google.cloud.forseti.scanner.audit.retention_rules_engine module

Rules engine for Bucket retention.

class RetentionRuleBook(rule_defs=None)[source]

Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRuleBook

The RuleBook for Retention resources.

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 190
_abc_registry = <_weakrefset.WeakSet object>
add_rule(rule_def, rule_index)[source]

Add a rule to the rule book.

Parameters:
  • rule_def (dict) – A dictionary containing rule definition properties.
  • rule_index (int) – The index of the rule from the rule definitions. Assigned automatically when the rule book is built.
add_rules(rule_defs)[source]

Add rules to the rule book.

Parameters:rule_defs (dict) – rule definitions dictionary.
create_and_add_rule(rule_def, rule_index, apply_to, min_retention, max_retention)[source]

Add a rule to the rule book.

Parameters:
  • rule_def (dict) – A dictionary containing rule definition properties.
  • rule_index (int) – The index of the rule from the rule definitions. Assigned automatically when the rule book is built.
  • apply_to (str) – The resource type that the rule is applied to
  • min_retention (int) – minimum value of the age in lifecycle
  • max_retention (int) – maximum value of the age in lifecycle
get_resource_rules(applies_to)[source]

Get all the rules for the resource “applies_to”.

Parameters:applies_to (str) – The type of the resource
Returns:A list of ResourceRules.
Return type:defaultdict
class RetentionRulesEngine(rules_file_path, snapshot_timestamp=None)[source]

Bases: google.cloud.forseti.scanner.audit.base_rules_engine.BaseRulesEngine

Rules engine for retention.

build_rule_book(global_configs=None)[source]

Build RetentionRuleBook from the rules definition file.

Parameters:global_configs (dict) – Global configurations.
find_violations(resource, force_rebuild=False)[source]

Determine whether bucket lifecycle violates rules.

Parameters:
  • resource (Resource) – Object containing lifecycle data
  • force_rebuild (bool) – If True, rebuilds the rule book. This will reload the rules definition file and add the rules to the book.
Returns:

A generator of rule violations.

Return type:

generator

class Rule(rule_name, rule_index, min_retention, max_retention)[source]

Bases: object

Rule properties from the rule definition file. Also finds violations.

bucket_max_retention_violation(bucket)[source]
Get a generator for violations especially for maximum retention
It only supports bucket for now, and will work on generalizing in future PRs.
Parameters:bucket (bucket) – Find violation from the bucket.
Yields:RuleViolation – All max violations of the bucket breaking the rule.
bucket_min_retention_violation(bucket)[source]

Get a generator for violations especially for minimum retention.

Parameters:bucket (bucket) – Find violation from the bucket.
Yields:RuleViolation – All min violations of the bucket breaking the rule.
find_violations(res)[source]

Get a generator for violations.

Parameters:res (Resource) – A class derived from Resource.
Returns:All violations of the resource breaking the rule.
Return type:Generator
Raises:ValueError – Raised if the resource type is bucket.
find_violations_in_bucket(bucket)[source]

Get a generator for violations.

Parameters:bucket (bucket) – Find violation from the buckets.
Returns:All violations of the buckets breaking rules.
Return type:Generator
generate_bucket_violation(bucket)[source]

Generate a violation.

Parameters:bucket (Bucket) – The bucket that triggers the violation.
Returns:The violation.
Return type:RuleViolation
class RuleViolation(resource_name, resource_type, full_name, rule_name, rule_index, violation_type, violation_data, resource_data, resource_id)

Bases: tuple

__getnewargs__()

Return self as a plain tuple. Used by copy and pickle.

__getstate__()

Exclude the OrderedDict from pickling

__repr__()

Return a nicely formatted representation string

_asdict()

Return a new OrderedDict which maps field names to their values

_fields = ('resource_name', 'resource_type', 'full_name', 'rule_name', 'rule_index', 'violation_type', 'violation_data', 'resource_data', 'resource_id')
classmethod _make(iterable, new=<built-in method __new__ of type object>, len=<built-in function len>)

Make a new RuleViolation object from a sequence or iterable

_replace(**kwds)

Return a new RuleViolation object replacing specified fields with new values

full_name
resource_data
resource_id
resource_name
resource_type
rule_index
rule_name
violation_data
violation_type
bucket_conditions_guarantee_min(conditions, min_retention)[source]

Check if other conditions can guarantee minimum retention.

Parameters:
  • conditions (dict) – the condition dict of the bucket
  • min_retention (int) – the value of minimum retention.
Returns:

True: min is guaranteed even if age is too small.

Return type:

bool

get_retention_range(rule_def, rule_index)[source]

Get the min and max value of the retention.

Parameters:
  • rule_def (dict) – A dictionary containing rule definition properties.
  • rule_index (int) – The index of the rule from the rule definitions. Assigned automatically when the rule book is built.
Returns:

the minimum and maximum value of the Age.

Return type:

pair