kapilt/cidr_refactor.diff

## cidr_refactor.diff
diff --git a/c7n/resources/vpc.py b/c7n/resources/vpc.py
index bfc3793..4139f42 100644
--- a/c7n/resources/vpc.py
+++ b/c7n/resources/vpc.py
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+
 from botocore.exceptions import ClientError

 from c7n.actions import BaseAction
@@ -227,6 +228,23 @@ class SGPermission(Filter):
             self.vfilters.append(vf)
         return super(SGPermission, self).process(resources, event)

+    def process_ports(self, permission):
+        if 'FromPort' in permission and 'ToPort' in permission:
+            for port in self.ports:
+                if port >= permission['FromPort'] and port <= permission['ToPort']:
+                    found = True
+                    break
+            only_found = False
+            for port in self.only_ports:
+                if port == permission['FromPort'] and port == permission['ToPort']:
+                    only_found = True
+            if self.only_ports and not only_found:
+                found = True
+        return found
+
+    def process_cidrs(self, permission):
+        pass
+
     def __call__(self, resource):
         matched = []
         for perm in resource[self.ip_permissions_key]:
@@ -235,17 +253,10 @@ class SGPermission(Filter):
                 if f(perm):
                     found = True
                     break
-            if 'FromPort' in perm and 'ToPort' in perm:
-                for port in self.ports:
-                    if port >= perm['FromPort'] and port <= perm['ToPort']:
-                        found = True
-                        break
-                only_found = False
-                for port in self.only_ports:
-                    if port == perm['FromPort'] and port == perm['ToPort']:
-                        only_found = True
-                if self.only_ports and not only_found:
-                    found = True
+            if not found:
+                found = self.process_ports(perm)
+            if not found:
+                found = self.process_cidrs(perm)
             if not found:
                 continue
	diff --git a/c7n/resources/vpc.py b/c7n/resources/vpc.py
	index bfc3793..4139f42 100644
	--- a/c7n/resources/vpc.py
	+++ b/c7n/resources/vpc.py
	@@ -12,6 +12,7 @@
	# See the License for the specific language governing permissions and
	# limitations under the License.

	+
	from botocore.exceptions import ClientError

	from c7n.actions import BaseAction
	@@ -227,6 +228,23 @@ class SGPermission(Filter):
	self.vfilters.append(vf)
	return super(SGPermission, self).process(resources, event)

	+ def process_ports(self, permission):
	+ if 'FromPort' in permission and 'ToPort' in permission:
	+ for port in self.ports:
	+ if port >= permission['FromPort'] and port <= permission['ToPort']:
	+ found = True
	+ break
	+ only_found = False
	+ for port in self.only_ports:
	+ if port == permission['FromPort'] and port == permission['ToPort']:
	+ only_found = True
	+ if self.only_ports and not only_found:
	+ found = True
	+ return found
	+
	+ def process_cidrs(self, permission):
	+ pass
	+
	def __call__(self, resource):
	matched = []
	for perm in resource[self.ip_permissions_key]:
	@@ -235,17 +253,10 @@ class SGPermission(Filter):
	if f(perm):
	found = True
	break
	- if 'FromPort' in perm and 'ToPort' in perm:
	- for port in self.ports:
	- if port >= perm['FromPort'] and port <= perm['ToPort']:
	- found = True
	- break
	- only_found = False
	- for port in self.only_ports:
	- if port == perm['FromPort'] and port == perm['ToPort']:
	- only_found = True
	- if self.only_ports and not only_found:
	- found = True
	+ if not found:
	+ found = self.process_ports(perm)
	+ if not found:
	+ found = self.process_cidrs(perm)
	if not found:
	continue