Skip to content

Onboard integrations to security validation #23109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dkirov-dd merged 13 commits into from
Apr 1, 2026
Merged

Onboard integrations to security validation #23109

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
5160934
Allow require_trusted_provider as a valid value-level field in spec.yaml
NouemanKHAL Mar 31, 2026
393150c
changelog
NouemanKHAL Mar 31, 2026
c105803
lint
NouemanKHAL Mar 31, 2026
541e5a0
Generate SECURE_FIELD_NAMES and security validation in config models …
NouemanKHAL Mar 31, 2026
a3d6fa1
Apply original require_trusted_provider implementation from pre-rever…
NouemanKHAL Mar 31, 2026
e57ea85
update changelog
NouemanKHAL Mar 31, 2026
d4b6552
reset datadog_checks_base test file
NouemanKHAL Mar 31, 2026
1d997c8
mark all integrations with command or filepath properties with requir…
NouemanKHAL Mar 31, 2026
db54585
Bump datadog-checks-base minimum version to 37.33.0 for integrations …
NouemanKHAL Mar 31, 2026
a7cf3d7
regenerate models with require_trusted_provider
NouemanKHAL Mar 31, 2026
e9469b9
sync models
NouemanKHAL Mar 31, 2026
76ee18c
changelog
NouemanKHAL Mar 31, 2026
35b467f
ensure bump datadog_checks_base minimum version to 37.33.0 in all int…
NouemanKHAL Mar 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion active_directory/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions activemq/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
8 changes: 8 additions & 0 deletions activemq/datadog_checks/activemq/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(['java_bin_path', 'key_store_path', 'tools_jar_path', 'trust_store_path'])


class InstanceConfig(BaseModel):
model_config = ConfigDict(
validate_default=True,
Expand Down Expand Up @@ -59,6 +62,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion activemq/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions activemq_xml/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions activemq_xml/datadog_checks/activemq_xml/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -113,6 +118,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion activemq_xml/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions aerospike/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions aerospike/datadog_checks/aerospike/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -172,6 +177,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion aerospike/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions airflow/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions airflow/datadog_checks/airflow/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -110,6 +115,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion airflow/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions amazon_msk/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions amazon_msk/datadog_checks/amazon_msk/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -172,6 +177,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion amazon_msk/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions ambari/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions ambari/datadog_checks/ambari/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -110,6 +115,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion ambari/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions apache/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions apache/datadog_checks/apache/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -109,6 +114,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion apache/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions appgate_sdp/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions appgate_sdp/datadog_checks/appgate_sdp/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -164,6 +169,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion appgate_sdp/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ classifiers = [
"Topic :: System :: Monitoring",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions arangodb/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions arangodb/datadog_checks/arangodb/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -164,6 +169,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion arangodb/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ classifiers = [
"Private :: Do Not Upload",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
2 changes: 1 addition & 1 deletion arctic_wolf_aurora_endpoint_security/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ classifiers = [
"Topic :: System :: Monitoring",
]
dependencies = [
"datadog-checks-base>=37.21.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions argo_rollouts/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions argo_rollouts/datadog_checks/argo_rollouts/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -164,6 +169,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
2 changes: 1 addition & 1 deletion argo_rollouts/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ classifiers = [
"Topic :: System :: Monitoring",
]
dependencies = [
"datadog-checks-base>=37.24.0",
"datadog-checks-base>=37.33.0",
]
dynamic = [
"version",
Expand Down
1 change: 1 addition & 0 deletions argo_workflows/changelog.d/23109.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for security validation in models
10 changes: 10 additions & 0 deletions argo_workflows/datadog_checks/argo_workflows/config_models/instance.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@
from . import defaults, validators


SECURE_FIELD_NAMES = frozenset(
['auth_token', 'kerberos_cache', 'kerberos_keytab', 'tls_ca_cert', 'tls_cert', 'tls_private_key']
)


class AuthToken(BaseModel):
model_config = ConfigDict(
arbitrary_types_allowed=True,
Expand Down Expand Up @@ -164,6 +169,11 @@ def _validate(cls, value, info):
field_name = field.alias or info.field_name
if field_name in info.context['configured_fields']:
value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field)

if info.field_name in SECURE_FIELD_NAMES:
validation.security.check_field_trusted_provider(
info.field_name, value, info.context.get('security_config')
)
else:
value = getattr(defaults, f'instance_{info.field_name}', lambda: value)()

Expand Down
Loading
Loading