add get_rule v1alpha sample, and standardize code comments in other rules engine v1alpha samples APIs

jason-wg · copybara-github · commit 475fe55d7d57 · 2024-02-07T17:21:57.000-08:00
PiperOrigin-RevId: 605144824
diff --git a/common/regions.py b/common/regions.py
@@ -52,3 +52,21 @@ def url(base_url: str, region: str) -> str:
   if region != "us":
     base_url = base_url.replace("https://", f"https://{region}-")
   return base_url
+
+
+def url_always_prepend_region(base_url: str, region: str) -> str:
+  """Returns a regionalized URL.
+
+  Args:
+    base_url: URL pointing to Chronicle API
+    region: region in which the target project is located
+
+  Returns:
+    A string containing a regionalized URL. Unlike the url() function,
+    this function always prepends region; this function also checks whether
+    the URL already has the region prefix, and if so, returns the URL unchanged.
+    v1alpha samples should use this function.
+  """
+  if not base_url.startswith(f"https://{region}-"):
+    base_url = base_url.replace("https://", f"https://{region}-")
+  return base_url
diff --git a/common/regions_test.py b/common/regions_test.py
@@ -33,6 +33,26 @@ def test_url_europe(self):
   def test_url_us(self):
     self.assertEqual(regions.url("https://test", "us"), "https://test")
 
+  def test_url_always_prepend_region_us(self):
+    self.assertEqual(
+        regions.url_always_prepend_region("https://test", "us"),
+        "https://us-test",
+    )
+
+  def test_url_always_prepend_region_europe(self):
+    self.assertEqual(
+        regions.url_always_prepend_region("https://test", "europe"),
+        "https://europe-test",
+    )
+
+  def test_url_always_prepend_region_twice(self):
+    url_once = regions.url_always_prepend_region("https://test", "europe")
+    url_twice = regions.url_always_prepend_region(url_once, "europe")
+    self.assertEqual(
+        "https://europe-test",
+        url_twice,
+    )
+
 
 if __name__ == "__main__":
   unittest.main()
diff --git a/detect/v1alpha/__init__.py b/detect/v1alpha/__init__.py
@@ -0,0 +1,14 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/detect/v1alpha/create_rule.py b/detect/v1alpha/create_rule.py
@@ -16,32 +16,29 @@
 #
 r"""Executable and reusable sample for creating a detection rule.
 
- HTTP request
- POST https://chronicle.googleapis.com/v1alpha/{parent}/rules
-
- python3 -m detect.v1alpha.create_rule \
-   --project_instance $project_instance \
-   --project_id $PROJECT_ID \
-   --rule_file=./ip_in_abuseipdb_blocklist.yaral
-
- Requires the following IAM permission on the parent resource:
- chronicle.rules.create
-
- API reference:
- https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules/create
- https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules#Rule
+Sample Commands (run from api_samples_python dir):
+  python3 -m detect.v1alpha.create_rule \
+    --region $region \
+    --project_instance $project_instance \
+    --project_id $PROJECT_ID \
+    --rule_file=./path/to/rule/rulename.yaral
+
+API reference:
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules/create
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules#Rule
 """
 
 import argparse
 import json
 from typing import Any, Mapping
 
-from google.auth.transport import requests
-
 from common import chronicle_auth
 from common import project_id
 from common import project_instance
 from common import regions
+from google.auth.transport import requests
+
+CHRONICLE_API_BASE_URL = "https://chronicle.googleapis.com"
 
 SCOPES = [
     "https://www.googleapis.com/auth/cloud-platform",
@@ -71,39 +68,20 @@ def create_rule(
     requests.exceptions.HTTPError: HTTP request resulted in an error
       (response.status_code >= 400).
   """
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL,
+      args.region
+  )
   # pylint: disable-next=line-too-long
   parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
-  url = f"https://{proj_region}-chronicle.googleapis.com/v1alpha/{parent}/rules"
+  url = f"{base_url_with_region}/v1alpha/{parent}/rules"
+
   body = {
       "text": rule_file_path.read(),
   }
+
+  # See API reference links at top of this file, for response format.
   response = http_session.request("POST", url, json=body)
-  # Expected server response:
-  # {
-  #   # pylint: disable=line-too-long
-  #   "name": "projects/{project}/locations/{location}/instances/{instance}/rules/{rule_id}",
-  #   "revisionId": "v_{10_digits}_{9_digits}",
-  #   "displayName": "{rule_name}",
-  #   "text": "{rule_content}",
-  #   "author": str,
-  #   "severity": {
-  #     "displayName": str
-  #   },
-  #   "metadata": {
-  #     "{key_1}": "{value_1}",
-  #     ...
-  #   },
-  #   "createTime": "yyyy-MM-ddThh:mm:ss.ssssssZ",
-  #   "revisionCreateTime": "yyyy-MM-ddThh:mm:ss.ssssssZ"
-  #   "compilationState": "SUCCEEDED",
-  #   "type": "{{SINGLE,MULTI}_EVENT,RULE_TYPE_UNSPECIFIED}",
-  #   "referenceLists": [str],
-  #   "allowedRunFrequencies": [
-  #     str,
-  #     ...
-  #   ],
-  #   "etag": str
-  # }
   if response.status_code >= 400:
     print(response.text)
   response.raise_for_status()
diff --git a/detect/v1alpha/get_rule.py b/detect/v1alpha/get_rule.py
@@ -0,0 +1,120 @@
+#!/usr/bin/env python3
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+r"""Executable sample for getting a rule.
+
+Sample Commands (run from api_samples_python dir):
+  python3 -m detect.v1alpha.get_rule -r=<region> -p=<project_id> \
+      -i=<instance_id> -rid=<rule_id>
+
+  python3 -m detect.v1alpha.get_rule -r=<region> -p=<project_id> \
+      -i=<instance_id> -rid=<rule_id>@v_<seconds>_<nanoseconds>
+
+API reference:
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules/get
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules#Rule
+"""
+
+import argparse
+import json
+
+from typing import Any, Mapping
+from common import chronicle_auth
+from common import project_id
+from common import project_instance
+from common import regions
+from google.auth.transport import requests
+
+CHRONICLE_API_BASE_URL = "https://chronicle.googleapis.com"
+
+SCOPES = [
+    "https://www.googleapis.com/auth/cloud-platform",
+]
+
+
+def get_rule(
+    http_session: requests.AuthorizedSession,
+    proj_region: str,
+    proj_id: str,
+    proj_instance: str,
+    rule_id: str,
+) -> Mapping[str, Any]:
+  """Get a rule.
+
+  Args:
+    http_session: Authorized session for HTTP requests.
+    proj_region: region in which the target project is located
+    proj_id: GCP project id or number which the target instance belongs to
+    proj_instance: uuid of the instance (with dashes)
+    rule_id: Unique ID of the detection rule to retrieve ("ru_<UUID>" or
+      "ru_<UUID>@v_<seconds>_<nanoseconds>"). If a version suffix isn't
+      specified we use the rule's latest version.
+
+  Returns:
+    a rule object containing relevant rule's information
+  Raises:
+    requests.exceptions.HTTPError: HTTP request resulted in an error
+      (response.status_code >= 400).
+  """
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL,
+      args.region
+  )
+  # pylint: disable-next=line-too-long
+  parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
+  url = f"{base_url_with_region}/v1alpha/{parent}/rules/{rule_id}"
+
+  # See API reference links at top of this file, for response format.
+  response = http_session.request("GET", url)
+  if response.status_code >= 400:
+    print(response.text)
+  response.raise_for_status()
+  return response.json()
+
+
+if __name__ == "__main__":
+  parser = argparse.ArgumentParser()
+  chronicle_auth.add_argument_credentials_file(parser)
+  project_instance.add_argument_project_instance(parser)
+  project_id.add_argument_project_id(parser)
+  regions.add_argument_region(parser)
+  parser.add_argument(
+      "-rid",
+      "--rule_id",
+      type=str,
+      required=True,
+      help=(
+          'rule ID to get rule for. can use both "ru_<UUID>" or'
+          ' "ru_<UUID>@v_<seconds>_<nanoseconds>"'
+      ),
+  )
+  args = parser.parse_args()
+  auth_session = chronicle_auth.initialize_http_session(
+      args.credentials_file,
+      SCOPES
+  )
+  print(
+      json.dumps(
+          get_rule(
+              auth_session,
+              args.region,
+              args.project_id,
+              args.project_instance,
+              args.rule_id
+          ),
+          indent=2,
+      )
+  )
diff --git a/detect/v1alpha/list_rules.py b/detect/v1alpha/list_rules.py
@@ -14,18 +14,28 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-"""Executable and reusable sample for retrieving a list of rules."""
+r"""Executable and reusable sample for retrieving a list of rules.
+
+Sample Commands (run from api_samples_python dir):
+  python3 -m detect.v1alpha.list_rules -r=<region> \
+      -p=<project_id> -i=<instance_id>
+
+API reference:
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules/list
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules#Rule
+"""
 
 import argparse
 import json
-from typing import Mapping, Any
-
-from google.auth.transport import requests
+from typing import Any, Mapping
 
 from common import chronicle_auth
 from common import project_id
 from common import project_instance
 from common import regions
+from google.auth.transport import requests
+
+CHRONICLE_API_BASE_URL = "https://chronicle.googleapis.com"
 
 SCOPES = [
     "https://www.googleapis.com/auth/cloud-platform",
@@ -51,10 +61,15 @@ def list_rules(
     requests.exceptions.HTTPError: HTTP request resulted in an error
       (response.status_code >= 400).
   """
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL,
+      args.region
+  )
   # pylint: disable-next=line-too-long
   parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
-  url = f"https://{proj_region}-chronicle.googleapis.com/v1alpha/{parent}/rules"
+  url = f"{base_url_with_region}/v1alpha/{parent}/rules"
 
+  # See API reference links at top of this file, for response format.
   response = http_session.request("GET", url)
   if response.status_code >= 400:
     print(response.text)
