From 55fa4de80e59344dee89feb31bbca74acdf731e7 Mon Sep 17 00:00:00 2001 From: Mahendra Korepu Date: Thu, 19 Aug 2021 10:27:15 -0500 Subject: [PATCH] Fix subnet CIDR range validation Signed-off-by: Mahendra Korepu --- cdpctl/validation/infra/validate_aws_subnets.py | 4 ++-- .../infra/test_validate_aws_subnets.py | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/cdpctl/validation/infra/validate_aws_subnets.py b/cdpctl/validation/infra/validate_aws_subnets.py index 2f88ebb..1a7cc45 100644 --- a/cdpctl/validation/infra/validate_aws_subnets.py +++ b/cdpctl/validation/infra/validate_aws_subnets.py @@ -218,7 +218,7 @@ def aws_public_subnets_range_validation() -> None: subnets_wo_valid_range = [] for subnet in subnets_data["public_subnets"]: cidrblock_range = subnet["CidrBlock"].split("/")[1] - if int(cidrblock_range) < 24: + if int(cidrblock_range) > 24: subnets_wo_valid_range.append(subnet["SubnetId"]) if len(subnets_wo_valid_range) > 0: @@ -415,7 +415,7 @@ def aws_private_subnets_range_validation() -> None: subnets_wo_valid_range = [] for subnet in subnets_data["private_subnets"]: cidrblock_range = subnet["CidrBlock"].split("/")[1] - if int(cidrblock_range) < 19: + if int(cidrblock_range) > 19: subnets_wo_valid_range.append(subnet["SubnetId"]) if len(subnets_wo_valid_range) > 0: diff --git a/tests/validation/infra/test_validate_aws_subnets.py b/tests/validation/infra/test_validate_aws_subnets.py index 5702b02..8a35688 100644 --- a/tests/validation/infra/test_validate_aws_subnets.py +++ b/tests/validation/infra/test_validate_aws_subnets.py @@ -79,7 +79,7 @@ }, { "AvailabilityZone": "us-west-2c", - "CidrBlock": "10.1.238.0/24", + "CidrBlock": "10.1.238.0/14", "SubnetId": "subnet-pubtest2-cdp", "VpcId": "vpc-testcdp12345", "Tags": [ @@ -89,7 +89,7 @@ }, { "AvailabilityZone": "us-west-2a", - "CidrBlock": "10.2.236.0/24", + "CidrBlock": "10.2.236.0/22", "SubnetId": "subnet-pubtest3-cdp", "VpcId": "vpc-testcdp12345", "Tags": [ @@ -104,7 +104,7 @@ "Subnets": [ { "AvailabilityZone": "us-west-2b", - "CidrBlock": "20.0.237.0/24", + "CidrBlock": "20.0.237.0/14", "SubnetId": "subnet-prvtest1-cdp", "VpcId": "vpc-testcdp12345", "Tags": [ @@ -114,7 +114,7 @@ }, { "AvailabilityZone": "us-west-2c", - "CidrBlock": "20.1.238.0/24", + "CidrBlock": "20.1.238.0/19", "SubnetId": "subnet-prvtest2-cdp", "VpcId": "vpc-testcdp12345", "Tags": [ @@ -124,7 +124,7 @@ }, { "AvailabilityZone": "us-west-2a", - "CidrBlock": "20.2.236.0/24", + "CidrBlock": "20.2.236.0/18", "SubnetId": "subnet-prvtest3-cdp", "VpcId": "vpc-testcdp12345", "Tags": [ @@ -520,7 +520,7 @@ def test_aws_public_subnets_range_validation_failure(ec2_client: EC2Client) -> N { "Subnets": [ { - "CidrBlock": "10.0.237.0/14", + "CidrBlock": "10.0.237.0/25", "SubnetId": "subnet-pubtest1-cdp", }, {"CidrBlock": "10.1.238.0/24", "SubnetId": "subnet-pubtest2-cdp"}, @@ -935,12 +935,12 @@ def test_aws_private_subnets_range_validation_failure(ec2_client: EC2Client) -> { "Subnets": [ { - "CidrBlock": "10.0.237.0/18", + "CidrBlock": "10.0.237.0/12", "SubnetId": "subnet-prvtest1-cdp", }, {"CidrBlock": "10.1.238.0/24", "SubnetId": "subnet-prvtest2-cdp"}, { - "CidrBlock": "10.2.236.0/14", + "CidrBlock": "10.2.236.0/24", "SubnetId": "subnet-prvtest3-cdp", }, ],