google.cloud.forseti.scanner.audit.forwarding_rule_rules_engine module

Rules engine for forwarding rules engine

class ForwardingRuleRulesBook(rule_defs=None)[source]

Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRuleBook

The RuleBook for forwarding rules resources.

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 207
_abc_registry = <_weakrefset.WeakSet object>
add_rule(rule_def, rule_index)[source]

Add a rule to the rule book.

Parameters:
  • rule_def (dict) – A dictionary containing rule definition properties.
  • rule_index (int) – The index of the rule from the rule definitions. Assigned automatically when the rule book is built.
Raises:

InvalidRulesSchemaError – if rule has format error

add_rules(rule_defs)[source]

Add rules to the rule book

Parameters:rule_defs (dict) – list of rules and their index number
get_resource_rules()[source]

Get all the resource_rules as a list from the resource_rules_map

Returns:A list of ResourceRules.
Return type:list
class ForwardingRuleRulesEngine(rules_file_path, snapshot_timestamp=None)[source]

Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRulesEngine

Rules engine for forwarding rules

class RuleViolation(violation_type, target, rule_index, load_balancing_scheme, port_range, resource_type, port, ip_protocol, ip_address, resource_id, full_name, resource_data)

Bases: tuple

__getnewargs__()

Return self as a plain tuple. Used by copy and pickle.

__getstate__()

Exclude the OrderedDict from pickling

__repr__()

Return a nicely formatted representation string

_asdict()

Return a new OrderedDict which maps field names to their values

_fields = ('violation_type', 'target', 'rule_index', 'load_balancing_scheme', 'port_range', 'resource_type', 'port', 'ip_protocol', 'ip_address', 'resource_id', 'full_name', 'resource_data')
classmethod _make(iterable, new=<built-in method __new__ of type object>, len=<built-in function len>)

Make a new RuleViolation object from a sequence or iterable

_replace(**kwds)

Return a new RuleViolation object replacing specified fields with new values

full_name
ip_address
ip_protocol
load_balancing_scheme
port
port_range
resource_data
resource_id
resource_type
rule_index
target
violation_type
add_rules(rules)[source]

Add rules to the rule book.

Parameters:rules (dict) – rule from file to be added to book
build_rule_book(global_configs=None)[source]

Build forwarding rules rule book from the rules definition file.

Parameters:global_configs (dict) – Global configurations.
find_policy_violations(forwarding_rule, force_rebuild=False)[source]

Determine whether forwarding rule violates rules.

Parameters:
  • forwarding_rule (ForwardingRule) – The one specific forwarding rule to be matched against all white list rules
  • force_rebuild (bool) – If True, rebuilds the rule book. This will reload the rules definition file and add the rules to the book.
Returns:

A rule violation tuple with all data about the forwarding rule that didnt pass a white list

Return type:

RuleViolation

class Rule(rule_name, rule_index, rules)[source]

Bases: object

Rule properties from the rule definition file. Also finds violations.

find_match(forwarding_rule)[source]

Find if the passed in forwarding rule matches any in the rule book

Parameters:forwarding_rule (ForwardingRule) – forwarding rule resource
Returns:
true if the forwarding rule matched at least 1 rule in the
rulebook
Return type:bool