Add exists, !exists, equals, and !equals operators to WAF custom rules

.generator/schemas/v2/openapi.yaml

@@ -4345,6 +4345,10 @@ components:
         - ip_match
         - "!ip_match"
         - capture_data
+        - exists
+        - "!exists"
+        - equals
+        - "!equals"
       example: "match_regex"
       type: string
       x-enum-varnames:
@@ -4359,6 +4363,10 @@ components:
         - IP_MATCH
         - NOT_IP_MATCH
         - CAPTURE_DATA
+        - EXISTS
+        - NOT_EXISTS
+        - EQUALS
+        - NOT_EQUALS
     ApplicationSecurityWafCustomRuleConditionOptions:
       description: Options for the operator of this condition.
       properties:
@@ -4399,6 +4407,8 @@ components:
           description: "Regex to use with the condition. Only used with match_regex and !match_regex operator."
           example: "path.*"
           type: string
+        type:
+          $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleConditionParametersType"
         value:
           description: |-
             Store the captured value in the specified tag name. Only used with the capture_data operator.
@@ -4407,6 +4417,22 @@ components:
       required:
         - inputs
       type: object
+    ApplicationSecurityWafCustomRuleConditionParametersType:
+      description: The type of the value to compare against. Only used with the equals and !equals operator.
+      enum:
+        - boolean
+        - signed
+        - unsigned
+        - float
+        - string
+      example: "string"
+      type: string
+      x-enum-varnames:
+        - BOOLEAN
+        - SIGNED
+        - UNSIGNED
+        - FLOAT
+        - STRING
     ApplicationSecurityWafCustomRuleCreateAttributes:
       description: "Create a new WAF custom rule."
       properties:

examples/v2_application-security_CreateApplicationSecurityWafCustomRule.rs

@@ -10,6 +10,7 @@ use datadog_api_client::datadogV2::model::ApplicationSecurityWafCustomRuleCondit
 use datadog_api_client::datadogV2::model::ApplicationSecurityWafCustomRuleConditionOperator;
 use datadog_api_client::datadogV2::model::ApplicationSecurityWafCustomRuleConditionOptions;
 use datadog_api_client::datadogV2::model::ApplicationSecurityWafCustomRuleConditionParameters;
+use datadog_api_client::datadogV2::model::ApplicationSecurityWafCustomRuleConditionParametersType;
 use datadog_api_client::datadogV2::model::ApplicationSecurityWafCustomRuleCreateAttributes;
 use datadog_api_client::datadogV2::model::ApplicationSecurityWafCustomRuleCreateData;
 use datadog_api_client::datadogV2::model::ApplicationSecurityWafCustomRuleCreateRequest;
@@ -44,6 +45,7 @@ async fn main() {
                                         .min_length(0),
                                 )
                                 .regex("path.*".to_string())
+                                .type_(ApplicationSecurityWafCustomRuleConditionParametersType::STRING)
                                 .value("custom_tag".to_string()),
                         )
                     ],

src/datadogV2/model/mod.rs

@@ -6552,6 +6552,8 @@ pub mod model_application_security_waf_custom_rule_condition_input_address;
 pub use self::model_application_security_waf_custom_rule_condition_input_address::ApplicationSecurityWafCustomRuleConditionInputAddress;
 pub mod model_application_security_waf_custom_rule_condition_options;
 pub use self::model_application_security_waf_custom_rule_condition_options::ApplicationSecurityWafCustomRuleConditionOptions;
+pub mod model_application_security_waf_custom_rule_condition_parameters_type;
+pub use self::model_application_security_waf_custom_rule_condition_parameters_type::ApplicationSecurityWafCustomRuleConditionParametersType;
 pub mod model_application_security_waf_custom_rule_metadata;
 pub use self::model_application_security_waf_custom_rule_metadata::ApplicationSecurityWafCustomRuleMetadata;
 pub mod model_application_security_waf_custom_rule_scope;

src/datadogV2/model/model_application_security_waf_custom_rule_condition_operator.rs

@@ -18,6 +18,10 @@ pub enum ApplicationSecurityWafCustomRuleConditionOperator {
     IP_MATCH,
     NOT_IP_MATCH,
     CAPTURE_DATA,
+    EXISTS,
+    NOT_EXISTS,
+    EQUALS,
+    NOT_EQUALS,
     UnparsedObject(crate::datadog::UnparsedObject),
 }
 
@@ -35,6 +39,10 @@ impl ToString for ApplicationSecurityWafCustomRuleConditionOperator {
             Self::IP_MATCH => String::from("ip_match"),
             Self::NOT_IP_MATCH => String::from("!ip_match"),
             Self::CAPTURE_DATA => String::from("capture_data"),
+            Self::EXISTS => String::from("exists"),
+            Self::NOT_EXISTS => String::from("!exists"),
+            Self::EQUALS => String::from("equals"),
+            Self::NOT_EQUALS => String::from("!equals"),
             Self::UnparsedObject(v) => v.value.to_string(),
         }
     }
@@ -70,6 +78,10 @@ impl<'de> Deserialize<'de> for ApplicationSecurityWafCustomRuleConditionOperator
             "ip_match" => Self::IP_MATCH,
             "!ip_match" => Self::NOT_IP_MATCH,
             "capture_data" => Self::CAPTURE_DATA,
+            "exists" => Self::EXISTS,
+            "!exists" => Self::NOT_EXISTS,
+            "equals" => Self::EQUALS,
+            "!equals" => Self::NOT_EQUALS,
             _ => Self::UnparsedObject(crate::datadog::UnparsedObject {
                 value: serde_json::Value::String(s.into()),
             }),

src/datadogV2/model/model_application_security_waf_custom_rule_condition_parameters.rs

@@ -27,6 +27,10 @@ pub struct ApplicationSecurityWafCustomRuleConditionParameters {
     /// Regex to use with the condition. Only used with match_regex and !match_regex operator.
     #[serde(rename = "regex")]
     pub regex: Option<String>,
+    /// The type of the value to compare against. Only used with the equals and !equals operator.
+    #[serde(rename = "type")]
+    pub type_:
+        Option<crate::datadogV2::model::ApplicationSecurityWafCustomRuleConditionParametersType>,
     /// Store the captured value in the specified tag name. Only used with the capture_data operator.
     #[serde(rename = "value")]
     pub value: Option<String>,
@@ -47,6 +51,7 @@ impl ApplicationSecurityWafCustomRuleConditionParameters {
             list: None,
             options: None,
             regex: None,
+            type_: None,
             value: None,
             additional_properties: std::collections::BTreeMap::new(),
             _unparsed: false,
@@ -76,6 +81,14 @@ impl ApplicationSecurityWafCustomRuleConditionParameters {
         self
     }
 
+    pub fn type_(
+        mut self,
+        value: crate::datadogV2::model::ApplicationSecurityWafCustomRuleConditionParametersType,
+    ) -> Self {
+        self.type_ = Some(value);
+        self
+    }
+
     pub fn value(mut self, value: String) -> Self {
         self.value = Some(value);
         self
@@ -116,6 +129,7 @@ impl<'de> Deserialize<'de> for ApplicationSecurityWafCustomRuleConditionParamete
                     crate::datadogV2::model::ApplicationSecurityWafCustomRuleConditionOptions,
                 > = None;
                 let mut regex: Option<String> = None;
+                let mut type_: Option<crate::datadogV2::model::ApplicationSecurityWafCustomRuleConditionParametersType> = None;
                 let mut value: Option<String> = None;
                 let mut additional_properties: std::collections::BTreeMap<
                     String,
@@ -152,6 +166,20 @@ impl<'de> Deserialize<'de> for ApplicationSecurityWafCustomRuleConditionParamete
                             }
                             regex = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
                         }
+                        "type" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            type_ = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                            if let Some(ref _type_) = type_ {
+                                match _type_ {
+                                    crate::datadogV2::model::ApplicationSecurityWafCustomRuleConditionParametersType::UnparsedObject(_type_) => {
+                                        _unparsed = true;
+                                    },
+                                    _ => {}
+                                }
+                            }
+                        }
                         "value" => {
                             if v.is_null() {
                                 continue;
@@ -173,6 +201,7 @@ impl<'de> Deserialize<'de> for ApplicationSecurityWafCustomRuleConditionParamete
                     list,
                     options,
                     regex,
+                    type_,
                     value,
                     additional_properties,
                     _unparsed,

src/datadogV2/model/model_application_security_waf_custom_rule_condition_parameters_type.rs

@@ -0,0 +1,60 @@
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2019-Present Datadog, Inc.
+
+use serde::{Deserialize, Deserializer, Serialize, Serializer};
+
+#[non_exhaustive]
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub enum ApplicationSecurityWafCustomRuleConditionParametersType {
+    BOOLEAN,
+    SIGNED,
+    UNSIGNED,
+    FLOAT,
+    STRING,
+    UnparsedObject(crate::datadog::UnparsedObject),
+}
+
+impl ToString for ApplicationSecurityWafCustomRuleConditionParametersType {
+    fn to_string(&self) -> String {
+        match self {
+            Self::BOOLEAN => String::from("boolean"),
+            Self::SIGNED => String::from("signed"),
+            Self::UNSIGNED => String::from("unsigned"),
+            Self::FLOAT => String::from("float"),
+            Self::STRING => String::from("string"),
+            Self::UnparsedObject(v) => v.value.to_string(),
+        }
+    }
+}
+
+impl Serialize for ApplicationSecurityWafCustomRuleConditionParametersType {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        match self {
+            Self::UnparsedObject(v) => v.serialize(serializer),
+            _ => serializer.serialize_str(self.to_string().as_str()),
+        }
+    }
+}
+
+impl<'de> Deserialize<'de> for ApplicationSecurityWafCustomRuleConditionParametersType {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        let s: String = String::deserialize(deserializer)?;
+        Ok(match s.as_str() {
+            "boolean" => Self::BOOLEAN,
+            "signed" => Self::SIGNED,
+            "unsigned" => Self::UNSIGNED,
+            "float" => Self::FLOAT,
+            "string" => Self::STRING,
+            _ => Self::UnparsedObject(crate::datadog::UnparsedObject {
+                value: serde_json::Value::String(s.into()),
+            }),
+        })
+    }
+}

tests/scenarios/features/v2/application_security.feature

@@ -16,21 +16,21 @@ Feature: Application Security
   @generated @skip @team:DataDog/asm-backend
   Scenario: Create a WAF custom rule returns "Bad Request" response
     Given new "CreateApplicationSecurityWafCustomRule" request
-    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
+    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
     When the request is sent
     Then the response status is 400 Bad Request
 
   @generated @skip @team:DataDog/asm-backend
   Scenario: Create a WAF custom rule returns "Concurrent Modification" response
     Given new "CreateApplicationSecurityWafCustomRule" request
-    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
+    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
     When the request is sent
     Then the response status is 409 Concurrent Modification
 
   @generated @skip @team:DataDog/asm-backend
   Scenario: Create a WAF custom rule returns "Created" response
     Given new "CreateApplicationSecurityWafCustomRule" request
-    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
+    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
     When the request is sent
     Then the response status is 201 Created
 
@@ -153,15 +153,15 @@ Feature: Application Security
   Scenario: Update a WAF Custom Rule returns "Concurrent Modification" response
     Given new "UpdateApplicationSecurityWafCustomRule" request
     And request contains "custom_rule_id" parameter from "REPLACE.ME"
-    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
+    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
     When the request is sent
     Then the response status is 409 Concurrent Modification
 
   @generated @skip @team:DataDog/asm-backend
   Scenario: Update a WAF Custom Rule returns "Not Found" response
     Given new "UpdateApplicationSecurityWafCustomRule" request
     And request contains "custom_rule_id" parameter from "REPLACE.ME"
-    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
+    And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}}
     When the request is sent
     Then the response status is 404 Not Found