google.cloud.forseti.scanner.audit.lien_rules_engine module

Rules engine for Liens.

class LienRuleBook(rule_defs=None)[source]

Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRuleBook

The RuleBook for Lien resources.

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 190
_abc_registry = <_weakrefset.WeakSet object>
classmethod _build_rule(rule_def, rule_index)[source]

Build a rule.

Parameters:
  • rule_def (dict) – A dictionary containing rule definition properties.
  • rule_index (int) – The index of the rule from the rule definitions. Assigned automatically when the rule book is built.
Returns:

rule for the given definition.

Return type:

Rule

add_rule(rule_def, rule_index)[source]

Add a rule to the rule book.

Parameters:
  • rule_def (dict) – A dictionary containing rule definition properties.
  • rule_index (int) – The index of the rule from the rule definitions. Assigned automatically when the rule book is built.
add_rules(rule_defs)[source]

Add rules to the rule book.

Parameters:rule_defs (dict) – rule definitions dictionary.
find_violations(parent_resource, liens)[source]

Find lien violations in the rule book.

Parameters:
  • parent_resource (Resource) – The GCP resource associated with the liens. This is where we start looking for rule violations and we move up the resource hierarchy (if permitted by the resource’s “inherit_from_parents” property).
  • liens (List[Lien]) – The liens to look for violations.
Yields:

RuleViolation – lien rule violations.

class LienRulesEngine(rules_file_path, snapshot_timestamp=None)[source]

Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRulesEngine

Rules engine for Liens.

add_rules(rule_defs)[source]

Add rules to the rule book.

Parameters:rule_defs (dict) – rule definitions dictionary
build_rule_book(global_configs=None)[source]

Build LienRuleBook from the rules definition file.

Parameters:global_configs (dict) – Global configurations.
find_violations(parent_resource, liens, force_rebuild=False)[source]

Determine whether Big Query datasets violate rules.

Parameters:
  • parent_resource (Resource) – parent resource the lien belongs to.
  • liens (List[Lien]) – liens to find violations for.
  • force_rebuild (bool) – If True, rebuilds the rule book. This will reload the rules definition file and add the rules to the book.
Returns:

A generator of rule violations.

Return type:

generator

class Rule(name, index, restrictions)[source]

Bases: object

Rule properties from the rule definition file. Also finds violations.

find_violations(parent_resource, restrictions)[source]

Find violations for this rule against the given resource.

Parameters:
  • parent_resource (Resource) – The GCP resource associated with the liens.
  • restrictions (Iterable[str]) – The restrictions to check.
Yields:

RuleViolation – lien rule violation.

class RuleViolation(resource_id, resource_name, resource_type, full_name, rule_index, rule_name, violation_type, resource_data)

Bases: tuple

__getnewargs__()

Return self as a plain tuple. Used by copy and pickle.

__getstate__()

Exclude the OrderedDict from pickling

__repr__()

Return a nicely formatted representation string

_asdict()

Return a new OrderedDict which maps field names to their values

_fields = ('resource_id', 'resource_name', 'resource_type', 'full_name', 'rule_index', 'rule_name', 'violation_type', 'resource_data')
classmethod _make(iterable, new=<built-in method __new__ of type object>, len=<built-in function len>)

Make a new RuleViolation object from a sequence or iterable

_replace(**kwds)

Return a new RuleViolation object replacing specified fields with new values

full_name
resource_data
resource_id
resource_name
resource_type
rule_index
rule_name
violation_type