in public beta. If you have any feedback, contact
+  [Datadog support](https://docs.datadoghq.com/help/).**  A Restriction
+  Query is a logs query that restricts which logs the `logs_read_data`
+  permission grants read access to. For users whose roles have Restriction
+  Queries, any log query they make only returns those log events that also
+  match one of their Restriction Queries. This is true whether the user
+  queries log events from any log-related feature, including the log
+  explorer, Live Tail, re-hydration, or a dashboard widget.  Restriction
+  Queries currently only support use of the following components of log
+  events:  - Reserved attributes - The log message - Tags  To restrict read
+  access on log data, add a team tag to log events to indicate which teams
+  own them, and then scope Restriction Queries to the relevant values of the
+  team tag. Tags can be applied to log events in many ways, and a log event
+  can have multiple tags with the same key (like team) and different values.
+  This means the same log event can be visible to roles whose restriction
+  queries are scoped to different team values.  See [How to Set Up RBAC for
+  Logs](https://docs.datadoghq.com/logs/guide/logs-rbac/?tab=api#restrict-
+  access-to-logs) for details on how to add restriction queries.
+
+  Background:
+    Given a valid "apiKeyAuth" key in the system
+    And a valid "appKeyAuth" key in the system
+    And an instance of "LogsRestrictionQueries" API
+
+  @skip-go @skip-java @skip-python @skip-ruby @skip-rust @skip-terraform-config @skip-typescript @skip-validation @team:DataDog/logs-app
+  Scenario: Create a restriction query returns "Bad Request" response
+    Given operation "CreateRestrictionQuery" enabled
+    And new "CreateRestrictionQuery" request
+    And body with value {"test": "bad_request"}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: Create a restriction query returns "OK" response
+    Given operation "CreateRestrictionQuery" enabled
+    And new "CreateRestrictionQuery" request
+    And body with value {"data": {"attributes": {"restriction_query": "env:sandbox"}, "type": "logs_restriction_queries"}}
+    When the request is sent
+    Then the response status is 200 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Delete a restriction query returns "Bad Request" response
+    Given operation "DeleteRestrictionQuery" enabled
+    And new "DeleteRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "malformed_id"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Delete a restriction query returns "Not found" response
+    Given operation "DeleteRestrictionQuery" enabled
+    And new "DeleteRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "00000000-0000-0000-0000-000000000000"
+    When the request is sent
+    Then the response status is 404 Not found
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: Delete a restriction query returns "OK" response
+    Given operation "DeleteRestrictionQuery" enabled
+    And new "DeleteRestrictionQuery" request
+    And request contains "restriction_query_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 204 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Get a restriction query returns "Bad Request" response
+    Given operation "GetRestrictionQuery" enabled
+    And new "GetRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "malformed_id"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Get a restriction query returns "Not found" response
+    Given operation "GetRestrictionQuery" enabled
+    And new "GetRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "00000000-0000-0000-0000-000000000000"
+    When the request is sent
+    Then the response status is 404 Not found
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: Get a restriction query returns "OK" response
+    Given operation "GetRestrictionQuery" enabled
+    And new "GetRestrictionQuery" request
+    And request contains "restriction_query_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 200 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Get all restriction queries for a given user returns "Bad Request" response
+    Given operation "ListUserRestrictionQueries" enabled
+    And new "ListUserRestrictionQueries" request
+    And request contains "user_id" parameter with value "malformed_id"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: Get all restriction queries for a given user returns "OK" response
+    Given operation "ListUserRestrictionQueries" enabled
+    And new "ListUserRestrictionQueries" request
+    And request contains "user_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 200 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Get restriction query for a given role returns "Bad Request" response
+    Given operation "GetRoleRestrictionQuery" enabled
+    And new "GetRoleRestrictionQuery" request
+    And request contains "role_id" parameter with value "malformed_id"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: Get restriction query for a given role returns "OK" response
+    Given operation "GetRoleRestrictionQuery" enabled
+    And new "GetRoleRestrictionQuery" request
+    And request contains "role_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 200 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Grant role to a restriction query returns "Bad Request" response
+    Given operation "AddRoleToRestrictionQuery" enabled
+    And new "AddRoleToRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "malformed_id"
+    And body with value {"data": {"id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d", "type": "roles"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Grant role to a restriction query returns "Not found" response
+    Given operation "AddRoleToRestrictionQuery" enabled
+    And new "AddRoleToRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "00000000-0000-0000-0000-000000000000"
+    And body with value {"data": {"id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d", "type": "roles"}}
+    When the request is sent
+    Then the response status is 404 Not found
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: Grant role to a restriction query returns "OK" response
+    Given operation "AddRoleToRestrictionQuery" enabled
+    And new "AddRoleToRestrictionQuery" request
+    And request contains "restriction_query_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d", "type": "roles"}}
+    When the request is sent
+    Then the response status is 204 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: List restriction queries returns "OK" response
+    Given operation "ListRestrictionQueries" enabled
+    And new "ListRestrictionQueries" request
+    When the request is sent
+    Then the response status is 200 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: List roles for a restriction query returns "Bad Request" response
+    Given operation "ListRestrictionQueryRoles" enabled
+    And new "ListRestrictionQueryRoles" request
+    And request contains "restriction_query_id" parameter with value "malformed_id"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: List roles for a restriction query returns "Not found" response
+    Given operation "ListRestrictionQueryRoles" enabled
+    And new "ListRestrictionQueryRoles" request
+    And request contains "restriction_query_id" parameter with value "00000000-0000-0000-0000-000000000000"
+    When the request is sent
+    Then the response status is 404 Not found
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: List roles for a restriction query returns "OK" response
+    Given operation "ListRestrictionQueryRoles" enabled
+    And new "ListRestrictionQueryRoles" request
+    And request contains "restriction_query_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 200 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Revoke role from a restriction query returns "Bad Request" response
+    Given operation "RemoveRoleFromRestrictionQuery" enabled
+    And new "RemoveRoleFromRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "malformed_id"
+    And body with value {"data": {"id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d", "type": "roles"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Revoke role from a restriction query returns "Not found" response
+    Given operation "RemoveRoleFromRestrictionQuery" enabled
+    And new "RemoveRoleFromRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "00000000-0000-0000-0000-000000000000"
+    And body with value {"data": {"id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d", "type": "roles"}}
+    When the request is sent
+    Then the response status is 404 Not found
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: Revoke role from a restriction query returns "OK" response
+    Given operation "RemoveRoleFromRestrictionQuery" enabled
+    And new "RemoveRoleFromRestrictionQuery" request
+    And request contains "restriction_query_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d", "type": "roles"}}
+    When the request is sent
+    Then the response status is 204 OK
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Update a restriction query returns "Bad Request" response
+    Given operation "UpdateRestrictionQuery" enabled
+    And new "UpdateRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "malformed_id"
+    And body with value {"data": {"attributes": {"restriction_query": "env:sandbox"}, "type": "logs_restriction_queries"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @skip-terraform-config @team:DataDog/logs-app
+  Scenario: Update a restriction query returns "Not found" response
+    Given operation "UpdateRestrictionQuery" enabled
+    And new "UpdateRestrictionQuery" request
+    And request contains "restriction_query_id" parameter with value "00000000-0000-0000-0000-000000000000"
+    And body with value {"data": {"attributes": {"restriction_query": "env:sandbox"}, "type": "logs_restriction_queries"}}
+    When the request is sent
+    Then the response status is 404 Not found
+
+  @generated @skip @team:DataDog/logs-app
+  Scenario: Update a restriction query returns "OK" response
+    Given operation "UpdateRestrictionQuery" enabled
+    And new "UpdateRestrictionQuery" request
+    And request contains "restriction_query_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"restriction_query": "env:sandbox"}, "type": "logs_restriction_queries"}}
+    When the request is sent
+    Then the response status is 200 OK
@@ -2377,6 +2377,73 @@
       "type": "idempotent"
     }
   },
+  "ListRestrictionQueries": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "CreateRestrictionQuery": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "operationId": "DeleteRestrictionQuery",
+      "parameters": [
+        {
+          "name": "restriction_query_id",
+          "source": "data.id"
+        }
+      ],
+      "type": "unsafe"
+    }
+  },
+  "GetRoleRestrictionQuery": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "ListUserRestrictionQueries": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "DeleteRestrictionQuery": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
+  "GetRestrictionQuery": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "UpdateRestrictionQuery": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
+  "RemoveRoleFromRestrictionQuery": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
+  "ListRestrictionQueryRoles": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "AddRoleToRestrictionQuery": {
+    "tag": "Logs Restriction Queries",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "ListLogsGet": {
     "tag": "Logs",
     "undo": {
 
@@ -398,6 +398,7 @@ apiInstance
 | Logs Indexes | @datadog/datadog-api-client-logs-indexes | [README.md](../../services/logs-indexes/README.md) |
 | Logs Metrics | @datadog/datadog-api-client-logs-metrics | [README.md](../../services/logs-metrics/README.md) |
 | Logs Pipelines | @datadog/datadog-api-client-logs-pipelines | [README.md](../../services/logs-pipelines/README.md) |
+| Logs Restriction Queries | @datadog/datadog-api-client-logs-restriction-queries | [README.md](../../services/logs-restriction-queries/README.md) |
 | Metrics | @datadog/datadog-api-client-metrics | [README.md](../../services/metrics/README.md) |
 | Microsoft Teams Integration | @datadog/datadog-api-client-microsoft-teams-integration | [README.md](../../services/microsoft-teams-integration/README.md) |
 | Monitors | @datadog/datadog-api-client-monitors | [README.md](../../services/monitors/README.md) |