diff --git a/.generator/schemas/v1/openapi.yaml b/.generator/schemas/v1/openapi.yaml index 8f404467bc..bbfcb6da10 100644 --- a/.generator/schemas/v1/openapi.yaml +++ b/.generator/schemas/v1/openapi.yaml @@ -6215,6 +6215,38 @@ components: type: string x-enum-varnames: - DECODER_PROCESSOR + LogsExcludeAttributeProcessor: + description: |- + Use this processor to remove an attribute from a log during processing. + The processor strips the specified attribute from the log event, which is useful + when the attribute contains sensitive data or is no longer needed downstream. + properties: + attribute_to_exclude: + description: Name of the log attribute to remove from the log event. + example: foo + type: string + is_enabled: + default: false + description: Whether or not the processor is enabled. + type: boolean + name: + description: Name of the processor. + type: string + type: + $ref: "#/components/schemas/LogsExcludeAttributeProcessorType" + required: + - type + - attribute_to_exclude + type: object + LogsExcludeAttributeProcessorType: + default: exclude-attribute + description: Type of logs exclude attribute processor. + enum: + - exclude-attribute + example: exclude-attribute + type: string + x-enum-varnames: + - EXCLUDE_ATTRIBUTE LogsExclusion: description: Represents the index exclusion filter object from configuration API. properties: @@ -6822,6 +6854,7 @@ components: - $ref: "#/components/schemas/LogsArrayProcessor" - $ref: "#/components/schemas/LogsDecoderProcessor" - $ref: "#/components/schemas/LogsSchemaProcessor" + - $ref: "#/components/schemas/LogsExcludeAttributeProcessor" LogsQueryCompute: description: Define computation for a log query. properties: diff --git a/docs/datadog_api_client.v1.model.rst b/docs/datadog_api_client.v1.model.rst index 9b46a58093..4a44242a26 100644 --- a/docs/datadog_api_client.v1.model.rst +++ b/docs/datadog_api_client.v1.model.rst @@ -2027,6 +2027,20 @@ datadog\_api\_client.v1.model.logs\_decoder\_processor\_type module :members: :show-inheritance: +datadog\_api\_client.v1.model.logs\_exclude\_attribute\_processor module +------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v1.model.logs_exclude_attribute_processor + :members: + :show-inheritance: + +datadog\_api\_client.v1.model.logs\_exclude\_attribute\_processor\_type module +------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v1.model.logs_exclude_attribute_processor_type + :members: + :show-inheritance: + datadog\_api\_client.v1.model.logs\_exclusion module ---------------------------------------------------- diff --git a/src/datadog_api_client/v1/model/logs_exclude_attribute_processor.py b/src/datadog_api_client/v1/model/logs_exclude_attribute_processor.py new file mode 100644 index 0000000000..7769106fb0 --- /dev/null +++ b/src/datadog_api_client/v1/model/logs_exclude_attribute_processor.py @@ -0,0 +1,71 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v1.model.logs_exclude_attribute_processor_type import LogsExcludeAttributeProcessorType + + +class LogsExcludeAttributeProcessor(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v1.model.logs_exclude_attribute_processor_type import LogsExcludeAttributeProcessorType + + return { + "attribute_to_exclude": (str,), + "is_enabled": (bool,), + "name": (str,), + "type": (LogsExcludeAttributeProcessorType,), + } + + attribute_map = { + "attribute_to_exclude": "attribute_to_exclude", + "is_enabled": "is_enabled", + "name": "name", + "type": "type", + } + + def __init__( + self_, + attribute_to_exclude: str, + type: LogsExcludeAttributeProcessorType, + is_enabled: Union[bool, UnsetType] = unset, + name: Union[str, UnsetType] = unset, + **kwargs, + ): + """ + Use this processor to remove an attribute from a log during processing. + The processor strips the specified attribute from the log event, which is useful + when the attribute contains sensitive data or is no longer needed downstream. + + :param attribute_to_exclude: Name of the log attribute to remove from the log event. + :type attribute_to_exclude: str + + :param is_enabled: Whether or not the processor is enabled. + :type is_enabled: bool, optional + + :param name: Name of the processor. + :type name: str, optional + + :param type: Type of logs exclude attribute processor. + :type type: LogsExcludeAttributeProcessorType + """ + if is_enabled is not unset: + kwargs["is_enabled"] = is_enabled + if name is not unset: + kwargs["name"] = name + super().__init__(kwargs) + + self_.attribute_to_exclude = attribute_to_exclude + self_.type = type diff --git a/src/datadog_api_client/v1/model/logs_exclude_attribute_processor_type.py b/src/datadog_api_client/v1/model/logs_exclude_attribute_processor_type.py new file mode 100644 index 0000000000..3ef1f953dd --- /dev/null +++ b/src/datadog_api_client/v1/model/logs_exclude_attribute_processor_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class LogsExcludeAttributeProcessorType(ModelSimple): + """ + Type of logs exclude attribute processor. + + :param value: If omitted defaults to "exclude-attribute". Must be one of ["exclude-attribute"]. + :type value: str + """ + + allowed_values = { + "exclude-attribute", + } + EXCLUDE_ATTRIBUTE: ClassVar["LogsExcludeAttributeProcessorType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +LogsExcludeAttributeProcessorType.EXCLUDE_ATTRIBUTE = LogsExcludeAttributeProcessorType("exclude-attribute") diff --git a/src/datadog_api_client/v1/model/logs_pipeline.py b/src/datadog_api_client/v1/model/logs_pipeline.py index c7dc54b78b..75aa50d693 100644 --- a/src/datadog_api_client/v1/model/logs_pipeline.py +++ b/src/datadog_api_client/v1/model/logs_pipeline.py @@ -36,6 +36,7 @@ from datadog_api_client.v1.model.logs_array_processor import LogsArrayProcessor from datadog_api_client.v1.model.logs_decoder_processor import LogsDecoderProcessor from datadog_api_client.v1.model.logs_schema_processor import LogsSchemaProcessor + from datadog_api_client.v1.model.logs_exclude_attribute_processor import LogsExcludeAttributeProcessor class LogsPipeline(ModelNormal): @@ -105,6 +106,7 @@ def __init__( LogsArrayProcessor, LogsDecoderProcessor, LogsSchemaProcessor, + LogsExcludeAttributeProcessor, ] ], UnsetType, diff --git a/src/datadog_api_client/v1/model/logs_pipeline_processor.py b/src/datadog_api_client/v1/model/logs_pipeline_processor.py index 9bccc1439f..07d59fd9f7 100644 --- a/src/datadog_api_client/v1/model/logs_pipeline_processor.py +++ b/src/datadog_api_client/v1/model/logs_pipeline_processor.py @@ -36,6 +36,7 @@ from datadog_api_client.v1.model.logs_array_processor import LogsArrayProcessor from datadog_api_client.v1.model.logs_decoder_processor import LogsDecoderProcessor from datadog_api_client.v1.model.logs_schema_processor import LogsSchemaProcessor + from datadog_api_client.v1.model.logs_exclude_attribute_processor import LogsExcludeAttributeProcessor class LogsPipelineProcessor(ModelNormal): @@ -96,6 +97,7 @@ def __init__( LogsArrayProcessor, LogsDecoderProcessor, LogsSchemaProcessor, + LogsExcludeAttributeProcessor, ] ], UnsetType, diff --git a/src/datadog_api_client/v1/model/logs_processor.py b/src/datadog_api_client/v1/model/logs_processor.py index 09b3f12d72..07498773fc 100644 --- a/src/datadog_api_client/v1/model/logs_processor.py +++ b/src/datadog_api_client/v1/model/logs_processor.py @@ -112,6 +112,9 @@ def __init__(self, **kwargs): :param schema: Configuration of the schema data to use. :type schema: LogsSchemaData + + :param attribute_to_exclude: Name of the log attribute to remove from the log event. + :type attribute_to_exclude: str """ super().__init__(kwargs) @@ -144,6 +147,7 @@ def _composed_schemas(_): from datadog_api_client.v1.model.logs_array_processor import LogsArrayProcessor from datadog_api_client.v1.model.logs_decoder_processor import LogsDecoderProcessor from datadog_api_client.v1.model.logs_schema_processor import LogsSchemaProcessor + from datadog_api_client.v1.model.logs_exclude_attribute_processor import LogsExcludeAttributeProcessor return { "oneOf": [ @@ -167,5 +171,6 @@ def _composed_schemas(_): LogsArrayProcessor, LogsDecoderProcessor, LogsSchemaProcessor, + LogsExcludeAttributeProcessor, ], } diff --git a/src/datadog_api_client/v1/models/__init__.py b/src/datadog_api_client/v1/models/__init__.py index 74c9c174e4..bcd5b37bbe 100644 --- a/src/datadog_api_client/v1/models/__init__.py +++ b/src/datadog_api_client/v1/models/__init__.py @@ -341,6 +341,8 @@ LogsDecoderProcessorInputRepresentation, ) from datadog_api_client.v1.model.logs_decoder_processor_type import LogsDecoderProcessorType +from datadog_api_client.v1.model.logs_exclude_attribute_processor import LogsExcludeAttributeProcessor +from datadog_api_client.v1.model.logs_exclude_attribute_processor_type import LogsExcludeAttributeProcessorType from datadog_api_client.v1.model.logs_exclusion import LogsExclusion from datadog_api_client.v1.model.logs_exclusion_filter import LogsExclusionFilter from datadog_api_client.v1.model.logs_filter import LogsFilter @@ -1635,6 +1637,8 @@ "LogsDecoderProcessorBinaryToTextEncoding", "LogsDecoderProcessorInputRepresentation", "LogsDecoderProcessorType", + "LogsExcludeAttributeProcessor", + "LogsExcludeAttributeProcessorType", "LogsExclusion", "LogsExclusionFilter", "LogsFilter", diff --git a/tests/v1/features/logs_pipelines.feature b/tests/v1/features/logs_pipelines.feature index 00b7369e23..1ab4401b0f 100644 --- a/tests/v1/features/logs_pipelines.feature +++ b/tests/v1/features/logs_pipelines.feature @@ -21,138 +21,138 @@ Feature: Logs Pipelines And a valid "appKeyAuth" key in the system And an instance of "LogsPipelines" API - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Create a pipeline returns "Bad Request" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "", "processors": [{"grok": {"match_rules": "rule_name_1 foo\nrule_name_2 bar", "support_rules": "rule_name_1 foo\nrule_name_2 bar"}, "is_enabled": false, "samples": [], "source": "message", "type": "grok-parser"}], "tags": []} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Create a pipeline returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "", "processors": [{"grok": {"match_rules": "rule_name_1 foo\nrule_name_2 bar", "support_rules": "rule_name_1 foo\nrule_name_2 bar"}, "is_enabled": false, "samples": [], "source": "message", "type": "grok-parser"}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Array Processor Append Operation returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testPipelineArrayAppend", "processors": [{"type": "array-processor", "is_enabled": true, "name": "append_ip_to_array", "operation": {"type": "append", "source": "network.client.ip", "target": "sourceIps"}}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Array Processor Append Operation with preserve_source false returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testPipelineArrayAppendNoPreserve", "processors": [{"type": "array-processor", "is_enabled": true, "name": "append_ip_and_remove_source", "operation": {"type": "append", "source": "network.client.ip", "target": "sourceIps", "preserve_source": false}}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Array Processor Append Operation with preserve_source true returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testPipelineArrayAppendPreserve", "processors": [{"type": "array-processor", "is_enabled": true, "name": "append_ip_and_keep_source", "operation": {"type": "append", "source": "network.client.ip", "target": "sourceIps", "preserve_source": true}}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Array Processor Length Operation returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testPipelineArrayLength", "processors": [{"type": "array-processor", "is_enabled": true, "name": "count_tags", "operation": {"type": "length", "source": "tags", "target": "tagCount"}}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Array Processor Select Operation returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testPipelineArraySelect", "processors": [{"type": "array-processor", "is_enabled": true, "name": "extract_referrer", "operation": {"type": "select", "source": "httpRequest.headers", "target": "referrer", "filter": "name:Referrer", "value_to_extract": "value"}}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Decoder Processor returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testDecoderProcessor", "processors": [{"type": "decoder-processor", "is_enabled": true, "name": "test_decoder", "source": "encoded.field", "target": "decoded.field", "binary_to_text_encoding": "base16", "input_representation": "utf_8"}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Schema Processor and preserve_source false returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid", "preserve_source": false}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name", "preserve_source": false}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api", "preserve_source": false}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user", "preserve_source": false}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor", "preserve_source": false}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud", "preserve_source": false}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request", "preserve_source": false}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata", "preserve_source": false}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time", "preserve_source": false}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint", "preserve_source": false}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity", "preserve_source": false}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id", "preserve_source": false}]}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Schema Processor and preserve_source true returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid", "preserve_source": true}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name", "preserve_source": true}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api", "preserve_source": true}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user", "preserve_source": true}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor", "preserve_source": true}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud", "preserve_source": true}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request", "preserve_source": true}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata", "preserve_source": true}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time", "preserve_source": true}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint", "preserve_source": true}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity", "preserve_source": true}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id", "preserve_source": true}]}], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with Span Id Remapper returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testPipeline", "processors": [{"type": "span-id-remapper", "is_enabled" : true, "name" : "test_filter", "sources" : [ "dd.span_id"] }], "tags": []} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with nested pipeline processor returns "OK" response Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testPipelineWithNested", "processors": [{"type": "pipeline", "is_enabled": true, "name": "nested_pipeline_with_metadata", "filter": {"query": "env:production"}, "tags": ["env:prod", "type:nested"], "description": "This is a nested pipeline for production logs"}], "tags": ["team:test"], "description": "Pipeline containing nested processor with tags and description"} When the request is sent Then the response status is 200 OK - @team:DataDog/event-platform-experience + @team:DataDog/logs-onboarding Scenario: Create a pipeline with schema processor Given new "CreateLogsPipeline" request And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid"}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name"}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api"}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user"}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor"}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud"}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request"}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata"}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time"}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint"}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity"}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id"}]}], "tags": []} When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Delete a pipeline returns "Bad Request" response Given new "DeleteLogsPipeline" request And request contains "pipeline_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Delete a pipeline returns "OK" response Given new "DeleteLogsPipeline" request And request contains "pipeline_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Get a pipeline returns "Bad Request" response Given new "GetLogsPipeline" request And request contains "pipeline_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Get a pipeline returns "OK" response Given new "GetLogsPipeline" request And request contains "pipeline_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Get all pipelines returns "OK" response Given new "ListLogsPipelines" request When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Get pipeline order returns "OK" response Given new "GetLogsPipelineOrder" request When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Update a pipeline returns "Bad Request" response Given new "UpdateLogsPipeline" request And request contains "pipeline_id" parameter from "REPLACE.ME" @@ -160,7 +160,7 @@ Feature: Logs Pipelines When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Update a pipeline returns "OK" response Given new "UpdateLogsPipeline" request And request contains "pipeline_id" parameter from "REPLACE.ME" @@ -168,21 +168,21 @@ Feature: Logs Pipelines When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Update pipeline order returns "Bad Request" response Given new "UpdateLogsPipelineOrder" request And body with value {"pipeline_ids": ["tags", "org_ids", "products"]} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Update pipeline order returns "OK" response Given new "UpdateLogsPipelineOrder" request And body with value {"pipeline_ids": ["tags", "org_ids", "products"]} When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/event-platform-experience + @generated @skip @team:DataDog/logs-onboarding Scenario: Update pipeline order returns "Unprocessable Entity" response Given new "UpdateLogsPipelineOrder" request And body with value {"pipeline_ids": ["tags", "org_ids", "products"]}