Requêtes de restriction de logs
Rapport de recherche Datadog : Bilan sur l'adoption de l'informatique sans serveur Rapport : Bilan sur l'adoption de l'informatique sans serveur

Requêtes de restriction de logs

Remarque : cet endpoint est en version bêta publique. Si vous souhaitez nous faire part de vos remarques, contactez l’assistance Datadog.

Pour accorder un accès en lecture à des données de logs, vous devez accorder l’autorisation logs_read_data. De là, vous pouvez limiter les données auxquelles un rôle donne un accès en lecture en associant une requête de restriction au rôle en question.

Une requête de restriction est une requête de logs qui limite les logs auxquels l’autorisation logs_read_data accorde un accès en lecture. Si un utilisateur dispose d’un rôle associé à une requête de restriction, les requêtes de logs qu’il exécute renverront uniquement les événements de logs autorisés par la requête de restriction. Cette restriction s’applique quelle que soit la fonctionnalité utilisée, y compris le Log Explorer, Live Tail, la réintégration ou les widgets de dashboard.

À l’heure actuelle, les requêtes de restriction prennent uniquement en charge l’utilisation des composants suivants des événements de logs :

  • Attributs réservés
  • Message de log
  • Tags

Pour gérer les accès en lecture restreints aux données de logs lorsque la structure organisationnelle d’un client est étendue ou complexe, il est conseillé d’ajouter un tag d’équipe aux événements de logs afin de spécifier les équipes auxquelles ils appartiennent, puis d’appliquer des requêtes de restriction aux tags d’équipe adéquats. Les tags peuvent être appliqués aux événements de logs de nombreuses manières, et un événement de log peut avoir plusieurs tags avec la même clé (p. ex. team) et des valeurs différentes. Un même événement de log peut ainsi être visible par des rôles dont l’accès est limité à des valeurs différentes du tag d’équipe.

Pour interagir avec cet endpoint, vous aurez besoin d’une clé d’API et d’une clé d’application avec droits administrateur.

Créer une requête de restriction

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

POST https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries

Présentation

Créez une nouvelle requête de restriction pour votre organisation.

Requête

Body Data

Expand All

Champ

Type

Description

data

object

Data related to the creation of a restriction query.

attributes

object

Attributes of the created restriction query.

restriction_query

string

The restriction query.

type

enum

Restriction query resource type. Allowed enum values: logs_restriction_queries

{
  "data": {
    "attributes": {
      "restriction_query": "env:sandbox"
    },
    "type": "logs_restriction_queries"
  }
}

Réponse

OK

Response containing information about a single restriction query.

Expand All

Champ

Type

Description

data

object

Restriction query object returned by the API.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": {
    "attributes": {
      "created_at": "2020-03-17T21:06:44Z",
      "modified_at": "2020-03-17T21:15:15Z",
      "restriction_query": "env:sandbox"
    },
    "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
    "type": "logs_restriction_queries"
  }
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Curl command
curl -X POST "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \
-d @- << EOF
{}
EOF

Supprimer une requête de restriction

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

DELETE https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}

Présentation

Supprime une requête de restriction.

Arguments

Paramètres du chemin

Nom

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Réponse

OK

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X DELETE "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/${restriction_query_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Récupérer une requête de restriction

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}

Présentation

Récupérez une requête de restriction dans l’organisation en spécifiant son restriction_query_id.

Arguments

Paramètres du chemin

Nom

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Réponse

OK

Response containing information about a single restriction query.

Expand All

Champ

Type

Description

data

object

Restriction query object returned by the API.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

relationships

object

Relationships of the restriction query object.

roles

object

Relationship to roles.

data

[object]

An array containing type and ID of a role.

id

string

ID of the role.

type

enum

Roles type. Allowed enum values: roles

type

enum

Restriction query resource type. Allowed enum values: logs_restriction_queries

included

[object]

Array of objects related to the restriction query.

{
  "data": {
    "attributes": {
      "created_at": "2020-03-17T21:06:44Z",
      "modified_at": "2020-03-17T21:15:15Z",
      "restriction_query": "env:sandbox"
    },
    "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
    "relationships": {
      "roles": {
        "data": [
          {
            "id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d",
            "type": "roles"
          }
        ]
      }
    },
    "type": "logs_restriction_queries"
  },
  "included": []
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X GET "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/${restriction_query_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Récupérer toutes les requêtes de restriction pour un utilisateur donné

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/user/{user_id}

Présentation

Récupérez toutes les requêtes de restriction pour un utilisateur donné.

Arguments

Paramètres du chemin

Nom

Type

Description

user_id [required]

string

The ID of the user.

Réponse

OK

Response containing information about multiple restriction queries.

Expand All

Champ

Type

Description

data

[object]

Array of returned restriction queries.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": [
    {
      "attributes": {
        "created_at": "2020-03-17T21:06:44Z",
        "modified_at": "2020-03-17T21:15:15Z",
        "restriction_query": "env:sandbox"
      },
      "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
      "type": "logs_restriction_queries"
    }
  ]
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Path parameters
export user_id="CHANGE_ME"
# Curl command curl -X GET "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/user/${user_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Récupérer une requête de restriction pour un rôle donné

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/role/{role_id}

Présentation

Récupérez une requête de restriction pour un rôle donné.

Arguments

Paramètres du chemin

Nom

Type

Description

role_id [required]

string

The ID of the role.

Réponse

OK

Response containing information about multiple restriction queries.

Expand All

Champ

Type

Description

data

[object]

Array of returned restriction queries.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": [
    {
      "attributes": {
        "created_at": "2020-03-17T21:06:44Z",
        "modified_at": "2020-03-17T21:15:15Z",
        "restriction_query": "env:sandbox"
      },
      "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
      "type": "logs_restriction_queries"
    }
  ]
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Path parameters
export role_id="CHANGE_ME"
# Curl command curl -X GET "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/role/${role_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Accorder un rôle à une requête de restriction

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

POST https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Présentation

Ajoute un rôle à une requête de restriction.

Arguments

Paramètres du chemin

Nom

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Requête

Body Data

Expand All

Champ

Type

Description

data

object

Relationship to role object.

id

string

ID of the role.

type

enum

Roles type. Allowed enum values: roles

{
  "data": {
    "id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d",
    "type": "roles"
  }
}

Réponse

OK

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X POST "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/${restriction_query_id}/roles" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \ -d @- << EOF {} EOF

Énumérer les requêtes de restriction

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries

Présentation

Renvoie toutes les requêtes de restriction, y compris leurs noms et leurs ID.

Arguments

Chaînes de requête

Nom

Type

Description

page[size]

integer

Size for a given page.

page[number]

integer

Specific page number to return.

Réponse

OK

Response containing information about multiple restriction queries.

Expand All

Champ

Type

Description

data

[object]

Array of returned restriction queries.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": [
    {
      "attributes": {
        "created_at": "2020-03-17T21:06:44Z",
        "modified_at": "2020-03-17T21:15:15Z",
        "restriction_query": "env:sandbox"
      },
      "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
      "type": "logs_restriction_queries"
    }
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Curl command
curl -X GET "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Énumérer les rôles d'une requête de restriction

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Présentation

Renvoie tous les rôles associés à une requête de restriction donnée.

Arguments

Paramètres du chemin

Nom

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Chaînes de requête

Nom

Type

Description

page[size]

integer

Size for a given page.

page[number]

integer

Specific page number to return.

Réponse

OK

Response containing information about roles attached to a restriction query.

Expand All

Champ

Type

Description

data

[object]

Array of roles.

attributes

object

Attributes of the role for a restriction query.

name

string

The role name.

id

string

ID of the role.

type

string

Role resource type.

{
  "data": [
    {
      "attributes": {
        "name": "Datadog Admin Role"
      },
      "id": "<ROLE_ID>",
      "type": "roles"
    }
  ]
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X GET "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/${restriction_query_id}/roles" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Révoquer un rôle d'une requête de restriction

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

DELETE https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Présentation

Supprime un rôle d’une requête de restriction.

Arguments

Paramètres du chemin

Nom

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Requête

Body Data

Expand All

Champ

Type

Description

data

object

Relationship to role object.

id

string

ID of the role.

type

enum

Roles type. Allowed enum values: roles

{
  "data": {
    "id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d",
    "type": "roles"
  }
}

Réponse

OK

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X DELETE "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/${restriction_query_id}/roles" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \ -d @- << EOF {} EOF

Mettre à jour une requête de restriction

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

PATCH https://api.datadoghq.comhttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}

Présentation

Modifiez une requête de restriction.

Arguments

Paramètres du chemin

Nom

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Requête

Body Data

Expand All

Champ

Type

Description

data

object

Data related to the update of a restriction query.

attributes

object

Attributes of the edited restriction query.

restriction_query

string

The restriction query.

type

enum

Restriction query resource type. Allowed enum values: logs_restriction_queries

{
  "data": {
    "attributes": {
      "restriction_query": "env:sandbox"
    },
    "type": "logs_restriction_queries"
  }
}

Réponse

OK

Response containing information about a single restriction query.

Expand All

Champ

Type

Description

data

object

Restriction query object returned by the API.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": {
    "attributes": {
      "created_at": "2020-03-17T21:06:44Z",
      "modified_at": "2020-03-17T21:15:15Z",
      "restriction_query": "env:sandbox"
    },
    "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
    "type": "logs_restriction_queries"
  }
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X PATCH "https://api.datadoghq.com"https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/${restriction_query_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \ -d @- << EOF {} EOF