Support CertificateManager service

[TagadaPoe]

Before submitting pull requests, please see the Development documentation and specifically the Pull Request Guidelines.

IMPORTANT: Please take note of the below checklist, especially the first three items.

Summary

Relates to #540

Add support for the Certificate Manager service (ACM)

Only the quota "Number of ACM certificates" is checked.

Added unit tests.

Here are the Quotas for the ACM service, as specified in the documentation (https://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html)

Number of ACM certificates (default: 1000) New AWS accounts may start with a quota lower than the maximum. Expired and revoked certificates continue to count toward the total. Certificates signed by a CA from ACM Private CA do not count toward this total.

Number of ACM certificates per year (last 365 days) (default: twice the quota above) You can request up to twice your quota of ACM certificates per year, region, and account. For example, if your quota is 1,000, you can request up to 2,000 ACM certificates per year in a given region and account. You can only have 1,000 certificates at any given time. To request 2,000 certificates in a year, you must delete 1,000 during the year to stay within the quota. If you need more than 1,000 certificates at any given time, you must contact the AWS Support Center. Certificates signed by a CA from ACM Private CA do not count toward this total.

Number of imported certificates (default: 1000)

Number of imported certificates per year (last 365 days) (default: Twice your account quota)

I did not implement the check of limit "Number of ACM certificates per year", because I have no idea how to check it :) This usage "per-year" counts all created certificates, including those that do not exist anymore, hence I assume they will not be listed by the API.

I did not implement the check of limit "Number of imported certificates", because the information of whether a certificate was imported or not is not available in the list_certificates API call, but only in the describe_certificate, and I did not want to make 1 additional call per certificate.

Also, I assumed that imported certificates count toward the total of ACM certificates. But this is not clear from AWS documentation. If I am wrong, awslimitchecker may report a false alert if part of the ACM certificates are imported.

Pull Request Checklist

• [x] All pull requests should be against the develop branch, not master.
• [x] All pull requests must include the Contributor License Agreement (see below).
• [x] Whether or not your PR includes unit tests:
  • [x] Please make sure you have run the exact code contained in the PR locally, and it functions as desired.
  • [x] Please make sure the TravisCI build passes or, if not, you've corrected any obvious problems identified by the tests.
• [x] Code should conform to the Development Guidelines:
  • [x] pep8 compliant with some exceptions (see pytest.ini)
  • [x] 100% test coverage with pytest (with valid tests). If you have difficulty writing tests for the code, that's fine, just mention that in the summary and either ask for assistance, or clarify that you'd like someone else to handle the tests. PRs that include complete test coverage will usually be merged faster.
  • [x] Complete, correctly-formatted documentation for all classes, functions and methods.
  • [x] documentation has been rebuilt with tox -e docs
  • [x] Connections to the AWS services should only be made by the class's connect() and connect_resource() methods, inherited from awslimitchecker.connectable.Connectable
  • [x] All modules should have (and use) module-level loggers.
  • [x] Commit messages should be meaningful, and reference the Issue number if you're working on a GitHub issue (i.e. "issue #x - "). Please refrain from using the "fixes #x" notation unless you are sure that the the issue is fixed in that commit.
  • [x] Git history is fully intact; please do not squash or rewrite history.

Contributor License Agreement

By submitting this work for inclusion in awslimitchecker, I agree to the following terms:

• The contribution included in this request (and any subsequent revisions or versions of it) is being made under the same license as the awslimitchecker project (the Affero GPL v3, or any subsequent version of that license if adopted by awslimitchecker).
• My contribution may perpetually be included in and distributed with awslimitchecker; submitting this pull request grants a perpetual, global, unlimited license for it to be used and distributed under the terms of awslimitchecker's license.
• I have the legal power and rights to agree to these terms.

[codecov-commenter]

Codecov Report

Merging #546 (f6c7ff2) into develop (a829ce2) will not change coverage. The diff coverage is 100.00%.

@@            Coverage Diff            @@
##           develop      #546   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           42        43    +1     
  Lines         3030      3064   +34     
  Branches       455       458    +3     
=========================================
+ Hits          3030      3064   +34     

Impacted Files	Coverage Δ
awslimitchecker/services/__init__.py	100.00% <100.00%> (ø)
awslimitchecker/services/certificatemanager.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update a829ce2...f6c7ff2. Read the comment docs.

[jantman]

@TagadaPoe I'm going to try to get to these PRs today, sorry for the delay. Could you please update your PR to allow changes from maintainers? This needs to be rebased on develop, and the others will need to be rebased as I merge them in. Thanks!

[jantman]

Thank you so much for this, and many apologies for it sitting so long!

[jantman]

This has been released in 12.0.0, which is now live on PyPI and Docker Hub. Thank you so much, and apologies for the delay!