google.cloud.forseti.services.client module

Forseti gRPC client.

class ClientComposition(endpoint='localhost:50051', ping=False)[source]

Bases: object

Client composition class.

Most convenient to use since it comprises the common use cases among the different services.

DEFAULT_ENDPOINT = 'localhost:50051'
delete_model(model_name)[source]

Delete a model. Deletes all associated data.

Parameters:model_name (str) – the handle of the data model to delete
Returns:the returned proto message of deleting model
Return type:proto
get_model(model)[source]

Get the details of a model by name or handle

Parameters:model (str) – the name or the handle for the data model to query
Returns:the returned proto message of get model
Return type:proto
list_models()[source]

List existing models.

Returns:the returned proto message of list_models
Return type:proto
new_model(source, name, inventory_index_id=0, background=False)[source]

Create a new model from the specified source.

Parameters:
  • source (str) – the source to create the model, either EMPTY or INVENTORY.
  • name (str) – the name for the model.
  • inventory_index_id (int64) – the index id of the inventory to import from.
  • background (bool) – whether to run in background.
Returns:

the returned proto message of creating model

Return type:

proto

switch_model(model_name)[source]

Switch the client into using a model.

Parameters:model_name (str) – the handle of the data model to switch to
class ClientConfig[source]

Bases: dict

Provide access to client configuration data.

handle()[source]

Return currently active handle.

Returns:The data model handle of client configuration.
Return type:str
class ExplainClient(config)[source]

Bases: google.cloud.forseti.services.client.ForsetiClient

Explain service allows the client to reason about a model.

Explain provides the following functionality:
  • List access by resource/member
  • Provide information on why a member has access
  • Provide recommendations on how to provide access
check_iam_policy(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

explain_denied(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

explain_granted(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

get_iam_policy(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

is_available()[source]

Checks if the ‘Explain’ service is available by performing a ping.

Returns:whether the “Inventory” service is available
Return type:bool
list_members(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

list_resources(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

list_roles(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

query_access_by_members(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

query_access_by_permissions(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

query_access_by_resources(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

query_permissions_by_roles(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

class ForsetiClient(config)[source]

Bases: object

Client base class.

metadata()[source]

Create default metadata for gRPC call.

Returns:the default metada for gRPC call
Return type:list
class InventoryClient(config)[source]

Bases: google.cloud.forseti.services.client.ForsetiClient

Inventory service allows the client to create GCP inventory.

Inventory provides the following functionality:
  • Create a new inventory and optionally import it
  • Manage your inventory using List/Get/Delete
create(background=False, import_as=None, enable_debug=False)[source]

Creates a new inventory, with an optional import.

Parameters:
  • background (bool) – whether to run in background
  • import_as (str) – the name of the data model to create after inventory is created
  • enable_debug (bool) – whether to emit additional information for debugging
Returns:

the returned proto message of create inventory

Return type:

proto

delete(inventory_index_id)[source]

Delete an inventory.

Parameters:inventory_index_id (int64) – the index id of the inventory to delete.
Returns:the returned proto message of delete inventory.
Return type:proto
get(inventory_index_id)[source]

Returns all information about a particular inventory.

Parameters:inventory_index_id (int) – the index id of the inventory to query.
Returns:the returned proto message of get inventory.
Return type:proto
is_available()[source]

Checks if the ‘Inventory’ service is available by performing a ping.

Returns:whether the “Inventory” service is available
Return type:bool
list()[source]

Lists all available inventory.

Returns:the returned proto message of list inventory
Return type:proto
purge(retention_days)[source]

Purge all inventory data older than the retention days.

Parameters:retention_days (str) – Days of inventory data to retain.
Returns:the returned proto message of purge inventory.
Return type:proto
class ModelClient(config)[source]

Bases: google.cloud.forseti.services.client.ForsetiClient

Model service allows the client to create models from inventory.

Model provides the following functionality:
  • Create a new model by importing from inventory or create an empty
  • List/Delete functionality on models
delete_model(model_name)[source]

Delete a model, deletes all corresponding data.

Parameters:model_name (str) – the handle of the data model to delete
Returns:the returned proto message of deleting model
Return type:proto
get_model(model)[source]

Get the details of a model by name or handle.

Parameters:model (str) – the name or the handle for the data model to query
Returns:the returned proto message of get model
Return type:proto
is_available()[source]

Checks if the ‘Model’ service is available by performing a ping.

Returns:whether the “Inventory” service is available
Return type:bool
list_models()[source]

List existing models in the service.

Returns:the returned proto message of list_models
Return type:proto
new_model(source, name, inventory_index_id=0, background=True)[source]

Creates a new model, reply contains the handle.

Parameters:
  • source (str) – the source to create the model, either EMPTY or INVENTORY.
  • name (str) – the name for the model.
  • inventory_index_id (int64) – the index id of the inventory to import from.
  • background (bool) – whether to run in background.
Returns:

the returned proto message of creating model

Return type:

proto

exception ModelNotSetError[source]

Bases: exceptions.Exception

ModelNotSetError.

class NotifierClient(config)[source]

Bases: google.cloud.forseti.services.client.ForsetiClient

Notifier service allows the client to send violation notifications.

is_available()[source]

Checks if the ‘Notifier’ service is available by performing a ping.

Returns:whether the “Inventory” service is available
Return type:bool
run(inventory_index_id, scanner_index_id)[source]

Runs the notifier.

Parameters:
  • inventory_index_id (int64) – Inventory Index Id.
  • scanner_index_id (int64) – Scanner Index Id.
Returns:

the returned proto message.

Return type:

proto

class ScannerClient(config)[source]

Bases: google.cloud.forseti.services.client.ForsetiClient

Scanner service allows the client to scan a model.

is_available()[source]

Checks if the ‘Scanner’ service is available by performing a ping.

Returns:whether the service is available
Return type:bool
run(**kwargs)[source]

Function wrapper to perform model handle existence check.

Parameters:
  • args – args to be passed to the function
  • kwargs – kwargs to be passed to the function
Returns:

Results of executing f if model handle exists

Return type:

object

Raises:

ModelNotSetError – Model handle not set

class ServerConfigClient(config)[source]

Bases: google.cloud.forseti.services.client.ForsetiClient

Allows the client to update the server configuration.

get_log_level()[source]

Gets the current log level.

Returns:the returned proto message.
Return type:proto
get_server_configuration()[source]

Get the server configuration.

Returns:the returned proto message.
Return type:proto
is_available()[source]

Checks if the ‘Server Config’ service is available by performing a ping.

Returns:whether the service is available
Return type:bool
reload_server_configuration(config_file_path=None)[source]

Reload the server configuration.

Parameters:config_file_path (str) – Forseti configuration file path.
Returns:the returned proto message.
Return type:proto
set_log_level(log_level)[source]

Sets the log level.

Parameters:log_level (str) – The updated log level.
Returns:the returned proto message.
Return type:proto
require_model(f)[source]

Decorator to perform check that the model handle exists in the service.

Parameters:f (func) – The model handle should exists when executing function f
Returns:Function wrapper to perform model handle existence check.
Return type:wrapper