security_monitoring - Add indexes to deprecate index in ruleQuery (#963)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 89b720059d8e · 2025-10-16T10:40:56.000+02:00
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -43891,6 +43891,14 @@ components:
             for scheduled rules - in other words, when the `schedulingOptions` field
             is present in the rule payload.'
           type: string
+        indexes:
+          description: List of indexes to query when the `dataSource` is `logs`. Only
+            used for scheduled rules, such as when the `schedulingOptions` field is
+            present in the rule payload.
+          items:
+            description: Index.
+            type: string
+          type: array
         metric:
           deprecated: true
           description: '(Deprecated) The target field to aggregate over when using
diff --git a/LICENSE-3rdparty.csv b/LICENSE-3rdparty.csv
@@ -83,10 +83,10 @@ native-tls,https://github.com/sfackler/rust-native-tls,MIT OR Apache-2.0,Steven
 num-conv,https://github.com/jhpratt/num-conv,MIT OR Apache-2.0,Jacob Pratt <jacob@jhpratt.dev>
 num-traits,https://github.com/rust-num/num-traits,MIT OR Apache-2.0,The Rust Project Developers
 once_cell,https://github.com/matklad/once_cell,MIT OR Apache-2.0,Aleksey Kladov <aleksey.kladov@gmail.com>
-openssl,https://github.com/sfackler/rust-openssl,Apache-2.0,Steven Fackler <sfackler@gmail.com>
+openssl,https://github.com/rust-openssl/rust-openssl,Apache-2.0,Steven Fackler <sfackler@gmail.com>
 openssl-macros,https://github.com/sfackler/rust-openssl,MIT OR Apache-2.0,The openssl-macros Authors
 openssl-probe,https://github.com/alexcrichton/openssl-probe,MIT OR Apache-2.0,Alex Crichton <alex@alexcrichton.com>
-openssl-sys,https://github.com/sfackler/rust-openssl,MIT,"Alex Crichton <alex@alexcrichton.com>, Steven Fackler <sfackler@gmail.com>"
+openssl-sys,https://github.com/rust-openssl/rust-openssl,MIT,"Alex Crichton <alex@alexcrichton.com>, Steven Fackler <sfackler@gmail.com>"
 parking_lot,https://github.com/Amanieu/parking_lot,Apache-2.0 OR MIT,Amanieu d'Antras <amanieu@gmail.com>
 parking_lot_core,https://github.com/Amanieu/parking_lot,Apache-2.0 OR MIT,Amanieu d'Antras <amanieu@gmail.com>
 percent-encoding,https://github.com/servo/rust-url,MIT OR Apache-2.0,The rust-url developers
diff --git a/examples/v2_security-monitoring_CreateSecurityMonitoringRule_868881438.rs b/examples/v2_security-monitoring_CreateSecurityMonitoringRule_868881438.rs
@@ -36,7 +36,7 @@ async fn main() {
                     .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
                     .distinct_fields(vec![])
                     .group_by_fields(vec![])
-                    .index("main".to_string())
+                    .indexes(vec!["main".to_string()])
                     .query("@test:true".to_string())],
             )
             .filters(vec![])
diff --git a/src/datadogV2/model/model_security_monitoring_standard_rule_query.rs b/src/datadogV2/model/model_security_monitoring_standard_rule_query.rs
@@ -33,6 +33,9 @@ pub struct SecurityMonitoringStandardRuleQuery {
     /// The index to run the query on, if the `dataSource` is `logs`. Only used for scheduled rules - in other words, when the `schedulingOptions` field is present in the rule payload.
     #[serde(rename = "index")]
     pub index: Option<String>,
+    /// List of indexes to query when the `dataSource` is `logs`. Only used for scheduled rules, such as when the `schedulingOptions` field is present in the rule payload.
+    #[serde(rename = "indexes")]
+    pub indexes: Option<Vec<String>>,
     /// (Deprecated) The target field to aggregate over when using the sum or max
     /// aggregations. `metrics` field should be used instead.
     #[deprecated]
@@ -65,6 +68,7 @@ impl SecurityMonitoringStandardRuleQuery {
             group_by_fields: None,
             has_optional_group_by_fields: None,
             index: None,
+            indexes: None,
             metric: None,
             metrics: None,
             name: None,
@@ -122,6 +126,12 @@ impl SecurityMonitoringStandardRuleQuery {
         self
     }
 
+    #[allow(deprecated)]
+    pub fn indexes(mut self, value: Vec<String>) -> Self {
+        self.indexes = Some(value);
+        self
+    }
+
     #[allow(deprecated)]
     pub fn metric(mut self, value: String) -> Self {
         self.metric = Some(value);
@@ -189,6 +199,7 @@ impl<'de> Deserialize<'de> for SecurityMonitoringStandardRuleQuery {
                 let mut group_by_fields: Option<Vec<String>> = None;
                 let mut has_optional_group_by_fields: Option<bool> = None;
                 let mut index: Option<String> = None;
+                let mut indexes: Option<Vec<String>> = None;
                 let mut metric: Option<String> = None;
                 let mut metrics: Option<Vec<String>> = None;
                 let mut name: Option<String> = None;
@@ -265,6 +276,12 @@ impl<'de> Deserialize<'de> for SecurityMonitoringStandardRuleQuery {
                             }
                             index = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
                         }
+                        "indexes" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            indexes = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
                         "metric" => {
                             if v.is_null() {
                                 continue;
@@ -306,6 +323,7 @@ impl<'de> Deserialize<'de> for SecurityMonitoringStandardRuleQuery {
                     group_by_fields,
                     has_optional_group_by_fields,
                     index,
+                    indexes,
                     metric,
                     metrics,
                     name,
diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen b/tests/scenarios/cassettes/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen
@@ -1 +1 @@
-2025-07-31T07:48:27.113Z
+2025-10-13T21:11:45.641Z
diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.json b/tests/scenarios/cassettes/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.json
@@ -3,7 +3,7 @@
     {
       "request": {
         "body": {
-          "string": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"index\":\"main\",\"query\":\"@test:true\"}],\"schedulingOptions\":{\"rrule\":\"FREQ=HOURLY;INTERVAL=2;\",\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"},\"tags\":[],\"type\":\"log_detection\"}",
+          "string": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_scheduled_detection_rule_returns_OK_response-1760389905\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"indexes\":[\"main\"],\"query\":\"@test:true\"}],\"schedulingOptions\":{\"rrule\":\"FREQ=HOURLY;INTERVAL=2;\",\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"},\"tags\":[],\"type\":\"log_detection\"}",
           "encoding": null
         },
         "headers": {
@@ -19,7 +19,7 @@
       },
       "response": {
         "body": {
-          "string": "{\"name\":\"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107\",\"createdAt\":1753948107557,\"isDefault\":false,\"isPartner\":false,\"isEnabled\":true,\"isBeta\":false,\"isDeleted\":false,\"isDeprecated\":false,\"queries\":[{\"query\":\"@test:true\",\"groupByFields\":[],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"logs\",\"index\":\"main\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"cases\":[{\"name\":\"\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 0\"}],\"message\":\"Test rule\",\"tags\":[],\"hasExtendedTitle\":false,\"type\":\"log_detection\",\"filters\":[],\"version\":1,\"id\":\"8dd-els-oyn\",\"blocking\":false,\"metadata\":{\"entities\":null,\"sources\":null},\"creationAuthorId\":1445416,\"creator\":{\"handle\":\"frog@datadoghq.com\",\"name\":\"frog\"},\"updater\":{\"handle\":\"\",\"name\":\"\"},\"schedulingOptions\":{\"rrule\":\"FREQ=HOURLY;INTERVAL=2;\",\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"}}",
+          "string": "{\"name\":\"Test-Create_a_scheduled_detection_rule_returns_OK_response-1760389905\",\"createdAt\":1760389906051,\"isDefault\":false,\"isPartner\":false,\"isEnabled\":true,\"isBeta\":false,\"isDeleted\":false,\"isDeprecated\":false,\"queries\":[{\"query\":\"@test:true\",\"groupByFields\":[],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"logs\",\"index\":\"main\",\"indexes\":[\"main\"]}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"cases\":[{\"name\":\"\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 0\"}],\"message\":\"Test rule\",\"tags\":[],\"hasExtendedTitle\":false,\"type\":\"log_detection\",\"filters\":[],\"version\":1,\"id\":\"vgs-rrg-orf\",\"blocking\":false,\"metadata\":{\"entities\":null,\"sources\":null},\"creationAuthorId\":1445416,\"creator\":{\"handle\":\"frog@datadoghq.com\",\"name\":\"frog\"},\"updater\":{\"handle\":\"\",\"name\":\"\"},\"schedulingOptions\":{\"rrule\":\"FREQ=HOURLY;INTERVAL=2;\",\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"}}",
           "encoding": null
         },
         "headers": {
@@ -32,7 +32,7 @@
           "message": "OK"
         }
       },
-      "recorded_at": "Thu, 31 Jul 2025 07:48:27 GMT"
+      "recorded_at": "Mon, 13 Oct 2025 21:11:45 GMT"
     },
     {
       "request": {
@@ -43,7 +43,7 @@
           ]
         },
         "method": "delete",
-        "uri": "https://api.datadoghq.com/api/v2/security_monitoring/rules/8dd-els-oyn"
+        "uri": "https://api.datadoghq.com/api/v2/security_monitoring/rules/vgs-rrg-orf"
       },
       "response": {
         "body": {
@@ -56,7 +56,7 @@
           "message": "No Content"
         }
       },
-      "recorded_at": "Thu, 31 Jul 2025 07:48:27 GMT"
+      "recorded_at": "Mon, 13 Oct 2025 21:11:45 GMT"
     }
   ],
   "recorded_with": "VCR 6.0.0"
diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen b/tests/scenarios/cassettes/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen
@@ -1 +1 @@
-2025-07-31T07:49:14.474Z
+2025-10-13T21:12:46.212Z
diff --git a/tests/scenarios/cassettes/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.json b/tests/scenarios/cassettes/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.json
@@ -3,7 +3,7 @@
     {
       "request": {
         "body": {
-          "string": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1753948154\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"index\":\"main\",\"query\":\"@test:true\"}],\"schedulingOptions\":{\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"},\"tags\":[],\"type\":\"log_detection\"}",
+          "string": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1760389966\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"indexes\":[\"main\"],\"query\":\"@test:true\"}],\"schedulingOptions\":{\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"},\"tags\":[],\"type\":\"log_detection\"}",
           "encoding": null
         },
         "headers": {
@@ -32,7 +32,7 @@
           "message": "Bad Request"
         }
       },
-      "recorded_at": "Thu, 31 Jul 2025 07:49:14 GMT"
+      "recorded_at": "Mon, 13 Oct 2025 21:12:46 GMT"
     }
   ],
   "recorded_with": "VCR 6.0.0"
diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature
@@ -308,7 +308,7 @@ Feature: Security Monitoring
   @team:DataDog/k9-cloud-security-platform
   Scenario: Create a scheduled detection rule returns "OK" response
     Given new "CreateSecurityMonitoringRule" request
-    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}}
+    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"indexes":["main"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}}
     When the request is sent
     Then the response status is 200 OK
     And the response "name" is equal to "{{ unique }}"
@@ -319,7 +319,7 @@ Feature: Security Monitoring
   @team:DataDog/k9-cloud-security-platform
   Scenario: Create a scheduled rule without rrule returns "Bad Request" response
     Given new "CreateSecurityMonitoringRule" request
-    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}}
+    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"indexes":["main"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}}
     When the request is sent
     Then the response status is 400 Bad Request
 

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ async fn main() {`
`36`	`36`	`.aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)`
`37`	`37`	`.distinct_fields(vec![])`
`38`	`38`	`.group_by_fields(vec![])`
`39`		`- .index("main".to_string())`
	`39`	`+ .indexes(vec!["main".to_string()])`
`40`	`40`	`.query("@test:true".to_string())],`
`41`	`41`	`)`
`42`	`42`	`.filters(vec![])`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-2025-07-31T07:48:27.113Z`
	`1`	`+2025-10-13T21:11:45.641Z`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-2025-07-31T07:49:14.474Z`
	`1`	`+2025-10-13T21:12:46.212Z`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`{`
`4`	`4`	`"request": {`
`5`	`5`	`"body": {`
`6`		- "string": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1753948154\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"index\":\"main\",\"query\":\"@test:true\"}],\"schedulingOptions\":{\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"},\"tags\":[],\"type\":\"log_detection\"}",
	`6`	+ "string": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1760389966\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"indexes\":[\"main\"],\"query\":\"@test:true\"}],\"schedulingOptions\":{\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"},\"tags\":[],\"type\":\"log_detection\"}",
`7`	`7`	`"encoding": null`
`8`	`8`	`},`
`9`	`9`	`"headers": {`
`@@ -32,7 +32,7 @@`
`32`	`32`	`"message": "Bad Request"`
`33`	`33`	`}`
`34`	`34`	`},`
`35`		`- "recorded_at": "Thu, 31 Jul 2025 07:49:14 GMT"`
	`35`	`+ "recorded_at": "Mon, 13 Oct 2025 21:12:46 GMT"`
`36`	`36`	`}`
`37`	`37`	`],`
`38`	`38`	`"recorded_with": "VCR 6.0.0"`