DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 159 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 159 additions & 0 deletions
diff --git a/‎features/v2/cloud_authentication.feature‎
Lines changed: 60 additions & 2 deletions b/‎features/v2/cloud_authentication.feature‎
Lines changed: 60 additions & 2 deletions
diff --git a/‎features/v2/undo.json‎
Lines changed: 25 additions & 0 deletions b/‎features/v2/undo.json‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎private/bdd_runner/src/support/scenarios_model_mapping.ts‎
Lines changed: 21 additions & 0 deletions b/‎private/bdd_runner/src/support/scenarios_model_mapping.ts‎
Lines changed: 21 additions & 0 deletions
@@ -929,6 +929,14 @@ components:
         example: 10
         format: int64
         type: integer
+    PersonaMappingID:
+      description: The ID of the persona mapping
+      example: c5c758c6-18c2-4484-ae3f-46b84128404a
+      in: path
+      name: persona_mapping_id
+      required: true
+      schema:
+        type: string
     ProductName:
       description: Name of the product to be deleted, either `logs` or `rum`.
       in: path
@@ -1910,6 +1918,41 @@ components:
       - account_identifier
       - account_uuid
       type: object
+    AWSCloudAuthPersonaMappingCreateAttributes:
+      description: Attributes for creating an AWS cloud authentication persona mapping
+      properties:
+        account_identifier:
+          description: Datadog account identifier (email or handle) mapped to the
+            AWS principal
+          example: test@test.com
+          type: string
+        arn_pattern:
+          description: AWS IAM ARN pattern to match for authentication
+          example: arn:aws:iam::123456789012:user/testuser
+          type: string
+      required:
+      - arn_pattern
+      - account_identifier
+      type: object
+    AWSCloudAuthPersonaMappingCreateData:
+      description: Data for creating an AWS cloud authentication persona mapping
+      properties:
+        attributes:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingCreateAttributes'
+        type:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingType'
+      required:
+      - type
+      - attributes
+      type: object
+    AWSCloudAuthPersonaMappingCreateRequest:
+      description: Request used to create an AWS cloud authentication persona mapping
+      properties:
+        data:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingCreateData'
+      required:
+      - data
+      type: object
     AWSCloudAuthPersonaMappingDataResponse:
       description: Data for AWS cloud authentication persona mapping response
       properties:
@@ -1926,6 +1969,14 @@ components:
       - type
       - attributes
       type: object
+    AWSCloudAuthPersonaMappingResponse:
+      description: Response containing a single AWS cloud authentication persona mapping
+      properties:
+        data:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingDataResponse'
+      required:
+      - data
+      type: object
     AWSCloudAuthPersonaMappingType:
       description: Type identifier for AWS cloud authentication persona mapping
       enum:
@@ -77100,6 +77151,114 @@ paths:
       x-unstable: '**Note**: This endpoint is in public beta and is subject to change.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+    post:
+      description: Create an AWS cloud authentication persona mapping. This endpoint
+        associates an AWS IAM principal with a Datadog user.
+      operationId: CreateAWSCloudAuthPersonaMapping
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AWSCloudAuthPersonaMappingCreateRequest'
+        required: true
+      responses:
+        '201':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AWSCloudAuthPersonaMappingResponse'
+          description: Created
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Forbidden
+        '409':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Conflict
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Create an AWS cloud authentication persona mapping
+      tags:
+      - Cloud Authentication
+      x-codegen-request-body-name: body
+      x-unstable: '**Note**: This endpoint is in public beta and is subject to change.
+
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+  /api/v2/cloud_auth/aws/persona_mapping/{persona_mapping_id}:
+    delete:
+      description: Delete an AWS cloud authentication persona mapping by ID. This
+        removes the association between an AWS IAM principal and a Datadog user.
+      operationId: DeleteAWSCloudAuthPersonaMapping
+      parameters:
+      - $ref: '#/components/parameters/PersonaMappingID'
+      responses:
+        '204':
+          description: No Content
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Forbidden
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Delete an AWS cloud authentication persona mapping
+      tags:
+      - Cloud Authentication
+      x-unstable: '**Note**: This endpoint is in public beta and is subject to change.
+
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+    get:
+      description: Get a specific AWS cloud authentication persona mapping by ID.
+        This endpoint retrieves a single configured persona mapping that associates
+        an AWS IAM principal with a Datadog user.
+      operationId: GetAWSCloudAuthPersonaMapping
+      parameters:
+      - $ref: '#/components/parameters/PersonaMappingID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AWSCloudAuthPersonaMappingResponse'
+          description: OK
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Forbidden
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get an AWS cloud authentication persona mapping
+      tags:
+      - Cloud Authentication
+      x-unstable: '**Note**: This endpoint is in public beta and is subject to change.
+
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/cloud_security_management/custom_frameworks:
     post:
       description: Create a custom framework.
 
@@ -7,15 +7,73 @@ Feature: Cloud Authentication
     Given a valid "apiKeyAuth" key in the system
     And a valid "appKeyAuth" key in the system
     And an instance of "CloudAuthentication" API
-    And operation "ListAWSCloudAuthPersonaMappings" enabled
-    And new "ListAWSCloudAuthPersonaMappings" request
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: Create an AWS cloud authentication persona mapping returns "Bad Request" response
+    Given operation "CreateAWSCloudAuthPersonaMapping" enabled
+    And new "CreateAWSCloudAuthPersonaMapping" request
+    And body with value {"data": {"attributes": {"account_identifier": "test@test.com", "arn_pattern": "arn:aws:iam::123456789012:user/testuser"}, "type": "aws_cloud_auth_config"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: Create an AWS cloud authentication persona mapping returns "Conflict" response
+    Given operation "CreateAWSCloudAuthPersonaMapping" enabled
+    And new "CreateAWSCloudAuthPersonaMapping" request
+    And body with value {"data": {"attributes": {"account_identifier": "test@test.com", "arn_pattern": "arn:aws:iam::123456789012:user/testuser"}, "type": "aws_cloud_auth_config"}}
+    When the request is sent
+    Then the response status is 409 Conflict
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: Create an AWS cloud authentication persona mapping returns "Created" response
+    Given operation "CreateAWSCloudAuthPersonaMapping" enabled
+    And new "CreateAWSCloudAuthPersonaMapping" request
+    And body with value {"data": {"attributes": {"account_identifier": "test@test.com", "arn_pattern": "arn:aws:iam::123456789012:user/testuser"}, "type": "aws_cloud_auth_config"}}
+    When the request is sent
+    Then the response status is 201 Created
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: Delete an AWS cloud authentication persona mapping returns "No Content" response
+    Given operation "DeleteAWSCloudAuthPersonaMapping" enabled
+    And new "DeleteAWSCloudAuthPersonaMapping" request
+    And request contains "persona_mapping_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 204 No Content
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: Delete an AWS cloud authentication persona mapping returns "Not Found" response
+    Given operation "DeleteAWSCloudAuthPersonaMapping" enabled
+    And new "DeleteAWSCloudAuthPersonaMapping" request
+    And request contains "persona_mapping_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: Get an AWS cloud authentication persona mapping returns "Not Found" response
+    Given operation "GetAWSCloudAuthPersonaMapping" enabled
+    And new "GetAWSCloudAuthPersonaMapping" request
+    And request contains "persona_mapping_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: Get an AWS cloud authentication persona mapping returns "OK" response
+    Given operation "GetAWSCloudAuthPersonaMapping" enabled
+    And new "GetAWSCloudAuthPersonaMapping" request
+    And request contains "persona_mapping_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 200 OK
 
   @generated @skip @team:DataDog/team-aaaauthn
   Scenario: List AWS cloud authentication persona mappings returns "Bad Request" response
+    Given operation "ListAWSCloudAuthPersonaMappings" enabled
+    And new "ListAWSCloudAuthPersonaMappings" request
     When the request is sent
     Then the response status is 400 Bad Request
 
   @generated @skip @team:DataDog/team-aaaauthn
   Scenario: List AWS cloud authentication persona mappings returns "OK" response
+    Given operation "ListAWSCloudAuthPersonaMappings" enabled
+    And new "ListAWSCloudAuthPersonaMappings" request
     When the request is sent
     Then the response status is 200 OK
@@ -1060,6 +1060,31 @@
       "type": "safe"
     }
   },
+  "CreateAWSCloudAuthPersonaMapping": {
+    "tag": "Cloud Authentication",
+    "undo": {
+      "operationId": "DeleteAWSCloudAuthPersonaMapping",
+      "parameters": [
+        {
+          "name": "persona_mapping_id",
+          "source": "data.id"
+        }
+      ],
+      "type": "unsafe"
+    }
+  },
+  "DeleteAWSCloudAuthPersonaMapping": {
+    "tag": "Cloud Authentication",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
+  "GetAWSCloudAuthPersonaMapping": {
+    "tag": "Cloud Authentication",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "CreateCustomFramework": {
     "tag": "Security Monitoring",
     "undo": {
 
@@ -3969,6 +3969,27 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = {
   "CloudAuthenticationApi.V2.ListAWSCloudAuthPersonaMappings": {
     operationResponseType: "AWSCloudAuthPersonaMappingsResponse",
   },
+  "CloudAuthenticationApi.V2.CreateAWSCloudAuthPersonaMapping": {
+    body: {
+      type: "AWSCloudAuthPersonaMappingCreateRequest",
+      format: "",
+    },
+    operationResponseType: "AWSCloudAuthPersonaMappingResponse",
+  },
+  "CloudAuthenticationApi.V2.GetAWSCloudAuthPersonaMapping": {
+    personaMappingId: {
+      type: "string",
+      format: "",
+    },
+    operationResponseType: "AWSCloudAuthPersonaMappingResponse",
+  },
+  "CloudAuthenticationApi.V2.DeleteAWSCloudAuthPersonaMapping": {
+    personaMappingId: {
+      type: "string",
+      format: "",
+    },
+    operationResponseType: "{}",
+  },
   "SecurityMonitoringApi.V2.CreateCustomFramework": {
     body: {
       type: "CreateCustomFrameworkRequest",