google.cloud.forseti.services.scanner.dao module

Database access objects for Forseti Scanner.

class ScannerIndex(**kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base

Represents a scanner run.

__repr__()[source]

Object string representation.

Returns:String representation of the object.
Return type:str
_sa_class_manager = {'completed_at_datetime': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e570>, 'created_at_datetime': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e4c0>, 'id': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e360>, 'inventory_index_id': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e410>, 'message': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e8e0>, 'scanner_index_errors': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e830>, 'scanner_index_warnings': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e780>, 'scanner_status': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e620>, 'schema_version': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525e6d0>}
add_warning(session, warning)[source]

Add a warning to the scanner.

Parameters:
  • session (object) – session object to work on.
  • warning (str) – Warning message
complete(status='SUCCESS')[source]

Mark the scanner as completed with a final scanner_status.

Parameters:status (str) – Final scanner_status.
completed_at_datetime
classmethod create(inv_index_id)[source]

Create a new scanner index row.

Parameters:inv_index_id (str) – Id of the inventory index.
Returns:ScannerIndex row object.
Return type:object
created_at_datetime
id
inventory_index_id
message
scanner_index_errors
scanner_index_warnings
scanner_status
schema_version
set_error(session, message)[source]

Indicate a broken scanner run.

Parameters:
  • session (object) – session object to work on.
  • message (str) – Error message to set.
class Violation(**kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base

Row entry for a violation.

__repr__()[source]

String representation.

Returns:string representation of the Violation row entry.
Return type:str
_sa_class_manager = {'created_at_datetime': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525eb48>, 'full_name': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525ebf8>, 'id': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525ea40>, 'resource_data': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525eca8>, 'resource_id': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525ee08>, 'resource_name': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525ed58>, 'resource_type': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525eeb8>, 'rule_index': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f525ef68>, 'rule_name': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f51b9048>, 'scanner_index_id': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f51b90f8>, 'violation_data': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f51b91a8>, 'violation_hash': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f51b9258>, 'violation_message': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f51b9308>, 'violation_type': <sqlalchemy.orm.attributes.InstrumentedAttribute object at 0x7f24f51b93b8>}
created_at_datetime
full_name
static get_schema_update_actions()[source]

Maintain all the schema changes for this table.

Returns:A mapping of Action: Column.
Return type:dict
id
resource_data
resource_id
resource_name
resource_type
rule_index
rule_name
scanner_index_id
violation_data
violation_hash
violation_message
violation_type
class ViolationAccess(session)[source]

Bases: object

Facade for violations, implement APIs against violations table.

create(violations, scanner_index_id)[source]

Save violations to the db table.

Parameters:
  • violations (list) – A list of violations.
  • scanner_index_id (int) – id of the ScannerIndex row for this scanner run.
list(inv_index_id=None, scanner_index_id=None)[source]

List all violations from the db table.

If
  • neither index is passed we return all violations.
  • the inv_index_id is passed the violations from all scanner runs for that inventory index will be returned.
  • the scanner_index_id is passed the violations from that specific scanner run will be returned.

NOTA BENE: do NOT call this method with both indices!

Parameters:
  • inv_index_id (str) – Id of the inventory index.
  • scanner_index_id (int) – Id of the scanner index.
Returns:

List of Violation row entry objects.

Return type:

list

Raises:

ValueError – if called with both the inventory and the scanner index

_create_violation_hash(violation_full_name, resource_data, violation_data)[source]

Create a hash of violation data.

Parameters:
  • violation_full_name (str) – The full name of the violation.
  • resource_data (str) – The inventory data.
  • violation_data (dict) – A violation.
Returns:

The resulting hex digest or ‘’ if we can’t successfully create a hash.

Return type:

str

convert_sqlalchemy_object_to_dict(sqlalchemy_obj)[source]

Convert a sqlalchemy row/record object to a dictionary.

Parameters:sqlalchemy_obj (sqlalchemy_object) – A sqlalchemy row/record object
Returns:A dict of sqlalchemy object’s attributes.
Return type:dict
get_latest_scanner_index_id(session, inv_index_id, index_state=None)[source]

Return last ScannerIndex row with the given state or None.

Either return the latest ScannerIndex row where the scanner_status matches the given index_state parameter (if passed) or the latest row that represents a (partially) successful scanner run.

Parameters:
  • session (object) – session object to work on.
  • inv_index_id (str) – Id of the inventory index.
  • index_state (str) – we want the latest ScannerIndex with this state
Returns:

the latest ScannerIndex row or None

Return type:

sqlalchemy_object

initialize(engine)[source]

Create all tables in the database if not existing.

Parameters:engine (object) – Database engine to operate on.
map_by_resource(violation_rows)[source]

Create a map of violation types to violations of that resource.

Parameters:violation_rows (list) – A list of dict of violation data.
Returns:
A dict of violation types mapped to the list of corresponding
violation types, i.e. { resource => [violation_data…] }.
Return type:dict