Scanner for the firewall rule engine.

class FirewallPolicyScanner(global_configs, scanner_configs, service_config, model_name, snapshot_timestamp, rules)[source]


Scanner for firewall data.

SCANNER_OUTPUT_CSV_FMT = 'scanner_output_firewall.{}.csv'
_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 214
_abc_registry = <_weakrefset.WeakSet object>

Find violations in the policies.

Parameters:policies (list) – The list of policies to find violations in.
Returns:A list of all violations
Return type:list
static _flatten_violations(violations, rule_indices)[source]

Flatten RuleViolations into a dict for each RuleViolation member.

  • violations (list) – The RuleViolations to flatten.
  • rule_indices (dict) – A dictionary of string rule ids to indices.

dict – Iterator of RuleViolations as a dict per member.


Output results.

Parameters:all_violations (list) – A list of violations.

Retrieves the data for scanner.

Returns:Dict of project to firewall policy data. dict: Dict of resource to resource count.
Return type:dict

Runs the data collection.