PR jantman#350 - fix for CloudTrail cross-region issue with get_event…

…_selectors()
nadlerjessie · Feb 16, 2019 · ef656e0 · ef656e0
1 parent bbc9144
commit ef656e0
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 27 deletions.
diff --git a/awslimitchecker/services/cloudtrail.py b/awslimitchecker/services/cloudtrail.py
@@ -76,27 +76,30 @@ def _find_usage_cloudtrail(self):
 
         for trail in trail_list:
             data_resource_count = 0
-
-            response = self.conn.get_event_selectors(TrailName=trail['Name'])
-            event_selectors = response['EventSelectors']
-
-            for event_selector in event_selectors:
-                data_resource_count += len(
-                    event_selector.get('DataResources', [])
+            if self.conn._client_config.region_name == trail['HomeRegion']:
+                response = self.conn.get_event_selectors(
+                    TrailName=trail['Name']
+                )
+                event_selectors = response['EventSelectors']
+                for event_selector in event_selectors:
+                    data_resource_count += len(
+                        event_selector.get('DataResources', [])
+                    )
+                self.limits['Event Selectors Per Trail']._add_current_usage(
+                    len(event_selectors),
+                    aws_type='AWS::CloudTrail::EventSelector',
+                    resource_id=trail['Name']
+                )
+                self.limits['Data Resources Per Trail']._add_current_usage(
+                    data_resource_count,
+                    aws_type='AWS::CloudTrail::DataResource',
+                    resource_id=trail['Name']
+                )
+            else:
+                logger.debug(
+                    'Ignoring event selectors and data resources for '
+                    'CloudTrail %s in non-home region' % trail['Name']
                 )
-
-            self.limits['Event Selectors Per Trail']._add_current_usage(
-                len(event_selectors),
-                aws_type='AWS::CloudTrail::EventSelector',
-                resource_id=trail['Name']
-            )
-
-            self.limits['Data Resources Per Trail']._add_current_usage(
-                data_resource_count,
-                aws_type='AWS::CloudTrail::DataResource',
-                resource_id=trail['Name']
-            )
-
         self.limits['Trails Per Region']._add_current_usage(
             trail_count,
             aws_type=self.aws_type

diff --git a/awslimitchecker/tests/services/result_fixtures.py b/awslimitchecker/tests/services/result_fixtures.py
@@ -3430,7 +3430,7 @@ class CloudTrail(object):
                     'SnsTopicARN': 'string',
                     'IncludeGlobalServiceEvents': True,
                     'IsMultiRegionTrail': True,
-                    'HomeRegion': 'string',
+                    'HomeRegion': 'thisregion',
                     'TrailARN': 'string',
                     'LogFileValidationEnabled': True,
                     'CloudWatchLogsLogGroupArn': 'string',
@@ -3446,7 +3446,7 @@ class CloudTrail(object):
                     'SnsTopicARN': 'string',
                     'IncludeGlobalServiceEvents': True,
                     'IsMultiRegionTrail': True,
-                    'HomeRegion': 'string',
+                    'HomeRegion': 'thisregion',
                     'TrailARN': 'string',
                     'LogFileValidationEnabled': True,
                     'CloudWatchLogsLogGroupArn': 'string',
@@ -3462,7 +3462,7 @@ class CloudTrail(object):
                     'SnsTopicARN': 'string',
                     'IncludeGlobalServiceEvents': True,
                     'IsMultiRegionTrail': True,
-                    'HomeRegion': 'string',
+                    'HomeRegion': 'otherRegion',
                     'TrailARN': 'string',
                     'LogFileValidationEnabled': True,
                     'CloudWatchLogsLogGroupArn': 'string',

diff --git a/awslimitchecker/tests/services/test_cloudtrail.py b/awslimitchecker/tests/services/test_cloudtrail.py
@@ -106,6 +106,9 @@ def test_get_limits_again(self):
 
     def test_find_usage(self):
         mock_trails = Mock()
+        mock_conf = Mock()
+        type(mock_conf).region_name = 'thisregion'
+        type(mock_trails)._client_config = mock_conf
         mock_trails.describe_trails.return_value = \
             result_fixtures.CloudTrail.mock_describe_trails
 
@@ -133,16 +136,14 @@ def se_selectors(*args, **kwargs):
         assert usage[0].get_value() == 3
 
         usage = cls.limits['Event Selectors Per Trail'].get_current_usage()
-        assert len(usage) == 3
+        assert len(usage) == 2
         assert usage[0].get_value() == 0
         assert usage[1].get_value() == 3
-        assert usage[2].get_value() == 0
 
         usage = cls.limits['Data Resources Per Trail'].get_current_usage()
-        assert len(usage) == 3
+        assert len(usage) == 2
         assert usage[0].get_value() == 0
         assert usage[1].get_value() == 3
-        assert usage[2].get_value() == 0
 
     def test_required_iam_permissions(self):
         cls = _CloudTrailService(21, 43)