DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 95 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎examples/v2/cloud-authentication/ListAWSCloudAuthPersonaMappings.ts‎
Lines changed: 18 additions & 0 deletions b/‎examples/v2/cloud-authentication/ListAWSCloudAuthPersonaMappings.ts‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎features/support/scenarios_model_mapping.ts‎
Lines changed: 3 additions & 0 deletions b/‎features/support/scenarios_model_mapping.ts‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎features/v2/cloud_authentication.feature‎
Lines changed: 21 additions & 0 deletions b/‎features/v2/cloud_authentication.feature‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎features/v2/undo.json‎
Lines changed: 6 additions & 0 deletions b/‎features/v2/undo.json‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎packages/datadog-api-client-common/configuration.ts‎
Lines changed: 1 addition & 0 deletions b/‎packages/datadog-api-client-common/configuration.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/datadog-api-client-v2/apis/CloudAuthenticationApi.ts‎
Lines changed: 174 additions & 0 deletions b/‎packages/datadog-api-client-v2/apis/CloudAuthenticationApi.ts‎
Lines changed: 174 additions & 0 deletions
diff --git a/‎packages/datadog-api-client-v2/index.ts‎
Lines changed: 6 additions & 0 deletions b/‎packages/datadog-api-client-v2/index.ts‎
Lines changed: 6 additions & 0 deletions
@@ -1834,6 +1834,65 @@ components:
       required:
       - role_name
       type: object
+    AWSCloudAuthPersonaMappingAttributesResponse:
+      description: Attributes for AWS cloud authentication persona mapping response
+      properties:
+        account_identifier:
+          description: Datadog account identifier (email or handle) mapped to the
+            AWS principal
+          example: test@test.com
+          type: string
+        account_uuid:
+          description: Datadog account UUID
+          example: 12bbdc5c-5966-47e0-8733-285f9e44bcf4
+          type: string
+        arn_pattern:
+          description: AWS IAM ARN pattern to match for authentication
+          example: arn:aws:iam::123456789012:user/testuser
+          type: string
+      required:
+      - arn_pattern
+      - account_identifier
+      - account_uuid
+      type: object
+    AWSCloudAuthPersonaMappingDataResponse:
+      description: Data for AWS cloud authentication persona mapping response
+      properties:
+        attributes:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingAttributesResponse'
+        id:
+          description: Unique identifier for the persona mapping
+          example: c5c758c6-18c2-4484-ae3f-46b84128404a
+          type: string
+        type:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingType'
+      required:
+      - id
+      - type
+      - attributes
+      type: object
+    AWSCloudAuthPersonaMappingType:
+      description: Type identifier for AWS cloud authentication persona mapping
+      enum:
+      - aws_cloud_auth_config
+      example: aws_cloud_auth_config
+      type: string
+      x-enum-varnames:
+      - AWS_CLOUD_AUTH_CONFIG
+    AWSCloudAuthPersonaMappingsData:
+      description: List of AWS cloud authentication persona mappings
+      items:
+        $ref: '#/components/schemas/AWSCloudAuthPersonaMappingDataResponse'
+      type: array
+    AWSCloudAuthPersonaMappingsResponse:
+      description: Response containing a list of AWS cloud authentication persona
+        mappings
+      properties:
+        data:
+          $ref: '#/components/schemas/AWSCloudAuthPersonaMappingsData'
+      required:
+      - data
+      type: object
     AWSCredentials:
       description: The definition of `AWSCredentials` object.
       oneOf:
@@ -74551,6 +74610,39 @@ paths:
         permissions:
         - ci_visibility_read
         - test_optimization_read
+  /api/v2/cloud_auth/aws/persona_mapping:
+    get:
+      description: List all AWS cloud authentication persona mappings. This endpoint
+        retrieves all configured persona mappings that associate AWS IAM principals
+        with Datadog users.
+      operationId: ListAWSCloudAuthPersonaMappings
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AWSCloudAuthPersonaMappingsResponse'
+          description: OK
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Forbidden
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: List AWS cloud authentication persona mappings
+      tags:
+      - Cloud Authentication
+      x-unstable: '**Note**: This endpoint is in public beta and is subject to change.
+
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/cloud_security_management/custom_frameworks:
     post:
       description: Create a custom framework.
@@ -104331,6 +104423,9 @@ tags:
     Management page](https://docs.datadoghq.com/service_management/case_management/)
     for more information.
   name: Case Management Type
+- description: Configure AWS cloud authentication mappings for persona and intake
+    authentication through the Datadog API.
+  name: Cloud Authentication
 - description: The Cloud Cost Management API allows you to set up, edit, and delete
     Cloud Cost Management accounts for AWS, Azure, and Google Cloud. You can query
     your cost data by using the [Metrics endpoint](https://docs.datadoghq.com/api/latest/metrics/#query-timeseries-data-across-multiple-products)
 
@@ -0,0 +1,18 @@
+/**
+ * List AWS cloud authentication persona mappings returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+configuration.unstableOperations["v2.listAWSCloudAuthPersonaMappings"] = true;
+const apiInstance = new v2.CloudAuthenticationApi(configuration);
+
+apiInstance
+  .listAWSCloudAuthPersonaMappings()
+  .then((data: v2.AWSCloudAuthPersonaMappingsResponse) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));
@@ -3894,6 +3894,9 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = {
             },
         "operationResponseType": "CIAppTestEventsResponse",
     },
+    "v2.ListAWSCloudAuthPersonaMappings": {
+        "operationResponseType": "AWSCloudAuthPersonaMappingsResponse",
+    },
     "v2.CreateCustomFramework": {
         "body": {
             "type": "CreateCustomFrameworkRequest",
 
@@ -0,0 +1,21 @@
+@endpoint(cloud-authentication) @endpoint(cloud-authentication-v2)
+Feature: Cloud Authentication
+  Configure AWS cloud authentication mappings for persona and intake
+  authentication through the Datadog API.
+
+  Background:
+    Given a valid "apiKeyAuth" key in the system
+    And a valid "appKeyAuth" key in the system
+    And an instance of "CloudAuthentication" API
+    And operation "ListAWSCloudAuthPersonaMappings" enabled
+    And new "ListAWSCloudAuthPersonaMappings" request
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: List AWS cloud authentication persona mappings returns "Bad Request" response
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/team-aaaauthn
+  Scenario: List AWS cloud authentication persona mappings returns "OK" response
+    When the request is sent
+    Then the response status is 200 OK
@@ -1014,6 +1014,12 @@
       "type": "safe"
     }
   },
+  "ListAWSCloudAuthPersonaMappings": {
+    "tag": "Cloud Authentication",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "CreateCustomFramework": {
     "tag": "Security Monitoring",
     "undo": {
 
@@ -248,6 +248,7 @@ export function createConfiguration(
       "v2.linkJiraIssueToCase": false,
       "v2.moveCaseToProject": false,
       "v2.unlinkJiraIssue": false,
+      "v2.listAWSCloudAuthPersonaMappings": false,
       "v2.activateContentPack": false,
       "v2.cancelThreatHuntingJob": false,
       "v2.convertJobResultToSignal": false,
 
@@ -0,0 +1,174 @@
+import { BaseAPIRequestFactory } from "../../datadog-api-client-common/baseapi";
+import {
+  Configuration,
+  applySecurityAuthentication,
+} from "../../datadog-api-client-common/configuration";
+import {
+  RequestContext,
+  HttpMethod,
+  ResponseContext,
+} from "../../datadog-api-client-common/http/http";
+
+import { logger } from "../../../logger";
+import { ObjectSerializer } from "../models/ObjectSerializer";
+import { ApiException } from "../../datadog-api-client-common/exception";
+
+import { APIErrorResponse } from "../models/APIErrorResponse";
+import { AWSCloudAuthPersonaMappingsResponse } from "../models/AWSCloudAuthPersonaMappingsResponse";
+import { JSONAPIErrorResponse } from "../models/JSONAPIErrorResponse";
+
+export class CloudAuthenticationApiRequestFactory extends BaseAPIRequestFactory {
+  public async listAWSCloudAuthPersonaMappings(
+    _options?: Configuration
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    logger.warn("Using unstable operation 'listAWSCloudAuthPersonaMappings'");
+    if (!_config.unstableOperations["v2.listAWSCloudAuthPersonaMappings"]) {
+      throw new Error(
+        "Unstable operation 'listAWSCloudAuthPersonaMappings' is disabled"
+      );
+    }
+
+    // Path Params
+    const localVarPath = "/api/v2/cloud_auth/aws/persona_mapping";
+
+    // Make Request Context
+    const requestContext = _config
+      .getServer("v2.CloudAuthenticationApi.listAWSCloudAuthPersonaMappings")
+      .makeRequestContext(localVarPath, HttpMethod.GET);
+    requestContext.setHeaderParam("Accept", "application/json");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+    ]);
+
+    return requestContext;
+  }
+}
+
+export class CloudAuthenticationApiResponseProcessor {
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to listAWSCloudAuthPersonaMappings
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async listAWSCloudAuthPersonaMappings(
+    response: ResponseContext
+  ): Promise<AWSCloudAuthPersonaMappingsResponse> {
+    const contentType = ObjectSerializer.normalizeMediaType(
+      response.headers["content-type"]
+    );
+    if (response.httpStatusCode === 200) {
+      const body: AWSCloudAuthPersonaMappingsResponse =
+        ObjectSerializer.deserialize(
+          ObjectSerializer.parse(await response.body.text(), contentType),
+          "AWSCloudAuthPersonaMappingsResponse"
+        ) as AWSCloudAuthPersonaMappingsResponse;
+      return body;
+    }
+    if (response.httpStatusCode === 400 || response.httpStatusCode === 403) {
+      const bodyText = ObjectSerializer.parse(
+        await response.body.text(),
+        contentType
+      );
+      let body: JSONAPIErrorResponse;
+      try {
+        body = ObjectSerializer.deserialize(
+          bodyText,
+          "JSONAPIErrorResponse"
+        ) as JSONAPIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<JSONAPIErrorResponse>(
+          response.httpStatusCode,
+          bodyText
+        );
+      }
+      throw new ApiException<JSONAPIErrorResponse>(
+        response.httpStatusCode,
+        body
+      );
+    }
+    if (response.httpStatusCode === 429) {
+      const bodyText = ObjectSerializer.parse(
+        await response.body.text(),
+        contentType
+      );
+      let body: APIErrorResponse;
+      try {
+        body = ObjectSerializer.deserialize(
+          bodyText,
+          "APIErrorResponse"
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      const body: AWSCloudAuthPersonaMappingsResponse =
+        ObjectSerializer.deserialize(
+          ObjectSerializer.parse(await response.body.text(), contentType),
+          "AWSCloudAuthPersonaMappingsResponse",
+          ""
+        ) as AWSCloudAuthPersonaMappingsResponse;
+      return body;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"'
+    );
+  }
+}
+
+export class CloudAuthenticationApi {
+  private requestFactory: CloudAuthenticationApiRequestFactory;
+  private responseProcessor: CloudAuthenticationApiResponseProcessor;
+  private configuration: Configuration;
+
+  public constructor(
+    configuration: Configuration,
+    requestFactory?: CloudAuthenticationApiRequestFactory,
+    responseProcessor?: CloudAuthenticationApiResponseProcessor
+  ) {
+    this.configuration = configuration;
+    this.requestFactory =
+      requestFactory || new CloudAuthenticationApiRequestFactory(configuration);
+    this.responseProcessor =
+      responseProcessor || new CloudAuthenticationApiResponseProcessor();
+  }
+
+  /**
+   * List all AWS cloud authentication persona mappings. This endpoint retrieves all configured persona mappings that associate AWS IAM principals with Datadog users.
+   * @param param The request object
+   */
+  public listAWSCloudAuthPersonaMappings(
+    options?: Configuration
+  ): Promise<AWSCloudAuthPersonaMappingsResponse> {
+    const requestContextPromise =
+      this.requestFactory.listAWSCloudAuthPersonaMappings(options);
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.listAWSCloudAuthPersonaMappings(
+            responseContext
+          );
+        });
+    });
+  }
+}
@@ -201,6 +201,8 @@ export {
   CaseManagementTypeApi,
 } from "./apis/CaseManagementTypeApi";
 
+export { CloudAuthenticationApi } from "./apis/CloudAuthenticationApi";
+
 export {
   CloudCostManagementApiCreateCostAWSCURConfigRequest,
   CloudCostManagementApiCreateCostAzureUCConfigsRequest,
@@ -1402,6 +1404,10 @@ export { AWSAssumeRoleUpdate } from "./models/AWSAssumeRoleUpdate";
 export { AWSAuthConfig } from "./models/AWSAuthConfig";
 export { AWSAuthConfigKeys } from "./models/AWSAuthConfigKeys";
 export { AWSAuthConfigRole } from "./models/AWSAuthConfigRole";
+export { AWSCloudAuthPersonaMappingAttributesResponse } from "./models/AWSCloudAuthPersonaMappingAttributesResponse";
+export { AWSCloudAuthPersonaMappingDataResponse } from "./models/AWSCloudAuthPersonaMappingDataResponse";
+export { AWSCloudAuthPersonaMappingsResponse } from "./models/AWSCloudAuthPersonaMappingsResponse";
+export { AWSCloudAuthPersonaMappingType } from "./models/AWSCloudAuthPersonaMappingType";
 export { AWSCredentials } from "./models/AWSCredentials";
 export { AWSCredentialsUpdate } from "./models/AWSCredentialsUpdate";
 export { AwsCURConfig } from "./models/AwsCURConfig";