google.cloud.forseti.scanner.audit.rules module

Rules-related classes.

class Rule(rule_name, rule_index, bindings, mode=None)[source]

Bases: object

Encapsulate Rule properties from the rule definition file.

The reason this is not a named tuple is that it needs to be hashable. The ResourceRules class has a set of Rules.

__eq__(other)[source]

Test whether Rule equals other Rule.

Parameters:other (object) – The other object to compare.
Returns:True if equals, otherwise False.
Return type:bool
__hash__()[source]

Make a hash of the rule index.

For now, this will suffice since the rule index is assigned automatically when the rules map is built, and the scanner only handles one rule file at a time. Later on, we’ll need to revisit this hash method when we process multiple rule files.

Returns:The hash of the rule index.
Return type:int
__ne__(other)[source]

Test whether Rule is not equal to another Rule.

Parameters:other (object) – The other object to compare.
Returns:True if not equals, otherwise False.
Return type:bool
__repr__()[source]

Returns the string representation of this Rule.

Returns:The representation of the Rule.
Return type:str
class RuleAppliesTo[source]

Bases: object

What the rule applies to. (Default: SELF)

CHILDREN = 'children'
SELF = 'self'
SELF_AND_CHILDREN = 'self_and_children'
apply_types = frozenset({'self_and_children', 'children', 'self'})
classmethod verify(applies_to)[source]

Verify whether the applies_to is valid.

Parameters:applies_to (str) – What the rule applies to.
Returns:The applies_to property.
Return type:str
Raises:InvalidRulesSchemaError if applies_to is not valid.
class RuleMode[source]

Bases: object

The rule mode.

BLACKLIST = 'blacklist'
MATCHES = 'matches'
REQUIRED = 'required'
WHITELIST = 'whitelist'
modes = frozenset({'whitelist', 'required', 'blacklist', 'matches'})
classmethod verify(mode)[source]

Verify whether the mode is valid.

Parameters:mode (str) – The rules mode.
Returns:The rules mode property.
Return type:str
Raises:InvalidRulesSchemaError if mode is not valid.
class RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, members, resource_data)

Bases: tuple

__getnewargs__()

Return self as a plain tuple. Used by copy and pickle.

static __new__(_cls, resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, members, resource_data)

Create new instance of RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, members, resource_data)

__repr__()

Return a nicely formatted representation string

_asdict()

Return a new OrderedDict which maps field names to their values.

_fields = ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'role', 'members', 'resource_data')
classmethod _make(iterable, new=<built-in method __new__ of type object>, len=<built-in function len>)

Make a new RuleViolation object from a sequence or iterable

_replace(**kwds)

Return a new RuleViolation object replacing specified fields with new values

_source = "from builtins import property as _property, tuple as _tuple\nfrom operator import itemgetter as _itemgetter\nfrom collections import OrderedDict\n\nclass RuleViolation(tuple):\n 'RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, members, resource_data)'\n\n __slots__ = ()\n\n _fields = ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'role', 'members', 'resource_data')\n\n def __new__(_cls, resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, members, resource_data):\n 'Create new instance of RuleViolation(resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, members, resource_data)'\n return _tuple.__new__(_cls, (resource_type, resource_id, full_name, rule_name, rule_index, violation_type, role, members, resource_data))\n\n @classmethod\n def _make(cls, iterable, new=tuple.__new__, len=len):\n 'Make a new RuleViolation object from a sequence or iterable'\n result = new(cls, iterable)\n if len(result) != 9:\n raise TypeError('Expected 9 arguments, got %d' % len(result))\n return result\n\n def _replace(_self, **kwds):\n 'Return a new RuleViolation object replacing specified fields with new values'\n result = _self._make(map(kwds.pop, ('resource_type', 'resource_id', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'role', 'members', 'resource_data'), _self))\n if kwds:\n raise ValueError('Got unexpected field names: %r' % list(kwds))\n return result\n\n def __repr__(self):\n 'Return a nicely formatted representation string'\n return self.__class__.__name__ + '(resource_type=%r, resource_id=%r, full_name=%r, rule_name=%r, rule_index=%r, violation_type=%r, role=%r, members=%r, resource_data=%r)' % self\n\n def _asdict(self):\n 'Return a new OrderedDict which maps field names to their values.'\n return OrderedDict(zip(self._fields, self))\n\n def __getnewargs__(self):\n 'Return self as a plain tuple. Used by copy and pickle.'\n return tuple(self)\n\n resource_type = _property(_itemgetter(0), doc='Alias for field number 0')\n\n resource_id = _property(_itemgetter(1), doc='Alias for field number 1')\n\n full_name = _property(_itemgetter(2), doc='Alias for field number 2')\n\n rule_name = _property(_itemgetter(3), doc='Alias for field number 3')\n\n rule_index = _property(_itemgetter(4), doc='Alias for field number 4')\n\n violation_type = _property(_itemgetter(5), doc='Alias for field number 5')\n\n role = _property(_itemgetter(6), doc='Alias for field number 6')\n\n members = _property(_itemgetter(7), doc='Alias for field number 7')\n\n resource_data = _property(_itemgetter(8), doc='Alias for field number 8')\n\n"
full_name
members
resource_data
resource_id
resource_type
role
rule_index
rule_name
violation_type