diff --git a/.coveragerc b/.coveragerc index 554452e0..45cb273f 100644 --- a/.coveragerc +++ b/.coveragerc @@ -5,6 +5,7 @@ branch = True show_missing = True omit = google/cloud/securitycenter/__init__.py + google/cloud/securitycenter/gapic_version.py exclude_lines = # Re-enable the standard pragma pragma: NO COVER diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index 889f77df..5fc5daa3 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -13,4 +13,4 @@ # limitations under the License. docker: image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest - digest: sha256:c43f1d918bcf817d337aa29ff833439494a158a0831508fda4ec75dc4c0d0320 + digest: sha256:8555f0e37e6261408f792bfd6635102d2da5ad73f8f09bcb24f25e6afb5fac97 diff --git a/.kokoro/requirements.in b/.kokoro/requirements.in index cbd7e77f..882178ce 100644 --- a/.kokoro/requirements.in +++ b/.kokoro/requirements.in @@ -1,5 +1,5 @@ gcp-docuploader -gcp-releasetool +gcp-releasetool>=1.10.5 # required for compatibility with cryptography>=39.x importlib-metadata typing-extensions twine diff --git a/.kokoro/requirements.txt b/.kokoro/requirements.txt index 05dc4672..fa99c129 100644 --- a/.kokoro/requirements.txt +++ b/.kokoro/requirements.txt @@ -113,33 +113,28 @@ commonmark==0.9.1 \ --hash=sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60 \ --hash=sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9 # via rich -cryptography==38.0.3 \ - --hash=sha256:068147f32fa662c81aebab95c74679b401b12b57494872886eb5c1139250ec5d \ - --hash=sha256:06fc3cc7b6f6cca87bd56ec80a580c88f1da5306f505876a71c8cfa7050257dd \ - --hash=sha256:25c1d1f19729fb09d42e06b4bf9895212292cb27bb50229f5aa64d039ab29146 \ - --hash=sha256:402852a0aea73833d982cabb6d0c3bb582c15483d29fb7085ef2c42bfa7e38d7 \ - --hash=sha256:4e269dcd9b102c5a3d72be3c45d8ce20377b8076a43cbed6f660a1afe365e436 \ - --hash=sha256:5419a127426084933076132d317911e3c6eb77568a1ce23c3ac1e12d111e61e0 \ - --hash=sha256:554bec92ee7d1e9d10ded2f7e92a5d70c1f74ba9524947c0ba0c850c7b011828 \ - --hash=sha256:5e89468fbd2fcd733b5899333bc54d0d06c80e04cd23d8c6f3e0542358c6060b \ - --hash=sha256:65535bc550b70bd6271984d9863a37741352b4aad6fb1b3344a54e6950249b55 \ - --hash=sha256:6ab9516b85bebe7aa83f309bacc5f44a61eeb90d0b4ec125d2d003ce41932d36 \ - --hash=sha256:6addc3b6d593cd980989261dc1cce38263c76954d758c3c94de51f1e010c9a50 \ - --hash=sha256:728f2694fa743a996d7784a6194da430f197d5c58e2f4e278612b359f455e4a2 \ - --hash=sha256:785e4056b5a8b28f05a533fab69febf5004458e20dad7e2e13a3120d8ecec75a \ - --hash=sha256:78cf5eefac2b52c10398a42765bfa981ce2372cbc0457e6bf9658f41ec3c41d8 \ - --hash=sha256:7f836217000342d448e1c9a342e9163149e45d5b5eca76a30e84503a5a96cab0 \ - --hash=sha256:8d41a46251bf0634e21fac50ffd643216ccecfaf3701a063257fe0b2be1b6548 \ - --hash=sha256:984fe150f350a3c91e84de405fe49e688aa6092b3525f407a18b9646f6612320 \ - --hash=sha256:9b24bcff7853ed18a63cfb0c2b008936a9554af24af2fb146e16d8e1aed75748 \ - --hash=sha256:b1b35d9d3a65542ed2e9d90115dfd16bbc027b3f07ee3304fc83580f26e43249 \ - --hash=sha256:b1b52c9e5f8aa2b802d48bd693190341fae201ea51c7a167d69fc48b60e8a959 \ - --hash=sha256:bbf203f1a814007ce24bd4d51362991d5cb90ba0c177a9c08825f2cc304d871f \ - --hash=sha256:be243c7e2bfcf6cc4cb350c0d5cdf15ca6383bbcb2a8ef51d3c9411a9d4386f0 \ - --hash=sha256:bfbe6ee19615b07a98b1d2287d6a6073f734735b49ee45b11324d85efc4d5cbd \ - --hash=sha256:c46837ea467ed1efea562bbeb543994c2d1f6e800785bd5a2c98bc096f5cb220 \ - --hash=sha256:dfb4f4dd568de1b6af9f4cda334adf7d72cf5bc052516e1b2608b683375dd95c \ - --hash=sha256:ed7b00096790213e09eb11c97cc6e2b757f15f3d2f85833cd2d3ec3fe37c1722 +cryptography==39.0.1 \ + --hash=sha256:0f8da300b5c8af9f98111ffd512910bc792b4c77392a9523624680f7956a99d4 \ + --hash=sha256:35f7c7d015d474f4011e859e93e789c87d21f6f4880ebdc29896a60403328f1f \ + --hash=sha256:5aa67414fcdfa22cf052e640cb5ddc461924a045cacf325cd164e65312d99502 \ + --hash=sha256:5d2d8b87a490bfcd407ed9d49093793d0f75198a35e6eb1a923ce1ee86c62b41 \ + --hash=sha256:6687ef6d0a6497e2b58e7c5b852b53f62142cfa7cd1555795758934da363a965 \ + --hash=sha256:6f8ba7f0328b79f08bdacc3e4e66fb4d7aab0c3584e0bd41328dce5262e26b2e \ + --hash=sha256:706843b48f9a3f9b9911979761c91541e3d90db1ca905fd63fee540a217698bc \ + --hash=sha256:807ce09d4434881ca3a7594733669bd834f5b2c6d5c7e36f8c00f691887042ad \ + --hash=sha256:83e17b26de248c33f3acffb922748151d71827d6021d98c70e6c1a25ddd78505 \ + --hash=sha256:96f1157a7c08b5b189b16b47bc9db2332269d6680a196341bf30046330d15388 \ + --hash=sha256:aec5a6c9864be7df2240c382740fcf3b96928c46604eaa7f3091f58b878c0bb6 \ + --hash=sha256:b0afd054cd42f3d213bf82c629efb1ee5f22eba35bf0eec88ea9ea7304f511a2 \ + --hash=sha256:ced4e447ae29ca194449a3f1ce132ded8fcab06971ef5f618605aacaa612beac \ + --hash=sha256:d1f6198ee6d9148405e49887803907fe8962a23e6c6f83ea7d98f1c0de375695 \ + --hash=sha256:e124352fd3db36a9d4a21c1aa27fd5d051e621845cb87fb851c08f4f75ce8be6 \ + --hash=sha256:e422abdec8b5fa8462aa016786680720d78bdce7a30c652b7fadf83a4ba35336 \ + --hash=sha256:ef8b72fa70b348724ff1218267e7f7375b8de4e8194d1636ee60510aae104cd0 \ + --hash=sha256:f0c64d1bd842ca2633e74a1a28033d139368ad959872533b1bab8c80e8240a0c \ + --hash=sha256:f24077a3b5298a5a06a8e0536e3ea9ec60e4c7ac486755e5fb6e6ea9b3500106 \ + --hash=sha256:fdd188c8a6ef8769f148f88f859884507b954cc64db6b52f66ef199bb9ad660a \ + --hash=sha256:fe913f20024eb2cb2f323e42a64bdf2911bb9738a15dba7d3cce48151034e3a8 # via # gcp-releasetool # secretstorage @@ -159,9 +154,9 @@ gcp-docuploader==0.6.4 \ --hash=sha256:01486419e24633af78fd0167db74a2763974765ee8078ca6eb6964d0ebd388af \ --hash=sha256:70861190c123d907b3b067da896265ead2eeb9263969d6955c9e0bb091b5ccbf # via -r requirements.in -gcp-releasetool==1.10.0 \ - --hash=sha256:72a38ca91b59c24f7e699e9227c90cbe4dd71b789383cb0164b088abae294c83 \ - --hash=sha256:8c7c99320208383d4bb2b808c6880eb7a81424afe7cdba3c8d84b25f4f0e097d +gcp-releasetool==1.10.5 \ + --hash=sha256:174b7b102d704b254f2a26a3eda2c684fd3543320ec239baf771542a2e58e109 \ + --hash=sha256:e29d29927fe2ca493105a82958c6873bb2b90d503acac56be2c229e74de0eec9 # via -r requirements.in google-api-core==2.10.2 \ --hash=sha256:10c06f7739fe57781f87523375e8e1a3a4674bf6392cd6131a3222182b971320 \ diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 1a4b3641..d0d087a3 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "1.18.2" + ".": "1.19.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d203ac3..196e4579 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ [1]: https://pypi.org/project/google-cloud-securitycenter/#history +## [1.19.0](https://github.com/googleapis/python-securitycenter/compare/v1.18.2...v1.19.0) (2023-02-28) + + +### Features + +* Enable "rest" transport in Python for services supporting numeric enums ([#439](https://github.com/googleapis/python-securitycenter/issues/439)) ([1e85d04](https://github.com/googleapis/python-securitycenter/commit/1e85d04f789a0e623f410952bae1185f0d0e87ba)) + ## [1.18.2](https://github.com/googleapis/python-securitycenter/compare/v1.18.1...v1.18.2) (2023-01-20) diff --git a/google/cloud/securitycenter/gapic_version.py b/google/cloud/securitycenter/gapic_version.py index 83612d7b..86f8ab82 100644 --- a/google/cloud/securitycenter/gapic_version.py +++ b/google/cloud/securitycenter/gapic_version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -__version__ = "1.18.2" # {x-release-please-version} +__version__ = "1.19.0" # {x-release-please-version} diff --git a/google/cloud/securitycenter_v1/__init__.py b/google/cloud/securitycenter_v1/__init__.py index 0152ba9b..82e69b65 100644 --- a/google/cloud/securitycenter_v1/__init__.py +++ b/google/cloud/securitycenter_v1/__init__.py @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -from google.cloud.securitycenter import gapic_version as package_version +from google.cloud.securitycenter_v1 import gapic_version as package_version __version__ = package_version.__version__ diff --git a/google/cloud/securitycenter_v1/gapic_metadata.json b/google/cloud/securitycenter_v1/gapic_metadata.json index 2bae9fa8..17110f05 100644 --- a/google/cloud/securitycenter_v1/gapic_metadata.json +++ b/google/cloud/securitycenter_v1/gapic_metadata.json @@ -376,6 +376,191 @@ ] } } + }, + "rest": { + "libraryClient": "SecurityCenterClient", + "rpcs": { + "BulkMuteFindings": { + "methods": [ + "bulk_mute_findings" + ] + }, + "CreateBigQueryExport": { + "methods": [ + "create_big_query_export" + ] + }, + "CreateFinding": { + "methods": [ + "create_finding" + ] + }, + "CreateMuteConfig": { + "methods": [ + "create_mute_config" + ] + }, + "CreateNotificationConfig": { + "methods": [ + "create_notification_config" + ] + }, + "CreateSource": { + "methods": [ + "create_source" + ] + }, + "DeleteBigQueryExport": { + "methods": [ + "delete_big_query_export" + ] + }, + "DeleteMuteConfig": { + "methods": [ + "delete_mute_config" + ] + }, + "DeleteNotificationConfig": { + "methods": [ + "delete_notification_config" + ] + }, + "GetBigQueryExport": { + "methods": [ + "get_big_query_export" + ] + }, + "GetIamPolicy": { + "methods": [ + "get_iam_policy" + ] + }, + "GetMuteConfig": { + "methods": [ + "get_mute_config" + ] + }, + "GetNotificationConfig": { + "methods": [ + "get_notification_config" + ] + }, + "GetOrganizationSettings": { + "methods": [ + "get_organization_settings" + ] + }, + "GetSource": { + "methods": [ + "get_source" + ] + }, + "GroupAssets": { + "methods": [ + "group_assets" + ] + }, + "GroupFindings": { + "methods": [ + "group_findings" + ] + }, + "ListAssets": { + "methods": [ + "list_assets" + ] + }, + "ListBigQueryExports": { + "methods": [ + "list_big_query_exports" + ] + }, + "ListFindings": { + "methods": [ + "list_findings" + ] + }, + "ListMuteConfigs": { + "methods": [ + "list_mute_configs" + ] + }, + "ListNotificationConfigs": { + "methods": [ + "list_notification_configs" + ] + }, + "ListSources": { + "methods": [ + "list_sources" + ] + }, + "RunAssetDiscovery": { + "methods": [ + "run_asset_discovery" + ] + }, + "SetFindingState": { + "methods": [ + "set_finding_state" + ] + }, + "SetIamPolicy": { + "methods": [ + "set_iam_policy" + ] + }, + "SetMute": { + "methods": [ + "set_mute" + ] + }, + "TestIamPermissions": { + "methods": [ + "test_iam_permissions" + ] + }, + "UpdateBigQueryExport": { + "methods": [ + "update_big_query_export" + ] + }, + "UpdateExternalSystem": { + "methods": [ + "update_external_system" + ] + }, + "UpdateFinding": { + "methods": [ + "update_finding" + ] + }, + "UpdateMuteConfig": { + "methods": [ + "update_mute_config" + ] + }, + "UpdateNotificationConfig": { + "methods": [ + "update_notification_config" + ] + }, + "UpdateOrganizationSettings": { + "methods": [ + "update_organization_settings" + ] + }, + "UpdateSecurityMarks": { + "methods": [ + "update_security_marks" + ] + }, + "UpdateSource": { + "methods": [ + "update_source" + ] + } + } } } } diff --git a/google/cloud/securitycenter_v1/gapic_version.py b/google/cloud/securitycenter_v1/gapic_version.py index 83612d7b..86f8ab82 100644 --- a/google/cloud/securitycenter_v1/gapic_version.py +++ b/google/cloud/securitycenter_v1/gapic_version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -__version__ = "1.18.2" # {x-release-please-version} +__version__ = "1.19.0" # {x-release-please-version} diff --git a/google/cloud/securitycenter_v1/services/security_center/async_client.py b/google/cloud/securitycenter_v1/services/security_center/async_client.py index a93d8342..cf0772e8 100644 --- a/google/cloud/securitycenter_v1/services/security_center/async_client.py +++ b/google/cloud/securitycenter_v1/services/security_center/async_client.py @@ -46,6 +46,7 @@ from google.api_core import operation_async # type: ignore from google.iam.v1 import iam_policy_pb2 # type: ignore from google.iam.v1 import policy_pb2 # type: ignore +from google.longrunning import operations_pb2 from google.protobuf import empty_pb2 # type: ignore from google.protobuf import field_mask_pb2 # type: ignore from google.protobuf import timestamp_pb2 # type: ignore @@ -4700,6 +4701,223 @@ async def sample_list_big_query_exports(): # Done; return the response. return response + async def list_operations( + self, + request: Optional[operations_pb2.ListOperationsRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.ListOperationsResponse: + r"""Lists operations that match the specified filter in the request. + + Args: + request (:class:`~.operations_pb2.ListOperationsRequest`): + The request object. Request message for + `ListOperations` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.operations_pb2.ListOperationsResponse: + Response message for ``ListOperations`` method. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.ListOperationsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._client._transport.list_operations, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_operation( + self, + request: Optional[operations_pb2.GetOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + r"""Gets the latest state of a long-running operation. + + Args: + request (:class:`~.operations_pb2.GetOperationRequest`): + The request object. Request message for + `GetOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.operations_pb2.Operation: + An ``Operation`` object. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.GetOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._client._transport.get_operation, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def delete_operation( + self, + request: Optional[operations_pb2.DeleteOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + r"""Deletes a long-running operation. + + This method indicates that the client is no longer interested + in the operation result. It does not cancel the operation. + If the server doesn't support this method, it returns + `google.rpc.Code.UNIMPLEMENTED`. + + Args: + request (:class:`~.operations_pb2.DeleteOperationRequest`): + The request object. Request message for + `DeleteOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + None + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.DeleteOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._client._transport.delete_operation, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + async def cancel_operation( + self, + request: Optional[operations_pb2.CancelOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + r"""Starts asynchronous cancellation on a long-running operation. + + The server makes a best effort to cancel the operation, but success + is not guaranteed. If the server doesn't support this method, it returns + `google.rpc.Code.UNIMPLEMENTED`. + + Args: + request (:class:`~.operations_pb2.CancelOperationRequest`): + The request object. Request message for + `CancelOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + None + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.CancelOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._client._transport.cancel_operation, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + async def __aenter__(self): return self diff --git a/google/cloud/securitycenter_v1/services/security_center/client.py b/google/cloud/securitycenter_v1/services/security_center/client.py index 6d2cfae7..cbab8a8f 100644 --- a/google/cloud/securitycenter_v1/services/security_center/client.py +++ b/google/cloud/securitycenter_v1/services/security_center/client.py @@ -50,6 +50,7 @@ from google.api_core import operation_async # type: ignore from google.iam.v1 import iam_policy_pb2 # type: ignore from google.iam.v1 import policy_pb2 # type: ignore +from google.longrunning import operations_pb2 from google.protobuf import empty_pb2 # type: ignore from google.protobuf import field_mask_pb2 # type: ignore from google.protobuf import timestamp_pb2 # type: ignore @@ -96,6 +97,7 @@ from .transports.base import DEFAULT_CLIENT_INFO, SecurityCenterTransport from .transports.grpc import SecurityCenterGrpcTransport from .transports.grpc_asyncio import SecurityCenterGrpcAsyncIOTransport +from .transports.rest import SecurityCenterRestTransport class SecurityCenterClientMeta(type): @@ -111,6 +113,7 @@ class SecurityCenterClientMeta(type): ) # type: Dict[str, Type[SecurityCenterTransport]] _transport_registry["grpc"] = SecurityCenterGrpcTransport _transport_registry["grpc_asyncio"] = SecurityCenterGrpcAsyncIOTransport + _transport_registry["rest"] = SecurityCenterRestTransport def get_transport_class( cls, @@ -4995,6 +4998,223 @@ def __exit__(self, type, value, traceback): """ self.transport.close() + def list_operations( + self, + request: Optional[operations_pb2.ListOperationsRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.ListOperationsResponse: + r"""Lists operations that match the specified filter in the request. + + Args: + request (:class:`~.operations_pb2.ListOperationsRequest`): + The request object. Request message for + `ListOperations` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.operations_pb2.ListOperationsResponse: + Response message for ``ListOperations`` method. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.ListOperationsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._transport.list_operations, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def get_operation( + self, + request: Optional[operations_pb2.GetOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + r"""Gets the latest state of a long-running operation. + + Args: + request (:class:`~.operations_pb2.GetOperationRequest`): + The request object. Request message for + `GetOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.operations_pb2.Operation: + An ``Operation`` object. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.GetOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._transport.get_operation, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def delete_operation( + self, + request: Optional[operations_pb2.DeleteOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + r"""Deletes a long-running operation. + + This method indicates that the client is no longer interested + in the operation result. It does not cancel the operation. + If the server doesn't support this method, it returns + `google.rpc.Code.UNIMPLEMENTED`. + + Args: + request (:class:`~.operations_pb2.DeleteOperationRequest`): + The request object. Request message for + `DeleteOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + None + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.DeleteOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._transport.delete_operation, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + def cancel_operation( + self, + request: Optional[operations_pb2.CancelOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + r"""Starts asynchronous cancellation on a long-running operation. + + The server makes a best effort to cancel the operation, but success + is not guaranteed. If the server doesn't support this method, it returns + `google.rpc.Code.UNIMPLEMENTED`. + + Args: + request (:class:`~.operations_pb2.CancelOperationRequest`): + The request object. Request message for + `CancelOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + None + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.CancelOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._transport.cancel_operation, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( gapic_version=package_version.__version__ diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/__init__.py b/google/cloud/securitycenter_v1/services/security_center/transports/__init__.py index 31383441..2b0f299f 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/__init__.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/__init__.py @@ -19,14 +19,18 @@ from .base import SecurityCenterTransport from .grpc import SecurityCenterGrpcTransport from .grpc_asyncio import SecurityCenterGrpcAsyncIOTransport +from .rest import SecurityCenterRestInterceptor, SecurityCenterRestTransport # Compile a registry of transports. _transport_registry = OrderedDict() # type: Dict[str, Type[SecurityCenterTransport]] _transport_registry["grpc"] = SecurityCenterGrpcTransport _transport_registry["grpc_asyncio"] = SecurityCenterGrpcAsyncIOTransport +_transport_registry["rest"] = SecurityCenterRestTransport __all__ = ( "SecurityCenterTransport", "SecurityCenterGrpcTransport", "SecurityCenterGrpcAsyncIOTransport", + "SecurityCenterRestTransport", + "SecurityCenterRestInterceptor", ) diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1/services/security_center/transports/base.py index 9c8ae781..d38838e3 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/base.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/base.py @@ -827,6 +827,39 @@ def list_big_query_exports( ]: raise NotImplementedError() + @property + def list_operations( + self, + ) -> Callable[ + [operations_pb2.ListOperationsRequest], + Union[ + operations_pb2.ListOperationsResponse, + Awaitable[operations_pb2.ListOperationsResponse], + ], + ]: + raise NotImplementedError() + + @property + def get_operation( + self, + ) -> Callable[ + [operations_pb2.GetOperationRequest], + Union[operations_pb2.Operation, Awaitable[operations_pb2.Operation]], + ]: + raise NotImplementedError() + + @property + def cancel_operation( + self, + ) -> Callable[[operations_pb2.CancelOperationRequest], None,]: + raise NotImplementedError() + + @property + def delete_operation( + self, + ) -> Callable[[operations_pb2.DeleteOperationRequest], None,]: + raise NotImplementedError() + @property def kind(self) -> str: raise NotImplementedError() diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py index 180962c2..45cd7a02 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py @@ -1303,6 +1303,76 @@ def list_big_query_exports( def close(self): self.grpc_channel.close() + @property + def delete_operation( + self, + ) -> Callable[[operations_pb2.DeleteOperationRequest], None]: + r"""Return a callable for the delete_operation method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "delete_operation" not in self._stubs: + self._stubs["delete_operation"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/DeleteOperation", + request_serializer=operations_pb2.DeleteOperationRequest.SerializeToString, + response_deserializer=None, + ) + return self._stubs["delete_operation"] + + @property + def cancel_operation( + self, + ) -> Callable[[operations_pb2.CancelOperationRequest], None]: + r"""Return a callable for the cancel_operation method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "cancel_operation" not in self._stubs: + self._stubs["cancel_operation"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/CancelOperation", + request_serializer=operations_pb2.CancelOperationRequest.SerializeToString, + response_deserializer=None, + ) + return self._stubs["cancel_operation"] + + @property + def get_operation( + self, + ) -> Callable[[operations_pb2.GetOperationRequest], operations_pb2.Operation]: + r"""Return a callable for the get_operation method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_operation" not in self._stubs: + self._stubs["get_operation"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/GetOperation", + request_serializer=operations_pb2.GetOperationRequest.SerializeToString, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["get_operation"] + + @property + def list_operations( + self, + ) -> Callable[ + [operations_pb2.ListOperationsRequest], operations_pb2.ListOperationsResponse + ]: + r"""Return a callable for the list_operations method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_operations" not in self._stubs: + self._stubs["list_operations"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/ListOperations", + request_serializer=operations_pb2.ListOperationsRequest.SerializeToString, + response_deserializer=operations_pb2.ListOperationsResponse.FromString, + ) + return self._stubs["list_operations"] + @property def kind(self) -> str: return "grpc" diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py index 5997a063..720a77df 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py @@ -1325,5 +1325,75 @@ def list_big_query_exports( def close(self): return self.grpc_channel.close() + @property + def delete_operation( + self, + ) -> Callable[[operations_pb2.DeleteOperationRequest], None]: + r"""Return a callable for the delete_operation method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "delete_operation" not in self._stubs: + self._stubs["delete_operation"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/DeleteOperation", + request_serializer=operations_pb2.DeleteOperationRequest.SerializeToString, + response_deserializer=None, + ) + return self._stubs["delete_operation"] + + @property + def cancel_operation( + self, + ) -> Callable[[operations_pb2.CancelOperationRequest], None]: + r"""Return a callable for the cancel_operation method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "cancel_operation" not in self._stubs: + self._stubs["cancel_operation"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/CancelOperation", + request_serializer=operations_pb2.CancelOperationRequest.SerializeToString, + response_deserializer=None, + ) + return self._stubs["cancel_operation"] + + @property + def get_operation( + self, + ) -> Callable[[operations_pb2.GetOperationRequest], operations_pb2.Operation]: + r"""Return a callable for the get_operation method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_operation" not in self._stubs: + self._stubs["get_operation"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/GetOperation", + request_serializer=operations_pb2.GetOperationRequest.SerializeToString, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["get_operation"] + + @property + def list_operations( + self, + ) -> Callable[ + [operations_pb2.ListOperationsRequest], operations_pb2.ListOperationsResponse + ]: + r"""Return a callable for the list_operations method over gRPC.""" + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_operations" not in self._stubs: + self._stubs["list_operations"] = self.grpc_channel.unary_unary( + "/google.longrunning.Operations/ListOperations", + request_serializer=operations_pb2.ListOperationsRequest.SerializeToString, + response_deserializer=operations_pb2.ListOperationsResponse.FromString, + ) + return self._stubs["list_operations"] + __all__ = ("SecurityCenterGrpcAsyncIOTransport",) diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/rest.py b/google/cloud/securitycenter_v1/services/security_center/transports/rest.py new file mode 100644 index 00000000..d0e9d291 --- /dev/null +++ b/google/cloud/securitycenter_v1/services/security_center/transports/rest.py @@ -0,0 +1,5973 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import dataclasses +import json # type: ignore +import re +from typing import Any, Callable, Dict, List, Optional, Sequence, Tuple, Union +import warnings + +from google.api_core import ( + gapic_v1, + operations_v1, + path_template, + rest_helpers, + rest_streaming, +) +from google.api_core import exceptions as core_exceptions +from google.api_core import retry as retries +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.transport.requests import AuthorizedSession # type: ignore +from google.longrunning import operations_pb2 +from google.protobuf import json_format +import grpc # type: ignore +from requests import __version__ as requests_version + +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object] # type: ignore + + +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from google.longrunning import operations_pb2 # type: ignore +from google.protobuf import empty_pb2 # type: ignore + +from google.cloud.securitycenter_v1.types import external_system as gcs_external_system +from google.cloud.securitycenter_v1.types import ( + notification_config as gcs_notification_config, +) +from google.cloud.securitycenter_v1.types import ( + organization_settings as gcs_organization_settings, +) +from google.cloud.securitycenter_v1.types import security_marks as gcs_security_marks +from google.cloud.securitycenter_v1.types import bigquery_export +from google.cloud.securitycenter_v1.types import finding +from google.cloud.securitycenter_v1.types import finding as gcs_finding +from google.cloud.securitycenter_v1.types import mute_config +from google.cloud.securitycenter_v1.types import mute_config as gcs_mute_config +from google.cloud.securitycenter_v1.types import notification_config +from google.cloud.securitycenter_v1.types import organization_settings +from google.cloud.securitycenter_v1.types import securitycenter_service +from google.cloud.securitycenter_v1.types import source +from google.cloud.securitycenter_v1.types import source as gcs_source + +from .base import DEFAULT_CLIENT_INFO as BASE_DEFAULT_CLIENT_INFO +from .base import SecurityCenterTransport + +DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=BASE_DEFAULT_CLIENT_INFO.gapic_version, + grpc_version=None, + rest_version=requests_version, +) + + +class SecurityCenterRestInterceptor: + """Interceptor for SecurityCenter. + + Interceptors are used to manipulate requests, request metadata, and responses + in arbitrary ways. + Example use cases include: + * Logging + * Verifying requests according to service or custom semantics + * Stripping extraneous information from responses + + These use cases and more can be enabled by injecting an + instance of a custom subclass when constructing the SecurityCenterRestTransport. + + .. code-block:: python + class MyCustomSecurityCenterInterceptor(SecurityCenterRestInterceptor): + def pre_bulk_mute_findings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_bulk_mute_findings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_big_query_export(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_big_query_export(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_finding(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_finding(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_mute_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_mute_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_notification_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_notification_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_source(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_delete_big_query_export(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def pre_delete_mute_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def pre_delete_notification_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def pre_get_big_query_export(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_big_query_export(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_iam_policy(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_iam_policy(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_mute_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_mute_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_notification_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_notification_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_organization_settings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_organization_settings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_source(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_group_assets(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_group_assets(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_group_findings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_group_findings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_assets(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_assets(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_big_query_exports(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_big_query_exports(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_findings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_findings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_mute_configs(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_mute_configs(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_notification_configs(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_notification_configs(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_sources(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_sources(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_run_asset_discovery(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_run_asset_discovery(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_set_finding_state(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_set_finding_state(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_set_iam_policy(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_set_iam_policy(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_set_mute(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_set_mute(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_test_iam_permissions(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_test_iam_permissions(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_big_query_export(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_big_query_export(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_external_system(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_external_system(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_finding(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_finding(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_mute_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_mute_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_notification_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_notification_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_organization_settings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_organization_settings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_security_marks(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_security_marks(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_source(self, response): + logging.log(f"Received response: {response}") + return response + + transport = SecurityCenterRestTransport(interceptor=MyCustomSecurityCenterInterceptor()) + client = SecurityCenterClient(transport=transport) + + + """ + + def pre_bulk_mute_findings( + self, + request: securitycenter_service.BulkMuteFindingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.BulkMuteFindingsRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for bulk_mute_findings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_bulk_mute_findings( + self, response: operations_pb2.Operation + ) -> operations_pb2.Operation: + """Post-rpc interceptor for bulk_mute_findings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_create_big_query_export( + self, + request: securitycenter_service.CreateBigQueryExportRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.CreateBigQueryExportRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for create_big_query_export + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_big_query_export( + self, response: bigquery_export.BigQueryExport + ) -> bigquery_export.BigQueryExport: + """Post-rpc interceptor for create_big_query_export + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_create_finding( + self, + request: securitycenter_service.CreateFindingRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.CreateFindingRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for create_finding + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_finding(self, response: gcs_finding.Finding) -> gcs_finding.Finding: + """Post-rpc interceptor for create_finding + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_create_mute_config( + self, + request: securitycenter_service.CreateMuteConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.CreateMuteConfigRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for create_mute_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_mute_config( + self, response: gcs_mute_config.MuteConfig + ) -> gcs_mute_config.MuteConfig: + """Post-rpc interceptor for create_mute_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_create_notification_config( + self, + request: securitycenter_service.CreateNotificationConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.CreateNotificationConfigRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for create_notification_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_notification_config( + self, response: gcs_notification_config.NotificationConfig + ) -> gcs_notification_config.NotificationConfig: + """Post-rpc interceptor for create_notification_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_create_source( + self, + request: securitycenter_service.CreateSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.CreateSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for create_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_source(self, response: gcs_source.Source) -> gcs_source.Source: + """Post-rpc interceptor for create_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_delete_big_query_export( + self, + request: securitycenter_service.DeleteBigQueryExportRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.DeleteBigQueryExportRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for delete_big_query_export + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def pre_delete_mute_config( + self, + request: securitycenter_service.DeleteMuteConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.DeleteMuteConfigRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for delete_mute_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def pre_delete_notification_config( + self, + request: securitycenter_service.DeleteNotificationConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.DeleteNotificationConfigRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for delete_notification_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def pre_get_big_query_export( + self, + request: securitycenter_service.GetBigQueryExportRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.GetBigQueryExportRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for get_big_query_export + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_big_query_export( + self, response: bigquery_export.BigQueryExport + ) -> bigquery_export.BigQueryExport: + """Post-rpc interceptor for get_big_query_export + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_iam_policy( + self, + request: iam_policy_pb2.GetIamPolicyRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.GetIamPolicyRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for get_iam_policy + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_iam_policy(self, response: policy_pb2.Policy) -> policy_pb2.Policy: + """Post-rpc interceptor for get_iam_policy + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_mute_config( + self, + request: securitycenter_service.GetMuteConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GetMuteConfigRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for get_mute_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_mute_config( + self, response: mute_config.MuteConfig + ) -> mute_config.MuteConfig: + """Post-rpc interceptor for get_mute_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_notification_config( + self, + request: securitycenter_service.GetNotificationConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.GetNotificationConfigRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for get_notification_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_notification_config( + self, response: notification_config.NotificationConfig + ) -> notification_config.NotificationConfig: + """Post-rpc interceptor for get_notification_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_organization_settings( + self, + request: securitycenter_service.GetOrganizationSettingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.GetOrganizationSettingsRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for get_organization_settings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_organization_settings( + self, response: organization_settings.OrganizationSettings + ) -> organization_settings.OrganizationSettings: + """Post-rpc interceptor for get_organization_settings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_source( + self, + request: securitycenter_service.GetSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GetSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for get_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_source(self, response: source.Source) -> source.Source: + """Post-rpc interceptor for get_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_group_assets( + self, + request: securitycenter_service.GroupAssetsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GroupAssetsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for group_assets + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_group_assets( + self, response: securitycenter_service.GroupAssetsResponse + ) -> securitycenter_service.GroupAssetsResponse: + """Post-rpc interceptor for group_assets + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_group_findings( + self, + request: securitycenter_service.GroupFindingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GroupFindingsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for group_findings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_group_findings( + self, response: securitycenter_service.GroupFindingsResponse + ) -> securitycenter_service.GroupFindingsResponse: + """Post-rpc interceptor for group_findings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_assets( + self, + request: securitycenter_service.ListAssetsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListAssetsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_assets + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_assets( + self, response: securitycenter_service.ListAssetsResponse + ) -> securitycenter_service.ListAssetsResponse: + """Post-rpc interceptor for list_assets + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_big_query_exports( + self, + request: securitycenter_service.ListBigQueryExportsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.ListBigQueryExportsRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for list_big_query_exports + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_big_query_exports( + self, response: securitycenter_service.ListBigQueryExportsResponse + ) -> securitycenter_service.ListBigQueryExportsResponse: + """Post-rpc interceptor for list_big_query_exports + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_findings( + self, + request: securitycenter_service.ListFindingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListFindingsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_findings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_findings( + self, response: securitycenter_service.ListFindingsResponse + ) -> securitycenter_service.ListFindingsResponse: + """Post-rpc interceptor for list_findings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_mute_configs( + self, + request: securitycenter_service.ListMuteConfigsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.ListMuteConfigsRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for list_mute_configs + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_mute_configs( + self, response: securitycenter_service.ListMuteConfigsResponse + ) -> securitycenter_service.ListMuteConfigsResponse: + """Post-rpc interceptor for list_mute_configs + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_notification_configs( + self, + request: securitycenter_service.ListNotificationConfigsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.ListNotificationConfigsRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for list_notification_configs + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_notification_configs( + self, response: securitycenter_service.ListNotificationConfigsResponse + ) -> securitycenter_service.ListNotificationConfigsResponse: + """Post-rpc interceptor for list_notification_configs + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_sources( + self, + request: securitycenter_service.ListSourcesRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListSourcesRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_sources + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_sources( + self, response: securitycenter_service.ListSourcesResponse + ) -> securitycenter_service.ListSourcesResponse: + """Post-rpc interceptor for list_sources + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_run_asset_discovery( + self, + request: securitycenter_service.RunAssetDiscoveryRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.RunAssetDiscoveryRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for run_asset_discovery + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_run_asset_discovery( + self, response: operations_pb2.Operation + ) -> operations_pb2.Operation: + """Post-rpc interceptor for run_asset_discovery + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_set_finding_state( + self, + request: securitycenter_service.SetFindingStateRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.SetFindingStateRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for set_finding_state + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_set_finding_state(self, response: finding.Finding) -> finding.Finding: + """Post-rpc interceptor for set_finding_state + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_set_iam_policy( + self, + request: iam_policy_pb2.SetIamPolicyRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.SetIamPolicyRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for set_iam_policy + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_set_iam_policy(self, response: policy_pb2.Policy) -> policy_pb2.Policy: + """Post-rpc interceptor for set_iam_policy + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_set_mute( + self, + request: securitycenter_service.SetMuteRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.SetMuteRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for set_mute + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_set_mute(self, response: finding.Finding) -> finding.Finding: + """Post-rpc interceptor for set_mute + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_test_iam_permissions( + self, + request: iam_policy_pb2.TestIamPermissionsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.TestIamPermissionsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for test_iam_permissions + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_test_iam_permissions( + self, response: iam_policy_pb2.TestIamPermissionsResponse + ) -> iam_policy_pb2.TestIamPermissionsResponse: + """Post-rpc interceptor for test_iam_permissions + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_big_query_export( + self, + request: securitycenter_service.UpdateBigQueryExportRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateBigQueryExportRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for update_big_query_export + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_big_query_export( + self, response: bigquery_export.BigQueryExport + ) -> bigquery_export.BigQueryExport: + """Post-rpc interceptor for update_big_query_export + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_external_system( + self, + request: securitycenter_service.UpdateExternalSystemRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateExternalSystemRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for update_external_system + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_external_system( + self, response: gcs_external_system.ExternalSystem + ) -> gcs_external_system.ExternalSystem: + """Post-rpc interceptor for update_external_system + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_finding( + self, + request: securitycenter_service.UpdateFindingRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.UpdateFindingRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for update_finding + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_finding(self, response: gcs_finding.Finding) -> gcs_finding.Finding: + """Post-rpc interceptor for update_finding + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_mute_config( + self, + request: securitycenter_service.UpdateMuteConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateMuteConfigRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for update_mute_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_mute_config( + self, response: gcs_mute_config.MuteConfig + ) -> gcs_mute_config.MuteConfig: + """Post-rpc interceptor for update_mute_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_notification_config( + self, + request: securitycenter_service.UpdateNotificationConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateNotificationConfigRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for update_notification_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_notification_config( + self, response: gcs_notification_config.NotificationConfig + ) -> gcs_notification_config.NotificationConfig: + """Post-rpc interceptor for update_notification_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_organization_settings( + self, + request: securitycenter_service.UpdateOrganizationSettingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateOrganizationSettingsRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for update_organization_settings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_organization_settings( + self, response: gcs_organization_settings.OrganizationSettings + ) -> gcs_organization_settings.OrganizationSettings: + """Post-rpc interceptor for update_organization_settings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_security_marks( + self, + request: securitycenter_service.UpdateSecurityMarksRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateSecurityMarksRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for update_security_marks + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_security_marks( + self, response: gcs_security_marks.SecurityMarks + ) -> gcs_security_marks.SecurityMarks: + """Post-rpc interceptor for update_security_marks + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_source( + self, + request: securitycenter_service.UpdateSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.UpdateSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for update_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_source(self, response: gcs_source.Source) -> gcs_source.Source: + """Post-rpc interceptor for update_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_cancel_operation( + self, + request: operations_pb2.CancelOperationRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[operations_pb2.CancelOperationRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for cancel_operation + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_cancel_operation(self, response: None) -> None: + """Post-rpc interceptor for cancel_operation + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_delete_operation( + self, + request: operations_pb2.DeleteOperationRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[operations_pb2.DeleteOperationRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for delete_operation + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_delete_operation(self, response: None) -> None: + """Post-rpc interceptor for delete_operation + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_operation( + self, + request: operations_pb2.GetOperationRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[operations_pb2.GetOperationRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for get_operation + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_operation( + self, response: operations_pb2.Operation + ) -> operations_pb2.Operation: + """Post-rpc interceptor for get_operation + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_operations( + self, + request: operations_pb2.ListOperationsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[operations_pb2.ListOperationsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_operations + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_operations( + self, response: operations_pb2.ListOperationsResponse + ) -> operations_pb2.ListOperationsResponse: + """Post-rpc interceptor for list_operations + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + +@dataclasses.dataclass +class SecurityCenterRestStub: + _session: AuthorizedSession + _host: str + _interceptor: SecurityCenterRestInterceptor + + +class SecurityCenterRestTransport(SecurityCenterTransport): + """REST backend transport for SecurityCenter. + + V1 APIs for Security Center service. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends JSON representations of protocol buffers over HTTP/1.1 + + """ + + def __init__( + self, + *, + host: str = "securitycenter.googleapis.com", + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + url_scheme: str = "https", + interceptor: Optional[SecurityCenterRestInterceptor] = None, + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + client_cert_source_for_mtls (Callable[[], Tuple[bytes, bytes]]): Client + certificate to configure mutual TLS HTTP channel. It is ignored + if ``channel`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you are developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + url_scheme: the protocol scheme for the API endpoint. Normally + "https", but for testing or local servers, + "http" can be specified. + """ + # Run the base constructor + # TODO(yon-mg): resolve other ctor params i.e. scopes, quota, etc. + # TODO: When custom host (api_endpoint) is set, `scopes` must *also* be set on the + # credentials object + maybe_url_match = re.match("^(?Phttp(?:s)?://)?(?P.*)$", host) + if maybe_url_match is None: + raise ValueError( + f"Unexpected hostname structure: {host}" + ) # pragma: NO COVER + + url_match_items = maybe_url_match.groupdict() + + host = f"{url_scheme}://{host}" if not url_match_items["scheme"] else host + + super().__init__( + host=host, + credentials=credentials, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, + ) + self._session = AuthorizedSession( + self._credentials, default_host=self.DEFAULT_HOST + ) + self._operations_client: Optional[operations_v1.AbstractOperationsClient] = None + if client_cert_source_for_mtls: + self._session.configure_mtls_channel(client_cert_source_for_mtls) + self._interceptor = interceptor or SecurityCenterRestInterceptor() + self._prep_wrapped_messages(client_info) + + @property + def operations_client(self) -> operations_v1.AbstractOperationsClient: + """Create the client designed to process long-running operations. + + This property caches on the instance; repeated calls return the same + client. + """ + # Only create a new client if we do not already have one. + if self._operations_client is None: + http_options: Dict[str, List[Dict[str, str]]] = { + "google.longrunning.Operations.CancelOperation": [ + { + "method": "post", + "uri": "/v1/{name=organizations/*/operations/*}:cancel", + }, + ], + "google.longrunning.Operations.DeleteOperation": [ + { + "method": "delete", + "uri": "/v1/{name=organizations/*/operations/*}", + }, + ], + "google.longrunning.Operations.GetOperation": [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/operations/*}", + }, + ], + "google.longrunning.Operations.ListOperations": [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/operations}", + }, + ], + } + + rest_transport = operations_v1.OperationsRestTransport( + host=self._host, + # use the credentials which are saved + credentials=self._credentials, + scopes=self._scopes, + http_options=http_options, + path_prefix="v1", + ) + + self._operations_client = operations_v1.AbstractOperationsClient( + transport=rest_transport + ) + + # Return the client from cache. + return self._operations_client + + class _BulkMuteFindings(SecurityCenterRestStub): + def __hash__(self): + return hash("BulkMuteFindings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.BulkMuteFindingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + r"""Call the bulk mute findings method over HTTP. + + Args: + request (~.securitycenter_service.BulkMuteFindingsRequest): + The request object. Request message for bulk findings + update. + Note: + 1. If multiple bulk update requests + match the same resource, the order in + which they get executed is not defined. + 2. Once a bulk operation is started, + there is no way to stop it. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.operations_pb2.Operation: + This resource represents a + long-running operation that is the + result of a network API call. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*}/findings:bulkMute", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{parent=folders/*}/findings:bulkMute", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{parent=projects/*}/findings:bulkMute", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_bulk_mute_findings( + request, metadata + ) + pb_request = securitycenter_service.BulkMuteFindingsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = operations_pb2.Operation() + json_format.Parse(response.content, resp, ignore_unknown_fields=True) + resp = self._interceptor.post_bulk_mute_findings(resp) + return resp + + class _CreateBigQueryExport(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateBigQueryExport") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "bigQueryExportId": "", + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateBigQueryExportRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> bigquery_export.BigQueryExport: + r"""Call the create big query export method over HTTP. + + Args: + request (~.securitycenter_service.CreateBigQueryExportRequest): + The request object. Request message for creating a + BigQuery export. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.bigquery_export.BigQueryExport: + Configures how to deliver Findings to + BigQuery Instance. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*}/bigQueryExports", + "body": "big_query_export", + }, + { + "method": "post", + "uri": "/v1/{parent=folders/*}/bigQueryExports", + "body": "big_query_export", + }, + { + "method": "post", + "uri": "/v1/{parent=projects/*}/bigQueryExports", + "body": "big_query_export", + }, + ] + request, metadata = self._interceptor.pre_create_big_query_export( + request, metadata + ) + pb_request = securitycenter_service.CreateBigQueryExportRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = bigquery_export.BigQueryExport() + pb_resp = bigquery_export.BigQueryExport.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_big_query_export(resp) + return resp + + class _CreateFinding(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateFinding") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "findingId": "", + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateFindingRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_finding.Finding: + r"""Call the create finding method over HTTP. + + Args: + request (~.securitycenter_service.CreateFindingRequest): + The request object. Request message for creating a + finding. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + like security, risk, health, or privacy, + that is ingested into Security Command + Center for presentation, notification, + analysis, policy testing, and + enforcement. For example, a cross-site + scripting (XSS) vulnerability in an App + Engine application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*/sources/*}/findings", + "body": "finding", + }, + ] + request, metadata = self._interceptor.pre_create_finding(request, metadata) + pb_request = securitycenter_service.CreateFindingRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_finding.Finding() + pb_resp = gcs_finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_finding(resp) + return resp + + class _CreateMuteConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateMuteConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "muteConfigId": "", + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateMuteConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_mute_config.MuteConfig: + r"""Call the create mute config method over HTTP. + + Args: + request (~.securitycenter_service.CreateMuteConfigRequest): + The request object. Request message for creating a mute + config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_mute_config.MuteConfig: + A mute config is a Cloud SCC resource + that contains the configuration to mute + create/update events of findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*}/muteConfigs", + "body": "mute_config", + }, + { + "method": "post", + "uri": "/v1/{parent=folders/*}/muteConfigs", + "body": "mute_config", + }, + { + "method": "post", + "uri": "/v1/{parent=projects/*}/muteConfigs", + "body": "mute_config", + }, + ] + request, metadata = self._interceptor.pre_create_mute_config( + request, metadata + ) + pb_request = securitycenter_service.CreateMuteConfigRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_mute_config.MuteConfig() + pb_resp = gcs_mute_config.MuteConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_mute_config(resp) + return resp + + class _CreateNotificationConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateNotificationConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "configId": "", + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateNotificationConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_notification_config.NotificationConfig: + r"""Call the create notification + config method over HTTP. + + Args: + request (~.securitycenter_service.CreateNotificationConfigRequest): + The request object. Request message for creating a + notification config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_notification_config.NotificationConfig: + Cloud Security Command Center (Cloud + SCC) notification configs. + A notification config is a Cloud SCC + resource that contains the configuration + to send notifications for create/update + events of findings, assets and etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*}/notificationConfigs", + "body": "notification_config", + }, + { + "method": "post", + "uri": "/v1/{parent=folders/*}/notificationConfigs", + "body": "notification_config", + }, + { + "method": "post", + "uri": "/v1/{parent=projects/*}/notificationConfigs", + "body": "notification_config", + }, + ] + request, metadata = self._interceptor.pre_create_notification_config( + request, metadata + ) + pb_request = securitycenter_service.CreateNotificationConfigRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_notification_config.NotificationConfig() + pb_resp = gcs_notification_config.NotificationConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_notification_config(resp) + return resp + + class _CreateSource(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_source.Source: + r"""Call the create source method over HTTP. + + Args: + request (~.securitycenter_service.CreateSourceRequest): + The request object. Request message for creating a + source. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, and other tools. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*}/sources", + "body": "source", + }, + ] + request, metadata = self._interceptor.pre_create_source(request, metadata) + pb_request = securitycenter_service.CreateSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_source.Source() + pb_resp = gcs_source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_source(resp) + return resp + + class _DeleteBigQueryExport(SecurityCenterRestStub): + def __hash__(self): + return hash("DeleteBigQueryExport") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.DeleteBigQueryExportRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ): + r"""Call the delete big query export method over HTTP. + + Args: + request (~.securitycenter_service.DeleteBigQueryExportRequest): + The request object. Request message for deleting a + BigQuery export. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "delete", + "uri": "/v1/{name=organizations/*/bigQueryExports/*}", + }, + { + "method": "delete", + "uri": "/v1/{name=folders/*/bigQueryExports/*}", + }, + { + "method": "delete", + "uri": "/v1/{name=projects/*/bigQueryExports/*}", + }, + ] + request, metadata = self._interceptor.pre_delete_big_query_export( + request, metadata + ) + pb_request = securitycenter_service.DeleteBigQueryExportRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + class _DeleteMuteConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("DeleteMuteConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.DeleteMuteConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ): + r"""Call the delete mute config method over HTTP. + + Args: + request (~.securitycenter_service.DeleteMuteConfigRequest): + The request object. Request message for deleting a mute + config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "delete", + "uri": "/v1/{name=organizations/*/muteConfigs/*}", + }, + { + "method": "delete", + "uri": "/v1/{name=folders/*/muteConfigs/*}", + }, + { + "method": "delete", + "uri": "/v1/{name=projects/*/muteConfigs/*}", + }, + ] + request, metadata = self._interceptor.pre_delete_mute_config( + request, metadata + ) + pb_request = securitycenter_service.DeleteMuteConfigRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + class _DeleteNotificationConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("DeleteNotificationConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.DeleteNotificationConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ): + r"""Call the delete notification + config method over HTTP. + + Args: + request (~.securitycenter_service.DeleteNotificationConfigRequest): + The request object. Request message for deleting a + notification config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "delete", + "uri": "/v1/{name=organizations/*/notificationConfigs/*}", + }, + { + "method": "delete", + "uri": "/v1/{name=folders/*/notificationConfigs/*}", + }, + { + "method": "delete", + "uri": "/v1/{name=projects/*/notificationConfigs/*}", + }, + ] + request, metadata = self._interceptor.pre_delete_notification_config( + request, metadata + ) + pb_request = securitycenter_service.DeleteNotificationConfigRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + class _GetBigQueryExport(SecurityCenterRestStub): + def __hash__(self): + return hash("GetBigQueryExport") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetBigQueryExportRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> bigquery_export.BigQueryExport: + r"""Call the get big query export method over HTTP. + + Args: + request (~.securitycenter_service.GetBigQueryExportRequest): + The request object. Request message for retrieving a + BigQuery export. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.bigquery_export.BigQueryExport: + Configures how to deliver Findings to + BigQuery Instance. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/bigQueryExports/*}", + }, + { + "method": "get", + "uri": "/v1/{name=folders/*/bigQueryExports/*}", + }, + { + "method": "get", + "uri": "/v1/{name=projects/*/bigQueryExports/*}", + }, + ] + request, metadata = self._interceptor.pre_get_big_query_export( + request, metadata + ) + pb_request = securitycenter_service.GetBigQueryExportRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = bigquery_export.BigQueryExport() + pb_resp = bigquery_export.BigQueryExport.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_big_query_export(resp) + return resp + + class _GetIamPolicy(SecurityCenterRestStub): + def __hash__(self): + return hash("GetIamPolicy") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.GetIamPolicyRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Call the get iam policy method over HTTP. + + Args: + request (~.iam_policy_pb2.GetIamPolicyRequest): + The request object. Request message for ``GetIamPolicy`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.policy_pb2.Policy: + An Identity and Access Management (IAM) policy, which + specifies access controls for Google Cloud resources. + + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members``, or + principals, to a single ``role``. Principals can be user + accounts, service accounts, Google groups, and domains + (such as G Suite). A ``role`` is a named list of + permissions; each ``role`` can be an IAM predefined role + or a user-created custom role. + + For some types of Google Cloud resources, a ``binding`` + can also specify a ``condition``, which is a logical + expression that allows access to a resource only if the + expression evaluates to ``true``. A condition can add + constraints based on attributes of the request, the + resource, or both. To learn which resources support + conditions in their IAM policies, see the `IAM + documentation `__. + + **JSON example:** + + :: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": [ + "user:eve@example.com" + ], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", + } + } + ], + "etag": "BwWWja0YfJA=", + "version": 3 + } + + **YAML example:** + + :: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + etag: BwWWja0YfJA= + version: 3 + + For a description of IAM and its features, see the `IAM + documentation `__. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{resource=organizations/*/sources/*}:getIamPolicy", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_get_iam_policy(request, metadata) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = policy_pb2.Policy() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_iam_policy(resp) + return resp + + class _GetMuteConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("GetMuteConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetMuteConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> mute_config.MuteConfig: + r"""Call the get mute config method over HTTP. + + Args: + request (~.securitycenter_service.GetMuteConfigRequest): + The request object. Request message for retrieving a mute + config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.mute_config.MuteConfig: + A mute config is a Cloud SCC resource + that contains the configuration to mute + create/update events of findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/muteConfigs/*}", + }, + { + "method": "get", + "uri": "/v1/{name=folders/*/muteConfigs/*}", + }, + { + "method": "get", + "uri": "/v1/{name=projects/*/muteConfigs/*}", + }, + ] + request, metadata = self._interceptor.pre_get_mute_config(request, metadata) + pb_request = securitycenter_service.GetMuteConfigRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = mute_config.MuteConfig() + pb_resp = mute_config.MuteConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_mute_config(resp) + return resp + + class _GetNotificationConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("GetNotificationConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetNotificationConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> notification_config.NotificationConfig: + r"""Call the get notification config method over HTTP. + + Args: + request (~.securitycenter_service.GetNotificationConfigRequest): + The request object. Request message for getting a + notification config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.notification_config.NotificationConfig: + Cloud Security Command Center (Cloud + SCC) notification configs. + A notification config is a Cloud SCC + resource that contains the configuration + to send notifications for create/update + events of findings, assets and etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/notificationConfigs/*}", + }, + { + "method": "get", + "uri": "/v1/{name=folders/*/notificationConfigs/*}", + }, + { + "method": "get", + "uri": "/v1/{name=projects/*/notificationConfigs/*}", + }, + ] + request, metadata = self._interceptor.pre_get_notification_config( + request, metadata + ) + pb_request = securitycenter_service.GetNotificationConfigRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = notification_config.NotificationConfig() + pb_resp = notification_config.NotificationConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_notification_config(resp) + return resp + + class _GetOrganizationSettings(SecurityCenterRestStub): + def __hash__(self): + return hash("GetOrganizationSettings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetOrganizationSettingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> organization_settings.OrganizationSettings: + r"""Call the get organization settings method over HTTP. + + Args: + request (~.securitycenter_service.GetOrganizationSettingsRequest): + The request object. Request message for getting + organization settings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.organization_settings.OrganizationSettings: + User specified settings that are + attached to the Security Command Center + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/organizationSettings}", + }, + ] + request, metadata = self._interceptor.pre_get_organization_settings( + request, metadata + ) + pb_request = securitycenter_service.GetOrganizationSettingsRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = organization_settings.OrganizationSettings() + pb_resp = organization_settings.OrganizationSettings.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_organization_settings(resp) + return resp + + class _GetSource(SecurityCenterRestStub): + def __hash__(self): + return hash("GetSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> source.Source: + r"""Call the get source method over HTTP. + + Args: + request (~.securitycenter_service.GetSourceRequest): + The request object. Request message for getting a source. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, and other tools. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/sources/*}", + }, + ] + request, metadata = self._interceptor.pre_get_source(request, metadata) + pb_request = securitycenter_service.GetSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = source.Source() + pb_resp = source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_source(resp) + return resp + + class _GroupAssets(SecurityCenterRestStub): + def __hash__(self): + return hash("GroupAssets") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GroupAssetsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.GroupAssetsResponse: + r"""Call the group assets method over HTTP. + + Args: + request (~.securitycenter_service.GroupAssetsRequest): + The request object. Request message for grouping by + assets. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.GroupAssetsResponse: + Response message for grouping by + assets. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*}/assets:group", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{parent=folders/*}/assets:group", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{parent=projects/*}/assets:group", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_group_assets(request, metadata) + pb_request = securitycenter_service.GroupAssetsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.GroupAssetsResponse() + pb_resp = securitycenter_service.GroupAssetsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_group_assets(resp) + return resp + + class _GroupFindings(SecurityCenterRestStub): + def __hash__(self): + return hash("GroupFindings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GroupFindingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.GroupFindingsResponse: + r"""Call the group findings method over HTTP. + + Args: + request (~.securitycenter_service.GroupFindingsRequest): + The request object. Request message for grouping by + findings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.GroupFindingsResponse: + Response message for group by + findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*/sources/*}/findings:group", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{parent=folders/*/sources/*}/findings:group", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{parent=projects/*/sources/*}/findings:group", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_group_findings(request, metadata) + pb_request = securitycenter_service.GroupFindingsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.GroupFindingsResponse() + pb_resp = securitycenter_service.GroupFindingsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_group_findings(resp) + return resp + + class _ListAssets(SecurityCenterRestStub): + def __hash__(self): + return hash("ListAssets") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListAssetsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListAssetsResponse: + r"""Call the list assets method over HTTP. + + Args: + request (~.securitycenter_service.ListAssetsRequest): + The request object. Request message for listing assets. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListAssetsResponse: + Response message for listing assets. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{parent=organizations/*}/assets", + }, + { + "method": "get", + "uri": "/v1/{parent=folders/*}/assets", + }, + { + "method": "get", + "uri": "/v1/{parent=projects/*}/assets", + }, + ] + request, metadata = self._interceptor.pre_list_assets(request, metadata) + pb_request = securitycenter_service.ListAssetsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListAssetsResponse() + pb_resp = securitycenter_service.ListAssetsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_assets(resp) + return resp + + class _ListBigQueryExports(SecurityCenterRestStub): + def __hash__(self): + return hash("ListBigQueryExports") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListBigQueryExportsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListBigQueryExportsResponse: + r"""Call the list big query exports method over HTTP. + + Args: + request (~.securitycenter_service.ListBigQueryExportsRequest): + The request object. Request message for listing BigQuery + exports at a given scope e.g. + organization, folder or project. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListBigQueryExportsResponse: + Response message for listing BigQuery + exports. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{parent=organizations/*}/bigQueryExports", + }, + { + "method": "get", + "uri": "/v1/{parent=folders/*}/bigQueryExports", + }, + { + "method": "get", + "uri": "/v1/{parent=projects/*}/bigQueryExports", + }, + ] + request, metadata = self._interceptor.pre_list_big_query_exports( + request, metadata + ) + pb_request = securitycenter_service.ListBigQueryExportsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListBigQueryExportsResponse() + pb_resp = securitycenter_service.ListBigQueryExportsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_big_query_exports(resp) + return resp + + class _ListFindings(SecurityCenterRestStub): + def __hash__(self): + return hash("ListFindings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListFindingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListFindingsResponse: + r"""Call the list findings method over HTTP. + + Args: + request (~.securitycenter_service.ListFindingsRequest): + The request object. Request message for listing findings. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListFindingsResponse: + Response message for listing + findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{parent=organizations/*/sources/*}/findings", + }, + { + "method": "get", + "uri": "/v1/{parent=folders/*/sources/*}/findings", + }, + { + "method": "get", + "uri": "/v1/{parent=projects/*/sources/*}/findings", + }, + ] + request, metadata = self._interceptor.pre_list_findings(request, metadata) + pb_request = securitycenter_service.ListFindingsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListFindingsResponse() + pb_resp = securitycenter_service.ListFindingsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_findings(resp) + return resp + + class _ListMuteConfigs(SecurityCenterRestStub): + def __hash__(self): + return hash("ListMuteConfigs") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListMuteConfigsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListMuteConfigsResponse: + r"""Call the list mute configs method over HTTP. + + Args: + request (~.securitycenter_service.ListMuteConfigsRequest): + The request object. Request message for listing mute + configs at a given scope e.g. + organization, folder or project. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListMuteConfigsResponse: + Response message for listing mute + configs. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{parent=organizations/*}/muteConfigs", + }, + { + "method": "get", + "uri": "/v1/{parent=folders/*}/muteConfigs", + }, + { + "method": "get", + "uri": "/v1/{parent=projects/*}/muteConfigs", + }, + ] + request, metadata = self._interceptor.pre_list_mute_configs( + request, metadata + ) + pb_request = securitycenter_service.ListMuteConfigsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListMuteConfigsResponse() + pb_resp = securitycenter_service.ListMuteConfigsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_mute_configs(resp) + return resp + + class _ListNotificationConfigs(SecurityCenterRestStub): + def __hash__(self): + return hash("ListNotificationConfigs") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListNotificationConfigsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListNotificationConfigsResponse: + r"""Call the list notification configs method over HTTP. + + Args: + request (~.securitycenter_service.ListNotificationConfigsRequest): + The request object. Request message for listing + notification configs. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListNotificationConfigsResponse: + Response message for listing + notification configs. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{parent=organizations/*}/notificationConfigs", + }, + { + "method": "get", + "uri": "/v1/{parent=folders/*}/notificationConfigs", + }, + { + "method": "get", + "uri": "/v1/{parent=projects/*}/notificationConfigs", + }, + ] + request, metadata = self._interceptor.pre_list_notification_configs( + request, metadata + ) + pb_request = securitycenter_service.ListNotificationConfigsRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListNotificationConfigsResponse() + pb_resp = securitycenter_service.ListNotificationConfigsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_notification_configs(resp) + return resp + + class _ListSources(SecurityCenterRestStub): + def __hash__(self): + return hash("ListSources") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListSourcesRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListSourcesResponse: + r"""Call the list sources method over HTTP. + + Args: + request (~.securitycenter_service.ListSourcesRequest): + The request object. Request message for listing sources. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListSourcesResponse: + Response message for listing sources. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{parent=organizations/*}/sources", + }, + { + "method": "get", + "uri": "/v1/{parent=folders/*}/sources", + }, + { + "method": "get", + "uri": "/v1/{parent=projects/*}/sources", + }, + ] + request, metadata = self._interceptor.pre_list_sources(request, metadata) + pb_request = securitycenter_service.ListSourcesRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListSourcesResponse() + pb_resp = securitycenter_service.ListSourcesResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_sources(resp) + return resp + + class _RunAssetDiscovery(SecurityCenterRestStub): + def __hash__(self): + return hash("RunAssetDiscovery") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.RunAssetDiscoveryRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + r"""Call the run asset discovery method over HTTP. + + Args: + request (~.securitycenter_service.RunAssetDiscoveryRequest): + The request object. Request message for running asset + discovery for an organization. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.operations_pb2.Operation: + This resource represents a + long-running operation that is the + result of a network API call. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{parent=organizations/*}/assets:runDiscovery", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_run_asset_discovery( + request, metadata + ) + pb_request = securitycenter_service.RunAssetDiscoveryRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = operations_pb2.Operation() + json_format.Parse(response.content, resp, ignore_unknown_fields=True) + resp = self._interceptor.post_run_asset_discovery(resp) + return resp + + class _SetFindingState(SecurityCenterRestStub): + def __hash__(self): + return hash("SetFindingState") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.SetFindingStateRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> finding.Finding: + r"""Call the set finding state method over HTTP. + + Args: + request (~.securitycenter_service.SetFindingStateRequest): + The request object. Request message for updating a + finding's state. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + like security, risk, health, or privacy, + that is ingested into Security Command + Center for presentation, notification, + analysis, policy testing, and + enforcement. For example, a cross-site + scripting (XSS) vulnerability in an App + Engine application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{name=organizations/*/sources/*/findings/*}:setState", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{name=folders/*/sources/*/findings/*}:setState", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{name=projects/*/sources/*/findings/*}:setState", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_set_finding_state( + request, metadata + ) + pb_request = securitycenter_service.SetFindingStateRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = finding.Finding() + pb_resp = finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_set_finding_state(resp) + return resp + + class _SetIamPolicy(SecurityCenterRestStub): + def __hash__(self): + return hash("SetIamPolicy") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.SetIamPolicyRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Call the set iam policy method over HTTP. + + Args: + request (~.iam_policy_pb2.SetIamPolicyRequest): + The request object. Request message for ``SetIamPolicy`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.policy_pb2.Policy: + An Identity and Access Management (IAM) policy, which + specifies access controls for Google Cloud resources. + + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members``, or + principals, to a single ``role``. Principals can be user + accounts, service accounts, Google groups, and domains + (such as G Suite). A ``role`` is a named list of + permissions; each ``role`` can be an IAM predefined role + or a user-created custom role. + + For some types of Google Cloud resources, a ``binding`` + can also specify a ``condition``, which is a logical + expression that allows access to a resource only if the + expression evaluates to ``true``. A condition can add + constraints based on attributes of the request, the + resource, or both. To learn which resources support + conditions in their IAM policies, see the `IAM + documentation `__. + + **JSON example:** + + :: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": [ + "user:eve@example.com" + ], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", + } + } + ], + "etag": "BwWWja0YfJA=", + "version": 3 + } + + **YAML example:** + + :: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + etag: BwWWja0YfJA= + version: 3 + + For a description of IAM and its features, see the `IAM + documentation `__. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{resource=organizations/*/sources/*}:setIamPolicy", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_set_iam_policy(request, metadata) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = policy_pb2.Policy() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_set_iam_policy(resp) + return resp + + class _SetMute(SecurityCenterRestStub): + def __hash__(self): + return hash("SetMute") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.SetMuteRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> finding.Finding: + r"""Call the set mute method over HTTP. + + Args: + request (~.securitycenter_service.SetMuteRequest): + The request object. Request message for updating a + finding's mute status. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + like security, risk, health, or privacy, + that is ingested into Security Command + Center for presentation, notification, + analysis, policy testing, and + enforcement. For example, a cross-site + scripting (XSS) vulnerability in an App + Engine application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{name=organizations/*/sources/*/findings/*}:setMute", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{name=folders/*/sources/*/findings/*}:setMute", + "body": "*", + }, + { + "method": "post", + "uri": "/v1/{name=projects/*/sources/*/findings/*}:setMute", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_set_mute(request, metadata) + pb_request = securitycenter_service.SetMuteRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = finding.Finding() + pb_resp = finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_set_mute(resp) + return resp + + class _TestIamPermissions(SecurityCenterRestStub): + def __hash__(self): + return hash("TestIamPermissions") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.TestIamPermissionsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> iam_policy_pb2.TestIamPermissionsResponse: + r"""Call the test iam permissions method over HTTP. + + Args: + request (~.iam_policy_pb2.TestIamPermissionsRequest): + The request object. Request message for ``TestIamPermissions`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.iam_policy_pb2.TestIamPermissionsResponse: + Response message for ``TestIamPermissions`` method. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{resource=organizations/*/sources/*}:testIamPermissions", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_test_iam_permissions( + request, metadata + ) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = iam_policy_pb2.TestIamPermissionsResponse() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_test_iam_permissions(resp) + return resp + + class _UpdateBigQueryExport(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateBigQueryExport") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateBigQueryExportRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> bigquery_export.BigQueryExport: + r"""Call the update big query export method over HTTP. + + Args: + request (~.securitycenter_service.UpdateBigQueryExportRequest): + The request object. Request message for updating a + BigQuery export. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.bigquery_export.BigQueryExport: + Configures how to deliver Findings to + BigQuery Instance. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1/{big_query_export.name=organizations/*/bigQueryExports/*}", + "body": "big_query_export", + }, + { + "method": "patch", + "uri": "/v1/{big_query_export.name=folders/*/bigQueryExports/*}", + "body": "big_query_export", + }, + { + "method": "patch", + "uri": "/v1/{big_query_export.name=projects/*/bigQueryExports/*}", + "body": "big_query_export", + }, + ] + request, metadata = self._interceptor.pre_update_big_query_export( + request, metadata + ) + pb_request = securitycenter_service.UpdateBigQueryExportRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = bigquery_export.BigQueryExport() + pb_resp = bigquery_export.BigQueryExport.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_big_query_export(resp) + return resp + + class _UpdateExternalSystem(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateExternalSystem") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateExternalSystemRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_external_system.ExternalSystem: + r"""Call the update external system method over HTTP. + + Args: + request (~.securitycenter_service.UpdateExternalSystemRequest): + The request object. Request message for updating a + ExternalSystem resource. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_external_system.ExternalSystem: + Representation of third party + SIEM/SOAR fields within SCC. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1/{external_system.name=organizations/*/sources/*/findings/*/externalSystems/*}", + "body": "external_system", + }, + { + "method": "patch", + "uri": "/v1/{external_system.name=folders/*/sources/*/findings/*/externalSystems/*}", + "body": "external_system", + }, + { + "method": "patch", + "uri": "/v1/{external_system.name=projects/*/sources/*/findings/*/externalSystems/*}", + "body": "external_system", + }, + ] + request, metadata = self._interceptor.pre_update_external_system( + request, metadata + ) + pb_request = securitycenter_service.UpdateExternalSystemRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_external_system.ExternalSystem() + pb_resp = gcs_external_system.ExternalSystem.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_external_system(resp) + return resp + + class _UpdateFinding(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateFinding") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateFindingRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_finding.Finding: + r"""Call the update finding method over HTTP. + + Args: + request (~.securitycenter_service.UpdateFindingRequest): + The request object. Request message for updating or + creating a finding. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + like security, risk, health, or privacy, + that is ingested into Security Command + Center for presentation, notification, + analysis, policy testing, and + enforcement. For example, a cross-site + scripting (XSS) vulnerability in an App + Engine application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1/{finding.name=organizations/*/sources/*/findings/*}", + "body": "finding", + }, + { + "method": "patch", + "uri": "/v1/{finding.name=folders/*/sources/*/findings/*}", + "body": "finding", + }, + { + "method": "patch", + "uri": "/v1/{finding.name=projects/*/sources/*/findings/*}", + "body": "finding", + }, + ] + request, metadata = self._interceptor.pre_update_finding(request, metadata) + pb_request = securitycenter_service.UpdateFindingRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_finding.Finding() + pb_resp = gcs_finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_finding(resp) + return resp + + class _UpdateMuteConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateMuteConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateMuteConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_mute_config.MuteConfig: + r"""Call the update mute config method over HTTP. + + Args: + request (~.securitycenter_service.UpdateMuteConfigRequest): + The request object. Request message for updating a mute + config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_mute_config.MuteConfig: + A mute config is a Cloud SCC resource + that contains the configuration to mute + create/update events of findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1/{mute_config.name=organizations/*/muteConfigs/*}", + "body": "mute_config", + }, + { + "method": "patch", + "uri": "/v1/{mute_config.name=folders/*/muteConfigs/*}", + "body": "mute_config", + }, + { + "method": "patch", + "uri": "/v1/{mute_config.name=projects/*/muteConfigs/*}", + "body": "mute_config", + }, + ] + request, metadata = self._interceptor.pre_update_mute_config( + request, metadata + ) + pb_request = securitycenter_service.UpdateMuteConfigRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_mute_config.MuteConfig() + pb_resp = gcs_mute_config.MuteConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_mute_config(resp) + return resp + + class _UpdateNotificationConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateNotificationConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateNotificationConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_notification_config.NotificationConfig: + r"""Call the update notification + config method over HTTP. + + Args: + request (~.securitycenter_service.UpdateNotificationConfigRequest): + The request object. Request message for updating a + notification config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_notification_config.NotificationConfig: + Cloud Security Command Center (Cloud + SCC) notification configs. + A notification config is a Cloud SCC + resource that contains the configuration + to send notifications for create/update + events of findings, assets and etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1/{notification_config.name=organizations/*/notificationConfigs/*}", + "body": "notification_config", + }, + { + "method": "patch", + "uri": "/v1/{notification_config.name=folders/*/notificationConfigs/*}", + "body": "notification_config", + }, + { + "method": "patch", + "uri": "/v1/{notification_config.name=projects/*/notificationConfigs/*}", + "body": "notification_config", + }, + ] + request, metadata = self._interceptor.pre_update_notification_config( + request, metadata + ) + pb_request = securitycenter_service.UpdateNotificationConfigRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_notification_config.NotificationConfig() + pb_resp = gcs_notification_config.NotificationConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_notification_config(resp) + return resp + + class _UpdateOrganizationSettings(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateOrganizationSettings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateOrganizationSettingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_organization_settings.OrganizationSettings: + r"""Call the update organization + settings method over HTTP. + + Args: + request (~.securitycenter_service.UpdateOrganizationSettingsRequest): + The request object. Request message for updating an + organization's settings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_organization_settings.OrganizationSettings: + User specified settings that are + attached to the Security Command Center + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1/{organization_settings.name=organizations/*/organizationSettings}", + "body": "organization_settings", + }, + ] + request, metadata = self._interceptor.pre_update_organization_settings( + request, metadata + ) + pb_request = securitycenter_service.UpdateOrganizationSettingsRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_organization_settings.OrganizationSettings() + pb_resp = gcs_organization_settings.OrganizationSettings.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_organization_settings(resp) + return resp + + class _UpdateSecurityMarks(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateSecurityMarks") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateSecurityMarksRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_security_marks.SecurityMarks: + r"""Call the update security marks method over HTTP. + + Args: + request (~.securitycenter_service.UpdateSecurityMarksRequest): + The request object. Request message for updating a + SecurityMarks resource. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_security_marks.SecurityMarks: + User specified security marks that + are attached to the parent Security + Command Center resource. Security marks + are scoped within a Security Command + Center organization -- they can be + modified and viewed by all users who + have proper permissions on the + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1/{security_marks.name=organizations/*/assets/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1/{security_marks.name=folders/*/assets/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1/{security_marks.name=projects/*/assets/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1/{security_marks.name=folders/*/sources/*/findings/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1/{security_marks.name=projects/*/sources/*/findings/*/securityMarks}", + "body": "security_marks", + }, + ] + request, metadata = self._interceptor.pre_update_security_marks( + request, metadata + ) + pb_request = securitycenter_service.UpdateSecurityMarksRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_security_marks.SecurityMarks() + pb_resp = gcs_security_marks.SecurityMarks.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_security_marks(resp) + return resp + + class _UpdateSource(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_source.Source: + r"""Call the update source method over HTTP. + + Args: + request (~.securitycenter_service.UpdateSourceRequest): + The request object. Request message for updating a + source. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, and other tools. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1/{source.name=organizations/*/sources/*}", + "body": "source", + }, + ] + request, metadata = self._interceptor.pre_update_source(request, metadata) + pb_request = securitycenter_service.UpdateSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_source.Source() + pb_resp = gcs_source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_source(resp) + return resp + + @property + def bulk_mute_findings( + self, + ) -> Callable[ + [securitycenter_service.BulkMuteFindingsRequest], operations_pb2.Operation + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._BulkMuteFindings(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_big_query_export( + self, + ) -> Callable[ + [securitycenter_service.CreateBigQueryExportRequest], + bigquery_export.BigQueryExport, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateBigQueryExport(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_finding( + self, + ) -> Callable[[securitycenter_service.CreateFindingRequest], gcs_finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateFinding(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_mute_config( + self, + ) -> Callable[ + [securitycenter_service.CreateMuteConfigRequest], gcs_mute_config.MuteConfig + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateMuteConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_notification_config( + self, + ) -> Callable[ + [securitycenter_service.CreateNotificationConfigRequest], + gcs_notification_config.NotificationConfig, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateNotificationConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_source( + self, + ) -> Callable[[securitycenter_service.CreateSourceRequest], gcs_source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def delete_big_query_export( + self, + ) -> Callable[ + [securitycenter_service.DeleteBigQueryExportRequest], empty_pb2.Empty + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._DeleteBigQueryExport(self._session, self._host, self._interceptor) # type: ignore + + @property + def delete_mute_config( + self, + ) -> Callable[[securitycenter_service.DeleteMuteConfigRequest], empty_pb2.Empty]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._DeleteMuteConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def delete_notification_config( + self, + ) -> Callable[ + [securitycenter_service.DeleteNotificationConfigRequest], empty_pb2.Empty + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._DeleteNotificationConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_big_query_export( + self, + ) -> Callable[ + [securitycenter_service.GetBigQueryExportRequest], + bigquery_export.BigQueryExport, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetBigQueryExport(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_iam_policy( + self, + ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetIamPolicy(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_mute_config( + self, + ) -> Callable[ + [securitycenter_service.GetMuteConfigRequest], mute_config.MuteConfig + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetMuteConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_notification_config( + self, + ) -> Callable[ + [securitycenter_service.GetNotificationConfigRequest], + notification_config.NotificationConfig, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetNotificationConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_organization_settings( + self, + ) -> Callable[ + [securitycenter_service.GetOrganizationSettingsRequest], + organization_settings.OrganizationSettings, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetOrganizationSettings(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_source( + self, + ) -> Callable[[securitycenter_service.GetSourceRequest], source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def group_assets( + self, + ) -> Callable[ + [securitycenter_service.GroupAssetsRequest], + securitycenter_service.GroupAssetsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GroupAssets(self._session, self._host, self._interceptor) # type: ignore + + @property + def group_findings( + self, + ) -> Callable[ + [securitycenter_service.GroupFindingsRequest], + securitycenter_service.GroupFindingsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GroupFindings(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_assets( + self, + ) -> Callable[ + [securitycenter_service.ListAssetsRequest], + securitycenter_service.ListAssetsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListAssets(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_big_query_exports( + self, + ) -> Callable[ + [securitycenter_service.ListBigQueryExportsRequest], + securitycenter_service.ListBigQueryExportsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListBigQueryExports(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_findings( + self, + ) -> Callable[ + [securitycenter_service.ListFindingsRequest], + securitycenter_service.ListFindingsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListFindings(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_mute_configs( + self, + ) -> Callable[ + [securitycenter_service.ListMuteConfigsRequest], + securitycenter_service.ListMuteConfigsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListMuteConfigs(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_notification_configs( + self, + ) -> Callable[ + [securitycenter_service.ListNotificationConfigsRequest], + securitycenter_service.ListNotificationConfigsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListNotificationConfigs(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_sources( + self, + ) -> Callable[ + [securitycenter_service.ListSourcesRequest], + securitycenter_service.ListSourcesResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListSources(self._session, self._host, self._interceptor) # type: ignore + + @property + def run_asset_discovery( + self, + ) -> Callable[ + [securitycenter_service.RunAssetDiscoveryRequest], operations_pb2.Operation + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._RunAssetDiscovery(self._session, self._host, self._interceptor) # type: ignore + + @property + def set_finding_state( + self, + ) -> Callable[[securitycenter_service.SetFindingStateRequest], finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SetFindingState(self._session, self._host, self._interceptor) # type: ignore + + @property + def set_iam_policy( + self, + ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SetIamPolicy(self._session, self._host, self._interceptor) # type: ignore + + @property + def set_mute( + self, + ) -> Callable[[securitycenter_service.SetMuteRequest], finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SetMute(self._session, self._host, self._interceptor) # type: ignore + + @property + def test_iam_permissions( + self, + ) -> Callable[ + [iam_policy_pb2.TestIamPermissionsRequest], + iam_policy_pb2.TestIamPermissionsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._TestIamPermissions(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_big_query_export( + self, + ) -> Callable[ + [securitycenter_service.UpdateBigQueryExportRequest], + bigquery_export.BigQueryExport, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateBigQueryExport(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_external_system( + self, + ) -> Callable[ + [securitycenter_service.UpdateExternalSystemRequest], + gcs_external_system.ExternalSystem, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateExternalSystem(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_finding( + self, + ) -> Callable[[securitycenter_service.UpdateFindingRequest], gcs_finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateFinding(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_mute_config( + self, + ) -> Callable[ + [securitycenter_service.UpdateMuteConfigRequest], gcs_mute_config.MuteConfig + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateMuteConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_notification_config( + self, + ) -> Callable[ + [securitycenter_service.UpdateNotificationConfigRequest], + gcs_notification_config.NotificationConfig, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateNotificationConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_organization_settings( + self, + ) -> Callable[ + [securitycenter_service.UpdateOrganizationSettingsRequest], + gcs_organization_settings.OrganizationSettings, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateOrganizationSettings(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_security_marks( + self, + ) -> Callable[ + [securitycenter_service.UpdateSecurityMarksRequest], + gcs_security_marks.SecurityMarks, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateSecurityMarks(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_source( + self, + ) -> Callable[[securitycenter_service.UpdateSourceRequest], gcs_source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def cancel_operation(self): + return self._CancelOperation(self._session, self._host, self._interceptor) # type: ignore + + class _CancelOperation(SecurityCenterRestStub): + def __call__( + self, + request: operations_pb2.CancelOperationRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + + r"""Call the cancel operation method over HTTP. + + Args: + request (operations_pb2.CancelOperationRequest): + The request object for CancelOperation method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{name=organizations/*/operations/*}:cancel", + }, + ] + + request, metadata = self._interceptor.pre_cancel_operation( + request, metadata + ) + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode(http_options, **request_kwargs) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads(json.dumps(transcoded_request["query_params"])) + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + return self._interceptor.post_cancel_operation(None) + + @property + def delete_operation(self): + return self._DeleteOperation(self._session, self._host, self._interceptor) # type: ignore + + class _DeleteOperation(SecurityCenterRestStub): + def __call__( + self, + request: operations_pb2.DeleteOperationRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + + r"""Call the delete operation method over HTTP. + + Args: + request (operations_pb2.DeleteOperationRequest): + The request object for DeleteOperation method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "delete", + "uri": "/v1/{name=organizations/*/operations/*}", + }, + ] + + request, metadata = self._interceptor.pre_delete_operation( + request, metadata + ) + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode(http_options, **request_kwargs) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads(json.dumps(transcoded_request["query_params"])) + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + return self._interceptor.post_delete_operation(None) + + @property + def get_operation(self): + return self._GetOperation(self._session, self._host, self._interceptor) # type: ignore + + class _GetOperation(SecurityCenterRestStub): + def __call__( + self, + request: operations_pb2.GetOperationRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + + r"""Call the get operation method over HTTP. + + Args: + request (operations_pb2.GetOperationRequest): + The request object for GetOperation method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + operations_pb2.Operation: Response from GetOperation method. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/operations/*}", + }, + ] + + request, metadata = self._interceptor.pre_get_operation(request, metadata) + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode(http_options, **request_kwargs) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads(json.dumps(transcoded_request["query_params"])) + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + resp = operations_pb2.Operation() + resp = json_format.Parse(response.content.decode("utf-8"), resp) + resp = self._interceptor.post_get_operation(resp) + return resp + + @property + def list_operations(self): + return self._ListOperations(self._session, self._host, self._interceptor) # type: ignore + + class _ListOperations(SecurityCenterRestStub): + def __call__( + self, + request: operations_pb2.ListOperationsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.ListOperationsResponse: + + r"""Call the list operations method over HTTP. + + Args: + request (operations_pb2.ListOperationsRequest): + The request object for ListOperations method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + operations_pb2.ListOperationsResponse: Response from ListOperations method. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1/{name=organizations/*/operations}", + }, + ] + + request, metadata = self._interceptor.pre_list_operations(request, metadata) + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode(http_options, **request_kwargs) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads(json.dumps(transcoded_request["query_params"])) + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + resp = operations_pb2.ListOperationsResponse() + resp = json_format.Parse(response.content.decode("utf-8"), resp) + resp = self._interceptor.post_list_operations(resp) + return resp + + @property + def kind(self) -> str: + return "rest" + + def close(self): + self._session.close() + + +__all__ = ("SecurityCenterRestTransport",) diff --git a/google/cloud/securitycenter_v1/types/access.py b/google/cloud/securitycenter_v1/types/access.py index 32b07313..416b3c99 100644 --- a/google/cloud/securitycenter_v1/types/access.py +++ b/google/cloud/securitycenter_v1/types/access.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/asset.py b/google/cloud/securitycenter_v1/types/asset.py index 32b73399..91894bc2 100644 --- a/google/cloud/securitycenter_v1/types/asset.py +++ b/google/cloud/securitycenter_v1/types/asset.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import struct_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/types/bigquery_export.py b/google/cloud/securitycenter_v1/types/bigquery_export.py index 50408626..563309bc 100644 --- a/google/cloud/securitycenter_v1/types/bigquery_export.py +++ b/google/cloud/securitycenter_v1/types/bigquery_export.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import timestamp_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/types/compliance.py b/google/cloud/securitycenter_v1/types/compliance.py index 57f30a71..c9385f0a 100644 --- a/google/cloud/securitycenter_v1/types/compliance.py +++ b/google/cloud/securitycenter_v1/types/compliance.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/connection.py b/google/cloud/securitycenter_v1/types/connection.py index d6f19a7c..69e81371 100644 --- a/google/cloud/securitycenter_v1/types/connection.py +++ b/google/cloud/securitycenter_v1/types/connection.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/contact_details.py b/google/cloud/securitycenter_v1/types/contact_details.py index 5d00cffd..a7cee6e2 100644 --- a/google/cloud/securitycenter_v1/types/contact_details.py +++ b/google/cloud/securitycenter_v1/types/contact_details.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/container.py b/google/cloud/securitycenter_v1/types/container.py index bc5d1ad2..50430b80 100644 --- a/google/cloud/securitycenter_v1/types/container.py +++ b/google/cloud/securitycenter_v1/types/container.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/database.py b/google/cloud/securitycenter_v1/types/database.py index 687f69a9..bad0e30d 100644 --- a/google/cloud/securitycenter_v1/types/database.py +++ b/google/cloud/securitycenter_v1/types/database.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/exfiltration.py b/google/cloud/securitycenter_v1/types/exfiltration.py index d98d5ef8..d00225d7 100644 --- a/google/cloud/securitycenter_v1/types/exfiltration.py +++ b/google/cloud/securitycenter_v1/types/exfiltration.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/external_system.py b/google/cloud/securitycenter_v1/types/external_system.py index 0dc9880a..afc92c5d 100644 --- a/google/cloud/securitycenter_v1/types/external_system.py +++ b/google/cloud/securitycenter_v1/types/external_system.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import timestamp_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/types/file.py b/google/cloud/securitycenter_v1/types/file.py index 41baadf2..42d8e865 100644 --- a/google/cloud/securitycenter_v1/types/file.py +++ b/google/cloud/securitycenter_v1/types/file.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/finding.py b/google/cloud/securitycenter_v1/types/finding.py index be9e6690..0868d24d 100644 --- a/google/cloud/securitycenter_v1/types/finding.py +++ b/google/cloud/securitycenter_v1/types/finding.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import struct_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/types/folder.py b/google/cloud/securitycenter_v1/types/folder.py index 65023861..4af47de2 100644 --- a/google/cloud/securitycenter_v1/types/folder.py +++ b/google/cloud/securitycenter_v1/types/folder.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/iam_binding.py b/google/cloud/securitycenter_v1/types/iam_binding.py index ff03885d..6561fe4f 100644 --- a/google/cloud/securitycenter_v1/types/iam_binding.py +++ b/google/cloud/securitycenter_v1/types/iam_binding.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/indicator.py b/google/cloud/securitycenter_v1/types/indicator.py index c6acc286..6048ab24 100644 --- a/google/cloud/securitycenter_v1/types/indicator.py +++ b/google/cloud/securitycenter_v1/types/indicator.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/kernel_rootkit.py b/google/cloud/securitycenter_v1/types/kernel_rootkit.py index a177766e..62980f75 100644 --- a/google/cloud/securitycenter_v1/types/kernel_rootkit.py +++ b/google/cloud/securitycenter_v1/types/kernel_rootkit.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/kubernetes.py b/google/cloud/securitycenter_v1/types/kubernetes.py index 86f78c94..e0406a6b 100644 --- a/google/cloud/securitycenter_v1/types/kubernetes.py +++ b/google/cloud/securitycenter_v1/types/kubernetes.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/label.py b/google/cloud/securitycenter_v1/types/label.py index 84eb144f..599f2614 100644 --- a/google/cloud/securitycenter_v1/types/label.py +++ b/google/cloud/securitycenter_v1/types/label.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/mitre_attack.py b/google/cloud/securitycenter_v1/types/mitre_attack.py index 3e01d7ae..c6fe3d55 100644 --- a/google/cloud/securitycenter_v1/types/mitre_attack.py +++ b/google/cloud/securitycenter_v1/types/mitre_attack.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/mute_config.py b/google/cloud/securitycenter_v1/types/mute_config.py index 2803055a..d7f347f0 100644 --- a/google/cloud/securitycenter_v1/types/mute_config.py +++ b/google/cloud/securitycenter_v1/types/mute_config.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import timestamp_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/types/notification_config.py b/google/cloud/securitycenter_v1/types/notification_config.py index fdc7e57b..3d21a56e 100644 --- a/google/cloud/securitycenter_v1/types/notification_config.py +++ b/google/cloud/securitycenter_v1/types/notification_config.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/notification_message.py b/google/cloud/securitycenter_v1/types/notification_message.py index 6006459b..3a146ea6 100644 --- a/google/cloud/securitycenter_v1/types/notification_message.py +++ b/google/cloud/securitycenter_v1/types/notification_message.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/organization_settings.py b/google/cloud/securitycenter_v1/types/organization_settings.py index 7bb00684..48e2e829 100644 --- a/google/cloud/securitycenter_v1/types/organization_settings.py +++ b/google/cloud/securitycenter_v1/types/organization_settings.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/process.py b/google/cloud/securitycenter_v1/types/process.py index 8e2b2825..c4a9c206 100644 --- a/google/cloud/securitycenter_v1/types/process.py +++ b/google/cloud/securitycenter_v1/types/process.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/resource.py b/google/cloud/securitycenter_v1/types/resource.py index 418cafb2..0425af1e 100644 --- a/google/cloud/securitycenter_v1/types/resource.py +++ b/google/cloud/securitycenter_v1/types/resource.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py index 61bde684..29aa02ff 100644 --- a/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py +++ b/google/cloud/securitycenter_v1/types/run_asset_discovery_response.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import duration_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/types/security_marks.py b/google/cloud/securitycenter_v1/types/security_marks.py index 9dcb4879..db173d1f 100644 --- a/google/cloud/securitycenter_v1/types/security_marks.py +++ b/google/cloud/securitycenter_v1/types/security_marks.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/securitycenter_service.py b/google/cloud/securitycenter_v1/types/securitycenter_service.py index c7700f6a..04856162 100644 --- a/google/cloud/securitycenter_v1/types/securitycenter_service.py +++ b/google/cloud/securitycenter_v1/types/securitycenter_service.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import duration_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/types/source.py b/google/cloud/securitycenter_v1/types/source.py index 6892b78d..4bb2bad3 100644 --- a/google/cloud/securitycenter_v1/types/source.py +++ b/google/cloud/securitycenter_v1/types/source.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1/types/vulnerability.py b/google/cloud/securitycenter_v1/types/vulnerability.py index cd43b7cb..c0060b74 100644 --- a/google/cloud/securitycenter_v1/types/vulnerability.py +++ b/google/cloud/securitycenter_v1/types/vulnerability.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1beta1/__init__.py b/google/cloud/securitycenter_v1beta1/__init__.py index 418a532d..0f88d9bd 100644 --- a/google/cloud/securitycenter_v1beta1/__init__.py +++ b/google/cloud/securitycenter_v1beta1/__init__.py @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -from google.cloud.securitycenter import gapic_version as package_version +from google.cloud.securitycenter_v1beta1 import gapic_version as package_version __version__ = package_version.__version__ diff --git a/google/cloud/securitycenter_v1beta1/gapic_metadata.json b/google/cloud/securitycenter_v1beta1/gapic_metadata.json index 56b17ccf..afd9dcb0 100644 --- a/google/cloud/securitycenter_v1beta1/gapic_metadata.json +++ b/google/cloud/securitycenter_v1beta1/gapic_metadata.json @@ -196,6 +196,101 @@ ] } } + }, + "rest": { + "libraryClient": "SecurityCenterClient", + "rpcs": { + "CreateFinding": { + "methods": [ + "create_finding" + ] + }, + "CreateSource": { + "methods": [ + "create_source" + ] + }, + "GetIamPolicy": { + "methods": [ + "get_iam_policy" + ] + }, + "GetOrganizationSettings": { + "methods": [ + "get_organization_settings" + ] + }, + "GetSource": { + "methods": [ + "get_source" + ] + }, + "GroupAssets": { + "methods": [ + "group_assets" + ] + }, + "GroupFindings": { + "methods": [ + "group_findings" + ] + }, + "ListAssets": { + "methods": [ + "list_assets" + ] + }, + "ListFindings": { + "methods": [ + "list_findings" + ] + }, + "ListSources": { + "methods": [ + "list_sources" + ] + }, + "RunAssetDiscovery": { + "methods": [ + "run_asset_discovery" + ] + }, + "SetFindingState": { + "methods": [ + "set_finding_state" + ] + }, + "SetIamPolicy": { + "methods": [ + "set_iam_policy" + ] + }, + "TestIamPermissions": { + "methods": [ + "test_iam_permissions" + ] + }, + "UpdateFinding": { + "methods": [ + "update_finding" + ] + }, + "UpdateOrganizationSettings": { + "methods": [ + "update_organization_settings" + ] + }, + "UpdateSecurityMarks": { + "methods": [ + "update_security_marks" + ] + }, + "UpdateSource": { + "methods": [ + "update_source" + ] + } + } } } } diff --git a/google/cloud/securitycenter_v1beta1/gapic_version.py b/google/cloud/securitycenter_v1beta1/gapic_version.py index 83612d7b..86f8ab82 100644 --- a/google/cloud/securitycenter_v1beta1/gapic_version.py +++ b/google/cloud/securitycenter_v1beta1/gapic_version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -__version__ = "1.18.2" # {x-release-please-version} +__version__ = "1.19.0" # {x-release-please-version} diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/client.py b/google/cloud/securitycenter_v1beta1/services/security_center/client.py index 8551f4d6..68d59882 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/client.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/client.py @@ -71,6 +71,7 @@ from .transports.base import DEFAULT_CLIENT_INFO, SecurityCenterTransport from .transports.grpc import SecurityCenterGrpcTransport from .transports.grpc_asyncio import SecurityCenterGrpcAsyncIOTransport +from .transports.rest import SecurityCenterRestTransport class SecurityCenterClientMeta(type): @@ -86,6 +87,7 @@ class SecurityCenterClientMeta(type): ) # type: Dict[str, Type[SecurityCenterTransport]] _transport_registry["grpc"] = SecurityCenterGrpcTransport _transport_registry["grpc_asyncio"] = SecurityCenterGrpcAsyncIOTransport + _transport_registry["rest"] = SecurityCenterRestTransport def get_transport_class( cls, diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/__init__.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/__init__.py index 31383441..2b0f299f 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/__init__.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/__init__.py @@ -19,14 +19,18 @@ from .base import SecurityCenterTransport from .grpc import SecurityCenterGrpcTransport from .grpc_asyncio import SecurityCenterGrpcAsyncIOTransport +from .rest import SecurityCenterRestInterceptor, SecurityCenterRestTransport # Compile a registry of transports. _transport_registry = OrderedDict() # type: Dict[str, Type[SecurityCenterTransport]] _transport_registry["grpc"] = SecurityCenterGrpcTransport _transport_registry["grpc_asyncio"] = SecurityCenterGrpcAsyncIOTransport +_transport_registry["rest"] = SecurityCenterRestTransport __all__ = ( "SecurityCenterTransport", "SecurityCenterGrpcTransport", "SecurityCenterGrpcAsyncIOTransport", + "SecurityCenterRestTransport", + "SecurityCenterRestInterceptor", ) diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/rest.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/rest.py new file mode 100644 index 00000000..3a90d870 --- /dev/null +++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/rest.py @@ -0,0 +1,2903 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import dataclasses +import json # type: ignore +import re +from typing import Any, Callable, Dict, List, Optional, Sequence, Tuple, Union +import warnings + +from google.api_core import ( + gapic_v1, + operations_v1, + path_template, + rest_helpers, + rest_streaming, +) +from google.api_core import exceptions as core_exceptions +from google.api_core import retry as retries +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.transport.requests import AuthorizedSession # type: ignore +from google.protobuf import json_format +import grpc # type: ignore +from requests import __version__ as requests_version + +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object] # type: ignore + + +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from google.longrunning import operations_pb2 # type: ignore + +from google.cloud.securitycenter_v1beta1.types import ( + organization_settings as gcs_organization_settings, +) +from google.cloud.securitycenter_v1beta1.types import ( + security_marks as gcs_security_marks, +) +from google.cloud.securitycenter_v1beta1.types import finding +from google.cloud.securitycenter_v1beta1.types import finding as gcs_finding +from google.cloud.securitycenter_v1beta1.types import organization_settings +from google.cloud.securitycenter_v1beta1.types import securitycenter_service +from google.cloud.securitycenter_v1beta1.types import source +from google.cloud.securitycenter_v1beta1.types import source as gcs_source + +from .base import DEFAULT_CLIENT_INFO as BASE_DEFAULT_CLIENT_INFO +from .base import SecurityCenterTransport + +DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=BASE_DEFAULT_CLIENT_INFO.gapic_version, + grpc_version=None, + rest_version=requests_version, +) + + +class SecurityCenterRestInterceptor: + """Interceptor for SecurityCenter. + + Interceptors are used to manipulate requests, request metadata, and responses + in arbitrary ways. + Example use cases include: + * Logging + * Verifying requests according to service or custom semantics + * Stripping extraneous information from responses + + These use cases and more can be enabled by injecting an + instance of a custom subclass when constructing the SecurityCenterRestTransport. + + .. code-block:: python + class MyCustomSecurityCenterInterceptor(SecurityCenterRestInterceptor): + def pre_create_finding(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_finding(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_source(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_iam_policy(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_iam_policy(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_organization_settings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_organization_settings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_source(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_group_assets(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_group_assets(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_group_findings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_group_findings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_assets(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_assets(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_findings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_findings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_sources(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_sources(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_run_asset_discovery(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_run_asset_discovery(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_set_finding_state(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_set_finding_state(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_set_iam_policy(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_set_iam_policy(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_test_iam_permissions(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_test_iam_permissions(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_finding(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_finding(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_organization_settings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_organization_settings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_security_marks(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_security_marks(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_source(self, response): + logging.log(f"Received response: {response}") + return response + + transport = SecurityCenterRestTransport(interceptor=MyCustomSecurityCenterInterceptor()) + client = SecurityCenterClient(transport=transport) + + + """ + + def pre_create_finding( + self, + request: securitycenter_service.CreateFindingRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.CreateFindingRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for create_finding + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_finding(self, response: gcs_finding.Finding) -> gcs_finding.Finding: + """Post-rpc interceptor for create_finding + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_create_source( + self, + request: securitycenter_service.CreateSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.CreateSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for create_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_source(self, response: gcs_source.Source) -> gcs_source.Source: + """Post-rpc interceptor for create_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_iam_policy( + self, + request: iam_policy_pb2.GetIamPolicyRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.GetIamPolicyRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for get_iam_policy + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_iam_policy(self, response: policy_pb2.Policy) -> policy_pb2.Policy: + """Post-rpc interceptor for get_iam_policy + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_organization_settings( + self, + request: securitycenter_service.GetOrganizationSettingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.GetOrganizationSettingsRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for get_organization_settings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_organization_settings( + self, response: organization_settings.OrganizationSettings + ) -> organization_settings.OrganizationSettings: + """Post-rpc interceptor for get_organization_settings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_source( + self, + request: securitycenter_service.GetSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GetSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for get_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_source(self, response: source.Source) -> source.Source: + """Post-rpc interceptor for get_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_group_assets( + self, + request: securitycenter_service.GroupAssetsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GroupAssetsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for group_assets + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_group_assets( + self, response: securitycenter_service.GroupAssetsResponse + ) -> securitycenter_service.GroupAssetsResponse: + """Post-rpc interceptor for group_assets + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_group_findings( + self, + request: securitycenter_service.GroupFindingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GroupFindingsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for group_findings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_group_findings( + self, response: securitycenter_service.GroupFindingsResponse + ) -> securitycenter_service.GroupFindingsResponse: + """Post-rpc interceptor for group_findings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_assets( + self, + request: securitycenter_service.ListAssetsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListAssetsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_assets + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_assets( + self, response: securitycenter_service.ListAssetsResponse + ) -> securitycenter_service.ListAssetsResponse: + """Post-rpc interceptor for list_assets + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_findings( + self, + request: securitycenter_service.ListFindingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListFindingsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_findings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_findings( + self, response: securitycenter_service.ListFindingsResponse + ) -> securitycenter_service.ListFindingsResponse: + """Post-rpc interceptor for list_findings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_sources( + self, + request: securitycenter_service.ListSourcesRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListSourcesRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_sources + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_sources( + self, response: securitycenter_service.ListSourcesResponse + ) -> securitycenter_service.ListSourcesResponse: + """Post-rpc interceptor for list_sources + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_run_asset_discovery( + self, + request: securitycenter_service.RunAssetDiscoveryRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.RunAssetDiscoveryRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for run_asset_discovery + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_run_asset_discovery( + self, response: operations_pb2.Operation + ) -> operations_pb2.Operation: + """Post-rpc interceptor for run_asset_discovery + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_set_finding_state( + self, + request: securitycenter_service.SetFindingStateRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.SetFindingStateRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for set_finding_state + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_set_finding_state(self, response: finding.Finding) -> finding.Finding: + """Post-rpc interceptor for set_finding_state + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_set_iam_policy( + self, + request: iam_policy_pb2.SetIamPolicyRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.SetIamPolicyRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for set_iam_policy + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_set_iam_policy(self, response: policy_pb2.Policy) -> policy_pb2.Policy: + """Post-rpc interceptor for set_iam_policy + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_test_iam_permissions( + self, + request: iam_policy_pb2.TestIamPermissionsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.TestIamPermissionsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for test_iam_permissions + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_test_iam_permissions( + self, response: iam_policy_pb2.TestIamPermissionsResponse + ) -> iam_policy_pb2.TestIamPermissionsResponse: + """Post-rpc interceptor for test_iam_permissions + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_finding( + self, + request: securitycenter_service.UpdateFindingRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.UpdateFindingRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for update_finding + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_finding(self, response: gcs_finding.Finding) -> gcs_finding.Finding: + """Post-rpc interceptor for update_finding + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_organization_settings( + self, + request: securitycenter_service.UpdateOrganizationSettingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateOrganizationSettingsRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for update_organization_settings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_organization_settings( + self, response: gcs_organization_settings.OrganizationSettings + ) -> gcs_organization_settings.OrganizationSettings: + """Post-rpc interceptor for update_organization_settings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_security_marks( + self, + request: securitycenter_service.UpdateSecurityMarksRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateSecurityMarksRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for update_security_marks + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_security_marks( + self, response: gcs_security_marks.SecurityMarks + ) -> gcs_security_marks.SecurityMarks: + """Post-rpc interceptor for update_security_marks + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_source( + self, + request: securitycenter_service.UpdateSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.UpdateSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for update_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_source(self, response: gcs_source.Source) -> gcs_source.Source: + """Post-rpc interceptor for update_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + +@dataclasses.dataclass +class SecurityCenterRestStub: + _session: AuthorizedSession + _host: str + _interceptor: SecurityCenterRestInterceptor + + +class SecurityCenterRestTransport(SecurityCenterTransport): + """REST backend transport for SecurityCenter. + + V1 Beta APIs for Security Center service. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends JSON representations of protocol buffers over HTTP/1.1 + + """ + + def __init__( + self, + *, + host: str = "securitycenter.googleapis.com", + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + url_scheme: str = "https", + interceptor: Optional[SecurityCenterRestInterceptor] = None, + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + client_cert_source_for_mtls (Callable[[], Tuple[bytes, bytes]]): Client + certificate to configure mutual TLS HTTP channel. It is ignored + if ``channel`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you are developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + url_scheme: the protocol scheme for the API endpoint. Normally + "https", but for testing or local servers, + "http" can be specified. + """ + # Run the base constructor + # TODO(yon-mg): resolve other ctor params i.e. scopes, quota, etc. + # TODO: When custom host (api_endpoint) is set, `scopes` must *also* be set on the + # credentials object + maybe_url_match = re.match("^(?Phttp(?:s)?://)?(?P.*)$", host) + if maybe_url_match is None: + raise ValueError( + f"Unexpected hostname structure: {host}" + ) # pragma: NO COVER + + url_match_items = maybe_url_match.groupdict() + + host = f"{url_scheme}://{host}" if not url_match_items["scheme"] else host + + super().__init__( + host=host, + credentials=credentials, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, + ) + self._session = AuthorizedSession( + self._credentials, default_host=self.DEFAULT_HOST + ) + self._operations_client: Optional[operations_v1.AbstractOperationsClient] = None + if client_cert_source_for_mtls: + self._session.configure_mtls_channel(client_cert_source_for_mtls) + self._interceptor = interceptor or SecurityCenterRestInterceptor() + self._prep_wrapped_messages(client_info) + + @property + def operations_client(self) -> operations_v1.AbstractOperationsClient: + """Create the client designed to process long-running operations. + + This property caches on the instance; repeated calls return the same + client. + """ + # Only create a new client if we do not already have one. + if self._operations_client is None: + http_options: Dict[str, List[Dict[str, str]]] = { + "google.longrunning.Operations.CancelOperation": [ + { + "method": "post", + "uri": "/v1beta1/{name=organizations/*/operations/*}:cancel", + "body": "*", + }, + ], + "google.longrunning.Operations.DeleteOperation": [ + { + "method": "delete", + "uri": "/v1beta1/{name=organizations/*/operations/*}", + }, + ], + "google.longrunning.Operations.GetOperation": [ + { + "method": "get", + "uri": "/v1beta1/{name=organizations/*/operations/*}", + }, + ], + "google.longrunning.Operations.ListOperations": [ + { + "method": "get", + "uri": "/v1beta1/{name=organizations/*/operations}", + }, + ], + } + + rest_transport = operations_v1.OperationsRestTransport( + host=self._host, + # use the credentials which are saved + credentials=self._credentials, + scopes=self._scopes, + http_options=http_options, + path_prefix="v1beta1", + ) + + self._operations_client = operations_v1.AbstractOperationsClient( + transport=rest_transport + ) + + # Return the client from cache. + return self._operations_client + + class _CreateFinding(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateFinding") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "findingId": "", + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateFindingRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_finding.Finding: + r"""Call the create finding method over HTTP. + + Args: + request (~.securitycenter_service.CreateFindingRequest): + The request object. Request message for creating a + finding. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + (security, risk, health or privacy) + ingested into Security Command Center + for presentation, notification, + analysis, policy testing, and + enforcement. For example, an XSS + vulnerability in an App Engine + application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{parent=organizations/*/sources/*}/findings", + "body": "finding", + }, + ] + request, metadata = self._interceptor.pre_create_finding(request, metadata) + pb_request = securitycenter_service.CreateFindingRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_finding.Finding() + pb_resp = gcs_finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_finding(resp) + return resp + + class _CreateSource(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_source.Source: + r"""Call the create source method over HTTP. + + Args: + request (~.securitycenter_service.CreateSourceRequest): + The request object. Request message for creating a + source. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{parent=organizations/*}/sources", + "body": "source", + }, + ] + request, metadata = self._interceptor.pre_create_source(request, metadata) + pb_request = securitycenter_service.CreateSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_source.Source() + pb_resp = gcs_source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_source(resp) + return resp + + class _GetIamPolicy(SecurityCenterRestStub): + def __hash__(self): + return hash("GetIamPolicy") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.GetIamPolicyRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Call the get iam policy method over HTTP. + + Args: + request (~.iam_policy_pb2.GetIamPolicyRequest): + The request object. Request message for ``GetIamPolicy`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.policy_pb2.Policy: + An Identity and Access Management (IAM) policy, which + specifies access controls for Google Cloud resources. + + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members``, or + principals, to a single ``role``. Principals can be user + accounts, service accounts, Google groups, and domains + (such as G Suite). A ``role`` is a named list of + permissions; each ``role`` can be an IAM predefined role + or a user-created custom role. + + For some types of Google Cloud resources, a ``binding`` + can also specify a ``condition``, which is a logical + expression that allows access to a resource only if the + expression evaluates to ``true``. A condition can add + constraints based on attributes of the request, the + resource, or both. To learn which resources support + conditions in their IAM policies, see the `IAM + documentation `__. + + **JSON example:** + + :: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": [ + "user:eve@example.com" + ], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", + } + } + ], + "etag": "BwWWja0YfJA=", + "version": 3 + } + + **YAML example:** + + :: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + etag: BwWWja0YfJA= + version: 3 + + For a description of IAM and its features, see the `IAM + documentation `__. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_get_iam_policy(request, metadata) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = policy_pb2.Policy() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_iam_policy(resp) + return resp + + class _GetOrganizationSettings(SecurityCenterRestStub): + def __hash__(self): + return hash("GetOrganizationSettings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetOrganizationSettingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> organization_settings.OrganizationSettings: + r"""Call the get organization settings method over HTTP. + + Args: + request (~.securitycenter_service.GetOrganizationSettingsRequest): + The request object. Request message for getting + organization settings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.organization_settings.OrganizationSettings: + User specified settings that are + attached to the Security Command Center + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1beta1/{name=organizations/*/organizationSettings}", + }, + ] + request, metadata = self._interceptor.pre_get_organization_settings( + request, metadata + ) + pb_request = securitycenter_service.GetOrganizationSettingsRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = organization_settings.OrganizationSettings() + pb_resp = organization_settings.OrganizationSettings.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_organization_settings(resp) + return resp + + class _GetSource(SecurityCenterRestStub): + def __hash__(self): + return hash("GetSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> source.Source: + r"""Call the get source method over HTTP. + + Args: + request (~.securitycenter_service.GetSourceRequest): + The request object. Request message for getting a source. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1beta1/{name=organizations/*/sources/*}", + }, + ] + request, metadata = self._interceptor.pre_get_source(request, metadata) + pb_request = securitycenter_service.GetSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = source.Source() + pb_resp = source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_source(resp) + return resp + + class _GroupAssets(SecurityCenterRestStub): + def __hash__(self): + return hash("GroupAssets") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GroupAssetsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.GroupAssetsResponse: + r"""Call the group assets method over HTTP. + + Args: + request (~.securitycenter_service.GroupAssetsRequest): + The request object. Request message for grouping by + assets. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.GroupAssetsResponse: + Response message for grouping by + assets. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{parent=organizations/*}/assets:group", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_group_assets(request, metadata) + pb_request = securitycenter_service.GroupAssetsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.GroupAssetsResponse() + pb_resp = securitycenter_service.GroupAssetsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_group_assets(resp) + return resp + + class _GroupFindings(SecurityCenterRestStub): + def __hash__(self): + return hash("GroupFindings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GroupFindingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.GroupFindingsResponse: + r"""Call the group findings method over HTTP. + + Args: + request (~.securitycenter_service.GroupFindingsRequest): + The request object. Request message for grouping by + findings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.GroupFindingsResponse: + Response message for group by + findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{parent=organizations/*/sources/*}/findings:group", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_group_findings(request, metadata) + pb_request = securitycenter_service.GroupFindingsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.GroupFindingsResponse() + pb_resp = securitycenter_service.GroupFindingsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_group_findings(resp) + return resp + + class _ListAssets(SecurityCenterRestStub): + def __hash__(self): + return hash("ListAssets") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListAssetsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListAssetsResponse: + r"""Call the list assets method over HTTP. + + Args: + request (~.securitycenter_service.ListAssetsRequest): + The request object. Request message for listing assets. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListAssetsResponse: + Response message for listing assets. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1beta1/{parent=organizations/*}/assets", + }, + ] + request, metadata = self._interceptor.pre_list_assets(request, metadata) + pb_request = securitycenter_service.ListAssetsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListAssetsResponse() + pb_resp = securitycenter_service.ListAssetsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_assets(resp) + return resp + + class _ListFindings(SecurityCenterRestStub): + def __hash__(self): + return hash("ListFindings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListFindingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListFindingsResponse: + r"""Call the list findings method over HTTP. + + Args: + request (~.securitycenter_service.ListFindingsRequest): + The request object. Request message for listing findings. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListFindingsResponse: + Response message for listing + findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1beta1/{parent=organizations/*/sources/*}/findings", + }, + ] + request, metadata = self._interceptor.pre_list_findings(request, metadata) + pb_request = securitycenter_service.ListFindingsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListFindingsResponse() + pb_resp = securitycenter_service.ListFindingsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_findings(resp) + return resp + + class _ListSources(SecurityCenterRestStub): + def __hash__(self): + return hash("ListSources") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListSourcesRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListSourcesResponse: + r"""Call the list sources method over HTTP. + + Args: + request (~.securitycenter_service.ListSourcesRequest): + The request object. Request message for listing sources. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListSourcesResponse: + Response message for listing sources. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1beta1/{parent=organizations/*}/sources", + }, + ] + request, metadata = self._interceptor.pre_list_sources(request, metadata) + pb_request = securitycenter_service.ListSourcesRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListSourcesResponse() + pb_resp = securitycenter_service.ListSourcesResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_sources(resp) + return resp + + class _RunAssetDiscovery(SecurityCenterRestStub): + def __hash__(self): + return hash("RunAssetDiscovery") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.RunAssetDiscoveryRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + r"""Call the run asset discovery method over HTTP. + + Args: + request (~.securitycenter_service.RunAssetDiscoveryRequest): + The request object. Request message for running asset + discovery for an organization. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.operations_pb2.Operation: + This resource represents a + long-running operation that is the + result of a network API call. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{parent=organizations/*}/assets:runDiscovery", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_run_asset_discovery( + request, metadata + ) + pb_request = securitycenter_service.RunAssetDiscoveryRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = operations_pb2.Operation() + json_format.Parse(response.content, resp, ignore_unknown_fields=True) + resp = self._interceptor.post_run_asset_discovery(resp) + return resp + + class _SetFindingState(SecurityCenterRestStub): + def __hash__(self): + return hash("SetFindingState") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.SetFindingStateRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> finding.Finding: + r"""Call the set finding state method over HTTP. + + Args: + request (~.securitycenter_service.SetFindingStateRequest): + The request object. Request message for updating a + finding's state. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + (security, risk, health or privacy) + ingested into Security Command Center + for presentation, notification, + analysis, policy testing, and + enforcement. For example, an XSS + vulnerability in an App Engine + application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{name=organizations/*/sources/*/findings/*}:setState", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_set_finding_state( + request, metadata + ) + pb_request = securitycenter_service.SetFindingStateRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = finding.Finding() + pb_resp = finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_set_finding_state(resp) + return resp + + class _SetIamPolicy(SecurityCenterRestStub): + def __hash__(self): + return hash("SetIamPolicy") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.SetIamPolicyRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Call the set iam policy method over HTTP. + + Args: + request (~.iam_policy_pb2.SetIamPolicyRequest): + The request object. Request message for ``SetIamPolicy`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.policy_pb2.Policy: + An Identity and Access Management (IAM) policy, which + specifies access controls for Google Cloud resources. + + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members``, or + principals, to a single ``role``. Principals can be user + accounts, service accounts, Google groups, and domains + (such as G Suite). A ``role`` is a named list of + permissions; each ``role`` can be an IAM predefined role + or a user-created custom role. + + For some types of Google Cloud resources, a ``binding`` + can also specify a ``condition``, which is a logical + expression that allows access to a resource only if the + expression evaluates to ``true``. A condition can add + constraints based on attributes of the request, the + resource, or both. To learn which resources support + conditions in their IAM policies, see the `IAM + documentation `__. + + **JSON example:** + + :: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": [ + "user:eve@example.com" + ], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", + } + } + ], + "etag": "BwWWja0YfJA=", + "version": 3 + } + + **YAML example:** + + :: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + etag: BwWWja0YfJA= + version: 3 + + For a description of IAM and its features, see the `IAM + documentation `__. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_set_iam_policy(request, metadata) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = policy_pb2.Policy() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_set_iam_policy(resp) + return resp + + class _TestIamPermissions(SecurityCenterRestStub): + def __hash__(self): + return hash("TestIamPermissions") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.TestIamPermissionsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> iam_policy_pb2.TestIamPermissionsResponse: + r"""Call the test iam permissions method over HTTP. + + Args: + request (~.iam_policy_pb2.TestIamPermissionsRequest): + The request object. Request message for ``TestIamPermissions`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.iam_policy_pb2.TestIamPermissionsResponse: + Response message for ``TestIamPermissions`` method. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_test_iam_permissions( + request, metadata + ) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = iam_policy_pb2.TestIamPermissionsResponse() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_test_iam_permissions(resp) + return resp + + class _UpdateFinding(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateFinding") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateFindingRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_finding.Finding: + r"""Call the update finding method over HTTP. + + Args: + request (~.securitycenter_service.UpdateFindingRequest): + The request object. Request message for updating or + creating a finding. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + (security, risk, health or privacy) + ingested into Security Command Center + for presentation, notification, + analysis, policy testing, and + enforcement. For example, an XSS + vulnerability in an App Engine + application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1beta1/{finding.name=organizations/*/sources/*/findings/*}", + "body": "finding", + }, + ] + request, metadata = self._interceptor.pre_update_finding(request, metadata) + pb_request = securitycenter_service.UpdateFindingRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_finding.Finding() + pb_resp = gcs_finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_finding(resp) + return resp + + class _UpdateOrganizationSettings(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateOrganizationSettings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateOrganizationSettingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_organization_settings.OrganizationSettings: + r"""Call the update organization + settings method over HTTP. + + Args: + request (~.securitycenter_service.UpdateOrganizationSettingsRequest): + The request object. Request message for updating an + organization's settings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_organization_settings.OrganizationSettings: + User specified settings that are + attached to the Security Command Center + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1beta1/{organization_settings.name=organizations/*/organizationSettings}", + "body": "organization_settings", + }, + ] + request, metadata = self._interceptor.pre_update_organization_settings( + request, metadata + ) + pb_request = securitycenter_service.UpdateOrganizationSettingsRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_organization_settings.OrganizationSettings() + pb_resp = gcs_organization_settings.OrganizationSettings.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_organization_settings(resp) + return resp + + class _UpdateSecurityMarks(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateSecurityMarks") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateSecurityMarksRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_security_marks.SecurityMarks: + r"""Call the update security marks method over HTTP. + + Args: + request (~.securitycenter_service.UpdateSecurityMarksRequest): + The request object. Request message for updating a + SecurityMarks resource. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_security_marks.SecurityMarks: + User specified security marks that + are attached to the parent Security + Command Center resource. Security marks + are scoped within a Security Command + Center organization -- they can be + modified and viewed by all users who + have proper permissions on the + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}", + "body": "security_marks", + }, + ] + request, metadata = self._interceptor.pre_update_security_marks( + request, metadata + ) + pb_request = securitycenter_service.UpdateSecurityMarksRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_security_marks.SecurityMarks() + pb_resp = gcs_security_marks.SecurityMarks.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_security_marks(resp) + return resp + + class _UpdateSource(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_source.Source: + r"""Call the update source method over HTTP. + + Args: + request (~.securitycenter_service.UpdateSourceRequest): + The request object. Request message for updating a + source. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1beta1/{source.name=organizations/*/sources/*}", + "body": "source", + }, + ] + request, metadata = self._interceptor.pre_update_source(request, metadata) + pb_request = securitycenter_service.UpdateSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_source.Source() + pb_resp = gcs_source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_source(resp) + return resp + + @property + def create_finding( + self, + ) -> Callable[[securitycenter_service.CreateFindingRequest], gcs_finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateFinding(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_source( + self, + ) -> Callable[[securitycenter_service.CreateSourceRequest], gcs_source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_iam_policy( + self, + ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetIamPolicy(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_organization_settings( + self, + ) -> Callable[ + [securitycenter_service.GetOrganizationSettingsRequest], + organization_settings.OrganizationSettings, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetOrganizationSettings(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_source( + self, + ) -> Callable[[securitycenter_service.GetSourceRequest], source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def group_assets( + self, + ) -> Callable[ + [securitycenter_service.GroupAssetsRequest], + securitycenter_service.GroupAssetsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GroupAssets(self._session, self._host, self._interceptor) # type: ignore + + @property + def group_findings( + self, + ) -> Callable[ + [securitycenter_service.GroupFindingsRequest], + securitycenter_service.GroupFindingsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GroupFindings(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_assets( + self, + ) -> Callable[ + [securitycenter_service.ListAssetsRequest], + securitycenter_service.ListAssetsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListAssets(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_findings( + self, + ) -> Callable[ + [securitycenter_service.ListFindingsRequest], + securitycenter_service.ListFindingsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListFindings(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_sources( + self, + ) -> Callable[ + [securitycenter_service.ListSourcesRequest], + securitycenter_service.ListSourcesResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListSources(self._session, self._host, self._interceptor) # type: ignore + + @property + def run_asset_discovery( + self, + ) -> Callable[ + [securitycenter_service.RunAssetDiscoveryRequest], operations_pb2.Operation + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._RunAssetDiscovery(self._session, self._host, self._interceptor) # type: ignore + + @property + def set_finding_state( + self, + ) -> Callable[[securitycenter_service.SetFindingStateRequest], finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SetFindingState(self._session, self._host, self._interceptor) # type: ignore + + @property + def set_iam_policy( + self, + ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SetIamPolicy(self._session, self._host, self._interceptor) # type: ignore + + @property + def test_iam_permissions( + self, + ) -> Callable[ + [iam_policy_pb2.TestIamPermissionsRequest], + iam_policy_pb2.TestIamPermissionsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._TestIamPermissions(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_finding( + self, + ) -> Callable[[securitycenter_service.UpdateFindingRequest], gcs_finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateFinding(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_organization_settings( + self, + ) -> Callable[ + [securitycenter_service.UpdateOrganizationSettingsRequest], + gcs_organization_settings.OrganizationSettings, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateOrganizationSettings(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_security_marks( + self, + ) -> Callable[ + [securitycenter_service.UpdateSecurityMarksRequest], + gcs_security_marks.SecurityMarks, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateSecurityMarks(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_source( + self, + ) -> Callable[[securitycenter_service.UpdateSourceRequest], gcs_source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def kind(self) -> str: + return "rest" + + def close(self): + self._session.close() + + +__all__ = ("SecurityCenterRestTransport",) diff --git a/google/cloud/securitycenter_v1beta1/types/asset.py b/google/cloud/securitycenter_v1beta1/types/asset.py index f935efdb..c969bab6 100644 --- a/google/cloud/securitycenter_v1beta1/types/asset.py +++ b/google/cloud/securitycenter_v1beta1/types/asset.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import struct_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1beta1/types/finding.py b/google/cloud/securitycenter_v1beta1/types/finding.py index e825c3a4..435ef0e7 100644 --- a/google/cloud/securitycenter_v1beta1/types/finding.py +++ b/google/cloud/securitycenter_v1beta1/types/finding.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import struct_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1beta1/types/organization_settings.py b/google/cloud/securitycenter_v1beta1/types/organization_settings.py index 819dc9be..cdd33156 100644 --- a/google/cloud/securitycenter_v1beta1/types/organization_settings.py +++ b/google/cloud/securitycenter_v1beta1/types/organization_settings.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py index 9ca334ed..024166ab 100644 --- a/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py +++ b/google/cloud/securitycenter_v1beta1/types/run_asset_discovery_response.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import duration_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1beta1/types/security_marks.py b/google/cloud/securitycenter_v1beta1/types/security_marks.py index de3f34a8..ec67f522 100644 --- a/google/cloud/securitycenter_v1beta1/types/security_marks.py +++ b/google/cloud/securitycenter_v1beta1/types/security_marks.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py b/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py index 80d940f3..ac4d9d8b 100644 --- a/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py +++ b/google/cloud/securitycenter_v1beta1/types/securitycenter_service.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import duration_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1beta1/types/source.py b/google/cloud/securitycenter_v1beta1/types/source.py index 587546e3..8216d809 100644 --- a/google/cloud/securitycenter_v1beta1/types/source.py +++ b/google/cloud/securitycenter_v1beta1/types/source.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/__init__.py b/google/cloud/securitycenter_v1p1beta1/__init__.py index 64c20f57..7f69cd01 100644 --- a/google/cloud/securitycenter_v1p1beta1/__init__.py +++ b/google/cloud/securitycenter_v1p1beta1/__init__.py @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -from google.cloud.securitycenter import gapic_version as package_version +from google.cloud.securitycenter_v1p1beta1 import gapic_version as package_version __version__ = package_version.__version__ diff --git a/google/cloud/securitycenter_v1p1beta1/gapic_metadata.json b/google/cloud/securitycenter_v1p1beta1/gapic_metadata.json index 734457b5..892a85e5 100644 --- a/google/cloud/securitycenter_v1p1beta1/gapic_metadata.json +++ b/google/cloud/securitycenter_v1p1beta1/gapic_metadata.json @@ -246,6 +246,126 @@ ] } } + }, + "rest": { + "libraryClient": "SecurityCenterClient", + "rpcs": { + "CreateFinding": { + "methods": [ + "create_finding" + ] + }, + "CreateNotificationConfig": { + "methods": [ + "create_notification_config" + ] + }, + "CreateSource": { + "methods": [ + "create_source" + ] + }, + "DeleteNotificationConfig": { + "methods": [ + "delete_notification_config" + ] + }, + "GetIamPolicy": { + "methods": [ + "get_iam_policy" + ] + }, + "GetNotificationConfig": { + "methods": [ + "get_notification_config" + ] + }, + "GetOrganizationSettings": { + "methods": [ + "get_organization_settings" + ] + }, + "GetSource": { + "methods": [ + "get_source" + ] + }, + "GroupAssets": { + "methods": [ + "group_assets" + ] + }, + "GroupFindings": { + "methods": [ + "group_findings" + ] + }, + "ListAssets": { + "methods": [ + "list_assets" + ] + }, + "ListFindings": { + "methods": [ + "list_findings" + ] + }, + "ListNotificationConfigs": { + "methods": [ + "list_notification_configs" + ] + }, + "ListSources": { + "methods": [ + "list_sources" + ] + }, + "RunAssetDiscovery": { + "methods": [ + "run_asset_discovery" + ] + }, + "SetFindingState": { + "methods": [ + "set_finding_state" + ] + }, + "SetIamPolicy": { + "methods": [ + "set_iam_policy" + ] + }, + "TestIamPermissions": { + "methods": [ + "test_iam_permissions" + ] + }, + "UpdateFinding": { + "methods": [ + "update_finding" + ] + }, + "UpdateNotificationConfig": { + "methods": [ + "update_notification_config" + ] + }, + "UpdateOrganizationSettings": { + "methods": [ + "update_organization_settings" + ] + }, + "UpdateSecurityMarks": { + "methods": [ + "update_security_marks" + ] + }, + "UpdateSource": { + "methods": [ + "update_source" + ] + } + } } } } diff --git a/google/cloud/securitycenter_v1p1beta1/gapic_version.py b/google/cloud/securitycenter_v1p1beta1/gapic_version.py index 83612d7b..86f8ab82 100644 --- a/google/cloud/securitycenter_v1p1beta1/gapic_version.py +++ b/google/cloud/securitycenter_v1p1beta1/gapic_version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -__version__ = "1.18.2" # {x-release-please-version} +__version__ = "1.19.0" # {x-release-please-version} diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py index df75ac89..e03c0826 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py @@ -77,6 +77,7 @@ from .transports.base import DEFAULT_CLIENT_INFO, SecurityCenterTransport from .transports.grpc import SecurityCenterGrpcTransport from .transports.grpc_asyncio import SecurityCenterGrpcAsyncIOTransport +from .transports.rest import SecurityCenterRestTransport class SecurityCenterClientMeta(type): @@ -92,6 +93,7 @@ class SecurityCenterClientMeta(type): ) # type: Dict[str, Type[SecurityCenterTransport]] _transport_registry["grpc"] = SecurityCenterGrpcTransport _transport_registry["grpc_asyncio"] = SecurityCenterGrpcAsyncIOTransport + _transport_registry["rest"] = SecurityCenterRestTransport def get_transport_class( cls, diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/__init__.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/__init__.py index 31383441..2b0f299f 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/__init__.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/__init__.py @@ -19,14 +19,18 @@ from .base import SecurityCenterTransport from .grpc import SecurityCenterGrpcTransport from .grpc_asyncio import SecurityCenterGrpcAsyncIOTransport +from .rest import SecurityCenterRestInterceptor, SecurityCenterRestTransport # Compile a registry of transports. _transport_registry = OrderedDict() # type: Dict[str, Type[SecurityCenterTransport]] _transport_registry["grpc"] = SecurityCenterGrpcTransport _transport_registry["grpc_asyncio"] = SecurityCenterGrpcAsyncIOTransport +_transport_registry["rest"] = SecurityCenterRestTransport __all__ = ( "SecurityCenterTransport", "SecurityCenterGrpcTransport", "SecurityCenterGrpcAsyncIOTransport", + "SecurityCenterRestTransport", + "SecurityCenterRestInterceptor", ) diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/rest.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/rest.py new file mode 100644 index 00000000..80c8712b --- /dev/null +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/rest.py @@ -0,0 +1,3691 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import dataclasses +import json # type: ignore +import re +from typing import Any, Callable, Dict, List, Optional, Sequence, Tuple, Union +import warnings + +from google.api_core import ( + gapic_v1, + operations_v1, + path_template, + rest_helpers, + rest_streaming, +) +from google.api_core import exceptions as core_exceptions +from google.api_core import retry as retries +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.transport.requests import AuthorizedSession # type: ignore +from google.protobuf import json_format +import grpc # type: ignore +from requests import __version__ as requests_version + +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object] # type: ignore + + +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from google.longrunning import operations_pb2 # type: ignore +from google.protobuf import empty_pb2 # type: ignore + +from google.cloud.securitycenter_v1p1beta1.types import ( + notification_config as gcs_notification_config, +) +from google.cloud.securitycenter_v1p1beta1.types import ( + organization_settings as gcs_organization_settings, +) +from google.cloud.securitycenter_v1p1beta1.types import ( + security_marks as gcs_security_marks, +) +from google.cloud.securitycenter_v1p1beta1.types import finding +from google.cloud.securitycenter_v1p1beta1.types import finding as gcs_finding +from google.cloud.securitycenter_v1p1beta1.types import notification_config +from google.cloud.securitycenter_v1p1beta1.types import organization_settings +from google.cloud.securitycenter_v1p1beta1.types import securitycenter_service +from google.cloud.securitycenter_v1p1beta1.types import source +from google.cloud.securitycenter_v1p1beta1.types import source as gcs_source + +from .base import DEFAULT_CLIENT_INFO as BASE_DEFAULT_CLIENT_INFO +from .base import SecurityCenterTransport + +DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=BASE_DEFAULT_CLIENT_INFO.gapic_version, + grpc_version=None, + rest_version=requests_version, +) + + +class SecurityCenterRestInterceptor: + """Interceptor for SecurityCenter. + + Interceptors are used to manipulate requests, request metadata, and responses + in arbitrary ways. + Example use cases include: + * Logging + * Verifying requests according to service or custom semantics + * Stripping extraneous information from responses + + These use cases and more can be enabled by injecting an + instance of a custom subclass when constructing the SecurityCenterRestTransport. + + .. code-block:: python + class MyCustomSecurityCenterInterceptor(SecurityCenterRestInterceptor): + def pre_create_finding(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_finding(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_notification_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_notification_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_source(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_delete_notification_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def pre_get_iam_policy(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_iam_policy(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_notification_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_notification_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_organization_settings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_organization_settings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_source(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_group_assets(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_group_assets(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_group_findings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_group_findings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_assets(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_assets(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_findings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_findings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_notification_configs(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_notification_configs(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_sources(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_sources(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_run_asset_discovery(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_run_asset_discovery(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_set_finding_state(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_set_finding_state(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_set_iam_policy(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_set_iam_policy(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_test_iam_permissions(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_test_iam_permissions(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_finding(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_finding(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_notification_config(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_notification_config(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_organization_settings(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_organization_settings(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_security_marks(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_security_marks(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_source(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_source(self, response): + logging.log(f"Received response: {response}") + return response + + transport = SecurityCenterRestTransport(interceptor=MyCustomSecurityCenterInterceptor()) + client = SecurityCenterClient(transport=transport) + + + """ + + def pre_create_finding( + self, + request: securitycenter_service.CreateFindingRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.CreateFindingRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for create_finding + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_finding(self, response: gcs_finding.Finding) -> gcs_finding.Finding: + """Post-rpc interceptor for create_finding + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_create_notification_config( + self, + request: securitycenter_service.CreateNotificationConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.CreateNotificationConfigRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for create_notification_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_notification_config( + self, response: gcs_notification_config.NotificationConfig + ) -> gcs_notification_config.NotificationConfig: + """Post-rpc interceptor for create_notification_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_create_source( + self, + request: securitycenter_service.CreateSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.CreateSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for create_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_create_source(self, response: gcs_source.Source) -> gcs_source.Source: + """Post-rpc interceptor for create_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_delete_notification_config( + self, + request: securitycenter_service.DeleteNotificationConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.DeleteNotificationConfigRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for delete_notification_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def pre_get_iam_policy( + self, + request: iam_policy_pb2.GetIamPolicyRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.GetIamPolicyRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for get_iam_policy + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_iam_policy(self, response: policy_pb2.Policy) -> policy_pb2.Policy: + """Post-rpc interceptor for get_iam_policy + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_notification_config( + self, + request: securitycenter_service.GetNotificationConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.GetNotificationConfigRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for get_notification_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_notification_config( + self, response: notification_config.NotificationConfig + ) -> notification_config.NotificationConfig: + """Post-rpc interceptor for get_notification_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_organization_settings( + self, + request: securitycenter_service.GetOrganizationSettingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.GetOrganizationSettingsRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for get_organization_settings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_organization_settings( + self, response: organization_settings.OrganizationSettings + ) -> organization_settings.OrganizationSettings: + """Post-rpc interceptor for get_organization_settings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_get_source( + self, + request: securitycenter_service.GetSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GetSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for get_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_get_source(self, response: source.Source) -> source.Source: + """Post-rpc interceptor for get_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_group_assets( + self, + request: securitycenter_service.GroupAssetsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GroupAssetsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for group_assets + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_group_assets( + self, response: securitycenter_service.GroupAssetsResponse + ) -> securitycenter_service.GroupAssetsResponse: + """Post-rpc interceptor for group_assets + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_group_findings( + self, + request: securitycenter_service.GroupFindingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.GroupFindingsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for group_findings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_group_findings( + self, response: securitycenter_service.GroupFindingsResponse + ) -> securitycenter_service.GroupFindingsResponse: + """Post-rpc interceptor for group_findings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_assets( + self, + request: securitycenter_service.ListAssetsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListAssetsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_assets + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_assets( + self, response: securitycenter_service.ListAssetsResponse + ) -> securitycenter_service.ListAssetsResponse: + """Post-rpc interceptor for list_assets + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_findings( + self, + request: securitycenter_service.ListFindingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListFindingsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_findings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_findings( + self, response: securitycenter_service.ListFindingsResponse + ) -> securitycenter_service.ListFindingsResponse: + """Post-rpc interceptor for list_findings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_notification_configs( + self, + request: securitycenter_service.ListNotificationConfigsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.ListNotificationConfigsRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for list_notification_configs + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_notification_configs( + self, response: securitycenter_service.ListNotificationConfigsResponse + ) -> securitycenter_service.ListNotificationConfigsResponse: + """Post-rpc interceptor for list_notification_configs + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_list_sources( + self, + request: securitycenter_service.ListSourcesRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.ListSourcesRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for list_sources + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_list_sources( + self, response: securitycenter_service.ListSourcesResponse + ) -> securitycenter_service.ListSourcesResponse: + """Post-rpc interceptor for list_sources + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_run_asset_discovery( + self, + request: securitycenter_service.RunAssetDiscoveryRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.RunAssetDiscoveryRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for run_asset_discovery + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_run_asset_discovery( + self, response: operations_pb2.Operation + ) -> operations_pb2.Operation: + """Post-rpc interceptor for run_asset_discovery + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_set_finding_state( + self, + request: securitycenter_service.SetFindingStateRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.SetFindingStateRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for set_finding_state + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_set_finding_state(self, response: finding.Finding) -> finding.Finding: + """Post-rpc interceptor for set_finding_state + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_set_iam_policy( + self, + request: iam_policy_pb2.SetIamPolicyRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.SetIamPolicyRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for set_iam_policy + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_set_iam_policy(self, response: policy_pb2.Policy) -> policy_pb2.Policy: + """Post-rpc interceptor for set_iam_policy + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_test_iam_permissions( + self, + request: iam_policy_pb2.TestIamPermissionsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[iam_policy_pb2.TestIamPermissionsRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for test_iam_permissions + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_test_iam_permissions( + self, response: iam_policy_pb2.TestIamPermissionsResponse + ) -> iam_policy_pb2.TestIamPermissionsResponse: + """Post-rpc interceptor for test_iam_permissions + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_finding( + self, + request: securitycenter_service.UpdateFindingRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.UpdateFindingRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for update_finding + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_finding(self, response: gcs_finding.Finding) -> gcs_finding.Finding: + """Post-rpc interceptor for update_finding + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_notification_config( + self, + request: securitycenter_service.UpdateNotificationConfigRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateNotificationConfigRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for update_notification_config + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_notification_config( + self, response: gcs_notification_config.NotificationConfig + ) -> gcs_notification_config.NotificationConfig: + """Post-rpc interceptor for update_notification_config + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_organization_settings( + self, + request: securitycenter_service.UpdateOrganizationSettingsRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateOrganizationSettingsRequest, + Sequence[Tuple[str, str]], + ]: + """Pre-rpc interceptor for update_organization_settings + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_organization_settings( + self, response: gcs_organization_settings.OrganizationSettings + ) -> gcs_organization_settings.OrganizationSettings: + """Post-rpc interceptor for update_organization_settings + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_security_marks( + self, + request: securitycenter_service.UpdateSecurityMarksRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[ + securitycenter_service.UpdateSecurityMarksRequest, Sequence[Tuple[str, str]] + ]: + """Pre-rpc interceptor for update_security_marks + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_security_marks( + self, response: gcs_security_marks.SecurityMarks + ) -> gcs_security_marks.SecurityMarks: + """Post-rpc interceptor for update_security_marks + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + def pre_update_source( + self, + request: securitycenter_service.UpdateSourceRequest, + metadata: Sequence[Tuple[str, str]], + ) -> Tuple[securitycenter_service.UpdateSourceRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for update_source + + Override in a subclass to manipulate the request or metadata + before they are sent to the SecurityCenter server. + """ + return request, metadata + + def post_update_source(self, response: gcs_source.Source) -> gcs_source.Source: + """Post-rpc interceptor for update_source + + Override in a subclass to manipulate the response + after it is returned by the SecurityCenter server but before + it is returned to user code. + """ + return response + + +@dataclasses.dataclass +class SecurityCenterRestStub: + _session: AuthorizedSession + _host: str + _interceptor: SecurityCenterRestInterceptor + + +class SecurityCenterRestTransport(SecurityCenterTransport): + """REST backend transport for SecurityCenter. + + V1p1Beta1 APIs for Security Center service. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends JSON representations of protocol buffers over HTTP/1.1 + + """ + + def __init__( + self, + *, + host: str = "securitycenter.googleapis.com", + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + url_scheme: str = "https", + interceptor: Optional[SecurityCenterRestInterceptor] = None, + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + client_cert_source_for_mtls (Callable[[], Tuple[bytes, bytes]]): Client + certificate to configure mutual TLS HTTP channel. It is ignored + if ``channel`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you are developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + url_scheme: the protocol scheme for the API endpoint. Normally + "https", but for testing or local servers, + "http" can be specified. + """ + # Run the base constructor + # TODO(yon-mg): resolve other ctor params i.e. scopes, quota, etc. + # TODO: When custom host (api_endpoint) is set, `scopes` must *also* be set on the + # credentials object + maybe_url_match = re.match("^(?Phttp(?:s)?://)?(?P.*)$", host) + if maybe_url_match is None: + raise ValueError( + f"Unexpected hostname structure: {host}" + ) # pragma: NO COVER + + url_match_items = maybe_url_match.groupdict() + + host = f"{url_scheme}://{host}" if not url_match_items["scheme"] else host + + super().__init__( + host=host, + credentials=credentials, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, + ) + self._session = AuthorizedSession( + self._credentials, default_host=self.DEFAULT_HOST + ) + self._operations_client: Optional[operations_v1.AbstractOperationsClient] = None + if client_cert_source_for_mtls: + self._session.configure_mtls_channel(client_cert_source_for_mtls) + self._interceptor = interceptor or SecurityCenterRestInterceptor() + self._prep_wrapped_messages(client_info) + + @property + def operations_client(self) -> operations_v1.AbstractOperationsClient: + """Create the client designed to process long-running operations. + + This property caches on the instance; repeated calls return the same + client. + """ + # Only create a new client if we do not already have one. + if self._operations_client is None: + http_options: Dict[str, List[Dict[str, str]]] = { + "google.longrunning.Operations.CancelOperation": [ + { + "method": "post", + "uri": "/v1p1beta1/{name=organizations/*/operations/*}:cancel", + "body": "*", + }, + ], + "google.longrunning.Operations.DeleteOperation": [ + { + "method": "delete", + "uri": "/v1p1beta1/{name=organizations/*/operations/*}", + }, + ], + "google.longrunning.Operations.GetOperation": [ + { + "method": "get", + "uri": "/v1p1beta1/{name=organizations/*/operations/*}", + }, + ], + "google.longrunning.Operations.ListOperations": [ + { + "method": "get", + "uri": "/v1p1beta1/{name=organizations/*/operations}", + }, + ], + } + + rest_transport = operations_v1.OperationsRestTransport( + host=self._host, + # use the credentials which are saved + credentials=self._credentials, + scopes=self._scopes, + http_options=http_options, + path_prefix="v1p1beta1", + ) + + self._operations_client = operations_v1.AbstractOperationsClient( + transport=rest_transport + ) + + # Return the client from cache. + return self._operations_client + + class _CreateFinding(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateFinding") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "findingId": "", + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateFindingRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_finding.Finding: + r"""Call the create finding method over HTTP. + + Args: + request (~.securitycenter_service.CreateFindingRequest): + The request object. Request message for creating a + finding. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + (security, risk, health or privacy) + ingested into Security Command Center + for presentation, notification, + analysis, policy testing, and + enforcement. For example, an XSS + vulnerability in an App Engine + application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{parent=organizations/*/sources/*}/findings", + "body": "finding", + }, + ] + request, metadata = self._interceptor.pre_create_finding(request, metadata) + pb_request = securitycenter_service.CreateFindingRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_finding.Finding() + pb_resp = gcs_finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_finding(resp) + return resp + + class _CreateNotificationConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateNotificationConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "configId": "", + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateNotificationConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_notification_config.NotificationConfig: + r"""Call the create notification + config method over HTTP. + + Args: + request (~.securitycenter_service.CreateNotificationConfigRequest): + The request object. Request message for creating a + notification config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_notification_config.NotificationConfig: + Security Command Center notification + configs. + A notification config is a Security + Command Center resource that contains + the configuration to send notifications + for create/update events of findings, + assets and etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{parent=organizations/*}/notificationConfigs", + "body": "notification_config", + }, + ] + request, metadata = self._interceptor.pre_create_notification_config( + request, metadata + ) + pb_request = securitycenter_service.CreateNotificationConfigRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_notification_config.NotificationConfig() + pb_resp = gcs_notification_config.NotificationConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_notification_config(resp) + return resp + + class _CreateSource(SecurityCenterRestStub): + def __hash__(self): + return hash("CreateSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.CreateSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_source.Source: + r"""Call the create source method over HTTP. + + Args: + request (~.securitycenter_service.CreateSourceRequest): + The request object. Request message for creating a + source. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{parent=organizations/*}/sources", + "body": "source", + }, + ] + request, metadata = self._interceptor.pre_create_source(request, metadata) + pb_request = securitycenter_service.CreateSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_source.Source() + pb_resp = gcs_source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_create_source(resp) + return resp + + class _DeleteNotificationConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("DeleteNotificationConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.DeleteNotificationConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ): + r"""Call the delete notification + config method over HTTP. + + Args: + request (~.securitycenter_service.DeleteNotificationConfigRequest): + The request object. Request message for deleting a + notification config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "delete", + "uri": "/v1p1beta1/{name=organizations/*/notificationConfigs/*}", + }, + ] + request, metadata = self._interceptor.pre_delete_notification_config( + request, metadata + ) + pb_request = securitycenter_service.DeleteNotificationConfigRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + class _GetIamPolicy(SecurityCenterRestStub): + def __hash__(self): + return hash("GetIamPolicy") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.GetIamPolicyRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Call the get iam policy method over HTTP. + + Args: + request (~.iam_policy_pb2.GetIamPolicyRequest): + The request object. Request message for ``GetIamPolicy`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.policy_pb2.Policy: + An Identity and Access Management (IAM) policy, which + specifies access controls for Google Cloud resources. + + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members``, or + principals, to a single ``role``. Principals can be user + accounts, service accounts, Google groups, and domains + (such as G Suite). A ``role`` is a named list of + permissions; each ``role`` can be an IAM predefined role + or a user-created custom role. + + For some types of Google Cloud resources, a ``binding`` + can also specify a ``condition``, which is a logical + expression that allows access to a resource only if the + expression evaluates to ``true``. A condition can add + constraints based on attributes of the request, the + resource, or both. To learn which resources support + conditions in their IAM policies, see the `IAM + documentation `__. + + **JSON example:** + + :: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": [ + "user:eve@example.com" + ], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", + } + } + ], + "etag": "BwWWja0YfJA=", + "version": 3 + } + + **YAML example:** + + :: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + etag: BwWWja0YfJA= + version: 3 + + For a description of IAM and its features, see the `IAM + documentation `__. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{resource=organizations/*/sources/*}:getIamPolicy", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_get_iam_policy(request, metadata) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = policy_pb2.Policy() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_iam_policy(resp) + return resp + + class _GetNotificationConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("GetNotificationConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetNotificationConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> notification_config.NotificationConfig: + r"""Call the get notification config method over HTTP. + + Args: + request (~.securitycenter_service.GetNotificationConfigRequest): + The request object. Request message for getting a + notification config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.notification_config.NotificationConfig: + Security Command Center notification + configs. + A notification config is a Security + Command Center resource that contains + the configuration to send notifications + for create/update events of findings, + assets and etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1p1beta1/{name=organizations/*/notificationConfigs/*}", + }, + ] + request, metadata = self._interceptor.pre_get_notification_config( + request, metadata + ) + pb_request = securitycenter_service.GetNotificationConfigRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = notification_config.NotificationConfig() + pb_resp = notification_config.NotificationConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_notification_config(resp) + return resp + + class _GetOrganizationSettings(SecurityCenterRestStub): + def __hash__(self): + return hash("GetOrganizationSettings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetOrganizationSettingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> organization_settings.OrganizationSettings: + r"""Call the get organization settings method over HTTP. + + Args: + request (~.securitycenter_service.GetOrganizationSettingsRequest): + The request object. Request message for getting + organization settings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.organization_settings.OrganizationSettings: + User specified settings that are + attached to the Security Command Center + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1p1beta1/{name=organizations/*/organizationSettings}", + }, + ] + request, metadata = self._interceptor.pre_get_organization_settings( + request, metadata + ) + pb_request = securitycenter_service.GetOrganizationSettingsRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = organization_settings.OrganizationSettings() + pb_resp = organization_settings.OrganizationSettings.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_organization_settings(resp) + return resp + + class _GetSource(SecurityCenterRestStub): + def __hash__(self): + return hash("GetSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GetSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> source.Source: + r"""Call the get source method over HTTP. + + Args: + request (~.securitycenter_service.GetSourceRequest): + The request object. Request message for getting a source. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1p1beta1/{name=organizations/*/sources/*}", + }, + ] + request, metadata = self._interceptor.pre_get_source(request, metadata) + pb_request = securitycenter_service.GetSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = source.Source() + pb_resp = source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_get_source(resp) + return resp + + class _GroupAssets(SecurityCenterRestStub): + def __hash__(self): + return hash("GroupAssets") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GroupAssetsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.GroupAssetsResponse: + r"""Call the group assets method over HTTP. + + Args: + request (~.securitycenter_service.GroupAssetsRequest): + The request object. Request message for grouping by + assets. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.GroupAssetsResponse: + Response message for grouping by + assets. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{parent=organizations/*}/assets:group", + "body": "*", + }, + { + "method": "post", + "uri": "/v1p1beta1/{parent=folders/*}/assets:group", + "body": "*", + }, + { + "method": "post", + "uri": "/v1p1beta1/{parent=projects/*}/assets:group", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_group_assets(request, metadata) + pb_request = securitycenter_service.GroupAssetsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.GroupAssetsResponse() + pb_resp = securitycenter_service.GroupAssetsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_group_assets(resp) + return resp + + class _GroupFindings(SecurityCenterRestStub): + def __hash__(self): + return hash("GroupFindings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.GroupFindingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.GroupFindingsResponse: + r"""Call the group findings method over HTTP. + + Args: + request (~.securitycenter_service.GroupFindingsRequest): + The request object. Request message for grouping by + findings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.GroupFindingsResponse: + Response message for group by + findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{parent=organizations/*/sources/*}/findings:group", + "body": "*", + }, + { + "method": "post", + "uri": "/v1p1beta1/{parent=folders/*/sources/*}/findings:group", + "body": "*", + }, + { + "method": "post", + "uri": "/v1p1beta1/{parent=projects/*/sources/*}/findings:group", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_group_findings(request, metadata) + pb_request = securitycenter_service.GroupFindingsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.GroupFindingsResponse() + pb_resp = securitycenter_service.GroupFindingsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_group_findings(resp) + return resp + + class _ListAssets(SecurityCenterRestStub): + def __hash__(self): + return hash("ListAssets") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListAssetsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListAssetsResponse: + r"""Call the list assets method over HTTP. + + Args: + request (~.securitycenter_service.ListAssetsRequest): + The request object. Request message for listing assets. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListAssetsResponse: + Response message for listing assets. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1p1beta1/{parent=organizations/*}/assets", + }, + { + "method": "get", + "uri": "/v1p1beta1/{parent=folders/*}/assets", + }, + { + "method": "get", + "uri": "/v1p1beta1/{parent=projects/*}/assets", + }, + ] + request, metadata = self._interceptor.pre_list_assets(request, metadata) + pb_request = securitycenter_service.ListAssetsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListAssetsResponse() + pb_resp = securitycenter_service.ListAssetsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_assets(resp) + return resp + + class _ListFindings(SecurityCenterRestStub): + def __hash__(self): + return hash("ListFindings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListFindingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListFindingsResponse: + r"""Call the list findings method over HTTP. + + Args: + request (~.securitycenter_service.ListFindingsRequest): + The request object. Request message for listing findings. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListFindingsResponse: + Response message for listing + findings. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1p1beta1/{parent=organizations/*/sources/*}/findings", + }, + { + "method": "get", + "uri": "/v1p1beta1/{parent=folders/*/sources/*}/findings", + }, + { + "method": "get", + "uri": "/v1p1beta1/{parent=projects/*/sources/*}/findings", + }, + ] + request, metadata = self._interceptor.pre_list_findings(request, metadata) + pb_request = securitycenter_service.ListFindingsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListFindingsResponse() + pb_resp = securitycenter_service.ListFindingsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_findings(resp) + return resp + + class _ListNotificationConfigs(SecurityCenterRestStub): + def __hash__(self): + return hash("ListNotificationConfigs") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListNotificationConfigsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListNotificationConfigsResponse: + r"""Call the list notification configs method over HTTP. + + Args: + request (~.securitycenter_service.ListNotificationConfigsRequest): + The request object. Request message for listing + notification configs. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListNotificationConfigsResponse: + Response message for listing + notification configs. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1p1beta1/{parent=organizations/*}/notificationConfigs", + }, + ] + request, metadata = self._interceptor.pre_list_notification_configs( + request, metadata + ) + pb_request = securitycenter_service.ListNotificationConfigsRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListNotificationConfigsResponse() + pb_resp = securitycenter_service.ListNotificationConfigsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_notification_configs(resp) + return resp + + class _ListSources(SecurityCenterRestStub): + def __hash__(self): + return hash("ListSources") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.ListSourcesRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> securitycenter_service.ListSourcesResponse: + r"""Call the list sources method over HTTP. + + Args: + request (~.securitycenter_service.ListSourcesRequest): + The request object. Request message for listing sources. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.securitycenter_service.ListSourcesResponse: + Response message for listing sources. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "get", + "uri": "/v1p1beta1/{parent=organizations/*}/sources", + }, + { + "method": "get", + "uri": "/v1p1beta1/{parent=folders/*}/sources", + }, + { + "method": "get", + "uri": "/v1p1beta1/{parent=projects/*}/sources", + }, + ] + request, metadata = self._interceptor.pre_list_sources(request, metadata) + pb_request = securitycenter_service.ListSourcesRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = securitycenter_service.ListSourcesResponse() + pb_resp = securitycenter_service.ListSourcesResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_list_sources(resp) + return resp + + class _RunAssetDiscovery(SecurityCenterRestStub): + def __hash__(self): + return hash("RunAssetDiscovery") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.RunAssetDiscoveryRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> operations_pb2.Operation: + r"""Call the run asset discovery method over HTTP. + + Args: + request (~.securitycenter_service.RunAssetDiscoveryRequest): + The request object. Request message for running asset + discovery for an organization. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.operations_pb2.Operation: + This resource represents a + long-running operation that is the + result of a network API call. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{parent=organizations/*}/assets:runDiscovery", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_run_asset_discovery( + request, metadata + ) + pb_request = securitycenter_service.RunAssetDiscoveryRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = operations_pb2.Operation() + json_format.Parse(response.content, resp, ignore_unknown_fields=True) + resp = self._interceptor.post_run_asset_discovery(resp) + return resp + + class _SetFindingState(SecurityCenterRestStub): + def __hash__(self): + return hash("SetFindingState") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.SetFindingStateRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> finding.Finding: + r"""Call the set finding state method over HTTP. + + Args: + request (~.securitycenter_service.SetFindingStateRequest): + The request object. Request message for updating a + finding's state. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + (security, risk, health or privacy) + ingested into Security Command Center + for presentation, notification, + analysis, policy testing, and + enforcement. For example, an XSS + vulnerability in an App Engine + application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{name=organizations/*/sources/*/findings/*}:setState", + "body": "*", + }, + { + "method": "post", + "uri": "/v1p1beta1/{name=folders/*/sources/*/findings/*}:setState", + "body": "*", + }, + { + "method": "post", + "uri": "/v1p1beta1/{name=projects/*/sources/*/findings/*}:setState", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_set_finding_state( + request, metadata + ) + pb_request = securitycenter_service.SetFindingStateRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = finding.Finding() + pb_resp = finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_set_finding_state(resp) + return resp + + class _SetIamPolicy(SecurityCenterRestStub): + def __hash__(self): + return hash("SetIamPolicy") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.SetIamPolicyRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Call the set iam policy method over HTTP. + + Args: + request (~.iam_policy_pb2.SetIamPolicyRequest): + The request object. Request message for ``SetIamPolicy`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.policy_pb2.Policy: + An Identity and Access Management (IAM) policy, which + specifies access controls for Google Cloud resources. + + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members``, or + principals, to a single ``role``. Principals can be user + accounts, service accounts, Google groups, and domains + (such as G Suite). A ``role`` is a named list of + permissions; each ``role`` can be an IAM predefined role + or a user-created custom role. + + For some types of Google Cloud resources, a ``binding`` + can also specify a ``condition``, which is a logical + expression that allows access to a resource only if the + expression evaluates to ``true``. A condition can add + constraints based on attributes of the request, the + resource, or both. To learn which resources support + conditions in their IAM policies, see the `IAM + documentation `__. + + **JSON example:** + + :: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": [ + "user:eve@example.com" + ], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", + } + } + ], + "etag": "BwWWja0YfJA=", + "version": 3 + } + + **YAML example:** + + :: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + etag: BwWWja0YfJA= + version: 3 + + For a description of IAM and its features, see the `IAM + documentation `__. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{resource=organizations/*/sources/*}:setIamPolicy", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_set_iam_policy(request, metadata) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = policy_pb2.Policy() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_set_iam_policy(resp) + return resp + + class _TestIamPermissions(SecurityCenterRestStub): + def __hash__(self): + return hash("TestIamPermissions") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: iam_policy_pb2.TestIamPermissionsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> iam_policy_pb2.TestIamPermissionsResponse: + r"""Call the test iam permissions method over HTTP. + + Args: + request (~.iam_policy_pb2.TestIamPermissionsRequest): + The request object. Request message for ``TestIamPermissions`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.iam_policy_pb2.TestIamPermissionsResponse: + Response message for ``TestIamPermissions`` method. + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1p1beta1/{resource=organizations/*/sources/*}:testIamPermissions", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_test_iam_permissions( + request, metadata + ) + pb_request = request + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = iam_policy_pb2.TestIamPermissionsResponse() + pb_resp = resp + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_test_iam_permissions(resp) + return resp + + class _UpdateFinding(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateFinding") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateFindingRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_finding.Finding: + r"""Call the update finding method over HTTP. + + Args: + request (~.securitycenter_service.UpdateFindingRequest): + The request object. Request message for updating or + creating a finding. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_finding.Finding: + Security Command Center finding. + A finding is a record of assessment data + (security, risk, health or privacy) + ingested into Security Command Center + for presentation, notification, + analysis, policy testing, and + enforcement. For example, an XSS + vulnerability in an App Engine + application is a finding. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1p1beta1/{finding.name=organizations/*/sources/*/findings/*}", + "body": "finding", + }, + { + "method": "patch", + "uri": "/v1p1beta1/{finding.name=folders/*/sources/*/findings/*}", + "body": "finding", + }, + { + "method": "patch", + "uri": "/v1p1beta1/{finding.name=projects/*/sources/*/findings/*}", + "body": "finding", + }, + ] + request, metadata = self._interceptor.pre_update_finding(request, metadata) + pb_request = securitycenter_service.UpdateFindingRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_finding.Finding() + pb_resp = gcs_finding.Finding.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_finding(resp) + return resp + + class _UpdateNotificationConfig(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateNotificationConfig") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateNotificationConfigRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_notification_config.NotificationConfig: + r"""Call the update notification + config method over HTTP. + + Args: + request (~.securitycenter_service.UpdateNotificationConfigRequest): + The request object. Request message for updating a + notification config. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_notification_config.NotificationConfig: + Security Command Center notification + configs. + A notification config is a Security + Command Center resource that contains + the configuration to send notifications + for create/update events of findings, + assets and etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1p1beta1/{notification_config.name=organizations/*/notificationConfigs/*}", + "body": "notification_config", + }, + ] + request, metadata = self._interceptor.pre_update_notification_config( + request, metadata + ) + pb_request = securitycenter_service.UpdateNotificationConfigRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_notification_config.NotificationConfig() + pb_resp = gcs_notification_config.NotificationConfig.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_notification_config(resp) + return resp + + class _UpdateOrganizationSettings(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateOrganizationSettings") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateOrganizationSettingsRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_organization_settings.OrganizationSettings: + r"""Call the update organization + settings method over HTTP. + + Args: + request (~.securitycenter_service.UpdateOrganizationSettingsRequest): + The request object. Request message for updating an + organization's settings. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_organization_settings.OrganizationSettings: + User specified settings that are + attached to the Security Command Center + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1p1beta1/{organization_settings.name=organizations/*/organizationSettings}", + "body": "organization_settings", + }, + ] + request, metadata = self._interceptor.pre_update_organization_settings( + request, metadata + ) + pb_request = securitycenter_service.UpdateOrganizationSettingsRequest.pb( + request + ) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_organization_settings.OrganizationSettings() + pb_resp = gcs_organization_settings.OrganizationSettings.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_organization_settings(resp) + return resp + + class _UpdateSecurityMarks(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateSecurityMarks") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateSecurityMarksRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_security_marks.SecurityMarks: + r"""Call the update security marks method over HTTP. + + Args: + request (~.securitycenter_service.UpdateSecurityMarksRequest): + The request object. Request message for updating a + SecurityMarks resource. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_security_marks.SecurityMarks: + User specified security marks that + are attached to the parent Security + Command Center resource. Security marks + are scoped within a Security Command + Center organization -- they can be + modified and viewed by all users who + have proper permissions on the + organization. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1p1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1p1beta1/{security_marks.name=folders/*/assets/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1p1beta1/{security_marks.name=projects/*/assets/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1p1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1p1beta1/{security_marks.name=folders/*/sources/*/findings/*/securityMarks}", + "body": "security_marks", + }, + { + "method": "patch", + "uri": "/v1p1beta1/{security_marks.name=projects/*/sources/*/findings/*/securityMarks}", + "body": "security_marks", + }, + ] + request, metadata = self._interceptor.pre_update_security_marks( + request, metadata + ) + pb_request = securitycenter_service.UpdateSecurityMarksRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_security_marks.SecurityMarks() + pb_resp = gcs_security_marks.SecurityMarks.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_security_marks(resp) + return resp + + class _UpdateSource(SecurityCenterRestStub): + def __hash__(self): + return hash("UpdateSource") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: securitycenter_service.UpdateSourceRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> gcs_source.Source: + r"""Call the update source method over HTTP. + + Args: + request (~.securitycenter_service.UpdateSourceRequest): + The request object. Request message for updating a + source. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.gcs_source.Source: + Security Command Center finding + source. A finding source is an entity or + a mechanism that can produce a finding. + A source is like a container of findings + that come from the same scanner, logger, + monitor, etc. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "patch", + "uri": "/v1p1beta1/{source.name=organizations/*/sources/*}", + "body": "source", + }, + ] + request, metadata = self._interceptor.pre_update_source(request, metadata) + pb_request = securitycenter_service.UpdateSourceRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = gcs_source.Source() + pb_resp = gcs_source.Source.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_update_source(resp) + return resp + + @property + def create_finding( + self, + ) -> Callable[[securitycenter_service.CreateFindingRequest], gcs_finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateFinding(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_notification_config( + self, + ) -> Callable[ + [securitycenter_service.CreateNotificationConfigRequest], + gcs_notification_config.NotificationConfig, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateNotificationConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_source( + self, + ) -> Callable[[securitycenter_service.CreateSourceRequest], gcs_source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def delete_notification_config( + self, + ) -> Callable[ + [securitycenter_service.DeleteNotificationConfigRequest], empty_pb2.Empty + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._DeleteNotificationConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_iam_policy( + self, + ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetIamPolicy(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_notification_config( + self, + ) -> Callable[ + [securitycenter_service.GetNotificationConfigRequest], + notification_config.NotificationConfig, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetNotificationConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_organization_settings( + self, + ) -> Callable[ + [securitycenter_service.GetOrganizationSettingsRequest], + organization_settings.OrganizationSettings, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetOrganizationSettings(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_source( + self, + ) -> Callable[[securitycenter_service.GetSourceRequest], source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def group_assets( + self, + ) -> Callable[ + [securitycenter_service.GroupAssetsRequest], + securitycenter_service.GroupAssetsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GroupAssets(self._session, self._host, self._interceptor) # type: ignore + + @property + def group_findings( + self, + ) -> Callable[ + [securitycenter_service.GroupFindingsRequest], + securitycenter_service.GroupFindingsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GroupFindings(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_assets( + self, + ) -> Callable[ + [securitycenter_service.ListAssetsRequest], + securitycenter_service.ListAssetsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListAssets(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_findings( + self, + ) -> Callable[ + [securitycenter_service.ListFindingsRequest], + securitycenter_service.ListFindingsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListFindings(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_notification_configs( + self, + ) -> Callable[ + [securitycenter_service.ListNotificationConfigsRequest], + securitycenter_service.ListNotificationConfigsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListNotificationConfigs(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_sources( + self, + ) -> Callable[ + [securitycenter_service.ListSourcesRequest], + securitycenter_service.ListSourcesResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListSources(self._session, self._host, self._interceptor) # type: ignore + + @property + def run_asset_discovery( + self, + ) -> Callable[ + [securitycenter_service.RunAssetDiscoveryRequest], operations_pb2.Operation + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._RunAssetDiscovery(self._session, self._host, self._interceptor) # type: ignore + + @property + def set_finding_state( + self, + ) -> Callable[[securitycenter_service.SetFindingStateRequest], finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SetFindingState(self._session, self._host, self._interceptor) # type: ignore + + @property + def set_iam_policy( + self, + ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SetIamPolicy(self._session, self._host, self._interceptor) # type: ignore + + @property + def test_iam_permissions( + self, + ) -> Callable[ + [iam_policy_pb2.TestIamPermissionsRequest], + iam_policy_pb2.TestIamPermissionsResponse, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._TestIamPermissions(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_finding( + self, + ) -> Callable[[securitycenter_service.UpdateFindingRequest], gcs_finding.Finding]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateFinding(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_notification_config( + self, + ) -> Callable[ + [securitycenter_service.UpdateNotificationConfigRequest], + gcs_notification_config.NotificationConfig, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateNotificationConfig(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_organization_settings( + self, + ) -> Callable[ + [securitycenter_service.UpdateOrganizationSettingsRequest], + gcs_organization_settings.OrganizationSettings, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateOrganizationSettings(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_security_marks( + self, + ) -> Callable[ + [securitycenter_service.UpdateSecurityMarksRequest], + gcs_security_marks.SecurityMarks, + ]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateSecurityMarks(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_source( + self, + ) -> Callable[[securitycenter_service.UpdateSourceRequest], gcs_source.Source]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateSource(self._session, self._host, self._interceptor) # type: ignore + + @property + def kind(self) -> str: + return "rest" + + def close(self): + self._session.close() + + +__all__ = ("SecurityCenterRestTransport",) diff --git a/google/cloud/securitycenter_v1p1beta1/types/asset.py b/google/cloud/securitycenter_v1p1beta1/types/asset.py index d28230eb..2c29e9d9 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/asset.py +++ b/google/cloud/securitycenter_v1p1beta1/types/asset.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import struct_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/finding.py b/google/cloud/securitycenter_v1p1beta1/types/finding.py index ae9e5bce..58ef0c0f 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/finding.py +++ b/google/cloud/securitycenter_v1p1beta1/types/finding.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import struct_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/folder.py b/google/cloud/securitycenter_v1p1beta1/types/folder.py index 08e889f5..061d75a1 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/folder.py +++ b/google/cloud/securitycenter_v1p1beta1/types/folder.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/notification_config.py b/google/cloud/securitycenter_v1p1beta1/types/notification_config.py index 7bbe634d..3890f427 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/notification_config.py +++ b/google/cloud/securitycenter_v1p1beta1/types/notification_config.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/notification_message.py b/google/cloud/securitycenter_v1p1beta1/types/notification_message.py index e8b3ba8d..a6187ece 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/notification_message.py +++ b/google/cloud/securitycenter_v1p1beta1/types/notification_message.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py b/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py index 60e19658..86e326d4 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py +++ b/google/cloud/securitycenter_v1p1beta1/types/organization_settings.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/resource.py b/google/cloud/securitycenter_v1p1beta1/types/resource.py index f9740833..26ac49ad 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/resource.py +++ b/google/cloud/securitycenter_v1p1beta1/types/resource.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py b/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py index da212e8f..3e016cf5 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py +++ b/google/cloud/securitycenter_v1p1beta1/types/run_asset_discovery_response.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import duration_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/security_marks.py b/google/cloud/securitycenter_v1p1beta1/types/security_marks.py index 8691afed..10f10674 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/security_marks.py +++ b/google/cloud/securitycenter_v1p1beta1/types/security_marks.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py b/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py index 3f5e2cc2..64b067b6 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py +++ b/google/cloud/securitycenter_v1p1beta1/types/securitycenter_service.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence from google.protobuf import duration_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1p1beta1/types/source.py b/google/cloud/securitycenter_v1p1beta1/types/source.py index 2f0053cd..12aec772 100644 --- a/google/cloud/securitycenter_v1p1beta1/types/source.py +++ b/google/cloud/securitycenter_v1p1beta1/types/source.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +from __future__ import annotations + from typing import MutableMapping, MutableSequence import proto # type: ignore diff --git a/noxfile.py b/noxfile.py index e716318b..95e58c52 100644 --- a/noxfile.py +++ b/noxfile.py @@ -189,9 +189,9 @@ def unit(session): def install_systemtest_dependencies(session, *constraints): # Use pre-release gRPC for system tests. - # Exclude version 1.49.0rc1 which has a known issue. - # See https://github.com/grpc/grpc/pull/30642 - session.install("--pre", "grpcio!=1.49.0rc1") + # Exclude version 1.52.0rc1 which has a known issue. + # See https://github.com/grpc/grpc/issues/32163 + session.install("--pre", "grpcio!=1.52.0rc1") session.install(*SYSTEM_TEST_STANDARD_DEPENDENCIES, *constraints) @@ -346,9 +346,7 @@ def prerelease_deps(session): unit_deps_all = UNIT_TEST_STANDARD_DEPENDENCIES + UNIT_TEST_EXTERNAL_DEPENDENCIES session.install(*unit_deps_all) system_deps_all = ( - SYSTEM_TEST_STANDARD_DEPENDENCIES - + SYSTEM_TEST_EXTERNAL_DEPENDENCIES - + SYSTEM_TEST_EXTRAS + SYSTEM_TEST_STANDARD_DEPENDENCIES + SYSTEM_TEST_EXTERNAL_DEPENDENCIES ) session.install(*system_deps_all) @@ -378,8 +376,8 @@ def prerelease_deps(session): # dependency of grpc "six", "googleapis-common-protos", - # Exclude version 1.49.0rc1 which has a known issue. See https://github.com/grpc/grpc/pull/30642 - "grpcio!=1.49.0rc1", + # Exclude version 1.52.0rc1 which has a known issue. See https://github.com/grpc/grpc/issues/32163 + "grpcio!=1.52.0rc1", "grpcio-status", "google-api-core", "proto-plus", diff --git a/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1.json b/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1.json index 77729919..11b22e91 100644 --- a/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1.json +++ b/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1.json @@ -8,7 +8,7 @@ ], "language": "PYTHON", "name": "google-cloud-securitycenter", - "version": "1.18.2" + "version": "1.19.0" }, "snippets": [ { diff --git a/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1beta1.json b/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1beta1.json index 78b44f52..9f2eed7f 100644 --- a/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1beta1.json +++ b/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1beta1.json @@ -8,7 +8,7 @@ ], "language": "PYTHON", "name": "google-cloud-securitycenter", - "version": "1.18.2" + "version": "1.19.0" }, "snippets": [ { diff --git a/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1p1beta1.json b/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1p1beta1.json index 32a89128..0e5ec199 100644 --- a/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1p1beta1.json +++ b/samples/generated_samples/snippet_metadata_google.cloud.securitycenter.v1p1beta1.json @@ -8,7 +8,7 @@ ], "language": "PYTHON", "name": "google-cloud-securitycenter", - "version": "1.18.2" + "version": "1.19.0" }, "snippets": [ { diff --git a/samples/snippets/README.md b/samples/snippets/README.md new file mode 100644 index 00000000..0763128a --- /dev/null +++ b/samples/snippets/README.md @@ -0,0 +1 @@ +The snippets have been migrated to GoogleCloudPlatform/python-docs-samples in PR: https://github.com/GoogleCloudPlatform/python-docs-samples/pull/8493 \ No newline at end of file diff --git a/samples/snippets/noxfile.py b/samples/snippets/noxfile.py deleted file mode 100644 index de104dbc..00000000 --- a/samples/snippets/noxfile.py +++ /dev/null @@ -1,292 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import print_function - -import glob -import os -from pathlib import Path -import sys -from typing import Callable, Dict, Optional - -import nox - -# WARNING - WARNING - WARNING - WARNING - WARNING -# WARNING - WARNING - WARNING - WARNING - WARNING -# DO NOT EDIT THIS FILE EVER! -# WARNING - WARNING - WARNING - WARNING - WARNING -# WARNING - WARNING - WARNING - WARNING - WARNING - -BLACK_VERSION = "black==22.3.0" -ISORT_VERSION = "isort==5.10.1" - -# Copy `noxfile_config.py` to your directory and modify it instead. - -# `TEST_CONFIG` dict is a configuration hook that allows users to -# modify the test configurations. The values here should be in sync -# with `noxfile_config.py`. Users will copy `noxfile_config.py` into -# their directory and modify it. - -TEST_CONFIG = { - # You can opt out from the test for specific Python versions. - "ignored_versions": [], - # Old samples are opted out of enforcing Python type hints - # All new samples should feature them - "enforce_type_hints": False, - # An envvar key for determining the project id to use. Change it - # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a - # build specific Cloud project. You can also use your own string - # to use your own Cloud project. - "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", - # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', - # If you need to use a specific version of pip, - # change pip_version_override to the string representation - # of the version number, for example, "20.2.4" - "pip_version_override": None, - # A dictionary you want to inject into your test. Don't put any - # secrets here. These values will override predefined values. - "envs": {}, -} - - -try: - # Ensure we can import noxfile_config in the project's directory. - sys.path.append(".") - from noxfile_config import TEST_CONFIG_OVERRIDE -except ImportError as e: - print("No user noxfile_config found: detail: {}".format(e)) - TEST_CONFIG_OVERRIDE = {} - -# Update the TEST_CONFIG with the user supplied values. -TEST_CONFIG.update(TEST_CONFIG_OVERRIDE) - - -def get_pytest_env_vars() -> Dict[str, str]: - """Returns a dict for pytest invocation.""" - ret = {} - - # Override the GCLOUD_PROJECT and the alias. - env_key = TEST_CONFIG["gcloud_project_env"] - # This should error out if not set. - ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] - - # Apply user supplied envs. - ret.update(TEST_CONFIG["envs"]) - return ret - - -# DO NOT EDIT - automatically generated. -# All versions used to test samples. -ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10", "3.11"] - -# Any default versions that should be ignored. -IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] - -TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) - -INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ( - "True", - "true", -) - -# Error if a python version is missing -nox.options.error_on_missing_interpreters = True - -# -# Style Checks -# - - -# Linting with flake8. -# -# We ignore the following rules: -# E203: whitespace before ‘:’ -# E266: too many leading ‘#’ for block comment -# E501: line too long -# I202: Additional newline in a section of imports -# -# We also need to specify the rules which are ignored by default: -# ['E226', 'W504', 'E126', 'E123', 'W503', 'E24', 'E704', 'E121'] -FLAKE8_COMMON_ARGS = [ - "--show-source", - "--builtin=gettext", - "--max-complexity=20", - "--exclude=.nox,.cache,env,lib,generated_pb2,*_pb2.py,*_pb2_grpc.py", - "--ignore=E121,E123,E126,E203,E226,E24,E266,E501,E704,W503,W504,I202", - "--max-line-length=88", -] - - -@nox.session -def lint(session: nox.sessions.Session) -> None: - if not TEST_CONFIG["enforce_type_hints"]: - session.install("flake8") - else: - session.install("flake8", "flake8-annotations") - - args = FLAKE8_COMMON_ARGS + [ - ".", - ] - session.run("flake8", *args) - - -# -# Black -# - - -@nox.session -def blacken(session: nox.sessions.Session) -> None: - """Run black. Format code to uniform standard.""" - session.install(BLACK_VERSION) - python_files = [path for path in os.listdir(".") if path.endswith(".py")] - - session.run("black", *python_files) - - -# -# format = isort + black -# - - -@nox.session -def format(session: nox.sessions.Session) -> None: - """ - Run isort to sort imports. Then run black - to format code to uniform standard. - """ - session.install(BLACK_VERSION, ISORT_VERSION) - python_files = [path for path in os.listdir(".") if path.endswith(".py")] - - # Use the --fss option to sort imports using strict alphabetical order. - # See https://pycqa.github.io/isort/docs/configuration/options.html#force-sort-within-sections - session.run("isort", "--fss", *python_files) - session.run("black", *python_files) - - -# -# Sample Tests -# - - -PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] - - -def _session_tests( - session: nox.sessions.Session, post_install: Callable = None -) -> None: - # check for presence of tests - test_list = glob.glob("**/*_test.py", recursive=True) + glob.glob( - "**/test_*.py", recursive=True - ) - test_list.extend(glob.glob("**/tests", recursive=True)) - - if len(test_list) == 0: - print("No tests found, skipping directory.") - return - - if TEST_CONFIG["pip_version_override"]: - pip_version = TEST_CONFIG["pip_version_override"] - session.install(f"pip=={pip_version}") - """Runs py.test for a particular project.""" - concurrent_args = [] - if os.path.exists("requirements.txt"): - if os.path.exists("constraints.txt"): - session.install("-r", "requirements.txt", "-c", "constraints.txt") - else: - session.install("-r", "requirements.txt") - with open("requirements.txt") as rfile: - packages = rfile.read() - - if os.path.exists("requirements-test.txt"): - if os.path.exists("constraints-test.txt"): - session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") - else: - session.install("-r", "requirements-test.txt") - with open("requirements-test.txt") as rtfile: - packages += rtfile.read() - - if INSTALL_LIBRARY_FROM_SOURCE: - session.install("-e", _get_repo_root()) - - if post_install: - post_install(session) - - if "pytest-parallel" in packages: - concurrent_args.extend(["--workers", "auto", "--tests-per-worker", "auto"]) - elif "pytest-xdist" in packages: - concurrent_args.extend(["-n", "auto"]) - - session.run( - "pytest", - *(PYTEST_COMMON_ARGS + session.posargs + concurrent_args), - # Pytest will return 5 when no tests are collected. This can happen - # on travis where slow and flaky tests are excluded. - # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html - success_codes=[0, 5], - env=get_pytest_env_vars(), - ) - - -@nox.session(python=ALL_VERSIONS) -def py(session: nox.sessions.Session) -> None: - """Runs py.test for a sample using the specified version of Python.""" - if session.python in TESTED_VERSIONS: - _session_tests(session) - else: - session.skip( - "SKIPPED: {} tests are disabled for this sample.".format(session.python) - ) - - -# -# Readmegen -# - - -def _get_repo_root() -> Optional[str]: - """Returns the root folder of the project.""" - # Get root of this repository. Assume we don't have directories nested deeper than 10 items. - p = Path(os.getcwd()) - for i in range(10): - if p is None: - break - if Path(p / ".git").exists(): - return str(p) - # .git is not available in repos cloned via Cloud Build - # setup.py is always in the library's root, so use that instead - # https://github.com/googleapis/synthtool/issues/792 - if Path(p / "setup.py").exists(): - return str(p) - p = p.parent - raise Exception("Unable to detect repository root.") - - -GENERATED_READMES = sorted([x for x in Path(".").rglob("*.rst.in")]) - - -@nox.session -@nox.parametrize("path", GENERATED_READMES) -def readmegen(session: nox.sessions.Session, path: str) -> None: - """(Re-)generates the readme for a sample.""" - session.install("jinja2", "pyyaml") - dir_ = os.path.dirname(path) - - if os.path.exists(os.path.join(dir_, "requirements.txt")): - session.install("-r", os.path.join(dir_, "requirements.txt")) - - in_file = os.path.join(dir_, "README.rst.in") - session.run( - "python", _get_repo_root() + "/scripts/readme-gen/readme_gen.py", in_file - ) diff --git a/samples/snippets/noxfile_config.py b/samples/snippets/noxfile_config.py deleted file mode 100644 index daf5c43a..00000000 --- a/samples/snippets/noxfile_config.py +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default TEST_CONFIG_OVERRIDE for python repos. - -# You can copy this file into your directory, then it will be inported from -# the noxfile.py. - -# The source of truth: -# https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/noxfile_config.py - -TEST_CONFIG_OVERRIDE = { - # You can opt out from the test for specific Python versions. - "ignored_versions": ["2.7"], - # An envvar key for determining the project id to use. Change it - # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a - # build specific Cloud project. You can also use your own string - # to use your own Cloud project. - # 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', - "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", - # A dictionary you want to inject into your test. Don't put any - # secrets here. These values will override predefined values. - "envs": { - "GCLOUD_ORGANIZATION": "1081635000895", - "GCLOUD_PROJECT": "project-a-id", - "GCLOUD_PUBSUB_TOPIC": "projects/project-a-id/topics/notifications-sample-topic", - "GCLOUD_PUBSUB_SUBSCRIPTION": "notification-sample-subscription", - }, -} diff --git a/samples/snippets/requirements-test.txt b/samples/snippets/requirements-test.txt deleted file mode 100644 index 51d20956..00000000 --- a/samples/snippets/requirements-test.txt +++ /dev/null @@ -1,2 +0,0 @@ -pytest==7.2.1 -google-cloud-bigquery==3.4.2 diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt deleted file mode 100644 index 06909df0..00000000 --- a/samples/snippets/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -google-cloud-pubsub==2.13.12 -google-cloud-securitycenter==1.18.1 \ No newline at end of file diff --git a/samples/snippets/snippets_bigquery_export.py b/samples/snippets/snippets_bigquery_export.py deleted file mode 100644 index 591d9af9..00000000 --- a/samples/snippets/snippets_bigquery_export.py +++ /dev/null @@ -1,190 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Snippets on exporting findings from Security Command Center to BigQuery.""" - - -# [START securitycenter_create_bigquery_export] - - -def create_bigquery_export( - parent: str, export_filter: str, bigquery_dataset_id: str, bigquery_export_id: str -): - - from google.cloud import securitycenter - - """ - Create export configuration to export findings from a project to a BigQuery dataset. - Optionally specify filter to export certain findings only. - - Args: - parent: Use any one of the following resource paths: - - organizations/{organization_id} - - folders/{folder_id} - - projects/{project_id} - export_filter: Expression that defines the filter to apply across create/update events of findings. - bigquery_dataset_id: The BigQuery dataset to write findings' updates to. - bigquery_export_id: Unique identifier provided by the client. - - example id: f"default-{str(uuid.uuid4()).split('-')[0]}" - For more info, see: - https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query#export_findings_from_to - """ - client = securitycenter.SecurityCenterClient() - - # Create the BigQuery export configuration. - bigquery_export = securitycenter.BigQueryExport() - bigquery_export.description = "Export low and medium findings if the compute resource has an IAM anomalous grant" - bigquery_export.filter = export_filter - bigquery_export.dataset = f"{parent}/datasets/{bigquery_dataset_id}" - - request = securitycenter.CreateBigQueryExportRequest() - request.parent = parent - request.big_query_export = bigquery_export - request.big_query_export_id = bigquery_export_id - - # Create the export request. - response = client.create_big_query_export(request) - - print(f"BigQuery export request created successfully: {response.name}\n") - - -# [END securitycenter_create_bigquery_export] - - -# [START securitycenter_get_bigquery_export] -def get_bigquery_export(parent: str, bigquery_export_id: str): - from google.cloud import securitycenter - - """ - Retrieve an existing BigQuery export. - Args: - parent: Use any one of the following resource paths: - - organizations/{organization_id} - - folders/{folder_id} - - projects/{project_id} - bigquery_export_id: Unique identifier that is used to identify the export. - """ - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.GetBigQueryExportRequest() - request.name = f"{parent}/bigQueryExports/{bigquery_export_id}" - - response = client.get_big_query_export(request) - print(f"Retrieved the BigQuery export: {response.name}") - - -# [END securitycenter_get_bigquery_export] - - -# [START securitycenter_list_bigquery_export] -def list_bigquery_exports(parent: str): - from google.cloud import securitycenter - - """ - List BigQuery exports in the given parent. - Args: - parent: The parent which owns the collection of BigQuery exports. - Use any one of the following resource paths: - - organizations/{organization_id} - - folders/{folder_id} - - projects/{project_id} - """ - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.ListBigQueryExportsRequest() - request.parent = parent - - response = client.list_big_query_exports(request) - - print("Listing BigQuery exports:") - for bigquery_export in response: - print(bigquery_export.name) - - -# [END securitycenter_list_bigquery_export] - - -# [START securitycenter_update_bigquery_export] -def update_bigquery_export(parent: str, export_filter: str, bigquery_export_id: str): - """ - Updates an existing BigQuery export. - Args: - parent: Use any one of the following resource paths: - - organizations/{organization_id} - - folders/{folder_id} - - projects/{project_id} - export_filter: Expression that defines the filter to apply across create/update events of findings. - bigquery_export_id: Unique identifier provided by the client. - For more info, see: - https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query#export_findings_from_to - """ - from google.cloud import securitycenter - from google.protobuf import field_mask_pb2 - - client = securitycenter.SecurityCenterClient() - - # Set the new values for export configuration. - bigquery_export = securitycenter.BigQueryExport() - bigquery_export.name = f"{parent}/bigQueryExports/{bigquery_export_id}" - bigquery_export.filter = export_filter - - # Field mask to only update the export filter. - # Set the update mask to specify which properties should be updated. - # If empty, all mutable fields will be updated. - # For more info on constructing field mask path, see the proto or: - # https://googleapis.dev/python/protobuf/latest/google/protobuf/field_mask_pb2.html - field_mask = field_mask_pb2.FieldMask(paths=["filter"]) - - request = securitycenter.UpdateBigQueryExportRequest() - request.big_query_export = bigquery_export - request.update_mask = field_mask - - response = client.update_big_query_export(request) - - if response.filter != export_filter: - print("Failed to update BigQueryExport!") - return - print("BigQueryExport updated successfully!") - - -# [END securitycenter_update_bigquery_export] - - -# [START securitycenter_delete_bigquery_export] -def delete_bigquery_export(parent: str, bigquery_export_id: str): - """ - Delete an existing BigQuery export. - Args: - parent: Use any one of the following resource paths: - - organizations/{organization_id} - - folders/{folder_id} - - projects/{project_id} - bigquery_export_id: Unique identifier that is used to identify the export. - """ - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.DeleteBigQueryExportRequest() - request.name = f"{parent}/bigQueryExports/{bigquery_export_id}" - - client.delete_big_query_export(request) - print(f"BigQuery export request deleted successfully: {bigquery_export_id}") - - -# [END securitycenter_delete_bigquery_export] diff --git a/samples/snippets/snippets_bigquery_export_test.py b/samples/snippets/snippets_bigquery_export_test.py deleted file mode 100644 index 197bd6f6..00000000 --- a/samples/snippets/snippets_bigquery_export_test.py +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# TODO(developer): Replace these variables before running the sample. -import os -import re -import uuid - -from _pytest.capture import CaptureFixture -import pytest - -import snippets_bigquery_export - -PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"] -GOOGLE_APPLICATION_CREDENTIALS = os.environ["GOOGLE_APPLICATION_CREDENTIALS"] -BIGQUERY_DATASET_ID = f"sampledataset{str(uuid.uuid4()).split('-')[0]}" - - -@pytest.fixture(scope="module") -def bigquery_export_id(): - bigquery_export_id = f"default-{str(uuid.uuid4()).split('-')[0]}" - - create_bigquery_dataset(BIGQUERY_DATASET_ID) - export_filter = 'severity="LOW" OR severity="MEDIUM"' - snippets_bigquery_export.create_bigquery_export( - f"projects/{PROJECT_ID}", export_filter, BIGQUERY_DATASET_ID, bigquery_export_id - ) - - yield bigquery_export_id - - snippets_bigquery_export.delete_bigquery_export( - f"projects/{PROJECT_ID}", bigquery_export_id - ) - delete_bigquery_dataset(BIGQUERY_DATASET_ID) - - -def create_bigquery_dataset(dataset_id: str): - from google.cloud import bigquery - - bigquery_client = bigquery.Client() - - dataset_id_full = "{}.{}".format(PROJECT_ID, dataset_id) - dataset = bigquery.Dataset(dataset_id_full) - - dataset = bigquery_client.create_dataset(dataset) - print("Dataset {} created.".format(dataset.dataset_id)) - - -def delete_bigquery_dataset(dataset_id: str): - from google.cloud import bigquery - - bigquery_client = bigquery.Client() - bigquery_client.delete_dataset(dataset_id) - print("Dataset {} deleted.".format(dataset_id)) - - -def test_get_bigquery_export(capsys: CaptureFixture, bigquery_export_id: str): - snippets_bigquery_export.get_bigquery_export( - f"projects/{PROJECT_ID}", bigquery_export_id - ) - out, _ = capsys.readouterr() - assert re.search( - "Retrieved the BigQuery export", - out, - ) - assert re.search(f"bigQueryExports/{bigquery_export_id}", out) - - -def test_list_bigquery_exports(capsys: CaptureFixture, bigquery_export_id: str): - snippets_bigquery_export.list_bigquery_exports(f"projects/{PROJECT_ID}") - out, _ = capsys.readouterr() - assert re.search("Listing BigQuery exports:", out) - assert re.search(bigquery_export_id, out) - - -def test_update_bigquery_exports(capsys: CaptureFixture, bigquery_export_id: str): - export_filter = 'severity="MEDIUM"' - snippets_bigquery_export.update_bigquery_export( - f"projects/{PROJECT_ID}", export_filter, bigquery_export_id - ) - out, _ = capsys.readouterr() - assert re.search("BigQueryExport updated successfully!", out) diff --git a/samples/snippets/snippets_findings.py b/samples/snippets/snippets_findings.py deleted file mode 100644 index 06cddc41..00000000 --- a/samples/snippets/snippets_findings.py +++ /dev/null @@ -1,586 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Examples of working with source and findings in Cloud Security Command Center.""" - - -def create_source(organization_id): - """Create a new findings source.""" - # [START securitycenter_create_source] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - # organization_id is the numeric ID of the organization. e.g.: - # organization_id = "111122222444" - org_name = "organizations/{org_id}".format(org_id=organization_id) - - created = client.create_source( - request={ - "parent": org_name, - "source": { - "display_name": "Customized Display Name", - "description": "A new custom source that does X", - }, - } - ) - print("Created Source: {}".format(created.name)) - # [END securitycenter_create_source] - - -def get_source(source_name): - """Gets an existing source.""" - # [START securitycenter_get_source] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - source = client.get_source(request={"name": source_name}) - - print("Source: {}".format(source)) - # [END securitycenter_get_source] - return source - - -def update_source(source_name): - """Updates a source's display name.""" - # [START securitycenter_update_source] - from google.cloud import securitycenter - from google.protobuf import field_mask_pb2 - - client = securitycenter.SecurityCenterClient() - - # Field mask to only update the display name. - field_mask = field_mask_pb2.FieldMask(paths=["display_name"]) - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - updated = client.update_source( - request={ - "source": {"name": source_name, "display_name": "Updated Display Name"}, - "update_mask": field_mask, - } - ) - print("Updated Source: {}".format(updated)) - # [END securitycenter_update_source] - return updated - - -def add_user_to_source(source_name): - """Gives a user findingsEditor permission to the source.""" - user_email = "csccclienttest@gmail.com" - # [START securitycenter_set_source_iam] - from google.cloud import securitycenter - from google.iam.v1 import policy_pb2 - - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - # Get the old policy so we can do an incremental update. - old_policy = client.get_iam_policy(request={"resource": source_name}) - print("Old Policy: {}".format(old_policy)) - - # Setup a new IAM binding. - binding = policy_pb2.Binding() - binding.role = "roles/securitycenter.findingsEditor" - # user_email is an e-mail address known to Cloud IAM (e.g. a gmail address). - # user_mail = user@somedomain.com - binding.members.append("user:{}".format(user_email)) - - # Setting the e-tag avoids over-write existing policy - updated = client.set_iam_policy( - request={ - "resource": source_name, - "policy": {"etag": old_policy.etag, "bindings": [binding]}, - } - ) - - print("Updated Policy: {}".format(updated)) - - # [END securitycenter_set_source_iam] - return binding, updated - - -def list_source(organization_id): - """Lists finding sources.""" - i = -1 - # [START securitycenter_list_sources] - from google.cloud import securitycenter - - # Create a new client. - client = securitycenter.SecurityCenterClient() - # organization_id is the numeric ID of the organization. e.g.: - # organization_id = "111122222444" - org_name = "organizations/{org_id}".format(org_id=organization_id) - - # Call the API and print out each existing source. - for i, source in enumerate(client.list_sources(request={"parent": org_name})): - print(i, source) - # [END securitycenter_list_sources] - return i - - -def create_finding(source_name, finding_id): - """Creates a new finding.""" - # [START securitycenter_create_finding] - import datetime - - from google.cloud import securitycenter - from google.cloud.securitycenter_v1 import Finding - - # Create a new client. - client = securitycenter.SecurityCenterClient() - - # Use the current time as the finding "event time". - event_time = datetime.datetime.now(tz=datetime.timezone.utc) - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - - # The resource this finding applies to. The CSCC UI can link - # the findings for a resource to the corresponding Asset of a resource - # if there are matches. - resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232" - - finding = Finding( - state=Finding.State.ACTIVE, - resource_name=resource_name, - category="MEDIUM_RISK_ONE", - event_time=event_time, - ) - - # Call The API. - created_finding = client.create_finding( - request={"parent": source_name, "finding_id": finding_id, "finding": finding} - ) - print(created_finding) - # [END securitycenter_create_finding] - return created_finding - - -def create_finding_with_source_properties(source_name): - """Demonstrate creating a new finding with source properties.""" - # [START securitycenter_create_finding_with_source_properties] - import datetime - - from google.cloud import securitycenter - from google.cloud.securitycenter_v1 import Finding - from google.protobuf.struct_pb2 import Value - - # Create a new client. - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - - # Controlled by caller. - finding_id = "samplefindingid2" - - # The resource this finding applies to. The CSCC UI can link - # the findings for a resource to the corresponding Asset of a resource - # if there are matches. - resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232" - - # Define source properties values as protobuf "Value" objects. - str_value = Value() - str_value.string_value = "string_example" - num_value = Value() - num_value.number_value = 1234 - - # Use the current time as the finding "event time". - event_time = datetime.datetime.now(tz=datetime.timezone.utc) - - finding = Finding( - state=Finding.State.ACTIVE, - resource_name=resource_name, - category="MEDIUM_RISK_ONE", - source_properties={"s_value": "string_example", "n_value": 1234}, - event_time=event_time, - ) - - created_finding = client.create_finding( - request={"parent": source_name, "finding_id": finding_id, "finding": finding} - ) - print(created_finding) - # [END securitycenter_create_finding_with_source_properties] - - -def update_finding(source_name): - # [START securitycenter_update_finding_source_properties] - import datetime - - from google.cloud import securitycenter - from google.cloud.securitycenter_v1 import Finding - from google.protobuf import field_mask_pb2 - - client = securitycenter.SecurityCenterClient() - # Only update the specific source property and event_time. event_time - # is required for updates. - field_mask = field_mask_pb2.FieldMask( - paths=["source_properties.s_value", "event_time"] - ) - - # Set the update time to Now. This must be some time greater then the - # event_time on the original finding. - event_time = datetime.datetime.now(tz=datetime.timezone.utc) - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - finding_name = "{}/findings/samplefindingid2".format(source_name) - finding = Finding( - name=finding_name, - source_properties={"s_value": "new_string"}, - event_time=event_time, - ) - updated_finding = client.update_finding( - request={"finding": finding, "update_mask": field_mask} - ) - - print( - "New Source properties: {}, Event Time {}".format( - updated_finding.source_properties, updated_finding.event_time - ) - ) - # [END securitycenter_update_finding_source_properties] - - -def update_finding_state(source_name): - """Demonstrate updating only a finding state.""" - # [START securitycenter_update_finding_state] - import datetime - - from google.cloud import securitycenter - from google.cloud.securitycenter_v1 import Finding - - # Create a client. - client = securitycenter.SecurityCenterClient() - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - finding_name = "{}/findings/samplefindingid2".format(source_name) - - # Call the API to change the finding state to inactive as of now. - new_finding = client.set_finding_state( - request={ - "name": finding_name, - "state": Finding.State.INACTIVE, - "start_time": datetime.datetime.now(tz=datetime.timezone.utc), - } - ) - print(f"New state: {new_finding.state}") - # [END securitycenter_update_finding_state] - - -def trouble_shoot(source_name): - """Demonstrate calling test_iam_permissions to determine if the - service account has the correct permisions.""" - # [START securitycenter_test_iam] - from google.cloud import securitycenter - - # Create a client. - client = securitycenter.SecurityCenterClient() - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - - # Check for permssions to call create_finding or update_finding. - permission_response = client.test_iam_permissions( - request={ - "resource": source_name, - "permissions": ["securitycenter.findings.update"], - } - ) - - print( - "Permision to create or update findings? {}".format( - len(permission_response.permissions) > 0 - ) - ) - # [END securitycenter_test_iam] - assert len(permission_response.permissions) > 0 - # [START securitycenter_test_iam] - # Check for permissions necessary to call set_finding_state. - permission_response = client.test_iam_permissions( - request={ - "resource": source_name, - "permissions": ["securitycenter.findings.setState"], - } - ) - print( - "Permision to update state? {}".format(len(permission_response.permissions) > 0) - ) - # [END securitycenter_test_iam] - return permission_response - assert len(permission_response.permissions) > 0 - - -def list_all_findings(organization_id): - # [START securitycenter_list_all_findings] - from google.cloud import securitycenter - - # Create a client. - client = securitycenter.SecurityCenterClient() - - # organization_id is the numeric ID of the organization. e.g.: - # organization_id = "111122222444" - org_name = "organizations/{org_id}".format(org_id=organization_id) - # The "sources/-" suffix lists findings across all sources. You - # also use a specific source_name instead. - all_sources = "{org_name}/sources/-".format(org_name=org_name) - finding_result_iterator = client.list_findings(request={"parent": all_sources}) - for i, finding_result in enumerate(finding_result_iterator): - print( - "{}: name: {} resource: {}".format( - i, finding_result.finding.name, finding_result.finding.resource_name - ) - ) - # [END securitycenter_list_all_findings] - return i - - -def list_filtered_findings(source_name): - # [START securitycenter_list_filtered_findings] - from google.cloud import securitycenter - - # Create a new client. - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - # You an also use a wild-card "-" for all sources: - # source_name = "organizations/111122222444/sources/-" - finding_result_iterator = client.list_findings( - request={"parent": source_name, "filter": 'category="MEDIUM_RISK_ONE"'} - ) - # Iterate an print all finding names and the resource they are - # in reference to. - for i, finding_result in enumerate(finding_result_iterator): - print( - "{}: name: {} resource: {}".format( - i, finding_result.finding.name, finding_result.finding.resource_name - ) - ) - # [END securitycenter_list_filtered_findings] - return i - - -def list_findings_at_time(source_name): - # [START securitycenter_list_findings_at_time] - from datetime import datetime, timedelta - - from google.cloud import securitycenter - - # Create a new client. - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - # You an also use a wild-card "-" for all sources: - # source_name = "organizations/111122222444/sources/-" - five_days_ago = str(datetime.now() - timedelta(days=5)) - # [END securitycenter_list_findings_at_time] - i = -1 - # [START securitycenter_list_findings_at_time] - - finding_result_iterator = client.list_findings( - request={"parent": source_name, "filter": five_days_ago} - ) - for i, finding_result in enumerate(finding_result_iterator): - print( - "{}: name: {} resource: {}".format( - i, finding_result.finding.name, finding_result.finding.resource_name - ) - ) - # [END securitycenter_list_findings_at_time] - return i - - -def get_iam_policy(source_name): - """Gives a user findingsEditor permission to the source.""" - # [START securitycenter_get_source_iam] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - # Get the old policy so we can do an incremental update. - policy = client.get_iam_policy(request={"resource": source_name}) - print("Policy: {}".format(policy)) - # [END securitycenter_get_source_iam] - - -def group_all_findings(organization_id): - """Demonstrates grouping all findings across an organization.""" - i = 0 - # [START securitycenter_group_all_findings] - from google.cloud import securitycenter - - # Create a client. - client = securitycenter.SecurityCenterClient() - - # organization_id is the numeric ID of the organization. e.g.: - # organization_id = "111122222444" - org_name = "organizations/{org_id}".format(org_id=organization_id) - # The "sources/-" suffix lists findings across all sources. You - # also use a specific source_name instead. - all_sources = "{org_name}/sources/-".format(org_name=org_name) - group_result_iterator = client.group_findings( - request={"parent": all_sources, "group_by": "category"} - ) - for i, group_result in enumerate(group_result_iterator): - print((i + 1), group_result) - # [END securitycenter_group_all_findings] - return i - - -def group_filtered_findings(source_name): - """Demonstrates grouping all findings across an organization.""" - i = 0 - # [START securitycenter_group_filtered_findings] - from google.cloud import securitycenter - - # Create a client. - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - - group_result_iterator = client.group_findings( - request={ - "parent": source_name, - "group_by": "category", - "filter": 'state="ACTIVE"', - } - ) - for i, group_result in enumerate(group_result_iterator): - print((i + 1), group_result) - # [END securitycenter_group_filtered_findings] - return i - - -def group_findings_at_time(source_name): - """Demonstrates grouping all findings across an organization as of - a specific time.""" - i = -1 - # [START securitycenter_group_findings_at_time] - from datetime import datetime, timedelta - - from google.cloud import securitycenter - - # Create a client. - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - - # Group findings as of yesterday. - read_time = datetime.utcnow() - timedelta(days=1) - - group_result_iterator = client.group_findings( - request={"parent": source_name, "group_by": "category", "read_time": read_time} - ) - for i, group_result in enumerate(group_result_iterator): - print((i + 1), group_result) - # [END securitycenter_group_findings_at_time] - return i - - -def group_findings_and_changes(source_name): - """Demonstrates grouping all findings across an organization and - associated changes.""" - i = 0 - # [START securitycenter_group_findings_with_changes] - from datetime import timedelta - - from google.cloud import securitycenter - - # Create a client. - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - - # List assets and their state change the last 30 days - compare_delta = timedelta(days=30) - - group_result_iterator = client.group_findings( - request={ - "parent": source_name, - "group_by": "state_change", - "compare_duration": compare_delta, - } - ) - for i, group_result in enumerate(group_result_iterator): - print((i + 1), group_result) - # [END securitycenter_group_findings_with_changes]] - return i diff --git a/samples/snippets/snippets_findings_test.py b/samples/snippets/snippets_findings_test.py deleted file mode 100644 index 8cd6353f..00000000 --- a/samples/snippets/snippets_findings_test.py +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -from itertools import chain -import os - -import pytest - -import snippets_findings - - -@pytest.fixture(scope="module") -def organization_id(): - """Get Organization ID from the environment variable""" - return os.environ["GCLOUD_ORGANIZATION"] - - -@pytest.fixture(scope="module") -def source_name(organization_id): - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - org_name = "organizations/{org_id}".format(org_id=organization_id) - - source = client.create_source( - request={ - "parent": org_name, - "source": { - "display_name": "Unit test source", - "description": "A new custom source that does X", - }, - } - ) - return source.name - - -def test_create_source(organization_id): - snippets_findings.create_source(organization_id) - - -def test_get_source(source_name): - source = snippets_findings.get_source(source_name) - assert source.name == source_name - - -def test_update_source(source_name): - updated = snippets_findings.update_source(source_name) - assert updated.display_name == "Updated Display Name" - - -def test_add_user_to_source(source_name): - binding, updated = snippets_findings.add_user_to_source(source_name) - assert any( - member == "user:csccclienttest@gmail.com" - for member in chain.from_iterable( - binding.members for binding in updated.bindings - ) - ) - - -def test_list_source(organization_id): - count = snippets_findings.list_source(organization_id) - assert count >= 0 - - -def test_create_finding(source_name): - created_finding = snippets_findings.create_finding(source_name, "samplefindingid") - assert len(created_finding.name) > 0 - - -def test_create_finding_with_source_properties(source_name): - snippets_findings.create_finding_with_source_properties(source_name) - - -def test_update_finding(source_name): - snippets_findings.update_finding(source_name) - - -def test_update_finding_state(source_name): - snippets_findings.update_finding_state(source_name) - - -def test_trouble_shoot(source_name): - snippets_findings.trouble_shoot(source_name) - - -def test_list_all_findings(organization_id): - count = snippets_findings.list_all_findings(organization_id) - assert count > 0 - - -def test_list_filtered_findings(source_name): - count = snippets_findings.list_filtered_findings(source_name) - assert count > 0 - - -def list_findings_at_time(source_name): - count = snippets_findings.list_findings_at_time(source_name) - assert count == -1 - - -def test_get_iam_policy(source_name): - snippets_findings.get_iam_policy(source_name) - - -def test_group_all_findings(organization_id): - count = snippets_findings.group_all_findings(organization_id) - assert count > 0 - - -def test_group_filtered_findings(source_name): - count = snippets_findings.group_filtered_findings(source_name) - assert count == 0 - - -def test_group_findings_at_time(source_name): - count = snippets_findings.group_findings_at_time(source_name) - assert count == -1 - - -def test_group_findings_and_changes(source_name): - count = snippets_findings.group_findings_and_changes(source_name) - assert count == 0 diff --git a/samples/snippets/snippets_list_assets.py b/samples/snippets/snippets_list_assets.py deleted file mode 100644 index 42511b94..00000000 --- a/samples/snippets/snippets_list_assets.py +++ /dev/null @@ -1,208 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Examples of listing assets in Cloud Security Command Center.""" - - -def list_all_assets(organization_id): - """Demonstrate listing and printing all assets.""" - i = 0 - # [START securitycenter_list_all_assets] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - # organization_id is the numeric ID of the organization. - # organization_id = "1234567777" - org_name = "organizations/{org_id}".format(org_id=organization_id) - - # Call the API and print results. - asset_iterator = client.list_assets(request={"parent": org_name}) - for i, asset_result in enumerate(asset_iterator): - print(i, asset_result) - # [END securitycenter_list_all_assets] - return i - - -def list_assets_with_filters(organization_id): - """Demonstrate listing assets with a filter.""" - i = 0 - # [START securitycenter_list_assets_with_filter] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # organization_id is the numeric ID of the organization. - # organization_id = "1234567777" - org_name = "organizations/{org_id}".format(org_id=organization_id) - - project_filter = ( - "security_center_properties.resource_type=" - + '"google.cloud.resourcemanager.Project"' - ) - # Call the API and print results. - asset_iterator = client.list_assets( - request={"parent": org_name, "filter": project_filter} - ) - for i, asset_result in enumerate(asset_iterator): - print(i, asset_result) - # [END securitycenter_list_assets_with_filter] - return i - - -def list_assets_with_filters_and_read_time(organization_id): - """Demonstrate listing assets with a filter.""" - i = 0 - # [START securitycenter_list_assets_at_time] - from datetime import datetime, timedelta, timezone - - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # organization_id is the numeric ID of the organization. - # organization_id = "1234567777" - org_name = "organizations/{org_id}".format(org_id=organization_id) - - project_filter = ( - "security_center_properties.resource_type=" - + '"google.cloud.resourcemanager.Project"' - ) - - # Lists assets as of yesterday. - read_time = datetime.now(tz=timezone.utc) - timedelta(days=1) - - # Call the API and print results. - asset_iterator = client.list_assets( - request={"parent": org_name, "filter": project_filter, "read_time": read_time} - ) - for i, asset_result in enumerate(asset_iterator): - print(i, asset_result) - # [END securitycenter_list_assets_at_time] - return i - - -def list_point_in_time_changes(organization_id): - """Demonstrate listing assets along with their state changes.""" - i = 0 - # [START securitycenter_list_assets_and_changes] - from datetime import timedelta - - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # organization_id is the numeric ID of the organization. - # organization_id = "1234567777" - org_name = "organizations/{org_id}".format(org_id=organization_id) - project_filter = ( - "security_center_properties.resource_type=" - + '"google.cloud.resourcemanager.Project"' - ) - - # List assets and their state change the last 30 days - compare_delta = timedelta(days=30) - - # Call the API and print results. - asset_iterator = client.list_assets( - request={ - "parent": org_name, - "filter": project_filter, - "compare_duration": compare_delta, - } - ) - for i, asset in enumerate(asset_iterator): - print(i, asset) - - # [END securitycenter_list_assets_and_changes] - return i - - -def group_assets(organization_id): - """Demonstrates grouping all assets by type.""" - i = 0 - # [START securitycenter_group_all_assets] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # organization_id is the numeric ID of the organization. - # organization_id = "1234567777" - org_name = "organizations/{org_id}".format(org_id=organization_id) - - group_by_type = "security_center_properties.resource_type" - - result_iterator = client.group_assets( - request={"parent": org_name, "group_by": group_by_type} - ) - for i, result in enumerate(result_iterator): - print((i + 1), result) - # [END securitycenter_group_all_assets] - return i - - -def group_filtered_assets(organization_id): - """Demonstrates grouping assets by type with a filter.""" - i = 0 - # [START securitycenter_group_all_assets_with_filter] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # organization_id is the numeric ID of the organization. - # organization_id = "1234567777" - org_name = "organizations/{org_id}".format(org_id=organization_id) - - group_by_type = "security_center_properties.resource_type" - only_projects = ( - "security_center_properties.resource_type=" - + '"google.cloud.resourcemanager.Project"' - ) - result_iterator = client.group_assets( - request={"parent": org_name, "group_by": group_by_type, "filter": only_projects} - ) - for i, result in enumerate(result_iterator): - print((i + 1), result) - # [END securitycenter_group_all_assets_with_filter] - # only one asset type is a project - return i - - -def group_assets_by_changes(organization_id): - """Demonstrates grouping assets by their changes over a period of time.""" - i = 0 - # [START securitycenter_group_all_assets_by_change] - from datetime import timedelta - - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - duration = timedelta(days=5) - - # organization_id is the numeric ID of the organization. - # organization_id = "1234567777" - org_name = "organizations/{org_id}".format(org_id=organization_id) - result_iterator = client.group_assets( - request={ - "parent": org_name, - "group_by": "state_change", - "compare_duration": duration, - } - ) - for i, result in enumerate(result_iterator): - print((i + 1), result) - # [END securitycenter_group_all_assets_by_change] - return i diff --git a/samples/snippets/snippets_list_assets_test.py b/samples/snippets/snippets_list_assets_test.py deleted file mode 100644 index 44514238..00000000 --- a/samples/snippets/snippets_list_assets_test.py +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for snippets.""" - -import os - -import pytest - -import snippets_list_assets - - -@pytest.fixture(scope="module") -def organization_id(): - """Get Organization ID from the environment variable""" - return os.environ["GCLOUD_ORGANIZATION"] - - -def test_list_all_assets(organization_id): - """Demonstrate listing and printing all assets.""" - count = snippets_list_assets.list_all_assets(organization_id) - assert count > 0 - - -def list_assets_with_filters(organization_id): - count = snippets_list_assets.list_all_assets(organization_id) - assert count > 0 - - -def test_list_assets_with_filters_and_read_time(organization_id): - count = snippets_list_assets.list_assets_with_filters_and_read_time(organization_id) - assert count > 0 - - -def test_list_point_in_time_changes(organization_id): - count = snippets_list_assets.list_point_in_time_changes(organization_id) - assert count > 0 - - -def test_group_assets(organization_id): - count = snippets_list_assets.group_assets(organization_id) - assert count >= 8 # 8 different asset types. - - -def test_group_filtered_assets(organization_id): - count = snippets_list_assets.group_filtered_assets(organization_id) - assert count == 0 - - -def test_group_assets_by_changes(organization_id): - count = snippets_list_assets.group_assets_by_changes(organization_id) - assert count >= 0 # only one asset type is a project diff --git a/samples/snippets/snippets_mute_config.py b/samples/snippets/snippets_mute_config.py deleted file mode 100644 index 97de1312..00000000 --- a/samples/snippets/snippets_mute_config.py +++ /dev/null @@ -1,264 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# [START securitycenter_create_mute_config] - - -def create_mute_rule(parent_path: str, mute_config_id: str) -> None: - """ - Creates a mute configuration under a given scope that will mute - all new findings that match a given filter. - Existing findings will NOT BE muted. - Args: - parent_path: use any one of the following options: - - organizations/{organization_id} - - folders/{folder_id} - - projects/{project_id} - mute_config_id: Set a unique id; max of 63 chars. - """ - - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - mute_config = securitycenter.MuteConfig() - mute_config.description = "Mute low-medium IAM grants excluding 'compute' " - # Set mute rule(s). - # To construct mute rules and for supported properties, see: - # https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules - mute_config.filter = ( - 'severity="LOW" OR severity="MEDIUM" AND ' - 'category="Persistence: IAM Anomalous Grant" AND ' - '-resource.type:"compute"' - ) - - request = securitycenter.CreateMuteConfigRequest() - request.parent = parent_path - request.mute_config_id = mute_config_id - request.mute_config = mute_config - - mute_config = client.create_mute_config(request=request) - print(f"Mute rule created successfully: {mute_config.name}") - - -# [END securitycenter_create_mute_config] - - -# [START securitycenter_delete_mute_config] -def delete_mute_rule(mute_config_name: str) -> None: - """ - Deletes a mute configuration given its resource name. - Note: Previously muted findings are not affected when a mute config is deleted. - Args: - mute_config_name: Specify the name of the mute config to delete. - Use any one of the following formats: - - organizations/{organization}/muteConfigs/{config_id} - - folders/{folder}/muteConfigs/{config_id} or - - projects/{project}/muteConfigs/{config_id} - """ - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.DeleteMuteConfigRequest() - request.name = mute_config_name - - client.delete_mute_config(request) - print(f"Mute rule deleted successfully: {mute_config_name}") - - -# [END securitycenter_delete_mute_config] - - -# [START securitycenter_get_mute_config] -def get_mute_rule(mute_config_name: str) -> None: - """ - Retrieves a mute configuration given its resource name. - Args: - mute_config_name: Name of the mute config to retrieve. - Use any one of the following formats: - - organizations/{organization}/muteConfigs/{config_id} - - folders/{folder}/muteConfigs/{config_id} - - projects/{project}/muteConfigs/{config_id} - """ - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.GetMuteConfigRequest() - request.name = mute_config_name - - mute_config = client.get_mute_config(request) - print(f"Retrieved the mute rule: {mute_config.name}") - - -# [END securitycenter_get_mute_config] - - -# [START securitycenter_list_mute_configs] -def list_mute_rules(parent: str) -> None: - """ - Listing mute configs at organization level will return all the configs - at the org, folder and project levels. - Similarly, listing configs at folder level will list all the configs - at the folder and project levels. - Args: - parent: Use any one of the following resource paths to list mute configurations: - - organizations/{organization_id} - - folders/{folder_id} - - projects/{project_id} - """ - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.ListMuteConfigsRequest() - request.parent = parent - - # List all Mute Configs present in the resource. - for mute_config in client.list_mute_configs(request): - print(mute_config.name) - - -# [END securitycenter_list_mute_configs] - - -# [START securitycenter_update_mute_config] -def update_mute_rule(mute_config_name: str) -> None: - """ - Updates an existing mute configuration. - The following can be updated in a mute config: description, and filter/ mute rule. - Args: - mute_config_name: Specify the name of the mute config to delete. - Use any one of the following formats: - - organizations/{organization}/muteConfigs/{config_id} - - folders/{folder}/muteConfigs/{config_id} - - projects/{project}/muteConfigs/{config_id} - """ - from google.cloud import securitycenter - from google.protobuf import field_mask_pb2 - - client = securitycenter.SecurityCenterClient() - - update_mute_config = securitycenter.MuteConfig() - update_mute_config.name = mute_config_name - update_mute_config.description = "Updated mute config description" - - field_mask = field_mask_pb2.FieldMask(paths=["description"]) - - request = securitycenter.UpdateMuteConfigRequest() - request.mute_config = update_mute_config - # Set the update mask to specify which properties of the Mute Config should be updated. - # If empty, all mutable fields will be updated. - # Make sure that the mask fields match the properties changed in 'update_mute_config'. - # For more info on constructing update mask path, see the proto or: - # https://cloud.google.com/security-command-center/docs/reference/rest/v1/folders.muteConfigs/patch?hl=en#query-parameters - request.update_mask = field_mask - - mute_config = client.update_mute_config(request) - print(f"Updated mute rule : {mute_config}") - - -# [END securitycenter_update_mute_config] - - -# [START securitycenter_set_mute] -def set_mute_finding(finding_path: str) -> None: - """ - Mute an individual finding. - If a finding is already muted, muting it again has no effect. - Various mute states are: MUTE_UNSPECIFIED/MUTE/UNMUTE. - Args: - finding_path: The relative resource name of the finding. See: - https://cloud.google.com/apis/design/resource_names#relative_resource_name - Use any one of the following formats: - - organizations/{organization_id}/sources/{source_id}/finding/{finding_id}, - - folders/{folder_id}/sources/{source_id}/finding/{finding_id}, - - projects/{project_id}/sources/{source_id}/finding/{finding_id}. - """ - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.SetMuteRequest() - request.name = finding_path - request.mute = securitycenter.Finding.Mute.MUTED - - finding = client.set_mute(request) - print(f"Mute value for the finding: {finding.mute.name}") - - -# [END securitycenter_set_mute] - - -# [START securitycenter_set_unmute] -def set_unmute_finding(finding_path: str) -> None: - """ - Unmute an individual finding. - Unmuting a finding that isn't muted has no effect. - Various mute states are: MUTE_UNSPECIFIED/MUTE/UNMUTE. - Args: - finding_path: The relative resource name of the finding. See: - https://cloud.google.com/apis/design/resource_names#relative_resource_name - Use any one of the following formats: - - organizations/{organization_id}/sources/{source_id}/finding/{finding_id}, - - folders/{folder_id}/sources/{source_id}/finding/{finding_id}, - - projects/{project_id}/sources/{source_id}/finding/{finding_id}. - """ - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.SetMuteRequest() - request.name = finding_path - request.mute = securitycenter.Finding.Mute.UNMUTED - - finding = client.set_mute(request) - print(f"Mute value for the finding: {finding.mute.name}") - - -# [END securitycenter_set_unmute] - - -# [START securitycenter_bulk_mute] -def bulk_mute_findings(parent_path: str, mute_rule: str) -> None: - """ - Kicks off a long-running operation (LRO) to bulk mute findings for a parent based on a filter. - The parent can be either an organization, folder, or project. The findings - matched by the filter will be muted after the LRO is done. - Args: - parent_path: use any one of the following options: - - organizations/{organization} - - folders/{folder} - - projects/{project} - mute_rule: Expression that identifies findings that should be updated. - """ - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - request = securitycenter.BulkMuteFindingsRequest() - request.parent = parent_path - # To create mute rules, see: - # https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules - request.filter = mute_rule - - response = client.bulk_mute_findings(request) - print(f"Bulk mute findings completed successfully! : {response}") - - -# [END securitycenter_bulk_mute] diff --git a/samples/snippets/snippets_mute_config_test.py b/samples/snippets/snippets_mute_config_test.py deleted file mode 100644 index 5c531d10..00000000 --- a/samples/snippets/snippets_mute_config_test.py +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -import os -import re -import uuid - -from _pytest.capture import CaptureFixture -from google.cloud import securitycenter -from google.cloud.securitycenter_v1.services.security_center.pagers import ( - ListFindingsPager, -) -import pytest - -import snippets_mute_config - -# TODO(developer): Replace these variables before running the sample. -PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"] -ORGANIZATION_ID = os.environ["GCLOUD_ORGANIZATION"] -GOOGLE_APPLICATION_CREDENTIALS = os.environ["GOOGLE_APPLICATION_CREDENTIALS"] - - -@pytest.fixture -def mute_rule(): - mute_rule_create = f"random-mute-create-{uuid.uuid4()}" - mute_rule_update = f"random-mute-update-{uuid.uuid4()}" - snippets_mute_config.create_mute_rule(f"projects/{PROJECT_ID}", mute_rule_create) - snippets_mute_config.create_mute_rule(f"projects/{PROJECT_ID}", mute_rule_update) - - yield {"create": mute_rule_create, "update": mute_rule_update} - - snippets_mute_config.delete_mute_rule( - f"projects/{PROJECT_ID}/muteConfigs/{mute_rule_create}" - ) - snippets_mute_config.delete_mute_rule( - f"projects/{PROJECT_ID}/muteConfigs/{mute_rule_update}" - ) - - -@pytest.fixture -def finding(capsys: CaptureFixture): - import snippets_findings - from snippets_findings import create_finding - - snippets_findings.create_source(ORGANIZATION_ID) - out, _ = capsys.readouterr() - # source_path is of the format: organizations/{ORGANIZATION_ID}/sources/{source_name} - source_path = out.split(":")[1].strip() - source_name = source_path.split("/")[3] - finding1_path = create_finding(source_path, "1testingscc").name - finding2_path = create_finding(source_path, "2testingscc").name - - yield { - "source": source_name, - "finding1": finding1_path, - "finding2": finding2_path, - } - - -def list_all_findings(source_name) -> ListFindingsPager: - client = securitycenter.SecurityCenterClient() - return client.list_findings(request={"parent": source_name}) - - -def test_get_mute_rule(capsys: CaptureFixture, mute_rule): - snippets_mute_config.get_mute_rule( - f"projects/{PROJECT_ID}/muteConfigs/{mute_rule.get('create')}" - ) - out, _ = capsys.readouterr() - assert re.search("Retrieved the mute rule: ", out) - assert re.search(mute_rule.get("create"), out) - - -def test_list_mute_rules(capsys: CaptureFixture, mute_rule): - snippets_mute_config.list_mute_rules(f"projects/{PROJECT_ID}") - out, _ = capsys.readouterr() - assert re.search(mute_rule.get("create"), out) - assert re.search(mute_rule.get("update"), out) - - -def test_update_mute_rule(capsys: CaptureFixture, mute_rule): - snippets_mute_config.update_mute_rule( - f"projects/{PROJECT_ID}/muteConfigs/{mute_rule.get('update')}" - ) - snippets_mute_config.get_mute_rule( - f"projects/{PROJECT_ID}/muteConfigs/{mute_rule.get('update')}" - ) - out, _ = capsys.readouterr() - assert re.search("Updated mute config description", out) - - -def test_set_mute_finding(capsys: CaptureFixture, finding): - finding_path = finding.get("finding1") - snippets_mute_config.set_mute_finding(finding_path) - out, _ = capsys.readouterr() - assert re.search("Mute value for the finding: MUTED", out) - - -def test_set_unmute_finding(capsys: CaptureFixture, finding): - finding_path = finding.get("finding1") - snippets_mute_config.set_unmute_finding(finding_path) - out, _ = capsys.readouterr() - assert re.search("Mute value for the finding: UNMUTED", out) - - -def test_bulk_mute_findings(capsys: CaptureFixture, finding): - # Mute findings that belong to this project. - snippets_mute_config.bulk_mute_findings( - f"projects/{PROJECT_ID}", f'resource.project_display_name="{PROJECT_ID}"' - ) - - # Get all findings in the source to check if they are muted. - response = list_all_findings( - f"projects/{PROJECT_ID}/sources/{finding.get('source')}" - ) - for i, finding in enumerate(response): - assert finding.finding.mute == securitycenter.Finding.Mute.MUTED diff --git a/samples/snippets/snippets_notification_configs.py b/samples/snippets/snippets_notification_configs.py deleted file mode 100644 index 6cc82dd8..00000000 --- a/samples/snippets/snippets_notification_configs.py +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Demos for working with notification configs.""" - - -# [START securitycenter_create_notification_config] -def create_notification_config(parent_id, notification_config_id, pubsub_topic): - """ - Args: - parent_id: must be in one of the following formats: - "organizations/{organization_id}" - "projects/{project_id}" - "folders/{folder_id}" - notification_config_id: "your-config-id" - pubsub_topic: "projects/{your-project-id}/topics/{your-topic-ic}" - - Ensure this ServiceAccount has the "pubsub.topics.setIamPolicy" permission on the new topic. - """ - from google.cloud import securitycenter as securitycenter - - client = securitycenter.SecurityCenterClient() - - created_notification_config = client.create_notification_config( - request={ - "parent": parent_id, - "config_id": notification_config_id, - "notification_config": { - "description": "Notification for active findings", - "pubsub_topic": pubsub_topic, - "streaming_config": {"filter": 'state = "ACTIVE"'}, - }, - } - ) - - print(created_notification_config) - # [END securitycenter_create_notification_config] - return created_notification_config - - -# [START securitycenter_delete_notification_config] -def delete_notification_config(parent_id, notification_config_id): - """ - Args: - parent_id: must be in one of the following formats: - "organizations/{organization_id}" - "projects/{project_id}" - "folders/{folder_id}" - notification_config_id: "your-config-id" - """ - from google.cloud import securitycenter as securitycenter - - client = securitycenter.SecurityCenterClient() - - notification_config_name = ( - f"{parent_id}/notificationConfigs/{notification_config_id}" - ) - - client.delete_notification_config(request={"name": notification_config_name}) - print(f"Deleted notification config: {notification_config_name}") - # [END securitycenter_delete_notification_config] - return True - - -# [START securitycenter_get_notification_config] -def get_notification_config(parent_id, notification_config_id): - """ - Args: - parent_id: must be in one of the following formats: - "organizations/{organization_id}" - "projects/{project_id}" - "folders/{folder_id}" - notification_config_id: "your-config-id" - """ - from google.cloud import securitycenter as securitycenter - - client = securitycenter.SecurityCenterClient() - - notification_config_name = ( - f"{parent_id}/notificationConfigs/{notification_config_id}" - ) - - notification_config = client.get_notification_config( - request={"name": notification_config_name} - ) - print(f"Got notification config: {notification_config}") - # [END securitycenter_get_notification_config] - return notification_config - - -# [START securitycenter_list_notification_configs] -def list_notification_configs(parent_id): - """ - Args: - parent_id: must be in one of the following formats: - "organizations/{organization_id}" - "projects/{project_id}" - "folders/{folder_id}" - """ - from google.cloud import securitycenter as securitycenter - - client = securitycenter.SecurityCenterClient() - - notification_configs_iterator = client.list_notification_configs( - request={"parent": parent_id} - ) - for i, config in enumerate(notification_configs_iterator): - print(f"{i}: notification_config: {config}") - # [END securitycenter_list_notification_configs]] - return notification_configs_iterator - - -# [START securitycenter_update_notification_config] -def update_notification_config(parent_id, notification_config_id, pubsub_topic): - """ - Args: - parent_id: must be in one of the following formats: - "organizations/{organization_id}" - "projects/{project_id}" - "folders/{folder_id}" - notification_config_id: "config-id-to-update" - pubsub_topic: "projects/{new-project}/topics/{new-topic}" - - If updating a pubsub_topic, ensure this ServiceAccount has the - "pubsub.topics.setIamPolicy" permission on the new topic. - """ - from google.cloud import securitycenter as securitycenter - from google.protobuf import field_mask_pb2 - - client = securitycenter.SecurityCenterClient() - - notification_config_name = ( - f"{parent_id}/notificationConfigs/{notification_config_id}" - ) - - updated_description = "New updated description" - updated_filter = 'state = "INACTIVE"' - - # Only description and pubsub_topic can be updated. - field_mask = field_mask_pb2.FieldMask( - paths=["description", "pubsub_topic", "streaming_config.filter"] - ) - - updated_notification_config = client.update_notification_config( - request={ - "notification_config": { - "name": notification_config_name, - "description": updated_description, - "pubsub_topic": pubsub_topic, - "streaming_config": {"filter": updated_filter}, - }, - "update_mask": field_mask, - } - ) - - print(updated_notification_config) - # [END securitycenter_update_notification_config] - return updated_notification_config diff --git a/samples/snippets/snippets_notification_receiver.py b/samples/snippets/snippets_notification_receiver.py deleted file mode 100644 index 9c4368a0..00000000 --- a/samples/snippets/snippets_notification_receiver.py +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Demo for receiving notifications.""" - - -def receive_notifications(project_id, subscription_name): - # [START securitycenter_receive_notifications] - # Requires https://cloud.google.com/pubsub/docs/quickstart-client-libraries#pubsub-client-libraries-python - import concurrent - - from google.cloud import pubsub_v1 - from google.cloud.securitycenter_v1 import NotificationMessage - - # TODO: project_id = "your-project-id" - # TODO: subscription_name = "your-subscription-name" - - def callback(message): - - # Print the data received for debugging purpose if needed - print(f"Received message: {message.data}") - - notification_msg = NotificationMessage.from_json(message.data) - - print( - "Notification config name: {}".format( - notification_msg.notification_config_name - ) - ) - print("Finding: {}".format(notification_msg.finding)) - - # Ack the message to prevent it from being pulled again - message.ack() - - subscriber = pubsub_v1.SubscriberClient() - subscription_path = subscriber.subscription_path(project_id, subscription_name) - - streaming_pull_future = subscriber.subscribe(subscription_path, callback=callback) - - print("Listening for messages on {}...\n".format(subscription_path)) - try: - streaming_pull_future.result(timeout=1) # Block for 1 second - except concurrent.futures.TimeoutError: - streaming_pull_future.cancel() - # [END securitycenter_receive_notifications] - return True diff --git a/samples/snippets/snippets_notification_test.py b/samples/snippets/snippets_notification_test.py deleted file mode 100644 index 2cc6d262..00000000 --- a/samples/snippets/snippets_notification_test.py +++ /dev/null @@ -1,152 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for snippets.""" - -import os -import uuid - -from google.cloud import securitycenter as securitycenter -import pytest - -import snippets_notification_configs -import snippets_notification_receiver - -ORG_ID = os.environ["GCLOUD_ORGANIZATION"] -PROJECT_ID = os.environ["GCLOUD_PROJECT"] -PUBSUB_TOPIC = os.environ["GCLOUD_PUBSUB_TOPIC"] -PUBSUB_SUBSCRIPTION = os.environ["GCLOUD_PUBSUB_SUBSCRIPTION"] - -CREATE_CONFIG_ID = "new-notification-pytest" + str(uuid.uuid1()) -DELETE_CONFIG_ID = "new-notification-pytest" + str(uuid.uuid1()) -GET_CONFIG_ID = "new-notification-pytest" + str(uuid.uuid1()) -UPDATE_CONFIG_ID = "new-notification-pytest" + str(uuid.uuid1()) - - -def cleanup_notification_config(notification_config_id): - client = securitycenter.SecurityCenterClient() - - notification_config_name = ( - "organizations/{org_id}/notificationConfigs/{config_id}".format( - org_id=ORG_ID, config_id=notification_config_id - ) - ) - client.delete_notification_config(request={"name": notification_config_name}) - - -@pytest.fixture -def new_notification_config_for_update(): - client = securitycenter.SecurityCenterClient() - - org_name = "organizations/{org_id}".format(org_id=ORG_ID) - - created_notification_config = client.create_notification_config( - request={ - "parent": org_name, - "config_id": UPDATE_CONFIG_ID, - "notification_config": { - "description": "Notification for active findings", - "pubsub_topic": PUBSUB_TOPIC, - "streaming_config": {"filter": ""}, - }, - } - ) - yield created_notification_config - cleanup_notification_config(UPDATE_CONFIG_ID) - - -@pytest.fixture -def new_notification_config_for_get(): - client = securitycenter.SecurityCenterClient() - - org_name = "organizations/{org_id}".format(org_id=ORG_ID) - - created_notification_config = client.create_notification_config( - request={ - "parent": org_name, - "config_id": GET_CONFIG_ID, - "notification_config": { - "description": "Notification for active findings", - "pubsub_topic": PUBSUB_TOPIC, - "streaming_config": {"filter": ""}, - }, - } - ) - yield created_notification_config - cleanup_notification_config(GET_CONFIG_ID) - - -@pytest.fixture -def deleted_notification_config(): - client = securitycenter.SecurityCenterClient() - - org_name = "organizations/{org_id}".format(org_id=ORG_ID) - - created_notification_config = client.create_notification_config( - request={ - "parent": org_name, - "config_id": DELETE_CONFIG_ID, - "notification_config": { - "description": "Notification for active findings", - "pubsub_topic": PUBSUB_TOPIC, - "streaming_config": {"filter": ""}, - }, - } - ) - return created_notification_config - - -def test_create_notification_config(): - created_notification_config = ( - snippets_notification_configs.create_notification_config( - f"organizations/{ORG_ID}", CREATE_CONFIG_ID, PUBSUB_TOPIC - ) - ) - assert created_notification_config is not None - - cleanup_notification_config(CREATE_CONFIG_ID) - - -def test_delete_notification_config(deleted_notification_config): - assert snippets_notification_configs.delete_notification_config( - f"organizations/{ORG_ID}", DELETE_CONFIG_ID - ) - - -def test_get_notification_config(new_notification_config_for_get): - retrieved_config = snippets_notification_configs.get_notification_config( - f"organizations/{ORG_ID}", GET_CONFIG_ID - ) - assert retrieved_config is not None - - -def test_list_notification_configs(): - iterator = snippets_notification_configs.list_notification_configs( - f"organizations/{ORG_ID}" - ) - assert iterator is not None - - -def test_update_notification_config(new_notification_config_for_update): - updated_config = snippets_notification_configs.update_notification_config( - f"organizations/{ORG_ID}", UPDATE_CONFIG_ID, PUBSUB_TOPIC - ) - assert updated_config is not None - - -def test_receive_notifications(): - assert snippets_notification_receiver.receive_notifications( - PROJECT_ID, PUBSUB_SUBSCRIPTION - ) diff --git a/samples/snippets/snippets_orgs.py b/samples/snippets/snippets_orgs.py deleted file mode 100644 index 1164b639..00000000 --- a/samples/snippets/snippets_orgs.py +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Examples for working with organization settings. """ - - -def get_settings(organization_id): - """Example showing how to retreive current organization settings.""" - # [START securitycenter_get_org_settings] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - # organization_id is numeric ID for the organization. e.g. - # organization_id = "111112223333" - - org_settings_name = client.organization_settings_path(organization_id) - - org_settings = client.get_organization_settings(request={"name": org_settings_name}) - print(org_settings) - # [END securitycenter_get_org_settings] - - -def update_asset_discovery_org_settings(organization_id): - """Example showing how to update the asset discovery configuration - for an organization.""" - # [START securitycenter_enable_asset_discovery] - from google.cloud import securitycenter - from google.protobuf import field_mask_pb2 - - # Create the client - client = securitycenter.SecurityCenterClient() - # organization_id is numeric ID for the organization. e.g. - # organization_id = "111112223333" - org_settings_name = "organizations/{org_id}/organizationSettings".format( - org_id=organization_id - ) - # Only update the enable_asset_discovery_value (leave others untouched). - field_mask = field_mask_pb2.FieldMask(paths=["enable_asset_discovery"]) - # Call the service. - updated = client.update_organization_settings( - request={ - "organization_settings": { - "name": org_settings_name, - "enable_asset_discovery": True, - }, - "update_mask": field_mask, - } - ) - print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery)) - # [END securitycenter_enable_asset_discovery] - return updated diff --git a/samples/snippets/snippets_orgs_test.py b/samples/snippets/snippets_orgs_test.py deleted file mode 100644 index 4f2a7c7f..00000000 --- a/samples/snippets/snippets_orgs_test.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Examples for working with organization settings. """ -import os - -import pytest - -import snippets_orgs - - -@pytest.fixture(scope="module") -def organization_id(): - """Get Organization ID from the environment variable""" - return os.environ["GCLOUD_ORGANIZATION"] - - -def test_get_settings(organization_id): - snippets_orgs.get_settings(organization_id) - - -def test_update_asset_discovery_org_settings(organization_id): - updated = snippets_orgs.update_asset_discovery_org_settings(organization_id) - assert updated.enable_asset_discovery diff --git a/samples/snippets/snippets_security_marks.py b/samples/snippets/snippets_security_marks.py deleted file mode 100644 index 457cc433..00000000 --- a/samples/snippets/snippets_security_marks.py +++ /dev/null @@ -1,200 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Demos for working with security marks.""" - - -def add_to_asset(asset_name): - """Add new security marks to an asset.""" - # [START securitycenter_add_security_marks] - from google.cloud import securitycenter - from google.protobuf import field_mask_pb2 - - # Create a new client. - client = securitycenter.SecurityCenterClient() - - # asset_name is the resource path for an asset that exists in CSCC. - # Its format is "organization/{organization_id}/assets/{asset_id} - # e.g.: - # asset_name = organizations/123123342/assets/12312321 - marks_name = "{}/securityMarks".format(asset_name) - - # Notice the suffix after "marks." in the field mask matches the keys - # in marks. - field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"]) - marks = {"key_a": "value_a", "key_b": "value_b"} - - updated_marks = client.update_security_marks( - request={ - "security_marks": {"name": marks_name, "marks": marks}, - "update_mask": field_mask, - } - ) - print(updated_marks) - # [END securitycenter_add_security_marks] - return updated_marks, marks - - -def clear_from_asset(asset_name): - """Removes security marks from an asset.""" - # Make sure they are there first - add_to_asset(asset_name) - # [START securitycenter_delete_security_marks] - from google.cloud import securitycenter - from google.protobuf import field_mask_pb2 - - # Create a new client. - client = securitycenter.SecurityCenterClient() - - # asset_name is the resource path for an asset that exists in CSCC. - # Its format is "organization/{organization_id}/assets/{asset_id} - # e.g.: - # asset_name = organizations/123123342/assets/12312321 - marks_name = "{}/securityMarks".format(asset_name) - - field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"]) - - updated_marks = client.update_security_marks( - request={ - "security_marks": { - "name": marks_name - # Note, no marks specified, so the specified values in - # the fields masks will be deleted. - }, - "update_mask": field_mask, - } - ) - print(updated_marks) - # [END securitycenter_delete_security_marks] - return updated_marks - - -def delete_and_update_marks(asset_name): - """Updates and deletes security marks from an asset in the same call.""" - # Make sure they are there first - add_to_asset(asset_name) - # [START securitycenter_add_delete_security_marks] - from google.cloud import securitycenter - from google.protobuf import field_mask_pb2 - - client = securitycenter.SecurityCenterClient() - # asset_name is the resource path for an asset that exists in CSCC. - # Its format is "organization/{organization_id}/assets/{asset_id} - # e.g.: - # asset_name = organizations/123123342/assets/12312321 - marks_name = "{}/securityMarks".format(asset_name) - - field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"]) - marks = {"key_a": "new_value_for_a"} - - updated_marks = client.update_security_marks( - request={ - "security_marks": {"name": marks_name, "marks": marks}, - "update_mask": field_mask, - } - ) - print(updated_marks) - # [END securitycenter_add_delete_security_marks] - return updated_marks - - -def add_to_finding(finding_name): - """Adds security marks to a finding.""" - # [START securitycenter_add_finding_security_marks] - from google.cloud import securitycenter - from google.protobuf import field_mask_pb2 - - client = securitycenter.SecurityCenterClient() - # finding_name is the resource path for a finding that exists in CSCC. - # Its format is - # "organizations/{org_id}/sources/{source_id}/findings/{finding_id}" - # e.g.: - # finding_name = "organizations/1112/sources/1234/findings/findingid" - finding_marks_name = "{}/securityMarks".format(finding_name) - - # Notice the suffix after "marks." in the field mask matches the keys - # in marks. - field_mask = field_mask_pb2.FieldMask( - paths=["marks.finding_key_a", "marks.finding_key_b"] - ) - marks = {"finding_key_a": "value_a", "finding_key_b": "value_b"} - - updated_marks = client.update_security_marks( - request={ - "security_marks": {"name": finding_marks_name, "marks": marks}, - "update_mask": field_mask, - } - ) - # [END securitycenter_add_finding_security_marks] - return updated_marks, marks - - -def list_assets_with_query_marks(organization_id, asset_name): - """Lists assets with a filter on security marks.""" - add_to_asset(asset_name) - i = -1 - # [START securitycenter_list_assets_with_security_marks] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # organization_id is the numeric ID of the organization. - # organization_id=1234567777 - org_name = "organizations/{org_id}".format(org_id=organization_id) - - marks_filter = 'security_marks.marks.key_a = "value_a"' - # Call the API and print results. - asset_iterator = client.list_assets( - request={"parent": org_name, "filter": marks_filter} - ) - - # Call the API and print results. - asset_iterator = client.list_assets( - request={"parent": org_name, "filter": marks_filter} - ) - for i, asset_result in enumerate(asset_iterator): - print(i, asset_result) - # [END securitycenter_list_assets_with_security_marks] - return i - - -def list_findings_with_query_marks(source_name, finding_name): - """Lists findings with a filter on security marks.""" - # ensure marks are set on finding. - add_to_finding(finding_name) - i = -1 - # [START securitycenter_list_findings_with_security_marks] - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - - # source_name is the resource path for a source that has been - # created previously (you can use list_sources to find a specific one). - # Its format is: - # source_name = "organizations/{organization_id}/sources/{source_id}" - # e.g.: - # source_name = "organizations/111122222444/sources/1234" - marks_filter = 'NOT security_marks.marks.finding_key_a="value_a"' - - # Call the API and print results. - finding_iterator = client.list_findings( - request={"parent": source_name, "filter": marks_filter} - ) - for i, finding_result in enumerate(finding_iterator): - print(i, finding_result) - # [END securitycenter_list_findings_with_security_marks] - # one finding should have been updated with keys, and one should be - # untouched. - return i diff --git a/samples/snippets/snippets_security_marks_test.py b/samples/snippets/snippets_security_marks_test.py deleted file mode 100644 index 01666f59..00000000 --- a/samples/snippets/snippets_security_marks_test.py +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Demos for working with security marks.""" -import os -import random - -import pytest - -import snippets_security_marks - - -@pytest.fixture(scope="module") -def organization_id(): - """Gets Organization ID from the environment variable""" - return os.environ["GCLOUD_ORGANIZATION"] - - -@pytest.fixture(scope="module") -def asset_name(organization_id): - """Returns a random asset name from existing assets.""" - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - # organization_id is the numeric ID of the organization. - # organization_id=1234567777 - org_name = "organizations/{org_id}".format(org_id=organization_id) - assets = list(client.list_assets(request={"parent": org_name})) - # Select a random asset to avoid collision between integration tests. - asset = (random.sample(assets, 1)[0]).asset.name - - # Set fresh marks. - update = client.update_security_marks( - request={ - "security_marks": { - "name": "{}/securityMarks".format(asset), - "marks": {"other": "other_val"}, - } - } - ) - assert update.marks == {"other": "other_val"} - return asset - - -@pytest.fixture(scope="module") -def source_name(organization_id): - """Creates a new source in the organization.""" - from google.cloud import securitycenter - - client = securitycenter.SecurityCenterClient() - org_name = "organizations/{org_id}".format(org_id=organization_id) - source = client.create_source( - request={ - "parent": org_name, - "source": { - "display_name": "Security marks Unit test source", - "description": "A new custom source that does X", - }, - } - ) - return source.name - - -@pytest.fixture(scope="module") -def finding_name(source_name): - """Creates a new finding and returns it name.""" - from google.cloud import securitycenter - from google.cloud.securitycenter_v1 import Finding - from google.protobuf.timestamp_pb2 import Timestamp - - client = securitycenter.SecurityCenterClient() - - now_proto = Timestamp() - now_proto.GetCurrentTime() - - finding = client.create_finding( - request={ - "parent": source_name, - "finding_id": "scfinding", - "finding": { - "state": Finding.State.ACTIVE, - "category": "C1", - "event_time": now_proto, - "resource_name": "//cloudresourcemanager.googleapis.com/organizations/1234", - }, - } - ) - client.create_finding( - request={ - "parent": source_name, - "finding_id": "untouched", - "finding": { - "state": Finding.State.ACTIVE, - "category": "MEDIUM_RISK_ONE", - "event_time": now_proto, - "resource_name": "//cloudresourcemanager.googleapis.com/organizations/1234", - }, - } - ) - - return finding.name - - -def test_add_to_asset(asset_name): - updated_marks, marks = snippets_security_marks.add_to_asset(asset_name) - assert updated_marks.marks.keys() >= marks.keys() - - -def test_clear_from_asset(asset_name): - updated_marks = snippets_security_marks.clear_from_asset(asset_name) - assert "other" in updated_marks.marks - assert len(updated_marks.marks) == 1 - - -def test_delete_and_update_marks(asset_name): - updated_marks = snippets_security_marks.delete_and_update_marks(asset_name) - assert updated_marks.marks == {"key_a": "new_value_for_a", "other": "other_val"} - - -def test_add_to_finding(finding_name): - updated_marks, marks = snippets_security_marks.add_to_finding(finding_name) - assert updated_marks.marks == marks - - -def test_list_assets_with_query_marks(organization_id, asset_name): - count = snippets_security_marks.list_assets_with_query_marks( - organization_id, asset_name - ) - assert count >= 0 - - -def test_list_findings_with_query_marks(source_name, finding_name): - count = snippets_security_marks.list_findings_with_query_marks( - source_name, finding_name - ) - assert count == 0 diff --git a/setup.py b/setup.py index a80f4fe9..e5385822 100644 --- a/setup.py +++ b/setup.py @@ -58,9 +58,7 @@ if package.startswith("google") ] -namespaces = ["google"] -if "google.cloud" in packages: - namespaces.append("google.cloud") +namespaces = ["google", "google.cloud"] setuptools.setup( name=name, diff --git a/tests/unit/gapic/securitycenter_v1/test_security_center.py b/tests/unit/gapic/securitycenter_v1/test_security_center.py index 24c11f6a..0e9185a4 100644 --- a/tests/unit/gapic/securitycenter_v1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1/test_security_center.py @@ -22,6 +22,8 @@ except ImportError: # pragma: NO COVER import mock +from collections.abc import Iterable +import json import math from google.api_core import ( @@ -47,6 +49,7 @@ from google.protobuf import duration_pb2 # type: ignore from google.protobuf import empty_pb2 # type: ignore from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import json_format from google.protobuf import struct_pb2 # type: ignore from google.protobuf import timestamp_pb2 # type: ignore from google.type import expr_pb2 # type: ignore @@ -55,6 +58,8 @@ from proto.marshal.rules import wrappers from proto.marshal.rules.dates import DurationRule, TimestampRule import pytest +from requests import PreparedRequest, Request, Response +from requests.sessions import Session from google.cloud.securitycenter_v1.services.security_center import ( SecurityCenterAsyncClient, @@ -153,6 +158,7 @@ def test__get_default_mtls_endpoint(): [ (SecurityCenterClient, "grpc"), (SecurityCenterAsyncClient, "grpc_asyncio"), + (SecurityCenterClient, "rest"), ], ) def test_security_center_client_from_service_account_info(client_class, transport_name): @@ -166,7 +172,11 @@ def test_security_center_client_from_service_account_info(client_class, transpor assert client.transport._credentials == creds assert isinstance(client, client_class) - assert client.transport._host == ("securitycenter.googleapis.com:443") + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) @pytest.mark.parametrize( @@ -174,6 +184,7 @@ def test_security_center_client_from_service_account_info(client_class, transpor [ (transports.SecurityCenterGrpcTransport, "grpc"), (transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio"), + (transports.SecurityCenterRestTransport, "rest"), ], ) def test_security_center_client_service_account_always_use_jwt( @@ -199,6 +210,7 @@ def test_security_center_client_service_account_always_use_jwt( [ (SecurityCenterClient, "grpc"), (SecurityCenterAsyncClient, "grpc_asyncio"), + (SecurityCenterClient, "rest"), ], ) def test_security_center_client_from_service_account_file(client_class, transport_name): @@ -219,13 +231,18 @@ def test_security_center_client_from_service_account_file(client_class, transpor assert client.transport._credentials == creds assert isinstance(client, client_class) - assert client.transport._host == ("securitycenter.googleapis.com:443") + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) def test_security_center_client_get_transport_class(): transport = SecurityCenterClient.get_transport_class() available_transports = [ transports.SecurityCenterGrpcTransport, + transports.SecurityCenterRestTransport, ] assert transport in available_transports @@ -242,6 +259,7 @@ def test_security_center_client_get_transport_class(): transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest"), ], ) @mock.patch.object( @@ -387,6 +405,8 @@ def test_security_center_client_client_options( "grpc_asyncio", "false", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", "true"), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", "false"), ], ) @mock.patch.object( @@ -586,6 +606,7 @@ def test_security_center_client_get_mtls_endpoint_and_cert_source(client_class): transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest"), ], ) def test_security_center_client_client_options_scopes( @@ -626,6 +647,7 @@ def test_security_center_client_client_options_scopes( "grpc_asyncio", grpc_helpers_async, ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", None), ], ) def test_security_center_client_client_options_credentials_file( @@ -11352,156 +11374,11615 @@ async def test_list_big_query_exports_async_pages(): assert page_.raw_page.next_page_token == token -def test_credentials_transport_error(): - # It is an error to provide credentials and a transport instance. - transport = transports.SecurityCenterGrpcTransport( +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.BulkMuteFindingsRequest, + dict, + ], +) +def test_bulk_mute_findings_rest(request_type): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.bulk_mute_findings(request) + + # Establish that the response is the type that we expect. + assert response.operation.name == "operations/spam" + + +def test_bulk_mute_findings_rest_required_fields( + request_type=securitycenter_service.BulkMuteFindingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, ) + ) - # It is an error to provide a credentials file and a transport instance. - transport = transports.SecurityCenterGrpcTransport( + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).bulk_mute_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).bulk_mute_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.bulk_mute_findings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_bulk_mute_findings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options={"credentials_file": "credentials.json"}, - transport=transport, - ) - # It is an error to provide an api_key and a transport instance. - transport = transports.SecurityCenterGrpcTransport( + unset_fields = transport.bulk_mute_findings._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("parent",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_bulk_mute_findings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), ) - options = client_options.ClientOptions() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options=options, - transport=transport, - ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + operation.Operation, "_set_result_from_operation" + ), mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_bulk_mute_findings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_bulk_mute_findings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.BulkMuteFindingsRequest.pb( + securitycenter_service.BulkMuteFindingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson( + operations_pb2.Operation() + ) + + request = securitycenter_service.BulkMuteFindingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = operations_pb2.Operation() - # It is an error to provide an api_key and a credential. - options = mock.Mock() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options=options, credentials=ga_credentials.AnonymousCredentials() + client.bulk_mute_findings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], ) - # It is an error to provide scopes and a transport instance. - transport = transports.SecurityCenterGrpcTransport( + pre.assert_called_once() + post.assert_called_once() + + +def test_bulk_mute_findings_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.BulkMuteFindingsRequest +): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options={"scopes": ["1", "2"]}, - transport=transport, - ) + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) -def test_transport_instance(): - # A client may be instantiated with a custom transport instance. - transport = transports.SecurityCenterGrpcTransport( + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.bulk_mute_findings(request) + + +def test_bulk_mute_findings_rest_flattened(): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) - client = SecurityCenterClient(transport=transport) - assert client.transport is transport + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") -def test_transport_get_channel(): - # A client may be instantiated with a custom transport instance. - transport = transports.SecurityCenterGrpcTransport( + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.bulk_mute_findings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/findings:bulkMute" % client.transport._host, + args[1], + ) + + +def test_bulk_mute_findings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - channel = transport.grpc_channel - assert channel - transport = transports.SecurityCenterGrpcAsyncIOTransport( - credentials=ga_credentials.AnonymousCredentials(), + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.bulk_mute_findings( + securitycenter_service.BulkMuteFindingsRequest(), + parent="parent_value", + ) + + +def test_bulk_mute_findings_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) - channel = transport.grpc_channel - assert channel @pytest.mark.parametrize( - "transport_class", + "request_type", [ - transports.SecurityCenterGrpcTransport, - transports.SecurityCenterGrpcAsyncIOTransport, + securitycenter_service.CreateSourceRequest, + dict, ], ) -def test_transport_adc(transport_class): - # Test default credentials are used if not provided. - with mock.patch.object(google.auth, "default") as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class() - adc.assert_called_once() +def test_create_source_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["source"] = { + "name": "name_value", + "display_name": "display_name_value", + "description": "description_value", + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) -@pytest.mark.parametrize( - "transport_name", - [ - "grpc", - ], -) -def test_transport_kind(transport_name): - transport = SecurityCenterClient.get_transport_class(transport_name)( + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.canonical_name == "canonical_name_value" + + +def test_create_source_rest_required_fields( + request_type=securitycenter_service.CreateSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_source._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "source", + ) + ) ) - assert transport.kind == transport_name -def test_transport_grpc_default(): - # A client should use the gRPC transport by default. +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateSourceRequest.pb( + securitycenter_service.CreateSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_source.Source.to_json(gcs_source.Source()) + + request = securitycenter_service.CreateSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_source.Source() + + client.create_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_create_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.CreateSourceRequest +): client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - assert isinstance( - client.transport, - transports.SecurityCenterGrpcTransport, + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["source"] = { + "name": "name_value", + "display_name": "display_name_value", + "description": "description_value", + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_source(request) + + +def test_create_source_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() -def test_security_center_base_transport_error(): - # Passing both a credentials object and credentials_file should raise an error - with pytest.raises(core_exceptions.DuplicateCredentialArgs): - transport = transports.SecurityCenterTransport( - credentials=ga_credentials.AnonymousCredentials(), - credentials_file="credentials.json", + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + source=gcs_source.Source(name="name_value"), ) + mock_args.update(sample_request) + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value -def test_security_center_base_transport(): - # Instantiate the base transport. - with mock.patch( - "google.cloud.securitycenter_v1.services.security_center.transports.SecurityCenterTransport.__init__" - ) as Transport: - Transport.return_value = None - transport = transports.SecurityCenterTransport( - credentials=ga_credentials.AnonymousCredentials(), + client.create_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/sources" % client.transport._host, args[1] ) - # Every method on the transport should just blindly - # raise NotImplementedError. - methods = ( - "bulk_mute_findings", - "create_source", - "create_finding", - "create_mute_config", - "create_notification_config", - "delete_mute_config", - "delete_notification_config", - "get_big_query_export", - "get_iam_policy", - "get_mute_config", - "get_notification_config", - "get_organization_settings", - "get_source", + +def test_create_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_source( + securitycenter_service.CreateSourceRequest(), + parent="parent_value", + source=gcs_source.Source(name="name_value"), + ) + + +def test_create_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.CreateFindingRequest, + dict, + ], +) +def test_create_finding_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request_init["finding"] = { + "name": "name_value", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": { + "name": "name_value", + "marks": {}, + "canonical_name": "canonical_name_value", + }, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + "severity": 1, + "canonical_name": "canonical_name_value", + "mute": 1, + "finding_class": 1, + "indicator": { + "ip_addresses": ["ip_addresses_value1", "ip_addresses_value2"], + "domains": ["domains_value1", "domains_value2"], + "signatures": [ + { + "memory_hash_signature": { + "binary_family": "binary_family_value", + "detections": [ + {"binary": "binary_value", "percent_pages_matched": 0.2197} + ], + }, + "yara_rule_signature": {"yara_rule": "yara_rule_value"}, + } + ], + "uris": ["uris_value1", "uris_value2"], + }, + "vulnerability": { + "cve": { + "id": "id_value", + "references": [{"source": "source_value", "uri": "uri_value"}], + "cvssv3": { + "base_score": 0.1046, + "attack_vector": 1, + "attack_complexity": 1, + "privileges_required": 1, + "user_interaction": 1, + "scope": 1, + "confidentiality_impact": 1, + "integrity_impact": 1, + "availability_impact": 1, + }, + "upstream_fix_available": True, + } + }, + "mute_update_time": {}, + "external_systems": {}, + "mitre_attack": { + "primary_tactic": 1, + "primary_techniques": [1], + "additional_tactics": [1], + "additional_techniques": [1], + "version": "version_value", + }, + "access": { + "principal_email": "principal_email_value", + "caller_ip": "caller_ip_value", + "caller_ip_geo": {"region_code": "region_code_value"}, + "user_agent_family": "user_agent_family_value", + "service_name": "service_name_value", + "method_name": "method_name_value", + "principal_subject": "principal_subject_value", + "service_account_key_name": "service_account_key_name_value", + "service_account_delegation_info": [ + { + "principal_email": "principal_email_value", + "principal_subject": "principal_subject_value", + } + ], + "user_name": "user_name_value", + }, + "connections": [ + { + "destination_ip": "destination_ip_value", + "destination_port": 1734, + "source_ip": "source_ip_value", + "source_port": 1205, + "protocol": 1, + } + ], + "mute_initiator": "mute_initiator_value", + "processes": [ + { + "name": "name_value", + "binary": { + "path": "path_value", + "size": 443, + "sha256": "sha256_value", + "hashed_size": 1159, + "partially_hashed": True, + "contents": "contents_value", + }, + "libraries": {}, + "script": {}, + "args": ["args_value1", "args_value2"], + "arguments_truncated": True, + "env_variables": [{"name": "name_value", "val": "val_value"}], + "env_variables_truncated": True, + "pid": 317, + "parent_pid": 1062, + } + ], + "contacts": {}, + "compliances": [ + { + "standard": "standard_value", + "version": "version_value", + "ids": ["ids_value1", "ids_value2"], + } + ], + "parent_display_name": "parent_display_name_value", + "description": "description_value", + "exfiltration": { + "sources": [ + { + "name": "name_value", + "components": ["components_value1", "components_value2"], + } + ], + "targets": {}, + }, + "iam_bindings": [{"action": 1, "role": "role_value", "member": "member_value"}], + "next_steps": "next_steps_value", + "containers": [ + { + "name": "name_value", + "uri": "uri_value", + "image_id": "image_id_value", + "labels": [{"name": "name_value", "value": "value_value"}], + } + ], + "kubernetes": { + "pods": [ + {"ns": "ns_value", "name": "name_value", "labels": {}, "containers": {}} + ], + "nodes": [{"name": "name_value"}], + "node_pools": [{"name": "name_value", "nodes": {}}], + "roles": [{"kind": 1, "ns": "ns_value", "name": "name_value"}], + "bindings": [ + { + "ns": "ns_value", + "name": "name_value", + "role": {}, + "subjects": [{"kind": 1, "ns": "ns_value", "name": "name_value"}], + } + ], + "access_reviews": [ + { + "group": "group_value", + "ns": "ns_value", + "name": "name_value", + "resource": "resource_value", + "subresource": "subresource_value", + "verb": "verb_value", + "version": "version_value", + } + ], + }, + "database": { + "name": "name_value", + "display_name": "display_name_value", + "user_name": "user_name_value", + "query": "query_value", + "grantees": ["grantees_value1", "grantees_value2"], + }, + "files": {}, + "kernel_rootkit": { + "name": "name_value", + "unexpected_code_modification": True, + "unexpected_read_only_data_modification": True, + "unexpected_ftrace_handler": True, + "unexpected_kprobe_handler": True, + "unexpected_kernel_code_pages": True, + "unexpected_system_call_handler": True, + "unexpected_interrupt_handler": True, + "unexpected_processes_in_runqueue": True, + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=gcs_finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + severity=gcs_finding.Finding.Severity.CRITICAL, + canonical_name="canonical_name_value", + mute=gcs_finding.Finding.Mute.MUTED, + finding_class=gcs_finding.Finding.FindingClass.THREAT, + mute_initiator="mute_initiator_value", + parent_display_name="parent_display_name_value", + description="description_value", + next_steps="next_steps_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_finding(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == gcs_finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + assert response.severity == gcs_finding.Finding.Severity.CRITICAL + assert response.canonical_name == "canonical_name_value" + assert response.mute == gcs_finding.Finding.Mute.MUTED + assert response.finding_class == gcs_finding.Finding.FindingClass.THREAT + assert response.mute_initiator == "mute_initiator_value" + assert response.parent_display_name == "parent_display_name_value" + assert response.description == "description_value" + assert response.next_steps == "next_steps_value" + + +def test_create_finding_rest_required_fields( + request_type=securitycenter_service.CreateFindingRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["finding_id"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + assert "findingId" not in jsonified_request + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_finding._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + assert "findingId" in jsonified_request + assert jsonified_request["findingId"] == request_init["finding_id"] + + jsonified_request["parent"] = "parent_value" + jsonified_request["findingId"] = "finding_id_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_finding._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("finding_id",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "findingId" in jsonified_request + assert jsonified_request["findingId"] == "finding_id_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_finding(request) + + expected_params = [ + ( + "findingId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_finding_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_finding._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(("findingId",)) + & set( + ( + "parent", + "findingId", + "finding", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_finding_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_finding" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_finding" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateFindingRequest.pb( + securitycenter_service.CreateFindingRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_finding.Finding.to_json(gcs_finding.Finding()) + + request = securitycenter_service.CreateFindingRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_finding.Finding() + + client.create_finding( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_create_finding_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.CreateFindingRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request_init["finding"] = { + "name": "name_value", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": { + "name": "name_value", + "marks": {}, + "canonical_name": "canonical_name_value", + }, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + "severity": 1, + "canonical_name": "canonical_name_value", + "mute": 1, + "finding_class": 1, + "indicator": { + "ip_addresses": ["ip_addresses_value1", "ip_addresses_value2"], + "domains": ["domains_value1", "domains_value2"], + "signatures": [ + { + "memory_hash_signature": { + "binary_family": "binary_family_value", + "detections": [ + {"binary": "binary_value", "percent_pages_matched": 0.2197} + ], + }, + "yara_rule_signature": {"yara_rule": "yara_rule_value"}, + } + ], + "uris": ["uris_value1", "uris_value2"], + }, + "vulnerability": { + "cve": { + "id": "id_value", + "references": [{"source": "source_value", "uri": "uri_value"}], + "cvssv3": { + "base_score": 0.1046, + "attack_vector": 1, + "attack_complexity": 1, + "privileges_required": 1, + "user_interaction": 1, + "scope": 1, + "confidentiality_impact": 1, + "integrity_impact": 1, + "availability_impact": 1, + }, + "upstream_fix_available": True, + } + }, + "mute_update_time": {}, + "external_systems": {}, + "mitre_attack": { + "primary_tactic": 1, + "primary_techniques": [1], + "additional_tactics": [1], + "additional_techniques": [1], + "version": "version_value", + }, + "access": { + "principal_email": "principal_email_value", + "caller_ip": "caller_ip_value", + "caller_ip_geo": {"region_code": "region_code_value"}, + "user_agent_family": "user_agent_family_value", + "service_name": "service_name_value", + "method_name": "method_name_value", + "principal_subject": "principal_subject_value", + "service_account_key_name": "service_account_key_name_value", + "service_account_delegation_info": [ + { + "principal_email": "principal_email_value", + "principal_subject": "principal_subject_value", + } + ], + "user_name": "user_name_value", + }, + "connections": [ + { + "destination_ip": "destination_ip_value", + "destination_port": 1734, + "source_ip": "source_ip_value", + "source_port": 1205, + "protocol": 1, + } + ], + "mute_initiator": "mute_initiator_value", + "processes": [ + { + "name": "name_value", + "binary": { + "path": "path_value", + "size": 443, + "sha256": "sha256_value", + "hashed_size": 1159, + "partially_hashed": True, + "contents": "contents_value", + }, + "libraries": {}, + "script": {}, + "args": ["args_value1", "args_value2"], + "arguments_truncated": True, + "env_variables": [{"name": "name_value", "val": "val_value"}], + "env_variables_truncated": True, + "pid": 317, + "parent_pid": 1062, + } + ], + "contacts": {}, + "compliances": [ + { + "standard": "standard_value", + "version": "version_value", + "ids": ["ids_value1", "ids_value2"], + } + ], + "parent_display_name": "parent_display_name_value", + "description": "description_value", + "exfiltration": { + "sources": [ + { + "name": "name_value", + "components": ["components_value1", "components_value2"], + } + ], + "targets": {}, + }, + "iam_bindings": [{"action": 1, "role": "role_value", "member": "member_value"}], + "next_steps": "next_steps_value", + "containers": [ + { + "name": "name_value", + "uri": "uri_value", + "image_id": "image_id_value", + "labels": [{"name": "name_value", "value": "value_value"}], + } + ], + "kubernetes": { + "pods": [ + {"ns": "ns_value", "name": "name_value", "labels": {}, "containers": {}} + ], + "nodes": [{"name": "name_value"}], + "node_pools": [{"name": "name_value", "nodes": {}}], + "roles": [{"kind": 1, "ns": "ns_value", "name": "name_value"}], + "bindings": [ + { + "ns": "ns_value", + "name": "name_value", + "role": {}, + "subjects": [{"kind": 1, "ns": "ns_value", "name": "name_value"}], + } + ], + "access_reviews": [ + { + "group": "group_value", + "ns": "ns_value", + "name": "name_value", + "resource": "resource_value", + "subresource": "subresource_value", + "verb": "verb_value", + "version": "version_value", + } + ], + }, + "database": { + "name": "name_value", + "display_name": "display_name_value", + "user_name": "user_name_value", + "query": "query_value", + "grantees": ["grantees_value1", "grantees_value2"], + }, + "files": {}, + "kernel_rootkit": { + "name": "name_value", + "unexpected_code_modification": True, + "unexpected_read_only_data_modification": True, + "unexpected_ftrace_handler": True, + "unexpected_kprobe_handler": True, + "unexpected_kernel_code_pages": True, + "unexpected_system_call_handler": True, + "unexpected_interrupt_handler": True, + "unexpected_processes_in_runqueue": True, + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_finding(request) + + +def test_create_finding_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + finding_id="finding_id_value", + finding=gcs_finding.Finding(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.create_finding(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*/sources/*}/findings" + % client.transport._host, + args[1], + ) + + +def test_create_finding_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_finding( + securitycenter_service.CreateFindingRequest(), + parent="parent_value", + finding_id="finding_id_value", + finding=gcs_finding.Finding(name="name_value"), + ) + + +def test_create_finding_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.CreateMuteConfigRequest, + dict, + ], +) +def test_create_mute_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["mute_config"] = { + "name": "name_value", + "display_name": "display_name_value", + "description": "description_value", + "filter": "filter_value", + "create_time": {"seconds": 751, "nanos": 543}, + "update_time": {}, + "most_recent_editor": "most_recent_editor_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_mute_config.MuteConfig( + name="name_value", + display_name="display_name_value", + description="description_value", + filter="filter_value", + most_recent_editor="most_recent_editor_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_mute_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_mute_config.MuteConfig) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.filter == "filter_value" + assert response.most_recent_editor == "most_recent_editor_value" + + +def test_create_mute_config_rest_required_fields( + request_type=securitycenter_service.CreateMuteConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["mute_config_id"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + assert "muteConfigId" not in jsonified_request + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_mute_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + assert "muteConfigId" in jsonified_request + assert jsonified_request["muteConfigId"] == request_init["mute_config_id"] + + jsonified_request["parent"] = "parent_value" + jsonified_request["muteConfigId"] = "mute_config_id_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_mute_config._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("mute_config_id",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "muteConfigId" in jsonified_request + assert jsonified_request["muteConfigId"] == "mute_config_id_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_mute_config.MuteConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_mute_config(request) + + expected_params = [ + ( + "muteConfigId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_mute_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_mute_config._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(("muteConfigId",)) + & set( + ( + "parent", + "muteConfig", + "muteConfigId", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_mute_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_mute_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_mute_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateMuteConfigRequest.pb( + securitycenter_service.CreateMuteConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_mute_config.MuteConfig.to_json( + gcs_mute_config.MuteConfig() + ) + + request = securitycenter_service.CreateMuteConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_mute_config.MuteConfig() + + client.create_mute_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_create_mute_config_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.CreateMuteConfigRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["mute_config"] = { + "name": "name_value", + "display_name": "display_name_value", + "description": "description_value", + "filter": "filter_value", + "create_time": {"seconds": 751, "nanos": 543}, + "update_time": {}, + "most_recent_editor": "most_recent_editor_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_mute_config(request) + + +def test_create_mute_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_mute_config.MuteConfig() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + mute_config=gcs_mute_config.MuteConfig(name="name_value"), + mute_config_id="mute_config_id_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.create_mute_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/muteConfigs" % client.transport._host, + args[1], + ) + + +def test_create_mute_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_mute_config( + securitycenter_service.CreateMuteConfigRequest(), + parent="parent_value", + mute_config=gcs_mute_config.MuteConfig(name="name_value"), + mute_config_id="mute_config_id_value", + ) + + +def test_create_mute_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.CreateNotificationConfigRequest, + dict, + ], +) +def test_create_notification_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["notification_config"] = { + "name": "name_value", + "description": "description_value", + "pubsub_topic": "pubsub_topic_value", + "service_account": "service_account_value", + "streaming_config": {"filter": "filter_value"}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig( + name="name_value", + description="description_value", + pubsub_topic="pubsub_topic_value", + service_account="service_account_value", + streaming_config=gcs_notification_config.NotificationConfig.StreamingConfig( + filter="filter_value" + ), + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_notification_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_notification_config.NotificationConfig) + assert response.name == "name_value" + assert response.description == "description_value" + assert response.pubsub_topic == "pubsub_topic_value" + assert response.service_account == "service_account_value" + + +def test_create_notification_config_rest_required_fields( + request_type=securitycenter_service.CreateNotificationConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["config_id"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + assert "configId" not in jsonified_request + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + assert "configId" in jsonified_request + assert jsonified_request["configId"] == request_init["config_id"] + + jsonified_request["parent"] = "parent_value" + jsonified_request["configId"] = "config_id_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_notification_config._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("config_id",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "configId" in jsonified_request + assert jsonified_request["configId"] == "config_id_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_notification_config.NotificationConfig.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_notification_config(request) + + expected_params = [ + ( + "configId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_notification_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_notification_config._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(("configId",)) + & set( + ( + "parent", + "configId", + "notificationConfig", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_notification_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_notification_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_notification_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateNotificationConfigRequest.pb( + securitycenter_service.CreateNotificationConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_notification_config.NotificationConfig.to_json( + gcs_notification_config.NotificationConfig() + ) + + request = securitycenter_service.CreateNotificationConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_notification_config.NotificationConfig() + + client.create_notification_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_create_notification_config_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.CreateNotificationConfigRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["notification_config"] = { + "name": "name_value", + "description": "description_value", + "pubsub_topic": "pubsub_topic_value", + "service_account": "service_account_value", + "streaming_config": {"filter": "filter_value"}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_notification_config(request) + + +def test_create_notification_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + config_id="config_id_value", + notification_config=gcs_notification_config.NotificationConfig( + name="name_value" + ), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.create_notification_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/notificationConfigs" + % client.transport._host, + args[1], + ) + + +def test_create_notification_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_notification_config( + securitycenter_service.CreateNotificationConfigRequest(), + parent="parent_value", + config_id="config_id_value", + notification_config=gcs_notification_config.NotificationConfig( + name="name_value" + ), + ) + + +def test_create_notification_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.DeleteMuteConfigRequest, + dict, + ], +) +def test_delete_mute_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/muteConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.delete_mute_config(request) + + # Establish that the response is the type that we expect. + assert response is None + + +def test_delete_mute_config_rest_required_fields( + request_type=securitycenter_service.DeleteMuteConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).delete_mute_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).delete_mute_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = None + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "delete", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.delete_mute_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_delete_mute_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.delete_mute_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_delete_mute_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_delete_mute_config" + ) as pre: + pre.assert_not_called() + pb_message = securitycenter_service.DeleteMuteConfigRequest.pb( + securitycenter_service.DeleteMuteConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + + request = securitycenter_service.DeleteMuteConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + + client.delete_mute_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + + +def test_delete_mute_config_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.DeleteMuteConfigRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/muteConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.delete_mute_config(request) + + +def test_delete_mute_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/muteConfigs/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.delete_mute_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/muteConfigs/*}" % client.transport._host, + args[1], + ) + + +def test_delete_mute_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.delete_mute_config( + securitycenter_service.DeleteMuteConfigRequest(), + name="name_value", + ) + + +def test_delete_mute_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.DeleteNotificationConfigRequest, + dict, + ], +) +def test_delete_notification_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/notificationConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.delete_notification_config(request) + + # Establish that the response is the type that we expect. + assert response is None + + +def test_delete_notification_config_rest_required_fields( + request_type=securitycenter_service.DeleteNotificationConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).delete_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).delete_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = None + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "delete", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.delete_notification_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_delete_notification_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.delete_notification_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_delete_notification_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_delete_notification_config" + ) as pre: + pre.assert_not_called() + pb_message = securitycenter_service.DeleteNotificationConfigRequest.pb( + securitycenter_service.DeleteNotificationConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + + request = securitycenter_service.DeleteNotificationConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + + client.delete_notification_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + + +def test_delete_notification_config_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.DeleteNotificationConfigRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/notificationConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.delete_notification_config(request) + + +def test_delete_notification_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/notificationConfigs/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.delete_notification_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/notificationConfigs/*}" + % client.transport._host, + args[1], + ) + + +def test_delete_notification_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.delete_notification_config( + securitycenter_service.DeleteNotificationConfigRequest(), + name="name_value", + ) + + +def test_delete_notification_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetBigQueryExportRequest, + dict, + ], +) +def test_get_big_query_export_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/bigQueryExports/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport( + name="name_value", + description="description_value", + filter="filter_value", + dataset="dataset_value", + most_recent_editor="most_recent_editor_value", + principal="principal_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_big_query_export(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, bigquery_export.BigQueryExport) + assert response.name == "name_value" + assert response.description == "description_value" + assert response.filter == "filter_value" + assert response.dataset == "dataset_value" + assert response.most_recent_editor == "most_recent_editor_value" + assert response.principal == "principal_value" + + +def test_get_big_query_export_rest_required_fields( + request_type=securitycenter_service.GetBigQueryExportRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_big_query_export._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_big_query_export._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_big_query_export(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_big_query_export_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_big_query_export._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_big_query_export_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_big_query_export" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_big_query_export" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetBigQueryExportRequest.pb( + securitycenter_service.GetBigQueryExportRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = bigquery_export.BigQueryExport.to_json( + bigquery_export.BigQueryExport() + ) + + request = securitycenter_service.GetBigQueryExportRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = bigquery_export.BigQueryExport() + + client.get_big_query_export( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_big_query_export_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.GetBigQueryExportRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/bigQueryExports/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_big_query_export(request) + + +def test_get_big_query_export_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/bigQueryExports/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_big_query_export(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/bigQueryExports/*}" % client.transport._host, + args[1], + ) + + +def test_get_big_query_export_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_big_query_export( + securitycenter_service.GetBigQueryExportRequest(), + name="name_value", + ) + + +def test_get_big_query_export_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.GetIamPolicyRequest, + dict, + ], +) +def test_get_iam_policy_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy( + version=774, + etag=b"etag_blob", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_iam_policy(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b"etag_blob" + + +def test_get_iam_policy_rest_required_fields( + request_type=iam_policy_pb2.GetIamPolicyRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_iam_policy(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_iam_policy_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_iam_policy._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("resource",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_iam_policy_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_iam_policy" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_iam_policy" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.GetIamPolicyRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson(policy_pb2.Policy()) + + request = iam_policy_pb2.GetIamPolicyRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = policy_pb2.Policy() + + client.get_iam_policy( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_iam_policy_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.GetIamPolicyRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_iam_policy(request) + + +def test_get_iam_policy_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_iam_policy(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{resource=organizations/*/sources/*}:getIamPolicy" + % client.transport._host, + args[1], + ) + + +def test_get_iam_policy_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_iam_policy( + iam_policy_pb2.GetIamPolicyRequest(), + resource="resource_value", + ) + + +def test_get_iam_policy_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetMuteConfigRequest, + dict, + ], +) +def test_get_mute_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/muteConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = mute_config.MuteConfig( + name="name_value", + display_name="display_name_value", + description="description_value", + filter="filter_value", + most_recent_editor="most_recent_editor_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_mute_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, mute_config.MuteConfig) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.filter == "filter_value" + assert response.most_recent_editor == "most_recent_editor_value" + + +def test_get_mute_config_rest_required_fields( + request_type=securitycenter_service.GetMuteConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_mute_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_mute_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = mute_config.MuteConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_mute_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_mute_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_mute_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_mute_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_mute_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_mute_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetMuteConfigRequest.pb( + securitycenter_service.GetMuteConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = mute_config.MuteConfig.to_json( + mute_config.MuteConfig() + ) + + request = securitycenter_service.GetMuteConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = mute_config.MuteConfig() + + client.get_mute_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_mute_config_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GetMuteConfigRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/muteConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_mute_config(request) + + +def test_get_mute_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = mute_config.MuteConfig() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/muteConfigs/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_mute_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/muteConfigs/*}" % client.transport._host, + args[1], + ) + + +def test_get_mute_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_mute_config( + securitycenter_service.GetMuteConfigRequest(), + name="name_value", + ) + + +def test_get_mute_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetNotificationConfigRequest, + dict, + ], +) +def test_get_notification_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/notificationConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = notification_config.NotificationConfig( + name="name_value", + description="description_value", + pubsub_topic="pubsub_topic_value", + service_account="service_account_value", + streaming_config=notification_config.NotificationConfig.StreamingConfig( + filter="filter_value" + ), + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_notification_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, notification_config.NotificationConfig) + assert response.name == "name_value" + assert response.description == "description_value" + assert response.pubsub_topic == "pubsub_topic_value" + assert response.service_account == "service_account_value" + + +def test_get_notification_config_rest_required_fields( + request_type=securitycenter_service.GetNotificationConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = notification_config.NotificationConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_notification_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_notification_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_notification_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_notification_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_notification_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_notification_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetNotificationConfigRequest.pb( + securitycenter_service.GetNotificationConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = notification_config.NotificationConfig.to_json( + notification_config.NotificationConfig() + ) + + request = securitycenter_service.GetNotificationConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = notification_config.NotificationConfig() + + client.get_notification_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_notification_config_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.GetNotificationConfigRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/notificationConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_notification_config(request) + + +def test_get_notification_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = notification_config.NotificationConfig() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/notificationConfigs/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_notification_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/notificationConfigs/*}" + % client.transport._host, + args[1], + ) + + +def test_get_notification_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_notification_config( + securitycenter_service.GetNotificationConfigRequest(), + name="name_value", + ) + + +def test_get_notification_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetOrganizationSettingsRequest, + dict, + ], +) +def test_get_organization_settings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/organizationSettings"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings( + name="name_value", + enable_asset_discovery=True, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = organization_settings.OrganizationSettings.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_organization_settings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, organization_settings.OrganizationSettings) + assert response.name == "name_value" + assert response.enable_asset_discovery is True + + +def test_get_organization_settings_rest_required_fields( + request_type=securitycenter_service.GetOrganizationSettingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_organization_settings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_organization_settings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_organization_settings._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_organization_settings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_organization_settings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_organization_settings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetOrganizationSettingsRequest.pb( + securitycenter_service.GetOrganizationSettingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = organization_settings.OrganizationSettings.to_json( + organization_settings.OrganizationSettings() + ) + + request = securitycenter_service.GetOrganizationSettingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = organization_settings.OrganizationSettings() + + client.get_organization_settings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_organization_settings_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.GetOrganizationSettingsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/organizationSettings"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_organization_settings(request) + + +def test_get_organization_settings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/organizationSettings"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = organization_settings.OrganizationSettings.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_organization_settings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/organizationSettings}" + % client.transport._host, + args[1], + ) + + +def test_get_organization_settings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_organization_settings( + securitycenter_service.GetOrganizationSettingsRequest(), + name="name_value", + ) + + +def test_get_organization_settings_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetSourceRequest, + dict, + ], +) +def test_get_source_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.canonical_name == "canonical_name_value" + + +def test_get_source_rest_required_fields( + request_type=securitycenter_service.GetSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_source._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetSourceRequest.pb( + securitycenter_service.GetSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = source.Source.to_json(source.Source()) + + request = securitycenter_service.GetSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = source.Source() + + client.get_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GetSourceRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_source(request) + + +def test_get_source_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = source.Source() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/sources/*}" % client.transport._host, args[1] + ) + + +def test_get_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_source( + securitycenter_service.GetSourceRequest(), + name="name_value", + ) + + +def test_get_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GroupAssetsRequest, + dict, + ], +) +def test_group_assets_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupAssetsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.group_assets(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.GroupAssetsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_group_assets_rest_required_fields( + request_type=securitycenter_service.GroupAssetsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["group_by"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + jsonified_request["groupBy"] = "group_by_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "groupBy" in jsonified_request + assert jsonified_request["groupBy"] == "group_by_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupAssetsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.GroupAssetsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.group_assets(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_group_assets_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.group_assets._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "groupBy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_group_assets_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_group_assets" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_group_assets" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GroupAssetsRequest.pb( + securitycenter_service.GroupAssetsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.GroupAssetsResponse.to_json( + securitycenter_service.GroupAssetsResponse() + ) + + request = securitycenter_service.GroupAssetsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.GroupAssetsResponse() + + client.group_assets( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_group_assets_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GroupAssetsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.group_assets(request) + + +def test_group_assets_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + next_page_token="abc", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[], + next_page_token="def", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.GroupAssetsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.group_assets(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, securitycenter_service.GroupResult) for i in results) + + pages = list(client.group_assets(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GroupFindingsRequest, + dict, + ], +) +def test_group_findings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.group_findings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.GroupFindingsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_group_findings_rest_required_fields( + request_type=securitycenter_service.GroupFindingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["group_by"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + jsonified_request["groupBy"] = "group_by_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "groupBy" in jsonified_request + assert jsonified_request["groupBy"] == "group_by_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.GroupFindingsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.group_findings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_group_findings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.group_findings._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "groupBy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_group_findings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_group_findings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_group_findings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GroupFindingsRequest.pb( + securitycenter_service.GroupFindingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + securitycenter_service.GroupFindingsResponse.to_json( + securitycenter_service.GroupFindingsResponse() + ) + ) + + request = securitycenter_service.GroupFindingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.GroupFindingsResponse() + + client.group_findings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_group_findings_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GroupFindingsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.group_findings(request) + + +def test_group_findings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + group_by="group_by_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.group_findings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*/sources/*}/findings:group" + % client.transport._host, + args[1], + ) + + +def test_group_findings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.group_findings( + securitycenter_service.GroupFindingsRequest(), + parent="parent_value", + group_by="group_by_value", + ) + + +def test_group_findings_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + next_page_token="abc", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[], + next_page_token="def", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.GroupFindingsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + pager = client.group_findings(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, securitycenter_service.GroupResult) for i in results) + + pages = list(client.group_findings(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListAssetsRequest, + dict, + ], +) +def test_list_assets_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListAssetsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_assets(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListAssetsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_list_assets_rest_required_fields( + request_type=securitycenter_service.ListAssetsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_assets._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "compare_duration", + "field_mask", + "filter", + "order_by", + "page_size", + "page_token", + "read_time", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListAssetsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_assets(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_assets_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_assets._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "compareDuration", + "fieldMask", + "filter", + "orderBy", + "pageSize", + "pageToken", + "readTime", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_assets_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_assets" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_assets" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListAssetsRequest.pb( + securitycenter_service.ListAssetsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListAssetsResponse.to_json( + securitycenter_service.ListAssetsResponse() + ) + + request = securitycenter_service.ListAssetsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListAssetsResponse() + + client.list_assets( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_assets_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListAssetsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_assets(request) + + +def test_list_assets_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + next_page_token="abc", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[], + next_page_token="def", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListAssetsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_assets(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all( + isinstance(i, securitycenter_service.ListAssetsResponse.ListAssetsResult) + for i in results + ) + + pages = list(client.list_assets(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListFindingsRequest, + dict, + ], +) +def test_list_findings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListFindingsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_findings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListFindingsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_list_findings_rest_required_fields( + request_type=securitycenter_service.ListFindingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_findings._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "compare_duration", + "field_mask", + "filter", + "order_by", + "page_size", + "page_token", + "read_time", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListFindingsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListFindingsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_findings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_findings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_findings._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "compareDuration", + "fieldMask", + "filter", + "orderBy", + "pageSize", + "pageToken", + "readTime", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_findings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_findings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_findings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListFindingsRequest.pb( + securitycenter_service.ListFindingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListFindingsResponse.to_json( + securitycenter_service.ListFindingsResponse() + ) + + request = securitycenter_service.ListFindingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListFindingsResponse() + + client.list_findings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_findings_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListFindingsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_findings(request) + + +def test_list_findings_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListFindingsResponse( + list_findings_results=[ + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + ], + next_page_token="abc", + ), + securitycenter_service.ListFindingsResponse( + list_findings_results=[], + next_page_token="def", + ), + securitycenter_service.ListFindingsResponse( + list_findings_results=[ + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListFindingsResponse( + list_findings_results=[ + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListFindingsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + pager = client.list_findings(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all( + isinstance( + i, securitycenter_service.ListFindingsResponse.ListFindingsResult + ) + for i in results + ) + + pages = list(client.list_findings(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListMuteConfigsRequest, + dict, + ], +) +def test_list_mute_configs_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListMuteConfigsResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListMuteConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_mute_configs(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListMuteConfigsPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_mute_configs_rest_required_fields( + request_type=securitycenter_service.ListMuteConfigsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_mute_configs._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_mute_configs._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "page_size", + "page_token", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListMuteConfigsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListMuteConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_mute_configs(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_mute_configs_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_mute_configs._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "pageSize", + "pageToken", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_mute_configs_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_mute_configs" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_mute_configs" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListMuteConfigsRequest.pb( + securitycenter_service.ListMuteConfigsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + securitycenter_service.ListMuteConfigsResponse.to_json( + securitycenter_service.ListMuteConfigsResponse() + ) + ) + + request = securitycenter_service.ListMuteConfigsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListMuteConfigsResponse() + + client.list_mute_configs( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_mute_configs_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListMuteConfigsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_mute_configs(request) + + +def test_list_mute_configs_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListMuteConfigsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListMuteConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_mute_configs(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/muteConfigs" % client.transport._host, + args[1], + ) + + +def test_list_mute_configs_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_mute_configs( + securitycenter_service.ListMuteConfigsRequest(), + parent="parent_value", + ) + + +def test_list_mute_configs_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListMuteConfigsResponse( + mute_configs=[ + mute_config.MuteConfig(), + mute_config.MuteConfig(), + mute_config.MuteConfig(), + ], + next_page_token="abc", + ), + securitycenter_service.ListMuteConfigsResponse( + mute_configs=[], + next_page_token="def", + ), + securitycenter_service.ListMuteConfigsResponse( + mute_configs=[ + mute_config.MuteConfig(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListMuteConfigsResponse( + mute_configs=[ + mute_config.MuteConfig(), + mute_config.MuteConfig(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListMuteConfigsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_mute_configs(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, mute_config.MuteConfig) for i in results) + + pages = list(client.list_mute_configs(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListNotificationConfigsRequest, + dict, + ], +) +def test_list_notification_configs_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListNotificationConfigsResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListNotificationConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_notification_configs(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListNotificationConfigsPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_notification_configs_rest_required_fields( + request_type=securitycenter_service.ListNotificationConfigsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_notification_configs._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_notification_configs._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "page_size", + "page_token", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListNotificationConfigsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListNotificationConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_notification_configs(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_notification_configs_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_notification_configs._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "pageSize", + "pageToken", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_notification_configs_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_notification_configs" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_notification_configs" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListNotificationConfigsRequest.pb( + securitycenter_service.ListNotificationConfigsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + securitycenter_service.ListNotificationConfigsResponse.to_json( + securitycenter_service.ListNotificationConfigsResponse() + ) + ) + + request = securitycenter_service.ListNotificationConfigsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListNotificationConfigsResponse() + + client.list_notification_configs( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_notification_configs_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.ListNotificationConfigsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_notification_configs(request) + + +def test_list_notification_configs_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListNotificationConfigsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListNotificationConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_notification_configs(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/notificationConfigs" + % client.transport._host, + args[1], + ) + + +def test_list_notification_configs_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_notification_configs( + securitycenter_service.ListNotificationConfigsRequest(), + parent="parent_value", + ) + + +def test_list_notification_configs_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListNotificationConfigsResponse( + notification_configs=[ + notification_config.NotificationConfig(), + notification_config.NotificationConfig(), + notification_config.NotificationConfig(), + ], + next_page_token="abc", + ), + securitycenter_service.ListNotificationConfigsResponse( + notification_configs=[], + next_page_token="def", + ), + securitycenter_service.ListNotificationConfigsResponse( + notification_configs=[ + notification_config.NotificationConfig(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListNotificationConfigsResponse( + notification_configs=[ + notification_config.NotificationConfig(), + notification_config.NotificationConfig(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListNotificationConfigsResponse.to_json(x) + for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_notification_configs(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all( + isinstance(i, notification_config.NotificationConfig) for i in results + ) + + pages = list(client.list_notification_configs(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListSourcesRequest, + dict, + ], +) +def test_list_sources_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListSourcesResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_sources(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListSourcesPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_sources_rest_required_fields( + request_type=securitycenter_service.ListSourcesRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_sources._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_sources._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "page_size", + "page_token", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListSourcesResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_sources(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_sources_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_sources._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "pageSize", + "pageToken", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_sources_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_sources" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_sources" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListSourcesRequest.pb( + securitycenter_service.ListSourcesRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListSourcesResponse.to_json( + securitycenter_service.ListSourcesResponse() + ) + + request = securitycenter_service.ListSourcesRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListSourcesResponse() + + client.list_sources( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_sources_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListSourcesRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_sources(request) + + +def test_list_sources_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListSourcesResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_sources(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/sources" % client.transport._host, args[1] + ) + + +def test_list_sources_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_sources( + securitycenter_service.ListSourcesRequest(), + parent="parent_value", + ) + + +def test_list_sources_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + source.Source(), + source.Source(), + ], + next_page_token="abc", + ), + securitycenter_service.ListSourcesResponse( + sources=[], + next_page_token="def", + ), + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + source.Source(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListSourcesResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_sources(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, source.Source) for i in results) + + pages = list(client.list_sources(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.RunAssetDiscoveryRequest, + dict, + ], +) +def test_run_asset_discovery_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.run_asset_discovery(request) + + # Establish that the response is the type that we expect. + assert response.operation.name == "operations/spam" + + +def test_run_asset_discovery_rest_required_fields( + request_type=securitycenter_service.RunAssetDiscoveryRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).run_asset_discovery._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).run_asset_discovery._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.run_asset_discovery(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_run_asset_discovery_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.run_asset_discovery._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("parent",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_run_asset_discovery_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + operation.Operation, "_set_result_from_operation" + ), mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_run_asset_discovery" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_run_asset_discovery" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.RunAssetDiscoveryRequest.pb( + securitycenter_service.RunAssetDiscoveryRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson( + operations_pb2.Operation() + ) + + request = securitycenter_service.RunAssetDiscoveryRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = operations_pb2.Operation() + + client.run_asset_discovery( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_run_asset_discovery_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.RunAssetDiscoveryRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.run_asset_discovery(request) + + +def test_run_asset_discovery_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.run_asset_discovery(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/assets:runDiscovery" + % client.transport._host, + args[1], + ) + + +def test_run_asset_discovery_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.run_asset_discovery( + securitycenter_service.RunAssetDiscoveryRequest(), + parent="parent_value", + ) + + +def test_run_asset_discovery_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.SetFindingStateRequest, + dict, + ], +) +def test_set_finding_state_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2/findings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + severity=finding.Finding.Severity.CRITICAL, + canonical_name="canonical_name_value", + mute=finding.Finding.Mute.MUTED, + finding_class=finding.Finding.FindingClass.THREAT, + mute_initiator="mute_initiator_value", + parent_display_name="parent_display_name_value", + description="description_value", + next_steps="next_steps_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.set_finding_state(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + assert response.severity == finding.Finding.Severity.CRITICAL + assert response.canonical_name == "canonical_name_value" + assert response.mute == finding.Finding.Mute.MUTED + assert response.finding_class == finding.Finding.FindingClass.THREAT + assert response.mute_initiator == "mute_initiator_value" + assert response.parent_display_name == "parent_display_name_value" + assert response.description == "description_value" + assert response.next_steps == "next_steps_value" + + +def test_set_finding_state_rest_required_fields( + request_type=securitycenter_service.SetFindingStateRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_finding_state._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_finding_state._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.set_finding_state(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_set_finding_state_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.set_finding_state._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "name", + "state", + "startTime", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_set_finding_state_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_set_finding_state" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_set_finding_state" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.SetFindingStateRequest.pb( + securitycenter_service.SetFindingStateRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = finding.Finding.to_json(finding.Finding()) + + request = securitycenter_service.SetFindingStateRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = finding.Finding() + + client.set_finding_state( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_set_finding_state_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.SetFindingStateRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2/findings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.set_finding_state(request) + + +def test_set_finding_state_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = { + "name": "organizations/sample1/sources/sample2/findings/sample3" + } + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + state=finding.Finding.State.ACTIVE, + start_time=timestamp_pb2.Timestamp(seconds=751), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.set_finding_state(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/sources/*/findings/*}:setState" + % client.transport._host, + args[1], + ) + + +def test_set_finding_state_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.set_finding_state( + securitycenter_service.SetFindingStateRequest(), + name="name_value", + state=finding.Finding.State.ACTIVE, + start_time=timestamp_pb2.Timestamp(seconds=751), + ) + + +def test_set_finding_state_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.SetMuteRequest, + dict, + ], +) +def test_set_mute_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2/findings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + severity=finding.Finding.Severity.CRITICAL, + canonical_name="canonical_name_value", + mute=finding.Finding.Mute.MUTED, + finding_class=finding.Finding.FindingClass.THREAT, + mute_initiator="mute_initiator_value", + parent_display_name="parent_display_name_value", + description="description_value", + next_steps="next_steps_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.set_mute(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + assert response.severity == finding.Finding.Severity.CRITICAL + assert response.canonical_name == "canonical_name_value" + assert response.mute == finding.Finding.Mute.MUTED + assert response.finding_class == finding.Finding.FindingClass.THREAT + assert response.mute_initiator == "mute_initiator_value" + assert response.parent_display_name == "parent_display_name_value" + assert response.description == "description_value" + assert response.next_steps == "next_steps_value" + + +def test_set_mute_rest_required_fields( + request_type=securitycenter_service.SetMuteRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_mute._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_mute._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.set_mute(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_set_mute_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.set_mute._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "name", + "mute", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_set_mute_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_set_mute" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_set_mute" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.SetMuteRequest.pb( + securitycenter_service.SetMuteRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = finding.Finding.to_json(finding.Finding()) + + request = securitycenter_service.SetMuteRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = finding.Finding() + + client.set_mute( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_set_mute_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.SetMuteRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2/findings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.set_mute(request) + + +def test_set_mute_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = { + "name": "organizations/sample1/sources/sample2/findings/sample3" + } + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + mute=finding.Finding.Mute.MUTED, + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.set_mute(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/sources/*/findings/*}:setMute" + % client.transport._host, + args[1], + ) + + +def test_set_mute_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.set_mute( + securitycenter_service.SetMuteRequest(), + name="name_value", + mute=finding.Finding.Mute.MUTED, + ) + + +def test_set_mute_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.SetIamPolicyRequest, + dict, + ], +) +def test_set_iam_policy_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy( + version=774, + etag=b"etag_blob", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.set_iam_policy(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b"etag_blob" + + +def test_set_iam_policy_rest_required_fields( + request_type=iam_policy_pb2.SetIamPolicyRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.set_iam_policy(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_set_iam_policy_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.set_iam_policy._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "resource", + "policy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_set_iam_policy_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_set_iam_policy" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_set_iam_policy" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.SetIamPolicyRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson(policy_pb2.Policy()) + + request = iam_policy_pb2.SetIamPolicyRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = policy_pb2.Policy() + + client.set_iam_policy( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_set_iam_policy_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.SetIamPolicyRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.set_iam_policy(request) + + +def test_set_iam_policy_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.set_iam_policy(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{resource=organizations/*/sources/*}:setIamPolicy" + % client.transport._host, + args[1], + ) + + +def test_set_iam_policy_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.set_iam_policy( + iam_policy_pb2.SetIamPolicyRequest(), + resource="resource_value", + ) + + +def test_set_iam_policy_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.TestIamPermissionsRequest, + dict, + ], +) +def test_test_iam_permissions_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse( + permissions=["permissions_value"], + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.test_iam_permissions(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, iam_policy_pb2.TestIamPermissionsResponse) + assert response.permissions == ["permissions_value"] + + +def test_test_iam_permissions_rest_required_fields( + request_type=iam_policy_pb2.TestIamPermissionsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request_init["permissions"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).test_iam_permissions._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + jsonified_request["permissions"] = "permissions_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).test_iam_permissions._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + assert "permissions" in jsonified_request + assert jsonified_request["permissions"] == "permissions_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.test_iam_permissions(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_test_iam_permissions_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.test_iam_permissions._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "resource", + "permissions", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_test_iam_permissions_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_test_iam_permissions" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_test_iam_permissions" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.TestIamPermissionsRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson( + iam_policy_pb2.TestIamPermissionsResponse() + ) + + request = iam_policy_pb2.TestIamPermissionsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = iam_policy_pb2.TestIamPermissionsResponse() + + client.test_iam_permissions( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_test_iam_permissions_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.TestIamPermissionsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.test_iam_permissions(request) + + +def test_test_iam_permissions_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + permissions=["permissions_value"], + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.test_iam_permissions(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{resource=organizations/*/sources/*}:testIamPermissions" + % client.transport._host, + args[1], + ) + + +def test_test_iam_permissions_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.test_iam_permissions( + iam_policy_pb2.TestIamPermissionsRequest(), + resource="resource_value", + permissions=["permissions_value"], + ) + + +def test_test_iam_permissions_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateExternalSystemRequest, + dict, + ], +) +def test_update_external_system_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "external_system": { + "name": "organizations/sample1/sources/sample2/findings/sample3/externalSystems/sample4" + } + } + request_init["external_system"] = { + "name": "organizations/sample1/sources/sample2/findings/sample3/externalSystems/sample4", + "assignees": ["assignees_value1", "assignees_value2"], + "external_uid": "external_uid_value", + "status": "status_value", + "external_system_update_time": {"seconds": 751, "nanos": 543}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_external_system.ExternalSystem( + name="name_value", + assignees=["assignees_value"], + external_uid="external_uid_value", + status="status_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_external_system.ExternalSystem.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_external_system(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_external_system.ExternalSystem) + assert response.name == "name_value" + assert response.assignees == ["assignees_value"] + assert response.external_uid == "external_uid_value" + assert response.status == "status_value" + + +def test_update_external_system_rest_required_fields( + request_type=securitycenter_service.UpdateExternalSystemRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_external_system._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_external_system._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_external_system.ExternalSystem() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_external_system.ExternalSystem.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_external_system(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_external_system_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_external_system._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("externalSystem",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_external_system_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_external_system" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_external_system" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateExternalSystemRequest.pb( + securitycenter_service.UpdateExternalSystemRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_external_system.ExternalSystem.to_json( + gcs_external_system.ExternalSystem() + ) + + request = securitycenter_service.UpdateExternalSystemRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_external_system.ExternalSystem() + + client.update_external_system( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_external_system_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateExternalSystemRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "external_system": { + "name": "organizations/sample1/sources/sample2/findings/sample3/externalSystems/sample4" + } + } + request_init["external_system"] = { + "name": "organizations/sample1/sources/sample2/findings/sample3/externalSystems/sample4", + "assignees": ["assignees_value1", "assignees_value2"], + "external_uid": "external_uid_value", + "status": "status_value", + "external_system_update_time": {"seconds": 751, "nanos": 543}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_external_system(request) + + +def test_update_external_system_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_external_system.ExternalSystem() + + # get arguments that satisfy an http rule for this method + sample_request = { + "external_system": { + "name": "organizations/sample1/sources/sample2/findings/sample3/externalSystems/sample4" + } + } + + # get truthy value for each flattened field + mock_args = dict( + external_system=gcs_external_system.ExternalSystem(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_external_system.ExternalSystem.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_external_system(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{external_system.name=organizations/*/sources/*/findings/*/externalSystems/*}" + % client.transport._host, + args[1], + ) + + +def test_update_external_system_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_external_system( + securitycenter_service.UpdateExternalSystemRequest(), + external_system=gcs_external_system.ExternalSystem(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_external_system_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateFindingRequest, + dict, + ], +) +def test_update_finding_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "finding": {"name": "organizations/sample1/sources/sample2/findings/sample3"} + } + request_init["finding"] = { + "name": "organizations/sample1/sources/sample2/findings/sample3", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": { + "name": "name_value", + "marks": {}, + "canonical_name": "canonical_name_value", + }, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + "severity": 1, + "canonical_name": "canonical_name_value", + "mute": 1, + "finding_class": 1, + "indicator": { + "ip_addresses": ["ip_addresses_value1", "ip_addresses_value2"], + "domains": ["domains_value1", "domains_value2"], + "signatures": [ + { + "memory_hash_signature": { + "binary_family": "binary_family_value", + "detections": [ + {"binary": "binary_value", "percent_pages_matched": 0.2197} + ], + }, + "yara_rule_signature": {"yara_rule": "yara_rule_value"}, + } + ], + "uris": ["uris_value1", "uris_value2"], + }, + "vulnerability": { + "cve": { + "id": "id_value", + "references": [{"source": "source_value", "uri": "uri_value"}], + "cvssv3": { + "base_score": 0.1046, + "attack_vector": 1, + "attack_complexity": 1, + "privileges_required": 1, + "user_interaction": 1, + "scope": 1, + "confidentiality_impact": 1, + "integrity_impact": 1, + "availability_impact": 1, + }, + "upstream_fix_available": True, + } + }, + "mute_update_time": {}, + "external_systems": {}, + "mitre_attack": { + "primary_tactic": 1, + "primary_techniques": [1], + "additional_tactics": [1], + "additional_techniques": [1], + "version": "version_value", + }, + "access": { + "principal_email": "principal_email_value", + "caller_ip": "caller_ip_value", + "caller_ip_geo": {"region_code": "region_code_value"}, + "user_agent_family": "user_agent_family_value", + "service_name": "service_name_value", + "method_name": "method_name_value", + "principal_subject": "principal_subject_value", + "service_account_key_name": "service_account_key_name_value", + "service_account_delegation_info": [ + { + "principal_email": "principal_email_value", + "principal_subject": "principal_subject_value", + } + ], + "user_name": "user_name_value", + }, + "connections": [ + { + "destination_ip": "destination_ip_value", + "destination_port": 1734, + "source_ip": "source_ip_value", + "source_port": 1205, + "protocol": 1, + } + ], + "mute_initiator": "mute_initiator_value", + "processes": [ + { + "name": "name_value", + "binary": { + "path": "path_value", + "size": 443, + "sha256": "sha256_value", + "hashed_size": 1159, + "partially_hashed": True, + "contents": "contents_value", + }, + "libraries": {}, + "script": {}, + "args": ["args_value1", "args_value2"], + "arguments_truncated": True, + "env_variables": [{"name": "name_value", "val": "val_value"}], + "env_variables_truncated": True, + "pid": 317, + "parent_pid": 1062, + } + ], + "contacts": {}, + "compliances": [ + { + "standard": "standard_value", + "version": "version_value", + "ids": ["ids_value1", "ids_value2"], + } + ], + "parent_display_name": "parent_display_name_value", + "description": "description_value", + "exfiltration": { + "sources": [ + { + "name": "name_value", + "components": ["components_value1", "components_value2"], + } + ], + "targets": {}, + }, + "iam_bindings": [{"action": 1, "role": "role_value", "member": "member_value"}], + "next_steps": "next_steps_value", + "containers": [ + { + "name": "name_value", + "uri": "uri_value", + "image_id": "image_id_value", + "labels": [{"name": "name_value", "value": "value_value"}], + } + ], + "kubernetes": { + "pods": [ + {"ns": "ns_value", "name": "name_value", "labels": {}, "containers": {}} + ], + "nodes": [{"name": "name_value"}], + "node_pools": [{"name": "name_value", "nodes": {}}], + "roles": [{"kind": 1, "ns": "ns_value", "name": "name_value"}], + "bindings": [ + { + "ns": "ns_value", + "name": "name_value", + "role": {}, + "subjects": [{"kind": 1, "ns": "ns_value", "name": "name_value"}], + } + ], + "access_reviews": [ + { + "group": "group_value", + "ns": "ns_value", + "name": "name_value", + "resource": "resource_value", + "subresource": "subresource_value", + "verb": "verb_value", + "version": "version_value", + } + ], + }, + "database": { + "name": "name_value", + "display_name": "display_name_value", + "user_name": "user_name_value", + "query": "query_value", + "grantees": ["grantees_value1", "grantees_value2"], + }, + "files": {}, + "kernel_rootkit": { + "name": "name_value", + "unexpected_code_modification": True, + "unexpected_read_only_data_modification": True, + "unexpected_ftrace_handler": True, + "unexpected_kprobe_handler": True, + "unexpected_kernel_code_pages": True, + "unexpected_system_call_handler": True, + "unexpected_interrupt_handler": True, + "unexpected_processes_in_runqueue": True, + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=gcs_finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + severity=gcs_finding.Finding.Severity.CRITICAL, + canonical_name="canonical_name_value", + mute=gcs_finding.Finding.Mute.MUTED, + finding_class=gcs_finding.Finding.FindingClass.THREAT, + mute_initiator="mute_initiator_value", + parent_display_name="parent_display_name_value", + description="description_value", + next_steps="next_steps_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_finding(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == gcs_finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + assert response.severity == gcs_finding.Finding.Severity.CRITICAL + assert response.canonical_name == "canonical_name_value" + assert response.mute == gcs_finding.Finding.Mute.MUTED + assert response.finding_class == gcs_finding.Finding.FindingClass.THREAT + assert response.mute_initiator == "mute_initiator_value" + assert response.parent_display_name == "parent_display_name_value" + assert response.description == "description_value" + assert response.next_steps == "next_steps_value" + + +def test_update_finding_rest_required_fields( + request_type=securitycenter_service.UpdateFindingRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_finding._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_finding._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_finding(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_finding_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_finding._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("finding",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_finding_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_finding" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_finding" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateFindingRequest.pb( + securitycenter_service.UpdateFindingRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_finding.Finding.to_json(gcs_finding.Finding()) + + request = securitycenter_service.UpdateFindingRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_finding.Finding() + + client.update_finding( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_finding_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.UpdateFindingRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "finding": {"name": "organizations/sample1/sources/sample2/findings/sample3"} + } + request_init["finding"] = { + "name": "organizations/sample1/sources/sample2/findings/sample3", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": { + "name": "name_value", + "marks": {}, + "canonical_name": "canonical_name_value", + }, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + "severity": 1, + "canonical_name": "canonical_name_value", + "mute": 1, + "finding_class": 1, + "indicator": { + "ip_addresses": ["ip_addresses_value1", "ip_addresses_value2"], + "domains": ["domains_value1", "domains_value2"], + "signatures": [ + { + "memory_hash_signature": { + "binary_family": "binary_family_value", + "detections": [ + {"binary": "binary_value", "percent_pages_matched": 0.2197} + ], + }, + "yara_rule_signature": {"yara_rule": "yara_rule_value"}, + } + ], + "uris": ["uris_value1", "uris_value2"], + }, + "vulnerability": { + "cve": { + "id": "id_value", + "references": [{"source": "source_value", "uri": "uri_value"}], + "cvssv3": { + "base_score": 0.1046, + "attack_vector": 1, + "attack_complexity": 1, + "privileges_required": 1, + "user_interaction": 1, + "scope": 1, + "confidentiality_impact": 1, + "integrity_impact": 1, + "availability_impact": 1, + }, + "upstream_fix_available": True, + } + }, + "mute_update_time": {}, + "external_systems": {}, + "mitre_attack": { + "primary_tactic": 1, + "primary_techniques": [1], + "additional_tactics": [1], + "additional_techniques": [1], + "version": "version_value", + }, + "access": { + "principal_email": "principal_email_value", + "caller_ip": "caller_ip_value", + "caller_ip_geo": {"region_code": "region_code_value"}, + "user_agent_family": "user_agent_family_value", + "service_name": "service_name_value", + "method_name": "method_name_value", + "principal_subject": "principal_subject_value", + "service_account_key_name": "service_account_key_name_value", + "service_account_delegation_info": [ + { + "principal_email": "principal_email_value", + "principal_subject": "principal_subject_value", + } + ], + "user_name": "user_name_value", + }, + "connections": [ + { + "destination_ip": "destination_ip_value", + "destination_port": 1734, + "source_ip": "source_ip_value", + "source_port": 1205, + "protocol": 1, + } + ], + "mute_initiator": "mute_initiator_value", + "processes": [ + { + "name": "name_value", + "binary": { + "path": "path_value", + "size": 443, + "sha256": "sha256_value", + "hashed_size": 1159, + "partially_hashed": True, + "contents": "contents_value", + }, + "libraries": {}, + "script": {}, + "args": ["args_value1", "args_value2"], + "arguments_truncated": True, + "env_variables": [{"name": "name_value", "val": "val_value"}], + "env_variables_truncated": True, + "pid": 317, + "parent_pid": 1062, + } + ], + "contacts": {}, + "compliances": [ + { + "standard": "standard_value", + "version": "version_value", + "ids": ["ids_value1", "ids_value2"], + } + ], + "parent_display_name": "parent_display_name_value", + "description": "description_value", + "exfiltration": { + "sources": [ + { + "name": "name_value", + "components": ["components_value1", "components_value2"], + } + ], + "targets": {}, + }, + "iam_bindings": [{"action": 1, "role": "role_value", "member": "member_value"}], + "next_steps": "next_steps_value", + "containers": [ + { + "name": "name_value", + "uri": "uri_value", + "image_id": "image_id_value", + "labels": [{"name": "name_value", "value": "value_value"}], + } + ], + "kubernetes": { + "pods": [ + {"ns": "ns_value", "name": "name_value", "labels": {}, "containers": {}} + ], + "nodes": [{"name": "name_value"}], + "node_pools": [{"name": "name_value", "nodes": {}}], + "roles": [{"kind": 1, "ns": "ns_value", "name": "name_value"}], + "bindings": [ + { + "ns": "ns_value", + "name": "name_value", + "role": {}, + "subjects": [{"kind": 1, "ns": "ns_value", "name": "name_value"}], + } + ], + "access_reviews": [ + { + "group": "group_value", + "ns": "ns_value", + "name": "name_value", + "resource": "resource_value", + "subresource": "subresource_value", + "verb": "verb_value", + "version": "version_value", + } + ], + }, + "database": { + "name": "name_value", + "display_name": "display_name_value", + "user_name": "user_name_value", + "query": "query_value", + "grantees": ["grantees_value1", "grantees_value2"], + }, + "files": {}, + "kernel_rootkit": { + "name": "name_value", + "unexpected_code_modification": True, + "unexpected_read_only_data_modification": True, + "unexpected_ftrace_handler": True, + "unexpected_kprobe_handler": True, + "unexpected_kernel_code_pages": True, + "unexpected_system_call_handler": True, + "unexpected_interrupt_handler": True, + "unexpected_processes_in_runqueue": True, + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_finding(request) + + +def test_update_finding_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = { + "finding": { + "name": "organizations/sample1/sources/sample2/findings/sample3" + } + } + + # get truthy value for each flattened field + mock_args = dict( + finding=gcs_finding.Finding(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_finding(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{finding.name=organizations/*/sources/*/findings/*}" + % client.transport._host, + args[1], + ) + + +def test_update_finding_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_finding( + securitycenter_service.UpdateFindingRequest(), + finding=gcs_finding.Finding(name="name_value"), + ) + + +def test_update_finding_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateMuteConfigRequest, + dict, + ], +) +def test_update_mute_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "mute_config": {"name": "organizations/sample1/muteConfigs/sample2"} + } + request_init["mute_config"] = { + "name": "organizations/sample1/muteConfigs/sample2", + "display_name": "display_name_value", + "description": "description_value", + "filter": "filter_value", + "create_time": {"seconds": 751, "nanos": 543}, + "update_time": {}, + "most_recent_editor": "most_recent_editor_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_mute_config.MuteConfig( + name="name_value", + display_name="display_name_value", + description="description_value", + filter="filter_value", + most_recent_editor="most_recent_editor_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_mute_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_mute_config.MuteConfig) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.filter == "filter_value" + assert response.most_recent_editor == "most_recent_editor_value" + + +def test_update_mute_config_rest_required_fields( + request_type=securitycenter_service.UpdateMuteConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_mute_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_mute_config._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_mute_config.MuteConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_mute_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_mute_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_mute_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("muteConfig",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_mute_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_mute_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_mute_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateMuteConfigRequest.pb( + securitycenter_service.UpdateMuteConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_mute_config.MuteConfig.to_json( + gcs_mute_config.MuteConfig() + ) + + request = securitycenter_service.UpdateMuteConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_mute_config.MuteConfig() + + client.update_mute_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_mute_config_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.UpdateMuteConfigRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "mute_config": {"name": "organizations/sample1/muteConfigs/sample2"} + } + request_init["mute_config"] = { + "name": "organizations/sample1/muteConfigs/sample2", + "display_name": "display_name_value", + "description": "description_value", + "filter": "filter_value", + "create_time": {"seconds": 751, "nanos": 543}, + "update_time": {}, + "most_recent_editor": "most_recent_editor_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_mute_config(request) + + +def test_update_mute_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_mute_config.MuteConfig() + + # get arguments that satisfy an http rule for this method + sample_request = { + "mute_config": {"name": "organizations/sample1/muteConfigs/sample2"} + } + + # get truthy value for each flattened field + mock_args = dict( + mute_config=gcs_mute_config.MuteConfig(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_mute_config.MuteConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_mute_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{mute_config.name=organizations/*/muteConfigs/*}" + % client.transport._host, + args[1], + ) + + +def test_update_mute_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_mute_config( + securitycenter_service.UpdateMuteConfigRequest(), + mute_config=gcs_mute_config.MuteConfig(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_mute_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateNotificationConfigRequest, + dict, + ], +) +def test_update_notification_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "notification_config": { + "name": "organizations/sample1/notificationConfigs/sample2" + } + } + request_init["notification_config"] = { + "name": "organizations/sample1/notificationConfigs/sample2", + "description": "description_value", + "pubsub_topic": "pubsub_topic_value", + "service_account": "service_account_value", + "streaming_config": {"filter": "filter_value"}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig( + name="name_value", + description="description_value", + pubsub_topic="pubsub_topic_value", + service_account="service_account_value", + streaming_config=gcs_notification_config.NotificationConfig.StreamingConfig( + filter="filter_value" + ), + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_notification_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_notification_config.NotificationConfig) + assert response.name == "name_value" + assert response.description == "description_value" + assert response.pubsub_topic == "pubsub_topic_value" + assert response.service_account == "service_account_value" + + +def test_update_notification_config_rest_required_fields( + request_type=securitycenter_service.UpdateNotificationConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_notification_config._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_notification_config.NotificationConfig.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_notification_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_notification_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_notification_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("notificationConfig",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_notification_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_notification_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_notification_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateNotificationConfigRequest.pb( + securitycenter_service.UpdateNotificationConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_notification_config.NotificationConfig.to_json( + gcs_notification_config.NotificationConfig() + ) + + request = securitycenter_service.UpdateNotificationConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_notification_config.NotificationConfig() + + client.update_notification_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_notification_config_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateNotificationConfigRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "notification_config": { + "name": "organizations/sample1/notificationConfigs/sample2" + } + } + request_init["notification_config"] = { + "name": "organizations/sample1/notificationConfigs/sample2", + "description": "description_value", + "pubsub_topic": "pubsub_topic_value", + "service_account": "service_account_value", + "streaming_config": {"filter": "filter_value"}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_notification_config(request) + + +def test_update_notification_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig() + + # get arguments that satisfy an http rule for this method + sample_request = { + "notification_config": { + "name": "organizations/sample1/notificationConfigs/sample2" + } + } + + # get truthy value for each flattened field + mock_args = dict( + notification_config=gcs_notification_config.NotificationConfig( + name="name_value" + ), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_notification_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{notification_config.name=organizations/*/notificationConfigs/*}" + % client.transport._host, + args[1], + ) + + +def test_update_notification_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_notification_config( + securitycenter_service.UpdateNotificationConfigRequest(), + notification_config=gcs_notification_config.NotificationConfig( + name="name_value" + ), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_notification_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateOrganizationSettingsRequest, + dict, + ], +) +def test_update_organization_settings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "organization_settings": {"name": "organizations/sample1/organizationSettings"} + } + request_init["organization_settings"] = { + "name": "organizations/sample1/organizationSettings", + "enable_asset_discovery": True, + "asset_discovery_config": { + "project_ids": ["project_ids_value1", "project_ids_value2"], + "inclusion_mode": 1, + "folder_ids": ["folder_ids_value1", "folder_ids_value2"], + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings( + name="name_value", + enable_asset_discovery=True, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_organization_settings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_organization_settings.OrganizationSettings) + assert response.name == "name_value" + assert response.enable_asset_discovery is True + + +def test_update_organization_settings_rest_required_fields( + request_type=securitycenter_service.UpdateOrganizationSettingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_organization_settings._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_organization_settings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_organization_settings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_organization_settings._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("organizationSettings",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_organization_settings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_organization_settings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_organization_settings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateOrganizationSettingsRequest.pb( + securitycenter_service.UpdateOrganizationSettingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + gcs_organization_settings.OrganizationSettings.to_json( + gcs_organization_settings.OrganizationSettings() + ) + ) + + request = securitycenter_service.UpdateOrganizationSettingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_organization_settings.OrganizationSettings() + + client.update_organization_settings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_organization_settings_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateOrganizationSettingsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "organization_settings": {"name": "organizations/sample1/organizationSettings"} + } + request_init["organization_settings"] = { + "name": "organizations/sample1/organizationSettings", + "enable_asset_discovery": True, + "asset_discovery_config": { + "project_ids": ["project_ids_value1", "project_ids_value2"], + "inclusion_mode": 1, + "folder_ids": ["folder_ids_value1", "folder_ids_value2"], + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_organization_settings(request) + + +def test_update_organization_settings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings() + + # get arguments that satisfy an http rule for this method + sample_request = { + "organization_settings": { + "name": "organizations/sample1/organizationSettings" + } + } + + # get truthy value for each flattened field + mock_args = dict( + organization_settings=gcs_organization_settings.OrganizationSettings( + name="name_value" + ), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_organization_settings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{organization_settings.name=organizations/*/organizationSettings}" + % client.transport._host, + args[1], + ) + + +def test_update_organization_settings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_organization_settings( + securitycenter_service.UpdateOrganizationSettingsRequest(), + organization_settings=gcs_organization_settings.OrganizationSettings( + name="name_value" + ), + ) + + +def test_update_organization_settings_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateSourceRequest, + dict, + ], +) +def test_update_source_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"source": {"name": "organizations/sample1/sources/sample2"}} + request_init["source"] = { + "name": "organizations/sample1/sources/sample2", + "display_name": "display_name_value", + "description": "description_value", + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.canonical_name == "canonical_name_value" + + +def test_update_source_rest_required_fields( + request_type=securitycenter_service.UpdateSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_source._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_source._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("source",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateSourceRequest.pb( + securitycenter_service.UpdateSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_source.Source.to_json(gcs_source.Source()) + + request = securitycenter_service.UpdateSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_source.Source() + + client.update_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.UpdateSourceRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"source": {"name": "organizations/sample1/sources/sample2"}} + request_init["source"] = { + "name": "organizations/sample1/sources/sample2", + "display_name": "display_name_value", + "description": "description_value", + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_source(request) + + +def test_update_source_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + + # get arguments that satisfy an http rule for this method + sample_request = {"source": {"name": "organizations/sample1/sources/sample2"}} + + # get truthy value for each flattened field + mock_args = dict( + source=gcs_source.Source(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{source.name=organizations/*/sources/*}" % client.transport._host, + args[1], + ) + + +def test_update_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_source( + securitycenter_service.UpdateSourceRequest(), + source=gcs_source.Source(name="name_value"), + ) + + +def test_update_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateSecurityMarksRequest, + dict, + ], +) +def test_update_security_marks_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "security_marks": {"name": "organizations/sample1/assets/sample2/securityMarks"} + } + request_init["security_marks"] = { + "name": "organizations/sample1/assets/sample2/securityMarks", + "marks": {}, + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks( + name="name_value", + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_security_marks(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_security_marks.SecurityMarks) + assert response.name == "name_value" + assert response.canonical_name == "canonical_name_value" + + +def test_update_security_marks_rest_required_fields( + request_type=securitycenter_service.UpdateSecurityMarksRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_security_marks._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_security_marks._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "start_time", + "update_mask", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_security_marks(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_security_marks_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_security_marks._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "startTime", + "updateMask", + ) + ) + & set(("securityMarks",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_security_marks_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_security_marks" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_security_marks" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateSecurityMarksRequest.pb( + securitycenter_service.UpdateSecurityMarksRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_security_marks.SecurityMarks.to_json( + gcs_security_marks.SecurityMarks() + ) + + request = securitycenter_service.UpdateSecurityMarksRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_security_marks.SecurityMarks() + + client.update_security_marks( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_security_marks_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateSecurityMarksRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "security_marks": {"name": "organizations/sample1/assets/sample2/securityMarks"} + } + request_init["security_marks"] = { + "name": "organizations/sample1/assets/sample2/securityMarks", + "marks": {}, + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_security_marks(request) + + +def test_update_security_marks_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks() + + # get arguments that satisfy an http rule for this method + sample_request = { + "security_marks": { + "name": "organizations/sample1/assets/sample2/securityMarks" + } + } + + # get truthy value for each flattened field + mock_args = dict( + security_marks=gcs_security_marks.SecurityMarks(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_security_marks(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{security_marks.name=organizations/*/assets/*/securityMarks}" + % client.transport._host, + args[1], + ) + + +def test_update_security_marks_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_security_marks( + securitycenter_service.UpdateSecurityMarksRequest(), + security_marks=gcs_security_marks.SecurityMarks(name="name_value"), + ) + + +def test_update_security_marks_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.CreateBigQueryExportRequest, + dict, + ], +) +def test_create_big_query_export_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["big_query_export"] = { + "name": "name_value", + "description": "description_value", + "filter": "filter_value", + "dataset": "dataset_value", + "create_time": {"seconds": 751, "nanos": 543}, + "update_time": {}, + "most_recent_editor": "most_recent_editor_value", + "principal": "principal_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport( + name="name_value", + description="description_value", + filter="filter_value", + dataset="dataset_value", + most_recent_editor="most_recent_editor_value", + principal="principal_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_big_query_export(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, bigquery_export.BigQueryExport) + assert response.name == "name_value" + assert response.description == "description_value" + assert response.filter == "filter_value" + assert response.dataset == "dataset_value" + assert response.most_recent_editor == "most_recent_editor_value" + assert response.principal == "principal_value" + + +def test_create_big_query_export_rest_required_fields( + request_type=securitycenter_service.CreateBigQueryExportRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["big_query_export_id"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + assert "bigQueryExportId" not in jsonified_request + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_big_query_export._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + assert "bigQueryExportId" in jsonified_request + assert jsonified_request["bigQueryExportId"] == request_init["big_query_export_id"] + + jsonified_request["parent"] = "parent_value" + jsonified_request["bigQueryExportId"] = "big_query_export_id_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_big_query_export._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("big_query_export_id",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "bigQueryExportId" in jsonified_request + assert jsonified_request["bigQueryExportId"] == "big_query_export_id_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_big_query_export(request) + + expected_params = [ + ( + "bigQueryExportId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_big_query_export_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_big_query_export._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(("bigQueryExportId",)) + & set( + ( + "parent", + "bigQueryExport", + "bigQueryExportId", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_big_query_export_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_big_query_export" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_big_query_export" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateBigQueryExportRequest.pb( + securitycenter_service.CreateBigQueryExportRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = bigquery_export.BigQueryExport.to_json( + bigquery_export.BigQueryExport() + ) + + request = securitycenter_service.CreateBigQueryExportRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = bigquery_export.BigQueryExport() + + client.create_big_query_export( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_create_big_query_export_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.CreateBigQueryExportRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["big_query_export"] = { + "name": "name_value", + "description": "description_value", + "filter": "filter_value", + "dataset": "dataset_value", + "create_time": {"seconds": 751, "nanos": 543}, + "update_time": {}, + "most_recent_editor": "most_recent_editor_value", + "principal": "principal_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_big_query_export(request) + + +def test_create_big_query_export_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + big_query_export=bigquery_export.BigQueryExport(name="name_value"), + big_query_export_id="big_query_export_id_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.create_big_query_export(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/bigQueryExports" % client.transport._host, + args[1], + ) + + +def test_create_big_query_export_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_big_query_export( + securitycenter_service.CreateBigQueryExportRequest(), + parent="parent_value", + big_query_export=bigquery_export.BigQueryExport(name="name_value"), + big_query_export_id="big_query_export_id_value", + ) + + +def test_create_big_query_export_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.DeleteBigQueryExportRequest, + dict, + ], +) +def test_delete_big_query_export_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/bigQueryExports/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.delete_big_query_export(request) + + # Establish that the response is the type that we expect. + assert response is None + + +def test_delete_big_query_export_rest_required_fields( + request_type=securitycenter_service.DeleteBigQueryExportRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).delete_big_query_export._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).delete_big_query_export._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = None + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "delete", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.delete_big_query_export(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_delete_big_query_export_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.delete_big_query_export._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_delete_big_query_export_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_delete_big_query_export" + ) as pre: + pre.assert_not_called() + pb_message = securitycenter_service.DeleteBigQueryExportRequest.pb( + securitycenter_service.DeleteBigQueryExportRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + + request = securitycenter_service.DeleteBigQueryExportRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + + client.delete_big_query_export( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + + +def test_delete_big_query_export_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.DeleteBigQueryExportRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/bigQueryExports/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.delete_big_query_export(request) + + +def test_delete_big_query_export_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/bigQueryExports/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.delete_big_query_export(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{name=organizations/*/bigQueryExports/*}" % client.transport._host, + args[1], + ) + + +def test_delete_big_query_export_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.delete_big_query_export( + securitycenter_service.DeleteBigQueryExportRequest(), + name="name_value", + ) + + +def test_delete_big_query_export_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateBigQueryExportRequest, + dict, + ], +) +def test_update_big_query_export_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "big_query_export": {"name": "organizations/sample1/bigQueryExports/sample2"} + } + request_init["big_query_export"] = { + "name": "organizations/sample1/bigQueryExports/sample2", + "description": "description_value", + "filter": "filter_value", + "dataset": "dataset_value", + "create_time": {"seconds": 751, "nanos": 543}, + "update_time": {}, + "most_recent_editor": "most_recent_editor_value", + "principal": "principal_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport( + name="name_value", + description="description_value", + filter="filter_value", + dataset="dataset_value", + most_recent_editor="most_recent_editor_value", + principal="principal_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_big_query_export(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, bigquery_export.BigQueryExport) + assert response.name == "name_value" + assert response.description == "description_value" + assert response.filter == "filter_value" + assert response.dataset == "dataset_value" + assert response.most_recent_editor == "most_recent_editor_value" + assert response.principal == "principal_value" + + +def test_update_big_query_export_rest_required_fields( + request_type=securitycenter_service.UpdateBigQueryExportRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_big_query_export._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_big_query_export._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_big_query_export(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_big_query_export_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_big_query_export._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("bigQueryExport",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_big_query_export_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_big_query_export" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_big_query_export" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateBigQueryExportRequest.pb( + securitycenter_service.UpdateBigQueryExportRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = bigquery_export.BigQueryExport.to_json( + bigquery_export.BigQueryExport() + ) + + request = securitycenter_service.UpdateBigQueryExportRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = bigquery_export.BigQueryExport() + + client.update_big_query_export( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_big_query_export_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateBigQueryExportRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "big_query_export": {"name": "organizations/sample1/bigQueryExports/sample2"} + } + request_init["big_query_export"] = { + "name": "organizations/sample1/bigQueryExports/sample2", + "description": "description_value", + "filter": "filter_value", + "dataset": "dataset_value", + "create_time": {"seconds": 751, "nanos": 543}, + "update_time": {}, + "most_recent_editor": "most_recent_editor_value", + "principal": "principal_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_big_query_export(request) + + +def test_update_big_query_export_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = bigquery_export.BigQueryExport() + + # get arguments that satisfy an http rule for this method + sample_request = { + "big_query_export": { + "name": "organizations/sample1/bigQueryExports/sample2" + } + } + + # get truthy value for each flattened field + mock_args = dict( + big_query_export=bigquery_export.BigQueryExport(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = bigquery_export.BigQueryExport.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_big_query_export(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{big_query_export.name=organizations/*/bigQueryExports/*}" + % client.transport._host, + args[1], + ) + + +def test_update_big_query_export_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_big_query_export( + securitycenter_service.UpdateBigQueryExportRequest(), + big_query_export=bigquery_export.BigQueryExport(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_big_query_export_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListBigQueryExportsRequest, + dict, + ], +) +def test_list_big_query_exports_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListBigQueryExportsResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListBigQueryExportsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_big_query_exports(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListBigQueryExportsPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_big_query_exports_rest_required_fields( + request_type=securitycenter_service.ListBigQueryExportsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_big_query_exports._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_big_query_exports._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "page_size", + "page_token", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListBigQueryExportsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListBigQueryExportsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_big_query_exports(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_big_query_exports_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_big_query_exports._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "pageSize", + "pageToken", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_big_query_exports_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_big_query_exports" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_big_query_exports" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListBigQueryExportsRequest.pb( + securitycenter_service.ListBigQueryExportsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + securitycenter_service.ListBigQueryExportsResponse.to_json( + securitycenter_service.ListBigQueryExportsResponse() + ) + ) + + request = securitycenter_service.ListBigQueryExportsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListBigQueryExportsResponse() + + client.list_big_query_exports( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_big_query_exports_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.ListBigQueryExportsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_big_query_exports(request) + + +def test_list_big_query_exports_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListBigQueryExportsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListBigQueryExportsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_big_query_exports(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=organizations/*}/bigQueryExports" % client.transport._host, + args[1], + ) + + +def test_list_big_query_exports_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_big_query_exports( + securitycenter_service.ListBigQueryExportsRequest(), + parent="parent_value", + ) + + +def test_list_big_query_exports_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListBigQueryExportsResponse( + big_query_exports=[ + bigquery_export.BigQueryExport(), + bigquery_export.BigQueryExport(), + bigquery_export.BigQueryExport(), + ], + next_page_token="abc", + ), + securitycenter_service.ListBigQueryExportsResponse( + big_query_exports=[], + next_page_token="def", + ), + securitycenter_service.ListBigQueryExportsResponse( + big_query_exports=[ + bigquery_export.BigQueryExport(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListBigQueryExportsResponse( + big_query_exports=[ + bigquery_export.BigQueryExport(), + bigquery_export.BigQueryExport(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListBigQueryExportsResponse.to_json(x) + for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_big_query_exports(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, bigquery_export.BigQueryExport) for i in results) + + pages = list(client.list_big_query_exports(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide an api_key and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + options = client_options.ClientOptions() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options=options, + transport=transport, + ) + + # It is an error to provide an api_key and a credential. + options = mock.Mock() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options=options, credentials=ga_credentials.AnonymousCredentials() + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options={"scopes": ["1", "2"]}, + transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = SecurityCenterClient(transport=transport) + assert client.transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.SecurityCenterGrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + transports.SecurityCenterRestTransport, + ], +) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + + +@pytest.mark.parametrize( + "transport_name", + [ + "grpc", + "rest", + ], +) +def test_transport_kind(transport_name): + transport = SecurityCenterClient.get_transport_class(transport_name)( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert transport.kind == transport_name + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance( + client.transport, + transports.SecurityCenterGrpcTransport, + ) + + +def test_security_center_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.SecurityCenterTransport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_security_center_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.securitycenter_v1.services.security_center.transports.SecurityCenterTransport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.SecurityCenterTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + "bulk_mute_findings", + "create_source", + "create_finding", + "create_mute_config", + "create_notification_config", + "delete_mute_config", + "delete_notification_config", + "get_big_query_export", + "get_iam_policy", + "get_mute_config", + "get_notification_config", + "get_organization_settings", + "get_source", "group_assets", "group_findings", "list_assets", @@ -11525,776 +23006,1747 @@ def test_security_center_base_transport(): "delete_big_query_export", "update_big_query_export", "list_big_query_exports", + "get_operation", + "cancel_operation", + "delete_operation", + "list_operations", + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + with pytest.raises(NotImplementedError): + transport.close() + + # Additionally, the LRO client (a property) should + # also raise NotImplementedError + with pytest.raises(NotImplementedError): + transport.operations_client + + # Catch all for all remaining methods and properties + remainder = [ + "kind", + ] + for r in remainder: + with pytest.raises(NotImplementedError): + getattr(transport, r)() + + +def test_security_center_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.securitycenter_v1.services.security_center.transports.SecurityCenterTransport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.SecurityCenterTransport( + credentials_file="credentials.json", + quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +def test_security_center_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( + "google.cloud.securitycenter_v1.services.security_center.transports.SecurityCenterTransport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.SecurityCenterTransport() + adc.assert_called_once() + + +def test_security_center_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + SecurityCenterClient() + adc.assert_called_once_with( + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + transports.SecurityCenterRestTransport, + ], +) +def test_security_center_transport_auth_gdch_credentials(transport_class): + host = "https://language.com" + api_audience_tests = [None, "https://language2.com"] + api_audience_expect = [host, "https://language2.com"] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, "default", autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock( + return_value=gdch_mock + ) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with(e) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.SecurityCenterGrpcTransport, grpc_helpers), + (transports.SecurityCenterGrpcAsyncIOTransport, grpc_helpers_async), + ], +) +def test_security_center_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + + create_channel.assert_called_with( + "securitycenter.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=["1", "2"], + default_host="securitycenter.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_class): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + +def test_security_center_http_transport_client_cert_source_for_mtls(): + cred = ga_credentials.AnonymousCredentials() + with mock.patch( + "google.auth.transport.requests.AuthorizedSession.configure_mtls_channel" + ) as mock_configure_mtls_channel: + transports.SecurityCenterRestTransport( + credentials=cred, client_cert_source_for_mtls=client_cert_source_callback + ) + mock_configure_mtls_channel.assert_called_once_with(client_cert_source_callback) + + +def test_security_center_rest_lro_client(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.AbstractOperationsClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + +@pytest.mark.parametrize( + "transport_name", + [ + "grpc", + "grpc_asyncio", + "rest", + ], +) +def test_security_center_host_no_port(transport_name): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="securitycenter.googleapis.com" + ), + transport=transport_name, + ) + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) + + +@pytest.mark.parametrize( + "transport_name", + [ + "grpc", + "grpc_asyncio", + "rest", + ], +) +def test_security_center_host_with_port(transport_name): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="securitycenter.googleapis.com:8000" + ), + transport=transport_name, + ) + assert client.transport._host == ( + "securitycenter.googleapis.com:8000" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com:8000" + ) + + +@pytest.mark.parametrize( + "transport_name", + [ + "rest", + ], +) +def test_security_center_client_transport_session_collision(transport_name): + creds1 = ga_credentials.AnonymousCredentials() + creds2 = ga_credentials.AnonymousCredentials() + client1 = SecurityCenterClient( + credentials=creds1, + transport=transport_name, + ) + client2 = SecurityCenterClient( + credentials=creds2, + transport=transport_name, + ) + session1 = client1.transport.bulk_mute_findings._session + session2 = client2.transport.bulk_mute_findings._session + assert session1 != session2 + session1 = client1.transport.create_source._session + session2 = client2.transport.create_source._session + assert session1 != session2 + session1 = client1.transport.create_finding._session + session2 = client2.transport.create_finding._session + assert session1 != session2 + session1 = client1.transport.create_mute_config._session + session2 = client2.transport.create_mute_config._session + assert session1 != session2 + session1 = client1.transport.create_notification_config._session + session2 = client2.transport.create_notification_config._session + assert session1 != session2 + session1 = client1.transport.delete_mute_config._session + session2 = client2.transport.delete_mute_config._session + assert session1 != session2 + session1 = client1.transport.delete_notification_config._session + session2 = client2.transport.delete_notification_config._session + assert session1 != session2 + session1 = client1.transport.get_big_query_export._session + session2 = client2.transport.get_big_query_export._session + assert session1 != session2 + session1 = client1.transport.get_iam_policy._session + session2 = client2.transport.get_iam_policy._session + assert session1 != session2 + session1 = client1.transport.get_mute_config._session + session2 = client2.transport.get_mute_config._session + assert session1 != session2 + session1 = client1.transport.get_notification_config._session + session2 = client2.transport.get_notification_config._session + assert session1 != session2 + session1 = client1.transport.get_organization_settings._session + session2 = client2.transport.get_organization_settings._session + assert session1 != session2 + session1 = client1.transport.get_source._session + session2 = client2.transport.get_source._session + assert session1 != session2 + session1 = client1.transport.group_assets._session + session2 = client2.transport.group_assets._session + assert session1 != session2 + session1 = client1.transport.group_findings._session + session2 = client2.transport.group_findings._session + assert session1 != session2 + session1 = client1.transport.list_assets._session + session2 = client2.transport.list_assets._session + assert session1 != session2 + session1 = client1.transport.list_findings._session + session2 = client2.transport.list_findings._session + assert session1 != session2 + session1 = client1.transport.list_mute_configs._session + session2 = client2.transport.list_mute_configs._session + assert session1 != session2 + session1 = client1.transport.list_notification_configs._session + session2 = client2.transport.list_notification_configs._session + assert session1 != session2 + session1 = client1.transport.list_sources._session + session2 = client2.transport.list_sources._session + assert session1 != session2 + session1 = client1.transport.run_asset_discovery._session + session2 = client2.transport.run_asset_discovery._session + assert session1 != session2 + session1 = client1.transport.set_finding_state._session + session2 = client2.transport.set_finding_state._session + assert session1 != session2 + session1 = client1.transport.set_mute._session + session2 = client2.transport.set_mute._session + assert session1 != session2 + session1 = client1.transport.set_iam_policy._session + session2 = client2.transport.set_iam_policy._session + assert session1 != session2 + session1 = client1.transport.test_iam_permissions._session + session2 = client2.transport.test_iam_permissions._session + assert session1 != session2 + session1 = client1.transport.update_external_system._session + session2 = client2.transport.update_external_system._session + assert session1 != session2 + session1 = client1.transport.update_finding._session + session2 = client2.transport.update_finding._session + assert session1 != session2 + session1 = client1.transport.update_mute_config._session + session2 = client2.transport.update_mute_config._session + assert session1 != session2 + session1 = client1.transport.update_notification_config._session + session2 = client2.transport.update_notification_config._session + assert session1 != session2 + session1 = client1.transport.update_organization_settings._session + session2 = client2.transport.update_organization_settings._session + assert session1 != session2 + session1 = client1.transport.update_source._session + session2 = client2.transport.update_source._session + assert session1 != session2 + session1 = client1.transport.update_security_marks._session + session2 = client2.transport.update_security_marks._session + assert session1 != session2 + session1 = client1.transport.create_big_query_export._session + session2 = client2.transport.create_big_query_export._session + assert session1 != session2 + session1 = client1.transport.delete_big_query_export._session + session2 = client2.transport.delete_big_query_export._session + assert session1 != session2 + session1 = client1.transport.update_big_query_export._session + session2 = client2.transport.update_big_query_export._session + assert session1 != session2 + session1 = client1.transport.list_big_query_exports._session + session2 = client2.transport.list_big_query_exports._session + assert session1 != session2 + + +def test_security_center_grpc_transport_channel(): + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.SecurityCenterGrpcTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_security_center_grpc_asyncio_transport_channel(): + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.SecurityCenterGrpcAsyncIOTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_channel_mtls_with_client_cert_source( + transport_class, +): + with mock.patch( + "grpc.ssl_channel_credentials", autospec=True + ) as grpc_ssl_channel_cred: + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_channel_mtls_with_adc(transport_class): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_security_center_grpc_lro_client(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.OperationsClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + +def test_security_center_grpc_lro_async_client(): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc_asyncio", + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.OperationsAsyncClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + +def test_asset_path(): + organization = "squid" + asset = "clam" + expected = "organizations/{organization}/assets/{asset}".format( + organization=organization, + asset=asset, + ) + actual = SecurityCenterClient.asset_path(organization, asset) + assert expected == actual + + +def test_parse_asset_path(): + expected = { + "organization": "whelk", + "asset": "octopus", + } + path = SecurityCenterClient.asset_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_asset_path(path) + assert expected == actual + + +def test_big_query_export_path(): + organization = "oyster" + export = "nudibranch" + expected = "organizations/{organization}/bigQueryExports/{export}".format( + organization=organization, + export=export, + ) + actual = SecurityCenterClient.big_query_export_path(organization, export) + assert expected == actual + + +def test_parse_big_query_export_path(): + expected = { + "organization": "cuttlefish", + "export": "mussel", + } + path = SecurityCenterClient.big_query_export_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_big_query_export_path(path) + assert expected == actual + + +def test_external_system_path(): + organization = "winkle" + source = "nautilus" + finding = "scallop" + externalsystem = "abalone" + expected = "organizations/{organization}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}".format( + organization=organization, + source=source, + finding=finding, + externalsystem=externalsystem, + ) + actual = SecurityCenterClient.external_system_path( + organization, source, finding, externalsystem + ) + assert expected == actual + + +def test_parse_external_system_path(): + expected = { + "organization": "squid", + "source": "clam", + "finding": "whelk", + "externalsystem": "octopus", + } + path = SecurityCenterClient.external_system_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_external_system_path(path) + assert expected == actual + + +def test_finding_path(): + organization = "oyster" + source = "nudibranch" + finding = "cuttlefish" + expected = ( + "organizations/{organization}/sources/{source}/findings/{finding}".format( + organization=organization, + source=source, + finding=finding, + ) + ) + actual = SecurityCenterClient.finding_path(organization, source, finding) + assert expected == actual + + +def test_parse_finding_path(): + expected = { + "organization": "mussel", + "source": "winkle", + "finding": "nautilus", + } + path = SecurityCenterClient.finding_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_finding_path(path) + assert expected == actual + + +def test_mute_config_path(): + organization = "scallop" + mute_config = "abalone" + expected = "organizations/{organization}/muteConfigs/{mute_config}".format( + organization=organization, + mute_config=mute_config, + ) + actual = SecurityCenterClient.mute_config_path(organization, mute_config) + assert expected == actual + + +def test_parse_mute_config_path(): + expected = { + "organization": "squid", + "mute_config": "clam", + } + path = SecurityCenterClient.mute_config_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_mute_config_path(path) + assert expected == actual + + +def test_notification_config_path(): + organization = "whelk" + notification_config = "octopus" + expected = ( + "organizations/{organization}/notificationConfigs/{notification_config}".format( + organization=organization, + notification_config=notification_config, + ) + ) + actual = SecurityCenterClient.notification_config_path( + organization, notification_config + ) + assert expected == actual + + +def test_parse_notification_config_path(): + expected = { + "organization": "oyster", + "notification_config": "nudibranch", + } + path = SecurityCenterClient.notification_config_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_notification_config_path(path) + assert expected == actual + + +def test_organization_settings_path(): + organization = "cuttlefish" + expected = "organizations/{organization}/organizationSettings".format( + organization=organization, + ) + actual = SecurityCenterClient.organization_settings_path(organization) + assert expected == actual + + +def test_parse_organization_settings_path(): + expected = { + "organization": "mussel", + } + path = SecurityCenterClient.organization_settings_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_organization_settings_path(path) + assert expected == actual + + +def test_security_marks_path(): + organization = "winkle" + asset = "nautilus" + expected = "organizations/{organization}/assets/{asset}/securityMarks".format( + organization=organization, + asset=asset, + ) + actual = SecurityCenterClient.security_marks_path(organization, asset) + assert expected == actual + + +def test_parse_security_marks_path(): + expected = { + "organization": "scallop", + "asset": "abalone", + } + path = SecurityCenterClient.security_marks_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_security_marks_path(path) + assert expected == actual + + +def test_source_path(): + organization = "squid" + source = "clam" + expected = "organizations/{organization}/sources/{source}".format( + organization=organization, + source=source, + ) + actual = SecurityCenterClient.source_path(organization, source) + assert expected == actual + + +def test_parse_source_path(): + expected = { + "organization": "whelk", + "source": "octopus", + } + path = SecurityCenterClient.source_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_source_path(path) + assert expected == actual + + +def test_topic_path(): + project = "oyster" + topic = "nudibranch" + expected = "projects/{project}/topics/{topic}".format( + project=project, + topic=topic, + ) + actual = SecurityCenterClient.topic_path(project, topic) + assert expected == actual + + +def test_parse_topic_path(): + expected = { + "project": "cuttlefish", + "topic": "mussel", + } + path = SecurityCenterClient.topic_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_topic_path(path) + assert expected == actual + + +def test_common_billing_account_path(): + billing_account = "winkle" + expected = "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + actual = SecurityCenterClient.common_billing_account_path(billing_account) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "nautilus", + } + path = SecurityCenterClient.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_common_billing_account_path(path) + assert expected == actual + + +def test_common_folder_path(): + folder = "scallop" + expected = "folders/{folder}".format( + folder=folder, + ) + actual = SecurityCenterClient.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "abalone", + } + path = SecurityCenterClient.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_common_folder_path(path) + assert expected == actual + + +def test_common_organization_path(): + organization = "squid" + expected = "organizations/{organization}".format( + organization=organization, + ) + actual = SecurityCenterClient.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "clam", + } + path = SecurityCenterClient.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_common_organization_path(path) + assert expected == actual + + +def test_common_project_path(): + project = "whelk" + expected = "projects/{project}".format( + project=project, + ) + actual = SecurityCenterClient.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "octopus", + } + path = SecurityCenterClient.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_common_project_path(path) + assert expected == actual + + +def test_common_location_path(): + project = "oyster" + location = "nudibranch" + expected = "projects/{project}/locations/{location}".format( + project=project, + location=location, ) - for method in methods: - with pytest.raises(NotImplementedError): - getattr(transport, method)(request=object()) + actual = SecurityCenterClient.common_location_path(project, location) + assert expected == actual - with pytest.raises(NotImplementedError): - transport.close() - # Additionally, the LRO client (a property) should - # also raise NotImplementedError - with pytest.raises(NotImplementedError): - transport.operations_client +def test_parse_common_location_path(): + expected = { + "project": "cuttlefish", + "location": "mussel", + } + path = SecurityCenterClient.common_location_path(**expected) - # Catch all for all remaining methods and properties - remainder = [ - "kind", - ] - for r in remainder: - with pytest.raises(NotImplementedError): - getattr(transport, r)() + # Check that the path construction is reversible. + actual = SecurityCenterClient.parse_common_location_path(path) + assert expected == actual -def test_security_center_base_transport_with_credentials_file(): - # Instantiate the base transport with a credentials file +def test_client_with_default_client_info(): + client_info = gapic_v1.client_info.ClientInfo() + with mock.patch.object( - google.auth, "load_credentials_from_file", autospec=True - ) as load_creds, mock.patch( - "google.cloud.securitycenter_v1.services.security_center.transports.SecurityCenterTransport._prep_wrapped_messages" - ) as Transport: - Transport.return_value = None - load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.SecurityCenterTransport( - credentials_file="credentials.json", - quota_project_id="octopus", + transports.SecurityCenterTransport, "_prep_wrapped_messages" + ) as prep: + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, ) - load_creds.assert_called_once_with( - "credentials.json", - scopes=None, - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - quota_project_id="octopus", + prep.assert_called_once_with(client_info) + + with mock.patch.object( + transports.SecurityCenterTransport, "_prep_wrapped_messages" + ) as prep: + transport_class = SecurityCenterClient.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, ) + prep.assert_called_once_with(client_info) -def test_security_center_base_transport_with_adc(): - # Test the default credentials are used if credentials and credentials_file are None. - with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( - "google.cloud.securitycenter_v1.services.security_center.transports.SecurityCenterTransport._prep_wrapped_messages" - ) as Transport: - Transport.return_value = None - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.SecurityCenterTransport() - adc.assert_called_once() +@pytest.mark.asyncio +async def test_transport_close_async(): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc_asyncio", + ) + with mock.patch.object( + type(getattr(client.transport, "grpc_channel")), "close" + ) as close: + async with client: + close.assert_not_called() + close.assert_called_once() -def test_security_center_auth_adc(): - # If no credentials are provided, we should use ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - SecurityCenterClient() - adc.assert_called_once_with( - scopes=None, - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - quota_project_id=None, - ) +def test_cancel_operation_rest_bad_request( + transport: str = "rest", request_type=operations_pb2.CancelOperationRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + request = request_type() + request = json_format.ParseDict( + {"name": "organizations/sample1/operations/sample2"}, request + ) -@pytest.mark.parametrize( - "transport_class", - [ - transports.SecurityCenterGrpcTransport, - transports.SecurityCenterGrpcAsyncIOTransport, - ], -) -def test_security_center_transport_auth_adc(transport_class): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class(quota_project_id="octopus", scopes=["1", "2"]) - adc.assert_called_once_with( - scopes=["1", "2"], - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - quota_project_id="octopus", - ) + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.cancel_operation(request) @pytest.mark.parametrize( - "transport_class", + "request_type", [ - transports.SecurityCenterGrpcTransport, - transports.SecurityCenterGrpcAsyncIOTransport, + operations_pb2.CancelOperationRequest, + dict, ], ) -def test_security_center_transport_auth_gdch_credentials(transport_class): - host = "https://language.com" - api_audience_tests = [None, "https://language2.com"] - api_audience_expect = [host, "https://language2.com"] - for t, e in zip(api_audience_tests, api_audience_expect): - with mock.patch.object(google.auth, "default", autospec=True) as adc: - gdch_mock = mock.MagicMock() - type(gdch_mock).with_gdch_audience = mock.PropertyMock( - return_value=gdch_mock - ) - adc.return_value = (gdch_mock, None) - transport_class(host=host, api_audience=t) - gdch_mock.with_gdch_audience.assert_called_once_with(e) +def test_cancel_operation_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request_init = {"name": "organizations/sample1/operations/sample2"} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "{}" -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.SecurityCenterGrpcTransport, grpc_helpers), - (transports.SecurityCenterGrpcAsyncIOTransport, grpc_helpers_async), - ], -) -def test_security_center_transport_create_channel(transport_class, grpc_helpers): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object( - google.auth, "default", autospec=True - ) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - transport_class(quota_project_id="octopus", scopes=["1", "2"]) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value - create_channel.assert_called_with( - "securitycenter.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - scopes=["1", "2"], - default_host="securitycenter.googleapis.com", - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) + response = client.cancel_operation(request) + # Establish that the response is the type that we expect. + assert response is None -@pytest.mark.parametrize( - "transport_class", - [ - transports.SecurityCenterGrpcTransport, - transports.SecurityCenterGrpcAsyncIOTransport, - ], -) -def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_class): - cred = ga_credentials.AnonymousCredentials() - # Check ssl_channel_credentials is used if provided. - with mock.patch.object(transport_class, "create_channel") as mock_create_channel: - mock_ssl_channel_creds = mock.Mock() - transport_class( - host="squid.clam.whelk", - credentials=cred, - ssl_channel_credentials=mock_ssl_channel_creds, - ) - mock_create_channel.assert_called_once_with( - "squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_channel_creds, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) +def test_delete_operation_rest_bad_request( + transport: str = "rest", request_type=operations_pb2.DeleteOperationRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) - # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls - # is used. - with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): - with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: - transport_class( - credentials=cred, - client_cert_source_for_mtls=client_cert_source_callback, - ) - expected_cert, expected_key = client_cert_source_callback() - mock_ssl_cred.assert_called_once_with( - certificate_chain=expected_cert, private_key=expected_key - ) + request = request_type() + request = json_format.ParseDict( + {"name": "organizations/sample1/operations/sample2"}, request + ) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.delete_operation(request) @pytest.mark.parametrize( - "transport_name", + "request_type", [ - "grpc", - "grpc_asyncio", + operations_pb2.DeleteOperationRequest, + dict, ], ) -def test_security_center_host_no_port(transport_name): +def test_delete_operation_rest(request_type): client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions( - api_endpoint="securitycenter.googleapis.com" - ), - transport=transport_name, + transport="rest", + ) + request_init = {"name": "organizations/sample1/operations/sample2"} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "{}" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.delete_operation(request) + + # Establish that the response is the type that we expect. + assert response is None + + +def test_get_operation_rest_bad_request( + transport: str = "rest", request_type=operations_pb2.GetOperationRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + request = request_type() + request = json_format.ParseDict( + {"name": "organizations/sample1/operations/sample2"}, request ) - assert client.transport._host == ("securitycenter.googleapis.com:443") + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_operation(request) @pytest.mark.parametrize( - "transport_name", + "request_type", [ - "grpc", - "grpc_asyncio", + operations_pb2.GetOperationRequest, + dict, ], ) -def test_security_center_host_with_port(transport_name): +def test_get_operation_rest(request_type): client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions( - api_endpoint="securitycenter.googleapis.com:8000" - ), - transport=transport_name, + transport="rest", ) - assert client.transport._host == ("securitycenter.googleapis.com:8000") + request_init = {"name": "organizations/sample1/operations/sample2"} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation() + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) -def test_security_center_grpc_transport_channel(): - channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value - # Check that channel is used if provided. - transport = transports.SecurityCenterGrpcTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None + response = client.get_operation(request) + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.Operation) -def test_security_center_grpc_asyncio_transport_channel(): - channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) - # Check that channel is used if provided. - transport = transports.SecurityCenterGrpcAsyncIOTransport( - host="squid.clam.whelk", - channel=channel, +def test_list_operations_rest_bad_request( + transport: str = "rest", request_type=operations_pb2.ListOperationsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None + + request = request_type() + request = json_format.ParseDict( + {"name": "organizations/sample1/operations"}, request + ) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_operations(request) -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. @pytest.mark.parametrize( - "transport_class", + "request_type", [ - transports.SecurityCenterGrpcTransport, - transports.SecurityCenterGrpcAsyncIOTransport, + operations_pb2.ListOperationsRequest, + dict, ], ) -def test_security_center_transport_channel_mtls_with_client_cert_source( - transport_class, -): - with mock.patch( - "grpc.ssl_channel_credentials", autospec=True - ) as grpc_ssl_channel_cred: - with mock.patch.object( - transport_class, "create_channel" - ) as grpc_create_channel: - mock_ssl_cred = mock.Mock() - grpc_ssl_channel_cred.return_value = mock_ssl_cred +def test_list_operations_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request_init = {"name": "organizations/sample1/operations"} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.ListOperationsResponse() - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) - cred = ga_credentials.AnonymousCredentials() - with pytest.warns(DeprecationWarning): - with mock.patch.object(google.auth, "default") as adc: - adc.return_value = (cred, None) - transport = transport_class( - host="squid.clam.whelk", - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=client_cert_source_callback, - ) - adc.assert_called_once() + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value - grpc_ssl_channel_cred.assert_called_once_with( - certificate_chain=b"cert bytes", private_key=b"key bytes" - ) - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - assert transport._ssl_channel_credentials == mock_ssl_cred + response = client.list_operations(request) + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.ListOperationsResponse) -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize( - "transport_class", - [ - transports.SecurityCenterGrpcTransport, - transports.SecurityCenterGrpcAsyncIOTransport, - ], -) -def test_security_center_transport_channel_mtls_with_adc(transport_class): - mock_ssl_cred = mock.Mock() - with mock.patch.multiple( - "google.auth.transport.grpc.SslCredentials", - __init__=mock.Mock(return_value=None), - ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), - ): - with mock.patch.object( - transport_class, "create_channel" - ) as grpc_create_channel: - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - mock_cred = mock.Mock() - with pytest.warns(DeprecationWarning): - transport = transport_class( - host="squid.clam.whelk", - credentials=mock_cred, - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=None, - ) +def test_delete_operation(transport: str = "grpc"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=mock_cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.DeleteOperationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + response = client.delete_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + # Establish that the response is the type that we expect. + assert response is None -def test_security_center_grpc_lro_client(): - client = SecurityCenterClient( + +@pytest.mark.asyncio +async def test_delete_operation_async(transport: str = "grpc"): + client = SecurityCenterAsyncClient( credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", + transport=transport, ) - transport = client.transport - # Ensure that we have a api-core operations client. - assert isinstance( - transport.operations_client, - operations_v1.OperationsClient, + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.DeleteOperationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + response = await client.delete_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert response is None + + +def test_delete_operation_field_headers(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), ) - # Ensure that subsequent calls to the property send the exact same object. - assert transport.operations_client is transport.operations_client + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.DeleteOperationRequest() + request.name = "locations" + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + call.return_value = None -def test_security_center_grpc_lro_async_client(): + client.delete_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_delete_operation_field_headers_async(): client = SecurityCenterAsyncClient( credentials=ga_credentials.AnonymousCredentials(), - transport="grpc_asyncio", ) - transport = client.transport - # Ensure that we have a api-core operations client. - assert isinstance( - transport.operations_client, - operations_v1.OperationsAsyncClient, - ) + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.DeleteOperationRequest() + request.name = "locations" - # Ensure that subsequent calls to the property send the exact same object. - assert transport.operations_client is transport.operations_client + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + await client.delete_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] -def test_asset_path(): - organization = "squid" - asset = "clam" - expected = "organizations/{organization}/assets/{asset}".format( - organization=organization, - asset=asset, +def test_delete_operation_from_dict(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), ) - actual = SecurityCenterClient.asset_path(organization, asset) - assert expected == actual + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + response = client.delete_operation( + request={ + "name": "locations", + } + ) + call.assert_called() -def test_parse_asset_path(): - expected = { - "organization": "whelk", - "asset": "octopus", - } - path = SecurityCenterClient.asset_path(**expected) - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_asset_path(path) - assert expected == actual +@pytest.mark.asyncio +async def test_delete_operation_from_dict_async(): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + response = await client.delete_operation( + request={ + "name": "locations", + } + ) + call.assert_called() -def test_big_query_export_path(): - organization = "oyster" - export = "nudibranch" - expected = "organizations/{organization}/bigQueryExports/{export}".format( - organization=organization, - export=export, +def test_cancel_operation(transport: str = "grpc"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - actual = SecurityCenterClient.big_query_export_path(organization, export) - assert expected == actual + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.CancelOperationRequest() -def test_parse_big_query_export_path(): - expected = { - "organization": "cuttlefish", - "export": "mussel", - } - path = SecurityCenterClient.big_query_export_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.cancel_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + response = client.cancel_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_big_query_export_path(path) - assert expected == actual + # Establish that the response is the type that we expect. + assert response is None -def test_external_system_path(): - organization = "winkle" - source = "nautilus" - finding = "scallop" - externalsystem = "abalone" - expected = "organizations/{organization}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}".format( - organization=organization, - source=source, - finding=finding, - externalsystem=externalsystem, - ) - actual = SecurityCenterClient.external_system_path( - organization, source, finding, externalsystem +@pytest.mark.asyncio +async def test_cancel_operation_async(transport: str = "grpc"): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - assert expected == actual + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.CancelOperationRequest() -def test_parse_external_system_path(): - expected = { - "organization": "squid", - "source": "clam", - "finding": "whelk", - "externalsystem": "octopus", - } - path = SecurityCenterClient.external_system_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.cancel_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + response = await client.cancel_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_external_system_path(path) - assert expected == actual + # Establish that the response is the type that we expect. + assert response is None -def test_finding_path(): - organization = "oyster" - source = "nudibranch" - finding = "cuttlefish" - expected = ( - "organizations/{organization}/sources/{source}/findings/{finding}".format( - organization=organization, - source=source, - finding=finding, - ) +def test_cancel_operation_field_headers(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), ) - actual = SecurityCenterClient.finding_path(organization, source, finding) - assert expected == actual + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.CancelOperationRequest() + request.name = "locations" -def test_parse_finding_path(): - expected = { - "organization": "mussel", - "source": "winkle", - "finding": "nautilus", - } - path = SecurityCenterClient.finding_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.cancel_operation), "__call__") as call: + call.return_value = None - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_finding_path(path) - assert expected == actual + client.cancel_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] -def test_mute_config_path(): - organization = "scallop" - mute_config = "abalone" - expected = "organizations/{organization}/muteConfigs/{mute_config}".format( - organization=organization, - mute_config=mute_config, +@pytest.mark.asyncio +async def test_cancel_operation_field_headers_async(): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), ) - actual = SecurityCenterClient.mute_config_path(organization, mute_config) - assert expected == actual + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.CancelOperationRequest() + request.name = "locations" -def test_parse_mute_config_path(): - expected = { - "organization": "squid", - "mute_config": "clam", - } - path = SecurityCenterClient.mute_config_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.cancel_operation), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + await client.cancel_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_mute_config_path(path) - assert expected == actual + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] -def test_notification_config_path(): - organization = "whelk" - notification_config = "octopus" - expected = ( - "organizations/{organization}/notificationConfigs/{notification_config}".format( - organization=organization, - notification_config=notification_config, - ) - ) - actual = SecurityCenterClient.notification_config_path( - organization, notification_config +def test_cancel_operation_from_dict(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), ) - assert expected == actual + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.cancel_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + response = client.cancel_operation( + request={ + "name": "locations", + } + ) + call.assert_called() -def test_parse_notification_config_path(): - expected = { - "organization": "oyster", - "notification_config": "nudibranch", - } - path = SecurityCenterClient.notification_config_path(**expected) - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_notification_config_path(path) - assert expected == actual +@pytest.mark.asyncio +async def test_cancel_operation_from_dict_async(): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.cancel_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + response = await client.cancel_operation( + request={ + "name": "locations", + } + ) + call.assert_called() -def test_organization_settings_path(): - organization = "cuttlefish" - expected = "organizations/{organization}/organizationSettings".format( - organization=organization, +def test_get_operation(transport: str = "grpc"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - actual = SecurityCenterClient.organization_settings_path(organization) - assert expected == actual + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.GetOperationRequest() -def test_parse_organization_settings_path(): - expected = { - "organization": "mussel", - } - path = SecurityCenterClient.organization_settings_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation() + response = client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_organization_settings_path(path) - assert expected == actual + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.Operation) -def test_security_marks_path(): - organization = "winkle" - asset = "nautilus" - expected = "organizations/{organization}/assets/{asset}/securityMarks".format( - organization=organization, - asset=asset, +@pytest.mark.asyncio +async def test_get_operation_async(transport: str = "grpc"): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - actual = SecurityCenterClient.security_marks_path(organization, asset) - assert expected == actual - -def test_parse_security_marks_path(): - expected = { - "organization": "scallop", - "asset": "abalone", - } - path = SecurityCenterClient.security_marks_path(**expected) + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.GetOperationRequest() - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_security_marks_path(path) - assert expected == actual + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + response = await client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.Operation) -def test_source_path(): - organization = "squid" - source = "clam" - expected = "organizations/{organization}/sources/{source}".format( - organization=organization, - source=source, + +def test_get_operation_field_headers(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), ) - actual = SecurityCenterClient.source_path(organization, source) - assert expected == actual + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.GetOperationRequest() + request.name = "locations" -def test_parse_source_path(): - expected = { - "organization": "whelk", - "source": "octopus", - } - path = SecurityCenterClient.source_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + call.return_value = operations_pb2.Operation() - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_source_path(path) - assert expected == actual + client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] -def test_topic_path(): - project = "oyster" - topic = "nudibranch" - expected = "projects/{project}/topics/{topic}".format( - project=project, - topic=topic, + +@pytest.mark.asyncio +async def test_get_operation_field_headers_async(): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), ) - actual = SecurityCenterClient.topic_path(project, topic) - assert expected == actual + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.GetOperationRequest() + request.name = "locations" -def test_parse_topic_path(): - expected = { - "project": "cuttlefish", - "topic": "mussel", - } - path = SecurityCenterClient.topic_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + await client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_topic_path(path) - assert expected == actual + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] -def test_common_billing_account_path(): - billing_account = "winkle" - expected = "billingAccounts/{billing_account}".format( - billing_account=billing_account, +def test_get_operation_from_dict(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), ) - actual = SecurityCenterClient.common_billing_account_path(billing_account) - assert expected == actual + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation() + response = client.get_operation( + request={ + "name": "locations", + } + ) + call.assert_called() -def test_parse_common_billing_account_path(): - expected = { - "billing_account": "nautilus", - } - path = SecurityCenterClient.common_billing_account_path(**expected) - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_common_billing_account_path(path) - assert expected == actual +@pytest.mark.asyncio +async def test_get_operation_from_dict_async(): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + response = await client.get_operation( + request={ + "name": "locations", + } + ) + call.assert_called() -def test_common_folder_path(): - folder = "scallop" - expected = "folders/{folder}".format( - folder=folder, +def test_list_operations(transport: str = "grpc"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - actual = SecurityCenterClient.common_folder_path(folder) - assert expected == actual + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.ListOperationsRequest() -def test_parse_common_folder_path(): - expected = { - "folder": "abalone", - } - path = SecurityCenterClient.common_folder_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.ListOperationsResponse() + response = client.list_operations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_common_folder_path(path) - assert expected == actual + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.ListOperationsResponse) -def test_common_organization_path(): - organization = "squid" - expected = "organizations/{organization}".format( - organization=organization, +@pytest.mark.asyncio +async def test_list_operations_async(transport: str = "grpc"): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - actual = SecurityCenterClient.common_organization_path(organization) - assert expected == actual + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.ListOperationsRequest() -def test_parse_common_organization_path(): - expected = { - "organization": "clam", - } - path = SecurityCenterClient.common_organization_path(**expected) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.ListOperationsResponse() + ) + response = await client.list_operations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_common_organization_path(path) - assert expected == actual + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.ListOperationsResponse) -def test_common_project_path(): - project = "whelk" - expected = "projects/{project}".format( - project=project, +def test_list_operations_field_headers(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), ) - actual = SecurityCenterClient.common_project_path(project) - assert expected == actual + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.ListOperationsRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + call.return_value = operations_pb2.ListOperationsResponse() -def test_parse_common_project_path(): - expected = { - "project": "octopus", - } - path = SecurityCenterClient.common_project_path(**expected) + client.list_operations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_common_project_path(path) - assert expected == actual + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] -def test_common_location_path(): - project = "oyster" - location = "nudibranch" - expected = "projects/{project}/locations/{location}".format( - project=project, - location=location, +@pytest.mark.asyncio +async def test_list_operations_field_headers_async(): + client = SecurityCenterAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), ) - actual = SecurityCenterClient.common_location_path(project, location) - assert expected == actual + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.ListOperationsRequest() + request.name = "locations" -def test_parse_common_location_path(): - expected = { - "project": "cuttlefish", - "location": "mussel", - } - path = SecurityCenterClient.common_location_path(**expected) - - # Check that the path construction is reversible. - actual = SecurityCenterClient.parse_common_location_path(path) - assert expected == actual + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.ListOperationsResponse() + ) + await client.list_operations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=locations", + ) in kw["metadata"] -def test_client_with_default_client_info(): - client_info = gapic_v1.client_info.ClientInfo() - with mock.patch.object( - transports.SecurityCenterTransport, "_prep_wrapped_messages" - ) as prep: - client = SecurityCenterClient( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) +def test_list_operations_from_dict(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.ListOperationsResponse() - with mock.patch.object( - transports.SecurityCenterTransport, "_prep_wrapped_messages" - ) as prep: - transport_class = SecurityCenterClient.get_transport_class() - transport = transport_class( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, + response = client.list_operations( + request={ + "name": "locations", + } ) - prep.assert_called_once_with(client_info) + call.assert_called() @pytest.mark.asyncio -async def test_transport_close_async(): +async def test_list_operations_from_dict_async(): client = SecurityCenterAsyncClient( credentials=ga_credentials.AnonymousCredentials(), - transport="grpc_asyncio", ) - with mock.patch.object( - type(getattr(client.transport, "grpc_channel")), "close" - ) as close: - async with client: - close.assert_not_called() - close.assert_called_once() + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.ListOperationsResponse() + ) + response = await client.list_operations( + request={ + "name": "locations", + } + ) + call.assert_called() def test_transport_close(): transports = { + "rest": "_session", "grpc": "_grpc_channel", } @@ -12312,6 +24764,7 @@ def test_transport_close(): def test_client_ctx(): transports = [ + "rest", "grpc", ] for transport in transports: diff --git a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py index 5ff8b98e..7e44b950 100644 --- a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py @@ -22,6 +22,8 @@ except ImportError: # pragma: NO COVER import mock +from collections.abc import Iterable +import json import math from google.api_core import ( @@ -47,6 +49,7 @@ from google.protobuf import duration_pb2 # type: ignore from google.protobuf import empty_pb2 # type: ignore from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import json_format from google.protobuf import struct_pb2 # type: ignore from google.protobuf import timestamp_pb2 # type: ignore from google.type import expr_pb2 # type: ignore @@ -55,6 +58,8 @@ from proto.marshal.rules import wrappers from proto.marshal.rules.dates import DurationRule, TimestampRule import pytest +from requests import PreparedRequest, Request, Response +from requests.sessions import Session from google.cloud.securitycenter_v1beta1.services.security_center import ( SecurityCenterAsyncClient, @@ -126,6 +131,7 @@ def test__get_default_mtls_endpoint(): [ (SecurityCenterClient, "grpc"), (SecurityCenterAsyncClient, "grpc_asyncio"), + (SecurityCenterClient, "rest"), ], ) def test_security_center_client_from_service_account_info(client_class, transport_name): @@ -139,7 +145,11 @@ def test_security_center_client_from_service_account_info(client_class, transpor assert client.transport._credentials == creds assert isinstance(client, client_class) - assert client.transport._host == ("securitycenter.googleapis.com:443") + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) @pytest.mark.parametrize( @@ -147,6 +157,7 @@ def test_security_center_client_from_service_account_info(client_class, transpor [ (transports.SecurityCenterGrpcTransport, "grpc"), (transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio"), + (transports.SecurityCenterRestTransport, "rest"), ], ) def test_security_center_client_service_account_always_use_jwt( @@ -172,6 +183,7 @@ def test_security_center_client_service_account_always_use_jwt( [ (SecurityCenterClient, "grpc"), (SecurityCenterAsyncClient, "grpc_asyncio"), + (SecurityCenterClient, "rest"), ], ) def test_security_center_client_from_service_account_file(client_class, transport_name): @@ -192,13 +204,18 @@ def test_security_center_client_from_service_account_file(client_class, transpor assert client.transport._credentials == creds assert isinstance(client, client_class) - assert client.transport._host == ("securitycenter.googleapis.com:443") + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) def test_security_center_client_get_transport_class(): transport = SecurityCenterClient.get_transport_class() available_transports = [ transports.SecurityCenterGrpcTransport, + transports.SecurityCenterRestTransport, ] assert transport in available_transports @@ -215,6 +232,7 @@ def test_security_center_client_get_transport_class(): transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest"), ], ) @mock.patch.object( @@ -360,6 +378,8 @@ def test_security_center_client_client_options( "grpc_asyncio", "false", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", "true"), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", "false"), ], ) @mock.patch.object( @@ -559,6 +579,7 @@ def test_security_center_client_get_mtls_endpoint_and_cert_source(client_class): transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest"), ], ) def test_security_center_client_client_options_scopes( @@ -599,6 +620,7 @@ def test_security_center_client_client_options_scopes( "grpc_asyncio", grpc_helpers_async, ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", None), ], ) def test_security_center_client_client_options_credentials_file( @@ -5889,173 +5911,5465 @@ async def test_update_security_marks_flattened_error_async(): ) -def test_credentials_transport_error(): - # It is an error to provide credentials and a transport instance. - transport = transports.SecurityCenterGrpcTransport( +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.CreateSourceRequest, + dict, + ], +) +def test_create_source_rest(request_type): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["source"] = { + "name": "name_value", + "display_name": "display_name_value", + "description": "description_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", ) - # It is an error to provide a credentials file and a transport instance. - transport = transports.SecurityCenterGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options={"credentials_file": "credentials.json"}, - transport=transport, + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + + +def test_create_source_rest_required_fields( + request_type=securitycenter_service.CreateSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, ) + ) - # It is an error to provide an api_key and a transport instance. - transport = transports.SecurityCenterGrpcTransport( + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials ) - options = client_options.ClientOptions() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options=options, - transport=transport, - ) - # It is an error to provide an api_key and a credential. - options = mock.Mock() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options=options, credentials=ga_credentials.AnonymousCredentials() + unset_fields = transport.create_source._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "source", + ) ) + ) - # It is an error to provide scopes and a transport instance. - transport = transports.SecurityCenterGrpcTransport( + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options={"scopes": ["1", "2"]}, - transport=transport, + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateSourceRequest.pb( + securitycenter_service.CreateSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_source.Source.to_json(gcs_source.Source()) + + request = securitycenter_service.CreateSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_source.Source() + + client.create_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], ) + pre.assert_called_once() + post.assert_called_once() -def test_transport_instance(): - # A client may be instantiated with a custom transport instance. - transport = transports.SecurityCenterGrpcTransport( + +def test_create_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.CreateSourceRequest +): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - client = SecurityCenterClient(transport=transport) - assert client.transport is transport + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["source"] = { + "name": "name_value", + "display_name": "display_name_value", + "description": "description_value", + } + request = request_type(**request_init) -def test_transport_get_channel(): - # A client may be instantiated with a custom transport instance. - transport = transports.SecurityCenterGrpcTransport( + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_source(request) + + +def test_create_source_rest_flattened(): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) - channel = transport.grpc_channel - assert channel - transport = transports.SecurityCenterGrpcAsyncIOTransport( + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + source=gcs_source.Source(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.create_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{parent=organizations/*}/sources" % client.transport._host, + args[1], + ) + + +def test_create_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - channel = transport.grpc_channel - assert channel + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_source( + securitycenter_service.CreateSourceRequest(), + parent="parent_value", + source=gcs_source.Source(name="name_value"), + ) -@pytest.mark.parametrize( - "transport_class", - [ - transports.SecurityCenterGrpcTransport, - transports.SecurityCenterGrpcAsyncIOTransport, - ], -) -def test_transport_adc(transport_class): - # Test default credentials are used if not provided. - with mock.patch.object(google.auth, "default") as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class() - adc.assert_called_once() +def test_create_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) @pytest.mark.parametrize( - "transport_name", + "request_type", [ - "grpc", + securitycenter_service.CreateFindingRequest, + dict, ], ) -def test_transport_kind(transport_name): - transport = SecurityCenterClient.get_transport_class(transport_name)( +def test_create_finding_rest(request_type): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request_init["finding"] = { + "name": "name_value", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": {"name": "name_value", "marks": {}}, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=gcs_finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_finding(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == gcs_finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + + +def test_create_finding_rest_required_fields( + request_type=securitycenter_service.CreateFindingRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["finding_id"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) ) - assert transport.kind == transport_name + # verify fields with default values are dropped + assert "findingId" not in jsonified_request + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_finding._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + assert "findingId" in jsonified_request + assert jsonified_request["findingId"] == request_init["finding_id"] + + jsonified_request["parent"] = "parent_value" + jsonified_request["findingId"] = "finding_id_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_finding._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("finding_id",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "findingId" in jsonified_request + assert jsonified_request["findingId"] == "finding_id_value" -def test_transport_grpc_default(): - # A client should use the gRPC transport by default. client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), - ) - assert isinstance( - client.transport, - transports.SecurityCenterGrpcTransport, - ) + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + response_value = Response() + response_value.status_code = 200 -def test_security_center_base_transport_error(): - # Passing both a credentials object and credentials_file should raise an error - with pytest.raises(core_exceptions.DuplicateCredentialArgs): - transport = transports.SecurityCenterTransport( - credentials=ga_credentials.AnonymousCredentials(), - credentials_file="credentials.json", - ) + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value -def test_security_center_base_transport(): - # Instantiate the base transport. - with mock.patch( - "google.cloud.securitycenter_v1beta1.services.security_center.transports.SecurityCenterTransport.__init__" - ) as Transport: - Transport.return_value = None - transport = transports.SecurityCenterTransport( - credentials=ga_credentials.AnonymousCredentials(), + response = client.create_finding(request) + + expected_params = [ + ( + "findingId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_finding_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_finding._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(("findingId",)) + & set( + ( + "parent", + "findingId", + "finding", + ) ) + ) - # Every method on the transport should just blindly - # raise NotImplementedError. - methods = ( - "create_source", - "create_finding", - "get_iam_policy", - "get_organization_settings", - "get_source", - "group_assets", - "group_findings", - "list_assets", - "list_findings", - "list_sources", - "run_asset_discovery", - "set_finding_state", - "set_iam_policy", - "test_iam_permissions", - "update_finding", - "update_organization_settings", - "update_source", - "update_security_marks", + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_finding_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), ) - for method in methods: - with pytest.raises(NotImplementedError): - getattr(transport, method)(request=object()) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_finding" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_finding" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateFindingRequest.pb( + securitycenter_service.CreateFindingRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_finding.Finding.to_json(gcs_finding.Finding()) + + request = securitycenter_service.CreateFindingRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_finding.Finding() - with pytest.raises(NotImplementedError): - transport.close() + client.create_finding( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) - # Additionally, the LRO client (a property) should - # also raise NotImplementedError - with pytest.raises(NotImplementedError): - transport.operations_client + pre.assert_called_once() + post.assert_called_once() + + +def test_create_finding_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.CreateFindingRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request_init["finding"] = { + "name": "name_value", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": {"name": "name_value", "marks": {}}, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_finding(request) + + +def test_create_finding_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + finding_id="finding_id_value", + finding=gcs_finding.Finding(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.create_finding(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{parent=organizations/*/sources/*}/findings" + % client.transport._host, + args[1], + ) + + +def test_create_finding_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_finding( + securitycenter_service.CreateFindingRequest(), + parent="parent_value", + finding_id="finding_id_value", + finding=gcs_finding.Finding(name="name_value"), + ) + + +def test_create_finding_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.GetIamPolicyRequest, + dict, + ], +) +def test_get_iam_policy_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy( + version=774, + etag=b"etag_blob", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_iam_policy(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b"etag_blob" + + +def test_get_iam_policy_rest_required_fields( + request_type=iam_policy_pb2.GetIamPolicyRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_iam_policy(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_iam_policy_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_iam_policy._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("resource",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_iam_policy_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_iam_policy" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_iam_policy" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.GetIamPolicyRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson(policy_pb2.Policy()) + + request = iam_policy_pb2.GetIamPolicyRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = policy_pb2.Policy() + + client.get_iam_policy( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_iam_policy_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.GetIamPolicyRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_iam_policy(request) + + +def test_get_iam_policy_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_iam_policy(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy" + % client.transport._host, + args[1], + ) + + +def test_get_iam_policy_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_iam_policy( + iam_policy_pb2.GetIamPolicyRequest(), + resource="resource_value", + ) + + +def test_get_iam_policy_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetOrganizationSettingsRequest, + dict, + ], +) +def test_get_organization_settings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/organizationSettings"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings( + name="name_value", + enable_asset_discovery=True, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = organization_settings.OrganizationSettings.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_organization_settings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, organization_settings.OrganizationSettings) + assert response.name == "name_value" + assert response.enable_asset_discovery is True + + +def test_get_organization_settings_rest_required_fields( + request_type=securitycenter_service.GetOrganizationSettingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_organization_settings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_organization_settings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_organization_settings._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_organization_settings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_organization_settings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_organization_settings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetOrganizationSettingsRequest.pb( + securitycenter_service.GetOrganizationSettingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = organization_settings.OrganizationSettings.to_json( + organization_settings.OrganizationSettings() + ) + + request = securitycenter_service.GetOrganizationSettingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = organization_settings.OrganizationSettings() + + client.get_organization_settings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_organization_settings_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.GetOrganizationSettingsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/organizationSettings"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_organization_settings(request) + + +def test_get_organization_settings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/organizationSettings"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = organization_settings.OrganizationSettings.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_organization_settings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{name=organizations/*/organizationSettings}" + % client.transport._host, + args[1], + ) + + +def test_get_organization_settings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_organization_settings( + securitycenter_service.GetOrganizationSettingsRequest(), + name="name_value", + ) + + +def test_get_organization_settings_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetSourceRequest, + dict, + ], +) +def test_get_source_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + + +def test_get_source_rest_required_fields( + request_type=securitycenter_service.GetSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_source._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetSourceRequest.pb( + securitycenter_service.GetSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = source.Source.to_json(source.Source()) + + request = securitycenter_service.GetSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = source.Source() + + client.get_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GetSourceRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_source(request) + + +def test_get_source_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = source.Source() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{name=organizations/*/sources/*}" % client.transport._host, + args[1], + ) + + +def test_get_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_source( + securitycenter_service.GetSourceRequest(), + name="name_value", + ) + + +def test_get_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GroupAssetsRequest, + dict, + ], +) +def test_group_assets_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupAssetsResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.group_assets(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.GroupAssetsPager) + assert response.next_page_token == "next_page_token_value" + + +def test_group_assets_rest_required_fields( + request_type=securitycenter_service.GroupAssetsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["group_by"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + jsonified_request["groupBy"] = "group_by_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "groupBy" in jsonified_request + assert jsonified_request["groupBy"] == "group_by_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupAssetsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.GroupAssetsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.group_assets(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_group_assets_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.group_assets._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "groupBy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_group_assets_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_group_assets" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_group_assets" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GroupAssetsRequest.pb( + securitycenter_service.GroupAssetsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.GroupAssetsResponse.to_json( + securitycenter_service.GroupAssetsResponse() + ) + + request = securitycenter_service.GroupAssetsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.GroupAssetsResponse() + + client.group_assets( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_group_assets_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GroupAssetsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.group_assets(request) + + +def test_group_assets_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + next_page_token="abc", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[], + next_page_token="def", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.GroupAssetsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.group_assets(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, securitycenter_service.GroupResult) for i in results) + + pages = list(client.group_assets(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GroupFindingsRequest, + dict, + ], +) +def test_group_findings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.group_findings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.GroupFindingsPager) + assert response.next_page_token == "next_page_token_value" + + +def test_group_findings_rest_required_fields( + request_type=securitycenter_service.GroupFindingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["group_by"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + jsonified_request["groupBy"] = "group_by_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "groupBy" in jsonified_request + assert jsonified_request["groupBy"] == "group_by_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.GroupFindingsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.group_findings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_group_findings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.group_findings._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "groupBy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_group_findings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_group_findings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_group_findings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GroupFindingsRequest.pb( + securitycenter_service.GroupFindingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + securitycenter_service.GroupFindingsResponse.to_json( + securitycenter_service.GroupFindingsResponse() + ) + ) + + request = securitycenter_service.GroupFindingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.GroupFindingsResponse() + + client.group_findings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_group_findings_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GroupFindingsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.group_findings(request) + + +def test_group_findings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + group_by="group_by_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.group_findings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{parent=organizations/*/sources/*}/findings:group" + % client.transport._host, + args[1], + ) + + +def test_group_findings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.group_findings( + securitycenter_service.GroupFindingsRequest(), + parent="parent_value", + group_by="group_by_value", + ) + + +def test_group_findings_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + next_page_token="abc", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[], + next_page_token="def", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.GroupFindingsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + pager = client.group_findings(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, securitycenter_service.GroupResult) for i in results) + + pages = list(client.group_findings(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListAssetsRequest, + dict, + ], +) +def test_list_assets_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListAssetsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_assets(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListAssetsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_list_assets_rest_required_fields( + request_type=securitycenter_service.ListAssetsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_assets._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "compare_duration", + "field_mask", + "filter", + "order_by", + "page_size", + "page_token", + "read_time", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListAssetsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_assets(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_assets_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_assets._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "compareDuration", + "fieldMask", + "filter", + "orderBy", + "pageSize", + "pageToken", + "readTime", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_assets_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_assets" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_assets" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListAssetsRequest.pb( + securitycenter_service.ListAssetsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListAssetsResponse.to_json( + securitycenter_service.ListAssetsResponse() + ) + + request = securitycenter_service.ListAssetsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListAssetsResponse() + + client.list_assets( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_assets_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListAssetsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_assets(request) + + +def test_list_assets_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + next_page_token="abc", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[], + next_page_token="def", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListAssetsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_assets(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all( + isinstance(i, securitycenter_service.ListAssetsResponse.ListAssetsResult) + for i in results + ) + + pages = list(client.list_assets(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListFindingsRequest, + dict, + ], +) +def test_list_findings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListFindingsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_findings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListFindingsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_list_findings_rest_required_fields( + request_type=securitycenter_service.ListFindingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_findings._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "field_mask", + "filter", + "order_by", + "page_size", + "page_token", + "read_time", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListFindingsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListFindingsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_findings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_findings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_findings._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "fieldMask", + "filter", + "orderBy", + "pageSize", + "pageToken", + "readTime", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_findings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_findings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_findings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListFindingsRequest.pb( + securitycenter_service.ListFindingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListFindingsResponse.to_json( + securitycenter_service.ListFindingsResponse() + ) + + request = securitycenter_service.ListFindingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListFindingsResponse() + + client.list_findings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_findings_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListFindingsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_findings(request) + + +def test_list_findings_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListFindingsResponse( + findings=[ + finding.Finding(), + finding.Finding(), + finding.Finding(), + ], + next_page_token="abc", + ), + securitycenter_service.ListFindingsResponse( + findings=[], + next_page_token="def", + ), + securitycenter_service.ListFindingsResponse( + findings=[ + finding.Finding(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListFindingsResponse( + findings=[ + finding.Finding(), + finding.Finding(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListFindingsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + pager = client.list_findings(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, finding.Finding) for i in results) + + pages = list(client.list_findings(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListSourcesRequest, + dict, + ], +) +def test_list_sources_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListSourcesResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_sources(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListSourcesPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_sources_rest_required_fields( + request_type=securitycenter_service.ListSourcesRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_sources._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_sources._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "page_size", + "page_token", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListSourcesResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_sources(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_sources_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_sources._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "pageSize", + "pageToken", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_sources_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_sources" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_sources" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListSourcesRequest.pb( + securitycenter_service.ListSourcesRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListSourcesResponse.to_json( + securitycenter_service.ListSourcesResponse() + ) + + request = securitycenter_service.ListSourcesRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListSourcesResponse() + + client.list_sources( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_sources_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListSourcesRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_sources(request) + + +def test_list_sources_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListSourcesResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_sources(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{parent=organizations/*}/sources" % client.transport._host, + args[1], + ) + + +def test_list_sources_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_sources( + securitycenter_service.ListSourcesRequest(), + parent="parent_value", + ) + + +def test_list_sources_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + source.Source(), + source.Source(), + ], + next_page_token="abc", + ), + securitycenter_service.ListSourcesResponse( + sources=[], + next_page_token="def", + ), + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + source.Source(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListSourcesResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_sources(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, source.Source) for i in results) + + pages = list(client.list_sources(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.RunAssetDiscoveryRequest, + dict, + ], +) +def test_run_asset_discovery_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.run_asset_discovery(request) + + # Establish that the response is the type that we expect. + assert response.operation.name == "operations/spam" + + +def test_run_asset_discovery_rest_required_fields( + request_type=securitycenter_service.RunAssetDiscoveryRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).run_asset_discovery._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).run_asset_discovery._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.run_asset_discovery(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_run_asset_discovery_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.run_asset_discovery._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("parent",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_run_asset_discovery_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + operation.Operation, "_set_result_from_operation" + ), mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_run_asset_discovery" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_run_asset_discovery" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.RunAssetDiscoveryRequest.pb( + securitycenter_service.RunAssetDiscoveryRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson( + operations_pb2.Operation() + ) + + request = securitycenter_service.RunAssetDiscoveryRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = operations_pb2.Operation() + + client.run_asset_discovery( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_run_asset_discovery_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.RunAssetDiscoveryRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.run_asset_discovery(request) + + +def test_run_asset_discovery_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.run_asset_discovery(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{parent=organizations/*}/assets:runDiscovery" + % client.transport._host, + args[1], + ) + + +def test_run_asset_discovery_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.run_asset_discovery( + securitycenter_service.RunAssetDiscoveryRequest(), + parent="parent_value", + ) + + +def test_run_asset_discovery_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.SetFindingStateRequest, + dict, + ], +) +def test_set_finding_state_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2/findings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.set_finding_state(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + + +def test_set_finding_state_rest_required_fields( + request_type=securitycenter_service.SetFindingStateRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_finding_state._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_finding_state._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.set_finding_state(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_set_finding_state_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.set_finding_state._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "name", + "state", + "startTime", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_set_finding_state_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_set_finding_state" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_set_finding_state" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.SetFindingStateRequest.pb( + securitycenter_service.SetFindingStateRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = finding.Finding.to_json(finding.Finding()) + + request = securitycenter_service.SetFindingStateRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = finding.Finding() + + client.set_finding_state( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_set_finding_state_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.SetFindingStateRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2/findings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.set_finding_state(request) + + +def test_set_finding_state_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = { + "name": "organizations/sample1/sources/sample2/findings/sample3" + } + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + state=finding.Finding.State.ACTIVE, + start_time=timestamp_pb2.Timestamp(seconds=751), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.set_finding_state(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{name=organizations/*/sources/*/findings/*}:setState" + % client.transport._host, + args[1], + ) + + +def test_set_finding_state_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.set_finding_state( + securitycenter_service.SetFindingStateRequest(), + name="name_value", + state=finding.Finding.State.ACTIVE, + start_time=timestamp_pb2.Timestamp(seconds=751), + ) + + +def test_set_finding_state_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.SetIamPolicyRequest, + dict, + ], +) +def test_set_iam_policy_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy( + version=774, + etag=b"etag_blob", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.set_iam_policy(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b"etag_blob" + + +def test_set_iam_policy_rest_required_fields( + request_type=iam_policy_pb2.SetIamPolicyRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.set_iam_policy(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_set_iam_policy_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.set_iam_policy._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "resource", + "policy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_set_iam_policy_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_set_iam_policy" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_set_iam_policy" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.SetIamPolicyRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson(policy_pb2.Policy()) + + request = iam_policy_pb2.SetIamPolicyRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = policy_pb2.Policy() + + client.set_iam_policy( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_set_iam_policy_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.SetIamPolicyRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.set_iam_policy(request) + + +def test_set_iam_policy_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.set_iam_policy(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy" + % client.transport._host, + args[1], + ) + + +def test_set_iam_policy_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.set_iam_policy( + iam_policy_pb2.SetIamPolicyRequest(), + resource="resource_value", + ) + + +def test_set_iam_policy_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.TestIamPermissionsRequest, + dict, + ], +) +def test_test_iam_permissions_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse( + permissions=["permissions_value"], + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.test_iam_permissions(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, iam_policy_pb2.TestIamPermissionsResponse) + assert response.permissions == ["permissions_value"] + + +def test_test_iam_permissions_rest_required_fields( + request_type=iam_policy_pb2.TestIamPermissionsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request_init["permissions"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).test_iam_permissions._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + jsonified_request["permissions"] = "permissions_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).test_iam_permissions._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + assert "permissions" in jsonified_request + assert jsonified_request["permissions"] == "permissions_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.test_iam_permissions(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_test_iam_permissions_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.test_iam_permissions._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "resource", + "permissions", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_test_iam_permissions_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_test_iam_permissions" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_test_iam_permissions" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.TestIamPermissionsRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson( + iam_policy_pb2.TestIamPermissionsResponse() + ) + + request = iam_policy_pb2.TestIamPermissionsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = iam_policy_pb2.TestIamPermissionsResponse() + + client.test_iam_permissions( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_test_iam_permissions_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.TestIamPermissionsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.test_iam_permissions(request) + + +def test_test_iam_permissions_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + permissions=["permissions_value"], + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.test_iam_permissions(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions" + % client.transport._host, + args[1], + ) + + +def test_test_iam_permissions_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.test_iam_permissions( + iam_policy_pb2.TestIamPermissionsRequest(), + resource="resource_value", + permissions=["permissions_value"], + ) + + +def test_test_iam_permissions_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateFindingRequest, + dict, + ], +) +def test_update_finding_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "finding": {"name": "organizations/sample1/sources/sample2/findings/sample3"} + } + request_init["finding"] = { + "name": "organizations/sample1/sources/sample2/findings/sample3", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": {"name": "name_value", "marks": {}}, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=gcs_finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_finding(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == gcs_finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + + +def test_update_finding_rest_required_fields( + request_type=securitycenter_service.UpdateFindingRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_finding._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_finding._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_finding(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_finding_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_finding._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("finding",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_finding_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_finding" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_finding" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateFindingRequest.pb( + securitycenter_service.UpdateFindingRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_finding.Finding.to_json(gcs_finding.Finding()) + + request = securitycenter_service.UpdateFindingRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_finding.Finding() + + client.update_finding( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_finding_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.UpdateFindingRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "finding": {"name": "organizations/sample1/sources/sample2/findings/sample3"} + } + request_init["finding"] = { + "name": "organizations/sample1/sources/sample2/findings/sample3", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": {"name": "name_value", "marks": {}}, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_finding(request) + + +def test_update_finding_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = { + "finding": { + "name": "organizations/sample1/sources/sample2/findings/sample3" + } + } + + # get truthy value for each flattened field + mock_args = dict( + finding=gcs_finding.Finding(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_finding(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{finding.name=organizations/*/sources/*/findings/*}" + % client.transport._host, + args[1], + ) + + +def test_update_finding_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_finding( + securitycenter_service.UpdateFindingRequest(), + finding=gcs_finding.Finding(name="name_value"), + ) + + +def test_update_finding_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateOrganizationSettingsRequest, + dict, + ], +) +def test_update_organization_settings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "organization_settings": {"name": "organizations/sample1/organizationSettings"} + } + request_init["organization_settings"] = { + "name": "organizations/sample1/organizationSettings", + "enable_asset_discovery": True, + "asset_discovery_config": { + "project_ids": ["project_ids_value1", "project_ids_value2"], + "inclusion_mode": 1, + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings( + name="name_value", + enable_asset_discovery=True, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_organization_settings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_organization_settings.OrganizationSettings) + assert response.name == "name_value" + assert response.enable_asset_discovery is True + + +def test_update_organization_settings_rest_required_fields( + request_type=securitycenter_service.UpdateOrganizationSettingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_organization_settings._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_organization_settings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_organization_settings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_organization_settings._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("organizationSettings",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_organization_settings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_organization_settings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_organization_settings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateOrganizationSettingsRequest.pb( + securitycenter_service.UpdateOrganizationSettingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + gcs_organization_settings.OrganizationSettings.to_json( + gcs_organization_settings.OrganizationSettings() + ) + ) + + request = securitycenter_service.UpdateOrganizationSettingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_organization_settings.OrganizationSettings() + + client.update_organization_settings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_organization_settings_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateOrganizationSettingsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "organization_settings": {"name": "organizations/sample1/organizationSettings"} + } + request_init["organization_settings"] = { + "name": "organizations/sample1/organizationSettings", + "enable_asset_discovery": True, + "asset_discovery_config": { + "project_ids": ["project_ids_value1", "project_ids_value2"], + "inclusion_mode": 1, + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_organization_settings(request) + + +def test_update_organization_settings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings() + + # get arguments that satisfy an http rule for this method + sample_request = { + "organization_settings": { + "name": "organizations/sample1/organizationSettings" + } + } + + # get truthy value for each flattened field + mock_args = dict( + organization_settings=gcs_organization_settings.OrganizationSettings( + name="name_value" + ), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_organization_settings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{organization_settings.name=organizations/*/organizationSettings}" + % client.transport._host, + args[1], + ) + + +def test_update_organization_settings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_organization_settings( + securitycenter_service.UpdateOrganizationSettingsRequest(), + organization_settings=gcs_organization_settings.OrganizationSettings( + name="name_value" + ), + ) + + +def test_update_organization_settings_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateSourceRequest, + dict, + ], +) +def test_update_source_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"source": {"name": "organizations/sample1/sources/sample2"}} + request_init["source"] = { + "name": "organizations/sample1/sources/sample2", + "display_name": "display_name_value", + "description": "description_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + + +def test_update_source_rest_required_fields( + request_type=securitycenter_service.UpdateSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_source._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_source._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("source",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateSourceRequest.pb( + securitycenter_service.UpdateSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_source.Source.to_json(gcs_source.Source()) + + request = securitycenter_service.UpdateSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_source.Source() + + client.update_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.UpdateSourceRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"source": {"name": "organizations/sample1/sources/sample2"}} + request_init["source"] = { + "name": "organizations/sample1/sources/sample2", + "display_name": "display_name_value", + "description": "description_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_source(request) + + +def test_update_source_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + + # get arguments that satisfy an http rule for this method + sample_request = {"source": {"name": "organizations/sample1/sources/sample2"}} + + # get truthy value for each flattened field + mock_args = dict( + source=gcs_source.Source(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{source.name=organizations/*/sources/*}" + % client.transport._host, + args[1], + ) + + +def test_update_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_source( + securitycenter_service.UpdateSourceRequest(), + source=gcs_source.Source(name="name_value"), + ) + + +def test_update_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateSecurityMarksRequest, + dict, + ], +) +def test_update_security_marks_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "security_marks": {"name": "organizations/sample1/assets/sample2/securityMarks"} + } + request_init["security_marks"] = { + "name": "organizations/sample1/assets/sample2/securityMarks", + "marks": {}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks( + name="name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_security_marks(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_security_marks.SecurityMarks) + assert response.name == "name_value" + + +def test_update_security_marks_rest_required_fields( + request_type=securitycenter_service.UpdateSecurityMarksRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_security_marks._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_security_marks._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "start_time", + "update_mask", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_security_marks(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_security_marks_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_security_marks._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "startTime", + "updateMask", + ) + ) + & set(("securityMarks",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_security_marks_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_security_marks" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_security_marks" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateSecurityMarksRequest.pb( + securitycenter_service.UpdateSecurityMarksRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_security_marks.SecurityMarks.to_json( + gcs_security_marks.SecurityMarks() + ) + + request = securitycenter_service.UpdateSecurityMarksRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_security_marks.SecurityMarks() + + client.update_security_marks( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_security_marks_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateSecurityMarksRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "security_marks": {"name": "organizations/sample1/assets/sample2/securityMarks"} + } + request_init["security_marks"] = { + "name": "organizations/sample1/assets/sample2/securityMarks", + "marks": {}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_security_marks(request) + + +def test_update_security_marks_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks() + + # get arguments that satisfy an http rule for this method + sample_request = { + "security_marks": { + "name": "organizations/sample1/assets/sample2/securityMarks" + } + } + + # get truthy value for each flattened field + mock_args = dict( + security_marks=gcs_security_marks.SecurityMarks(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_security_marks(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}" + % client.transport._host, + args[1], + ) + + +def test_update_security_marks_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_security_marks( + securitycenter_service.UpdateSecurityMarksRequest(), + security_marks=gcs_security_marks.SecurityMarks(name="name_value"), + ) + + +def test_update_security_marks_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide an api_key and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + options = client_options.ClientOptions() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options=options, + transport=transport, + ) + + # It is an error to provide an api_key and a credential. + options = mock.Mock() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options=options, credentials=ga_credentials.AnonymousCredentials() + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options={"scopes": ["1", "2"]}, + transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = SecurityCenterClient(transport=transport) + assert client.transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.SecurityCenterGrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + transports.SecurityCenterRestTransport, + ], +) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + + +@pytest.mark.parametrize( + "transport_name", + [ + "grpc", + "rest", + ], +) +def test_transport_kind(transport_name): + transport = SecurityCenterClient.get_transport_class(transport_name)( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert transport.kind == transport_name + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance( + client.transport, + transports.SecurityCenterGrpcTransport, + ) + + +def test_security_center_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.SecurityCenterTransport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_security_center_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.securitycenter_v1beta1.services.security_center.transports.SecurityCenterTransport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.SecurityCenterTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + "create_source", + "create_finding", + "get_iam_policy", + "get_organization_settings", + "get_source", + "group_assets", + "group_findings", + "list_assets", + "list_findings", + "list_sources", + "run_asset_discovery", + "set_finding_state", + "set_iam_policy", + "test_iam_permissions", + "update_finding", + "update_organization_settings", + "update_source", + "update_security_marks", + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + with pytest.raises(NotImplementedError): + transport.close() + + # Additionally, the LRO client (a property) should + # also raise NotImplementedError + with pytest.raises(NotImplementedError): + transport.operations_client # Catch all for all remaining methods and properties remainder = [ @@ -6135,6 +11449,7 @@ def test_security_center_transport_auth_adc(transport_class): [ transports.SecurityCenterGrpcTransport, transports.SecurityCenterGrpcAsyncIOTransport, + transports.SecurityCenterRestTransport, ], ) def test_security_center_transport_auth_gdch_credentials(transport_class): @@ -6232,11 +11547,40 @@ def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_cl ) +def test_security_center_http_transport_client_cert_source_for_mtls(): + cred = ga_credentials.AnonymousCredentials() + with mock.patch( + "google.auth.transport.requests.AuthorizedSession.configure_mtls_channel" + ) as mock_configure_mtls_channel: + transports.SecurityCenterRestTransport( + credentials=cred, client_cert_source_for_mtls=client_cert_source_callback + ) + mock_configure_mtls_channel.assert_called_once_with(client_cert_source_callback) + + +def test_security_center_rest_lro_client(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.AbstractOperationsClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + @pytest.mark.parametrize( "transport_name", [ "grpc", "grpc_asyncio", + "rest", ], ) def test_security_center_host_no_port(transport_name): @@ -6247,7 +11591,11 @@ def test_security_center_host_no_port(transport_name): ), transport=transport_name, ) - assert client.transport._host == ("securitycenter.googleapis.com:443") + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) @pytest.mark.parametrize( @@ -6255,6 +11603,7 @@ def test_security_center_host_no_port(transport_name): [ "grpc", "grpc_asyncio", + "rest", ], ) def test_security_center_host_with_port(transport_name): @@ -6265,7 +11614,84 @@ def test_security_center_host_with_port(transport_name): ), transport=transport_name, ) - assert client.transport._host == ("securitycenter.googleapis.com:8000") + assert client.transport._host == ( + "securitycenter.googleapis.com:8000" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com:8000" + ) + + +@pytest.mark.parametrize( + "transport_name", + [ + "rest", + ], +) +def test_security_center_client_transport_session_collision(transport_name): + creds1 = ga_credentials.AnonymousCredentials() + creds2 = ga_credentials.AnonymousCredentials() + client1 = SecurityCenterClient( + credentials=creds1, + transport=transport_name, + ) + client2 = SecurityCenterClient( + credentials=creds2, + transport=transport_name, + ) + session1 = client1.transport.create_source._session + session2 = client2.transport.create_source._session + assert session1 != session2 + session1 = client1.transport.create_finding._session + session2 = client2.transport.create_finding._session + assert session1 != session2 + session1 = client1.transport.get_iam_policy._session + session2 = client2.transport.get_iam_policy._session + assert session1 != session2 + session1 = client1.transport.get_organization_settings._session + session2 = client2.transport.get_organization_settings._session + assert session1 != session2 + session1 = client1.transport.get_source._session + session2 = client2.transport.get_source._session + assert session1 != session2 + session1 = client1.transport.group_assets._session + session2 = client2.transport.group_assets._session + assert session1 != session2 + session1 = client1.transport.group_findings._session + session2 = client2.transport.group_findings._session + assert session1 != session2 + session1 = client1.transport.list_assets._session + session2 = client2.transport.list_assets._session + assert session1 != session2 + session1 = client1.transport.list_findings._session + session2 = client2.transport.list_findings._session + assert session1 != session2 + session1 = client1.transport.list_sources._session + session2 = client2.transport.list_sources._session + assert session1 != session2 + session1 = client1.transport.run_asset_discovery._session + session2 = client2.transport.run_asset_discovery._session + assert session1 != session2 + session1 = client1.transport.set_finding_state._session + session2 = client2.transport.set_finding_state._session + assert session1 != session2 + session1 = client1.transport.set_iam_policy._session + session2 = client2.transport.set_iam_policy._session + assert session1 != session2 + session1 = client1.transport.test_iam_permissions._session + session2 = client2.transport.test_iam_permissions._session + assert session1 != session2 + session1 = client1.transport.update_finding._session + session2 = client2.transport.update_finding._session + assert session1 != session2 + session1 = client1.transport.update_organization_settings._session + session2 = client2.transport.update_organization_settings._session + assert session1 != session2 + session1 = client1.transport.update_source._session + session2 = client2.transport.update_source._session + assert session1 != session2 + session1 = client1.transport.update_security_marks._session + session2 = client2.transport.update_security_marks._session + assert session1 != session2 def test_security_center_grpc_transport_channel(): @@ -6687,6 +12113,7 @@ async def test_transport_close_async(): def test_transport_close(): transports = { + "rest": "_session", "grpc": "_grpc_channel", } @@ -6704,6 +12131,7 @@ def test_transport_close(): def test_client_ctx(): transports = [ + "rest", "grpc", ] for transport in transports: diff --git a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py index 0607814f..e0ea98d6 100644 --- a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py @@ -22,6 +22,8 @@ except ImportError: # pragma: NO COVER import mock +from collections.abc import Iterable +import json import math from google.api_core import ( @@ -47,6 +49,7 @@ from google.protobuf import duration_pb2 # type: ignore from google.protobuf import empty_pb2 # type: ignore from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import json_format from google.protobuf import struct_pb2 # type: ignore from google.protobuf import timestamp_pb2 # type: ignore from google.type import expr_pb2 # type: ignore @@ -55,6 +58,8 @@ from proto.marshal.rules import wrappers from proto.marshal.rules.dates import DurationRule, TimestampRule import pytest +from requests import PreparedRequest, Request, Response +from requests.sessions import Session from google.cloud.securitycenter_v1p1beta1.services.security_center import ( SecurityCenterAsyncClient, @@ -131,6 +136,7 @@ def test__get_default_mtls_endpoint(): [ (SecurityCenterClient, "grpc"), (SecurityCenterAsyncClient, "grpc_asyncio"), + (SecurityCenterClient, "rest"), ], ) def test_security_center_client_from_service_account_info(client_class, transport_name): @@ -144,7 +150,11 @@ def test_security_center_client_from_service_account_info(client_class, transpor assert client.transport._credentials == creds assert isinstance(client, client_class) - assert client.transport._host == ("securitycenter.googleapis.com:443") + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) @pytest.mark.parametrize( @@ -152,6 +162,7 @@ def test_security_center_client_from_service_account_info(client_class, transpor [ (transports.SecurityCenterGrpcTransport, "grpc"), (transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio"), + (transports.SecurityCenterRestTransport, "rest"), ], ) def test_security_center_client_service_account_always_use_jwt( @@ -177,6 +188,7 @@ def test_security_center_client_service_account_always_use_jwt( [ (SecurityCenterClient, "grpc"), (SecurityCenterAsyncClient, "grpc_asyncio"), + (SecurityCenterClient, "rest"), ], ) def test_security_center_client_from_service_account_file(client_class, transport_name): @@ -197,13 +209,18 @@ def test_security_center_client_from_service_account_file(client_class, transpor assert client.transport._credentials == creds assert isinstance(client, client_class) - assert client.transport._host == ("securitycenter.googleapis.com:443") + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) def test_security_center_client_get_transport_class(): transport = SecurityCenterClient.get_transport_class() available_transports = [ transports.SecurityCenterGrpcTransport, + transports.SecurityCenterRestTransport, ] assert transport in available_transports @@ -220,6 +237,7 @@ def test_security_center_client_get_transport_class(): transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest"), ], ) @mock.patch.object( @@ -365,6 +383,8 @@ def test_security_center_client_client_options( "grpc_asyncio", "false", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", "true"), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", "false"), ], ) @mock.patch.object( @@ -564,6 +584,7 @@ def test_security_center_client_get_mtls_endpoint_and_cert_source(client_class): transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio", ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest"), ], ) def test_security_center_client_client_options_scopes( @@ -604,6 +625,7 @@ def test_security_center_client_client_options_scopes( "grpc_asyncio", grpc_helpers_async, ), + (SecurityCenterClient, transports.SecurityCenterRestTransport, "rest", None), ], ) def test_security_center_client_client_options_credentials_file( @@ -7688,148 +7710,7159 @@ async def test_update_security_marks_flattened_error_async(): ) -def test_credentials_transport_error(): - # It is an error to provide credentials and a transport instance. - transport = transports.SecurityCenterGrpcTransport( +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.CreateSourceRequest, + dict, + ], +) +def test_create_source_rest(request_type): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["source"] = { + "name": "name_value", + "display_name": "display_name_value", + "description": "description_value", + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", + canonical_name="canonical_name_value", ) - # It is an error to provide a credentials file and a transport instance. - transport = transports.SecurityCenterGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options={"credentials_file": "credentials.json"}, - transport=transport, + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.canonical_name == "canonical_name_value" + + +def test_create_source_rest_required_fields( + request_type=securitycenter_service.CreateSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, ) + ) - # It is an error to provide an api_key and a transport instance. - transport = transports.SecurityCenterGrpcTransport( + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) - options = client_options.ClientOptions() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options=options, - transport=transport, - ) + request = request_type(**request_init) - # It is an error to provide an api_key and a credential. - options = mock.Mock() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options=options, credentials=ga_credentials.AnonymousCredentials() + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_source._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "source", + ) ) + ) - # It is an error to provide scopes and a transport instance. - transport = transports.SecurityCenterGrpcTransport( + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), ) - with pytest.raises(ValueError): - client = SecurityCenterClient( - client_options={"scopes": ["1", "2"]}, - transport=transport, + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateSourceRequest.pb( + securitycenter_service.CreateSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_source.Source.to_json(gcs_source.Source()) + + request = securitycenter_service.CreateSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_source.Source() + + client.create_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], ) + pre.assert_called_once() + post.assert_called_once() -def test_transport_instance(): - # A client may be instantiated with a custom transport instance. - transport = transports.SecurityCenterGrpcTransport( + +def test_create_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.CreateSourceRequest +): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - client = SecurityCenterClient(transport=transport) - assert client.transport is transport + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["source"] = { + "name": "name_value", + "display_name": "display_name_value", + "description": "description_value", + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) -def test_transport_get_channel(): - # A client may be instantiated with a custom transport instance. - transport = transports.SecurityCenterGrpcTransport( + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_source(request) + + +def test_create_source_rest_flattened(): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) - channel = transport.grpc_channel - assert channel - transport = transports.SecurityCenterGrpcAsyncIOTransport( + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + source=gcs_source.Source(name="name_value"), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.create_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*}/sources" % client.transport._host, + args[1], + ) + + +def test_create_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - channel = transport.grpc_channel - assert channel + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_source( + securitycenter_service.CreateSourceRequest(), + parent="parent_value", + source=gcs_source.Source(name="name_value"), + ) -@pytest.mark.parametrize( - "transport_class", - [ - transports.SecurityCenterGrpcTransport, - transports.SecurityCenterGrpcAsyncIOTransport, - ], -) -def test_transport_adc(transport_class): - # Test default credentials are used if not provided. - with mock.patch.object(google.auth, "default") as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class() - adc.assert_called_once() + +def test_create_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) @pytest.mark.parametrize( - "transport_name", + "request_type", [ - "grpc", + securitycenter_service.CreateFindingRequest, + dict, ], ) -def test_transport_kind(transport_name): - transport = SecurityCenterClient.get_transport_class(transport_name)( +def test_create_finding_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request_init["finding"] = { + "name": "name_value", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": { + "name": "name_value", + "marks": {}, + "canonical_name": "canonical_name_value", + }, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + "severity": 1, + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=gcs_finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + severity=gcs_finding.Finding.Severity.CRITICAL, + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_finding(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == gcs_finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + assert response.severity == gcs_finding.Finding.Severity.CRITICAL + assert response.canonical_name == "canonical_name_value" + + +def test_create_finding_rest_required_fields( + request_type=securitycenter_service.CreateFindingRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["finding_id"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + assert "findingId" not in jsonified_request + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_finding._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + assert "findingId" in jsonified_request + assert jsonified_request["findingId"] == request_init["finding_id"] + + jsonified_request["parent"] = "parent_value" + jsonified_request["findingId"] = "finding_id_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_finding._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("finding_id",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "findingId" in jsonified_request + assert jsonified_request["findingId"] == "finding_id_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_finding(request) + + expected_params = [ + ( + "findingId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_finding_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_finding._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(("findingId",)) + & set( + ( + "parent", + "findingId", + "finding", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_finding_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), ) - assert transport.kind == transport_name + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_finding" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_finding" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateFindingRequest.pb( + securitycenter_service.CreateFindingRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_finding.Finding.to_json(gcs_finding.Finding()) + + request = securitycenter_service.CreateFindingRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_finding.Finding() + + client.create_finding( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + pre.assert_called_once() + post.assert_called_once() -def test_transport_grpc_default(): - # A client should use the gRPC transport by default. + +def test_create_finding_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.CreateFindingRequest +): client = SecurityCenterClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) - assert isinstance( - client.transport, - transports.SecurityCenterGrpcTransport, + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request_init["finding"] = { + "name": "name_value", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": { + "name": "name_value", + "marks": {}, + "canonical_name": "canonical_name_value", + }, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + "severity": 1, + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_finding(request) + + +def test_create_finding_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", ) + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() -def test_security_center_base_transport_error(): - # Passing both a credentials object and credentials_file should raise an error - with pytest.raises(core_exceptions.DuplicateCredentialArgs): - transport = transports.SecurityCenterTransport( - credentials=ga_credentials.AnonymousCredentials(), - credentials_file="credentials.json", + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + finding_id="finding_id_value", + finding=gcs_finding.Finding(name="name_value"), ) + mock_args.update(sample_request) + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value -def test_security_center_base_transport(): - # Instantiate the base transport. - with mock.patch( - "google.cloud.securitycenter_v1p1beta1.services.security_center.transports.SecurityCenterTransport.__init__" - ) as Transport: - Transport.return_value = None - transport = transports.SecurityCenterTransport( - credentials=ga_credentials.AnonymousCredentials(), + client.create_finding(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*/sources/*}/findings" + % client.transport._host, + args[1], ) - # Every method on the transport should just blindly - # raise NotImplementedError. - methods = ( - "create_source", - "create_finding", - "create_notification_config", - "delete_notification_config", - "get_iam_policy", + +def test_create_finding_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_finding( + securitycenter_service.CreateFindingRequest(), + parent="parent_value", + finding_id="finding_id_value", + finding=gcs_finding.Finding(name="name_value"), + ) + + +def test_create_finding_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.CreateNotificationConfigRequest, + dict, + ], +) +def test_create_notification_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["notification_config"] = { + "name": "name_value", + "description": "description_value", + "event_type": 1, + "pubsub_topic": "pubsub_topic_value", + "service_account": "service_account_value", + "streaming_config": {"filter": "filter_value"}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig( + name="name_value", + description="description_value", + event_type=gcs_notification_config.NotificationConfig.EventType.FINDING, + pubsub_topic="pubsub_topic_value", + service_account="service_account_value", + streaming_config=gcs_notification_config.NotificationConfig.StreamingConfig( + filter="filter_value" + ), + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.create_notification_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_notification_config.NotificationConfig) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.event_type + == gcs_notification_config.NotificationConfig.EventType.FINDING + ) + assert response.pubsub_topic == "pubsub_topic_value" + assert response.service_account == "service_account_value" + + +def test_create_notification_config_rest_required_fields( + request_type=securitycenter_service.CreateNotificationConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["config_id"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + assert "configId" not in jsonified_request + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + assert "configId" in jsonified_request + assert jsonified_request["configId"] == request_init["config_id"] + + jsonified_request["parent"] = "parent_value" + jsonified_request["configId"] = "config_id_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).create_notification_config._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("config_id",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "configId" in jsonified_request + assert jsonified_request["configId"] == "config_id_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_notification_config.NotificationConfig.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.create_notification_config(request) + + expected_params = [ + ( + "configId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_create_notification_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.create_notification_config._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(("configId",)) + & set( + ( + "parent", + "configId", + "notificationConfig", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_notification_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_create_notification_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_create_notification_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.CreateNotificationConfigRequest.pb( + securitycenter_service.CreateNotificationConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_notification_config.NotificationConfig.to_json( + gcs_notification_config.NotificationConfig() + ) + + request = securitycenter_service.CreateNotificationConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_notification_config.NotificationConfig() + + client.create_notification_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_create_notification_config_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.CreateNotificationConfigRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request_init["notification_config"] = { + "name": "name_value", + "description": "description_value", + "event_type": 1, + "pubsub_topic": "pubsub_topic_value", + "service_account": "service_account_value", + "streaming_config": {"filter": "filter_value"}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.create_notification_config(request) + + +def test_create_notification_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + config_id="config_id_value", + notification_config=gcs_notification_config.NotificationConfig( + name="name_value" + ), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.create_notification_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*}/notificationConfigs" + % client.transport._host, + args[1], + ) + + +def test_create_notification_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_notification_config( + securitycenter_service.CreateNotificationConfigRequest(), + parent="parent_value", + config_id="config_id_value", + notification_config=gcs_notification_config.NotificationConfig( + name="name_value" + ), + ) + + +def test_create_notification_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.DeleteNotificationConfigRequest, + dict, + ], +) +def test_delete_notification_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/notificationConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.delete_notification_config(request) + + # Establish that the response is the type that we expect. + assert response is None + + +def test_delete_notification_config_rest_required_fields( + request_type=securitycenter_service.DeleteNotificationConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).delete_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).delete_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = None + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "delete", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.delete_notification_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_delete_notification_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.delete_notification_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_delete_notification_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_delete_notification_config" + ) as pre: + pre.assert_not_called() + pb_message = securitycenter_service.DeleteNotificationConfigRequest.pb( + securitycenter_service.DeleteNotificationConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + + request = securitycenter_service.DeleteNotificationConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + + client.delete_notification_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + + +def test_delete_notification_config_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.DeleteNotificationConfigRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/notificationConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.delete_notification_config(request) + + +def test_delete_notification_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = None + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/notificationConfigs/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = "" + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.delete_notification_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{name=organizations/*/notificationConfigs/*}" + % client.transport._host, + args[1], + ) + + +def test_delete_notification_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.delete_notification_config( + securitycenter_service.DeleteNotificationConfigRequest(), + name="name_value", + ) + + +def test_delete_notification_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.GetIamPolicyRequest, + dict, + ], +) +def test_get_iam_policy_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy( + version=774, + etag=b"etag_blob", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_iam_policy(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b"etag_blob" + + +def test_get_iam_policy_rest_required_fields( + request_type=iam_policy_pb2.GetIamPolicyRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_iam_policy(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_iam_policy_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_iam_policy._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("resource",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_iam_policy_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_iam_policy" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_iam_policy" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.GetIamPolicyRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson(policy_pb2.Policy()) + + request = iam_policy_pb2.GetIamPolicyRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = policy_pb2.Policy() + + client.get_iam_policy( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_iam_policy_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.GetIamPolicyRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_iam_policy(request) + + +def test_get_iam_policy_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_iam_policy(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{resource=organizations/*/sources/*}:getIamPolicy" + % client.transport._host, + args[1], + ) + + +def test_get_iam_policy_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_iam_policy( + iam_policy_pb2.GetIamPolicyRequest(), + resource="resource_value", + ) + + +def test_get_iam_policy_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetNotificationConfigRequest, + dict, + ], +) +def test_get_notification_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/notificationConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = notification_config.NotificationConfig( + name="name_value", + description="description_value", + event_type=notification_config.NotificationConfig.EventType.FINDING, + pubsub_topic="pubsub_topic_value", + service_account="service_account_value", + streaming_config=notification_config.NotificationConfig.StreamingConfig( + filter="filter_value" + ), + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_notification_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, notification_config.NotificationConfig) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.event_type == notification_config.NotificationConfig.EventType.FINDING + ) + assert response.pubsub_topic == "pubsub_topic_value" + assert response.service_account == "service_account_value" + + +def test_get_notification_config_rest_required_fields( + request_type=securitycenter_service.GetNotificationConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = notification_config.NotificationConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_notification_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_notification_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_notification_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_notification_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_notification_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_notification_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetNotificationConfigRequest.pb( + securitycenter_service.GetNotificationConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = notification_config.NotificationConfig.to_json( + notification_config.NotificationConfig() + ) + + request = securitycenter_service.GetNotificationConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = notification_config.NotificationConfig() + + client.get_notification_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_notification_config_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.GetNotificationConfigRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/notificationConfigs/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_notification_config(request) + + +def test_get_notification_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = notification_config.NotificationConfig() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/notificationConfigs/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_notification_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{name=organizations/*/notificationConfigs/*}" + % client.transport._host, + args[1], + ) + + +def test_get_notification_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_notification_config( + securitycenter_service.GetNotificationConfigRequest(), + name="name_value", + ) + + +def test_get_notification_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetOrganizationSettingsRequest, + dict, + ], +) +def test_get_organization_settings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/organizationSettings"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings( + name="name_value", + enable_asset_discovery=True, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = organization_settings.OrganizationSettings.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_organization_settings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, organization_settings.OrganizationSettings) + assert response.name == "name_value" + assert response.enable_asset_discovery is True + + +def test_get_organization_settings_rest_required_fields( + request_type=securitycenter_service.GetOrganizationSettingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_organization_settings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_organization_settings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_organization_settings._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_organization_settings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_organization_settings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_organization_settings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetOrganizationSettingsRequest.pb( + securitycenter_service.GetOrganizationSettingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = organization_settings.OrganizationSettings.to_json( + organization_settings.OrganizationSettings() + ) + + request = securitycenter_service.GetOrganizationSettingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = organization_settings.OrganizationSettings() + + client.get_organization_settings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_organization_settings_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.GetOrganizationSettingsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/organizationSettings"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_organization_settings(request) + + +def test_get_organization_settings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = organization_settings.OrganizationSettings() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/organizationSettings"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = organization_settings.OrganizationSettings.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_organization_settings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{name=organizations/*/organizationSettings}" + % client.transport._host, + args[1], + ) + + +def test_get_organization_settings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_organization_settings( + securitycenter_service.GetOrganizationSettingsRequest(), + name="name_value", + ) + + +def test_get_organization_settings_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GetSourceRequest, + dict, + ], +) +def test_get_source_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.get_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.canonical_name == "canonical_name_value" + + +def test_get_source_rest_required_fields( + request_type=securitycenter_service.GetSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).get_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.get_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_get_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.get_source._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_get_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_get_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GetSourceRequest.pb( + securitycenter_service.GetSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = source.Source.to_json(source.Source()) + + request = securitycenter_service.GetSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = source.Source() + + client.get_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_get_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GetSourceRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.get_source(request) + + +def test_get_source_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = source.Source() + + # get arguments that satisfy an http rule for this method + sample_request = {"name": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.get_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{name=organizations/*/sources/*}" % client.transport._host, + args[1], + ) + + +def test_get_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_source( + securitycenter_service.GetSourceRequest(), + name="name_value", + ) + + +def test_get_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GroupAssetsRequest, + dict, + ], +) +def test_group_assets_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupAssetsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.group_assets(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.GroupAssetsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_group_assets_rest_required_fields( + request_type=securitycenter_service.GroupAssetsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["group_by"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + jsonified_request["groupBy"] = "group_by_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "groupBy" in jsonified_request + assert jsonified_request["groupBy"] == "group_by_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupAssetsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.GroupAssetsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.group_assets(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_group_assets_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.group_assets._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "groupBy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_group_assets_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_group_assets" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_group_assets" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GroupAssetsRequest.pb( + securitycenter_service.GroupAssetsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.GroupAssetsResponse.to_json( + securitycenter_service.GroupAssetsResponse() + ) + + request = securitycenter_service.GroupAssetsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.GroupAssetsResponse() + + client.group_assets( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_group_assets_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GroupAssetsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.group_assets(request) + + +def test_group_assets_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + next_page_token="abc", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[], + next_page_token="def", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.GroupAssetsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.GroupAssetsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.group_assets(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, securitycenter_service.GroupResult) for i in results) + + pages = list(client.group_assets(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.GroupFindingsRequest, + dict, + ], +) +def test_group_findings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.group_findings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.GroupFindingsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_group_findings_rest_required_fields( + request_type=securitycenter_service.GroupFindingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["group_by"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + jsonified_request["groupBy"] = "group_by_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).group_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "groupBy" in jsonified_request + assert jsonified_request["groupBy"] == "group_by_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.GroupFindingsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.group_findings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_group_findings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.group_findings._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "parent", + "groupBy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_group_findings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_group_findings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_group_findings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.GroupFindingsRequest.pb( + securitycenter_service.GroupFindingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + securitycenter_service.GroupFindingsResponse.to_json( + securitycenter_service.GroupFindingsResponse() + ) + ) + + request = securitycenter_service.GroupFindingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.GroupFindingsResponse() + + client.group_findings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_group_findings_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.GroupFindingsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.group_findings(request) + + +def test_group_findings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.GroupFindingsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + group_by="group_by_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.GroupFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.group_findings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*/sources/*}/findings:group" + % client.transport._host, + args[1], + ) + + +def test_group_findings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.group_findings( + securitycenter_service.GroupFindingsRequest(), + parent="parent_value", + group_by="group_by_value", + ) + + +def test_group_findings_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + next_page_token="abc", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[], + next_page_token="def", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.GroupFindingsResponse( + group_by_results=[ + securitycenter_service.GroupResult(), + securitycenter_service.GroupResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.GroupFindingsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + pager = client.group_findings(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, securitycenter_service.GroupResult) for i in results) + + pages = list(client.group_findings(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListAssetsRequest, + dict, + ], +) +def test_list_assets_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListAssetsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_assets(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListAssetsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_list_assets_rest_required_fields( + request_type=securitycenter_service.ListAssetsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_assets._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_assets._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "compare_duration", + "field_mask", + "filter", + "order_by", + "page_size", + "page_token", + "read_time", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListAssetsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_assets(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_assets_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_assets._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "compareDuration", + "fieldMask", + "filter", + "orderBy", + "pageSize", + "pageToken", + "readTime", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_assets_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_assets" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_assets" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListAssetsRequest.pb( + securitycenter_service.ListAssetsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListAssetsResponse.to_json( + securitycenter_service.ListAssetsResponse() + ) + + request = securitycenter_service.ListAssetsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListAssetsResponse() + + client.list_assets( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_assets_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListAssetsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_assets(request) + + +def test_list_assets_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListAssetsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListAssetsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_assets(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*}/assets" % client.transport._host, + args[1], + ) + + +def test_list_assets_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_assets( + securitycenter_service.ListAssetsRequest(), + parent="parent_value", + ) + + +def test_list_assets_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + next_page_token="abc", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[], + next_page_token="def", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListAssetsResponse( + list_assets_results=[ + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + securitycenter_service.ListAssetsResponse.ListAssetsResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListAssetsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_assets(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all( + isinstance(i, securitycenter_service.ListAssetsResponse.ListAssetsResult) + for i in results + ) + + pages = list(client.list_assets(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListFindingsRequest, + dict, + ], +) +def test_list_findings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListFindingsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_findings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListFindingsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_list_findings_rest_required_fields( + request_type=securitycenter_service.ListFindingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_findings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_findings._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "compare_duration", + "field_mask", + "filter", + "order_by", + "page_size", + "page_token", + "read_time", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListFindingsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListFindingsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_findings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_findings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_findings._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "compareDuration", + "fieldMask", + "filter", + "orderBy", + "pageSize", + "pageToken", + "readTime", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_findings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_findings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_findings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListFindingsRequest.pb( + securitycenter_service.ListFindingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListFindingsResponse.to_json( + securitycenter_service.ListFindingsResponse() + ) + + request = securitycenter_service.ListFindingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListFindingsResponse() + + client.list_findings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_findings_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListFindingsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_findings(request) + + +def test_list_findings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListFindingsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListFindingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_findings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*/sources/*}/findings" + % client.transport._host, + args[1], + ) + + +def test_list_findings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_findings( + securitycenter_service.ListFindingsRequest(), + parent="parent_value", + ) + + +def test_list_findings_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListFindingsResponse( + list_findings_results=[ + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + ], + next_page_token="abc", + ), + securitycenter_service.ListFindingsResponse( + list_findings_results=[], + next_page_token="def", + ), + securitycenter_service.ListFindingsResponse( + list_findings_results=[ + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListFindingsResponse( + list_findings_results=[ + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + securitycenter_service.ListFindingsResponse.ListFindingsResult(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListFindingsResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1/sources/sample2"} + + pager = client.list_findings(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all( + isinstance( + i, securitycenter_service.ListFindingsResponse.ListFindingsResult + ) + for i in results + ) + + pages = list(client.list_findings(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListNotificationConfigsRequest, + dict, + ], +) +def test_list_notification_configs_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListNotificationConfigsResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListNotificationConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_notification_configs(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListNotificationConfigsPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_notification_configs_rest_required_fields( + request_type=securitycenter_service.ListNotificationConfigsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_notification_configs._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_notification_configs._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "page_size", + "page_token", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListNotificationConfigsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListNotificationConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_notification_configs(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_notification_configs_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_notification_configs._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "pageSize", + "pageToken", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_notification_configs_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_notification_configs" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_notification_configs" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListNotificationConfigsRequest.pb( + securitycenter_service.ListNotificationConfigsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + securitycenter_service.ListNotificationConfigsResponse.to_json( + securitycenter_service.ListNotificationConfigsResponse() + ) + ) + + request = securitycenter_service.ListNotificationConfigsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListNotificationConfigsResponse() + + client.list_notification_configs( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_notification_configs_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.ListNotificationConfigsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_notification_configs(request) + + +def test_list_notification_configs_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListNotificationConfigsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListNotificationConfigsResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_notification_configs(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*}/notificationConfigs" + % client.transport._host, + args[1], + ) + + +def test_list_notification_configs_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_notification_configs( + securitycenter_service.ListNotificationConfigsRequest(), + parent="parent_value", + ) + + +def test_list_notification_configs_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListNotificationConfigsResponse( + notification_configs=[ + notification_config.NotificationConfig(), + notification_config.NotificationConfig(), + notification_config.NotificationConfig(), + ], + next_page_token="abc", + ), + securitycenter_service.ListNotificationConfigsResponse( + notification_configs=[], + next_page_token="def", + ), + securitycenter_service.ListNotificationConfigsResponse( + notification_configs=[ + notification_config.NotificationConfig(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListNotificationConfigsResponse( + notification_configs=[ + notification_config.NotificationConfig(), + notification_config.NotificationConfig(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListNotificationConfigsResponse.to_json(x) + for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_notification_configs(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all( + isinstance(i, notification_config.NotificationConfig) for i in results + ) + + pages = list(client.list_notification_configs(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.ListSourcesRequest, + dict, + ], +) +def test_list_sources_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse( + next_page_token="next_page_token_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListSourcesResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_sources(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListSourcesPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_sources_rest_required_fields( + request_type=securitycenter_service.ListSourcesRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_sources._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_sources._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "page_size", + "page_token", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = securitycenter_service.ListSourcesResponse.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_sources(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_sources_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_sources._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "pageSize", + "pageToken", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_sources_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_list_sources" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_list_sources" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.ListSourcesRequest.pb( + securitycenter_service.ListSourcesRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = securitycenter_service.ListSourcesResponse.to_json( + securitycenter_service.ListSourcesResponse() + ) + + request = securitycenter_service.ListSourcesRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = securitycenter_service.ListSourcesResponse() + + client.list_sources( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_sources_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.ListSourcesRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_sources(request) + + +def test_list_sources_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = securitycenter_service.ListSourcesResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = securitycenter_service.ListSourcesResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_sources(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*}/sources" % client.transport._host, + args[1], + ) + + +def test_list_sources_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_sources( + securitycenter_service.ListSourcesRequest(), + parent="parent_value", + ) + + +def test_list_sources_rest_pager(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + source.Source(), + source.Source(), + ], + next_page_token="abc", + ), + securitycenter_service.ListSourcesResponse( + sources=[], + next_page_token="def", + ), + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + ], + next_page_token="ghi", + ), + securitycenter_service.ListSourcesResponse( + sources=[ + source.Source(), + source.Source(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple( + securitycenter_service.ListSourcesResponse.to_json(x) for x in response + ) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "organizations/sample1"} + + pager = client.list_sources(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, source.Source) for i in results) + + pages = list(client.list_sources(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.RunAssetDiscoveryRequest, + dict, + ], +) +def test_run_asset_discovery_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.run_asset_discovery(request) + + # Establish that the response is the type that we expect. + assert response.operation.name == "operations/spam" + + +def test_run_asset_discovery_rest_required_fields( + request_type=securitycenter_service.RunAssetDiscoveryRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).run_asset_discovery._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).run_asset_discovery._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.run_asset_discovery(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_run_asset_discovery_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.run_asset_discovery._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("parent",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_run_asset_discovery_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + operation.Operation, "_set_result_from_operation" + ), mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_run_asset_discovery" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_run_asset_discovery" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.RunAssetDiscoveryRequest.pb( + securitycenter_service.RunAssetDiscoveryRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson( + operations_pb2.Operation() + ) + + request = securitycenter_service.RunAssetDiscoveryRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = operations_pb2.Operation() + + client.run_asset_discovery( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_run_asset_discovery_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.RunAssetDiscoveryRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "organizations/sample1"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.run_asset_discovery(request) + + +def test_run_asset_discovery_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name="operations/spam") + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "organizations/sample1"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.run_asset_discovery(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{parent=organizations/*}/assets:runDiscovery" + % client.transport._host, + args[1], + ) + + +def test_run_asset_discovery_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.run_asset_discovery( + securitycenter_service.RunAssetDiscoveryRequest(), + parent="parent_value", + ) + + +def test_run_asset_discovery_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.SetFindingStateRequest, + dict, + ], +) +def test_set_finding_state_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2/findings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + severity=finding.Finding.Severity.CRITICAL, + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.set_finding_state(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + assert response.severity == finding.Finding.Severity.CRITICAL + assert response.canonical_name == "canonical_name_value" + + +def test_set_finding_state_rest_required_fields( + request_type=securitycenter_service.SetFindingStateRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_finding_state._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = "name_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_finding_state._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.set_finding_state(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_set_finding_state_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.set_finding_state._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "name", + "state", + "startTime", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_set_finding_state_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_set_finding_state" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_set_finding_state" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.SetFindingStateRequest.pb( + securitycenter_service.SetFindingStateRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = finding.Finding.to_json(finding.Finding()) + + request = securitycenter_service.SetFindingStateRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = finding.Finding() + + client.set_finding_state( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_set_finding_state_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.SetFindingStateRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"name": "organizations/sample1/sources/sample2/findings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.set_finding_state(request) + + +def test_set_finding_state_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = { + "name": "organizations/sample1/sources/sample2/findings/sample3" + } + + # get truthy value for each flattened field + mock_args = dict( + name="name_value", + state=finding.Finding.State.ACTIVE, + start_time=timestamp_pb2.Timestamp(seconds=751), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.set_finding_state(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{name=organizations/*/sources/*/findings/*}:setState" + % client.transport._host, + args[1], + ) + + +def test_set_finding_state_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.set_finding_state( + securitycenter_service.SetFindingStateRequest(), + name="name_value", + state=finding.Finding.State.ACTIVE, + start_time=timestamp_pb2.Timestamp(seconds=751), + ) + + +def test_set_finding_state_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.SetIamPolicyRequest, + dict, + ], +) +def test_set_iam_policy_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy( + version=774, + etag=b"etag_blob", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.set_iam_policy(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b"etag_blob" + + +def test_set_iam_policy_rest_required_fields( + request_type=iam_policy_pb2.SetIamPolicyRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).set_iam_policy._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.set_iam_policy(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_set_iam_policy_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.set_iam_policy._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "resource", + "policy", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_set_iam_policy_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_set_iam_policy" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_set_iam_policy" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.SetIamPolicyRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson(policy_pb2.Policy()) + + request = iam_policy_pb2.SetIamPolicyRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = policy_pb2.Policy() + + client.set_iam_policy( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_set_iam_policy_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.SetIamPolicyRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.set_iam_policy(request) + + +def test_set_iam_policy_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = policy_pb2.Policy() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.set_iam_policy(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{resource=organizations/*/sources/*}:setIamPolicy" + % client.transport._host, + args[1], + ) + + +def test_set_iam_policy_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.set_iam_policy( + iam_policy_pb2.SetIamPolicyRequest(), + resource="resource_value", + ) + + +def test_set_iam_policy_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + iam_policy_pb2.TestIamPermissionsRequest, + dict, + ], +) +def test_test_iam_permissions_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse( + permissions=["permissions_value"], + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.test_iam_permissions(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, iam_policy_pb2.TestIamPermissionsResponse) + assert response.permissions == ["permissions_value"] + + +def test_test_iam_permissions_rest_required_fields( + request_type=iam_policy_pb2.TestIamPermissionsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request_init["resource"] = "" + request_init["permissions"] = "" + request = request_type(**request_init) + pb_request = request + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).test_iam_permissions._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["resource"] = "resource_value" + jsonified_request["permissions"] = "permissions_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).test_iam_permissions._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "resource" in jsonified_request + assert jsonified_request["resource"] == "resource_value" + assert "permissions" in jsonified_request + assert jsonified_request["permissions"] == "permissions_value" + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request + transcode_result = { + "uri": "v1/sample_method", + "method": "post", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.test_iam_permissions(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_test_iam_permissions_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.test_iam_permissions._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "resource", + "permissions", + ) + ) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_test_iam_permissions_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_test_iam_permissions" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_test_iam_permissions" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = iam_policy_pb2.TestIamPermissionsRequest() + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = json_format.MessageToJson( + iam_policy_pb2.TestIamPermissionsResponse() + ) + + request = iam_policy_pb2.TestIamPermissionsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = iam_policy_pb2.TestIamPermissionsResponse() + + client.test_iam_permissions( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_test_iam_permissions_rest_bad_request( + transport: str = "rest", request_type=iam_policy_pb2.TestIamPermissionsRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"resource": "organizations/sample1/sources/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.test_iam_permissions(request) + + +def test_test_iam_permissions_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = iam_policy_pb2.TestIamPermissionsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"resource": "organizations/sample1/sources/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + resource="resource_value", + permissions=["permissions_value"], + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = return_value + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.test_iam_permissions(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{resource=organizations/*/sources/*}:testIamPermissions" + % client.transport._host, + args[1], + ) + + +def test_test_iam_permissions_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.test_iam_permissions( + iam_policy_pb2.TestIamPermissionsRequest(), + resource="resource_value", + permissions=["permissions_value"], + ) + + +def test_test_iam_permissions_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateFindingRequest, + dict, + ], +) +def test_update_finding_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "finding": {"name": "organizations/sample1/sources/sample2/findings/sample3"} + } + request_init["finding"] = { + "name": "organizations/sample1/sources/sample2/findings/sample3", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": { + "name": "name_value", + "marks": {}, + "canonical_name": "canonical_name_value", + }, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + "severity": 1, + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding( + name="name_value", + parent="parent_value", + resource_name="resource_name_value", + state=gcs_finding.Finding.State.ACTIVE, + category="category_value", + external_uri="external_uri_value", + severity=gcs_finding.Finding.Severity.CRITICAL, + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_finding(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_finding.Finding) + assert response.name == "name_value" + assert response.parent == "parent_value" + assert response.resource_name == "resource_name_value" + assert response.state == gcs_finding.Finding.State.ACTIVE + assert response.category == "category_value" + assert response.external_uri == "external_uri_value" + assert response.severity == gcs_finding.Finding.Severity.CRITICAL + assert response.canonical_name == "canonical_name_value" + + +def test_update_finding_rest_required_fields( + request_type=securitycenter_service.UpdateFindingRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_finding._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_finding._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_finding(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_finding_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_finding._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("finding",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_finding_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_finding" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_finding" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateFindingRequest.pb( + securitycenter_service.UpdateFindingRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_finding.Finding.to_json(gcs_finding.Finding()) + + request = securitycenter_service.UpdateFindingRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_finding.Finding() + + client.update_finding( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_finding_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.UpdateFindingRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "finding": {"name": "organizations/sample1/sources/sample2/findings/sample3"} + } + request_init["finding"] = { + "name": "organizations/sample1/sources/sample2/findings/sample3", + "parent": "parent_value", + "resource_name": "resource_name_value", + "state": 1, + "category": "category_value", + "external_uri": "external_uri_value", + "source_properties": {}, + "security_marks": { + "name": "name_value", + "marks": {}, + "canonical_name": "canonical_name_value", + }, + "event_time": {"seconds": 751, "nanos": 543}, + "create_time": {}, + "severity": 1, + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_finding(request) + + +def test_update_finding_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_finding.Finding() + + # get arguments that satisfy an http rule for this method + sample_request = { + "finding": { + "name": "organizations/sample1/sources/sample2/findings/sample3" + } + } + + # get truthy value for each flattened field + mock_args = dict( + finding=gcs_finding.Finding(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_finding.Finding.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_finding(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{finding.name=organizations/*/sources/*/findings/*}" + % client.transport._host, + args[1], + ) + + +def test_update_finding_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_finding( + securitycenter_service.UpdateFindingRequest(), + finding=gcs_finding.Finding(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_finding_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateNotificationConfigRequest, + dict, + ], +) +def test_update_notification_config_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "notification_config": { + "name": "organizations/sample1/notificationConfigs/sample2" + } + } + request_init["notification_config"] = { + "name": "organizations/sample1/notificationConfigs/sample2", + "description": "description_value", + "event_type": 1, + "pubsub_topic": "pubsub_topic_value", + "service_account": "service_account_value", + "streaming_config": {"filter": "filter_value"}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig( + name="name_value", + description="description_value", + event_type=gcs_notification_config.NotificationConfig.EventType.FINDING, + pubsub_topic="pubsub_topic_value", + service_account="service_account_value", + streaming_config=gcs_notification_config.NotificationConfig.StreamingConfig( + filter="filter_value" + ), + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_notification_config(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_notification_config.NotificationConfig) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.event_type + == gcs_notification_config.NotificationConfig.EventType.FINDING + ) + assert response.pubsub_topic == "pubsub_topic_value" + assert response.service_account == "service_account_value" + + +def test_update_notification_config_rest_required_fields( + request_type=securitycenter_service.UpdateNotificationConfigRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_notification_config._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_notification_config._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_notification_config.NotificationConfig.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_notification_config(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_notification_config_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_notification_config._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("notificationConfig",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_notification_config_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_notification_config" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_notification_config" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateNotificationConfigRequest.pb( + securitycenter_service.UpdateNotificationConfigRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_notification_config.NotificationConfig.to_json( + gcs_notification_config.NotificationConfig() + ) + + request = securitycenter_service.UpdateNotificationConfigRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_notification_config.NotificationConfig() + + client.update_notification_config( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_notification_config_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateNotificationConfigRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "notification_config": { + "name": "organizations/sample1/notificationConfigs/sample2" + } + } + request_init["notification_config"] = { + "name": "organizations/sample1/notificationConfigs/sample2", + "description": "description_value", + "event_type": 1, + "pubsub_topic": "pubsub_topic_value", + "service_account": "service_account_value", + "streaming_config": {"filter": "filter_value"}, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_notification_config(request) + + +def test_update_notification_config_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_notification_config.NotificationConfig() + + # get arguments that satisfy an http rule for this method + sample_request = { + "notification_config": { + "name": "organizations/sample1/notificationConfigs/sample2" + } + } + + # get truthy value for each flattened field + mock_args = dict( + notification_config=gcs_notification_config.NotificationConfig( + name="name_value" + ), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_notification_config.NotificationConfig.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_notification_config(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{notification_config.name=organizations/*/notificationConfigs/*}" + % client.transport._host, + args[1], + ) + + +def test_update_notification_config_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_notification_config( + securitycenter_service.UpdateNotificationConfigRequest(), + notification_config=gcs_notification_config.NotificationConfig( + name="name_value" + ), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_notification_config_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateOrganizationSettingsRequest, + dict, + ], +) +def test_update_organization_settings_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "organization_settings": {"name": "organizations/sample1/organizationSettings"} + } + request_init["organization_settings"] = { + "name": "organizations/sample1/organizationSettings", + "enable_asset_discovery": True, + "asset_discovery_config": { + "project_ids": ["project_ids_value1", "project_ids_value2"], + "inclusion_mode": 1, + "folder_ids": ["folder_ids_value1", "folder_ids_value2"], + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings( + name="name_value", + enable_asset_discovery=True, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_organization_settings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_organization_settings.OrganizationSettings) + assert response.name == "name_value" + assert response.enable_asset_discovery is True + + +def test_update_organization_settings_rest_required_fields( + request_type=securitycenter_service.UpdateOrganizationSettingsRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_organization_settings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_organization_settings._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_organization_settings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_organization_settings_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_organization_settings._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("organizationSettings",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_organization_settings_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_organization_settings" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_organization_settings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateOrganizationSettingsRequest.pb( + securitycenter_service.UpdateOrganizationSettingsRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = ( + gcs_organization_settings.OrganizationSettings.to_json( + gcs_organization_settings.OrganizationSettings() + ) + ) + + request = securitycenter_service.UpdateOrganizationSettingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_organization_settings.OrganizationSettings() + + client.update_organization_settings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_organization_settings_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateOrganizationSettingsRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "organization_settings": {"name": "organizations/sample1/organizationSettings"} + } + request_init["organization_settings"] = { + "name": "organizations/sample1/organizationSettings", + "enable_asset_discovery": True, + "asset_discovery_config": { + "project_ids": ["project_ids_value1", "project_ids_value2"], + "inclusion_mode": 1, + "folder_ids": ["folder_ids_value1", "folder_ids_value2"], + }, + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_organization_settings(request) + + +def test_update_organization_settings_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_organization_settings.OrganizationSettings() + + # get arguments that satisfy an http rule for this method + sample_request = { + "organization_settings": { + "name": "organizations/sample1/organizationSettings" + } + } + + # get truthy value for each flattened field + mock_args = dict( + organization_settings=gcs_organization_settings.OrganizationSettings( + name="name_value" + ), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_organization_settings.OrganizationSettings.pb( + return_value + ) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_organization_settings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{organization_settings.name=organizations/*/organizationSettings}" + % client.transport._host, + args[1], + ) + + +def test_update_organization_settings_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_organization_settings( + securitycenter_service.UpdateOrganizationSettingsRequest(), + organization_settings=gcs_organization_settings.OrganizationSettings( + name="name_value" + ), + ) + + +def test_update_organization_settings_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateSourceRequest, + dict, + ], +) +def test_update_source_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"source": {"name": "organizations/sample1/sources/sample2"}} + request_init["source"] = { + "name": "organizations/sample1/sources/sample2", + "display_name": "display_name_value", + "description": "description_value", + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source( + name="name_value", + display_name="display_name_value", + description="description_value", + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_source(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_source.Source) + assert response.name == "name_value" + assert response.display_name == "display_name_value" + assert response.description == "description_value" + assert response.canonical_name == "canonical_name_value" + + +def test_update_source_rest_required_fields( + request_type=securitycenter_service.UpdateSourceRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_source._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_source._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_source(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_source_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_source._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask",)) & set(("source",))) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_source_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_source" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_source" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateSourceRequest.pb( + securitycenter_service.UpdateSourceRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_source.Source.to_json(gcs_source.Source()) + + request = securitycenter_service.UpdateSourceRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_source.Source() + + client.update_source( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_source_rest_bad_request( + transport: str = "rest", request_type=securitycenter_service.UpdateSourceRequest +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"source": {"name": "organizations/sample1/sources/sample2"}} + request_init["source"] = { + "name": "organizations/sample1/sources/sample2", + "display_name": "display_name_value", + "description": "description_value", + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_source(request) + + +def test_update_source_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_source.Source() + + # get arguments that satisfy an http rule for this method + sample_request = {"source": {"name": "organizations/sample1/sources/sample2"}} + + # get truthy value for each flattened field + mock_args = dict( + source=gcs_source.Source(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_source.Source.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_source(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{source.name=organizations/*/sources/*}" + % client.transport._host, + args[1], + ) + + +def test_update_source_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_source( + securitycenter_service.UpdateSourceRequest(), + source=gcs_source.Source(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_source_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +@pytest.mark.parametrize( + "request_type", + [ + securitycenter_service.UpdateSecurityMarksRequest, + dict, + ], +) +def test_update_security_marks_rest(request_type): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = { + "security_marks": {"name": "organizations/sample1/assets/sample2/securityMarks"} + } + request_init["security_marks"] = { + "name": "organizations/sample1/assets/sample2/securityMarks", + "marks": {}, + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks( + name="name_value", + canonical_name="canonical_name_value", + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.update_security_marks(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, gcs_security_marks.SecurityMarks) + assert response.name == "name_value" + assert response.canonical_name == "canonical_name_value" + + +def test_update_security_marks_rest_required_fields( + request_type=securitycenter_service.UpdateSecurityMarksRequest, +): + transport_class = transports.SecurityCenterRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_security_marks._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).update_security_marks._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "start_time", + "update_mask", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "patch", + "query_params": pb_request, + } + transcode_result["body"] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.update_security_marks(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_update_security_marks_rest_unset_required_fields(): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.update_security_marks._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "startTime", + "updateMask", + ) + ) + & set(("securityMarks",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_security_marks_rest_interceptors(null_interceptor): + transport = transports.SecurityCenterRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.SecurityCenterRestInterceptor(), + ) + client = SecurityCenterClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.SecurityCenterRestInterceptor, "post_update_security_marks" + ) as post, mock.patch.object( + transports.SecurityCenterRestInterceptor, "pre_update_security_marks" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = securitycenter_service.UpdateSecurityMarksRequest.pb( + securitycenter_service.UpdateSecurityMarksRequest() + ) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = gcs_security_marks.SecurityMarks.to_json( + gcs_security_marks.SecurityMarks() + ) + + request = securitycenter_service.UpdateSecurityMarksRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = gcs_security_marks.SecurityMarks() + + client.update_security_marks( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_update_security_marks_rest_bad_request( + transport: str = "rest", + request_type=securitycenter_service.UpdateSecurityMarksRequest, +): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = { + "security_marks": {"name": "organizations/sample1/assets/sample2/securityMarks"} + } + request_init["security_marks"] = { + "name": "organizations/sample1/assets/sample2/securityMarks", + "marks": {}, + "canonical_name": "canonical_name_value", + } + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.update_security_marks(request) + + +def test_update_security_marks_rest_flattened(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = gcs_security_marks.SecurityMarks() + + # get arguments that satisfy an http rule for this method + sample_request = { + "security_marks": { + "name": "organizations/sample1/assets/sample2/securityMarks" + } + } + + # get truthy value for each flattened field + mock_args = dict( + security_marks=gcs_security_marks.SecurityMarks(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = gcs_security_marks.SecurityMarks.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_security_marks(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1p1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}" + % client.transport._host, + args[1], + ) + + +def test_update_security_marks_rest_flattened_error(transport: str = "rest"): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_security_marks( + securitycenter_service.UpdateSecurityMarksRequest(), + security_marks=gcs_security_marks.SecurityMarks(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_security_marks_rest_error(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide an api_key and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + options = client_options.ClientOptions() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options=options, + transport=transport, + ) + + # It is an error to provide an api_key and a credential. + options = mock.Mock() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options=options, credentials=ga_credentials.AnonymousCredentials() + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SecurityCenterClient( + client_options={"scopes": ["1", "2"]}, + transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = SecurityCenterClient(transport=transport) + assert client.transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.SecurityCenterGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.SecurityCenterGrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + transports.SecurityCenterRestTransport, + ], +) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + + +@pytest.mark.parametrize( + "transport_name", + [ + "grpc", + "rest", + ], +) +def test_transport_kind(transport_name): + transport = SecurityCenterClient.get_transport_class(transport_name)( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert transport.kind == transport_name + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance( + client.transport, + transports.SecurityCenterGrpcTransport, + ) + + +def test_security_center_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.SecurityCenterTransport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_security_center_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.securitycenter_v1p1beta1.services.security_center.transports.SecurityCenterTransport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.SecurityCenterTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + "create_source", + "create_finding", + "create_notification_config", + "delete_notification_config", + "get_iam_policy", "get_notification_config", "get_organization_settings", "get_source", @@ -7939,6 +14972,7 @@ def test_security_center_transport_auth_adc(transport_class): [ transports.SecurityCenterGrpcTransport, transports.SecurityCenterGrpcAsyncIOTransport, + transports.SecurityCenterRestTransport, ], ) def test_security_center_transport_auth_gdch_credentials(transport_class): @@ -8036,11 +15070,40 @@ def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_cl ) +def test_security_center_http_transport_client_cert_source_for_mtls(): + cred = ga_credentials.AnonymousCredentials() + with mock.patch( + "google.auth.transport.requests.AuthorizedSession.configure_mtls_channel" + ) as mock_configure_mtls_channel: + transports.SecurityCenterRestTransport( + credentials=cred, client_cert_source_for_mtls=client_cert_source_callback + ) + mock_configure_mtls_channel.assert_called_once_with(client_cert_source_callback) + + +def test_security_center_rest_lro_client(): + client = SecurityCenterClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.AbstractOperationsClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + @pytest.mark.parametrize( "transport_name", [ "grpc", "grpc_asyncio", + "rest", ], ) def test_security_center_host_no_port(transport_name): @@ -8051,7 +15114,11 @@ def test_security_center_host_no_port(transport_name): ), transport=transport_name, ) - assert client.transport._host == ("securitycenter.googleapis.com:443") + assert client.transport._host == ( + "securitycenter.googleapis.com:443" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com" + ) @pytest.mark.parametrize( @@ -8059,6 +15126,7 @@ def test_security_center_host_no_port(transport_name): [ "grpc", "grpc_asyncio", + "rest", ], ) def test_security_center_host_with_port(transport_name): @@ -8069,7 +15137,99 @@ def test_security_center_host_with_port(transport_name): ), transport=transport_name, ) - assert client.transport._host == ("securitycenter.googleapis.com:8000") + assert client.transport._host == ( + "securitycenter.googleapis.com:8000" + if transport_name in ["grpc", "grpc_asyncio"] + else "https://securitycenter.googleapis.com:8000" + ) + + +@pytest.mark.parametrize( + "transport_name", + [ + "rest", + ], +) +def test_security_center_client_transport_session_collision(transport_name): + creds1 = ga_credentials.AnonymousCredentials() + creds2 = ga_credentials.AnonymousCredentials() + client1 = SecurityCenterClient( + credentials=creds1, + transport=transport_name, + ) + client2 = SecurityCenterClient( + credentials=creds2, + transport=transport_name, + ) + session1 = client1.transport.create_source._session + session2 = client2.transport.create_source._session + assert session1 != session2 + session1 = client1.transport.create_finding._session + session2 = client2.transport.create_finding._session + assert session1 != session2 + session1 = client1.transport.create_notification_config._session + session2 = client2.transport.create_notification_config._session + assert session1 != session2 + session1 = client1.transport.delete_notification_config._session + session2 = client2.transport.delete_notification_config._session + assert session1 != session2 + session1 = client1.transport.get_iam_policy._session + session2 = client2.transport.get_iam_policy._session + assert session1 != session2 + session1 = client1.transport.get_notification_config._session + session2 = client2.transport.get_notification_config._session + assert session1 != session2 + session1 = client1.transport.get_organization_settings._session + session2 = client2.transport.get_organization_settings._session + assert session1 != session2 + session1 = client1.transport.get_source._session + session2 = client2.transport.get_source._session + assert session1 != session2 + session1 = client1.transport.group_assets._session + session2 = client2.transport.group_assets._session + assert session1 != session2 + session1 = client1.transport.group_findings._session + session2 = client2.transport.group_findings._session + assert session1 != session2 + session1 = client1.transport.list_assets._session + session2 = client2.transport.list_assets._session + assert session1 != session2 + session1 = client1.transport.list_findings._session + session2 = client2.transport.list_findings._session + assert session1 != session2 + session1 = client1.transport.list_notification_configs._session + session2 = client2.transport.list_notification_configs._session + assert session1 != session2 + session1 = client1.transport.list_sources._session + session2 = client2.transport.list_sources._session + assert session1 != session2 + session1 = client1.transport.run_asset_discovery._session + session2 = client2.transport.run_asset_discovery._session + assert session1 != session2 + session1 = client1.transport.set_finding_state._session + session2 = client2.transport.set_finding_state._session + assert session1 != session2 + session1 = client1.transport.set_iam_policy._session + session2 = client2.transport.set_iam_policy._session + assert session1 != session2 + session1 = client1.transport.test_iam_permissions._session + session2 = client2.transport.test_iam_permissions._session + assert session1 != session2 + session1 = client1.transport.update_finding._session + session2 = client2.transport.update_finding._session + assert session1 != session2 + session1 = client1.transport.update_notification_config._session + session2 = client2.transport.update_notification_config._session + assert session1 != session2 + session1 = client1.transport.update_organization_settings._session + session2 = client2.transport.update_organization_settings._session + assert session1 != session2 + session1 = client1.transport.update_source._session + session2 = client2.transport.update_source._session + assert session1 != session2 + session1 = client1.transport.update_security_marks._session + session2 = client2.transport.update_security_marks._session + assert session1 != session2 def test_security_center_grpc_transport_channel(): @@ -8541,6 +15701,7 @@ async def test_transport_close_async(): def test_transport_close(): transports = { + "rest": "_session", "grpc": "_grpc_channel", } @@ -8558,6 +15719,7 @@ def test_transport_close(): def test_client_ctx(): transports = [ + "rest", "grpc", ] for transport in transports: