jantman / awslimitchecker Goto Github PK

and TA checks

Add some examples of using the runner.

Implement VPC service

Verify that all checks work correctly using an IAM user with IAM permissions matching what ALC generates.

Ensure our docs on AGPL make clear the requirements in section 5b and section 13.

the runner command --list-defaults says it lists the defaults, but it actually lists the effective (overridden) limits. Fix this.

Trusted Advisor lists EBS-related limits as their own service, even though they appear under EC2 in the AWS docs. Move them so they play nice with TA.

Tried the install directions per the README on Ubuntu 14.04 and Amazon Linux. I was not able to install the module from pip directly so I attempted to install it via source with a 'python setup.py install'. When trying to run the binary I get an error "ImportError: No module named services" using python 2.7.

Any chance this will get back into the pip library? Or is there some other issue when I am installing this?

root@ip-10-0-4-112:~# /usr/local/bin/awslimitchecker
Traceback (most recent call last):
File "/usr/local/bin/awslimitchecker", line 9, in
load_entry_point('awslimitchecker==0.1.0', 'console_scripts', 'awslimitchecker')()
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 351, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2363, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2088, in load
entry = import(self.module_name, globals(),globals(), ['name'])
File "build/bdist.linux-x86_64/egg/awslimitchecker/runner.py", line 46, in
File "build/bdist.linux-x86_64/egg/awslimitchecker/checker.py", line 40, in
ImportError: No module named services

and confirm TA checks

Perform complete docs review, document stuff.

• implement source discovery, the best we can, for AGPL compliance. We should test to see if it's installed from a package or git. If from a package, point to either GitHub or PyPi. If from git, point to the repo url. In #6 instruct that anyone modifying the source must ensure this function works.

https://landscape.io/github/jantman/awslimitchecker

get sphinx linkcheck to work, re-enable -n and -W

For boto requests that have max_results and return a marker, we need to handle iterating the marker. The most logical way to do this is probably a utility function that takes the boto connection object, the method name, and a dict of args, and returns the combined responses.

Fill out project_url and version to find the actually-installed version and source, even if it's from package vs git.

Instead of storing the service name, AwsLimits should take a reference to an _AwsService object.

option to refresh all limit-related checks but not wait (i.e. trigger refreshes that we'll see in the future)

see http://docs.aws.amazon.com/IAM/latest/UserGuide/limits.html

The IAM GetAccountSummary API action and aws iam get-account-summary appear to provide both quota and usage information for at least some of these, so this should be simpler than most.

option to refresh and wait on all limit-related checks that haven't been refreshed in X seconds/minutes

Ensure logging is being done in all logical places. Adjust runner logging format (maybe based on verbosity?)

Ensure we can perform all tasks for just one specific service. This includes TA.

runner output should be in nice columns

Clean up badges in README.md and docs/source/index.rst. Also put master- and develop-specific ones on separate lines.

Also, the crate.io PyPi Downloads and PyPi Version badges are broken. shields.io has supposedly-working ones at:

per month downloads: https://img.shields.io/pypi/dm/awslimitchecker.svg
version: https://img.shields.io/pypi/v/awslimitchecker.svg

Requires #9
Expose ability to set limit overrides in runner

Since many people may be unfamiliar with it, add some docs on AGPL, what it means to you, how to be compliant, etc.

Include some python examples.

Fix the AGPL message on init. How can this be done nicer? Maybe just print, or to stderr?

Add colorized output to runner, with option to turn it off.

Finish implementation of EC2 service

TA reports the "Reserved Instances - purchase limit (monthly)" EC2 limit, but ALC doesn't know about that limit yet.

Create a skeleton file and/or helper script for adding new services.

Grep -i source and docs for "todo" and "tbd"

runner should have an option to return output - at least services, limits, usage, check results - in JSON

ElastiCache

cut 0.1.0 release

option to refresh all limit-related checks and wait on them

Add documentation on regions - currently only one at a time, and from boto config.

polling the TA checks on a basic account without Support throws an exception. Handle this, and log a warning. Confirm that this is correct per AWS docs (shouldn't even free accounts have access to a limited subset of checks?)

option to not use TA at all

Travis builds of master fail when a release is done, because the commit is tagged and versionchecker picks up the tag instead of the hash

see e.g. https://travis-ci.org/jantman/awslimitchecker/jobs/72649103#L778

implement it

See e.g. https://travis-ci.org/jantman/awslimitchecker/jobs/72610593#L711

When Travis checks out a pull request, it checks out the merge of the PR to master, i.e. git fetch origin +refs/pull/45/merge. The git-based integration tests (Test_AGPLVersionChecker_Acceptance.test_install_git_e_dirty, Test_AGPLVersionChecker_Acceptance.test_install_git_e and Test_AGPLVersionChecker_Acceptance.test_install_git) attempt to install awslimitchecker from GitHub using the commit hash of the current git checkout that the tests exist in - which, in this case, is the merge hash, which doesn't exist yet in the repo.

Options that I can think of:
(1) don't just check out whatever hash the test repo is at, if it doesn't exist in origin.
(2) Look at the value of the TRAVIS_PULL_REQUEST environment variable, and do something different in the integration tests if we're testing a PR (such as installing +refs/pull/$TRAVIS_PULL_REQUEST/merge instead of the SHA).

Runner --help should point to RTD

Attempt to pull limits from Trusted Advisor where possible.

This also needs to include updating docs:

• overall docs on TA
• development - adding services/limits, adding TA checks
• CLI examples
• Generated TA info, and comment on limits where they pull from TA

1. cut a 'develop' branch, start doing work there
2. Open the repo
3. Setup badges and ancillary services:
   1. RTD
   2. Travis CI
   3. landscape.io
   4. codecov.io
4. Make sure that badges and ancillary services work, including RTD.
5. Blog post and tweet.

• checker needs ability to set threshold overrides per-limit or as a dict, either percentage or integer
• expose this in runner as either per-limit options or a dict

Each function or class that actually interacts with the AWS API should have integration tests. They should run in a fake $HOME to prevent any ~/.boto / ~/.aws credentials from being used. The tests should require AWS credentials exported as env vars, and should check usage. Maybe we just want one overall integration test that runs checker(). We want to catch (a) any bad boto or AWS calls that raise exceptions, (b) any IAM permissions errors, and (c) any limits that didn't get their usage checked. The test should also confirm that the IAM policy for the user it's running under matches what awslimitchecker wants.

Ability to set an override for a single limit instead of a dict.

As far as I can find, the only limit on buckets is the 100 total buckets per account.

Need to make sure that if we're checking this, we're looking at cross-region (is this easily possible?)

Just came across this useful tool. Can you please tell me if you plan to add support for reporting on spot instances when running awslimitchecker -u? Most of our instances are spot and this would help very much. Thanks for considering this.