From 1d95b573ec706ea57345f755b40318ae747703ef Mon Sep 17 00:00:00 2001
From: Jason Wong <wojason@google.com>
Date: Tue, 6 Feb 2024 10:57:16 -0800
Subject: [PATCH] No public description

PiperOrigin-RevId: 604701035
---
 common/regions.py             |  16 +++++
 detect/v1alpha/__init__.py    |  14 ++++
 detect/v1alpha/create_rule.py |  35 +++++-----
 detect/v1alpha/get_rule.py    | 117 ++++++++++++++++++++++++++++++++++
 detect/v1alpha/list_rules.py  |  24 +++++--
 5 files changed, 183 insertions(+), 23 deletions(-)
 create mode 100644 detect/v1alpha/__init__.py
 create mode 100644 detect/v1alpha/get_rule.py

diff --git a/common/regions.py b/common/regions.py
index 68cfa38..d3da8c1 100644
--- a/common/regions.py
+++ b/common/regions.py
@@ -52,3 +52,19 @@ def url(base_url: str, region: str) -> str:
   if region != "us":
     base_url = base_url.replace("https://", f"https://{region}-")
   return base_url
+
+
+def url_always_prepend_region(base_url: str, region: str) -> str:
+  """Returns a regionalized URL.
+
+  Args:
+    base_url: URL pointing to Chronicle API
+    region: region in which the target project is located
+
+  Returns:
+    A string containing a regionalized URL. Unlike the url() function,
+    this function always prepends region.
+    v1alpha samples should use this function.
+  """
+  base_url = base_url.replace("https://", f"https://{region}-")
+  return base_url
diff --git a/detect/v1alpha/__init__.py b/detect/v1alpha/__init__.py
new file mode 100644
index 0000000..1ee14b7
--- /dev/null
+++ b/detect/v1alpha/__init__.py
@@ -0,0 +1,14 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/detect/v1alpha/create_rule.py b/detect/v1alpha/create_rule.py
index 727ae4a..cdcf350 100644
--- a/detect/v1alpha/create_rule.py
+++ b/detect/v1alpha/create_rule.py
@@ -16,32 +16,28 @@
 #
 r"""Executable and reusable sample for creating a detection rule.
 
- HTTP request
- POST https://chronicle.googleapis.com/v1alpha/{parent}/rules
-
- python3 -m detect.v1alpha.create_rule \
-   --project_instance $project_instance \
-   --project_id $PROJECT_ID \
-   --rule_file=./ip_in_abuseipdb_blocklist.yaral
-
- Requires the following IAM permission on the parent resource:
- chronicle.rules.create
-
- API reference:
- https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules/create
- https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules#Rule
+Sample Commands (run from api_samples_python dir):
+  python3 -m detect.v1alpha.create_rule \
+    --project_instance $project_instance \
+    --project_id $PROJECT_ID \
+    --rule_file=./ip_in_abuseipdb_blocklist.yaral
+
+API reference:
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules/create
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules#Rule
 """
 
 import argparse
 import json
 from typing import Any, Mapping
 
-from google.auth.transport import requests
-
 from common import chronicle_auth
 from common import project_id
 from common import project_instance
 from common import regions
+from google.auth.transport import requests
+
+CHRONICLE_API_BASE_URL = "https://chronicle.googleapis.com"
 
 SCOPES = [
     "https://www.googleapis.com/auth/cloud-platform",
@@ -71,9 +67,14 @@ def create_rule(
     requests.exceptions.HTTPError: HTTP request resulted in an error
       (response.status_code >= 400).
   """
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL,
+      args.region
+  )
   # pylint: disable-next=line-too-long
   parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
-  url = f"https://{proj_region}-chronicle.googleapis.com/v1alpha/{parent}/rules"
+  url = f"{base_url_with_region}/v1alpha/{parent}/rules"
+
   body = {
       "text": rule_file_path.read(),
   }
diff --git a/detect/v1alpha/get_rule.py b/detect/v1alpha/get_rule.py
new file mode 100644
index 0000000..dc01545
--- /dev/null
+++ b/detect/v1alpha/get_rule.py
@@ -0,0 +1,117 @@
+#!/usr/bin/env python3
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+r"""Executable sample for getting a rule.
+
+Sample Commands (run from api_samples_python dir):
+  python3 -m detect.v1alpha.get_rule -r=us -p=<project_id> -i=<instance_id> \
+      -rid=<rule_id>
+
+  python3 -m detect.v1alpha.get_rule -r=us -p=<project_id> -i=<instance_id> \
+      -rid=<rule_id>@v_<seconds>_<nanoseconds>
+    
+API reference:
+https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules/get
+"""
+
+import argparse
+import json
+
+from typing import Any, Mapping
+from common import chronicle_auth
+from common import project_id
+from common import project_instance
+from common import regions
+from google.auth.transport import requests
+
+CHRONICLE_API_BASE_URL = "https://chronicle.googleapis.com"
+
+SCOPES = [
+    "https://www.googleapis.com/auth/cloud-platform",
+]
+
+
+def get_rule(
+    http_session: requests.AuthorizedSession,
+    proj_region: str,
+    proj_id: str,
+    proj_instance: str,
+    rule_id: str,
+) -> Mapping[str, Any]:
+  r"""Get a rule.
+
+  Args:
+    http_session: Authorized session for HTTP requests.
+    proj_region: region in which the target project is located
+    proj_id: GCP project id or number which the target instance belongs to
+    proj_instance: uuid of the instance (with dashes)
+    rule_id: Unique ID of the detection rule to retrieve ("ru_<UUID>" or
+      "ru_<UUID>@v_<seconds>_<nanoseconds>"). If a version suffix isn't
+      specified we use the rule's latest version.
+
+  Returns:
+    a rule object containing relevant rule's information
+  Raises:
+    requests.exceptions.HTTPError: HTTP request resulted in an error
+      (response.status_code >= 400).
+  """
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL,
+      args.region
+  )
+  # pylint: disable-next=line-too-long
+  parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
+  url = f"{base_url_with_region}/v1alpha/{parent}/rules/{rule_id}"
+  response = http_session.request("GET", url)
+  if response.status_code >= 400:
+    print(response.text)
+  response.raise_for_status()
+  return response.json()
+
+
+if __name__ == "__main__":
+  parser = argparse.ArgumentParser()
+  chronicle_auth.add_argument_credentials_file(parser)
+  project_instance.add_argument_project_instance(parser)
+  project_id.add_argument_project_id(parser)
+  regions.add_argument_region(parser)
+  parser.add_argument(
+      "-rid",
+      "--rule_id",
+      type=str,
+      required=True,
+      help=(
+          'rule ID to get rule for. can use both "ru_<UUID>" or'
+          ' "ru_<UUID>@v_<seconds>_<nanoseconds>"'
+      ),
+  )
+  args = parser.parse_args()
+  auth_session = chronicle_auth.initialize_http_session(
+      args.credentials_file,
+      SCOPES
+  )
+  print(
+      json.dumps(
+          get_rule(
+              auth_session,
+              args.region,
+              args.project_id,
+              args.project_instance,
+              args.rule_id
+          ),
+          indent=2,
+      )
+  )
diff --git a/detect/v1alpha/list_rules.py b/detect/v1alpha/list_rules.py
index 7af30ee..4993df7 100644
--- a/detect/v1alpha/list_rules.py
+++ b/detect/v1alpha/list_rules.py
@@ -14,18 +14,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-"""Executable and reusable sample for retrieving a list of rules."""
+r"""Executable and reusable sample for retrieving a list of rules.
+
+Sample Commands (run from api_samples_python dir):
+  python3 -m detect.v1alpha.list_rules -r=us -p=<project_id> -i=<instance_id>
+
+API reference:
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.rules/list
+"""
 
 import argparse
 import json
-from typing import Mapping, Any
-
-from google.auth.transport import requests
+from typing import Any, Mapping
 
 from common import chronicle_auth
 from common import project_id
 from common import project_instance
 from common import regions
+from google.auth.transport import requests
+
+CHRONICLE_API_BASE_URL = "https://chronicle.googleapis.com"
 
 SCOPES = [
     "https://www.googleapis.com/auth/cloud-platform",
@@ -49,11 +57,15 @@ def list_rules(
     Array containing information about rules.
   Raises:
     requests.exceptions.HTTPError: HTTP request resulted in an error
-      (response.status_code >= 400).
+      (response.status_code >= 400).  
   """
+  base_url_with_region = regions.url_always_prepend_region(
+      CHRONICLE_API_BASE_URL,
+      args.region
+  )
   # pylint: disable-next=line-too-long
   parent = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
-  url = f"https://{proj_region}-chronicle.googleapis.com/v1alpha/{parent}/rules"
+  url = f"{base_url_with_region}/v1alpha/{parent}/rules"
 
   response = http_session.request("GET", url)
   if response.status_code >= 400: