google.cloud.forseti.services.inventory.base.cai_gcp_client module

Cloud Asset and GCP API hybrid client fassade.

class CaiApiClientImpl(config, engine, parallel, session)[source]

Bases: google.cloud.forseti.services.inventory.base.gcp.ApiClientImpl

The gcp api client Implementation

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 190
_abc_registry = <_weakrefset.WeakSet object>
_iter_compute_resources(asset_type, project_number)[source]

Iterate Compute resources from Cloud Asset data.

Parameters:
  • asset_type (str) – The Compute asset type to iterate.
  • project_number (str) – number of the project to query.
Returns:

A generator of resources from Cloud Asset data.

Return type:

generator

fetch_bigquery_dataset_policy(project_number, dataset_id)[source]

Dataset policy Iterator for a dataset from Cloud Asset data.

Parameters:
  • project_number (str) – number of the project to query.
  • dataset_id (str) – id of the dataset to query.
Returns:

Dataset Policy.

Return type:

dict

fetch_billing_account_iam_policy(account_id)[source]

Gets IAM policy of a Billing Account from Cloud Asset data.

Parameters:account_id (str) – id of the billing account to get policy.
Returns:Billing Account IAM policy.
Return type:dict
fetch_crm_folder(folder_id)[source]

Fetch Folder data from Cloud Asset data.

Parameters:folder_id (str) – id of the folder to query.
Returns:Folder resource.
Return type:dict
fetch_crm_folder_iam_policy(folder_id)[source]

Folder IAM policy in a folder from Cloud Asset data.

Parameters:folder_id (str) – id of the folder to get policy.
Returns:Folder IAM policy.
Return type:dict
fetch_crm_organization(org_id)[source]

Fetch Organization data from Cloud Asset data.

Parameters:org_id (str) – id of the organization to get.
Returns:Organization resource.
Return type:dict
fetch_crm_organization_iam_policy(org_id)[source]

Organization IAM policy from Cloud Asset data.

Parameters:org_id (str) – id of the organization to get policy.
Returns:Organization IAM policy.
Return type:dict
fetch_crm_project(project_number)[source]

Fetch Project data from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Returns:Project resource.
Return type:dict
fetch_crm_project_iam_policy(project_number)[source]

Project IAM policy from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Returns:Project IAM Policy.
Return type:dict
fetch_gae_app(project_id)[source]

Fetch the AppEngine App from Cloud Asset data.

Parameters:project_id (str) – id of the project to query
Returns:AppEngine App resource.
Return type:dict
fetch_iam_serviceaccount_iam_policy(name, unique_id)[source]

Service Account IAM policy from Cloud Asset data.

Parameters:
  • name (str) – The service account name to query, must be in the format projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}
  • unique_id (str) – The unique id of the service account.
Returns:

Service Account IAM policy.

Return type:

dict

fetch_pubsub_topic_iam_policy(name)[source]

PubSub Topic IAM policy from Cloud Asset data.

Parameters:name (str) – The pubsub topic to query, must be in the format projects/{PROJECT_ID}/topics/{TOPIC_NAME}
Returns:PubSub Topic IAM policy
Return type:dict
fetch_storage_bucket_iam_policy(bucket_id)[source]

Bucket IAM policy Iterator from Cloud Asset data.

Parameters:bucket_id (str) – id of the bucket to query
Returns:Bucket IAM policy
Return type:dict
iter_bigquery_datasets(project_number)[source]

Iterate Datasets from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of datasets.
iter_billing_accounts()[source]

Iterate Billing Accounts in an organization from Cloud Asset data.

Yields:dict – Generator of billing accounts.
iter_compute_autoscalers(project_number)[source]

Iterate Autoscalers from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of autoscaler resources.
iter_compute_backendbuckets(project_number)[source]

Iterate Backend buckets from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of backend bucket resources.
iter_compute_backendservices(project_number)[source]

Iterate Backend services from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of backend service.
iter_compute_disks(project_number)[source]

Iterate Compute Engine disks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Disk.
iter_compute_firewalls(project_number)[source]

Iterate Compute Engine Firewalls from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Engine Firewall.
iter_compute_forwardingrules(project_number)[source]

Iterate Forwarding Rules from GCP API.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of forwarding rule resources.
iter_compute_healthchecks(project_number)[source]

Iterate Health checks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of health check resources.
iter_compute_httphealthchecks(project_number)[source]

Iterate HTTP Health checks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of HTTP health check resources.
iter_compute_httpshealthchecks(project_number)[source]

Iterate HTTPS Health checks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of HTTPS health check resources.
iter_compute_ig_managers(project_number)[source]

Iterate Instance Group Manager from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of instance group manager resources.
iter_compute_images(project_number)[source]

Iterate Images from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of image resources.
iter_compute_instancegroups(project_number)[source]

Iterate Compute Engine groups from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Instance group.
iter_compute_instances(project_number)[source]

Iterate compute engine instance from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Engine Instance resources.
iter_compute_instancetemplates(project_number)[source]

Iterate Instance Templates from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of instance template resources.
iter_compute_licenses(project_number)[source]

Iterate Licenses from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of license resources.
iter_compute_networks(project_number)[source]

Iterate Networks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of network resources.
iter_compute_routers(project_number)[source]

Iterate Compute Engine routers from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Routers.
iter_compute_snapshots(project_number)[source]

Iterate Compute Engine snapshots from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Compute Snapshots.
iter_compute_sslcertificates(project_number)[source]

Iterate SSL certificates from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of ssl certificate resources.
iter_compute_subnetworks(project_number)[source]

Iterate Subnetworks from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of subnetwork resources.
iter_compute_targethttpproxies(project_number)[source]

Iterate Target HTTP proxies from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target http proxy resources.
iter_compute_targethttpsproxies(project_number)[source]

Iterate Target HTTPS proxies from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target https proxy resources.
iter_compute_targetinstances(project_number)[source]

Iterate Target Instances from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target instance resources.
iter_compute_targetpools(project_number)[source]

Iterate Target Pools from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target pool resources.
iter_compute_targetsslproxies(project_number)[source]

Iterate Target SSL proxies from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target ssl proxy resources.
iter_compute_targettcpproxies(project_number)[source]

Iterate Target TCP proxies from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of target tcp proxy resources.
iter_compute_urlmaps(project_number)[source]

Iterate URL maps from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of url map resources.
iter_crm_folders(parent_id)[source]

Iterate Folders from Cloud Asset data.

Parameters:parent_id (str) – id of the parent of the folder
Yields:dict – Generator of folders
iter_crm_projects(parent_type, parent_id)[source]

Iterate Projects from Cloud Asset data.

Parameters:
  • parent_type (str) – type of the parent, “folder” or “organization”.
  • parent_id (str) – id of the parent of the folder.
Yields:

dict – Generator of Project resources

iter_dns_managedzones(project_number)[source]

Iterate CloudDNS Managed Zones from Cloud Asset data.

Parameters:project_number (str) – number of the parent project.
Yields:dict – Generator of ManagedZone resources
iter_dns_policies(project_number)[source]

Iterate CloudDNS Policies from Cloud Asset data.

Parameters:project_number (str) – number of the parent project of the policy.
Yields:dict – Generator of ManagedZone resources
iter_gae_services(project_id)[source]

Iterate gae services from Cloud Asset data.

Parameters:project_id (str) – id of the project to query
Yields:dict – Generator of AppEngine Service resources.
iter_gae_versions(project_id, service_id)[source]

Iterate gae versions from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query
  • service_id (str) – id of the appengine service
Yields:

dict – Generator of AppEngine Version resources.

iter_iam_organization_roles(org_id)[source]

Iterate Organization roles from Cloud Asset data.

Parameters:org_id (str) – id of the organization to get.
Yields:dict – Generator of organization role.
iter_iam_project_roles(project_id, project_number)[source]

Iterate Project roles in a project from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Yields:

dict – Generator of project roles.

iter_iam_serviceaccounts(project_id, project_number)[source]

Iterate Service Accounts in a project from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Yields:

dict – Generator of service account.

iter_pubsub_topics(project_id, project_number)[source]

Iterate PubSub topics from Cloud Asset data.

Parameters:
  • project_id (str) – id of the project to query.
  • project_number (str) – number of the project to query.
Yields:

dict – Generator of Pubsub Topic resources

iter_spanner_databases(parent)[source]

Iterate Spanner Databases from Cloud Asset data.

Parameters:parent (str) – parent spanner instance to query.
Yields:dict – Generator of Spanner Database resources
iter_spanner_instances(project_number)[source]

Iterate Spanner Instances from Cloud Asset data.

Parameters:project_number (str) – number of the project to query.
Yields:dict – Generator of Spanner Instance resources
session

Return a thread local CAI read only session object.

Returns:A thread local Session.
Return type:object
_convert_iam_to_bigquery_policy(iam_policy)[source]

Converts an IAM policy to a bigquery Access Policy.

The is used for backwards compatibility between data returned from live API and the data stored in CAI. Once the live API returns IAM policies instead, this can be deprecated.

Parameters:iam_policy (dict) – The BigQuery dataset IAM policy.
Returns:A list of access policies.

An example return value:

[
{‘role’: ‘WRITER’, ‘specialGroup’: ‘projectWriters’}, {‘role’: ‘OWNER’, ‘specialGroup’: ‘projectOwners’}, {‘role’: ‘OWNER’, ‘userByEmail’: ‘user@domain.com’}, {‘role’: ‘READER’, ‘specialGroup’: ‘projectReaders’}

]

Return type:list
_fixup_resource_keys(resource, key_map, only_fixup_lists=False)[source]

Correct different attribute names between CAI and json representation.

Parameters:
  • resource (dict) – The resource dictionary to scan for keys in the key_map.
  • key_map (dict) – A map of bad_key:good_key pairs, any instance of bad_key in the resource dict is replaced with an instance of good_key.
  • only_fixup_lists (bool) – If true, only keys that have values which are lists will be fixed. This allows the case where there is the same key used for both a scalar entry and a list entry, and only the list entry should change to the different key.
Returns:

A resource dict with all bad keys replaced with good keys.

Return type:

dict