Skip to content

Commit

Permalink
issue 538 - use max number of rules for egress, ingress, ipv4, ipv6 f…
Browse files Browse the repository at this point in the history 
…or usage for rules per network ACL
  • Loading branch information
John Wu committed May 13, 2021
1 parent 8921393 commit 5a57a69
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 8 deletions.
15 changes: 14 additions & 1 deletion awslimitchecker/services/vpc.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,8 +114,21 @@ def _find_usage_ACLs(self):
)['NetworkAcls']:
acls[acl['VpcId']] += 1
# Rules per network ACL
egress_ipv4 = sum(map(
lambda x: x["Egress"] and "CidrBlock" in x, acl['Entries']
))
ingress_ipv4 = sum(map(
lambda x: not x["Egress"] and "CidrBlock" in x, acl['Entries']
))
egress_ipv6 = sum(map(
lambda x: x["Egress"] and "Ipv6CidrBlock" in x, acl['Entries']
))
ingress_ipv6 = sum(map(
lambda x: not x["Egress"] and "Ipv6CidrBlock" in x,
acl['Entries']
))
self.limits['Rules per network ACL']._add_current_usage(
len(acl['Entries']),
max(egress_ipv4, ingress_ipv4, egress_ipv6, ingress_ipv6),
aws_type='AWS::EC2::NetworkAcl',
resource_id=acl['NetworkAclId']
)
Expand Down
64 changes: 62 additions & 2 deletions awslimitchecker/tests/services/result_fixtures.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,12 +371,72 @@ class VPC(object):
{
'NetworkAclId': 'acl-2',
'VpcId': 'vpc-1',
'Entries': [1],
'Entries': [
{
'Egress': True,
'CidrBlock': 'string'
},
{
'Egress': True,
'Ipv6CidrBlock': 'string'
},
{
'Egress': False,
'CidrBlock': 'string'
},
],
},
{
'NetworkAclId': 'acl-3',
'VpcId': 'vpc-2',
'Entries': [1, 2, 3, 4, 5],
'Entries': [
{
'Egress': True,
'Ipv6CidrBlock': 'string'
},
{
'Egress': False,
'CidrBlock': 'string'
},
{
'Egress': True,
'Ipv6CidrBlock': 'string'
},
{
'Egress': True,
'Ipv6CidrBlock': 'string'
},
{
'Egress': True,
'Ipv6CidrBlock': 'string'
}
],
},
{
'NetworkAclId': 'acl-4',
'VpcId': 'vpc-1',
'Entries': [
{
'Egress': False,
'Ipv6CidrBlock': 'string'
},
{
'Egress': False,
'CidrBlock': 'string'
},
{
'Egress': False,
'Ipv6CidrBlock': 'string'
},
{
'Egress': True,
'Ipv6CidrBlock': 'string'
},
{
'Egress': False,
'Ipv6CidrBlock': 'string'
}
],
},
]
}
Expand Down
12 changes: 7 additions & 5 deletions awslimitchecker/tests/services/test_vpc.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,17 +198,19 @@ def test_find_usage_acls(self):
assert len(usage) == 2
assert usage[0].get_value() == 1
assert usage[0].resource_id == 'vpc-2'
assert usage[1].get_value() == 2
assert usage[1].get_value() == 3
assert usage[1].resource_id == 'vpc-1'
entries = sorted(cls.limits['Rules per network '
'ACL'].get_current_usage())
assert len(entries) == 3
assert len(entries) == 4
assert entries[0].resource_id == 'acl-2'
assert entries[0].get_value() == 1
assert entries[1].resource_id == 'acl-1'
assert entries[1].get_value() == 3
assert entries[2].resource_id == 'acl-3'
assert entries[2].get_value() == 5
assert entries[1].get_value() == 2
assert entries[2].resource_id == 'acl-4'
assert entries[2].get_value() == 3
assert entries[3].resource_id == 'acl-3'
assert entries[3].get_value() == 4
assert mock_conn.mock_calls == [
call.describe_network_acls(Filters=[{
'Name': 'owner-id', 'Values': ['0123456789']
Expand Down

0 comments on commit 5a57a69

Please sign in to comment.