Implement All Integration Functions

[PaperMtn]

feat: Implement All Integration Management Functions

Summary

This PR Adds implementation for all SOAR integration management capabilities to the SecOps SDK. It includes:

• SDK modules
• ChronicleClient methods
• CLI commands
• Unit tests
• Full documentation.

---

New SDK Modules (src/secops/chronicle/integration/)

Module	Description
integrations.py	List, get, create, delete, download, export, diff, transition (staging/production), and manage integrations
actions.py	CRUD, test execution, template fetching, and environment-based retrieval for integration actions
action_revisions.py	List, create, delete, and rollback action revisions
connectors.py	CRUD, test execution, and template fetching for integration connectors
connector_revisions.py	List, create, delete, and rollback connector revisions
connector_context_properties.py	CRUD and bulk-delete for connector context properties
connector_instances.py	CRUD, on-demand execution, latest definition fetch, and log collection management for connector instances
connector_instance_logs.py	List and get connector instance logs
jobs.py	CRUD, test execution, and template fetching for integration jobs
job_revisions.py	List, create, delete, and rollback job revisions
job_context_properties.py	CRUD and bulk-delete for job context properties
job_instances.py	CRUD, on-demand execution for job instances
job_instance_logs.py	List and get job instance logs
managers.py	CRUD and template fetching for integration managers
manager_revisions.py	List, get, create, delete, and rollback manager revisions
integration_instances.py	CRUD, test execution, affected items, and default instance retrieval for integration instances
transformers.py	CRUD, test execution, and template fetching for integration transformers
transformer_revisions.py	List, create, delete, and rollback transformer revisions
logical_operators.py	CRUD, test execution, and template fetching for integration logical operators
logical_operator_revisions.py	List, create, delete, and rollback logical operator revisions
marketplace_integrations.py	List, get, diff, install, and uninstall marketplace integrations

---

New Utility Helpers (src/secops/chronicle/utils/)

New helpers added for consistency and deduplication:

• Unit tests added for each

format_utils.py

• format_resource_id() — Extracts the final ID segment from a full Chronicle resource path (e.g. projects/.../instances/.../abc123 → abc123). Safely passes through plain IDs.
  • Allows users to pass either the full resource name or just the ID to functions
• parse_json_list() — Accepts either a list[dict] or a JSON string and returns a parsed list. Used for parameter inputs (e.g. --parameters '[{"name":"p1"}]').
• build_patch_body() — Builds a PATCH request body and updateMask query param from a list of (api_key, mask_key, value) tuples. Auto-generates the update mask from non-None fields, or accepts an explicit override.

request_utils.py

• chronicle_request_bytes() — New helper for endpoints that return raw bytes (used by download_integration and download_integration_dependency).
  • Allows expansion into API functions that download objects

---

New Data Models (src/secops/chronicle/models.py)

Enums:

• PythonVersion — V2_7, V3_7, V3_11
• DiffType — COMMERCIAL, PRODUCTION, STAGING
• TargetMode — PRODUCTION, STAGING
• IntegrationType — RESPONSE, EXTENSION
• IntegrationParamType — BOOLEAN, INT, STRING, PASSWORD, IP, URL, DOMAIN, EMAIL, VALUES_LIST, etc.
• ActionParamType — STRING, BOOLEAN, WFS_REPOSITORY, USER_REPOSITORY, STAGES_REPOSITORY
• ActionType — PING, CONNECTOR, JOB, etc.
• ParamType — For connector parameters
• ConnectorParamMode — REQUIRED, OPTIONAL, etc.
• ConnectorRuleType — Rule types for connector definitions
• ScheduleType — ONE_TIME, DAILY, WEEKLY, MONTHLY, ADVANCED
• DayOfWeek — MONDAY through SUNDAY
• IntegrationParameterType — For integration instance parameters
• ConnectorConnectivityStatus — CONNECTED, DISCONNECTED, etc.
• TransformerType — Transformer definition types
• LogicalOperatorType — Logical operator definition types

Dataclasses:

• IntegrationParam — Integration-level parameter definition
• ActionParameter — Action parameter with type and validation
• ConnectorParameter — Connector parameter with mode and rules
• ConnectorRule — Connector rule definition
• IntegrationJobInstanceParameter — Job instance parameter
• Date, TimeOfDay — Date/time components for scheduling
• OneTimeScheduleDetails, DailyScheduleDetails, WeeklyScheduleDetails, MonthlyScheduleDetails — Schedule configuration
• AdvancedConfig — Advanced scheduling (cron-like)
• JobParameter — Job definition parameter
• IntegrationInstanceParameter — Integration instance parameter
• ConnectorInstanceParameter — Connector instance parameter
• TransformerDefinitionParameter — Transformer parameter
• IntegrationLogicalOperatorParameter — Logical operator parameter

---

CLI Commands (src/secops/cli/commands/integration/)

Added a complete secops integration CLI command tree with 21 subcommand modules, all registered via integration_client.py:

CLI Subcommand	Operations
secops integration integrations	list, get, create, delete, download, download-dependency, export-items, get-affected-items, get-agent, get-diff, get-dependencies, get-restricted-agents, transition, update, update-custom
secops integration actions	list, get, create, update, delete, test, template
secops integration action-revisions	list, create, delete, rollback
secops integration connectors	list, get, create, update, delete, test, template
secops integration connector-revisions	list, create, delete, rollback
secops integration connector-context-properties	list, get, create, update, delete, delete-all
secops integration connector-instance-logs	list, get
secops integration connector-instances	list, get, create, update, delete, run-on-demand, get-latest-definition, set-logs-collection
secops integration jobs	list, get, create, update, delete, test, template
secops integration job-revisions	list, create, delete, rollback
secops integration job-context-properties	list, get, create, update, delete, delete-all
secops integration job-instance-logs	list, get
secops integration job-instances	list, get, create, update, delete, run-on-demand
secops integration managers	list, get, create, update, delete, template
secops integration manager-revisions	list, get, create, delete, rollback
secops integration instances	list, get, create, update, delete, test, get-affected-items, get-default
secops integration transformers	list, get, create, update, delete, test, template
secops integration transformer-revisions	list, create, delete, rollback
secops integration logical-operators	list, get, create, update, delete, test, template
secops integration logical-operator-revisions	list, create, delete, rollback
secops integration marketplace	list, get, diff, install, uninstall

---

Tests

Unit Tests - SDK Modules (tests/chronicle/integration/)

• test_integrations.py
• test_actions.py, test_action_revisions.py
• test_connectors.py, test_connector_revisions.py
• test_connector_context_properties.py, test_connector_instance_logs.py, test_connector_instances.py
• test_jobs.py, test_job_revisions.py
• test_job_context_properties.py, test_job_instance_logs.py, test_job_instances.py
• test_managers.py, test_manager_revisions.py
• test_integration_instances.py
• test_transformers.py, test_transformer_revisions.py
• test_logical_operators.py, test_logical_operator_revisions.py

Unit Tests - Marketplace (tests/chronicle/)

• test_marketplace_integrations.py

Unit Tests - Utility Helpers (tests/chronicle/utils/)

• test_format_utils.py -Tests for format_resource_id, parse_json_list, build_patch_body
• test_request_utils.py - Tests for chronicle_request_bytes and updated request helpers

---

Documentation Updates

README.md

SDK usage examples for every new module, following the established format:

• Integration management (list, get, create, delete, download, export, diff, transition)
• Actions (CRUD, test, template, environment-based retrieval)
• Action Revisions (list, create, delete, rollback, safe update workflow)
• Connectors (CRUD, test, template)
• Connector Revisions, Context Properties, Instance Logs, Instances
• Jobs (CRUD, test, template)
• Job Revisions, Context Properties, Instance Logs, Instances
• Managers (CRUD, template) and Manager Revisions
• Integration Instances (CRUD, test, affected items, default instance)
• Transformers (CRUD, test, template) and Transformer Revisions
• Logical Operators (CRUD, test, template) and Logical Operator Revisions
• Marketplace Integrations (list, get, diff, install, uninstall)

CLI.md

CLI usage documentation with bash examples for all integration subcommands, including workflow examples for revision-based safe updates.

api_module_mapping.md

• Updated endpoint count: v1: 17, v1beta: 88, v1alpha: 203
• Added CLI command column entries for all implemented integration endpoints across v1beta and v1alpha
• Added all new endpoint-to-module mappings

---

ChronicleClient Updates

• client.py - All new integration module functions added as ChronicleClient methods with full docstrings
• __init__.py - All new functions exported in __all__ and publicly importable from secops.chronicle

---

API Version Support

All integration modules support both v1beta (default) and v1alpha via the api_version parameter, except:

• Transformers - v1alpha only
• Transformer Revisions - v1alpha only
• Logical Operators - v1alpha only
• Logical Operator Revisions - v1alpha only

[mihirvala08]

@PaperMtn Thank you for the impressive contribution!

Would it be possible to divide this into smaller PRs? maybe few modules at a time?
That way it would be easier to review and maintain code quality!

[PaperMtn]

@mihirvala08 sure, i'll work on getting it split up