google.cloud.forseti.scanner.scanners.instance_network_interface_scanner module

Scanner for the Networks Enforcer acls rules engine.

class InstanceNetworkInterfaceScanner(global_configs, scanner_configs, service_config, model_name, snapshot_timestamp, rules)[source]

Bases: google.cloud.forseti.scanner.scanners.base_scanner.BaseScanner

Pipeline to network enforcer from DAO.

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 186
_abc_registry = <_weakrefset.WeakSet object>
_find_violations(enforced_networks_data)[source]

Find violations in the policies.

Parameters:enforced_networks_data (list) – Enforced networks data to find violations in
Returns:A list of violations
Return type:list
static _flatten_violations(violations)[source]

Flatten RuleViolations into a dict for each RuleViolation member.

Parameters:violations (list) – The RuleViolations to flatten.
Yields:dict – Iterator of RuleViolations as a dict per member.
static _get_resource_count(project_policies, instance_network_interfaces)[source]

Get resource count for org and project policies.

Parameters:
  • project_policies (dict) – containing the projects (gcp_type.project.Project) and their iam policies (dict).
  • instance_network_interfaces (list) – of network_interface objects.
Returns:

Resource count map

Return type:

dict

_output_results(all_violations)[source]

Output results.

Parameters:all_violations (list) – All violations
_retrieve()[source]

Retrieve the network interfaces for vm instances.

Returns:
A list that contains nested lists of per-instance
InstanceNetworksInterface objects.
Return type:list
run()[source]

Runs the instance network interface scanner.