google.cloud.forseti.scanner.scanners.groups_settings_scanner module

Scanner for the GroupsSettings rules engine.

class GroupsSettingsScanner(global_configs, scanner_configs, service_config, model_name, snapshot_timestamp, rules)[source]

Bases: google.cloud.forseti.scanner.scanners.base_scanner.BaseScanner

Scanner for GroupsSettings data.

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 207
_abc_registry = <_weakrefset.WeakSet object>
_find_violations(all_groups_settings, iam_groups_settings)[source]

Find violations in the settings.

Parameters:
  • all_groups_settings (list) – GroupsSettings list to find violations
  • in.
  • iam_groups_settings (list) – GroupsSettings list for only those
  • settings that have at least 1 iam policy, to find violations (groups) –
  • in.
Returns:

All violations.

Return type:

list

static _flatten_violations(violations)[source]

Flatten RuleViolations into a dict for each RuleViolation member.

Parameters:violations (list) – The RuleViolations to flatten.
Yields:dict – Iterator of RuleViolations as a dict per member.
_output_results(all_violations)[source]

Output results.

Parameters:all_violations (list) – All violations.
_retrieve()[source]

Runs the data collection.

Returns:2 lists of GroupsSettings objects, 1 only for settings that have iam policies and 1 with all groups settings.
Return type:tupl
Raises:ValueError – if resources have an unexpected type.
run()[source]

Run, the entry point for this scanner.