Add endpoint to retrieve Security Monitoring rule version history

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-10 19:09:26.701430",
-            "spec_repo_commit": "824f78a1"
+            "regenerated": "2025-02-11 15:13:48.228681",
+            "spec_repo_commit": "4ec899ff"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-10 19:09:26.716618",
-            "spec_repo_commit": "824f78a1"
+            "regenerated": "2025-02-11 15:13:48.244082",
+            "spec_repo_commit": "4ec899ff"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -12683,6 +12683,30 @@ components:
             $ref: '#/components/schemas/GetInterfacesData'
           type: array
       type: object
+    GetRuleVersionHistoryData:
+      description: Data for the rule version history.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/RuleVersionHistory'
+        id:
+          description: ID of the rule.
+          type: string
+        type:
+          $ref: '#/components/schemas/GetRuleVersionHistoryDataType'
+      type: object
+    GetRuleVersionHistoryDataType:
+      description: Type of data.
+      enum:
+      - GetRuleVersionHistoryResponse
+      type: string
+      x-enum-varnames:
+      - GETRULEVERSIONHISTORYRESPONSE
+    GetRuleVersionHistoryResponse:
+      description: Response for getting the rule version history.
+      properties:
+        data:
+          $ref: '#/components/schemas/GetRuleVersionHistoryData'
+      type: object
     GetSBOMResponse:
       description: The expected response schema when getting an SBOM.
       properties:
@@ -23245,6 +23269,57 @@ components:
           example: John Doe
           type: string
       type: object
+    RuleVersionHistory:
+      description: Response object containing the version history of a rule.
+      properties:
+        count:
+          description: The number of rule versions.
+          format: int32
+          maximum: 2147483647
+          type: integer
+        data:
+          additionalProperties:
+            $ref: '#/components/schemas/RuleVersions'
+            description: A rule version with a list of updates.
+          description: The `RuleVersionHistory` `data`.
+          type: object
+      type: object
+    RuleVersionUpdate:
+      description: A change in a rule version.
+      properties:
+        change:
+          description: The new value of the field.
+          example: cloud_provider:aws
+          type: string
+        field:
+          description: The field that was changed.
+          example: Tags
+          type: string
+        type:
+          $ref: '#/components/schemas/RuleVersionUpdateType'
+      type: object
+    RuleVersionUpdateType:
+      description: The type of change.
+      enum:
+      - create
+      - update
+      - delete
+      type: string
+      x-enum-varnames:
+      - CREATE
+      - UPDATE
+      - DELETE
+    RuleVersions:
+      description: A rule version with a list of updates.
+      properties:
+        changes:
+          description: A list of changes.
+          items:
+            $ref: '#/components/schemas/RuleVersionUpdate'
+          type: array
+        rule:
+          $ref: '#/components/schemas/SecurityMonitoringRuleResponse'
+      type: object
     RumMetricCompute:
       description: The compute rule to compute the rum-based metric.
       properties:
@@ -45631,6 +45706,42 @@ paths:
         operator: OR
         permissions:
         - security_monitoring_rules_write
+  /api/v2/security_monitoring/rules/{rule_id}/version_history:
+    get:
+      description: Get a rule's version history.
+      operationId: GetRuleVersionHistory
+      parameters:
+      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
+      - $ref: '#/components/parameters/PageSize'
+      - $ref: '#/components/parameters/PageNumber'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GetRuleVersionHistoryResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_read
+      summary: Get a rule's version history
+      tags:
+      - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_rules_read
+      x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.'
   /api/v2/security_monitoring/signals:
     get:
       description: 'The list endpoint returns security signals that match a search

api/datadog/configuration.go

@@ -377,6 +377,7 @@ func NewConfiguration() *Configuration {
 			"v2.DeleteHistoricalJob":          false,
 			"v2.GetFinding":                   false,
 			"v2.GetHistoricalJob":             false,
+			"v2.GetRuleVersionHistory":        false,
 			"v2.ListFindings":                 false,
 			"v2.ListHistoricalJobs":           false,
 			"v2.MuteFindings":                 false,

api/datadogV2/api_security_monitoring.go

@@ -1460,6 +1460,124 @@ func (a *SecurityMonitoringApi) GetHistoricalJob(ctx _context.Context, jobId str
 	return localVarReturnValue, localVarHTTPResponse, nil
 }
 
+// GetRuleVersionHistoryOptionalParameters holds optional parameters for GetRuleVersionHistory.
+type GetRuleVersionHistoryOptionalParameters struct {
+	PageSize   *int64
+	PageNumber *int64
+}
+
+// NewGetRuleVersionHistoryOptionalParameters creates an empty struct for parameters.
+func NewGetRuleVersionHistoryOptionalParameters() *GetRuleVersionHistoryOptionalParameters {
+	this := GetRuleVersionHistoryOptionalParameters{}
+	return &this
+}
+
+// WithPageSize sets the corresponding parameter name and returns the struct.
+func (r *GetRuleVersionHistoryOptionalParameters) WithPageSize(pageSize int64) *GetRuleVersionHistoryOptionalParameters {
+	r.PageSize = &pageSize
+	return r
+}
+
+// WithPageNumber sets the corresponding parameter name and returns the struct.
+func (r *GetRuleVersionHistoryOptionalParameters) WithPageNumber(pageNumber int64) *GetRuleVersionHistoryOptionalParameters {
+	r.PageNumber = &pageNumber
+	return r
+}
+
+// GetRuleVersionHistory Get a rule's version history.
+// Get a rule's version history.
+func (a *SecurityMonitoringApi) GetRuleVersionHistory(ctx _context.Context, ruleId string, o ...GetRuleVersionHistoryOptionalParameters) (GetRuleVersionHistoryResponse, *_nethttp.Response, error) {
+	var (
+		localVarHTTPMethod  = _nethttp.MethodGet
+		localVarPostBody    interface{}
+		localVarReturnValue GetRuleVersionHistoryResponse
+		optionalParams      GetRuleVersionHistoryOptionalParameters
+	)
+
+	if len(o) > 1 {
+		return localVarReturnValue, nil, datadog.ReportError("only one argument of type GetRuleVersionHistoryOptionalParameters is allowed")
+	}
+	if len(o) == 1 {
+		optionalParams = o[0]
+	}
+
+	operationId := "v2.GetRuleVersionHistory"
+	isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId)
+	if !isOperationEnabled {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)}
+	}
+	if isOperationEnabled && a.Client.Cfg.Debug {
+		_log.Printf("WARNING: Using unstable operation '%s'", operationId)
+	}
+
+	localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.GetRuleVersionHistory")
+	if err != nil {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v2/security_monitoring/rules/{rule_id}/version_history"
+	localVarPath = datadog.ReplacePathParameter(localVarPath, "{rule_id}", _neturl.PathEscape(datadog.ParameterToString(ruleId, "")))
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := _neturl.Values{}
+	localVarFormParams := _neturl.Values{}
+	if optionalParams.PageSize != nil {
+		localVarQueryParams.Add("page[size]", datadog.ParameterToString(*optionalParams.PageSize, ""))
+	}
+	if optionalParams.PageNumber != nil {
+		localVarQueryParams.Add("page[number]", datadog.ParameterToString(*optionalParams.PageNumber, ""))
+	}
+	localVarHeaderParams["Accept"] = "application/json"
+
+	datadog.SetAuthKeys(
+		ctx,
+		&localVarHeaderParams,
+		[2]string{"apiKeyAuth", "DD-API-KEY"},
+		[2]string{"appKeyAuth", "DD-APPLICATION-KEY"},
+	)
+	req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.Client.CallAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := datadog.ReadBody(localVarHTTPResponse)
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 || localVarHTTPResponse.StatusCode == 429 {
+			var v APIErrorResponse
+			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.ErrorModel = v
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 // GetSBOMOptionalParameters holds optional parameters for GetSBOM.
 type GetSBOMOptionalParameters struct {
 	FilterRepoDigest *string

api/datadogV2/doc.go

@@ -322,6 +322,7 @@
 //   - [SecurityMonitoringApi.EditSecurityMonitoringSignalState]
 //   - [SecurityMonitoringApi.GetFinding]
 //   - [SecurityMonitoringApi.GetHistoricalJob]
+//   - [SecurityMonitoringApi.GetRuleVersionHistory]
 //   - [SecurityMonitoringApi.GetSBOM]
 //   - [SecurityMonitoringApi.GetSecurityFilter]
 //   - [SecurityMonitoringApi.GetSecurityMonitoringRule]