feat: Added a new API method UpdateExternalSystem (#256)

.. which enables updating a finding w/ external system metadata. External systems are a child resource under finding, and are housed on the finding itself, and can also be filtered on in Notifications, the ListFindings and GroupFindings API.

- [ ] Regenerate this pull request now.

PiperOrigin-RevId: 411093163

Source-Link: googleapis/googleapis@be8f988

Source-Link: https://github.com/googleapis/googleapis-gen/commit/186665a0ff6acaf9bf6d5ef0cef663dd828b48a7
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMTg2NjY1YTBmZjZhY2FmOWJmNmQ1ZWYwY2VmNjYzZGQ4MjhiNDhhNyJ9

Author: gcf-owl-bot[bot]

google/cloud/securitycenter/__init__.py

@@ -22,6 +22,7 @@
 )
 
 from google.cloud.securitycenter_v1.types.asset import Asset
+from google.cloud.securitycenter_v1.types.external_system import ExternalSystem
 from google.cloud.securitycenter_v1.types.finding import Finding
 from google.cloud.securitycenter_v1.types.folder import Folder
 from google.cloud.securitycenter_v1.types.indicator import Indicator
@@ -122,6 +123,9 @@
     SetFindingStateRequest,
 )
 from google.cloud.securitycenter_v1.types.securitycenter_service import SetMuteRequest
+from google.cloud.securitycenter_v1.types.securitycenter_service import (
+    UpdateExternalSystemRequest,
+)
 from google.cloud.securitycenter_v1.types.securitycenter_service import (
     UpdateFindingRequest,
 )
@@ -150,6 +154,7 @@
     "SecurityCenterClient",
     "SecurityCenterAsyncClient",
     "Asset",
+    "ExternalSystem",
     "Finding",
     "Folder",
     "Indicator",
@@ -190,6 +195,7 @@
     "RunAssetDiscoveryRequest",
     "SetFindingStateRequest",
     "SetMuteRequest",
+    "UpdateExternalSystemRequest",
     "UpdateFindingRequest",
     "UpdateMuteConfigRequest",
     "UpdateNotificationConfigRequest",

google/cloud/securitycenter_v1/__init__.py

@@ -18,6 +18,7 @@
 from .services.security_center import SecurityCenterAsyncClient
 
 from .types.asset import Asset
+from .types.external_system import ExternalSystem
 from .types.finding import Finding
 from .types.folder import Folder
 from .types.indicator import Indicator
@@ -58,6 +59,7 @@
 from .types.securitycenter_service import RunAssetDiscoveryRequest
 from .types.securitycenter_service import SetFindingStateRequest
 from .types.securitycenter_service import SetMuteRequest
+from .types.securitycenter_service import UpdateExternalSystemRequest
 from .types.securitycenter_service import UpdateFindingRequest
 from .types.securitycenter_service import UpdateMuteConfigRequest
 from .types.securitycenter_service import UpdateNotificationConfigRequest
@@ -83,6 +85,7 @@
     "Cvssv3",
     "DeleteMuteConfigRequest",
     "DeleteNotificationConfigRequest",
+    "ExternalSystem",
     "Finding",
     "Folder",
     "GetMuteConfigRequest",
@@ -118,6 +121,7 @@
     "SetFindingStateRequest",
     "SetMuteRequest",
     "Source",
+    "UpdateExternalSystemRequest",
     "UpdateFindingRequest",
     "UpdateMuteConfigRequest",
     "UpdateNotificationConfigRequest",

google/cloud/securitycenter_v1/gapic_metadata.json

@@ -130,6 +130,11 @@
                 "test_iam_permissions"
               ]
             },
+            "UpdateExternalSystem": {
+              "methods": [
+                "update_external_system"
+              ]
+            },
             "UpdateFinding": {
               "methods": [
                 "update_finding"
@@ -285,6 +290,11 @@
                 "test_iam_permissions"
               ]
             },
+            "UpdateExternalSystem": {
+              "methods": [
+                "update_external_system"
+              ]
+            },
             "UpdateFinding": {
               "methods": [
                 "update_finding"

google/cloud/securitycenter_v1/services/security_center/async_client.py

@@ -34,6 +34,7 @@
 from google.api_core import operation  # type: ignore
 from google.api_core import operation_async  # type: ignore
 from google.cloud.securitycenter_v1.services.security_center import pagers
+from google.cloud.securitycenter_v1.types import external_system as gcs_external_system
 from google.cloud.securitycenter_v1.types import finding
 from google.cloud.securitycenter_v1.types import finding as gcs_finding
 from google.cloud.securitycenter_v1.types import indicator
@@ -74,6 +75,10 @@ class SecurityCenterAsyncClient:
 
     asset_path = staticmethod(SecurityCenterClient.asset_path)
     parse_asset_path = staticmethod(SecurityCenterClient.parse_asset_path)
+    external_system_path = staticmethod(SecurityCenterClient.external_system_path)
+    parse_external_system_path = staticmethod(
+        SecurityCenterClient.parse_external_system_path
+    )
     finding_path = staticmethod(SecurityCenterClient.finding_path)
     parse_finding_path = staticmethod(SecurityCenterClient.parse_finding_path)
     mute_config_path = staticmethod(SecurityCenterClient.mute_config_path)
@@ -2406,6 +2411,91 @@ async def test_iam_permissions(
         # Done; return the response.
         return response
 
+    async def update_external_system(
+        self,
+        request: Union[securitycenter_service.UpdateExternalSystemRequest, dict] = None,
+        *,
+        external_system: gcs_external_system.ExternalSystem = None,
+        update_mask: field_mask_pb2.FieldMask = None,
+        retry: OptionalRetry = gapic_v1.method.DEFAULT,
+        timeout: float = None,
+        metadata: Sequence[Tuple[str, str]] = (),
+    ) -> gcs_external_system.ExternalSystem:
+        r"""Updates external system. This is for a given finding.
+
+        Args:
+            request (Union[google.cloud.securitycenter_v1.types.UpdateExternalSystemRequest, dict]):
+                The request object. Request message for updating a
+                ExternalSystem resource.
+            external_system (:class:`google.cloud.securitycenter_v1.types.ExternalSystem`):
+                Required. The external system
+                resource to update.
+
+                This corresponds to the ``external_system`` field
+                on the ``request`` instance; if ``request`` is provided, this
+                should not be set.
+            update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
+                The FieldMask to use when updating
+                the external system resource.
+                If empty all mutable fields will be
+                updated.
+
+                This corresponds to the ``update_mask`` field
+                on the ``request`` instance; if ``request`` is provided, this
+                should not be set.
+            retry (google.api_core.retry.Retry): Designation of what errors, if any,
+                should be retried.
+            timeout (float): The timeout for this request.
+            metadata (Sequence[Tuple[str, str]]): Strings which should be
+                sent along with the request as metadata.
+
+        Returns:
+            google.cloud.securitycenter_v1.types.ExternalSystem:
+                Representation of third party
+                SIEM/SOAR fields within SCC.
+
+        """
+        # Create or coerce a protobuf request object.
+        # Sanity check: If we got a request object, we should *not* have
+        # gotten any keyword arguments that map to the request.
+        has_flattened_params = any([external_system, update_mask])
+        if request is not None and has_flattened_params:
+            raise ValueError(
+                "If the `request` argument is set, then none of "
+                "the individual field arguments should be set."
+            )
+
+        request = securitycenter_service.UpdateExternalSystemRequest(request)
+
+        # If we have keyword arguments corresponding to fields on the
+        # request, apply these.
+        if external_system is not None:
+            request.external_system = external_system
+        if update_mask is not None:
+            request.update_mask = update_mask
+
+        # Wrap the RPC method; this adds retry and timeout information,
+        # and friendly error handling.
+        rpc = gapic_v1.method_async.wrap_method(
+            self._client._transport.update_external_system,
+            default_timeout=None,
+            client_info=DEFAULT_CLIENT_INFO,
+        )
+
+        # Certain fields should be provided within the metadata header;
+        # add these here.
+        metadata = tuple(metadata) + (
+            gapic_v1.routing_header.to_grpc_metadata(
+                (("external_system.name", request.external_system.name),)
+            ),
+        )
+
+        # Send the request.
+        response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+        # Done; return the response.
+        return response
+
     async def update_finding(
         self,
         request: Union[securitycenter_service.UpdateFindingRequest, dict] = None,

google/cloud/securitycenter_v1/services/security_center/client.py

@@ -37,6 +37,7 @@
 from google.api_core import operation  # type: ignore
 from google.api_core import operation_async  # type: ignore
 from google.cloud.securitycenter_v1.services.security_center import pagers
+from google.cloud.securitycenter_v1.types import external_system as gcs_external_system
 from google.cloud.securitycenter_v1.types import finding
 from google.cloud.securitycenter_v1.types import finding as gcs_finding
 from google.cloud.securitycenter_v1.types import indicator
@@ -200,6 +201,27 @@ def parse_asset_path(path: str) -> Dict[str, str]:
         )
         return m.groupdict() if m else {}
 
+    @staticmethod
+    def external_system_path(
+        organization: str, source: str, finding: str, externalsystem: str,
+    ) -> str:
+        """Returns a fully-qualified external_system string."""
+        return "organizations/{organization}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}".format(
+            organization=organization,
+            source=source,
+            finding=finding,
+            externalsystem=externalsystem,
+        )
+
+    @staticmethod
+    def parse_external_system_path(path: str) -> Dict[str, str]:
+        """Parses a external_system path into its component segments."""
+        m = re.match(
+            r"^organizations/(?P<organization>.+?)/sources/(?P<source>.+?)/findings/(?P<finding>.+?)/externalSystems/(?P<externalsystem>.+?)$",
+            path,
+        )
+        return m.groupdict() if m else {}
+
     @staticmethod
     def finding_path(organization: str, source: str, finding: str,) -> str:
         """Returns a fully-qualified finding string."""
@@ -2584,6 +2606,91 @@ def test_iam_permissions(
         # Done; return the response.
         return response
 
+    def update_external_system(
+        self,
+        request: Union[securitycenter_service.UpdateExternalSystemRequest, dict] = None,
+        *,
+        external_system: gcs_external_system.ExternalSystem = None,
+        update_mask: field_mask_pb2.FieldMask = None,
+        retry: OptionalRetry = gapic_v1.method.DEFAULT,
+        timeout: float = None,
+        metadata: Sequence[Tuple[str, str]] = (),
+    ) -> gcs_external_system.ExternalSystem:
+        r"""Updates external system. This is for a given finding.
+
+        Args:
+            request (Union[google.cloud.securitycenter_v1.types.UpdateExternalSystemRequest, dict]):
+                The request object. Request message for updating a
+                ExternalSystem resource.
+            external_system (google.cloud.securitycenter_v1.types.ExternalSystem):
+                Required. The external system
+                resource to update.
+
+                This corresponds to the ``external_system`` field
+                on the ``request`` instance; if ``request`` is provided, this
+                should not be set.
+            update_mask (google.protobuf.field_mask_pb2.FieldMask):
+                The FieldMask to use when updating
+                the external system resource.
+                If empty all mutable fields will be
+                updated.
+
+                This corresponds to the ``update_mask`` field
+                on the ``request`` instance; if ``request`` is provided, this
+                should not be set.
+            retry (google.api_core.retry.Retry): Designation of what errors, if any,
+                should be retried.
+            timeout (float): The timeout for this request.
+            metadata (Sequence[Tuple[str, str]]): Strings which should be
+                sent along with the request as metadata.
+
+        Returns:
+            google.cloud.securitycenter_v1.types.ExternalSystem:
+                Representation of third party
+                SIEM/SOAR fields within SCC.
+
+        """
+        # Create or coerce a protobuf request object.
+        # Sanity check: If we got a request object, we should *not* have
+        # gotten any keyword arguments that map to the request.
+        has_flattened_params = any([external_system, update_mask])
+        if request is not None and has_flattened_params:
+            raise ValueError(
+                "If the `request` argument is set, then none of "
+                "the individual field arguments should be set."
+            )
+
+        # Minor optimization to avoid making a copy if the user passes
+        # in a securitycenter_service.UpdateExternalSystemRequest.
+        # There's no risk of modifying the input as we've already verified
+        # there are no flattened fields.
+        if not isinstance(request, securitycenter_service.UpdateExternalSystemRequest):
+            request = securitycenter_service.UpdateExternalSystemRequest(request)
+            # If we have keyword arguments corresponding to fields on the
+            # request, apply these.
+            if external_system is not None:
+                request.external_system = external_system
+            if update_mask is not None:
+                request.update_mask = update_mask
+
+        # Wrap the RPC method; this adds retry and timeout information,
+        # and friendly error handling.
+        rpc = self._transport._wrapped_methods[self._transport.update_external_system]
+
+        # Certain fields should be provided within the metadata header;
+        # add these here.
+        metadata = tuple(metadata) + (
+            gapic_v1.routing_header.to_grpc_metadata(
+                (("external_system.name", request.external_system.name),)
+            ),
+        )
+
+        # Send the request.
+        response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+        # Done; return the response.
+        return response
+
     def update_finding(
         self,
         request: Union[securitycenter_service.UpdateFindingRequest, dict] = None,

google/cloud/securitycenter_v1/services/security_center/transports/base.py

@@ -26,6 +26,7 @@
 from google.auth import credentials as ga_credentials  # type: ignore
 from google.oauth2 import service_account  # type: ignore
 
+from google.cloud.securitycenter_v1.types import external_system as gcs_external_system
 from google.cloud.securitycenter_v1.types import finding
 from google.cloud.securitycenter_v1.types import finding as gcs_finding
 from google.cloud.securitycenter_v1.types import mute_config
@@ -349,6 +350,11 @@ def _prep_wrapped_messages(self, client_info):
                 default_timeout=60.0,
                 client_info=client_info,
             ),
+            self.update_external_system: gapic_v1.method.wrap_method(
+                self.update_external_system,
+                default_timeout=None,
+                client_info=client_info,
+            ),
             self.update_finding: gapic_v1.method.wrap_method(
                 self.update_finding, default_timeout=60.0, client_info=client_info,
             ),
@@ -638,6 +644,18 @@ def test_iam_permissions(
     ]:
         raise NotImplementedError()
 
+    @property
+    def update_external_system(
+        self,
+    ) -> Callable[
+        [securitycenter_service.UpdateExternalSystemRequest],
+        Union[
+            gcs_external_system.ExternalSystem,
+            Awaitable[gcs_external_system.ExternalSystem],
+        ],
+    ]:
+        raise NotImplementedError()
+
     @property
     def update_finding(
         self,