From 64921b820d610e48b8e92b6dfaf5e3c8707ecf3f Mon Sep 17 00:00:00 2001
From: grokas <grokas@splunk.com>
Date: Mon, 16 Dec 2024 13:21:42 -0800
Subject: [PATCH] PAPP-35194 release email action

---
 ciscosma.json         | 47 +++++++++++++++++++++++++++++++++++++++++++
 ciscosma_connector.py | 34 +++++++++++++++++++++++++++++++
 ciscosma_consts.py    |  1 +
 3 files changed, 82 insertions(+)

diff --git a/ciscosma.json b/ciscosma.json
index 2607031..dd2e02f 100644
--- a/ciscosma.json
+++ b/ciscosma.json
@@ -294,6 +294,53 @@
             ],
             "versions": "EQ(*)"
         },
+        {
+            "action": "release email",
+            "identifier": "release_email",
+            "description": "Release a quarantined email message",
+            "type": "generic",
+            "read_only": false,
+            "parameters": {
+                "message_id": {
+                    "description": "Message ID (mid) to release",
+                    "data_type": "string",
+                    "required": true,
+                    "order": 0,
+                    "contains": ["cisco sma message id"]
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.parameter.message_id",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.action",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.totalCount",
+                    "data_type": "numeric"
+                },
+                {
+                    "data_path": "action_result.summary.total_released",
+                    "data_type": "numeric"
+                },
+                {
+                    "data_path": "action_result.summary.action",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string"
+                }
+            ],
+            "versions": "EQ(*)"
+        },
         {
             "action": "search tracking messages",
             "identifier": "search_tracking_messages",
diff --git a/ciscosma_connector.py b/ciscosma_connector.py
index 8083578..6346f4b 100644
--- a/ciscosma_connector.py
+++ b/ciscosma_connector.py
@@ -26,6 +26,7 @@
     CISCOSMA_GET_MESSAGE_DETAILS_ENDPOINT,
     CISCOSMA_GET_MESSAGE_TRACKING_DETAILS_ENDPOINT,
     CISCOSMA_GET_TOKEN_ENDPOINT,
+    CISCOSMA_RELEASE_MESSAGES_ENDPOINT,
     CISCOSMA_SEARCH_MESSAGES_ENDPOINT,
     CISCOSMA_SEARCH_TRACKING_MESSAGES_ENDPOINT,
     CISCOSMA_VALID_FILTER_OPERATORS,
@@ -252,6 +253,38 @@ def _handle_get_message_details(self, param):
 
         return action_result.set_status(phantom.APP_SUCCESS, "Successfully retrieved message details")
 
+    def _handle_release_email(self, param):
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        message_id = param.get("message_id")
+        if not message_id:
+            return action_result.set_status(phantom.APP_ERROR, "Parameter 'message_id' is required")
+
+        # TODO: Replace with validator function
+        try:
+            message_id = int(message_id)
+        except ValueError:
+            return action_result.set_status(phantom.APP_ERROR, "Parameter 'message_id' must be a valid integer")
+
+        payload = {"action": "release", "quarantineType": "spam", "mids": [message_id]}
+
+        ret_val, response = self._make_authenticated_request(action_result, CISCOSMA_RELEASE_MESSAGES_ENDPOINT, json_data=payload, method="post")
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        try:
+            release_data = response.get("data", {})
+            action_result.add_data(release_data)
+
+            summary = {"total_released": release_data.get("totalCount", 0), "action": release_data.get("action")}
+            action_result.update_summary(summary)
+
+        except Exception as e:
+            return action_result.set_status(phantom.APP_ERROR, f"Error parsing response: {str(e)}")
+
+        return action_result.set_status(phantom.APP_SUCCESS, "Successfully released message")
+
     def _handle_search_tracking_messages(self, param):
         action_result = self.add_action_result(ActionResult(dict(param)))
 
@@ -358,6 +391,7 @@ def handle_action(self, param):
             "get_message_tracking_details": self._handle_get_message_tracking_details,
             "search_quarantine_messages": self._handle_search_quarantine_messages,
             "search_tracking_messages": self._handle_search_tracking_messages,
+            "release_email": self._handle_release_email,
         }
 
         action = self.get_action_identifier()
diff --git a/ciscosma_consts.py b/ciscosma_consts.py
index f4130df..b7e14b5 100644
--- a/ciscosma_consts.py
+++ b/ciscosma_consts.py
@@ -24,6 +24,7 @@
 CISCOSMA_GET_MESSAGE_TRACKING_DETAILS_ENDPOINT = "/sma/api/v2.0/message-tracking/details"
 CISCOSMA_SEARCH_MESSAGES_ENDPOINT = "/sma/api/v2.0/quarantine/messages"
 CISCOSMA_SEARCH_TRACKING_MESSAGES_ENDPOINT = "/sma/api/v2.0/message-tracking/messages"
+CISCOSMA_RELEASE_MESSAGES_ENDPOINT = "/api/v2.0/quarantine/messages"
 
 # Future endpoints
 # GET /api/v2.0/reporting/report?resource_attribute