google.cloud.forseti.enforcer.enforcer module

Enforcer runner.

Usage for enforcing a single project’s firewall:

$ forseti_enforcer –enforce_project <project_id>
–policy_file <policy file path>
exception Error[source]

Bases: Exception

Base error class for the module.

exception InvalidParsedPolicyFileError[source]

Bases: google.cloud.forseti.enforcer.enforcer.Error

An invalid policy file was parsed.

enforce_single_project(enforcer, project_id, policy_filename)[source]

Runs the enforcer on a single project.

Parameters:
  • enforcer (BatchFirewallEnforcer) – An instance of the batch_enforcer.BatchFirewallEnforcer class.
  • project_id (str) – The project to enforce.
  • policy_filename (str) – The json encoded file to read the firewall policy from.
Raises:

InvalidParsedPolicyFileError – When the policy file can’t be parsed.

Returns:

A instance of the proto.

Return type:

EnforcerLogProto

initialize_batch_enforcer(global_configs, concurrent_threads, max_write_threads, max_running_operations, dry_run)[source]

Initialize and return a BatchFirewallEnforcer object.

Parameters:
  • global_configs (dict) – Global configurations.
  • concurrent_threads (str) – The number of parallel enforcement threads to execute.
  • max_write_threads (str) – The maximum number of enforcement threads that can be actively updating project firewalls.
  • max_running_operations (str) – [DEPRECATED] The maximum number of write operations per enforcement thread.
  • dry_run (boolean) – If True, will simply log what action would have been taken without actually applying any modifications.
Returns:

A BatchFirewallEnforcer instance.

Return type:

BatchFirewallEnforcer

main()[source]

The main entry point for Forseti Security Enforcer runner.