google.cloud.forseti.scanner.scanners.firewall_rules_scanner module

Scanner for the firewall rule engine.

class FirewallPolicyScanner(global_configs, scanner_configs, service_config, model_name, snapshot_timestamp, rules)[source]

Bases: google.cloud.forseti.scanner.scanners.base_scanner.BaseScanner

Scanner for firewall data.

SCANNER_OUTPUT_CSV_FMT = 'scanner_output_firewall.{}.csv'
_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 186
_abc_registry = <_weakrefset.WeakSet object>
_find_violations(policies)[source]

Find violations in the policies.

Parameters:policies (list) – The list of policies to find violations in.
Returns:A list of all violations
Return type:list
static _flatten_violations(violations, rule_indices)[source]

Flatten RuleViolations into a dict for each RuleViolation member.

Parameters:
  • violations (list) – The RuleViolations to flatten.
  • rule_indices (dict) – A dictionary of string rule ids to indices.
Yields:

dict – Iterator of RuleViolations as a dict per member.

_output_results(all_violations)[source]

Output results.

Parameters:all_violations (list) – A list of violations.
_retrieve()[source]

Retrieves the data for scanner.

Returns:Dict of project to firewall policy data. dict: Dict of resource to resource count.
Return type:dict
run()[source]

Runs the data collection.