Add sample code for DeleteGCPAssociation.

Chronicle Team · copybara-github · commit ad42b4e9070c · 2021-11-01T12:29:36.000-07:00
PiperOrigin-RevId: 406890769
diff --git a/service_management/delete_gcp_association.py b/service_management/delete_gcp_association.py
@@ -0,0 +1,86 @@
+#!/usr/bin/env python3
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+"""Executable and reusable sample for deleting a GCP association.
+
+In Chronicle, customers can associate their GCP organizations with their
+Chronicle instances. This example provides a programmatic way to delete such
+association.
+"""
+
+import argparse
+import sys
+from typing import Optional, Sequence
+
+from google.auth.transport import requests
+
+from common import chronicle_auth
+
+SERVICE_MANAGEMENT_API_BASE_URL = "https://chronicleservicemanager.googleapis.com"
+
+AUTHORIZATION_SCOPES = ["https://www.googleapis.com/auth/cloud-platform"]
+
+
+def initialize_command_line_args(
+    args: Optional[Sequence[str]] = None) -> Optional[argparse.Namespace]:
+  """Initializes and checks all the command-line arguments."""
+  parser = argparse.ArgumentParser()
+  chronicle_auth.add_argument_credentials_file(parser)
+  parser.add_argument(
+      "--organization_id",
+      type=int,
+      required=True,
+      help="the GCP organization ID for the association")
+
+  # Sanity checks for the command-line arguments.
+  parsed_args = parser.parse_args(args)
+  if parsed_args.organization_id >= 2**64 or parsed_args.organization_id < 0:
+    print("Error: organization ID should not be bigger than 2^64")
+    return None
+
+  return parsed_args
+
+
+def delete_gcp_association(http_session: requests.AuthorizedSession,
+                           organization_id: int) -> None:
+  """Deletes a GCP association with Chronicle.
+
+  Args:
+    http_session: Authorized session for HTTP requests.
+    organization_id: GCP organization ID for the association.
+
+  Raises:
+    requests.exceptions.HTTPError: HTTP request resulted in an error
+      (response.status_code >= 400).
+  """
+  name = f"organizations/{organization_id}/gcpAssociations/{organization_id}"
+  url = f"{SERVICE_MANAGEMENT_API_BASE_URL}/v1/{name}"
+
+  response = http_session.request("DELETE", url)
+
+  if response.status_code >= 400:
+    print(response.text)
+  response.raise_for_status()
+
+
+if __name__ == "__main__":
+  cli = initialize_command_line_args()
+  if not cli:
+    sys.exit(1)  # A sanity check failed.
+
+  session = chronicle_auth.initialize_http_session(
+      cli.credentials_file, scopes=AUTHORIZATION_SCOPES)
+  delete_gcp_association(session, cli.organization_id)
diff --git a/service_management/delete_gcp_association_test.py b/service_management/delete_gcp_association_test.py
@@ -0,0 +1,64 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+"""Tests for the "delete_gcp_association" module."""
+
+import unittest
+from unittest import mock
+
+from google.auth.transport import requests
+
+from . import delete_gcp_association
+
+
+class DeleteGCPAssociationTest(unittest.TestCase):
+
+  def test_initialize_command_line_args(self):
+    actual = delete_gcp_association.initialize_command_line_args(
+        ["--credentials_file=./foo.json", "--organization_id=123"])
+    self.assertIsNotNone(actual)
+
+  def test_initialize_command_line_args_organization_id_too_big(self):
+    invalid_organization_id = 2**64
+    actual = delete_gcp_association.initialize_command_line_args(
+        [f"--organization_id={invalid_organization_id}"])
+    self.assertIsNone(actual)
+
+  def test_initialize_command_line_args_negative_organization_id(self):
+    actual = delete_gcp_association.initialize_command_line_args(
+        ["--organization_id=-1"])
+    self.assertIsNone(actual)
+
+  @mock.patch.object(requests, "AuthorizedSession", autospec=True)
+  @mock.patch.object(requests.requests, "Response", autospec=True)
+  def test_http_error(self, mock_response, mock_session):
+    mock_session.request.return_value = mock_response
+    type(mock_response).status_code = mock.PropertyMock(return_value=400)
+    mock_response.raise_for_status.side_effect = (
+        requests.requests.exceptions.HTTPError())
+
+    with self.assertRaises(requests.requests.exceptions.HTTPError):
+      delete_gcp_association.delete_gcp_association(mock_session, 123)
+
+  @mock.patch.object(requests, "AuthorizedSession", autospec=True)
+  @mock.patch.object(requests.requests, "Response", autospec=True)
+  def test_happy_path(self, mock_response, mock_session):
+    mock_session.request.return_value = mock_response
+    type(mock_response).status_code = mock.PropertyMock(return_value=200)
+
+    delete_gcp_association.delete_gcp_association(mock_session, 123)
+
+
+if __name__ == "__main__":
+  unittest.main()
