diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 6ae3aae26d..c09a45856a 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -44855,6 +44855,11 @@ components: targets. example: service:my-service type: string + keep_unmatched: + description: Whether to keep an event that does not match any of the mapping + filters. + example: false + type: boolean mappings: description: A list of mapping rules to convert events to the OCSF format. items: diff --git a/examples/v2/observability-pipelines/ValidatePipeline_3067748504.py b/examples/v2/observability-pipelines/ValidatePipeline_3067748504.py new file mode 100644 index 0000000000..f05ef2c324 --- /dev/null +++ b/examples/v2/observability-pipelines/ValidatePipeline_3067748504.py @@ -0,0 +1,92 @@ +""" +Validate an observability pipeline with OCSF mapper keep_unmatched returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.observability_pipelines_api import ObservabilityPipelinesApi +from datadog_api_client.v2.model.observability_pipeline_config import ObservabilityPipelineConfig +from datadog_api_client.v2.model.observability_pipeline_config_processor_group import ( + ObservabilityPipelineConfigProcessorGroup, +) +from datadog_api_client.v2.model.observability_pipeline_data_attributes import ObservabilityPipelineDataAttributes +from datadog_api_client.v2.model.observability_pipeline_datadog_agent_source import ( + ObservabilityPipelineDatadogAgentSource, +) +from datadog_api_client.v2.model.observability_pipeline_datadog_agent_source_type import ( + ObservabilityPipelineDatadogAgentSourceType, +) +from datadog_api_client.v2.model.observability_pipeline_datadog_logs_destination import ( + ObservabilityPipelineDatadogLogsDestination, +) +from datadog_api_client.v2.model.observability_pipeline_datadog_logs_destination_type import ( + ObservabilityPipelineDatadogLogsDestinationType, +) +from datadog_api_client.v2.model.observability_pipeline_ocsf_mapper_processor import ( + ObservabilityPipelineOcsfMapperProcessor, +) +from datadog_api_client.v2.model.observability_pipeline_ocsf_mapper_processor_mapping import ( + ObservabilityPipelineOcsfMapperProcessorMapping, +) +from datadog_api_client.v2.model.observability_pipeline_ocsf_mapper_processor_type import ( + ObservabilityPipelineOcsfMapperProcessorType, +) +from datadog_api_client.v2.model.observability_pipeline_spec import ObservabilityPipelineSpec +from datadog_api_client.v2.model.observability_pipeline_spec_data import ObservabilityPipelineSpecData + +body = ObservabilityPipelineSpec( + data=ObservabilityPipelineSpecData( + attributes=ObservabilityPipelineDataAttributes( + config=ObservabilityPipelineConfig( + destinations=[ + ObservabilityPipelineDatadogLogsDestination( + id="datadog-logs-destination", + inputs=[ + "my-processor-group", + ], + type=ObservabilityPipelineDatadogLogsDestinationType.DATADOG_LOGS, + ), + ], + processor_groups=[ + ObservabilityPipelineConfigProcessorGroup( + enabled=True, + id="my-processor-group", + include="service:my-service", + inputs=[ + "datadog-agent-source", + ], + processors=[ + ObservabilityPipelineOcsfMapperProcessor( + enabled=True, + id="ocsf-mapper-processor", + include="service:my-service", + type=ObservabilityPipelineOcsfMapperProcessorType.OCSF_MAPPER, + keep_unmatched=True, + mappings=[ + ObservabilityPipelineOcsfMapperProcessorMapping( + include="source:cloudtrail", + mapping="CloudTrail Account Change", + ), + ], + ), + ], + ), + ], + sources=[ + ObservabilityPipelineDatadogAgentSource( + id="datadog-agent-source", + type=ObservabilityPipelineDatadogAgentSourceType.DATADOG_AGENT, + ), + ], + ), + name="OCSF Mapper Keep Unmatched Pipeline", + ), + type="pipelines", + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = ObservabilityPipelinesApi(api_client) + response = api_instance.validate_pipeline(body=body) + + print(response) diff --git a/src/datadog_api_client/v2/model/observability_pipeline_config_processor_item.py b/src/datadog_api_client/v2/model/observability_pipeline_config_processor_item.py index aa9c6e5453..2f546ac29b 100644 --- a/src/datadog_api_client/v2/model/observability_pipeline_config_processor_item.py +++ b/src/datadog_api_client/v2/model/observability_pipeline_config_processor_item.py @@ -66,6 +66,9 @@ def __init__(self, **kwargs): :param metrics: Configuration for generating individual metrics. :type metrics: [ObservabilityPipelineGeneratedMetric], optional + :param keep_unmatched: Whether to keep an event that does not match any of the mapping filters. + :type keep_unmatched: bool, optional + :param mappings: A list of mapping rules to convert events to the OCSF format. :type mappings: [ObservabilityPipelineOcsfMapperProcessorMapping] diff --git a/src/datadog_api_client/v2/model/observability_pipeline_ocsf_mapper_processor.py b/src/datadog_api_client/v2/model/observability_pipeline_ocsf_mapper_processor.py index e307087fc2..0bfae445bd 100644 --- a/src/datadog_api_client/v2/model/observability_pipeline_ocsf_mapper_processor.py +++ b/src/datadog_api_client/v2/model/observability_pipeline_ocsf_mapper_processor.py @@ -37,6 +37,7 @@ def openapi_types(_): "enabled": (bool,), "id": (str,), "include": (str,), + "keep_unmatched": (bool,), "mappings": ([ObservabilityPipelineOcsfMapperProcessorMapping],), "type": (ObservabilityPipelineOcsfMapperProcessorType,), } @@ -46,6 +47,7 @@ def openapi_types(_): "enabled": "enabled", "id": "id", "include": "include", + "keep_unmatched": "keep_unmatched", "mappings": "mappings", "type": "type", } @@ -58,6 +60,7 @@ def __init__( mappings: List[ObservabilityPipelineOcsfMapperProcessorMapping], type: ObservabilityPipelineOcsfMapperProcessorType, display_name: Union[str, UnsetType] = unset, + keep_unmatched: Union[bool, UnsetType] = unset, **kwargs, ): """ @@ -77,6 +80,9 @@ def __init__( :param include: A Datadog search query used to determine which logs this processor targets. :type include: str + :param keep_unmatched: Whether to keep an event that does not match any of the mapping filters. + :type keep_unmatched: bool, optional + :param mappings: A list of mapping rules to convert events to the OCSF format. :type mappings: [ObservabilityPipelineOcsfMapperProcessorMapping] @@ -85,6 +91,8 @@ def __init__( """ if display_name is not unset: kwargs["display_name"] = display_name + if keep_unmatched is not unset: + kwargs["keep_unmatched"] = keep_unmatched super().__init__(kwargs) self_.enabled = enabled diff --git a/tests/v2/cassettes/test_scenarios/test_validate_an_observability_pipeline_with_ocsf_mapper_keep_unmatched_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_validate_an_observability_pipeline_with_ocsf_mapper_keep_unmatched_returns_ok_response.frozen new file mode 100644 index 0000000000..4cc5bbd3ed --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_validate_an_observability_pipeline_with_ocsf_mapper_keep_unmatched_returns_ok_response.frozen @@ -0,0 +1 @@ +2026-03-16T13:02:49.264Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_validate_an_observability_pipeline_with_ocsf_mapper_keep_unmatched_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_validate_an_observability_pipeline_with_ocsf_mapper_keep_unmatched_returns_ok_response.yaml new file mode 100644 index 0000000000..2469180841 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_validate_an_observability_pipeline_with_ocsf_mapper_keep_unmatched_returns_ok_response.yaml @@ -0,0 +1,24 @@ +interactions: +- request: + body: '{"data":{"attributes":{"config":{"destinations":[{"id":"datadog-logs-destination","inputs":["my-processor-group"],"type":"datadog_logs"}],"processor_groups":[{"enabled":true,"id":"my-processor-group","include":"service:my-service","inputs":["datadog-agent-source"],"processors":[{"enabled":true,"id":"ocsf-mapper-processor","include":"service:my-service","keep_unmatched":true,"mappings":[{"include":"source:cloudtrail","mapping":"CloudTrail + Account Change"}],"type":"ocsf_mapper"}]}],"sources":[{"id":"datadog-agent-source","type":"datadog_agent"}]},"name":"OCSF + Mapper Keep Unmatched Pipeline"},"type":"pipelines"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/obs-pipelines/pipelines/validate + response: + body: + string: '{"errors":[]} + + ' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +version: 1 diff --git a/tests/v2/features/observability_pipelines.feature b/tests/v2/features/observability_pipelines.feature index e272303955..7e8ceefc82 100644 --- a/tests/v2/features/observability_pipelines.feature +++ b/tests/v2/features/observability_pipelines.feature @@ -191,6 +191,14 @@ Feature: Observability Pipelines When the request is sent Then the response status is 400 Bad Request + @team:DataDog/observability-pipelines + Scenario: Validate an observability pipeline with OCSF mapper keep_unmatched returns "OK" response + Given new "ValidatePipeline" request + And body with value {"data": {"attributes": {"config": {"destinations": [{"id": "datadog-logs-destination", "inputs": ["my-processor-group"], "type": "datadog_logs"}], "processor_groups": [{"enabled": true, "id": "my-processor-group", "include": "service:my-service", "inputs": ["datadog-agent-source"], "processors": [{"enabled": true, "id": "ocsf-mapper-processor", "include": "service:my-service", "type": "ocsf_mapper", "keep_unmatched": true, "mappings": [{"include": "source:cloudtrail", "mapping": "CloudTrail Account Change"}]}]}], "sources": [{"id": "datadog-agent-source", "type": "datadog_agent"}]}, "name": "OCSF Mapper Keep Unmatched Pipeline"}, "type": "pipelines"}} + When the request is sent + Then the response status is 200 OK + And the response "errors" has length 0 + @team:DataDog/observability-pipelines Scenario: Validate an observability pipeline with OCSF mapper library mapping returns "OK" response Given new "ValidatePipeline" request