Rules engine for verifying KE Versions are allowed.
KeVersionRuleBook
(rule_defs=None)[source]¶Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRuleBook
The RuleBook for KE Version rules.
_abc_cache
= <_weakrefset.WeakSet object>¶_abc_negative_cache
= <_weakrefset.WeakSet object>¶_abc_negative_cache_version
= 214¶_abc_registry
= <_weakrefset.WeakSet object>¶add_rule
(rule_def, rule_index)[source]¶Add a rule to the rule book.
Parameters: |
|
---|
add_rules
(rule_defs)[source]¶Add rules to the rule book.
Parameters: | rule_defs (dict) – rule definitions dictionary |
---|
find_violations
(ke_cluster)[source]¶Find violations in the rule book.
Parameters: | ke_cluster (KeCluster) – KE Cluster and ServerConfig data. |
---|---|
Returns: | RuleViolation |
Return type: | list |
get_resource_rules
(resource)[source]¶Get all the resource rules for resource.
Parameters: | resource (Resource) – The gcp_type Resource find in the map. |
---|---|
Returns: | A ResourceRules object. |
Return type: | ResourceRules |
KeVersionRulesEngine
(rules_file_path, snapshot_timestamp=None)[source]¶Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRulesEngine
Rules engine for KE Version scanner.
build_rule_book
(global_configs=None)[source]¶Build KeVersionRuleBook from the rules definition file.
Parameters: | global_configs (dict) – Global configurations. |
---|
find_violations
(ke_cluster, force_rebuild=False)[source]¶Determine whether Kubernetes Engine cluster version violates rules.
Parameters: |
|
---|---|
Returns: | A generator of rule violations. |
Return type: | generator |
ResourceRules
(resource=None, rules=None)[source]¶Bases: object
An association of a resource to rules.
__eq__
(other)[source]¶Compare == with another object.
Parameters: | other (ResourceRules) – object to compare with |
---|---|
Returns: | comparison result |
Return type: | int |
Rule
(rule_name, rule_index, check_serverconfig_valid_node_versions, check_serverconfig_valid_master_versions, allowed_nodepool_versions)[source]¶Bases: object
Rule properties from the rule definition file, also finds violations.
__eq__
(other)[source]¶Test whether Rule equals other Rule.
Parameters: | other (Rule) – object to compare to |
---|---|
Returns: | comparison result |
Return type: | int |
__hash__
()[source]¶Make a hash of the rule index.
For now, this will suffice since the rule index is assigned automatically when the rules map is built, and the scanner only handles one rule file at a time. Later on, we’ll need to revisit this hash method when we process multiple rule files.
Returns: | The hash of the rule index. |
---|---|
Return type: | int |
__ne__
(other)[source]¶Test whether Rule is not equal to another Rule.
Parameters: | other (object) – object to compare to |
---|---|
Returns: | comparison result |
Return type: | int |
_make_violation
(ke_cluster, nodepool, violation_reason)[source]¶Build a RuleViolation for the cluster.
Parameters: |
|
---|---|
Returns: | A new RuleViolation namedtuple. |
Return type: |
_master_version_valid
(ke_cluster)[source]¶Check the master version against the supported version list.
Parameters: | ke_cluster (KeCluster) – KE Cluster and ServerConfig data. |
---|---|
Returns: |
|
Return type: | RuleViolation |
_node_versions_allowed
(ke_cluster)[source]¶Check the node pool versions against the allowed versions list.
Parameters: | ke_cluster (KeCluster) – KE Cluster and ServerConfig data. |
---|---|
Returns: |
|
Return type: | RuleViolation |
_node_versions_valid
(ke_cluster)[source]¶Check the node pool versions against the supported version list.
Parameters: | ke_cluster (KeCluster) – KE Cluster and ServerConfig data. |
---|---|
Returns: |
|
Return type: | RuleViolation |
RuleViolation
(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, violation_reason, project_id, cluster_name, node_pool_name, resource_data, resource_name)¶Bases: tuple
__getnewargs__
()¶Return self as a plain tuple. Used by copy and pickle.
__new__
(_cls, resource_type, resource_id, full_name, rule_name, rule_index, violation_type, violation_reason, project_id, cluster_name, node_pool_name, resource_data, resource_name)¶Create new instance of RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, violation_reason, project_id, cluster_name, node_pool_name, resource_data, resource_name)
__repr__
()¶Return a nicely formatted representation string
_asdict
()¶Return a new OrderedDict which maps field names to their values.
_fields
= ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'violation_reason', 'project_id', 'cluster_name', 'node_pool_name', 'resource_data', 'resource_name')¶_make
(iterable, new=<built-in method __new__ of type object>, len=<built-in function len>)¶Make a new RuleViolation object from a sequence or iterable
_replace
(**kwds)¶Return a new RuleViolation object replacing specified fields with new values
_source
= "from builtins import property as _property, tuple as _tuple\nfrom operator import itemgetter as _itemgetter\nfrom collections import OrderedDict\n\nclass RuleViolation(tuple):\n 'RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, violation_reason, project_id, cluster_name, node_pool_name, resource_data, resource_name)'\n\n __slots__ = ()\n\n _fields = ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'violation_reason', 'project_id', 'cluster_name', 'node_pool_name', 'resource_data', 'resource_name')\n\n def __new__(_cls, resource_type, resource_id, full_name, rule_name, rule_index, violation_type, violation_reason, project_id, cluster_name, node_pool_name, resource_data, resource_name):\n 'Create new instance of RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, violation_reason, project_id, cluster_name, node_pool_name, resource_data, resource_name)'\n return _tuple.__new__(_cls, (resource_type, resource_id, full_name, rule_name, rule_index, violation_type, violation_reason, project_id, cluster_name, node_pool_name, resource_data, resource_name))\n\n @classmethod\n def _make(cls, iterable, new=tuple.__new__, len=len):\n 'Make a new RuleViolation object from a sequence or iterable'\n result = new(cls, iterable)\n if len(result) != 12:\n raise TypeError('Expected 12 arguments, got %d' % len(result))\n return result\n\n def _replace(_self, **kwds):\n 'Return a new RuleViolation object replacing specified fields with new values'\n result = _self._make(map(kwds.pop, ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'violation_reason', 'project_id', 'cluster_name', 'node_pool_name', 'resource_data', 'resource_name'), _self))\n if kwds:\n raise ValueError('Got unexpected field names: %r' % list(kwds))\n return result\n\n def __repr__(self):\n 'Return a nicely formatted representation string'\n return self.__class__.__name__ + '(resource_type=%r, resource_id=%r, full_name=%r, rule_name=%r, rule_index=%r, violation_type=%r, violation_reason=%r, project_id=%r, cluster_name=%r, node_pool_name=%r, resource_data=%r, resource_name=%r)' % self\n\n def _asdict(self):\n 'Return a new OrderedDict which maps field names to their values.'\n return OrderedDict(zip(self._fields, self))\n\n def __getnewargs__(self):\n 'Return self as a plain tuple. Used by copy and pickle.'\n return tuple(self)\n\n resource_type = _property(_itemgetter(0), doc='Alias for field number 0')\n\n resource_id = _property(_itemgetter(1), doc='Alias for field number 1')\n\n full_name = _property(_itemgetter(2), doc='Alias for field number 2')\n\n rule_name = _property(_itemgetter(3), doc='Alias for field number 3')\n\n rule_index = _property(_itemgetter(4), doc='Alias for field number 4')\n\n violation_type = _property(_itemgetter(5), doc='Alias for field number 5')\n\n violation_reason = _property(_itemgetter(6), doc='Alias for field number 6')\n\n project_id = _property(_itemgetter(7), doc='Alias for field number 7')\n\n cluster_name = _property(_itemgetter(8), doc='Alias for field number 8')\n\n node_pool_name = _property(_itemgetter(9), doc='Alias for field number 9')\n\n resource_data = _property(_itemgetter(10), doc='Alias for field number 10')\n\n resource_name = _property(_itemgetter(11), doc='Alias for field number 11')\n\n"¶cluster_name
¶full_name
¶node_pool_name
¶project_id
¶resource_data
¶resource_id
¶resource_name
¶resource_type
¶rule_index
¶rule_name
¶violation_reason
¶violation_type
¶VersionRule
(major, minor=None, operator='=')[source]¶Bases: object
Class to match allowed versions rules against running versions.
ALLOWED_OPERATORS
= {'<': <built-in function lt>, '<=': <built-in function le>, '=': <built-in function eq>, '>': <built-in function gt>, '>=': <built-in function ge>}¶