Add API spec for security monitoring terraform export endpoints (#3219)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -1388,6 +1388,20 @@ components:
       required: true
       schema:
         type: string
+    SecurityMonitoringTerraformResourceId:
+      description: The ID of the security monitoring resource to export.
+      in: path
+      name: resource_id
+      required: true
+      schema:
+        type: string
+    SecurityMonitoringTerraformResourceType:
+      description: The type of security monitoring resource to export.
+      in: path
+      name: resource_type
+      required: true
+      schema:
+        $ref: "#/components/schemas/SecurityMonitoringTerraformResourceType"
     SensitiveDataScannerGroupID:
       description: The ID of a group of rules.
       in: path
@@ -64963,6 +64977,134 @@ components:
             $ref: "#/components/schemas/SecurityMonitoringSuppression"
           type: array
       type: object
+    SecurityMonitoringTerraformBulkExportAttributes:
+      description: Attributes for the bulk export request.
+      properties:
+        resource_ids:
+          description: The list of resource IDs to export. Maximum 1000 items.
+          example:
+            - ""
+          items:
+            description: The ID of the resource to export.
+            type: string
+          maxItems: 1000
+          type: array
+      required:
+        - resource_ids
+      type: object
+    SecurityMonitoringTerraformBulkExportData:
+      description: The bulk export request data object.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringTerraformBulkExportAttributes"
+        type:
+          description: The JSON:API type. Always `bulk_export_resources`.
+          example: bulk_export_resources
+          type: string
+      required:
+        - type
+        - attributes
+      type: object
+    SecurityMonitoringTerraformBulkExportRequest:
+      description: Request body for bulk exporting security monitoring resources to Terraform.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringTerraformBulkExportData"
+      required:
+        - data
+      type: object
+    SecurityMonitoringTerraformConvertAttributes:
+      description: Attributes for the convert request.
+      properties:
+        resource_json:
+          additionalProperties: {}
+          description: The resource attributes as a JSON object, matching the structure returned by the corresponding Datadog API (for example, the attributes of a suppression rule).
+          example:
+            enabled: true
+            name: Custom suppression
+            rule_query: type:log_detection source:cloudtrail
+            suppression_query: env:staging status:low
+          type: object
+      required:
+        - resource_json
+      type: object
+    SecurityMonitoringTerraformConvertData:
+      description: The convert request data object.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringTerraformConvertAttributes"
+        id:
+          description: The ID of the resource being converted.
+          example: abc-123
+          type: string
+        type:
+          description: The JSON:API type. Always `convert_resource`.
+          example: convert_resource
+          type: string
+      required:
+        - type
+        - id
+        - attributes
+      type: object
+    SecurityMonitoringTerraformConvertRequest:
+      description: Request body for converting a security monitoring resource JSON to Terraform.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringTerraformConvertData"
+      required:
+        - data
+      type: object
+    SecurityMonitoringTerraformExportAttributes:
+      description: Attributes of the Terraform export response.
+      properties:
+        output:
+          description: The Terraform configuration for the resource.
+          type: string
+        resource_id:
+          description: The ID of the exported resource.
+          example: abc-123
+          type: string
+        type_name:
+          description: The Terraform resource type name.
+          example: datadog_security_monitoring_suppression
+          type: string
+      required:
+        - type_name
+        - resource_id
+      type: object
+    SecurityMonitoringTerraformExportData:
+      description: The Terraform export data object.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringTerraformExportAttributes"
+        id:
+          description: The resource identifier composed of the Terraform type name and the resource ID separated by `|`.
+          example: datadog_security_monitoring_suppression|abc-123
+          type: string
+        type:
+          description: The JSON:API type. Always `format_resource`.
+          example: format_resource
+          type: string
+      required:
+        - type
+        - id
+        - attributes
+      type: object
+    SecurityMonitoringTerraformExportResponse:
+      description: Response containing the Terraform configuration for a security monitoring resource.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringTerraformExportData"
+      type: object
+    SecurityMonitoringTerraformResourceType:
+      description: The type of security monitoring resource to export to Terraform.
+      enum:
+        - suppressions
+        - critical_assets
+      type: string
+      x-enum-varnames:
+        - SUPPRESSIONS
+        - CRITICAL_ASSETS
     SecurityMonitoringThirdPartyRootQuery:
       description: A query to be combined with the third party case query.
       properties:
@@ -114337,6 +114479,141 @@ paths:
         permissions:
           - security_monitoring_rules_read
           - security_monitoring_signals_read
+  /api/v2/security_monitoring/terraform/{resource_type}/bulk:
+    post:
+      description: |-
+        Export multiple security monitoring resources to Terraform, packaged as a zip archive.
+        The `resource_type` path parameter specifies the type of resources to export
+        and must be one of `suppressions` or `critical_assets`.
+        A maximum of 1000 resources can be exported in a single request.
+      operationId: BulkExportSecurityMonitoringTerraformResources
+      parameters:
+        - $ref: "#/components/parameters/SecurityMonitoringTerraformResourceType"
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringTerraformBulkExportRequest"
+        description: The resource IDs to export.
+        required: true
+      responses:
+        "200":
+          content:
+            application/zip:
+              schema:
+                format: binary
+                type: string
+          description: OK
+        "400":
+          $ref: "#/components/responses/BadRequestResponse"
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "404":
+          $ref: "#/components/responses/NotFoundResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_suppressions_read
+        - AuthZ:
+            - security_monitoring_rules_read
+      summary: Export security monitoring resources to Terraform
+      tags:
+        - Security Monitoring
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_suppressions_read
+          - security_monitoring_rules_read
+      x-unstable: "**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)."
+  /api/v2/security_monitoring/terraform/{resource_type}/convert:
+    post:
+      description: |-
+        Convert a security monitoring resource that doesn't (yet) exist from JSON to Terraform.
+        The `resource_type` path parameter specifies the type of resource to convert
+        and must be one of `suppressions` or `critical_assets`.
+      operationId: ConvertSecurityMonitoringTerraformResource
+      parameters:
+        - $ref: "#/components/parameters/SecurityMonitoringTerraformResourceType"
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringTerraformConvertRequest"
+        description: The resource JSON to convert.
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringTerraformExportResponse"
+          description: OK
+        "400":
+          $ref: "#/components/responses/BadRequestResponse"
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_suppressions_read
+        - AuthZ:
+            - security_monitoring_rules_read
+      summary: Convert security monitoring resource to Terraform
+      tags:
+        - Security Monitoring
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_suppressions_read
+          - security_monitoring_rules_read
+      x-unstable: "**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)."
+  /api/v2/security_monitoring/terraform/{resource_type}/{resource_id}:
+    get:
+      description: |-
+        Export a security monitoring resource to a Terraform configuration.
+        The `resource_type` path parameter specifies the type of resource to export
+        and must be one of `suppressions` or `critical_assets`.
+      operationId: ExportSecurityMonitoringTerraformResource
+      parameters:
+        - $ref: "#/components/parameters/SecurityMonitoringTerraformResourceType"
+        - $ref: "#/components/parameters/SecurityMonitoringTerraformResourceId"
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringTerraformExportResponse"
+          description: OK
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "404":
+          $ref: "#/components/responses/NotFoundResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_suppressions_read
+        - AuthZ:
+            - security_monitoring_rules_read
+      summary: Export security monitoring resource to Terraform
+      tags:
+        - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_suppressions_read
+          - security_monitoring_rules_read
+      x-unstable: "**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)."
   /api/v2/sensitive-data-scanner/config:
     get:
       description: List all the Scanning groups in your organization.

cassettes/features/v2/security_monitoring/Convert-security-monitoring-resource-to-Terraform-returns-OK-response.frozen

@@ -0,0 +1 @@
+2026-04-10T08:55:44.730Z

cassettes/features/v2/security_monitoring/Convert-security-monitoring-resource-to-Terraform-returns-OK-response.yml

@@ -0,0 +1 @@
+2026-04-10T08:56:17.310Z