feat: expose forwarder methods to chronicle client and CLI

CHANGELOG.md

@@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.15.0] - 2025-09-04
+### Added
+- Support for following forwarder methods:
+  - Patch forwarder
+  - Delete forwarder
+- CLI command for following forwarder:
+  - Create forwarder
+  - Get forwarder
+  - List Forwarder
+  - Get Or Create forwarder
+- Chronicle client methods for forwarder:
+  - Create forwarder
+  - Get forwarder
+  - List forwarder
+
 ## [0.14.2] - 2025-09-03
 ### Added
 - Support for list basis and time window params in list detections method.

CLI.md

@@ -204,6 +204,63 @@ secops log types --search "windows"
 
 > **Note:** Chronicle uses parsers to process and normalize raw log data into UDM format. If you're ingesting logs for a custom format, you may need to create or configure parsers. See the [Parser Management](#parser-management) section for details on managing parsers.
 
+### Forwarder Management
+
+Log forwarders in Chronicle are used to ingest logs with specific configurations. The CLI provides commands for creating and managing forwarders.
+
+#### Create a new forwarder:
+
+```bash
+# Create a basic forwarder
+secops forwarder create --display-name "my-custom-forwarder"
+
+# Create a forwarder with metadata and http settings
+secops forwarder create --display-name "my-forwarder" --metadata '{"environment":"prod","team":"security"}' --upload-compression true --enable-server true --http-settings '{"port":80,"host":"example.com"}'
+```
+
+#### List all forwarders:
+
+```bash
+# List forwarders with default page size (50)
+secops forwarder list
+
+# List forwarders with custom page size
+secops forwarder list --page-size 100
+```
+
+#### Get forwarder details:
+
+```bash
+# Get a specific forwarder by ID
+secops forwarder get --id "1234567890"
+```
+
+#### Get or create a forwarder:
+
+```bash
+# Get an existing forwarder by display name or create a new one if it doesn't exist
+secops forwarder get-or-create --display-name "my-app-forwarder"
+```
+
+#### Update a forwarder:
+
+```bash
+# Update a forwarder's display name
+secops forwarder update --id "1234567890" --display-name "updated-forwarder-name"
+
+# Update a forwarder with multiple properties
+secops forwarder update --id "1234567890" --display-name "prod-forwarder" --upload-compression true --http-settings '{"port":80,"host":"example.com"}'
+
+# Update specific fields using update mask
+secops forwarder update --id "1234567890" --display-name "prod-forwarder" --update-mask "display_name"
+```
+
+#### Delete a forwarder:
+
+```bash
+# Delete a forwarder by ID
+secops forwarder delete --id "1234567890"
+```
 
 ### Generate UDM Key/Value Mapping
 

README.md

@@ -314,6 +314,121 @@ result = chronicle.ingest_log(
 )
 ```
 
+### Forwarder Management
+
+Chronicle log forwarders are essential for handling log ingestion with specific configurations. The SDK provides comprehensive methods for creating and managing forwarders:
+
+#### Create a new forwarder
+
+```python
+# Create a basic forwarder with just a display name
+forwarder = chronicle.create_forwarder(display_name="MyAppForwarder")
+
+# Create a forwarder with optional configuration
+forwarder = chronicle.create_forwarder(
+    display_name="ProductionForwarder",
+    metadata={"labels": {"env": "prod"}},
+    upload_compression=True,  # Enable upload compression for efficiency
+    enable_server=False  # Server functionality disabled,
+    http_settings={
+        "port":8080,
+        "host":"192.168.0.100",
+        "routeSettings":{
+            "availableStatusCode": 200,
+            "readyStatusCode": 200,
+            "unreadyStatusCode": 500
+        }
+    }
+)
+
+print(f"Created forwarder with ID: {forwarder['name'].split('/')[-1]}")
+```
+
+#### List all forwarders
+
+Retrieve all forwarders in your Chronicle environment with pagination support:
+
+```python
+# Get the default page size (50)
+forwarders = chronicle.list_forwarders()
+
+# Get forwarders with custom page size
+forwarders = chronicle.list_forwarders(page_size=100)
+
+# Process the forwarders
+for forwarder in forwarders.get("forwarders", []):
+    forwarder_id = forwarder.get("name", "").split("/")[-1]
+    display_name = forwarder.get("displayName", "")
+    create_time = forwarder.get("createTime", "")
+    print(f"Forwarder ID: {forwarder_id}, Name: {display_name}, Created: {create_time}")
+```
+
+#### Get forwarder details
+
+Retrieve details about a specific forwarder using its ID:
+
+```python
+# Get a specific forwarder using its ID
+forwarder_id = "1234567890"
+forwarder = chronicle.get_forwarder(forwarder_id=forwarder_id)
+
+# Access forwarder properties
+display_name = forwarder.get("displayName", "")
+metadata = forwarder.get("metadata", {})
+server_enabled = forwarder.get("enableServer", False)
+
+print(f"Forwarder {display_name} details:")
+print(f"  Metadata: {metadata}")
+print(f"  Server enabled: {server_enabled}")
+```
+
+#### Get or create a forwarder
+
+Retrieve an existing forwarder by display name or create a new one if it doesn't exist:
+
+```python
+# Try to find a forwarder with the specified display name
+# If not found, create a new one with that display name
+forwarder = chronicle.get_or_create_forwarder(display_name="ApplicationLogForwarder")
+
+# Extract the forwarder ID for use in log ingestion
+forwarder_id = forwarder["name"].split("/")[-1]
+```
+
+#### Update a forwarder
+
+Update an existing forwarder's configuration with specific properties:
+
+```python
+# Update a forwarder with new properties
+forwarder = chronicle.update_forwarder(
+    forwarder_id="1234567890",
+    display_name="UpdatedForwarderName",
+    metadata={"labels": {"env": "prod"}},
+    upload_compression=True
+)
+
+# Update specific fields using update mask
+forwarder = chronicle.update_forwarder(
+    forwarder_id="1234567890",
+    display_name="ProdForwarder",
+    update_mask=["display_name"]
+)
+
+print(f"Updated forwarder: {forwarder['name']}")
+```
+
+#### Delete a forwarder
+
+Delete an existing forwarder by its ID:
+
+```python
+# Delete a forwarder by ID
+chronicle.delete_forwarder(forwarder_id="1234567890")
+
+print("Forwarder deleted successfully")
+```
+
 5. Use custom timestamps:
 ```python
 from datetime import datetime, timedelta, timezone

api_module_mapping.md

@@ -197,13 +197,13 @@ Following shows mapping between SecOps [REST Resource](https://cloud.google.com/
 |forwarders.collectors.get                                                     |v1alpha|                                                            |                                       |
 |forwarders.collectors.list                                                    |v1alpha|                                                            |                                       |
 |forwarders.collectors.patch                                                   |v1alpha|                                                            |                                       |
-|forwarders.create                                                             |v1alpha|chronicle.log_ingest.create_forwarder                       |                                       |
-|forwarders.delete                                                             |v1alpha|                                                            |                                       |
+|forwarders.create                                                             |v1alpha|chronicle.log_ingest.create_forwarder                       |secops forwarder create                                       |
+|forwarders.delete                                                             |v1alpha|chronicle.log_ingest.delete_forwarder                       |secops forwarder delete                                       |
 |forwarders.generateForwarderFiles                                             |v1alpha|                                                            |                                       |
-|forwarders.get                                                                |v1alpha|chronicle.log_ingest.get_forwarder                          |                                       |
+|forwarders.get                                                                |v1alpha|chronicle.log_ingest.get_forwarder                       |secops forwarder get                                       |
 |forwarders.importStatsEvents                                                  |v1alpha|                                                            |                                       |
-|forwarders.list                                                               |v1alpha|chronicle.log_ingest.list_forwarders                        |                                       |
-|forwarders.patch                                                              |v1alpha|                                                            |                                       |
+|forwarders.list                                                               |v1alpha|chronicle.log_ingest.list_forwarder                       |secops forwarder list                                       |
+|forwarders.patch                                                              |v1alpha|chronicle.log_ingest.update_forwarder                       |secops forwarder update                                       |
 |generateCollectionAgentAuth                                                   |v1alpha|                                                            |                                       |
 |generateSoarAuthJwt                                                           |v1alpha|                                                            |                                       |
 |generateUdmKeyValueMappings                                                   |v1alpha|                                                            |                                       |