Added resume_case_alerts_sla to soar_api for Case Playbook support

[arunk794]

Title: Add resume_case_alerts_sla to soar_api for Case Playbook support

---

Description

Provide a detailed description of your changes. This helps reviewers understand your work and its context.

What problem does this PR solve? It addresses the requirement of the Case Playbook feature where we need to update all alerts in a case, specifically for resuming the SLA. Previously, soar_api only had resume_alert_sla which handled a single alert. This PR allows bulk resumption of SLA for all alerts associated with a case.

How does this PR solve the problem? I added a new method resume_case_alerts_sla in soar_api.py. This function takes a case ID and a list of alert identifiers, iterates through the alerts in a loop, and calls the existing resume_alert_sla method for each one one-by-one.

Any other relevant information (e.g., design choices, tradeoffs, known issues): This change was implemented as an iterative function on top of the existing single-alert functionality to minimize risk and avoid regressions in the core API logic. It does not affect the current functionality of resume_alert_sla.

---

Checklist:

Please ensure you have completed the following items before submitting your PR.
This helps us review your contribution faster and more efficiently.

General Checks:

• I have read and followed the project's contributing.md guide.
• My code follows the project's coding style guidelines.
• I have performed a self-review of my own code.
• My changes do not introduce any new warnings.
• My changes pass all existing tests.
• I have added new tests where appropriate to cover my changes. (If applicable)
• I have updated the documentation where necessary (e.g., README, API docs). (If applicable)

Open-Source Specific Checks:

• My changes do not introduce any Personally Identifiable Information (PII) or sensitive customer data.
• My changes do not expose any internal-only code examples, configurations, or URLs.
• All code examples, comments, and messages are generic and suitable for a public repository.
• I understand that any internal context or sensitive details related to this work are handled separately in internal systems (Buganizer for Google team members).

For Google Team Members and Reviewers Only:

• I have included the Buganizer ID in the PR title or description (e.g., "Internal Buganizer ID: 123456789" or "Related Buganizer: go/buganizer/123456789").
• I have ensured that all internal discussions and PII related to this work remain in Buganizer.
• I have tagged the PR with one or more labels that reflect the pull request purpose.

---

Screenshots (If Applicable)

If your changes involve UI or visual elements, please include screenshots or GIFs here.
Ensure any sensitive data is redacted or generalized.

---

Further Comments / Questions

Any additional comments, questions, or areas where you'd like specific feedback.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request primarily enhances the soar_api by adding a crucial capability for case playbooks: the ability to resume SLA for multiple alerts within a case simultaneously. Beyond this new feature, significant refactoring was undertaken to standardize API response parsing and improve API endpoint construction, making the API more consistent and maintainable. These changes aim to streamline operations and improve the overall reliability of API interactions.

Highlights

• Bulk SLA Resumption for Case Alerts: Introduced a new function, resume_case_alerts_sla, to the soar_api which enables the bulk resumption of SLA for multiple alerts associated with a specific case. This function iterates through a list of alert identifiers and calls the existing resume_alert_sla for each, providing a centralized way to manage alert SLAs within a case playbook context.
• API Response Standardization: Refactored several API response parsing mechanisms within soar_api.py to consistently use a generic 'items' key instead of specific plural keys like 'connectorInstances', 'customFields', 'caseAlerts', and 'integrationInstances'. This change standardizes how list-based API responses are handled across various functions.
• API Endpoint Construction Refinement: Updated the method for constructing API URLs by removing the get_sdk_api_uri utility and instead utilizing urllib.parse.urljoin with explicit endpoint definitions. This improves robustness and clarity in API endpoint management.
• Package Version Updates: Incremented the version numbers for the integration-testing and TIPCommon packages from 2.3.5 to 2.3.6.
• Removed Case Close Comment Functionality: The CaseCloseComment data model and the associated get_case_close_comment function were removed from soar_api.py, indicating a change in how case closure comments are handled or retrieved.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the integration-testing and TIPCommon packages to version 2.3.6. Key changes in soar_api.py include migrating API endpoints to the external V1 structure, standardizing response parsing to use the 'items' key, and adding the resume_case_alerts_sla function. Feedback identifies a typo in a dictionary key fallback, a mismatch between the return type hint and actual return value in get_email_template, and docstring style violations where types were redundantly included in the Args and Returns sections.

[gemini-code-assist]

There is a typo in the fallback key name: case_alrets should be case_alerts.

Suggested change

	alerts_data = results.pop("caseAlerts", results.pop("case_alrets", []))
	alerts_data = results.pop("caseAlerts", results.pop("case_alerts", []))

[gemini-code-assist]

The return type hint for get_email_template is incorrectly set to EmailTemplate, but the implementation returns a list of templates. Additionally, the docstring should include a Returns section as per Google style and the repository style guide (line 91).

) -> list[EmailTemplate]:
    """Get email templates.

    Args:
        chronicle_soar: A chronicle soar SDK object.

    Returns:
        A list of email templates.
    """

References

1. All function parameters and return types must be annotated. Docstrings should follow Google Style. ^(link)

[gemini-code-assist]

According to the repository style guide (line 91), types should not be repeated in the Args or Returns sections of the docstring as they are already defined in the function signature.

Suggested change

	Args:
	chronicle_soar (ChronicleSoar): A chronicle soar SDK object
	case_id (int): Chronicle SOAR case ID
	alert_identifiers (list[str]): List of Chronicle SOAR Alert Identifiers
	message (str): Chronicle SOAR message
	Returns:
	tuple[list[str], list[str]]: Success and failed alert identifiers.
	Args:
	chronicle_soar: A chronicle soar SDK object.
	case_id: Chronicle SOAR case ID.
	alert_identifiers: List of Chronicle SOAR Alert Identifiers.
	message: Chronicle SOAR message.
	Returns:
	Success and failed alert identifiers.

References

1. Do not repeat types in the Args or Returns sections. Types should be inferred from the function signature's type hints. ^(link)