Add sample code for GetGCPLogFlowFilter.

Chronicle Team · copybara-github · commit c379a6e64c09 · 2021-11-03T13:25:08.000-07:00
PiperOrigin-RevId: 407411819
diff --git a/service_management/get_gcp_log_flow_filter.py b/service_management/get_gcp_log_flow_filter.py
@@ -0,0 +1,97 @@
+#!/usr/bin/env python3
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+"""Executable and reusable sample for getting GCP log flow filter.
+
+In Chronicle, customers can associate their GCP organizations with their
+Chronicle instances to make Chronicle ingestion their logs. On top of that,
+customers can control what kinds of logs will go into Chronicle by filters.
+This example provides a programmatic way to get such filters.
+"""
+
+import argparse
+import re
+import sys
+from typing import Optional, Sequence
+
+from google.auth.transport import requests
+
+from common import chronicle_auth
+
+SERVICE_MANAGEMENT_API_BASE_URL = "https://chronicleservicemanager.googleapis.com"
+
+AUTHORIZATION_SCOPES = ["https://www.googleapis.com/auth/cloud-platform"]
+
+PATTERN = re.compile(r"[a-z\d]{8}-[a-z\d]{4}-[a-z\d]{4}-[a-z\d]{4}-[a-z\d]{12}")
+
+
+def initialize_command_line_args(
+    args: Optional[Sequence[str]] = None) -> Optional[argparse.Namespace]:
+  """Initializes and checks all the command-line arguments."""
+  parser = argparse.ArgumentParser()
+  chronicle_auth.add_argument_credentials_file(parser)
+  parser.add_argument(
+      "--organization_id",
+      type=int,
+      required=True,
+      help="the GCP organization ID that the filter belongs to")
+  parser.add_argument(
+      "--filter_id", type=str, required=True, help="UUID of the filter")
+
+  # Sanity checks for the command-line arguments.
+  parsed_args = parser.parse_args(args)
+  if parsed_args.organization_id >= 2**64 or parsed_args.organization_id < 0:
+    print("Error: organization ID should not be bigger than 2^64")
+    return None
+  if PATTERN.fullmatch(parsed_args.filter_id) is None:
+    print("Error: filter ID is invalid")
+    return None
+
+  return parsed_args
+
+
+def get_gcp_log_flow_filter(http_session: requests.AuthorizedSession,
+                            organization_id: int, filter_id: str) -> None:
+  """Gets GCP log flow filter for the given GCP organization.
+
+  Args:
+    http_session: Authorized session for HTTP requests.
+    organization_id: GCP organization ID that the filter belongs to.
+    filter_id: UUID for the filter. One can get such UUID by calling
+      GetGCPSettings API.
+
+  Raises:
+    requests.exceptions.HTTPError: HTTP request resulted in an error
+      (response.status_code >= 400).
+  """
+  name = f"organizations/{organization_id}/gcpAssociations/{organization_id}/gcpLogFlowFilters/{filter_id}"
+  url = f"{SERVICE_MANAGEMENT_API_BASE_URL}/v1/{name}"
+
+  response = http_session.request("GET", url)
+
+  if response.status_code >= 400:
+    print(response.text)
+  response.raise_for_status()
+
+
+if __name__ == "__main__":
+  cli = initialize_command_line_args()
+  if not cli:
+    sys.exit(1)  # A sanity check failed.
+
+  session = chronicle_auth.initialize_http_session(
+      cli.credentials_file, scopes=AUTHORIZATION_SCOPES)
+  get_gcp_log_flow_filter(session, cli.organization_id, cli.filter_id)
diff --git a/service_management/get_gcp_log_flow_filter_test.py b/service_management/get_gcp_log_flow_filter_test.py
@@ -0,0 +1,77 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+"""Tests for the "get_gcp_log_flow_filter" module."""
+
+import unittest
+from unittest import mock
+
+from google.auth.transport import requests
+
+from . import get_gcp_log_flow_filter
+
+DUMMY_FILTER_ID = "00000000-0000-0000-0000-000000000000"
+
+
+class GetGCPLogFlowFilter(unittest.TestCase):
+
+  def test_initialize_command_line_args(self):
+    actual = get_gcp_log_flow_filter.initialize_command_line_args([
+        "--credentials_file=./foo.json", "--organization_id=123",
+        f"--filter_id={DUMMY_FILTER_ID}"
+    ])
+    self.assertIsNotNone(actual)
+
+  def test_initialize_command_line_args_organization_id_too_big(self):
+    invalid_organization_id = 2**64
+    actual = get_gcp_log_flow_filter.initialize_command_line_args([
+        f"--organization_id={invalid_organization_id}",
+        f"--filter_id={DUMMY_FILTER_ID}"
+    ])
+    self.assertIsNone(actual)
+
+  def test_initialize_command_line_args_negative_organization_id(self):
+    actual = get_gcp_log_flow_filter.initialize_command_line_args(
+        ["--organization_id=-1", f"--filter_id={DUMMY_FILTER_ID}"])
+    self.assertIsNone(actual)
+
+  def test_initialize_command_line_args_invalid_filter_id(self):
+    actual = get_gcp_log_flow_filter.initialize_command_line_args(
+        ["--organization_id=123", "--filter_id=123"])
+    self.assertIsNone(actual)
+
+  @mock.patch.object(requests, "AuthorizedSession", autospec=True)
+  @mock.patch.object(requests.requests, "Response", autospec=True)
+  def test_http_error(self, mock_response, mock_session):
+    mock_session.request.return_value = mock_response
+    type(mock_response).status_code = mock.PropertyMock(return_value=400)
+    mock_response.raise_for_status.side_effect = (
+        requests.requests.exceptions.HTTPError())
+
+    with self.assertRaises(requests.requests.exceptions.HTTPError):
+      get_gcp_log_flow_filter.get_gcp_log_flow_filter(mock_session, 123,
+                                                      DUMMY_FILTER_ID)
+
+  @mock.patch.object(requests, "AuthorizedSession", autospec=True)
+  @mock.patch.object(requests.requests, "Response", autospec=True)
+  def test_happy_path(self, mock_response, mock_session):
+    mock_session.request.return_value = mock_response
+    type(mock_response).status_code = mock.PropertyMock(return_value=200)
+
+    get_gcp_log_flow_filter.get_gcp_log_flow_filter(mock_session, 123,
+                                                    DUMMY_FILTER_ID)
+
+
+if __name__ == "__main__":
+  unittest.main()
