contentctl 4.4.7__py3-none-any.whl → 5.0.0a2__py3-none-any.whl

contentctl/objects/constants.py

@@ -79,6 +79,7 @@ SES_KILL_CHAIN_MAPPINGS = {
     "Actions on Objectives": 7
 }
 
+# TODO (cmcginley): @ljstella should this be removed? also referenced in new_content.py
 SES_OBSERVABLE_ROLE_MAPPING = {
     "Other": -1,
     "Unknown": 0,
@@ -93,6 +94,7 @@ SES_OBSERVABLE_ROLE_MAPPING = {
     "Observer": 9
 }
 
+# TODO (cmcginley): @ljstella should this be removed? also referenced in new_content.py
 SES_OBSERVABLE_TYPE_MAPPING = {
     "Unknown": 0,
     "Hostname": 1,
@@ -135,6 +137,7 @@ SES_ATTACK_TACTICS_ID_MAPPING = {
     "Impact": "TA0040"
 }
 
+# TODO (cmcginley): is this just for the transition testing?
 RBA_OBSERVABLE_ROLE_MAPPING = {
     "Attacker": 0,
     "Victim": 1
@@ -149,7 +152,7 @@ DOWNLOADS_DIRECTORY = "downloads"
 # errors, if its name is longer than 99 characters.
 # When an saved search is cloned in Enterprise Security User Interface,
 # it is wrapped in the following: 
-# {Detection.tags.security_domain.value} - {SEARCH_STANZA_NAME} - Rule
+# {Detection.tags.security_domain} - {SEARCH_STANZA_NAME} - Rule
 # Similarly, when we generate the search stanza name in contentctl, it
 # is app.label - detection.name - Rule
 # However, in product the search name is:

contentctl/objects/correlation_search.py

@@ -2,7 +2,7 @@ import logging
 import time
 import json
 from typing import Any
-from enum import Enum
+from enum import StrEnum, IntEnum
 from functools import cached_property
 
 from pydantic import ConfigDict, BaseModel, computed_field, Field, PrivateAttr
@@ -29,7 +29,6 @@ from contentctl.objects.errors import (
 from contentctl.objects.detection import Detection
 from contentctl.objects.risk_event import RiskEvent
 from contentctl.objects.notable_event import NotableEvent
-from contentctl.objects.observable import Observable
 
 
 # Suppress logging by default; enable for local testing
@@ -76,7 +75,7 @@ def get_logger() -> logging.Logger:
     return logger
 
 
-class SavedSearchKeys(str, Enum):
+class SavedSearchKeys(StrEnum):
     """
     Various keys into the SavedSearch content
     """
@@ -89,7 +88,7 @@ class SavedSearchKeys(str, Enum):
     DISBALED_KEY = "disabled"
 
 
-class Indexes(str, Enum):
+class Indexes(StrEnum):
     """
     Indexes we search against
     """
@@ -98,7 +97,7 @@ class Indexes(str, Enum):
     NOTABLE_INDEX = "notable"
 
 
-class TimeoutConfig(int, Enum):
+class TimeoutConfig(IntEnum):
     """
     Configuration values for the exponential backoff timer
     """
@@ -115,7 +114,7 @@ class TimeoutConfig(int, Enum):
 
 # TODO (#226): evaluate sane defaults for timeframe for integration testing (e.g. 5y is good
 #   now, but maybe not always...); maybe set latest/earliest to None?
-class ScheduleConfig(str, Enum):
+class ScheduleConfig(StrEnum):
     """
     Configuraton values for the saved search schedule
     """
@@ -145,24 +144,24 @@ class ResultIterator:
     def __iter__(self) -> "ResultIterator":
         return self
 
-    def __next__(self) -> dict:
+    def __next__(self) -> dict[Any, Any]:
         # Use a reader for JSON format so we can iterate over our results
         for result in self.results_reader:
             # log messages, or raise if error
             if isinstance(result, Message):
                 # convert level string to level int
-                level_name = result.type.strip().upper()
+                level_name = result.type.strip().upper()                                            # type: ignore
                 level: int = logging.getLevelName(level_name)
 
                 # log message at appropriate level and raise if needed
-                message = f"SPLUNK: {result.message}"
+                message = f"SPLUNK: {result.message}"                                               # type: ignore
                 self.logger.log(level, message)
                 if level == logging.ERROR:
                     raise ServerError(message)
 
             # if dict, just return
             elif isinstance(result, dict):
-                return result
+                return result                                                                       # type: ignore
 
             # raise for any unexpected types
             else:
@@ -310,9 +309,11 @@ class CorrelationSearch(BaseModel):
         The earliest time configured for the saved search
         """
         if self.saved_search is not None:
-            return self.saved_search.content[SavedSearchKeys.EARLIEST_TIME_KEY.value]
+            return self.saved_search.content[SavedSearchKeys.EARLIEST_TIME_KEY]                     # type: ignore
         else:
-            raise ClientError("Something unexpected went wrong in initialization; saved_search was not populated")
+            raise ClientError(
+                "Something unexpected went wrong in initialization; saved_search was not populated"
+            )
 
     @property
     def latest_time(self) -> str:
@@ -320,9 +321,11 @@ class CorrelationSearch(BaseModel):
         The latest time configured for the saved search
         """
         if self.saved_search is not None:
-            return self.saved_search.content[SavedSearchKeys.LATEST_TIME_KEY.value]
+            return self.saved_search.content[SavedSearchKeys.LATEST_TIME_KEY]                       # type: ignore
         else:
-            raise ClientError("Something unexpected went wrong in initialization; saved_search was not populated")
+            raise ClientError(
+                "Something unexpected went wrong in initialization; saved_search was not populated"
+            )
 
     @property
     def cron_schedule(self) -> str:
@@ -330,9 +333,11 @@ class CorrelationSearch(BaseModel):
         The cron schedule configured for the saved search
         """
         if self.saved_search is not None:
-            return self.saved_search.content[SavedSearchKeys.CRON_SCHEDULE_KEY.value]
+            return self.saved_search.content[SavedSearchKeys.CRON_SCHEDULE_KEY]                     # type: ignore
         else:
-            raise ClientError("Something unexpected went wrong in initialization; saved_search was not populated")
+            raise ClientError(
+                "Something unexpected went wrong in initialization; saved_search was not populated"
+            )
 
     @property
     def enabled(self) -> bool:
@@ -340,12 +345,14 @@ class CorrelationSearch(BaseModel):
         Whether the saved search is enabled
         """
         if self.saved_search is not None:
-            if int(self.saved_search.content[SavedSearchKeys.DISBALED_KEY.value]):
+            if int(self.saved_search.content[SavedSearchKeys.DISBALED_KEY]):                        # type: ignore
                 return False
             else:
                 return True
         else:
-            raise ClientError("Something unexpected went wrong in initialization; saved_search was not populated")
+            raise ClientError(
+                "Something unexpected went wrong in initialization; saved_search was not populated"
+            )
 
     @ property
     def has_risk_analysis_action(self) -> bool:
@@ -368,7 +375,7 @@ class CorrelationSearch(BaseModel):
         :param content: a dict of strings to values
         :returns: a RiskAnalysisAction, or None if none exists
         """
-        if int(content[SavedSearchKeys.RISK_ACTION_KEY.value]):
+        if int(content[SavedSearchKeys.RISK_ACTION_KEY]):
             try:
                 return RiskAnalysisAction.parse_from_dict(content)
             except ValueError as e:
@@ -383,23 +390,10 @@ class CorrelationSearch(BaseModel):
         :returns: a NotableAction, or None if none exists
         """
         # grab notable details if present
-        if int(content[SavedSearchKeys.NOTABLE_ACTION_KEY.value]):
+        if int(content[SavedSearchKeys.NOTABLE_ACTION_KEY]):
             return NotableAction.parse_from_dict(content)
         return None
 
-    @staticmethod
-    def _get_relevant_observables(observables: list[Observable]) -> list[Observable]:
-        """
-        Given a list of observables, identify the subset of those relevant for risk matching
-        :param observables: the Observable objects to filter
-        :returns: the filtered list of relevant observables
-        """
-        relevant = []
-        for observable in observables:
-            if not RiskEvent.ignore_observable(observable):
-                relevant.append(observable)
-        return relevant
-
     def _parse_risk_and_notable_actions(self) -> None:
         """Parses the risk/notable metadata we care about from self.saved_search.content
 
@@ -463,9 +457,9 @@ class CorrelationSearch(BaseModel):
 
     def update_timeframe(
         self,
-        earliest_time: str = ScheduleConfig.EARLIEST_TIME.value,
-        latest_time: str = ScheduleConfig.LATEST_TIME.value,
-        cron_schedule: str = ScheduleConfig.CRON_SCHEDULE.value,
+        earliest_time: str = ScheduleConfig.EARLIEST_TIME,
+        latest_time: str = ScheduleConfig.LATEST_TIME,
+        cron_schedule: str = ScheduleConfig.CRON_SCHEDULE,
         refresh: bool = True
     ) -> None:
         """Updates the correlation search timeframe to work with test data
@@ -481,9 +475,9 @@ class CorrelationSearch(BaseModel):
         """
         # update the SavedSearch accordingly
         data = {
-            SavedSearchKeys.EARLIEST_TIME_KEY.value: earliest_time,
-            SavedSearchKeys.LATEST_TIME_KEY.value: latest_time,
-            SavedSearchKeys.CRON_SCHEDULE_KEY.value: cron_schedule
+            SavedSearchKeys.EARLIEST_TIME_KEY: earliest_time,
+            SavedSearchKeys.LATEST_TIME_KEY: latest_time,
+            SavedSearchKeys.CRON_SCHEDULE_KEY: cron_schedule
         }
         self.logger.info(data)
         self.logger.info(f"Updating timeframe for '{self.name}': {data}")
@@ -495,7 +489,7 @@ class CorrelationSearch(BaseModel):
         if refresh:
             self.refresh()
 
-    def force_run(self, refresh=True) -> None:
+    def force_run(self, refresh: bool = True) -> None:
         """Forces a detection run
 
         Enables the detection, adjusts the cron schedule to run every 1 minute, and widens the earliest/latest window
@@ -506,7 +500,7 @@ class CorrelationSearch(BaseModel):
         if not self.enabled:
             self.enable(refresh=False)
         else:
-            self.logger.warn(f"Detection '{self.name}' was already enabled")
+            self.logger.warning(f"Detection '{self.name}' was already enabled")
 
         if refresh:
             self.refresh()
@@ -554,10 +548,10 @@ class CorrelationSearch(BaseModel):
             for result in result_iterator:
                 # sanity check that this result from the iterator is a risk event and not some
                 # other metadata
-                if result["index"] == Indexes.RISK_INDEX.value:
+                if result["index"] == Indexes.RISK_INDEX:
                     try:
                         parsed_raw = json.loads(result["_raw"])
-                        event = RiskEvent.parse_obj(parsed_raw)
+                        event = RiskEvent.model_validate(parsed_raw)
                     except Exception:
                         self.logger.error(f"Failed to parse RiskEvent from search result: {result}")
                         raise
@@ -619,10 +613,10 @@ class CorrelationSearch(BaseModel):
             for result in result_iterator:
                 # sanity check that this result from the iterator is a notable event and not some
                 # other metadata
-                if result["index"] == Indexes.NOTABLE_INDEX.value:
+                if result["index"] == Indexes.NOTABLE_INDEX:
                     try:
                         parsed_raw = json.loads(result["_raw"])
-                        event = NotableEvent.parse_obj(parsed_raw)
+                        event = NotableEvent.model_validate(parsed_raw)
                     except Exception:
                         self.logger.error(f"Failed to parse NotableEvent from search result: {result}")
                         raise
@@ -646,24 +640,21 @@ class CorrelationSearch(BaseModel):
         """Validates the existence of any expected risk events
 
         First ensure the risk event exists, and if it does validate its risk message and make sure
-        any events align with the specified observables. Also adds the risk index to the purge list
+        any events align with the specified risk object. Also adds the risk index to the purge list
         if risk events existed
         :param elapsed_sleep_time: an int representing the amount of time slept thus far waiting to
             check the risks/notables
         :returns: an IntegrationTestResult on failure; None on success
         """
-        # Create a mapping of the relevant observables to counters
-        observables = CorrelationSearch._get_relevant_observables(self.detection.tags.observable)
-        observable_counts: dict[str, int] = {str(x): 0 for x in observables}
-
-        # NOTE: we intentionally want this to be an error state and not a failure state, as
-        #   ultimately this validation should be handled during the build process
-        if len(observables) != len(observable_counts):
-            raise ClientError(
-                f"At least two observables in '{self.detection.name}' have the same name; "
-                "each observable for a detection should be unique."
+        # Ensure the rba object is defined
+        if self.detection.rba is None:
+            raise ValidationFailed(
+                f"Unexpected error: Detection '{self.detection.name}' has no RBA objects associated"
+                " with it; cannot validate."
             )
 
+        risk_object_counts: dict[int, int] = {id(x): 0 for x in self.detection.rba.risk_objects}
+
         # Get the risk events; note that we use the cached risk events, expecting they were
         # saved by a prior call to risk_event_exists
         events = self.get_risk_events()
@@ -673,63 +664,66 @@ class CorrelationSearch(BaseModel):
         for event in events:
             c += 1
             self.logger.debug(
-                f"Validating risk event ({event.risk_object}, {event.risk_object_type}): "
+                f"Validating risk event ({event.es_risk_object}, {event.es_risk_object_type}): "
                 f"{c}/{len(events)}"
             )
             event.validate_against_detection(self.detection)
 
-            # Update observable count based on match
-            matched_observable = event.get_matched_observable(self.detection.tags.observable)
+            # Update risk object count based on match
+            matched_risk_object = event.get_matched_risk_object(self.detection.rba.risk_objects)
             self.logger.debug(
-                f"Matched risk event (object={event.risk_object}, type={event.risk_object_type}) "
-                f"to observable (name={matched_observable.name}, type={matched_observable.type}, "
-                f"role={matched_observable.role}) using the source field "
+                f"Matched risk event (object={event.es_risk_object}, type={event.es_risk_object_type}) "
+                f"to detection's risk object (name={matched_risk_object.field}, "
+                f"type={matched_risk_object.type.value}) using the source field "
                 f"'{event.source_field_name}'"
             )
-            observable_counts[str(matched_observable)] += 1
+            risk_object_counts[id(matched_risk_object)] += 1
 
-        # Report any observables which did not have at least one match to a risk event
-        for observable in observables:
+        # Report any risk objects which did not have at least one match to a risk event
+        for risk_object in self.detection.rba.risk_objects:
             self.logger.debug(
-                f"Matched observable (name={observable.name}, type={observable.type}, "
-                f"role={observable.role}) to {observable_counts[str(observable)]} risk events."
+                f"Matched risk object (name={risk_object.field}, type={risk_object.type.value} "
+                f"to {risk_object_counts[id(risk_object)]} risk events."
             )
-            if observable_counts[str(observable)] == 0:
+            if risk_object_counts[id(risk_object)] == 0:
                 raise ValidationFailed(
-                    f"Observable (name={observable.name}, type={observable.type}, "
-                    f"role={observable.role}) was not matched to any risk events."
+                    f"Risk object (name={risk_object.field}, type={risk_object.type.value}) "
+                    "was not matched to any risk events."
                 )
 
         # TODO (#250): Re-enable and refactor code that validates the specific risk counts
         # Validate risk events in aggregate; we should have an equal amount of risk events for each
-        # relevant observable, and the total count should match the total number of events
+        # relevant risk object, and the total count should match the total number of events
         # individual_count: int | None = None
         # total_count = 0
-        # for observable_str in observable_counts:
+        # for risk_object_id in risk_object_counts:
         #     self.logger.debug(
-        #         f"Observable <{observable_str}> match count: {observable_counts[observable_str]}"
+        #         f"Risk object <{risk_object_id}> match count: {risk_object_counts[risk_object_id]}"
         #     )
 
         #     # Grab the first value encountered if not set yet
         #     if individual_count is None:
-        #         individual_count = observable_counts[observable_str]
+        #         individual_count = risk_object_counts[risk_object_id]
         #     else:
-        #         # Confirm that the count for the current observable matches the count of the others
-        #         if observable_counts[observable_str] != individual_count:
+        #         # Confirm that the count for the current risk object matches the count of the
+        #         # others
+        #         if risk_object_counts[risk_object_id] != individual_count:
         #             raise ValidationFailed(
-        #                 f"Count of risk events matching observable <\"{observable_str}\"> "
-        #                 f"({observable_counts[observable_str]}) does not match the count of those "
-        #                 f"matching other observables ({individual_count})."
+        #                 f"Count of risk events matching detection's risk object <\"{risk_object_id}\"> "
+        #                 f"({risk_object_counts[risk_object_id]}) does not match the count of those "
+        #                 f"matching other risk objects ({individual_count})."
         #             )
 
-        #     # Aggregate total count of events matched to observables
-        #     total_count += observable_counts[observable_str]
+        #     # Aggregate total count of events matched to risk objects
+        #     total_count += risk_object_counts[risk_object_id]
 
-        # # Raise if the the number of events doesn't match the number of those matched to observables
+        # # Raise if the the number of events doesn't match the number of those matched to risk
+        # # objects
         # if len(events) != total_count:
         #     raise ValidationFailed(
         #         f"The total number of risk events {len(events)} does not match the number of "
-        #         f"risk events we were able to match against observables ({total_count})."
+        #         "risk events we were able to match against risk objects from the detection "
+        #         f"({total_count})."
         #     )
 
     # TODO (PEX-434): implement deeper notable validation
@@ -746,7 +740,7 @@ class CorrelationSearch(BaseModel):
 
     # NOTE: it would be more ideal to switch this to a system which gets the handle of the saved search job and polls
     #   it for completion, but that seems more tricky
-    def test(self, max_sleep: int = TimeoutConfig.MAX_SLEEP.value, raise_on_exc: bool = False) -> IntegrationTestResult:
+    def test(self, max_sleep: int = TimeoutConfig.MAX_SLEEP, raise_on_exc: bool = False) -> IntegrationTestResult:
         """Execute the integration test
 
         Executes an integration test for this CorrelationSearch. First, ensures no matching risk/notables already exist
@@ -760,10 +754,10 @@ class CorrelationSearch(BaseModel):
         """
         # max_sleep must be greater than the base value we must wait for the scheduled searchjob to run (jobs run every
         # 60s)
-        if max_sleep < TimeoutConfig.BASE_SLEEP.value:
+        if max_sleep < TimeoutConfig.BASE_SLEEP:
             raise ClientError(
                 f"max_sleep value of {max_sleep} is less than the base sleep required "
-                f"({TimeoutConfig.BASE_SLEEP.value})"
+                f"({TimeoutConfig.BASE_SLEEP})"
             )
 
         # initialize result as None
@@ -774,7 +768,7 @@ class CorrelationSearch(BaseModel):
         num_tries = 0
 
         # set the initial base sleep time
-        time_to_sleep = TimeoutConfig.BASE_SLEEP.value
+        time_to_sleep = TimeoutConfig.BASE_SLEEP
 
         try:
             # first make sure the indexes are currently empty and the detection is starting from a disabled state
@@ -783,11 +777,11 @@ class CorrelationSearch(BaseModel):
             )
             self.update_pbar(TestingStates.PRE_CLEANUP)
             if self.risk_event_exists():
-                self.logger.warn(
+                self.logger.warning(
                     f"Risk events matching '{self.name}' already exist; marking for deletion"
                 )
             if self.notable_event_exists():
-                self.logger.warn(
+                self.logger.warning(
                     f"Notable events matching '{self.name}' already exist; marking for deletion"
                 )
             self.cleanup()
@@ -934,11 +928,11 @@ class CorrelationSearch(BaseModel):
         :param query: the SPL string to run
         """
         self.logger.debug(f"Executing query: `{query}`")
-        job = self.service.search(query, exec_mode="blocking")
+        job = self.service.search(query, exec_mode="blocking")                                      # type: ignore
 
         # query the results, catching any HTTP status code errors
         try:
-            response_reader: ResponseReader = job.results(output_mode="json")
+            response_reader: ResponseReader = job.results(output_mode="json")                       # type: ignore
         except HTTPError as e:
             # e.g. ->  HTTP 400 Bad Request -- b'{"messages":[{"type":"FATAL","text":"Error in \'delete\' command: You
             #   have insufficient privileges to delete events."}]}'
@@ -946,7 +940,7 @@ class CorrelationSearch(BaseModel):
             self.logger.error(message)
             raise ServerError(message)
 
-        return ResultIterator(response_reader)
+        return ResultIterator(response_reader)                                                      # type: ignore
 
     def _delete_index(self, index: str) -> None:
         """Deletes events in a given index
@@ -979,7 +973,7 @@ class CorrelationSearch(BaseModel):
             message = f"No result returned showing deletion in index {index}"
             raise ServerError(message)
 
-    def cleanup(self, delete_test_index=False) -> None:
+    def cleanup(self, delete_test_index: bool = False) -> None:
         """Cleans up after an integration test
 
         First, disable the detection; then dump the risk, notable, and (optionally) test indexes. The test index is
@@ -999,9 +993,9 @@ class CorrelationSearch(BaseModel):
         if delete_test_index:
             self.indexes_to_purge.add(self.test_index)                                              # type: ignore
         if self._risk_events is not None:
-            self.indexes_to_purge.add(Indexes.RISK_INDEX.value)
+            self.indexes_to_purge.add(Indexes.RISK_INDEX)
         if self._notable_events is not None:
-            self.indexes_to_purge.add(Indexes.NOTABLE_INDEX.value)
+            self.indexes_to_purge.add(Indexes.NOTABLE_INDEX)
 
         # delete the indexes
         for index in self.indexes_to_purge:

contentctl/objects/data_source.py

@@ -1,8 +1,7 @@
 from __future__ import annotations
 from typing import Optional, Any
-from pydantic import Field, HttpUrl, model_serializer, BaseModel
+from pydantic import Field, HttpUrl, model_serializer, BaseModel, ConfigDict
 from contentctl.objects.security_content_object import SecurityContentObject
-from contentctl.objects.event_source import EventSource
 
 
 class TA(BaseModel):
@@ -15,10 +14,10 @@ class DataSource(SecurityContentObject):
     separator: Optional[str] = None
     configuration: Optional[str] = None
     supported_TA: list[TA] = []
-    fields: Optional[list] = None
-    field_mappings: Optional[list] = None
-    convert_to_log_source: Optional[list] = None
-    example_log: Optional[str] = None
+    fields: None | list = None
+    field_mappings: None | list = None
+    convert_to_log_source: None | list = None
+    example_log: None | str = None
 
 
     @model_serializer

contentctl/objects/deployment.py

@@ -1,5 +1,5 @@
 from __future__ import annotations
-from pydantic import Field, computed_field,ValidationInfo, model_serializer, NonNegativeInt
+from pydantic import Field, computed_field,ValidationInfo, model_serializer, NonNegativeInt, ConfigDict
 from typing import Any
 import uuid
 import datetime
@@ -10,14 +10,7 @@ from contentctl.objects.alert_action import AlertAction
 from contentctl.objects.enums import DeploymentType
 
 
-class Deployment(SecurityContentObject):
-    #id: str = None
-    #date: str = None
-    #author: str = None
-    #description: str = None
-    #contentType: SecurityContentType = SecurityContentType.deployments
-    
-    
+class Deployment(SecurityContentObject):    
     scheduling: DeploymentScheduling = Field(...)
     alert_action: AlertAction = AlertAction()
     type: DeploymentType = Field(...)
@@ -72,7 +65,6 @@ class Deployment(SecurityContentObject):
             "tags": self.tags
         }
 
-        
         #Combine fields from this model with fields from parent
         model.update(super_fields)
         

contentctl/objects/deployment_email.py

@@ -1,8 +1,9 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentEmail(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     message: str
     subject: str
     to: str

contentctl/objects/deployment_notable.py

@@ -1,8 +1,9 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 from typing import List
 
 class DeploymentNotable(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     rule_description: str
     rule_title: str
     nes_fields: List[str]

contentctl/objects/deployment_phantom.py

@@ -1,8 +1,9 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentPhantom(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     cam_workers : str
     label : str
     phantom_server : str

contentctl/objects/deployment_rba.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentRBA(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     enabled: bool = False

contentctl/objects/deployment_scheduling.py

@@ -1,8 +1,9 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentScheduling(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     cron_schedule: str
     earliest_time: str
     latest_time: str

contentctl/objects/deployment_slack.py

@@ -1,7 +1,8 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentSlack(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     channel: str
     message: str