Rules engine for Bucket acls.
BucketsRuleBook
(rule_defs=None)[source]¶Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRuleBook
The RuleBook for bucket acls resources.
_abc_cache
= <_weakrefset.WeakSet object>¶_abc_negative_cache
= <_weakrefset.WeakSet object>¶_abc_negative_cache_version
= 214¶_abc_registry
= <_weakrefset.WeakSet object>¶add_rule
(rule_def, rule_index)[source]¶Add a rule to the rule book.
Parameters: |
|
---|
BucketsRulesEngine
(rules_file_path, snapshot_timestamp=None)[source]¶Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRulesEngine
Rules engine for bucket acls.
add_rules
(rules)[source]¶Add rules to the rule book.
Parameters: | rules (dict) – rule definitions dictionary |
---|
build_rule_book
(global_configs=None)[source]¶Build BucketsRuleBook from the rules definition file.
Parameters: | global_configs (dict) – Global configurations. |
---|
find_violations
(buckets_acls, force_rebuild=False)[source]¶Determine whether bucket acls violates rules.
Parameters: |
|
---|---|
Returns: | A generator of rule violations. |
Return type: | generator |
Rule
(rule_name, rule_index, rules)[source]¶Bases: object
Rule properties from the rule definition file. Also finds violations.
RuleViolation
(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, entity, email, domain, bucket, project_id, resource_data, resource_name)¶Bases: tuple
__getnewargs__
()¶Return self as a plain tuple. Used by copy and pickle.
__new__
(_cls, resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, entity, email, domain, bucket, project_id, resource_data, resource_name)¶Create new instance of RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, entity, email, domain, bucket, project_id, resource_data, resource_name)
__repr__
()¶Return a nicely formatted representation string
_asdict
()¶Return a new OrderedDict which maps field names to their values.
_fields
= ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'role', 'entity', 'email', 'domain', 'bucket', 'project_id', 'resource_data', 'resource_name')¶_make
(iterable, new=<built-in method __new__ of type object>, len=<built-in function len>)¶Make a new RuleViolation object from a sequence or iterable
_replace
(**kwds)¶Return a new RuleViolation object replacing specified fields with new values
_source
= "from builtins import property as _property, tuple as _tuple\nfrom operator import itemgetter as _itemgetter\nfrom collections import OrderedDict\n\nclass RuleViolation(tuple):\n 'RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, entity, email, domain, bucket, project_id, resource_data, resource_name)'\n\n __slots__ = ()\n\n _fields = ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'role', 'entity', 'email', 'domain', 'bucket', 'project_id', 'resource_data', 'resource_name')\n\n def __new__(_cls, resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, entity, email, domain, bucket, project_id, resource_data, resource_name):\n 'Create new instance of RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, entity, email, domain, bucket, project_id, resource_data, resource_name)'\n return _tuple.__new__(_cls, (resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, entity, email, domain, bucket, project_id, resource_data, resource_name))\n\n @classmethod\n def _make(cls, iterable, new=tuple.__new__, len=len):\n 'Make a new RuleViolation object from a sequence or iterable'\n result = new(cls, iterable)\n if len(result) != 14:\n raise TypeError('Expected 14 arguments, got %d' % len(result))\n return result\n\n def _replace(_self, **kwds):\n 'Return a new RuleViolation object replacing specified fields with new values'\n result = _self._make(map(kwds.pop, ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'role', 'entity', 'email', 'domain', 'bucket', 'project_id', 'resource_data', 'resource_name'), _self))\n if kwds:\n raise ValueError('Got unexpected field names: %r' % list(kwds))\n return result\n\n def __repr__(self):\n 'Return a nicely formatted representation string'\n return self.__class__.__name__ + '(resource_type=%r, resource_id=%r, full_name=%r, rule_name=%r, rule_index=%r, violation_type=%r, role=%r, entity=%r, email=%r, domain=%r, bucket=%r, project_id=%r, resource_data=%r, resource_name=%r)' % self\n\n def _asdict(self):\n 'Return a new OrderedDict which maps field names to their values.'\n return OrderedDict(zip(self._fields, self))\n\n def __getnewargs__(self):\n 'Return self as a plain tuple. Used by copy and pickle.'\n return tuple(self)\n\n resource_type = _property(_itemgetter(0), doc='Alias for field number 0')\n\n resource_id = _property(_itemgetter(1), doc='Alias for field number 1')\n\n full_name = _property(_itemgetter(2), doc='Alias for field number 2')\n\n rule_name = _property(_itemgetter(3), doc='Alias for field number 3')\n\n rule_index = _property(_itemgetter(4), doc='Alias for field number 4')\n\n violation_type = _property(_itemgetter(5), doc='Alias for field number 5')\n\n role = _property(_itemgetter(6), doc='Alias for field number 6')\n\n entity = _property(_itemgetter(7), doc='Alias for field number 7')\n\n email = _property(_itemgetter(8), doc='Alias for field number 8')\n\n domain = _property(_itemgetter(9), doc='Alias for field number 9')\n\n bucket = _property(_itemgetter(10), doc='Alias for field number 10')\n\n project_id = _property(_itemgetter(11), doc='Alias for field number 11')\n\n resource_data = _property(_itemgetter(12), doc='Alias for field number 12')\n\n resource_name = _property(_itemgetter(13), doc='Alias for field number 13')\n\n"¶bucket
¶domain
¶email
¶entity
¶full_name
¶project_id
¶resource_data
¶resource_id
¶resource_name
¶resource_type
¶role
¶rule_index
¶rule_name
¶violation_type
¶find_violations
(bucket_acl)[source]¶Find bucket policy acl violations in the rule book.
Parameters: | bucket_acl (BucketAccessControls) – Bucket ACL resource |
---|---|
Yields: | namedtuple – Returns RuleViolation named tuple |