C7n Community Meeting Minutes

# C7n Community Meeting Minutes ## February 21st 2023 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** February 21st, 2023 (2:00 PM (ET) / 11:00 AM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: [![Video Recording](https://img.youtube.com/vi/EbQWLwPibjY/0.jpg)](https://youtu.be/EbQWLwPibjY) ## Agenda Items - Intros, etc. - We're testing Slack! Join us: - [Invite page](https://communityinviter.com/apps/cloud-custodian/c7n-chat) - We're moving on from Python 3.7 this year, details TBD, heads up: - https://github.com/cloud-custodian/cloud-custodian/issues/8092 - Release Update [Sonny] - No updates this week! # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #08 2023 ## Here's what the team has focused on this week: * ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 23 | 11| |PR's| 26 | 39| | | | |--|--| | New stars | 0| | New forks | 0| Steve: - https://github.com/cloud-custodian/cloud-custodian/pull/8232 - https://github.com/cloud-custodian/cloud-custodian/pull/8077 Kapil: - https://github.com/cloud-custodian/cloud-custodian/pull/8193 - https://github.com/cloud-custodian/cloud-custodian/pull/7126 AJ (thanks to Darren and Co for help with this one!) - https://github.com/cloud-custodian/cloud-custodian/pull/8272 ## PR's Opened * [#8301](https://github.com/cloud-custodian/cloud-custodian/pull/8301): aws - route53.recovery-cluster - add resource and tagging support * [#8300](https://github.com/cloud-custodian/cloud-custodian/pull/8300): aws - route53.recovery-cluster - add resource and tagging support * [#8299](https://github.com/cloud-custodian/cloud-custodian/pull/8299): c7n-left - traverse filter supports non value type filters * [#8298](https://github.com/cloud-custodian/cloud-custodian/pull/8298): aws - events - add tags to rule * [#8297](https://github.com/cloud-custodian/cloud-custodian/pull/8297): aws - vpc - sg : Add Batch (un)used filter * [#8294](https://github.com/cloud-custodian/cloud-custodian/pull/8294): releng - ci add 3.11 remove 3.7 * [#8290](https://github.com/cloud-custodian/cloud-custodian/pull/8290): fix: update k8s registry url * [#8289](https://github.com/cloud-custodian/cloud-custodian/pull/8289): aws - s3 output bucket region determination refactor * [#8286](https://github.com/cloud-custodian/cloud-custodian/pull/8286): add test to prove local modules in terraform work for c7n-left * [#8285](https://github.com/cloud-custodian/cloud-custodian/pull/8285): aws - rdscluster - resolve the resource mapping issue in config rule * [#8282](https://github.com/cloud-custodian/cloud-custodian/pull/8282): releng - dev script to check which prs modify a given directory * [#8279](https://github.com/cloud-custodian/cloud-custodian/pull/8279): releng - actions - use github.sha for concurrency grouping when not in a pr * [#8276](https://github.com/cloud-custodian/cloud-custodian/pull/8276): releng - switch to ruff for linting * [#8273](https://github.com/cloud-custodian/cloud-custodian/pull/8273): Bump github.com/aws/aws-sdk-go from 1.33.0 to 1.34.0 in /tools/omnissm * [#8272](https://github.com/cloud-custodian/cloud-custodian/pull/8272): aws - shield - handle elastic ip arn type delta * [#8271](https://github.com/cloud-custodian/cloud-custodian/pull/8271): releng - 0.9.23 release prep * [#8269](https://github.com/cloud-custodian/cloud-custodian/pull/8269): aws - config_id support added to get Configuration Item for R53 hostedzone * [#8268](https://github.com/cloud-custodian/cloud-custodian/pull/8268): aws - filter to annotate security configuration and filter with security configuration attributes #8172 * [#8265](https://github.com/cloud-custodian/cloud-custodian/pull/8265): Fix naming conflict between validate argument and imported function * [#8263](https://github.com/cloud-custodian/cloud-custodian/pull/8263): Correct typo in setup.py python_requires * [#8260](https://github.com/cloud-custodian/cloud-custodian/pull/8260): Update utils.py for GCP mailer * [#8258](https://github.com/cloud-custodian/cloud-custodian/pull/8258): releng - update dependencies * [#8254](https://github.com/cloud-custodian/cloud-custodian/pull/8254): aws - ecr - update action schema * [#8250](https://github.com/cloud-custodian/cloud-custodian/pull/8250): Bump cryptography from 39.0.0 to 39.0.1 * [#8249](https://github.com/cloud-custodian/cloud-custodian/pull/8249): Bump cryptography from 39.0.0 to 39.0.1 in /tools/c7n_azure * [#8248](https://github.com/cloud-custodian/cloud-custodian/pull/8248): Bump cryptography from 39.0.0 to 39.0.1 in /tools/c7n_openstack ## PR's Closed * [#8300](https://github.com/cloud-custodian/cloud-custodian/pull/8300): aws - route53.recovery-cluster - add resource and tagging support * [#8294](https://github.com/cloud-custodian/cloud-custodian/pull/8294): releng - ci add 3.11 remove 3.7 * [#8290](https://github.com/cloud-custodian/cloud-custodian/pull/8290): fix: update k8s registry url * :boom: [#8289](https://github.com/cloud-custodian/cloud-custodian/pull/8289): aws - s3 output bucket region determination refactor * [#8286](https://github.com/cloud-custodian/cloud-custodian/pull/8286): add test to prove local modules in terraform work for c7n-left * [#8285](https://github.com/cloud-custodian/cloud-custodian/pull/8285): aws - rdscluster - resolve the resource mapping issue in config rule * [#8282](https://github.com/cloud-custodian/cloud-custodian/pull/8282): releng - dev script to check which prs modify a given directory * [#8279](https://github.com/cloud-custodian/cloud-custodian/pull/8279): releng - actions - use github.sha for concurrency grouping when not in a pr * [#8276](https://github.com/cloud-custodian/cloud-custodian/pull/8276): releng - switch to ruff for linting * [#8273](https://github.com/cloud-custodian/cloud-custodian/pull/8273): Bump github.com/aws/aws-sdk-go from 1.33.0 to 1.34.0 in /tools/omnissm * [#8272](https://github.com/cloud-custodian/cloud-custodian/pull/8272): aws - shield - handle elastic ip arn type delta * [#8271](https://github.com/cloud-custodian/cloud-custodian/pull/8271): releng - 0.9.23 release prep * [#8268](https://github.com/cloud-custodian/cloud-custodian/pull/8268): aws - filter to annotate security configuration and filter with security configuration attributes #8172 * [#8265](https://github.com/cloud-custodian/cloud-custodian/pull/8265): Fix naming conflict between validate argument and imported function * [#8263](https://github.com/cloud-custodian/cloud-custodian/pull/8263): Correct typo in setup.py python_requires * [#8260](https://github.com/cloud-custodian/cloud-custodian/pull/8260): Update utils.py for GCP mailer * [#8258](https://github.com/cloud-custodian/cloud-custodian/pull/8258): releng - update dependencies * [#8254](https://github.com/cloud-custodian/cloud-custodian/pull/8254): aws - ecr - update action schema * [#8250](https://github.com/cloud-custodian/cloud-custodian/pull/8250): Bump cryptography from 39.0.0 to 39.0.1 * [#8249](https://github.com/cloud-custodian/cloud-custodian/pull/8249): Bump cryptography from 39.0.0 to 39.0.1 in /tools/c7n_azure * [#8248](https://github.com/cloud-custodian/cloud-custodian/pull/8248): Bump cryptography from 39.0.0 to 39.0.1 in /tools/c7n_openstack * [#8246](https://github.com/cloud-custodian/cloud-custodian/pull/8246): aws - cloudwatch logs - added attribute to allow passing role arn to put-subscription-filter call * [#8244](https://github.com/cloud-custodian/cloud-custodian/pull/8244): aws - autotag action - add principalId as option for value field * [#8240](https://github.com/cloud-custodian/cloud-custodian/pull/8240): aws - shield - handle elastic ip arn type delta * [#8230](https://github.com/cloud-custodian/cloud-custodian/pull/8230): Adding network watcher resource * [#8184](https://github.com/cloud-custodian/cloud-custodian/pull/8184): Added azure key vault secret resource * [#8183](https://github.com/cloud-custodian/cloud-custodian/pull/8183): aws - rds - fix post-finding action * [#8172](https://github.com/cloud-custodian/cloud-custodian/pull/8172): aws - filter to annotate security configuration and filter with security configuration attributes * [#8125](https://github.com/cloud-custodian/cloud-custodian/pull/8125): aws - iam-user - add set-policy action (#8115) * [#8109](https://github.com/cloud-custodian/cloud-custodian/pull/8109): aws - Added AWS Config support for EBS snapshot * [#8029](https://github.com/cloud-custodian/cloud-custodian/pull/8029): utils - reduce backoff_delays jitter * [#8025](https://github.com/cloud-custodian/cloud-custodian/pull/8025): aws - elasticache - skip delete replication group if it is in use * [#8023](https://github.com/cloud-custodian/cloud-custodian/pull/8023): aws - dynamodb - add update table action (could u pls make an exception for this codecov) * [#8020](https://github.com/cloud-custodian/cloud-custodian/pull/8020): aws - account - check-cloudtrail sns lookup refactor * [#8014](https://github.com/cloud-custodian/cloud-custodian/pull/8014): policy - have conditions support vars * [#7933](https://github.com/cloud-custodian/cloud-custodian/pull/7933): Add env parameter for threading multiplier * [#7925](https://github.com/cloud-custodian/cloud-custodian/pull/7925): c7n_kube - k8s-admission - add label and auto-label-user actions for k8s-admission mode * [#7923](https://github.com/cloud-custodian/cloud-custodian/pull/7923): aws - output - cache bucket region across policy runs * [#7909](https://github.com/cloud-custodian/cloud-custodian/pull/7909): update the EFS with network-location filter ## Issues Opened * [#8296](https://github.com/cloud-custodian/cloud-custodian/issues/8296): Plugin-able architecture for resources, filters and actions * [#8295](https://github.com/cloud-custodian/cloud-custodian/issues/8295): aws - route53.recovery-cluster - add resource and tagging support * [#8293](https://github.com/cloud-custodian/cloud-custodian/issues/8293): c7n-org report uses target account credentials instead of executing role to fetch records * [#8291](https://github.com/cloud-custodian/cloud-custodian/issues/8291): Custodian fails completely when it tries to delete the last master instance in primary Aurora cluster when there is a secondary cluster * [#8284](https://github.com/cloud-custodian/cloud-custodian/issues/8284): Proposal : Tagging/Modifying resources with lookup values using data from a csv/db. * [#8283](https://github.com/cloud-custodian/cloud-custodian/issues/8283): releng - release a 0.8 legacy release * [#8281](https://github.com/cloud-custodian/cloud-custodian/issues/8281): releng - gradual switch to black for formatting * [#8280](https://github.com/cloud-custodian/cloud-custodian/issues/8280): releng - investigate switching out to jsonschema rs library * [#8278](https://github.com/cloud-custodian/cloud-custodian/issues/8278): releng - GitHub action concurrency cancels jobs running on main * [#8277](https://github.com/cloud-custodian/cloud-custodian/issues/8277): releng - remove tox from docs * [#8275](https://github.com/cloud-custodian/cloud-custodian/issues/8275): releng - switch to ruff for lint instead of flake8 * [#8274](https://github.com/cloud-custodian/cloud-custodian/issues/8274): c7n-mailer: Multiple Email recipients in resource-owner not parsing correctly * [#8270](https://github.com/cloud-custodian/cloud-custodian/issues/8270): Delete Action for AppSync * [#8266](https://github.com/cloud-custodian/cloud-custodian/issues/8266): GCP: Incorrect path in policy output (account_id is None) * [#8264](https://github.com/cloud-custodian/cloud-custodian/issues/8264): GCP: Error detected in vpc-creation policy * [#8262](https://github.com/cloud-custodian/cloud-custodian/issues/8262): GCP Bug - gcp.sql-ssl-cert errors out on generic policy * [#8261](https://github.com/cloud-custodian/cloud-custodian/issues/8261): GCP Instance - Add filter for gcp.disk (similar to aws.ec2 and the ebs filter) * [#8259](https://github.com/cloud-custodian/cloud-custodian/issues/8259): GCP - Add new resource of gcp.instance-groups * [#8257](https://github.com/cloud-custodian/cloud-custodian/issues/8257): GCP: error running c7n-mailer * [#8256](https://github.com/cloud-custodian/cloud-custodian/issues/8256): GCP Image - Add filter for iam-policy * [#8255](https://github.com/cloud-custodian/cloud-custodian/issues/8255): GCP Instance - Add action to set Service Account * [#8253](https://github.com/cloud-custodian/cloud-custodian/issues/8253): New resource: Transit Gateway Route Table * [#8251](https://github.com/cloud-custodian/cloud-custodian/issues/8251): ECR Policy Schema does not allow ecr:* action ## Issues Closed * [#8278](https://github.com/cloud-custodian/cloud-custodian/issues/8278): releng - GitHub action concurrency cancels jobs running on main * [#8275](https://github.com/cloud-custodian/cloud-custodian/issues/8275): releng - switch to ruff for lint instead of flake8 * [#8261](https://github.com/cloud-custodian/cloud-custodian/issues/8261): GCP Instance - Add filter for gcp.disk (similar to aws.ec2 and the ebs filter) * [#8257](https://github.com/cloud-custodian/cloud-custodian/issues/8257): GCP: error running c7n-mailer * [#8251](https://github.com/cloud-custodian/cloud-custodian/issues/8251): ECR Policy Schema does not allow ecr:* action * [#8220](https://github.com/cloud-custodian/cloud-custodian/issues/8220): ValueError: Invalid endpoint: https://ec2..amazonaws.com * [#8181](https://github.com/cloud-custodian/cloud-custodian/issues/8181): RDS Policy post-finding is not working as expected * [#8173](https://github.com/cloud-custodian/cloud-custodian/issues/8173): aws.elb filters create invalid ARN and fail with boto errors * [#8136](https://github.com/cloud-custodian/cloud-custodian/issues/8136): releng - repo size too big * [#7976](https://github.com/cloud-custodian/cloud-custodian/issues/7976): Policies using AWS resource "security-group" logging wrong c7n version in CloudWatch logs. * [#4014](https://github.com/cloud-custodian/cloud-custodian/issues/4014): DatabaseConnections Metric filter randomly matching active datab