Add CSM Agentless Read Endpoint (#1971)

Co-authored-by: ci.datadog-api-spec <[email protected]>

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-01-07 19:53:42.897987",
-            "spec_repo_commit": "d63fa330"
+            "regenerated": "2025-01-08 14:02:31.156850",
+            "spec_repo_commit": "1920836f"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-01-07 19:53:42.913387",
-            "spec_repo_commit": "d63fa330"
+            "regenerated": "2025-01-08 14:02:31.172021",
+            "spec_repo_commit": "1920836f"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -2732,6 +2732,57 @@ components:
             $ref: '#/components/schemas/AwsCURConfig'
           type: array
       type: object
+    AwsScanOptionsAttributes:
+      description: Attributes for the AWS scan options.
+      properties:
+        lambda:
+          description: Indicates if scanning of Lambda functions is enabled.
+          example: true
+          type: boolean
+        sensitive_data:
+          description: Indicates if scanning for sensitive data is enabled.
+          example: false
+          type: boolean
+        vuln_containers_os:
+          description: Indicates if scanning for vulnerabilities in containers is
+            enabled.
+          example: true
+          type: boolean
+        vuln_host_os:
+          description: Indicates if scanning for vulnerabilities in hosts is enabled.
+          example: true
+          type: boolean
+      type: object
+    AwsScanOptionsData:
+      description: Single AWS Scan Options entry.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/AwsScanOptionsAttributes'
+        id:
+          description: The ID of the AWS account.
+          example: '184366314700'
+          type: string
+        type:
+          $ref: '#/components/schemas/AwsScanOptionsType'
+      type: object
+    AwsScanOptionsResponse:
+      description: Response object that includes a list of AWS scan options.
+      properties:
+        data:
+          description: A list of AWS scan options.
+          items:
+            $ref: '#/components/schemas/AwsScanOptionsData'
+          type: array
+      type: object
+    AwsScanOptionsType:
+      default: aws_scan_options
+      description: The type of the resource. The value should always be `aws_scan_options`.
+      enum:
+      - aws_scan_options
+      example: aws_scan_options
+      type: string
+      x-enum-varnames:
+      - AWS_SCAN_OPTIONS
     AzureUCConfig:
       description: Azure config.
       properties:
@@ -30222,6 +30273,24 @@ info:
   version: '1.0'
 openapi: 3.0.0
 paths:
+  /api/v2/agentless_scanning/accounts/aws:
+    get:
+      description: Fetches the scan options configured for AWS accounts.
+      operationId: ListAwsScanOptions
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AwsScanOptionsResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get AWS Scan Options
+      tags:
+      - Agentless Scanning
   /api/v2/api_keys:
     get:
       description: List all API keys available for your account.
@@ -48131,6 +48200,11 @@ tags:
   externalDocs:
     url: https://docs.datadoghq.com/integrations/amazon_web_services/#log-collection
   name: AWS Logs Integration
+- description: "Datadog Agentless Scanning provides visibility into risks and vulnerabilities\nwithin
+    your hosts, running containers, and serverless functions\u2014all without\nrequiring
+    teams to install Agents on every host or where Agents cannot be installed.\nGo
+    to https://www.datadoghq.com/blog/agentless-scanning/ to learn more"
+  name: Agentless Scanning
 - description: Datadog App Builder provides a low-code solution to rapidly develop
     and integrate secure, customized applications into your monitoring stack that
     are built to accelerate remediation at scale. These API endpoints allow you to

cassettes/v2/Agentless-Scanning_730042230/Get-AWS-Scan-Options-returns-OK-response_2545056747/frozen.json

@@ -0,0 +1 @@
+"2024-12-18T15:40:11.636Z"

cassettes/v2/Agentless-Scanning_730042230/Get-AWS-Scan-Options-returns-OK-response_2545056747/recording.har

@@ -0,0 +1,57 @@
+{
+  "log": {
+    "_recordingName": "Agentless Scanning/Get AWS Scan Options returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "2cb6ecfe386c3349268926da480a6b5d",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 0,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 530,
+          "httpVersion": "HTTP/1.1",
+          "method": "GET",
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/agentless_scanning/accounts/aws"
+        },
+        "response": {
+          "bodySize": 11,
+          "content": {
+            "mimeType": "application/vnd.api+json",
+            "size": 11,
+            "text": "{\"data\":[]}"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/vnd.api+json"
+            }
+          ],
+          "headersSize": 674,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 200,
+          "statusText": "OK"
+        },
+        "startedDateTime": "2024-12-18T15:40:11.830Z",
+        "time": 308
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}

examples/v2/agentless-scanning/ListAwsScanOptions.ts

@@ -0,0 +1,17 @@
+/**
+ * Get AWS Scan Options returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+const apiInstance = new v2.AgentlessScanningApi(configuration);
+
+apiInstance
+  .listAwsScanOptions()
+  .then((data: v2.AwsScanOptionsResponse) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));

features/support/scenarios_model_mapping.ts

@@ -2306,6 +2306,9 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = {
     "v1.Validate": {
         "operationResponseType": "AuthenticationValidationResponse",
     },
+    "v2.ListAwsScanOptions": {
+        "operationResponseType": "AwsScanOptionsResponse",
+    },
     "v2.ListAPIKeys": {
         "pageSize": {
             "type": "number",

features/v2/agentless_scanning.feature

@@ -0,0 +1,16 @@
+@endpoint(agentless-scanning) @endpoint(agentless-scanning-v2)
+Feature: Agentless Scanning
+  Datadog Agentless Scanning provides visibility into risks and
+  vulnerabilities within your hosts, running containers, and serverless
+  functions—all without requiring teams to install Agents on every host or
+  where Agents cannot be installed. Go to
+  https://www.datadoghq.com/blog/agentless-scanning/ to learn more
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Get AWS Scan Options returns "OK" response
+    Given a valid "apiKeyAuth" key in the system
+    And a valid "appKeyAuth" key in the system
+    And an instance of "AgentlessScanning" API
+    And new "ListAwsScanOptions" request
+    When the request is sent
+    Then the response status is 200 OK

features/v2/undo.json

@@ -1,4 +1,10 @@
 {
+  "ListAwsScanOptions": {
+    "tag": "Agentless Scanning",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "ListAPIKeys": {
     "tag": "Key Management",
     "undo": {

packages/datadog-api-client-v2/apis/AgentlessScanningApi.ts

@@ -0,0 +1,139 @@
+import { BaseAPIRequestFactory } from "../../datadog-api-client-common/baseapi";
+import {
+  Configuration,
+  applySecurityAuthentication,
+} from "../../datadog-api-client-common/configuration";
+import {
+  RequestContext,
+  HttpMethod,
+  ResponseContext,
+} from "../../datadog-api-client-common/http/http";
+
+import { logger } from "../../../logger";
+import { ObjectSerializer } from "../models/ObjectSerializer";
+import { ApiException } from "../../datadog-api-client-common/exception";
+
+import { APIErrorResponse } from "../models/APIErrorResponse";
+import { AwsScanOptionsResponse } from "../models/AwsScanOptionsResponse";
+
+export class AgentlessScanningApiRequestFactory extends BaseAPIRequestFactory {
+  public async listAwsScanOptions(
+    _options?: Configuration
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    // Path Params
+    const localVarPath = "/api/v2/agentless_scanning/accounts/aws";
+
+    // Make Request Context
+    const requestContext = _config
+      .getServer("v2.AgentlessScanningApi.listAwsScanOptions")
+      .makeRequestContext(localVarPath, HttpMethod.GET);
+    requestContext.setHeaderParam("Accept", "application/json");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+    ]);
+
+    return requestContext;
+  }
+}
+
+export class AgentlessScanningApiResponseProcessor {
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to listAwsScanOptions
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async listAwsScanOptions(
+    response: ResponseContext
+  ): Promise<AwsScanOptionsResponse> {
+    const contentType = ObjectSerializer.normalizeMediaType(
+      response.headers["content-type"]
+    );
+    if (response.httpStatusCode === 200) {
+      const body: AwsScanOptionsResponse = ObjectSerializer.deserialize(
+        ObjectSerializer.parse(await response.body.text(), contentType),
+        "AwsScanOptionsResponse"
+      ) as AwsScanOptionsResponse;
+      return body;
+    }
+    if (response.httpStatusCode === 403 || response.httpStatusCode === 429) {
+      const bodyText = ObjectSerializer.parse(
+        await response.body.text(),
+        contentType
+      );
+      let body: APIErrorResponse;
+      try {
+        body = ObjectSerializer.deserialize(
+          bodyText,
+          "APIErrorResponse"
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      const body: AwsScanOptionsResponse = ObjectSerializer.deserialize(
+        ObjectSerializer.parse(await response.body.text(), contentType),
+        "AwsScanOptionsResponse",
+        ""
+      ) as AwsScanOptionsResponse;
+      return body;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"'
+    );
+  }
+}
+
+export class AgentlessScanningApi {
+  private requestFactory: AgentlessScanningApiRequestFactory;
+  private responseProcessor: AgentlessScanningApiResponseProcessor;
+  private configuration: Configuration;
+
+  public constructor(
+    configuration: Configuration,
+    requestFactory?: AgentlessScanningApiRequestFactory,
+    responseProcessor?: AgentlessScanningApiResponseProcessor
+  ) {
+    this.configuration = configuration;
+    this.requestFactory =
+      requestFactory || new AgentlessScanningApiRequestFactory(configuration);
+    this.responseProcessor =
+      responseProcessor || new AgentlessScanningApiResponseProcessor();
+  }
+
+  /**
+   * Fetches the scan options configured for AWS accounts.
+   * @param param The request object
+   */
+  public listAwsScanOptions(
+    options?: Configuration
+  ): Promise<AwsScanOptionsResponse> {
+    const requestContextPromise =
+      this.requestFactory.listAwsScanOptions(options);
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.listAwsScanOptions(responseContext);
+        });
+    });
+  }
+}

packages/datadog-api-client-v2/index.ts

@@ -27,6 +27,8 @@ export {
 
 export { AWSLogsIntegrationApi } from "./apis/AWSLogsIntegrationApi";
 
+export { AgentlessScanningApi } from "./apis/AgentlessScanningApi";
+
 export {
   AppsApiCreateAppRequest,
   AppsApiDeleteAppRequest,
@@ -742,6 +744,10 @@ export { AWSRegions } from "./models/AWSRegions";
 export { AWSRegionsIncludeAll } from "./models/AWSRegionsIncludeAll";
 export { AWSRegionsIncludeOnly } from "./models/AWSRegionsIncludeOnly";
 export { AWSResourcesConfig } from "./models/AWSResourcesConfig";
+export { AwsScanOptionsAttributes } from "./models/AwsScanOptionsAttributes";
+export { AwsScanOptionsData } from "./models/AwsScanOptionsData";
+export { AwsScanOptionsResponse } from "./models/AwsScanOptionsResponse";
+export { AwsScanOptionsType } from "./models/AwsScanOptionsType";
 export { AWSTracesConfig } from "./models/AWSTracesConfig";
 export { AzureUCConfig } from "./models/AzureUCConfig";
 export { AzureUCConfigPair } from "./models/AzureUCConfigPair";