DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml
Lines changed: 150 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml
Lines changed: 150 additions & 0 deletions
diff --git a/‎cassettes/v2/Logs-Custom-Destinations_2771509030/Create-a-Google-Security-Operations-custom-destination-returns-OK-response_4286886158/frozen.json
Lines changed: 1 addition & 0 deletions b/‎cassettes/v2/Logs-Custom-Destinations_2771509030/Create-a-Google-Security-Operations-custom-destination-returns-OK-response_4286886158/frozen.json
Lines changed: 1 addition & 0 deletions
diff --git a/‎cassettes/v2/Logs-Custom-Destinations_2771509030/Create-a-Google-Security-Operations-custom-destination-returns-OK-response_4286886158/recording.har
Lines changed: 109 additions & 0 deletions b/‎cassettes/v2/Logs-Custom-Destinations_2771509030/Create-a-Google-Security-Operations-custom-destination-returns-OK-response_4286886158/recording.har
Lines changed: 109 additions & 0 deletions
diff --git a/‎features/v2/logs_custom_destinations.feature
Lines changed: 27 additions & 0 deletions b/‎features/v2/logs_custom_destinations.feature
Lines changed: 27 additions & 0 deletions
diff --git a/‎services/logs_custom_destinations/src/v2/index.ts
Lines changed: 8 additions & 0 deletions b/‎services/logs_custom_destinations/src/v2/index.ts
Lines changed: 8 additions & 0 deletions
@@ -10740,6 +10740,7 @@ components:
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationSplunk'
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationElasticsearch'
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinel'
+      - $ref: '#/components/schemas/CustomDestinationForwardDestinationGoogleSecurityOperations'
     CustomDestinationForwardDestinationElasticsearch:
       description: The Elasticsearch destination.
       properties:
@@ -10797,6 +10798,42 @@ components:
       type: string
       x-enum-varnames:
       - ELASTICSEARCH
+    CustomDestinationForwardDestinationGoogleSecurityOperations:
+      description: The Google Security Operations destination.
+      properties:
+        auth:
+          $ref: '#/components/schemas/CustomDestinationGoogleSecurityOperationsDestinationAuth'
+        customer_id:
+          description: The customer ID of the Google Security Operations account.
+          example: 123-456-7890
+          type: string
+        namespace:
+          description: The namespace of the Google Security Operations account.
+          example: google-security-operations-namespace
+          type: string
+        regional_endpoint:
+          description: The `CustomDestinationForwardDestinationGoogleSecurityOperations`
+            `regional_endpoint`.
+          example: https://malachiteingestion-pa.googleapis.com
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationForwardDestinationGoogleSecurityOperationsType'
+      required:
+      - type
+      - customer_id
+      - regional_endpoint
+      - namespace
+      - auth
+      type: object
+    CustomDestinationForwardDestinationGoogleSecurityOperationsType:
+      default: google_security_operations
+      description: Type of the Google Security Operations destination.
+      enum:
+      - google_security_operations
+      example: google_security_operations
+      type: string
+      x-enum-varnames:
+      - GOOGLE_SECURITY_OPERATIONS
     CustomDestinationForwardDestinationHttp:
       description: The HTTP destination.
       properties:
@@ -10898,6 +10935,55 @@ components:
       type: string
       x-enum-varnames:
       - SPLUNK_HEC
+    CustomDestinationGoogleSecurityOperationsDestinationAuth:
+      description: Google Security Operations destination authentication.
+      properties:
+        client_email:
+          description: The Google Security Operations client email.
+          example: [email protected]
+          type: string
+        client_id:
+          description: The Google Security Operations client ID. This field is not
+            returned by the API.
+          example: def123456
+          type: string
+          writeOnly: true
+        private_key:
+          description: The Google Security Operations private key. This field is not
+            returned by the API.
+          example: '-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBK...\n-----END
+            PRIVATE KEY-----\n'
+          type: string
+          writeOnly: true
+        private_key_id:
+          description: The Google Security Operations private key ID. This field is
+            not returned by the API.
+          example: abc12345678
+          type: string
+          writeOnly: true
+        project_id:
+          description: Google Security Operations project ID.
+          example: gcp-project
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationGoogleSecurityOperationsDestinationAuthType'
+      required:
+      - type
+      - project_id
+      - private_key_id
+      - client_email
+      - client_id
+      - private_key
+      type: object
+    CustomDestinationGoogleSecurityOperationsDestinationAuthType:
+      default: gcp_private_key
+      description: Type of the Google Security Operations destination authentication.
+      enum:
+      - gcp_private_key
+      example: gcp_private_key
+      type: string
+      x-enum-varnames:
+      - GCP_PRIVATE_KEY
     CustomDestinationHttpDestinationAuth:
       description: Authentication method of the HTTP requests.
       oneOf:
@@ -11043,6 +11129,7 @@ components:
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationSplunk'
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationElasticsearch'
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinel'
+      - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationGoogleSecurityOperations'
     CustomDestinationResponseForwardDestinationElasticsearch:
       description: The Elasticsearch destination.
       properties:
@@ -11100,6 +11187,42 @@ components:
       type: string
       x-enum-varnames:
       - ELASTICSEARCH
+    CustomDestinationResponseForwardDestinationGoogleSecurityOperations:
+      description: The Google Security Operations destination.
+      properties:
+        auth:
+          $ref: '#/components/schemas/CustomDestinationResponseGoogleSecurityOperationsDestinationAuth'
+        customer_id:
+          description: The customer ID of the Google Security Operations account.
+          example: 123-456-7890
+          type: string
+        namespace:
+          description: The namespace of the Google Security Operations account.
+          example: google-security-operations-namespace
+          type: string
+        regional_endpoint:
+          description: The `CustomDestinationResponseForwardDestinationGoogleSecurityOperations`
+            `regional_endpoint`.
+          example: https://malachiteingestion-pa.googleapis.com
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationGoogleSecurityOperationsType'
+      required:
+      - type
+      - customer_id
+      - regional_endpoint
+      - namespace
+      - auth
+      type: object
+    CustomDestinationResponseForwardDestinationGoogleSecurityOperationsType:
+      default: google_security_operations
+      description: Type of the Google Security Operations destination.
+      enum:
+      - google_security_operations
+      example: google_security_operations
+      type: string
+      x-enum-varnames:
+      - GOOGLE_SECURITY_OPERATIONS
     CustomDestinationResponseForwardDestinationHttp:
       description: The HTTP destination.
       properties:
@@ -11194,6 +11317,33 @@ components:
       type: string
       x-enum-varnames:
       - SPLUNK_HEC
+    CustomDestinationResponseGoogleSecurityOperationsDestinationAuth:
+      description: Google Security Operations destination authentication.
+      properties:
+        client_email:
+          description: The Google Security Operations client email.
+          example: [email protected]
+          type: string
+        project_id:
+          description: Google Security Operations project ID.
+          example: gcp-project
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationResponseGoogleSecurityOperationsDestinationAuthType'
+      required:
+      - type
+      - project_id
+      - client_email
+      type: object
+    CustomDestinationResponseGoogleSecurityOperationsDestinationAuthType:
+      default: gcp_private_key
+      description: Type of the Google Security Operations destination authentication.
+      enum:
+      - gcp_private_key
+      example: gcp_private_key
+      type: string
+      x-enum-varnames:
+      - GCP_PRIVATE_KEY
     CustomDestinationResponseHttpDestinationAuth:
       description: Authentication method of the HTTP requests.
       oneOf:
 
@@ -0,0 +1 @@
+"2025-07-09T08:26:14.805Z"
@@ -0,0 +1,109 @@
+{
+  "log": {
+    "_recordingName": "Logs Custom Destinations/Create a Google Security Operations custom destination returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "1db6a6ab99d9d8ab9eb0880014ac1ce1",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 710,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 592,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"data\":{\"attributes\":{\"enabled\":false,\"forward_tags\":false,\"forward_tags_restriction_list\":[\"datacenter\",\"host\"],\"forward_tags_restriction_list_type\":\"ALLOW_LIST\",\"forwarder_destination\":{\"auth\":{\"client_email\":\"[email protected]\",\"client_id\":\"def123456\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBK...\\n-----END PRIVATE KEY-----\\n\",\"private_key_id\":\"abc12345678\",\"project_id\":\"gcp-project\",\"type\":\"gcp_private_key\"},\"customer_id\":\"123-456-7890\",\"namespace\":\"google-security-operations-namespace\",\"regional_endpoint\":\"https://malachiteingestion-pa.googleapis.com\",\"type\":\"google_security_operations\"},\"name\":\"Nginx logs\",\"query\":\"source:nginx\"},\"type\":\"custom_destination\"}}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/logs/config/custom-destinations"
+        },
+        "response": {
+          "bodySize": 588,
+          "content": {
+            "mimeType": "application/json",
+            "size": 588,
+            "text": "{\"data\":{\"id\":\"363586eb-0e4c-45c6-ba95-5afaddead03f\",\"attributes\":{\"name\":\"Nginx logs\",\"query\":\"source:nginx\",\"enabled\":false,\"forwarder_destination\":{\"customer_id\":\"123-456-7890\",\"regional_endpoint\":\"https://malachiteingestion-pa.googleapis.com\",\"namespace\":\"google-security-operations-namespace\",\"auth\":{\"project_id\":\"gcp-project\",\"client_email\":\"[email protected]\",\"type\":\"gcp_private_key\"},\"type\":\"google_security_operations\"},\"forward_tags_restriction_list_type\":\"ALLOW_LIST\",\"forward_tags_restriction_list\":[\"datacenter\",\"host\"],\"forward_tags\":false},\"type\":\"custom_destination\"}}\n"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 713,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 200,
+          "statusText": "OK"
+        },
+        "startedDateTime": "2025-07-09T08:26:15.220Z",
+        "time": 383
+      },
+      {
+        "_id": "b357449565ea2dc8baf41959bbb48471",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 0,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "*/*"
+            }
+          ],
+          "headersSize": 565,
+          "httpVersion": "HTTP/1.1",
+          "method": "DELETE",
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/logs/config/custom-destinations/363586eb-0e4c-45c6-ba95-5afaddead03f"
+        },
+        "response": {
+          "bodySize": 0,
+          "content": {
+            "mimeType": "text/html; charset=utf-8",
+            "size": 0
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "text/html; charset=utf-8"
+            }
+          ],
+          "headersSize": 700,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 204,
+          "statusText": "No Content"
+        },
+        "startedDateTime": "2025-07-09T08:26:15.613Z",
+        "time": 376
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
@@ -57,6 +57,33 @@ Feature: Logs Custom Destinations
     And the response "data.attributes.forward_tags_restriction_list" array contains value "host"
     And the response "data.attributes.forward_tags_restriction_list_type" is equal to "ALLOW_LIST"
 
+  @team:DataDog/logs-backend @team:DataDog/logs-forwarding
+  Scenario: Create a Google Security Operations custom destination returns "OK" response
+    Given new "CreateLogsCustomDestination" request
+    And body with value {"data": {"attributes": {"enabled": false, "forward_tags": false, "forward_tags_restriction_list": ["datacenter", "host"], "forward_tags_restriction_list_type": "ALLOW_LIST", "forwarder_destination": {"type": "google_security_operations", "customer_id": "123-456-7890", "regional_endpoint": "https://malachiteingestion-pa.googleapis.com", "namespace": "google-security-operations-namespace", "auth": {"type": "gcp_private_key", "project_id": "gcp-project", "private_key_id": "abc12345678", "client_email": "[email protected]", "client_id": "def123456", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBK...\n-----END PRIVATE KEY-----\n"}}, "name": "Nginx logs", "query": "source:nginx"}, "type": "custom_destination"}}
+    When the request is sent
+    Then the response status is 200 OK
+    And the response "data.type" is equal to "custom_destination"
+    And the response "data" has field "id"
+    And the response "data.attributes.name" is equal to "Nginx logs"
+    And the response "data.attributes.query" is equal to "source:nginx"
+    And the response "data.attributes.forwarder_destination.type" is equal to "google_security_operations"
+    And the response "data.attributes.forwarder_destination.customer_id" is equal to "123-456-7890"
+    And the response "data.attributes.forwarder_destination.regional_endpoint" is equal to "https://malachiteingestion-pa.googleapis.com"
+    And the response "data.attributes.forwarder_destination.namespace" is equal to "google-security-operations-namespace"
+    And the response "data.attributes.forwarder_destination.auth.type" is equal to "gcp_private_key"
+    And the response "data.attributes.forwarder_destination.auth.project_id" is equal to "gcp-project"
+    And the response "data.attributes.forwarder_destination.auth.client_email" is equal to "[email protected]"
+    And the response "data.attributes.forwarder_destination.auth" does not have field "private_key"
+    And the response "data.attributes.forwarder_destination.auth" does not have field "private_key_id"
+    And the response "data.attributes.forwarder_destination.auth" does not have field "client_id"
+    And the response "data.attributes.enabled" is false
+    And the response "data.attributes.forward_tags" is false
+    And the response "data.attributes.forward_tags_restriction_list" has length 2
+    And the response "data.attributes.forward_tags_restriction_list" array contains value "datacenter"
+    And the response "data.attributes.forward_tags_restriction_list" array contains value "host"
+    And the response "data.attributes.forward_tags_restriction_list_type" is equal to "ALLOW_LIST"
+
   @team:DataDog/logs-backend @team:DataDog/logs-forwarding
   Scenario: Create a Microsoft Sentinel custom destination returns "OK" response
     Given new "CreateLogsCustomDestination" request
 
@@ -15,12 +15,16 @@ export { CustomDestinationElasticsearchDestinationAuth } from "./models/CustomDe
 export { CustomDestinationForwardDestination } from "./models/CustomDestinationForwardDestination";
 export { CustomDestinationForwardDestinationElasticsearch } from "./models/CustomDestinationForwardDestinationElasticsearch";
 export { CustomDestinationForwardDestinationElasticsearchType } from "./models/CustomDestinationForwardDestinationElasticsearchType";
+export { CustomDestinationForwardDestinationGoogleSecurityOperations } from "./models/CustomDestinationForwardDestinationGoogleSecurityOperations";
+export { CustomDestinationForwardDestinationGoogleSecurityOperationsType } from "./models/CustomDestinationForwardDestinationGoogleSecurityOperationsType";
 export { CustomDestinationForwardDestinationHttp } from "./models/CustomDestinationForwardDestinationHttp";
 export { CustomDestinationForwardDestinationHttpType } from "./models/CustomDestinationForwardDestinationHttpType";
 export { CustomDestinationForwardDestinationMicrosoftSentinel } from "./models/CustomDestinationForwardDestinationMicrosoftSentinel";
 export { CustomDestinationForwardDestinationMicrosoftSentinelType } from "./models/CustomDestinationForwardDestinationMicrosoftSentinelType";
 export { CustomDestinationForwardDestinationSplunk } from "./models/CustomDestinationForwardDestinationSplunk";
 export { CustomDestinationForwardDestinationSplunkType } from "./models/CustomDestinationForwardDestinationSplunkType";
+export { CustomDestinationGoogleSecurityOperationsDestinationAuth } from "./models/CustomDestinationGoogleSecurityOperationsDestinationAuth";
+export { CustomDestinationGoogleSecurityOperationsDestinationAuthType } from "./models/CustomDestinationGoogleSecurityOperationsDestinationAuthType";
 export { CustomDestinationHttpDestinationAuth } from "./models/CustomDestinationHttpDestinationAuth";
 export { CustomDestinationHttpDestinationAuthBasic } from "./models/CustomDestinationHttpDestinationAuthBasic";
 export { CustomDestinationHttpDestinationAuthBasicType } from "./models/CustomDestinationHttpDestinationAuthBasicType";
@@ -32,12 +36,16 @@ export { CustomDestinationResponseDefinition } from "./models/CustomDestinationR
 export { CustomDestinationResponseForwardDestination } from "./models/CustomDestinationResponseForwardDestination";
 export { CustomDestinationResponseForwardDestinationElasticsearch } from "./models/CustomDestinationResponseForwardDestinationElasticsearch";
 export { CustomDestinationResponseForwardDestinationElasticsearchType } from "./models/CustomDestinationResponseForwardDestinationElasticsearchType";
+export { CustomDestinationResponseForwardDestinationGoogleSecurityOperations } from "./models/CustomDestinationResponseForwardDestinationGoogleSecurityOperations";
+export { CustomDestinationResponseForwardDestinationGoogleSecurityOperationsType } from "./models/CustomDestinationResponseForwardDestinationGoogleSecurityOperationsType";
 export { CustomDestinationResponseForwardDestinationHttp } from "./models/CustomDestinationResponseForwardDestinationHttp";
 export { CustomDestinationResponseForwardDestinationHttpType } from "./models/CustomDestinationResponseForwardDestinationHttpType";
 export { CustomDestinationResponseForwardDestinationMicrosoftSentinel } from "./models/CustomDestinationResponseForwardDestinationMicrosoftSentinel";
 export { CustomDestinationResponseForwardDestinationMicrosoftSentinelType } from "./models/CustomDestinationResponseForwardDestinationMicrosoftSentinelType";
 export { CustomDestinationResponseForwardDestinationSplunk } from "./models/CustomDestinationResponseForwardDestinationSplunk";
 export { CustomDestinationResponseForwardDestinationSplunkType } from "./models/CustomDestinationResponseForwardDestinationSplunkType";
+export { CustomDestinationResponseGoogleSecurityOperationsDestinationAuth } from "./models/CustomDestinationResponseGoogleSecurityOperationsDestinationAuth";
+export { CustomDestinationResponseGoogleSecurityOperationsDestinationAuthType } from "./models/CustomDestinationResponseGoogleSecurityOperationsDestinationAuthType";
 export { CustomDestinationResponseHttpDestinationAuth } from "./models/CustomDestinationResponseHttpDestinationAuth";
 export { CustomDestinationResponseHttpDestinationAuthBasic } from "./models/CustomDestinationResponseHttpDestinationAuthBasic";
 export { CustomDestinationResponseHttpDestinationAuthBasicType } from "./models/CustomDestinationResponseHttpDestinationAuthBasicType";