novafarma/gcloud auth application-default login/google-cloud-sdk/lib/surface/scc/bqexports/update.py

# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""Command for updating a Cloud Security Command Center BigQuery export."""

from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals

from googlecloudsdk.api_lib.scc import securitycenter_client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.scc import flags as scc_flags
from googlecloudsdk.command_lib.scc import util as scc_util
from googlecloudsdk.command_lib.scc.bqexports import bqexport_util
from googlecloudsdk.command_lib.scc.bqexports import flags as bqexport_flags
from googlecloudsdk.core import log
from googlecloudsdk.core import properties


@base.ReleaseTracks(base.ReleaseTrack.GA)
class Update(base.UpdateCommand):
  """Update a Security Command Center BigQuery export."""

  detailed_help = {
      'DESCRIPTION': """\
      Update a Security Command Center BigQuery export.

      BigQuery exports that are created with Security Command Center API V2 and
      later include a `location` attribute. If the `location` attribute is
      included in the resource name of a BigQuery export, you must specify it
      when referencing the export. For example, the following BigQuery export
      name has `location=eu`:
      `organizations/123/locations/eu/bigQueryExports/test-bq-export`.
      """,
      'EXAMPLES': """\
      Update a BigQuery export with id `test-bq-export` under organization `123`
      with a dataset `abc` in project `234` and a filter on category that equals
      to `XSS_SCRIPTING`:

        $ gcloud scc bqexports update test-bq-export \
          --organization=123 \
          --dataset=projects/234/datasets/abc \
          --description="This is a test BigQuery export" \
          --filter="category=\\"XSS_SCRIPTING\\""

      Update a BigQuery export with id `test-bq-export` under folder `456` with
      a dataset `abc` in project `234` and a filter on category that equals to
      `XSS_SCRIPTING`:

        $ gcloud scc bqexports update test-bq-export --folder=456 \
          --dataset=projects/234/datasets/abc \
          --description="This is a test BigQuery export" \
          --filter="category=\\"XSS_SCRIPTING\\""

      Update a BigQuery export with id `test-bq-export` under project `789` with
      a dataset `abc` in project `234` and a filter on category that equals to
      `XSS_SCRIPTING`:

        $ gcloud scc bqexports update test-bq-export \
          --project=789 --dataset=projects/234/datasets/abc \
          --description="This is a test BigQuery export" \
          --filter="category=\\"XSS_SCRIPTING\\""

      Update a BigQuery export `test-bq-export` in organization `123` and
      `location=global`. This command updates the target dataset to
      `projects/234/datasets/abc`, the export description to `This is a test
      BigQuery export` and the export filter to `XSS_SCRIPTING`:

        $ gcloud scc bqexports update test-bq-export \
          --organization=123 \
          --dataset=projects/234/datasets/abc \
          --description="This is a test BigQuery export" \
          --filter="category=\\"XSS_SCRIPTING\\"" \
          --location=global
      """,
      'API REFERENCE': """\
      This command uses the Security Command Center API. For more information,
      see [Security Command Center API.](https://cloud.google.com/security-command-center/docs/reference/rest)
      """,
  }

  @staticmethod
  def Args(parser):
    bqexport_flags.DATASET_FLAG_OPTIONAL.AddToParser(parser)
    bqexport_flags.DESCRIPTION_FLAG.AddToParser(parser)
    bqexport_flags.FILTER_FLAG.AddToParser(parser)
    bqexport_flags.UPDATE_MASK_FLAG.AddToParser(parser)

    bqexport_flags.AddBigQueryPositionalArgument(parser)
    bqexport_flags.AddParentGroup(parser)

    parser.display_info.AddFormat(properties.VALUES.core.default_format.Get())

    scc_flags.API_VERSION_FLAG.AddToParser(parser)
    scc_flags.LOCATION_FLAG.AddToParser(parser)

  def Run(self, args):

    # Determine what version to call from --location and --api-version. The
    # BigQuery export is a version_specific_existing_resource that may not be
    # accessed through v2 if it currently exists in v1, and vice versa.
    version = scc_util.GetVersionFromArguments(
        args, args.BIG_QUERY_EXPORT, version_specific_existing_resource=True
    )
    messages = securitycenter_client.GetMessages(version)
    client = securitycenter_client.GetClient(version)

    if version == 'v1':
      req = messages.SecuritycenterOrganizationsBigQueryExportsPatchRequest()
      req.name = bqexport_util.ValidateAndGetBigQueryExportV1Name(args)
      export = messages.GoogleCloudSecuritycenterV1BigQueryExport()
      req.googleCloudSecuritycenterV1BigQueryExport = export
      endpoint = client.organizations_bigQueryExports
    else:
      req = (
          messages.SecuritycenterOrganizationsLocationsBigQueryExportsPatchRequest()
      )
      req.name = bqexport_util.ValidateAndGetBigQueryExportV2Name(args)
      export = messages.GoogleCloudSecuritycenterV2BigQueryExport()
      req.googleCloudSecuritycenterV2BigQueryExport = export
      endpoint = client.organizations_locations_bigQueryExports

    computed_update_mask = []

    if args.IsKnownAndSpecified('dataset'):
      computed_update_mask.append('dataset')
      export.dataset = args.dataset
    if args.IsKnownAndSpecified('description'):
      computed_update_mask.append('description')
      export.description = args.description
    if args.IsKnownAndSpecified('filter'):
      computed_update_mask.append('filter')
      export.filter = args.filter

    # If the user supplies an update mask, use that regardless of the supplied
    # fields.
    if args.IsKnownAndSpecified('update_mask'):
      req.updateMask = args.update_mask
    else:
      req.updateMask = ','.join(computed_update_mask)

    # Set the args' filter to None to avoid downstream naming conflicts.
    args.filter = None

    bq_export_response = endpoint.Patch(req)
    log.status.Print('Updated.')
    return bq_export_response