Base class for policy scanner rules engines.

Loads YAML rules either from local file system or Cloud Storage bucket.

class BaseRuleBook[source]

Bases: object

Base class for RuleBooks.

The RuleBook class encapsulates the logic for how the RulesEngine will lookup rules and find policy discrepancies. The actual structure of the RuleBook depends on how rules should be applied. For example, Organization resource rules would be applied in a hierarchical manner.

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 190
_abc_registry = <_weakrefset.WeakSet object>
add_rule(rule_def, rule_index)[source]

Add rule to rule book.

  • rule_def (dict) – Add a rule definition to the rule book.
  • rule_index (int) – The index of the rule.

NotImplementedError – The method should be defined in subclass.

class BaseRulesEngine(rules_file_path=None, snapshot_timestamp=None)[source]

Bases: object

The base class for the rules engine.


Load the rule definitions file from GCS or local filesystem.

Returns:The parsed dict from the rule definitions file.
Return type:dict

Build RuleBook from the rules definition file.

Parameters:global_configs (dict) – The global Forseti configuration.
Raises:NotImplementedError – The method should be defined in subclass.