Add receives_permissions_from field to Roles API (#3464)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -49931,6 +49931,18 @@ components:
           description: The name of the role. The name is neither unique nor a stable
             identifier of the role.
           type: string
+        receives_permissions_from:
+          description: 'The managed role from which this role automatically inherits
+            new permissions.
+
+            Specify one of the following: "Datadog Admin Role", "Datadog Standard
+            Role", or "Datadog Read Only Role".
+
+            If empty or not specified, the role does not automatically inherit permissions
+            from any managed role.'
+          items:
+            type: string
+          type: array
         user_count:
           description: Number of users with that role.
           format: int64
@@ -49956,6 +49968,18 @@ components:
           description: Name of the new role that is cloned.
           example: cloned-role
           type: string
+        receives_permissions_from:
+          description: 'The managed role from which this role automatically inherits
+            new permissions.
+
+            Specify one of the following: "Datadog Admin Role", "Datadog Standard
+            Role", or "Datadog Read Only Role".
+
+            If empty or not specified, the role does not automatically inherit permissions
+            from any managed role.'
+          items:
+            type: string
+          type: array
       required:
       - name
       type: object
@@ -49984,6 +50008,18 @@ components:
           description: Name of the role.
           example: developers
           type: string
+        receives_permissions_from:
+          description: 'The managed role from which this role automatically inherits
+            new permissions.
+
+            Specify one of the following: "Datadog Admin Role", "Datadog Standard
+            Role", or "Datadog Read Only Role".
+
+            If empty or not specified, the role does not automatically inherit permissions
+            from any managed role.'
+          items:
+            type: string
+          type: array
       required:
       - name
       type: object
@@ -50105,6 +50141,18 @@ components:
         name:
           description: Name of the role.
           type: string
+        receives_permissions_from:
+          description: 'The managed role from which this role automatically inherits
+            new permissions.
+
+            Specify one of the following: "Datadog Admin Role", "Datadog Standard
+            Role", or "Datadog Read Only Role".
+
+            If empty or not specified, the role does not automatically inherit permissions
+            from any managed role.'
+          items:
+            type: string
+          type: array
         user_count:
           description: The user count.
           format: int32
@@ -105571,7 +105619,12 @@ tags:
 
     read access on a specific log index to a role can be done in Datadog from the
 
-    [Pipelines page](https://app.datadoghq.com/logs/pipelines).'
+    [Pipelines page](https://app.datadoghq.com/logs/pipelines).
+
+
+    Roles can also be managed in bulk through the Datadog UI, which provides
+
+    the capability to assign a single permission to multiple roles simultaneously.'
   name: Roles
 - description: Auto-generated tag Rum Audience Management
   name: Rum Audience Management

features/v2/roles.feature

@@ -6,7 +6,9 @@ Feature: Roles
   account assets can be granted to roles in the Datadog application without
   using this API. For example, granting read access on a specific log index
   to a role can be done in Datadog from the [Pipelines
-  page](https://app.datadoghq.com/logs/pipelines).
+  page](https://app.datadoghq.com/logs/pipelines).  Roles can also be
+  managed in bulk through the Datadog UI, which provides the capability to
+  assign a single permission to multiple roles simultaneously.
 
   Background:
     Given a valid "apiKeyAuth" key in the system
@@ -64,7 +66,7 @@ Feature: Roles
   Scenario: Create a new role by cloning an existing role returns "Not found" response
     Given new "CloneRole" request
     And request contains "role_id" parameter from "REPLACE.ME"
-    And body with value {"data": {"attributes": {"name": "cloned-role"}, "type": "roles"}}
+    And body with value {"data": {"attributes": {"name": "cloned-role", "receives_permissions_from": []}, "type": "roles"}}
     When the request is sent
     Then the response status is 404 Not found
 
@@ -81,14 +83,14 @@ Feature: Roles
   @generated @skip @team:DataDog/aaa-core-access
   Scenario: Create role returns "Bad Request" response
     Given new "CreateRole" request
-    And body with value {"data": {"attributes": {"name": "developers"}, "relationships": {"permissions": {"data": [{"type": "permissions"}]}}, "type": "roles"}}
+    And body with value {"data": {"attributes": {"name": "developers", "receives_permissions_from": []}, "relationships": {"permissions": {"data": [{"type": "permissions"}]}}, "type": "roles"}}
     When the request is sent
     Then the response status is 400 Bad Request
 
   @generated @skip @team:DataDog/aaa-core-access
   Scenario: Create role returns "OK" response
     Given new "CreateRole" request
-    And body with value {"data": {"attributes": {"name": "developers"}, "relationships": {"permissions": {"data": [{"type": "permissions"}]}}, "type": "roles"}}
+    And body with value {"data": {"attributes": {"name": "developers", "receives_permissions_from": []}, "relationships": {"permissions": {"data": [{"type": "permissions"}]}}, "type": "roles"}}
     When the request is sent
     Then the response status is 200 OK
 
@@ -335,6 +337,6 @@ Feature: Roles
   Scenario: Update a role returns "Unprocessable Entity" response
     Given new "UpdateRole" request
     And request contains "role_id" parameter from "REPLACE.ME"
-    And body with value {"data": {"attributes": {}, "id": "00000000-0000-1111-0000-000000000000", "relationships": {"permissions": {"data": [{"type": "permissions"}]}}, "type": "roles"}}
+    And body with value {"data": {"attributes": {"receives_permissions_from": []}, "id": "00000000-0000-1111-0000-000000000000", "relationships": {"permissions": {"data": [{"type": "permissions"}]}}, "type": "roles"}}
     When the request is sent
     Then the response status is 422 Unprocessable Entity

services/auth_n_mappings/src/v2/models/RoleAttributes.ts

@@ -16,6 +16,12 @@ export class RoleAttributes {
    * The name of the role. The name is neither unique nor a stable identifier of the role.
    */
   "name"?: string;
+  /**
+   * The managed role from which this role automatically inherits new permissions.
+   * Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role".
+   * If empty or not specified, the role does not automatically inherit permissions from any managed role.
+   */
+  "receivesPermissionsFrom"?: Array<string>;
   /**
    * Number of users with that role.
    */
@@ -49,6 +55,10 @@ export class RoleAttributes {
       baseName: "name",
       type: "string",
     },
+    receivesPermissionsFrom: {
+      baseName: "receives_permissions_from",
+      type: "Array<string>",
+    },
     userCount: {
       baseName: "user_count",
       type: "number",

services/key_management/src/v2/models/RoleAttributes.ts

@@ -16,6 +16,12 @@ export class RoleAttributes {
    * The name of the role. The name is neither unique nor a stable identifier of the role.
    */
   "name"?: string;
+  /**
+   * The managed role from which this role automatically inherits new permissions.
+   * Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role".
+   * If empty or not specified, the role does not automatically inherit permissions from any managed role.
+   */
+  "receivesPermissionsFrom"?: Array<string>;
   /**
    * Number of users with that role.
    */
@@ -49,6 +55,10 @@ export class RoleAttributes {
       baseName: "name",
       type: "string",
     },
+    receivesPermissionsFrom: {
+      baseName: "receives_permissions_from",
+      type: "Array<string>",
+    },
     userCount: {
       baseName: "user_count",
       type: "number",

services/logs_archives/src/v2/models/RoleAttributes.ts

@@ -16,6 +16,12 @@ export class RoleAttributes {
    * The name of the role. The name is neither unique nor a stable identifier of the role.
    */
   "name"?: string;
+  /**
+   * The managed role from which this role automatically inherits new permissions.
+   * Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role".
+   * If empty or not specified, the role does not automatically inherit permissions from any managed role.
+   */
+  "receivesPermissionsFrom"?: Array<string>;
   /**
    * Number of users with that role.
    */
@@ -49,6 +55,10 @@ export class RoleAttributes {
       baseName: "name",
       type: "string",
     },
+    receivesPermissionsFrom: {
+      baseName: "receives_permissions_from",
+      type: "Array<string>",
+    },
     userCount: {
       baseName: "user_count",
       type: "number",

services/roles/README.md

@@ -11,6 +11,9 @@ in the Datadog application without using this API. For example, granting
 read access on a specific log index to a role can be done in Datadog from the
 [Pipelines page](https://app.datadoghq.com/logs/pipelines).
 
+Roles can also be managed in bulk through the Datadog UI, which provides
+the capability to assign a single permission to multiple roles simultaneously.
+
 ## Navigation
 
 - [Installation](#installation)

services/roles/src/v2/models/RoleAttributes.ts

@@ -16,6 +16,12 @@ export class RoleAttributes {
    * The name of the role. The name is neither unique nor a stable identifier of the role.
    */
   "name"?: string;
+  /**
+   * The managed role from which this role automatically inherits new permissions.
+   * Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role".
+   * If empty or not specified, the role does not automatically inherit permissions from any managed role.
+   */
+  "receivesPermissionsFrom"?: Array<string>;
   /**
    * Number of users with that role.
    */
@@ -49,6 +55,10 @@ export class RoleAttributes {
       baseName: "name",
       type: "string",
     },
+    receivesPermissionsFrom: {
+      baseName: "receives_permissions_from",
+      type: "Array<string>",
+    },
     userCount: {
       baseName: "user_count",
       type: "number",

services/roles/src/v2/models/RoleCloneAttributes.ts

@@ -8,6 +8,12 @@ export class RoleCloneAttributes {
    * Name of the new role that is cloned.
    */
   "name": string;
+  /**
+   * The managed role from which this role automatically inherits new permissions.
+   * Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role".
+   * If empty or not specified, the role does not automatically inherit permissions from any managed role.
+   */
+  "receivesPermissionsFrom"?: Array<string>;
   /**
    * A container for additional, undeclared properties.
    * This is a holder for any undeclared properties as specified with
@@ -28,6 +34,10 @@ export class RoleCloneAttributes {
       type: "string",
       required: true,
     },
+    receivesPermissionsFrom: {
+      baseName: "receives_permissions_from",
+      type: "Array<string>",
+    },
     additionalProperties: {
       baseName: "additionalProperties",
       type: "{ [key: string]: any; }",

services/roles/src/v2/models/RoleCreateAttributes.ts

@@ -16,6 +16,12 @@ export class RoleCreateAttributes {
    * Name of the role.
    */
   "name": string;
+  /**
+   * The managed role from which this role automatically inherits new permissions.
+   * Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role".
+   * If empty or not specified, the role does not automatically inherit permissions from any managed role.
+   */
+  "receivesPermissionsFrom"?: Array<string>;
   /**
    * A container for additional, undeclared properties.
    * This is a holder for any undeclared properties as specified with
@@ -46,6 +52,10 @@ export class RoleCreateAttributes {
       type: "string",
       required: true,
     },
+    receivesPermissionsFrom: {
+      baseName: "receives_permissions_from",
+      type: "Array<string>",
+    },
     additionalProperties: {
       baseName: "additionalProperties",
       type: "{ [key: string]: any; }",

services/roles/src/v2/models/RoleUpdateAttributes.ts

@@ -16,6 +16,12 @@ export class RoleUpdateAttributes {
    * Name of the role.
    */
   "name"?: string;
+  /**
+   * The managed role from which this role automatically inherits new permissions.
+   * Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role".
+   * If empty or not specified, the role does not automatically inherit permissions from any managed role.
+   */
+  "receivesPermissionsFrom"?: Array<string>;
   /**
    * The user count.
    */
@@ -49,6 +55,10 @@ export class RoleUpdateAttributes {
       baseName: "name",
       type: "string",
     },
+    receivesPermissionsFrom: {
+      baseName: "receives_permissions_from",
+      type: "Array<string>",
+    },
     userCount: {
       baseName: "user_count",
       type: "number",