google.cloud.forseti.scanner.scanners.groups_scanner module

Scanner for Google Groups.

class GroupsScanner(global_configs, scanner_configs, service_config, model_name, snapshot_timestamp, rules)[source]

Bases: google.cloud.forseti.scanner.scanners.base_scanner.BaseScanner

Scanner for group members data.

_abc_cache = <_weakrefset.WeakSet object>
_abc_negative_cache = <_weakrefset.WeakSet object>
_abc_negative_cache_version = 190
_abc_registry = <_weakrefset.WeakSet object>
_apply_all_rules(starting_node, group_rules)[source]

Apply all rules to all the applicable nodes.

Parameters:
  • starting_node (node) – Member node from which to start appending the rule.
  • group_rules (dict) – A list of rules, in dictionary form.
Returns:

Member node with all the rules applied to all the nodes.

Return type:

node

static _apply_one_rule(starting_node, rule)[source]

Append the rule to all the applicable nodes.

Parameters:
  • starting_node (node) – Member node from which to start appending the rule.
  • rule (dict) – A dictionary representation of a rule.
Returns:

Member node with all its recursive members,

with the rule appended.

Return type:

node

_build_group_tree()[source]

Build a tree of all the groups in the organization.

Returns:The tree structure of all the groups in the organization.
Return type:node
static _find_violations(root)[source]

Find violations, starting from the given root.

At this point, we can start to find violations at each node!

We have a tree, with data populated at each node. …and rules are also applied at each node. Traversal order should not matter, since we need to evaluate all nodes.

Each node can have multiple rules. Each rule can have multiple conditions.

If a rule is violated, then the node is in violation. i.e. if all rules pass, then the node is not in violation.

Parameters:root (node) – The nodes (tree structure) to find violations in.
Returns:Nodes that are in violation.
Return type:list
static _flatten_violations(violations)[source]

Flatten RuleViolations into a dict for each RuleViolation member.

Parameters:violations (list) – The RuleViolations to flatten.
Yields:dict – Iterator of RuleViolations as a dict per member.
_get_recursive_members(starting_node)[source]

Get all the recursive members of a group.

Parameters:starting_node (node) – Member node from which to start getting the recursive members.
_output_results(all_violations)[source]

Output results.

Parameters:all_violations (list) – A list of nodes that are in violation.
_retrieve()[source]

Retrieves the group tree.

Parameters:None
Returns:The tree structure of all the groups in the organization.
Return type:node
run()[source]

Runs the groups scanner.

class MemberNode(member_id, member_email, member_type=None, member_status=None, parent=None)[source]

Bases: anytree.node.nodemixin.NodeMixin

A custom anytree node with Group Member attributes.