Add parser validation APIs and log-type CLI commands#201
Add parser validation APIs and log-type CLI commands#201ishree-dev wants to merge 2 commits intogoogle:mainfrom
Conversation
| raise SecOpsError(f"No parsers found for log type: {log_type}") | ||
|
|
||
| # Use the first parser's name (which includes the UUID) | ||
| parser_name = parsers_data["parsers"][0]["name"] |
There was a problem hiding this comment.
What's the logic to choose the first parser among multiple?
There was a problem hiding this comment.
multiple isnt supported right?
There was a problem hiding this comment.
Are we letting the user know about that any how? We should add a log that multiple parsers are not supported if there are instead of directly choosing the first.
| APIError: If the API request fails. | ||
| """ | ||
| instance_id = client.instance_id | ||
| if customer_id and customer_id != client.customer_id: |
There was a problem hiding this comment.
Can we initialize the client itself with the correct customer id if you're anyway getting it in the argument?
There was a problem hiding this comment.
Check if the customer id is already available via the gcloud auth command. In that case no need to provide the customer id separately.
| ) | ||
|
|
||
| parsers_data = parsers_resp.json() | ||
| if not parsers_data.get("parsers"): |
There was a problem hiding this comment.
If no parser exists for that log type, why are we not triggering the github check api?
src/secops/cli/commands/log_type.py
Outdated
| result = chronicle.get_analysis_report(name=args.name) | ||
| output_formatter(result, args.output) | ||
| except APIError as e: | ||
| print(f"API error: {e}", file=sys.stderr) |
|
|
||
| result = mock_client.trigger_github_checks( | ||
| associated_pr="owner/repo/pull/123", | ||
| log_type="BRO_DNS", |
There was a problem hiding this comment.
Replace this with DUMMY_LOGTYPE
tests/cli/test_log_type.py
Outdated
| """Test successful trigger_checks command execution.""" | ||
| args = Namespace( | ||
| associated_pr="owner/repo/pull/123", | ||
| log_type="BRO_DNS", |
ishree-dev
force-pushed
the
cli-changes
branch
3 times, most recently
from
a119b36 to
d64e6e4
Compare
| if not isinstance(log_type, str) or len(log_type.strip()) < 2: | ||
| raise SecOpsError("log_type must be a valid string of length >= 2") | ||
| if customer_id is not None: | ||
| if not isinstance(customer_id, str) or len(customer_id.strip()) < 2: |
There was a problem hiding this comment.
Lets use pattern matching for Customer Id as its a UUID
|
LGTM! |
| # projects/*/locations/*/instances/*/logTypes/*/parsers/<UUID> | ||
| base_url = client.base_url(version="v1alpha") | ||
|
|
||
| # First get the list of parsers for this log_type to find a valid |
There was a problem hiding this comment.
Can we not utilize exiting list_parser(https://github.com/google/secops-wrapper/blob/main/src/secops/chronicle/parser.py#L251) instead?
| "pull_request": associated_pr, | ||
| } | ||
|
|
||
| response = client.session.post(url, json=payload, timeout=timeout) |
There was a problem hiding this comment.
Let's utilize chronicle_request utility method (https://github.com/google/secops-wrapper/blob/main/src/secops/chronicle/utils/request_utils.py#L190) to maintain request handling across.
| @@ -0,0 +1,159 @@ | |||
| # Copyright 2026 Google LLC | |||
There was a problem hiding this comment.
These methods seems like good fit to existing parser methods in parser.py.
It would be fine to add/move them into existing module instead of creating new one.
There was a problem hiding this comment.
removed parser_validation.py and added the logic in parser.py
4 participants
This PR introduces new SDK wrapper methods and CLI commands for Chronicle Parser Validation tooling. It specifically adds functionality to trigger GitHub checks for parsers and retrieve their corresponding analysis reports.
Key Changes:
New SDK Methods (src/secops/chronicle/client.py & parser_validation.py):
trigger_github_checks: Triggers a parser analysis report against an associated GitHub PR.
get_analysis_report: Retrieves a completed parser analysis report using its full resource name.
New CLI Commands (src/secops/cli/commands/log_type.py):
Testing (tests/):
Documentation:
Updated api_module_mapping.md to map logTypes.triggerGitHubChecks and logTypes.getParserAnalysisReport to their respective CLI counterparts.