Skip to content


Sample rules

A few rules that use objects from this package:

from typing import List, Dict

from cloudrail.knowledge.context.gcp.gcp_environment_context import GcpEnvironmentContext
from cloudrail.knowledge.rules.base_rule import Issue
from cloudrail.knowledge.rules.gcp.gcp_base_rule import GcpBaseRule
from cloudrail.knowledge.rules.rule_parameters.base_paramerter import ParameterType

class StorageBucketLoggingEnabledRule(GcpBaseRule):

    def get_id(self) -> str:
        return 'non_car_storage_bucket_ensure_logging_enabled'

    def execute(self, env_context: GcpEnvironmentContext, parameters: Dict[ParameterType, any]) -> List[Issue]:
        issues: List[Issue] = []
        for bucket in env_context.storage_buckets:
            if not bucket.logging_enable:
                issues.append(Issue(f'The Google {bucket.get_type()} `{bucket.get_friendly_name()}` logging is not enabled.',
        return issues

    def should_run_rule(self, environment_context: GcpEnvironmentContext) -> bool:
        return bool(environment_context.storage_buckets)

GcpStorageBucket (GcpResource)


Name Type Description
name str

The name of the bucket.

storage_class GcpStorageBucketStorageClass

(Optional, Default = 'STANDARD') The Storage Class of the new bucket. Supported values are STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.

uniform_bucket_level_access bool

(Optional, Default = false) Enables Uniform bucket-level access access to a bucket.

region str

bucket region (geographic location)

logging_enable bool

enable storage bucket daily logs

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process

GcpStorageBucketStorageClass (Enum)

An enumeration.