2 space indent

dandye · dandye · commit 031ed8537652 · 2025-03-07T18:06:50.000-05:00
diff --git a/search/v1alpha/asset_events_find.py b/search/v1alpha/asset_events_find.py
@@ -43,16 +43,15 @@
 MAX_RESULTS_LIMIT = 250000
 
 
-def find_asset_events(
-    http_session: requests.AuthorizedSession,
-    proj_id: str,
-    proj_instance: str,
-    proj_region: str,
-    asset_indicator: str,
-    start_time: str,
-    end_time: str,
-    reference_time: Optional[str] = None,
-    max_results: Optional[int] = None) -> None:
+def find_asset_events(http_session: requests.AuthorizedSession,
+                      proj_id: str,
+                      proj_instance: str,
+                      proj_region: str,
+                      asset_indicator: str,
+                      start_time: str,
+                      end_time: str,
+                      reference_time: Optional[str] = None,
+                      max_results: Optional[int] = None) -> None:
     """Find asset events in Chronicle using the Legacy Find Asset Events API.
 
     Args:
@@ -75,32 +74,31 @@ def find_asset_events(
     chronicle.legacies.legacyFindAssetEvents
     """
     # Validate and parse the times to ensure they're in RFC3339 format
-    for time_str in [start_time, end_time, reference_time] if reference_time else [start_time, end_time]:
+    for time_str in [start_time, end_time, reference_time
+                    ] if reference_time else [start_time, end_time]:
         try:
             datetime.strptime(time_str, "%Y-%m-%dT%H:%M:%SZ")
         except ValueError as e:
             if "does not match format" in str(e):
                 raise ValueError(
-                    f"Time '{time_str}' must be in RFC3339 format (e.g., '2024-01-01T00:00:00Z')") from e
+                    f"Time '{time_str}' must be in RFC3339 format (e.g., '2024-01-01T00:00:00Z')"
+                ) from e
             raise
 
     base_url_with_region = regions.url_always_prepend_region(
-        CHRONICLE_API_BASE_URL,
-        proj_region
-    )
+        CHRONICLE_API_BASE_URL, proj_region)
     instance = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
     url = f"{base_url_with_region}/v1alpha/{instance}/legacy:legacyFindAssetEvents"
 
     # Build query parameters
     params = [
         f"assetIndicator={asset_indicator}",
-        f"timeRange.startTime={start_time}",
-        f"timeRange.endTime={end_time}"
+        f"timeRange.startTime={start_time}", f"timeRange.endTime={end_time}"
     ]
-    
+
     if reference_time:
         params.append(f"referenceTime={reference_time}")
-    
+
     if max_results:
         # Ensure max_results is within bounds
         max_results = min(max(1, max_results), MAX_RESULTS_LIMIT)
@@ -112,13 +110,15 @@ def find_asset_events(
     if response.status_code >= 400:
         print(response.text)
     response.raise_for_status()
-    
+
     result = response.json()
     print(json.dumps(result, indent=2))
-    
+
     if result.get("more_data_available"):
-        print("\nWarning: More data is available but was not returned due to maxResults limit.")
-    
+        print(
+            "\nWarning: More data is available but was not returned due to maxResults limit."
+        )
+
     if result.get("uri"):
         print("\nBackstory UI URLs:")
         for uri in result["uri"]:
@@ -137,7 +137,9 @@ def find_asset_events(
         "--asset_indicator",
         type=str,
         required=True,
-        help="JSON string containing the asset indicator (e.g., '{\"hostname\": \"example.com\"}')")
+        help=
+        "JSON string containing the asset indicator (e.g., '{\"hostname\": \"example.com\"}')"
+    )
     parser.add_argument(
         "--start_time",
         type=str,
@@ -155,21 +157,16 @@ def find_asset_events(
     parser.add_argument(
         "--max_results",
         type=int,
-        help=f"Maximum number of results to return (default: {DEFAULT_MAX_RESULTS}, max: {MAX_RESULTS_LIMIT})")
+        help=
+        f"Maximum number of results to return (default: {DEFAULT_MAX_RESULTS}, max: {MAX_RESULTS_LIMIT})"
+    )
 
     args = parser.parse_args()
 
     auth_session = chronicle_auth.initialize_http_session(
         args.credentials_file,
         SCOPES,
     )
-    find_asset_events(
-        auth_session,
-        args.project_id,
-        args.project_instance,
-        args.region,
-        args.asset_indicator,
-        args.start_time,
-        args.end_time,
-        args.reference_time,
-        args.max_results)
+    find_asset_events(auth_session, args.project_id, args.project_instance,
+                      args.region, args.asset_indicator, args.start_time,
+                      args.end_time, args.reference_time, args.max_results)
diff --git a/search/v1alpha/raw_logs_find.py b/search/v1alpha/raw_logs_find.py
@@ -41,17 +41,16 @@
 DEFAULT_MAX_RESPONSE_SIZE = 52428800  # 50MiB in bytes
 
 
-def find_raw_logs(
-    http_session: requests.AuthorizedSession,
-    proj_id: str,
-    proj_instance: str,
-    proj_region: str,
-    query: str,
-    batch_tokens: Optional[List[str]] = None,
-    log_ids: Optional[List[str]] = None,
-    regex_search: bool = False,
-    case_sensitive: bool = False,
-    max_response_size: Optional[int] = None) -> None:
+def find_raw_logs(http_session: requests.AuthorizedSession,
+                  proj_id: str,
+                  proj_instance: str,
+                  proj_region: str,
+                  query: str,
+                  batch_tokens: Optional[List[str]] = None,
+                  log_ids: Optional[List[str]] = None,
+                  regex_search: bool = False,
+                  case_sensitive: bool = False,
+                  max_response_size: Optional[int] = None) -> None:
     """Find raw logs in Chronicle using the Legacy Find Raw Logs API.
 
     Args:
@@ -75,9 +74,7 @@ def find_raw_logs(
     chronicle.legacies.legacyFindRawLogs
     """
     base_url_with_region = regions.url_always_prepend_region(
-        CHRONICLE_API_BASE_URL,
-        proj_region
-    )
+        CHRONICLE_API_BASE_URL, proj_region)
     instance = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
     url = f"{base_url_with_region}/v1alpha/{instance}/legacy:legacyFindRawLogs"
 
@@ -102,10 +99,10 @@ def find_raw_logs(
     if response.status_code >= 400:
         print(response.text)
     response.raise_for_status()
-    
+
     result = response.json()
     print(json.dumps(result, indent=2))
-    
+
     if result.get("too_many_results"):
         print("\nWarning: Some results were omitted due to too many matches.")
 
@@ -126,42 +123,40 @@ def find_raw_logs(
     parser.add_argument(
         "--batch_tokens",
         type=str,
-        help='JSON string containing a list of batch tokens (e.g., \'["token1", "token2"]\')')
+        help=
+        'JSON string containing a list of batch tokens (e.g., \'["token1", "token2"]\')'
+    )
     parser.add_argument(
         "--log_ids",
         type=str,
-        help='JSON string containing a list of raw log IDs (e.g., \'["id1", "id2"]\')')
-    parser.add_argument(
-        "--regex_search",
-        action="store_true",
-        help="Whether to treat the query as a regex pattern")
-    parser.add_argument(
-        "--case_sensitive",
-        action="store_true",
-        help="Whether to perform a case-sensitive search")
+        help=
+        'JSON string containing a list of raw log IDs (e.g., \'["id1", "id2"]\')'
+    )
+    parser.add_argument("--regex_search",
+                        action="store_true",
+                        help="Whether to treat the query as a regex pattern")
+    parser.add_argument("--case_sensitive",
+                        action="store_true",
+                        help="Whether to perform a case-sensitive search")
     parser.add_argument(
         "--max_response_size",
         type=int,
-        help=f"Maximum response size in bytes (default: {DEFAULT_MAX_RESPONSE_SIZE})")
+        help=
+        f"Maximum response size in bytes (default: {DEFAULT_MAX_RESPONSE_SIZE})"
+    )
 
     args = parser.parse_args()
-    
+
     # Convert JSON strings to lists if provided
-    batch_tokens_list = json.loads(args.batch_tokens) if args.batch_tokens else None
+    batch_tokens_list = json.loads(
+        args.batch_tokens) if args.batch_tokens else None
     log_ids_list = json.loads(args.log_ids) if args.log_ids else None
 
     auth_session = chronicle_auth.initialize_http_session(
         args.credentials_file,
         SCOPES,
     )
-    find_raw_logs(
-        auth_session,
-        args.project_id,
-        args.project_instance,
-        args.region,
-        args.query,
-        batch_tokens_list,
-        log_ids_list,
-        args.regex_search,
-        args.case_sensitive,
-        args.max_response_size)
+    find_raw_logs(auth_session, args.project_id, args.project_instance,
+                  args.region, args.query, batch_tokens_list, log_ids_list,
+                  args.regex_search, args.case_sensitive,
+                  args.max_response_size)
diff --git a/search/v1alpha/udm_events_find.py b/search/v1alpha/udm_events_find.py
