External project access scanner.
ExternalProjectAccessScanner
(global_configs, scanner_configs, service_config, model_name, snapshot_timestamp, rules)[source]¶Bases: google.cloud.forseti.scanner.scanners.base_scanner.BaseScanner
Scanner for external project access.
_abc_cache
= <_weakrefset.WeakSet object>¶_abc_negative_cache
= <_weakrefset.WeakSet object>¶_abc_negative_cache_version
= 207¶_abc_registry
= <_weakrefset.WeakSet object>¶_find_violations
(ancestries_by_user)[source]¶Find violations in the policies.
Parameters: | ancestries_by_user (dict) – The project ancestries collected from the scanner |
---|---|
Returns: | A list of ExternalProjectAccess violations |
Return type: | list |
_flatten_violations
(violations)[source]¶Flatten RuleViolations into a dict for each RuleViolation member.
Parameters: | violations (list) – The RuleViolations to flatten. |
---|---|
Yields: | dict – Iterator of RuleViolations as a dict per member. |
_get_crm_client
(user_email)[source]¶Get a user scoped CloudResourceManagerClient.
Parameters: | user_email (str) – The e-mail address of the user. |
---|---|
Returns: | crm client |
Return type: | CloudResourceManagerClient |
_output_results
(all_violations)[source]¶Output results.
Parameters: | all_violations (list) – A list of violations. |
---|
_retrieve
()[source]¶Retrieve the project ancestries for all users.
Returns: | User project relationship.
{“user1@example.com”: [[Project(“1234”), Organization(“1234567”)],
|
---|---|
Return type: | dict |
_get_inventory_storage
(session, inventory_index_id)[source]¶Creates an open inventory.
Parameters: |
|
---|---|
Returns: | storage object |
Return type: |
extract_project_ids
(crm_client)[source]¶Extract a list of project ID’s
Parameters: | crm_client (CloudResourceManagerClient) – An authenticated CRM client |
---|---|
Returns: | Project ID’s as strings |
Return type: | list |
get_project_ancestries
(crm_client, project_id_list)[source]¶Get the ancestries from a list of project ID’s
Parameters: |
|
---|---|
Returns: |
|
Return type: | list |
get_user_emails
(service_config, member_types=None)[source]¶Retrieves the list of user email addresses from inventory.
Parameters: |
|
---|---|
Returns: | List of list of user e-mail addresses. |
Return type: | list |