diff --git a/awslimitchecker/services/vpc.py b/awslimitchecker/services/vpc.py index 83feb37b..0080fe5b 100644 --- a/awslimitchecker/services/vpc.py +++ b/awslimitchecker/services/vpc.py @@ -114,8 +114,21 @@ def _find_usage_ACLs(self): )['NetworkAcls']: acls[acl['VpcId']] += 1 # Rules per network ACL + egress_ipv4 = sum(map( + lambda x: x["Egress"] and "CidrBlock" in x, acl['Entries'] + )) + ingress_ipv4 = sum(map( + lambda x: not x["Egress"] and "CidrBlock" in x, acl['Entries'] + )) + egress_ipv6 = sum(map( + lambda x: x["Egress"] and "Ipv6CidrBlock" in x, acl['Entries'] + )) + ingress_ipv6 = sum(map( + lambda x: not x["Egress"] and "Ipv6CidrBlock" in x, + acl['Entries'] + )) self.limits['Rules per network ACL']._add_current_usage( - len(acl['Entries']), + max(egress_ipv4, ingress_ipv4, egress_ipv6, ingress_ipv6), aws_type='AWS::EC2::NetworkAcl', resource_id=acl['NetworkAclId'] ) diff --git a/awslimitchecker/tests/services/result_fixtures.py b/awslimitchecker/tests/services/result_fixtures.py index 4c7324e2..fe3e1285 100644 --- a/awslimitchecker/tests/services/result_fixtures.py +++ b/awslimitchecker/tests/services/result_fixtures.py @@ -371,12 +371,72 @@ class VPC(object): { 'NetworkAclId': 'acl-2', 'VpcId': 'vpc-1', - 'Entries': [1], + 'Entries': [ + { + 'Egress': True, + 'CidrBlock': 'string' + }, + { + 'Egress': True, + 'Ipv6CidrBlock': 'string' + }, + { + 'Egress': False, + 'CidrBlock': 'string' + }, + ], }, { 'NetworkAclId': 'acl-3', 'VpcId': 'vpc-2', - 'Entries': [1, 2, 3, 4, 5], + 'Entries': [ + { + 'Egress': True, + 'Ipv6CidrBlock': 'string' + }, + { + 'Egress': False, + 'CidrBlock': 'string' + }, + { + 'Egress': True, + 'Ipv6CidrBlock': 'string' + }, + { + 'Egress': True, + 'Ipv6CidrBlock': 'string' + }, + { + 'Egress': True, + 'Ipv6CidrBlock': 'string' + } + ], + }, + { + 'NetworkAclId': 'acl-4', + 'VpcId': 'vpc-1', + 'Entries': [ + { + 'Egress': False, + 'Ipv6CidrBlock': 'string' + }, + { + 'Egress': False, + 'CidrBlock': 'string' + }, + { + 'Egress': False, + 'Ipv6CidrBlock': 'string' + }, + { + 'Egress': True, + 'Ipv6CidrBlock': 'string' + }, + { + 'Egress': False, + 'Ipv6CidrBlock': 'string' + } + ], }, ] } diff --git a/awslimitchecker/tests/services/test_vpc.py b/awslimitchecker/tests/services/test_vpc.py index e968935a..60003ace 100644 --- a/awslimitchecker/tests/services/test_vpc.py +++ b/awslimitchecker/tests/services/test_vpc.py @@ -198,17 +198,19 @@ def test_find_usage_acls(self): assert len(usage) == 2 assert usage[0].get_value() == 1 assert usage[0].resource_id == 'vpc-2' - assert usage[1].get_value() == 2 + assert usage[1].get_value() == 3 assert usage[1].resource_id == 'vpc-1' entries = sorted(cls.limits['Rules per network ' 'ACL'].get_current_usage()) - assert len(entries) == 3 + assert len(entries) == 4 assert entries[0].resource_id == 'acl-2' assert entries[0].get_value() == 1 assert entries[1].resource_id == 'acl-1' - assert entries[1].get_value() == 3 - assert entries[2].resource_id == 'acl-3' - assert entries[2].get_value() == 5 + assert entries[1].get_value() == 2 + assert entries[2].resource_id == 'acl-4' + assert entries[2].get_value() == 3 + assert entries[3].resource_id == 'acl-3' + assert entries[3].get_value() == 4 assert mock_conn.mock_calls == [ call.describe_network_acls(Filters=[{ 'Name': 'owner-id', 'Values': ['0123456789']