Document bulk delete security monitoring rules endpoint (#4009)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -64151,6 +64151,63 @@ components:
         - TWO_DAYS
         - ONE_WEEK
         - TWO_WEEKS
+    SecurityMonitoringRuleBulkDeleteAttributes:
+      description: Attributes for bulk deleting security monitoring rules.
+      properties:
+        ruleIds:
+          description: List of rule IDs to delete.
+          example:
+            - abc-000-u7q
+            - abc-000-7dd
+          items:
+            description: A rule ID to delete.
+            type: string
+          minItems: 1
+          type: array
+      required:
+        - ruleIds
+      type: object
+    SecurityMonitoringRuleBulkDeleteData:
+      description: Data for bulk deleting security monitoring rules.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteAttributes"
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteRequestDataType"
+      required:
+        - attributes
+        - type
+      type: object
+    SecurityMonitoringRuleBulkDeletePayload:
+      description: Payload for bulk deleting security monitoring rules.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteData"
+      required:
+        - data
+      type: object
+    SecurityMonitoringRuleBulkDeleteRequestDataType:
+      description: The resource type for a bulk delete request.
+      enum:
+        - bulk_delete_rules
+      example: bulk_delete_rules
+      type: string
+      x-enum-varnames:
+        - BULK_DELETE_RULES
+    SecurityMonitoringRuleBulkDeleteResponse:
+      description: Response for bulk deleting security monitoring rules.
+      properties:
+        deletedRules:
+          description: List of successfully deleted rule IDs.
+          items:
+            type: string
+          type: array
+        failedRules:
+          description: List of rule IDs that could not be deleted.
+          items:
+            type: string
+          type: array
+      type: object
     SecurityMonitoringRuleBulkExportAttributes:
       description: Attributes for bulk exporting security monitoring rules.
       properties:
@@ -123130,6 +123187,53 @@ paths:
         operator: OR
         permissions:
           - security_monitoring_rules_write
+  /api/v2/security_monitoring/rules/bulk_delete:
+    delete:
+      description: |-
+        Delete multiple security monitoring rules in a single request. Default rules cannot be deleted.
+      operationId: BulkDeleteSecurityMonitoringRules
+      requestBody:
+        content:
+          application/json:
+            examples:
+              default:
+                value:
+                  data:
+                    attributes:
+                      ruleIds:
+                        - abc-000-u7q
+                        - abc-000-7dd
+                    type: bulk_delete_rules
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeletePayload"
+        required: true
+      responses:
+        "200":
+          content:
+            "application/json":
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteResponse"
+          description: OK
+        "400":
+          $ref: "#/components/responses/BadRequestResponse"
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "404":
+          $ref: "#/components/responses/NotFoundResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_rules_write
+      summary: Bulk delete security monitoring rules
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_rules_write
   /api/v2/security_monitoring/rules/bulk_export:
     post:
       description: |-

features/v2/security_monitoring.feature

@@ -99,6 +99,27 @@ Feature: Security Monitoring
     And the response "data.attributes.insights" has item with field "resource_id" with value "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y="
     And the response "data.attributes.insights" has item with field "resource_id" with value "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ="
 
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk delete security monitoring rules returns "Bad Request" response
+    Given new "BulkDeleteSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk delete security monitoring rules returns "Not Found" response
+    Given new "BulkDeleteSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}}
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk delete security monitoring rules returns "OK" response
+    Given new "BulkDeleteSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}}
+    When the request is sent
+    Then the response status is 200 OK
+
   @skip @team:DataDog/k9-cloud-siem
   Scenario: Bulk export security monitoring rules returns "Bad Request" response
     Given new "BulkExportSecurityMonitoringRules" request

features/v2/undo.json

@@ -5675,6 +5675,12 @@
       "type": "unsafe"
     }
   },
+  "BulkDeleteSecurityMonitoringRules": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "BulkExportSecurityMonitoringRules": {
     "tag": "Security Monitoring",
     "undo": {

private/bdd_runner/src/support/scenarios_model_mapping.ts

@@ -5498,6 +5498,13 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = {
     },
     operationResponseType: "SecurityMonitoringRuleResponse",
   },
+  "SecurityMonitoringApi.V2.BulkDeleteSecurityMonitoringRules": {
+    body: {
+      type: "SecurityMonitoringRuleBulkDeletePayload",
+      format: "",
+    },
+    operationResponseType: "SecurityMonitoringRuleBulkDeleteResponse",
+  },
   "SecurityMonitoringApi.V2.BulkExportSecurityMonitoringRules": {
     body: {
       type: "SecurityMonitoringRuleBulkExportPayload",

services/security_monitoring/src/v2/SecurityMonitoringApi.ts

@@ -90,6 +90,8 @@ import { SecurityMonitoringCriticalAssetsResponse } from "./models/SecurityMonit
 import { SecurityMonitoringCriticalAssetUpdateRequest } from "./models/SecurityMonitoringCriticalAssetUpdateRequest";
 import { SecurityMonitoringListRulesResponse } from "./models/SecurityMonitoringListRulesResponse";
 import { SecurityMonitoringPaginatedSuppressionsResponse } from "./models/SecurityMonitoringPaginatedSuppressionsResponse";
+import { SecurityMonitoringRuleBulkDeletePayload } from "./models/SecurityMonitoringRuleBulkDeletePayload";
+import { SecurityMonitoringRuleBulkDeleteResponse } from "./models/SecurityMonitoringRuleBulkDeleteResponse";
 import { SecurityMonitoringRuleBulkExportPayload } from "./models/SecurityMonitoringRuleBulkExportPayload";
 import { SecurityMonitoringRuleConvertPayload } from "./models/SecurityMonitoringRuleConvertPayload";
 import { SecurityMonitoringRuleConvertResponse } from "./models/SecurityMonitoringRuleConvertResponse";
@@ -312,6 +314,62 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory {
     return requestContext;
   }
 
+  public async bulkDeleteSecurityMonitoringRules(
+    body: SecurityMonitoringRuleBulkDeletePayload,
+    _options?: Configuration,
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    // verify required parameter 'body' is not null or undefined
+    if (body === null || body === undefined) {
+      throw new RequiredError("body", "bulkDeleteSecurityMonitoringRules");
+    }
+
+    // Path Params
+    const localVarPath = "/api/v2/security_monitoring/rules/bulk_delete";
+
+    // Make Request Context
+    const { server, overrides } = _config.getServerAndOverrides(
+      "SecurityMonitoringApi.v2.bulkDeleteSecurityMonitoringRules",
+      SecurityMonitoringApi.operationServers,
+    );
+    const requestContext = server.makeRequestContext(
+      localVarPath,
+      HttpMethod.DELETE,
+      overrides,
+    );
+    requestContext.setHeaderParam("Accept", "application/json");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Set User-Agent
+    if (this.userAgent) {
+      requestContext.setHeaderParam("User-Agent", this.userAgent);
+    }
+
+    // Body Params
+    const contentType = getPreferredMediaType(["application/json"]);
+    requestContext.setHeaderParam("Content-Type", contentType);
+    const serializedBody = stringify(
+      serialize(
+        body,
+        TypingInfo,
+        "SecurityMonitoringRuleBulkDeletePayload",
+        "",
+      ),
+      contentType,
+    );
+    requestContext.setBody(serializedBody);
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+      "AuthZ",
+    ]);
+
+    return requestContext;
+  }
+
   public async bulkEditSecurityMonitoringSignals(
     body: SecurityMonitoringSignalsBulkUpdateRequest,
     _options?: Configuration,
@@ -6527,6 +6585,67 @@ export class SecurityMonitoringApiResponseProcessor {
     );
   }
 
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to bulkDeleteSecurityMonitoringRules
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async bulkDeleteSecurityMonitoringRules(
+    response: ResponseContext,
+  ): Promise<SecurityMonitoringRuleBulkDeleteResponse> {
+    const contentType = normalizeMediaType(response.headers["content-type"]);
+    if (response.httpStatusCode === 200) {
+      const body: SecurityMonitoringRuleBulkDeleteResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "SecurityMonitoringRuleBulkDeleteResponse",
+      ) as SecurityMonitoringRuleBulkDeleteResponse;
+      return body;
+    }
+    if (
+      response.httpStatusCode === 400 ||
+      response.httpStatusCode === 403 ||
+      response.httpStatusCode === 404 ||
+      response.httpStatusCode === 429
+    ) {
+      const bodyText = parse(await response.body.text(), contentType);
+      let body: APIErrorResponse;
+      try {
+        body = deserialize(
+          bodyText,
+          TypingInfo,
+          "APIErrorResponse",
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText,
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      const body: SecurityMonitoringRuleBulkDeleteResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "SecurityMonitoringRuleBulkDeleteResponse",
+        "",
+      ) as SecurityMonitoringRuleBulkDeleteResponse;
+      return body;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"',
+    );
+  }
+
   /**
    * Unwraps the actual response sent by the server from the response context and deserializes the response content
    * to the expected objects
@@ -12271,6 +12390,13 @@ export interface SecurityMonitoringApiAttachJiraIssueRequest {
   body: AttachJiraIssueRequest;
 }
 
+export interface SecurityMonitoringApiBulkDeleteSecurityMonitoringRulesRequest {
+  /**
+   * @type SecurityMonitoringRuleBulkDeletePayload
+   */
+  body: SecurityMonitoringRuleBulkDeletePayload;
+}
+
 export interface SecurityMonitoringApiBulkEditSecurityMonitoringSignalsRequest {
   /**
    * Attributes describing the signal updates.
@@ -13762,6 +13888,30 @@ export class SecurityMonitoringApi {
     });
   }
 
+  /**
+   * Delete multiple security monitoring rules in a single request. Default rules cannot be deleted.
+   * @param param The request object
+   */
+  public bulkDeleteSecurityMonitoringRules(
+    param: SecurityMonitoringApiBulkDeleteSecurityMonitoringRulesRequest,
+    options?: Configuration,
+  ): Promise<SecurityMonitoringRuleBulkDeleteResponse> {
+    const requestContextPromise =
+      this.requestFactory.bulkDeleteSecurityMonitoringRules(
+        param.body,
+        options,
+      );
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.bulkDeleteSecurityMonitoringRules(
+            responseContext,
+          );
+        });
+    });
+  }
+
   /**
    * Update the triage state or assignee of multiple security signals at once.
    * The maximum number of signals that can be updated in a single request is 199.

services/security_monitoring/src/v2/index.ts

@@ -2,6 +2,7 @@ export {
   SecurityMonitoringApiActivateContentPackRequest,
   SecurityMonitoringApiAttachCaseRequest,
   SecurityMonitoringApiAttachJiraIssueRequest,
+  SecurityMonitoringApiBulkDeleteSecurityMonitoringRulesRequest,
   SecurityMonitoringApiBulkEditSecurityMonitoringSignalsRequest,
   SecurityMonitoringApiBulkEditSecurityMonitoringSignalsAssigneeRequest,
   SecurityMonitoringApiBulkEditSecurityMonitoringSignalsStateRequest,
@@ -374,6 +375,11 @@ export { SecurityMonitoringRuleAnomalyDetectionOptions } from "./models/Security
 export { SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration } from "./models/SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration";
 export { SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance } from "./models/SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance";
 export { SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration } from "./models/SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration";
+export { SecurityMonitoringRuleBulkDeleteAttributes } from "./models/SecurityMonitoringRuleBulkDeleteAttributes";
+export { SecurityMonitoringRuleBulkDeleteData } from "./models/SecurityMonitoringRuleBulkDeleteData";
+export { SecurityMonitoringRuleBulkDeletePayload } from "./models/SecurityMonitoringRuleBulkDeletePayload";
+export { SecurityMonitoringRuleBulkDeleteRequestDataType } from "./models/SecurityMonitoringRuleBulkDeleteRequestDataType";
+export { SecurityMonitoringRuleBulkDeleteResponse } from "./models/SecurityMonitoringRuleBulkDeleteResponse";
 export { SecurityMonitoringRuleBulkExportAttributes } from "./models/SecurityMonitoringRuleBulkExportAttributes";
 export { SecurityMonitoringRuleBulkExportData } from "./models/SecurityMonitoringRuleBulkExportData";
 export { SecurityMonitoringRuleBulkExportDataType } from "./models/SecurityMonitoringRuleBulkExportDataType";