in scripts/gd2acl-sync-check.py [0:0]
def check_nacl(netacl_id, region):
logger.info("checking nacl, netacl_id=%s." % (netacl_id))
ddb = boto3.resource('dynamodb')
table = ddb.Table(ACLMETATABLE)
# Get current NACL entries in DDB
response = table.query(
KeyConditionExpression=Key('NetACLId').eq(netacl_id)
)
# Get all the entries for NACL
naclentries = response['Items']
# Get the range and check the state
if naclentries:
rulecount = response['Count']
rulerange = list(range(71, 81))
ddbrulerange = []
naclrulerange = get_nacl_rules(netacl_id)
for i in naclentries:
ddbrulerange.append(int(i['RuleNo']))
ddbrulerange.sort()
naclrulerange.sort()
synccheck = set(naclrulerange).symmetric_difference(ddbrulerange)
if ddbrulerange != naclrulerange:
logger.info("log -- current DDB entries, %s." % (ddbrulerange))
logger.info("log -- current NACL entries, %s." % (naclrulerange))
logger.info("log -- rule count, %s." % (rulecount))
print(bcolors.FAIL + 'Rule state mismatch for NACL, %s' % (sorted(synccheck)) + bcolors.ENDC)
else:
logger.info("log -- current DDB entries, %s." % (ddbrulerange))
logger.info("log -- current NACL entries, %s." % (naclrulerange))
logger.info("log -- rule count for NACL %s is %s." % (netacl_id, rulecount))
print(bcolors.OKGREEN + 'Rule state is OK for NACL, %s.' % (netacl_id) + bcolors.ENDC)
if response['ResponseMetadata']['HTTPStatusCode'] == 200:
return True
else:
return False