C7N Community Meeting Minutes 2023-10-03

# C7N Community Meeting Minutes 2023-10-03 ## October 3rd 2023 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** October 3, 2023 (2:00 PM (ET) / 11:00 AM (PT) / 7PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** AJ: <aj@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: ## Agenda Items - Intros, etc. - We've moved on from Python 3.7 this year, heads up: - https://github.com/cloud-custodian/cloud-custodian/issues/8092 - [Slack question](https://www.linen.dev/s/cloud-custodian/t/15727051/hi-it-looks-like-the-cloud-custodian-mailer-is-using-python-#15e5889c-16ce-4ca4-8e6a-b887a543f7f3) about mailer using 3.7, seems to be due to local/config issues though - 0.9.32.0 released today - 8 new contributors this release! :tada: - Cloud Custodian Day ideas? - Details coming soon - Virtual event (targeting end of January 2024) - Deprecation timelines / planning - Highlight changes in release notes - Potentially flip deprecations from warning to error 1-2 releases before removal - Allow an opt-in "run anyway" type option - waf-enabled / wafv2-enabled - examples for "new way" - Issue incoming around fetching credentials from ECS tasks - botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "http://169.254.170.2/v2/credentials/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"\ ### PR/Issue Discussion # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #40 2023 ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 14 | 7| |PR's| 56 | 54| | | | |--|--| | New stars | 22| | New forks | 8| ## PR's Opened * [#9025](https://github.com/cloud-custodian/cloud-custodian/pull/9025): releng - update custodian version in dependent packages * [#9022](https://github.com/cloud-custodian/cloud-custodian/pull/9022): releng - update dependencies * [#9021](https://github.com/cloud-custodian/cloud-custodian/pull/9021): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_mailer * [#9020](https://github.com/cloud-custodian/cloud-custodian/pull/9020): Bump urllib3 from 1.26.16 to 1.26.17 * [#9019](https://github.com/cloud-custodian/cloud-custodian/pull/9019): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_gcp * [#9018](https://github.com/cloud-custodian/cloud-custodian/pull/9018): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_azure * [#9017](https://github.com/cloud-custodian/cloud-custodian/pull/9017): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_kube * [#9016](https://github.com/cloud-custodian/cloud-custodian/pull/9016): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_sphinxext * [#9015](https://github.com/cloud-custodian/cloud-custodian/pull/9015): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_left * [#9014](https://github.com/cloud-custodian/cloud-custodian/pull/9014): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_policystream * [#9013](https://github.com/cloud-custodian/cloud-custodian/pull/9013): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_terraform * [#9012](https://github.com/cloud-custodian/cloud-custodian/pull/9012): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_trailcreator * [#9011](https://github.com/cloud-custodian/cloud-custodian/pull/9011): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_tencentcloud * [#9010](https://github.com/cloud-custodian/cloud-custodian/pull/9010): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_logexporter * [#9009](https://github.com/cloud-custodian/cloud-custodian/pull/9009): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_org * [#9008](https://github.com/cloud-custodian/cloud-custodian/pull/9008): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_openstack * [#9007](https://github.com/cloud-custodian/cloud-custodian/pull/9007): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_awscc * [#9006](https://github.com/cloud-custodian/cloud-custodian/pull/9006): Enhance iam-policy Filter to Support gcp.organization and gcp.folder Resources * [#9005](https://github.com/cloud-custodian/cloud-custodian/pull/9005): docs - cover list-item under generic filters * [#9003](https://github.com/cloud-custodian/cloud-custodian/pull/9003): releng - prep 0.9.32 * [#9002](https://github.com/cloud-custodian/cloud-custodian/pull/9002): c7n-left - cli entrypoint point reporter parameter * [#9000](https://github.com/cloud-custodian/cloud-custodian/pull/9000): azure - event-grid-domain * [#8999](https://github.com/cloud-custodian/cloud-custodian/pull/8999): azure - automation-account, automation-account.filters.variable-value * [#8998](https://github.com/cloud-custodian/cloud-custodian/pull/8998): OCI Instance Principal Auth * [#8997](https://github.com/cloud-custodian/cloud-custodian/pull/8997): azure - app-configuration * [#8996](https://github.com/cloud-custodian/cloud-custodian/pull/8996): Oci function support * [#8995](https://github.com/cloud-custodian/cloud-custodian/pull/8995): c7n-left - only consider root module variables when injecting uninitialized defaults * [#8994](https://github.com/cloud-custodian/cloud-custodian/pull/8994): gcp - bq-job - update enum_spec * [#8993](https://github.com/cloud-custodian/cloud-custodian/pull/8993): c7n-left - fix handling of relative source dir * [#8992](https://github.com/cloud-custodian/cloud-custodian/pull/8992): Add DesktopVirtualization resources * [#8991](https://github.com/cloud-custodian/cloud-custodian/pull/8991): create Desktop Virtualization resources host-pools and session-hosts with session-hosts-vm to check identity * [#8990](https://github.com/cloud-custodian/cloud-custodian/pull/8990): Update tagcompliance.rst * [#8988](https://github.com/cloud-custodian/cloud-custodian/pull/8988): aws - route53 - fix query-logging-enabled filter * [#8985](https://github.com/cloud-custodian/cloud-custodian/pull/8985): releng - update dependencies * [#8984](https://github.com/cloud-custodian/cloud-custodian/pull/8984): c7n-left - handle null provider tags when augmenting * [#8982](https://github.com/cloud-custodian/cloud-custodian/pull/8982): Add filter for GCP Org Policies * [#8979](https://github.com/cloud-custodian/cloud-custodian/pull/8979): updated the package version for azure mgnt cdn * [#8978](https://github.com/cloud-custodian/cloud-custodian/pull/8978): [GCP] - Cloudrun GCP iam-policy * [#8977](https://github.com/cloud-custodian/cloud-custodian/pull/8977): [GCP] - Cloudrun GCP iam-policy * [#8976](https://github.com/cloud-custodian/cloud-custodian/pull/8976): Cloudrun iam policies * [#8974](https://github.com/cloud-custodian/cloud-custodian/pull/8974): c7n-left - dump cli command to show graph and input variables * [#8972](https://github.com/cloud-custodian/cloud-custodian/pull/8972): aws - launch-template-version - generate arns that include a version number * [#8971](https://github.com/cloud-custodian/cloud-custodian/pull/8971): azure - kusho * [#8970](https://github.com/cloud-custodian/cloud-custodian/pull/8970): azure - network-watcher * [#8968](https://github.com/cloud-custodian/cloud-custodian/pull/8968): aws - check-cloudtrail filter - update * [#8967](https://github.com/cloud-custodian/cloud-custodian/pull/8967): GCP: adding support for setting high availability sql instances * [#8966](https://github.com/cloud-custodian/cloud-custodian/pull/8966): azure - datalake-analytics * [#8965](https://github.com/cloud-custodian/cloud-custodian/pull/8965): Bump cryptography from 41.0.3 to 41.0.4 in /tools/c7n_mailer * [#8964](https://github.com/cloud-custodian/cloud-custodian/pull/8964): Bump cryptography from 41.0.3 to 41.0.4 * [#8963](https://github.com/cloud-custodian/cloud-custodian/pull/8963): Bump cryptography from 41.0.3 to 41.0.4 in /tools/c7n_openstack * [#8962](https://github.com/cloud-custodian/cloud-custodian/pull/8962): Bump cryptography from 41.0.3 to 41.0.4 in /tools/c7n_oci * [#8961](https://github.com/cloud-custodian/cloud-custodian/pull/8961): Bump cryptography from 41.0.3 to 41.0.4 in /tools/c7n_azure * [#8960](https://github.com/cloud-custodian/cloud-custodian/pull/8960): aws - s3 - only check local trails in data-events filter * [#8959](https://github.com/cloud-custodian/cloud-custodian/pull/8959): docs - fix event filter example to use `op: contains` * [#8958](https://github.com/cloud-custodian/cloud-custodian/pull/8958): c7n-left - initialize variables with defaults if none provided * [#8957](https://github.com/cloud-custodian/cloud-custodian/pull/8957): aws - Correct the default value for an empty list of EC2 Tags ## PR's Closed * [#9025](https://github.com/cloud-custodian/cloud-custodian/pull/9025): releng - update custodian version in dependent packages * [#9022](https://github.com/cloud-custodian/cloud-custodian/pull/9022): releng - update dependencies * [#9021](https://github.com/cloud-custodian/cloud-custodian/pull/9021): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_mailer * [#9020](https://github.com/cloud-custodian/cloud-custodian/pull/9020): Bump urllib3 from 1.26.16 to 1.26.17 * [#9019](https://github.com/cloud-custodian/cloud-custodian/pull/9019): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_gcp * [#9018](https://github.com/cloud-custodian/cloud-custodian/pull/9018): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_azure * [#9017](https://github.com/cloud-custodian/cloud-custodian/pull/9017): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_kube * [#9016](https://github.com/cloud-custodian/cloud-custodian/pull/9016): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_sphinxext * [#9015](https://github.com/cloud-custodian/cloud-custodian/pull/9015): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_left * [#9014](https://github.com/cloud-custodian/cloud-custodian/pull/9014): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_policystream * [#9013](https://github.com/cloud-custodian/cloud-custodian/pull/9013): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_terraform * [#9012](https://github.com/cloud-custodian/cloud-custodian/pull/9012): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_trailcreator * [#9011](https://github.com/cloud-custodian/cloud-custodian/pull/9011): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_tencentcloud * [#9010](https://github.com/cloud-custodian/cloud-custodian/pull/9010): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_logexporter * [#9009](https://github.com/cloud-custodian/cloud-custodian/pull/9009): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_org * [#9008](https://github.com/cloud-custodian/cloud-custodian/pull/9008): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_openstack * [#9007](https://github.com/cloud-custodian/cloud-custodian/pull/9007): Bump urllib3 from 1.26.16 to 1.26.17 in /tools/c7n_awscc * [#9006](https://github.com/cloud-custodian/cloud-custodian/pull/9006): Enhance iam-policy Filter to Support gcp.organization and gcp.folder Resources * [#9005](https://github.com/cloud-custodian/cloud-custodian/pull/9005): docs - cover list-item under generic filters * [#9003](https://github.com/cloud-custodian/cloud-custodian/pull/9003): releng - prep 0.9.32 * [#9002](https://github.com/cloud-custodian/cloud-custodian/pull/9002): c7n-left - cli entrypoint point reporter parameter * [#8995](https://github.com/cloud-custodian/cloud-custodian/pull/8995): c7n-left - only consider root module variables when injecting uninitialized defaults * [#8994](https://github.com/cloud-custodian/cloud-custodian/pull/8994): gcp - bq-job - update enum_spec * [#8993](https://github.com/cloud-custodian/cloud-custodian/pull/8993): c7n-left - fix handling of relative source dir * [#8991](https://github.com/cloud-custodian/cloud-custodian/pull/8991): create Desktop Virtualization resources host-pools and session-hosts with session-hosts-vm to check identity * [#8988](https://github.com/cloud-custodian/cloud-custodian/pull/8988): aws - route53 - fix query-logging-enabled filter * [#8985](https://github.com/cloud-custodian/cloud-custodian/pull/8985): releng - update dependencies * [#8984](https://github.com/cloud-custodian/cloud-custodian/pull/8984): c7n-left - handle null provider tags when augmenting * [#8982](https://github.com/cloud-custodian/cloud-custodian/pull/8982): Add filter for GCP Org Policies * [#8979](https://github.com/cloud-custodian/cloud-custodian/pull/8979): updated the package version for azure mgnt cdn * [#8978](https://github.com/cloud-custodian/cloud-custodian/pull/8978): [GCP] - Cloudrun GCP iam-policy * [#8977](https://github.com/cloud-custodian/cloud-custodian/pull/8977): [GCP] - Cloudrun GCP iam-policy * [#8976](https://github.com/cloud-custodian/cloud-custodian/pull/8976): Cloudrun iam policies * [#8974](https://github.com/cloud-custodian/cloud-custodian/pull/8974): c7n-left - dump cli command to show graph and input variables * [#8972](https://github.com/cloud-custodian/cloud-custodian/pull/8972): aws - launch-template-version - generate arns that include a version number * [#8967](https://github.com/cloud-custodian/cloud-custodian/pull/8967): GCP: adding support for setting high availability sql instances * [#8965](https://github.com/cloud-custodian/cloud-custodian/pull/8965): Bump cryptography from 41.0.3 to 41.0.4 in /tools/c7n_mailer * [#8964](https://github.com/cloud-custodian/cloud-custodian/pull/8964): Bump cryptography from 41.0.3 to 41.0.4 * [#8963](https://github.com/cloud-custodian/cloud-custodian/pull/8963): Bump cryptography from 41.0.3 to 41.0.4 in /tools/c7n_openstack * [#8962](https://github.com/cloud-custodian/cloud-custodian/pull/8962): Bump cryptography from 41.0.3 to 41.0.4 in /tools/c7n_oci * [#8961](https://github.com/cloud-custodian/cloud-custodian/pull/8961): Bump cryptography from 41.0.3 to 41.0.4 in /tools/c7n_azure * [#8960](https://github.com/cloud-custodian/cloud-custodian/pull/8960): aws - s3 - only check local trails in data-events filter * [#8959](https://github.com/cloud-custodian/cloud-custodian/pull/8959): docs - fix event filter example to use `op: contains` * [#8958](https://github.com/cloud-custodian/cloud-custodian/pull/8958): c7n-left - initialize variables with defaults if none provided * [#8957](https://github.com/cloud-custodian/cloud-custodian/pull/8957): aws - Correct the default value for an empty list of EC2 Tags * [#8937](https://github.com/cloud-custodian/cloud-custodian/pull/8937): New filter for azure cdn endpoint custom domain minimum tls version * [#8905](https://github.com/cloud-custodian/cloud-custodian/pull/8905): Create new filter keyvault-keys-rotation to check rotation policy * [#8903](https://github.com/cloud-custodian/cloud-custodian/pull/8903): gcp - kms keyring filter * [#8880](https://github.com/cloud-custodian/cloud-custodian/pull/8880): Enhancement/adding valid gcp node versions, master version, and imagetype to nodepool and cluster resources * [#8872](https://github.com/cloud-custodian/cloud-custodian/pull/8872): releng - move some obsolete things to sandbox * [#8840](https://github.com/cloud-custodian/cloud-custodian/pull/8840): awscc - use build step to fetch data files * [#8833](https://github.com/cloud-custodian/cloud-custodian/pull/8833): aws - glue catalog - kms-key filter and set-encryption refactor * [#8601](https://github.com/cloud-custodian/cloud-custodian/pull/8601): GCP - add logging-sink resource and test * [#8567](https://github.com/cloud-custodian/cloud-custodian/pull/8567): Add filter for GCP Org Policies ## Issues Opened * [#9027](https://github.com/cloud-custodian/cloud-custodian/issues/9027): https://cloudcustodian.io/getting-started/policyStructure/ doesn't work * [#9024](https://github.com/cloud-custodian/cloud-custodian/issues/9024): Enable reporting / checking on AWS IAM User Code Commit Security Credentials * [#9023](https://github.com/cloud-custodian/cloud-custodian/issues/9023): Eventbridge Rules - Support non-default event buses * [#9004](https://github.com/cloud-custodian/cloud-custodian/issues/9004): Add generic filter support for matching a list item that meets conditions on multiple fields * [#9001](https://github.com/cloud-custodian/cloud-custodian/issues/9001): AWS account filter service-limits runs into unrefreshable check ID c1dfprch07 * [#8989](https://github.com/cloud-custodian/cloud-custodian/issues/8989): ec2-auto-tag-user example doesn't work * [#8987](https://github.com/cloud-custodian/cloud-custodian/issues/8987): Support set-inline-policy for iam roles * [#8986](https://github.com/cloud-custodian/cloud-custodian/issues/8986): auto-tag aws userName on resources has botocore.errorfactory.InvalidParameterValueException * [#8983](https://github.com/cloud-custodian/cloud-custodian/issues/8983): Delete hosted zone fails when hosted zone contains record with no TTL * [#8981](https://github.com/cloud-custodian/cloud-custodian/issues/8981): Secrets Manager not working with Cloudtrail and DeleteSecret * [#8980](https://github.com/cloud-custodian/cloud-custodian/issues/8980): Need support for configuring registry scanning configuration in aws.ecr resource * [#8975](https://github.com/cloud-custodian/cloud-custodian/issues/8975): SSL Validation Error for aws.connect-campaign policy * [#8973](https://github.com/cloud-custodian/cloud-custodian/issues/8973): c7n-left - support cli command to dump graph and input variables * [#8969](https://github.com/cloud-custodian/cloud-custodian/issues/8969): CloudTrail advanced selectors support ## Issues Closed * [#9004](https://github.com/cloud-custodian/cloud-custodian/issues/9004): Add generic filter support for matching a list item that meets conditions on multiple fields * [#8973](https://github.com/cloud-custodian/cloud-custodian/issues/8973): c7n-left - support cli command to dump graph and input variables * [#8953](https://github.com/cloud-custodian/cloud-custodian/issues/8953): aws.ec2 length(Tags) fails if an EC2 instance has no tags at all * [#8947](https://github.com/cloud-custodian/cloud-custodian/issues/8947): bug - update docs event filter docs * [#8945](https://github.com/cloud-custodian/cloud-custodian/issues/8945): Organization trails break the data-events filter for the s3 resource * [#8843](https://github.com/cloud-custodian/cloud-custodian/issues/8843): aws - glue catalog issues * [#8756](https://github.com/cloud-custodian/cloud-custodian/issues/8756): oci-provider misses id field in resources.json for buckets