google.cloud.forseti.services.inventory.base.cai_gcp_client module

Cloud Asset and GCP API hybrid client fassade.

class CaiApiClientImpl(config, engine, parallel, session)[source]

Bases: google.cloud.forseti.services.inventory.base.gcp.ApiClientImpl

The gcp api client Implementation

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 203
_abc_registry = <_weakrefset.WeakSet object>
_iter_compute_resources(asset_type, project_number)[source]

Iterate Compute resources from Cloud Asset data.

Parameters:
  • asset_type (str) – The Compute asset type to iterate.
  • project_number (str) – number of the project to query.
Returns:

A generator of resources from Cloud Asset data.

Return type:

generator

fetch_bigquery_dataset_policy(project_id, project_number, dataset_id)[source]

Dataset policy Iterator for a dataset from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
  • dataset_id (str) – id of the dataset to query.
Returns:

Dataset Policy.

Return type:

dict

fetch_bigquery_iam_policy(project_id, project_number, dataset_id)[source]

Gets IAM policy of a bigquery dataset from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
  • dataset_id (str) – id of the dataset to query.
Returns:

Dataset IAM Policy.

Return type:

dict

fetch_billing_account_iam_policy(account_id)[source]

Gets IAM policy of a Billing Account from Cloud Asset data.

Parameters:account_id (str) – id of the billing account to get policy.
Returns:Billing Account IAM policy.
Return type:dict
fetch_crm_folder(folder_id)[source]

Fetch Folder data from Cloud Asset data.

Parameters:folder_id (str) – id of the folder to query.
Returns:Folder resource.
Return type:dict
fetch_crm_folder_iam_policy(folder_id)[source]

Folder IAM policy in a folder from Cloud Asset data.

Parameters:folder_id (str) – id of the folder to get policy.
Returns:Folder IAM policy.
Return type:dict
fetch_crm_organization(org_id)[source]

Fetch Organization data from Cloud Asset data.

Parameters:org_id (str) – id of the organization to get.
Returns:Organization resource.
Return type:dict
fetch_crm_organization_iam_policy(org_id)[source]

Organization IAM policy from Cloud Asset data.

Parameters:org_id (str) – id of the organization to get policy.
Returns:Organization IAM policy.
Return type:dict
fetch_crm_project(project_number)[source]

Fetch Project data from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Returns:Project resource.
Return type:dict
fetch_crm_project_iam_policy(project_number)[source]

Project IAM policy from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Returns:Project IAM Policy.
Return type:dict
fetch_dataproc_cluster_iam_policy(cluster)[source]

Fetch Dataproc Cluster IAM Policy from Cloud Asset data.

Parameters:cluster (str) – The Dataproc cluster to query, must be in the format projects/{PROJECT_ID}/regions/{REGION}/clusters/{CLUSTER_NAME}
Returns:Cluster IAM policy.
Return type:dict
fetch_gae_app(project_id)[source]

Fetch the AppEngine App from Cloud Asset data.

Parameters:project_id (str) – id of the project to query
Returns:AppEngine App resource.
Return type:dict
fetch_iam_serviceaccount_iam_policy(name, unique_id)[source]

Service Account IAM policy from Cloud Asset data.

Parameters:
  • name (str) – The service account name to query, must be in the format projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}
  • unique_id (str) – The unique id of the service account.
Returns:

Service Account IAM policy.

Return type:

dict

fetch_kms_cryptokey_iam_policy(cryptokey)[source]

Fetch KMS Cryptokey IAM Policy from Cloud Asset data.

Parameters:cryptokey (str) – The KMS cryptokey to query, must be in the format projects/{PROJECT_ID}/locations/{LOCATION}/keyRings/{RING_NAME}/ cryptoKeys/{CRYPTOKEY_NAME}
Returns:KMS Cryptokey IAM policy
Return type:dict
fetch_kms_keyring_iam_policy(keyring)[source]

Fetch KMS Keyring IAM Policy from Cloud Asset data.

Parameters:keyring (str) – The KMS keyring to query, must be in the format projects/{PROJECT_ID}/locations/{LOCATION}/keyRings/{RING_NAME}
Returns:KMS Keyring IAM policy
Return type:dict
fetch_pubsub_subscription_iam_policy(name)[source]

PubSub Subscription IAM policy from Cloud Asset data.

Parameters:name (str) – The pubsub topic to query, must be in the format projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}
Returns:PubSub Topic IAM policy
Return type:dict
fetch_pubsub_topic_iam_policy(name)[source]

PubSub Topic IAM policy from Cloud Asset data.

Parameters:name (str) – The pubsub topic to query, must be in the format projects/{PROJECT_ID}/topics/{TOPIC_NAME}
Returns:PubSub Topic IAM policy
Return type:dict
fetch_storage_bucket_acls(bucket_id, project_id, project_number)[source]

Bucket Access Controls from GCP API.

Parameters:
  • bucket_id (str) – id of the bucket to query.
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Returns:

Bucket Access Controls.

Return type:

list

fetch_storage_bucket_iam_policy(bucket_id)[source]

Bucket IAM policy Iterator from Cloud Asset data.

Parameters:bucket_id (str) – id of the bucket to query
Returns:Bucket IAM policy
Return type:dict
iter_bigquery_datasets(project_number)[source]

Iterate Datasets from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of datasets.
iter_billing_accounts()[source]

Iterate Billing Accounts in an organization from Cloud Asset data.

Yields:dict – Generator of billing accounts.
iter_cloudsql_instances(project_id, project_number)[source]

Iterate Cloud sql instances from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Yields:

dict – Generator of cloudsql instances.

iter_compute_autoscalers(project_number)[source]

Iterate Autoscalers from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of autoscaler resources.
iter_compute_backendbuckets(project_number)[source]

Iterate Backend buckets from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of backend bucket resources.
iter_compute_backendservices(project_number)[source]

Iterate Backend services from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of backend service.
iter_compute_disks(project_number)[source]

Iterate Compute Engine disks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Disk.
iter_compute_firewalls(project_number)[source]

Iterate Compute Engine Firewalls from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Engine Firewall.
iter_compute_forwardingrules(project_number)[source]

Iterate Forwarding Rules from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of forwarding rule resources.
iter_compute_healthchecks(project_number)[source]

Iterate Health checks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of health check resources.
iter_compute_httphealthchecks(project_number)[source]

Iterate HTTP Health checks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of HTTP health check resources.
iter_compute_httpshealthchecks(project_number)[source]

Iterate HTTPS Health checks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of HTTPS health check resources.
iter_compute_ig_managers(project_number)[source]

Iterate Instance Group Manager from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of instance group manager resources.
iter_compute_images(project_number)[source]

Iterate Images from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of image resources.
iter_compute_instancegroups(project_number)[source]

Iterate Compute Engine groups from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Instance group.
iter_compute_instances(project_number)[source]

Iterate compute engine instance from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Engine Instance resources.
iter_compute_instancetemplates(project_number)[source]

Iterate Instance Templates from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of instance template resources.
iter_compute_licenses(project_number)[source]

Iterate Licenses from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of license resources.
iter_compute_networks(project_number)[source]

Iterate Networks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of network resources.
iter_compute_project(project_number)[source]

Iterate Project from Cloud Asset data.

Will only ever return up to 1 result. Ensures compatibility with other resource iterators.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of compute project resources.
iter_compute_routers(project_number)[source]

Iterate Compute Engine routers from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Routers.
iter_compute_snapshots(project_number)[source]

Iterate Compute Engine snapshots from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Snapshots.
iter_compute_sslcertificates(project_number)[source]

Iterate SSL certificates from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of ssl certificate resources.
iter_compute_subnetworks(project_number)[source]

Iterate Subnetworks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of subnetwork resources.
iter_compute_targethttpproxies(project_number)[source]

Iterate Target HTTP proxies from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target http proxy resources.
iter_compute_targethttpsproxies(project_number)[source]

Iterate Target HTTPS proxies from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target https proxy resources.
iter_compute_targetinstances(project_number)[source]

Iterate Target Instances from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target instance resources.
iter_compute_targetpools(project_number)[source]

Iterate Target Pools from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target pool resources.
iter_compute_targetsslproxies(project_number)[source]

Iterate Target SSL proxies from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target ssl proxy resources.
iter_compute_targettcpproxies(project_number)[source]

Iterate Target TCP proxies from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target tcp proxy resources.
iter_compute_targetvpngateways(project_number)[source]

Iterate Target VPN Gateways from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target tcp proxy resources.
iter_compute_urlmaps(project_number)[source]

Iterate URL maps from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of url map resources.
iter_compute_vpntunnels(project_number)[source]

Iterate VPN tunnels from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of vpn tunnel resources.
iter_container_clusters(project_number)[source]

Iterate Kubernetes Engine Cluster from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Kubernetes Engine Cluster resources.
iter_crm_folders(parent_id)[source]

Iterate Folders from Cloud Asset data.

Parameters:parent_id (str) – id of the parent of the folder
Yields:dict – Generator of folders
iter_crm_projects(parent_type, parent_id)[source]

Iterate Projects from Cloud Asset data.

Parameters:
  • parent_type (str) – type of the parent, “folder” or “organization”.
  • parent_id (str) – id of the parent of the folder.
Yields:

dict – Generator of Project resources

iter_dataproc_clusters(project_id, region=None)[source]

Iterate Dataproc clusters from GCP API.

Parameters:
  • project_id (str) – id of the project to query.
  • region (str) – The region to query. Not required when using Cloud Asset API.
Yields:

dict – Generator of Cluster resources.

iter_dns_managedzones(project_number)[source]

Iterate CloudDNS Managed Zones from Cloud Asset data.

Parameters:project_number (str) – number of the parent project.
Yields:dict – Generator of ManagedZone resources
iter_dns_policies(project_number)[source]

Iterate CloudDNS Policies from Cloud Asset data.

Parameters:project_number (str) – number of the parent project of the policy.
Yields:dict – Generator of ManagedZone resources
iter_gae_services(project_id)[source]

Iterate gae services from Cloud Asset data.

Parameters:project_id (str) – id of the project to query
Yields:dict – Generator of AppEngine Service resources.
iter_gae_versions(project_id, service_id)[source]

Iterate gae versions from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query
  • service_id (str) – id of the appengine service
Yields:

dict – Generator of AppEngine Version resources.

iter_iam_organization_roles(org_id)[source]

Iterate Organization roles from Cloud Asset data.

Parameters:org_id (str) – id of the organization to get.
Yields:dict – Generator of organization role.
iter_iam_project_roles(project_id, project_number)[source]

Iterate Project roles in a project from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Yields:

dict – Generator of project roles.

iter_iam_serviceaccounts(project_id, project_number)[source]

Iterate Service Accounts in a project from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Yields:

dict – Generator of service account.

iter_kms_cryptokeys(parent)[source]

Iterate KMS Cryptokeys in a keyring from Cloud Asset data.

Parameters:parent (str) – The KMS keyring to query, must be in the format projects/{PROJECT_ID}/locations/{LOCATION}/keyRings/{RING_NAME}
Yields:dict – Generator of KMS Cryptokey resources
iter_kms_cryptokeyversions(parent)[source]

Iterate KMS Cryptokey Versions from Cloud Asset data.

Parameters:parent (str) – The KMS keyring to query, must be in the format projects/{PROJECT_ID}/locations/{LOCATION}/keyRings/{RING_NAME}/ cryptoKeys/{CRYPTOKEY_NAME}
Yields:dict – Generator of KMS Cryptokeyversion resources
iter_kms_keyrings(project_id, location=None)[source]

Iterate KMS Keyrings in a project from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • location (str) – The location to query. Not required when using Cloud Asset API.
Yields:

dict – Generator of KMS Keyring resources

iter_pubsub_subscriptions(project_id, project_number)[source]

Iterate PubSub subscriptions from GCP API.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Yields:

dict – Generator of Pubsub Subscription resources

iter_pubsub_topics(project_id, project_number)[source]

Iterate PubSub topics from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Yields:

dict – Generator of Pubsub Topic resources

iter_spanner_databases(parent)[source]

Iterate Spanner Databases from Cloud Asset data.

Parameters:parent (str) – parent spanner instance to query.
Yields:dict – Generator of Spanner Database resources
iter_spanner_instances(project_number)[source]

Iterate Spanner Instances from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Spanner Instance resources
iter_storage_buckets(project_number)[source]

Iterate Buckets from GCP API.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of buckets.
session

Return a thread local CAI read only session object.

Returns:A thread local Session.
Return type:object
_fixup_resource_keys(resource, key_map, only_fixup_lists=False)[source]

Correct different attribute names between CAI and json representation.

Parameters:
  • resource (dict) – The resource dictionary to scan for keys in the key_map.
  • key_map (dict) – A map of bad_key:good_key pairs, any instance of bad_key in the resource dict is replaced with an instance of good_key.
  • only_fixup_lists (bool) – If true, only keys that have values which are lists will be fixed. This allows the case where there is the same key used for both a scalar entry and a list entry, and only the list entry should change to the different key.
Returns:

A resource dict with all bad keys replaced with good keys.

Return type:

dict