C7n Community Meeting Minutes

# C7n Community Meeting Minutes ## March 21st 2023 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** March 21st, 2023 (2:00 PM (ET) / 11:00 AM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: [![Video Recording](https://img.youtube.com/vi/PuZLGzSYEEU/0.jpg)](https://youtu.be/PuZLGzSYEEU) ## Agenda Items - Intros, etc. - We're testing Slack! Join us: - [Invite page](https://communityinviter.com/apps/cloud-custodian/c7n-chat) - We're moving on from Python 3.7 this year, details TBD, heads up: - https://github.com/cloud-custodian/cloud-custodian/issues/8092 - Tips and Tricks section in Discussions - https://github.com/cloud-custodian/cloud-custodian/discussions/categories/tips-and-tricks - Maintainer Discussion, assigning PRs to reviewers? - Kapil: https://github.com/cloud-custodian/cloud-custodian/pull/7739 - Auto-tag teams to assign reviews? # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #12 2023 ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 32 | 26| |PR's| 61 | 58| | | | |--|--| | New stars | 455| | New forks | 104| ## PR's Opened * :boom: [#7140](https://github.com/cloud-custodian/cloud-custodian/pull/7140): aws - quota - fix usage-metric exceeds the limit of 1440 data points * [#8404](https://github.com/cloud-custodian/cloud-custodian/pull/8404): feat: add iam-policy filter for gcp.service-account resource * [#8403](https://github.com/cloud-custodian/cloud-custodian/pull/8403): aws - elasticsearch - cross-account bug fix handle no access policy * [#8401](https://github.com/cloud-custodian/cloud-custodian/pull/8401): adding filter for Azure subscription diagnostic settings * [#8399](https://github.com/cloud-custodian/cloud-custodian/pull/8399): c7n_tencentcloud - resources - SecurityGroup * :boom: [#8396](https://github.com/cloud-custodian/cloud-custodian/pull/8396): releng - c7n-left docker image * :boom: [#8395](https://github.com/cloud-custodian/cloud-custodian/pull/8395): releng - automated releases * [#8392](https://github.com/cloud-custodian/cloud-custodian/pull/8392): releng - release automation tweaks * [#8390](https://github.com/cloud-custodian/cloud-custodian/pull/8390): aws - vpc - bug fix security-groups-used filter with in-use eni having no attachments * [#8384](https://github.com/cloud-custodian/cloud-custodian/pull/8384): Add api-key feature to values_from * [#8383](https://github.com/cloud-custodian/cloud-custodian/pull/8383): aws - tag variable interpolation fix * [#8382](https://github.com/cloud-custodian/cloud-custodian/pull/8382): aws.lambda - filter lambda@edge * :boom:[#8381](https://github.com/cloud-custodian/cloud-custodian/pull/8381): aws - route53 - recovery - control - panel: add a safety rule filter * [#8380](https://github.com/cloud-custodian/cloud-custodian/pull/8380): Updating ecs cluster resource for container insights * :boom: [#8379](https://github.com/cloud-custodian/cloud-custodian/pull/8379): releng - black apply begin * [#8378](https://github.com/cloud-custodian/cloud-custodian/pull/8378): releng - add black as dev dependency and add to make lint * [#8377](https://github.com/cloud-custodian/cloud-custodian/pull/8377): aws - eks - adding network-location filter * [#8376](https://github.com/cloud-custodian/cloud-custodian/pull/8376): tools/dev - prcheck can tag prs and recheck them * [#8374](https://github.com/cloud-custodian/cloud-custodian/pull/8374): aws - s3 - handle access denied errors in check-public-block filter * [#8372](https://github.com/cloud-custodian/cloud-custodian/pull/8372): aws - iam-user - add include-via option to policy filter * [#8371](https://github.com/cloud-custodian/cloud-custodian/pull/8371): Feature: Add API-Key secret functionality to values_from * [#8370](https://github.com/cloud-custodian/cloud-custodian/pull/8370): tools/c7n-mailer - unique email list * [#8366](https://github.com/cloud-custodian/cloud-custodian/pull/8366): aws - apigw - generate domain name arns * [#8365](https://github.com/cloud-custodian/cloud-custodian/pull/8365): releng - address some linting found by new bandit release * [#8361](https://github.com/cloud-custodian/cloud-custodian/pull/8361): gcp new filter access-approval * [#8359](https://github.com/cloud-custodian/cloud-custodian/pull/8359): releng - functional aws tests and slack results * [#8357](https://github.com/cloud-custodian/cloud-custodian/pull/8357): aws - rds - bug fix in consecutive-snapshots filter * [#8356](https://github.com/cloud-custodian/cloud-custodian/pull/8356): aws - common actions - enhance modify-security-groups action * [#8353](https://github.com/cloud-custodian/cloud-custodian/pull/8353): releng - offer some guidance following a failed freeze-wheel * [#8352](https://github.com/cloud-custodian/cloud-custodian/pull/8352): aws - route53 ARC - control panel: add resource and tagging * [#8350](https://github.com/cloud-custodian/cloud-custodian/pull/8350): feat: Add value_path functionality to Value Filter * [#8348](https://github.com/cloud-custodian/cloud-custodian/pull/8348): releng - get rid of generated setup.py/requirements.txt files, use poetry to publish wheels * [#8347](https://github.com/cloud-custodian/cloud-custodian/pull/8347): efs-mount-point network-location filter * [#8346](https://github.com/cloud-custodian/cloud-custodian/pull/8346): add new gcp project filter access-approval * [#8343](https://github.com/cloud-custodian/cloud-custodian/pull/8343): releng - explicitly define bash as the makefile shell * [#8342](https://github.com/cloud-custodian/cloud-custodian/pull/8342): releng - change docker :dev tag to daily build * [#8341](https://github.com/cloud-custodian/cloud-custodian/pull/8341): releng - rev version, sphinx fixes, and rebase dependencies * [#8340](https://github.com/cloud-custodian/cloud-custodian/pull/8340): Bump golang.org/x/net from 0.0.0-20200202094626-16171245cfb2 to 0.7.0 in /tools/omnissm * [#8337](https://github.com/cloud-custodian/cloud-custodian/pull/8337): aws - elasticsearch - enable support for server-side query filtering * [#8336](https://github.com/cloud-custodian/cloud-custodian/pull/8336): sns subscription unused #8316 * [#8332](https://github.com/cloud-custodian/cloud-custodian/pull/8332): releng - refactor ci and makefile * [#8331](https://github.com/cloud-custodian/cloud-custodian/pull/8331): releng - use layer cache when building images * [#8329](https://github.com/cloud-custodian/cloud-custodian/pull/8329): tools/c7n_mailer - handle lambda container images * [#8327](https://github.com/cloud-custodian/cloud-custodian/pull/8327): aws-ami-set-permissions: allow no 'add' in set-permissions action * [#8322](https://github.com/cloud-custodian/cloud-custodian/pull/8322): releng - cask dep updates * [#8320](https://github.com/cloud-custodian/cloud-custodian/pull/8320): Bump golang.org/x/sys from 0.0.0-20190215142949-d0b11bdaac8a to 0.1.0 in /tools/omnissm * [#8319](https://github.com/cloud-custodian/cloud-custodian/pull/8319): New filter for advanced threat protection on Azure SQL Servers * [#8317](https://github.com/cloud-custodian/cloud-custodian/pull/8317): tools/dev - fix poetry installation * [#8315](https://github.com/cloud-custodian/cloud-custodian/pull/8315): Bump markdown-it-py from 2.1.0 to 2.2.0 in /tools/c7n_sphinxext * [#8314](https://github.com/cloud-custodian/cloud-custodian/pull/8314): feat: Update SQL Server auditing filter to be more flexible * [#8313](https://github.com/cloud-custodian/cloud-custodian/pull/8313): feat: fix marked-for-op filter bug * [#8312](https://github.com/cloud-custodian/cloud-custodian/pull/8312): feat: new filter for azure network security group flow logs * [#8311](https://github.com/cloud-custodian/cloud-custodian/pull/8311): Bump golang.org/x/text from 0.3.0 to 0.3.8 in /tools/omnissm * [#8310](https://github.com/cloud-custodian/cloud-custodian/pull/8310): chore: Have the arg names the same as the base class. * [#8309](https://github.com/cloud-custodian/cloud-custodian/pull/8309): feat: adding flag to allow the inclusion of the azure 'magic' ip range for sql and postgresql * [#8308](https://github.com/cloud-custodian/cloud-custodian/pull/8308): aws - asg - let valid/invalid filters work in explicit pull mode * [#8307](https://github.com/cloud-custodian/cloud-custodian/pull/8307): aws - filters - add headers to valuefrom * [#8305](https://github.com/cloud-custodian/cloud-custodian/pull/8305): Pass validate to c7n.loader.PolicyLoader.load_data * [#8303](https://github.com/cloud-custodian/cloud-custodian/pull/8303): adding gcp filter essentialcontacts * [#8301](https://github.com/cloud-custodian/cloud-custodian/pull/8301): aws - route53.recovery-cluster - add resource and tagging support * [#8300](https://github.com/cloud-custodian/cloud-custodian/pull/8300): aws - route53.recovery-cluster - add resource and tagging support * [#8299](https://github.com/cloud-custodian/cloud-custodian/pull/8299): c7n-left - traverse filter supports non value type filters ## PR's Closed * [#8392](https://github.com/cloud-custodian/cloud-custodian/pull/8392): releng - release automation tweaks * [#8390](https://github.com/cloud-custodian/cloud-custodian/pull/8390): aws - vpc - bug fix security-groups-used filter with in-use eni having no attachments * [#8383](https://github.com/cloud-custodian/cloud-custodian/pull/8383): aws - tag variable interpolation fix * [#8382](https://github.com/cloud-custodian/cloud-custodian/pull/8382): aws.lambda - filter lambda@edge * [#8380](https://github.com/cloud-custodian/cloud-custodian/pull/8380): Updating ecs cluster resource for container insights * [#8377](https://github.com/cloud-custodian/cloud-custodian/pull/8377): aws - eks - adding network-location filter * [#8374](https://github.com/cloud-custodian/cloud-custodian/pull/8374): aws - s3 - handle access denied errors in check-public-block filter * [#8371](https://github.com/cloud-custodian/cloud-custodian/pull/8371): Feature: Add API-Key secret functionality to values_from * [#8370](https://github.com/cloud-custodian/cloud-custodian/pull/8370): tools/c7n-mailer - unique email list * [#8366](https://github.com/cloud-custodian/cloud-custodian/pull/8366): aws - apigw - generate domain name arns * [#8365](https://github.com/cloud-custodian/cloud-custodian/pull/8365): releng - address some linting found by new bandit release * [#8359](https://github.com/cloud-custodian/cloud-custodian/pull/8359): releng - functional aws tests and slack results * [#8357](https://github.com/cloud-custodian/cloud-custodian/pull/8357): aws - rds - bug fix in consecutive-snapshots filter * [#8356](https://github.com/cloud-custodian/cloud-custodian/pull/8356): aws - common actions - enhance modify-security-groups action * [#8352](https://github.com/cloud-custodian/cloud-custodian/pull/8352): aws - route53 ARC - control panel: add resource and tagging * [#8348](https://github.com/cloud-custodian/cloud-custodian/pull/8348): releng - get rid of generated setup.py/requirements.txt files, use poetry to publish wheels * [#8347](https://github.com/cloud-custodian/cloud-custodian/pull/8347): efs-mount-point network-location filter * [#8346](https://github.com/cloud-custodian/cloud-custodian/pull/8346): add new gcp project filter access-approval * [#8343](https://github.com/cloud-custodian/cloud-custodian/pull/8343): releng - explicitly define bash as the makefile shell * [#8342](https://github.com/cloud-custodian/cloud-custodian/pull/8342): releng - change docker :dev tag to daily build * [#8341](https://github.com/cloud-custodian/cloud-custodian/pull/8341): releng - rev version, sphinx fixes, and rebase dependencies * [#8340](https://github.com/cloud-custodian/cloud-custodian/pull/8340): Bump golang.org/x/net from 0.0.0-20200202094626-16171245cfb2 to 0.7.0 in /tools/omnissm * [#8337](https://github.com/cloud-custodian/cloud-custodian/pull/8337): aws - elasticsearch - enable support for server-side query filtering * [#8332](https://github.com/cloud-custodian/cloud-custodian/pull/8332): releng - refactor ci and makefile * [#8331](https://github.com/cloud-custodian/cloud-custodian/pull/8331): releng - use layer cache when building images * [#8329](https://github.com/cloud-custodian/cloud-custodian/pull/8329): tools/c7n_mailer - handle lambda container images * [#8327](https://github.com/cloud-custodian/cloud-custodian/pull/8327): aws-ami-set-permissions: allow no 'add' in set-permissions action * [#8322](https://github.com/cloud-custodian/cloud-custodian/pull/8322): releng - cask dep updates * [#8320](https://github.com/cloud-custodian/cloud-custodian/pull/8320): Bump golang.org/x/sys from 0.0.0-20190215142949-d0b11bdaac8a to 0.1.0 in /tools/omnissm * [#8317](https://github.com/cloud-custodian/cloud-custodian/pull/8317): tools/dev - fix poetry installation * [#8315](https://github.com/cloud-custodian/cloud-custodian/pull/8315): Bump markdown-it-py from 2.1.0 to 2.2.0 in /tools/c7n_sphinxext * [#8313](https://github.com/cloud-custodian/cloud-custodian/pull/8313): feat: fix marked-for-op filter bug * [#8311](https://github.com/cloud-custodian/cloud-custodian/pull/8311): Bump golang.org/x/text from 0.3.0 to 0.3.8 in /tools/omnissm * [#8310](https://github.com/cloud-custodian/cloud-custodian/pull/8310): chore: Have the arg names the same as the base class. * [#8308](https://github.com/cloud-custodian/cloud-custodian/pull/8308): aws - asg - let valid/invalid filters work in explicit pull mode * [#8307](https://github.com/cloud-custodian/cloud-custodian/pull/8307): aws - filters - add headers to valuefrom * [#8305](https://github.com/cloud-custodian/cloud-custodian/pull/8305): Pass validate to c7n.loader.PolicyLoader.load_data * [#8301](https://github.com/cloud-custodian/cloud-custodian/pull/8301): aws - route53.recovery-cluster - add resource and tagging support * [#8300](https://github.com/cloud-custodian/cloud-custodian/pull/8300): aws - route53.recovery-cluster - add resource and tagging support * [#8299](https://github.com/cloud-custodian/cloud-custodian/pull/8299): c7n-left - traverse filter supports non value type filters * [#8297](https://github.com/cloud-custodian/cloud-custodian/pull/8297): aws - vpc - sg : Add Batch (un)used filter * [#8269](https://github.com/cloud-custodian/cloud-custodian/pull/8269): aws - config_id support added to get Configuration Item for R53 hostedzone * [#8241](https://github.com/cloud-custodian/cloud-custodian/pull/8241): Adding new resource for mysql flexibleserver and a new filter * [#8232](https://github.com/cloud-custodian/cloud-custodian/pull/8232): aws - elasticsearch - Added new action to enable audit logs to cloudwatch * [#8120](https://github.com/cloud-custodian/cloud-custodian/pull/8120): aws - wafv2 - add scope param to list_web_acls call in lambda modes * [#7952](https://github.com/cloud-custodian/cloud-custodian/pull/7952): c7n_gcp-add-augment-to-big-query-resource-bq-table-to-extract-encryptionconfiguration * [#7929](https://github.com/cloud-custodian/cloud-custodian/pull/7929): Fixing typo on fallback-schedule schema * [#7186](https://github.com/cloud-custodian/cloud-custodian/pull/7186): [Issue #7185] Update c7n logging for base64 decode error for clarification * [#6707](https://github.com/cloud-custodian/cloud-custodian/pull/6707): tools/c7n_mailer - assume role to send email with SES in centralized … * [#5999](https://github.com/cloud-custodian/cloud-custodian/pull/5999): AWS - Add Lambda Versions and Lambda@Edge Filter * [#5907](https://github.com/cloud-custodian/cloud-custodian/pull/5907): tools/c7n_mailer - changed list to set for remove email dupes * [#5835](https://github.com/cloud-custodian/cloud-custodian/pull/5835): gcp - audit mode on function resources fix location key * [#5655](https://github.com/cloud-custodian/cloud-custodian/pull/5655): c7n-mailer-replay - support mimicking sqs * [#5653](https://github.com/cloud-custodian/cloud-custodian/pull/5653): c7n-mailer-replay - support for slack * [#5123](https://github.com/cloud-custodian/cloud-custodian/pull/5123): GCP - Metrics filter * [#5055](https://github.com/cloud-custodian/cloud-custodian/pull/5055): Added list_to_dict to globals * [#4170](https://github.com/cloud-custodian/cloud-custodian/pull/4170): PR- c7n_mailer sending email issues- seeing the email still in queue * [#1183](https://github.com/cloud-custodian/cloud-custodian/pull/1183): Fixed event-owner property of email not getting the right AWS username ## Issues Opened * [#8402](https://github.com/cloud-custodian/cloud-custodian/issues/8402): releng - get to 100% on CLOMonitor * [#8398](https://github.com/cloud-custodian/cloud-custodian/issues/8398): Cloud Custodian Not Handling DomainConfig.AccessPolicies.Options Properly For Elasticsearch * [#8397](https://github.com/cloud-custodian/cloud-custodian/issues/8397): AWS route53 ARC cluster tagging exception * [#8394](https://github.com/cloud-custodian/cloud-custodian/issues/8394): releng - remove distutils version usage from the code base * [#8391](https://github.com/cloud-custodian/cloud-custodian/issues/8391): Support Aurora RDS for Offhours Policy * [#8388](https://github.com/cloud-custodian/cloud-custodian/issues/8388): A suggestion on Run your policy ( AWS getting started guide) * [#8375](https://github.com/cloud-custodian/cloud-custodian/issues/8375): Add a safety rule filter to route53 arc control panel resource * [#8373](https://github.com/cloud-custodian/cloud-custodian/issues/8373): Delete an ECS task definition * [#8369](https://github.com/cloud-custodian/cloud-custodian/issues/8369): releng - use custom ruff to get whitespace linting * [#8368](https://github.com/cloud-custodian/cloud-custodian/issues/8368): c7n-left policy testing * [#8364](https://github.com/cloud-custodian/cloud-custodian/issues/8364): releng - bandit 1.7.5 is flagging several issues * [#8363](https://github.com/cloud-custodian/cloud-custodian/issues/8363): Mapping source code tags to pypi versions * [#8362](https://github.com/cloud-custodian/cloud-custodian/issues/8362): mugc cli publishing * [#8358](https://github.com/cloud-custodian/cloud-custodian/issues/8358): Migrating resources and filters from the EPAM repository * [#8355](https://github.com/cloud-custodian/cloud-custodian/issues/8355): releng - sphinx warning pull request annotation * [#8354](https://github.com/cloud-custodian/cloud-custodian/issues/8354): releng - install poetry / venv cache isn't working correctly * [#8351](https://github.com/cloud-custodian/cloud-custodian/issues/8351): aws - route53.control-panel - add resource and tagging support * [#8345](https://github.com/cloud-custodian/cloud-custodian/issues/8345): releng - doc action caching seems busted * [#8344](https://github.com/cloud-custodian/cloud-custodian/issues/8344): Generic related resource filter * [#8339](https://github.com/cloud-custodian/cloud-custodian/issues/8339): releng - run only relevant tests during PR CI runs * [#8338](https://github.com/cloud-custodian/cloud-custodian/issues/8338): EKS network-location filter * [#8333](https://github.com/cloud-custodian/cloud-custodian/issues/8333): c7n_kube - tests spin up threads without closing them * [#8330](https://github.com/cloud-custodian/cloud-custodian/issues/8330): C7N Mailer - crashes when reporting lambda resources where runtime is blank * [#8328](https://github.com/cloud-custodian/cloud-custodian/issues/8328): Failed Docker publishing for 0.9.23.0 * [#8326](https://github.com/cloud-custodian/cloud-custodian/issues/8326): releng - Set up docker builds with the custodian AWS account * [#8325](https://github.com/cloud-custodian/cloud-custodian/issues/8325): releng - setup functional tests in GitHub actions against custodian aws cncf account * [#8323](https://github.com/cloud-custodian/cloud-custodian/issues/8323): Set-permissions action in aws.ami resource failed to execute * [#8318](https://github.com/cloud-custodian/cloud-custodian/issues/8318): Use of {now} produces exception: AttributeError: 'datetime.datetime' object has no attribute 'format' * [#8316](https://github.com/cloud-custodian/cloud-custodian/issues/8316): unused filter needed for sns-subscription resource * [#8306](https://github.com/cloud-custodian/cloud-custodian/issues/8306): Bug in marked-for-op filter * [#8304](https://github.com/cloud-custodian/cloud-custodian/issues/8304): c7n-left - traverse filter better output * [#8302](https://github.com/cloud-custodian/cloud-custodian/issues/8302): c7n-org report with S3 as source shows duplicate resources when policy is run more than once * :boom: [#8284](https://github.com/cloud-custodian/cloud-custodian/issues/8284): Tagging/Modifying resources with lookup values using data from a csv/db ## Issues Closed * [#8391](https://github.com/cloud-custodian/cloud-custodian/issues/8391): Support Aurora RDS for Offhours Policy * [#8364](https://github.com/cloud-custodian/cloud-custodian/issues/8364): releng - bandit 1.7.5 is flagging several issues * [#8354](https://github.com/cloud-custodian/cloud-custodian/issues/8354): releng - install poetry / venv cache isn't working correctly * [#8351](https://github.com/cloud-custodian/cloud-custodian/issues/8351): aws - route53.control-panel - add resource and tagging support * [#8345](https://github.com/cloud-custodian/cloud-custodian/issues/8345): releng - doc action caching seems busted * [#8338](https://github.com/cloud-custodian/cloud-custodian/issues/8338): EKS network-location filter * [#8330](https://github.com/cloud-custodian/cloud-custodian/issues/8330): C7N Mailer - crashes when reporting lambda resources where runtime is blank * [#8328](https://github.com/cloud-custodian/cloud-custodian/issues/8328): Failed Docker publishing for 0.9.23.0 * [#8326](https://github.com/cloud-custodian/cloud-custodian/issues/8326): releng - Set up docker builds with the custodian AWS account * [#8325](https://github.com/cloud-custodian/cloud-custodian/issues/8325): releng - setup functional tests in GitHub actions against custodian aws cncf account * [#8323](https://github.com/cloud-custodian/cloud-custodian/issues/8323): Set-permissions action in aws.ami resource failed to execute * [#8318](https://github.com/cloud-custodian/cloud-custodian/issues/8318): Use of {now} produces exception: AttributeError: 'datetime.datetime' object has no attribute 'format' * [#8306](https://github.com/cloud-custodian/cloud-custodian/issues/8306): Bug in marked-for-op filter * [#8295](https://github.com/cloud-custodian/cloud-custodian/issues/8295): aws - route53.recovery-cluster - add resource and tagging support * [#8277](https://github.com/cloud-custodian/cloud-custodian/issues/8277): releng - remove tox from docs * [#8231](https://github.com/cloud-custodian/cloud-custodian/issues/8231): EFS Mount Target network-location filter * [#8118](https://github.com/cloud-custodian/cloud-custodian/issues/8118): Wafv2 logging error when using cloudtrail mode * [#8099](https://github.com/cloud-custodian/cloud-custodian/issues/8099): Errors logged with security-group resource. (when processing ENI that is in-use but has no attachment) * [#7973](https://github.com/cloud-custodian/cloud-custodian/issues/7973): AWS EC2 - exception when processing ENI that is in-use but has no attachment * [#6678](https://github.com/cloud-custodian/cloud-custodian/issues/6678): s3 filter check-public-block causes c7n to fail to scan remaining buckets when it encounters an access denied * [#6034](https://github.com/cloud-custodian/cloud-custodian/issues/6034): AWS - Lambda Edge Filter * [#5621](https://github.com/cloud-custodian/cloud-custodian/issues/5621): azure - ci flakey test * [#5482](https://github.com/cloud-custodian/cloud-custodian/issues/5482): c7n-mailer - replay of a slack message only works if key action.slack_template is renamed to action.template * [#5238](https://github.com/cloud-custodian/cloud-custodian/issues/5238): mailer - notify message from policy for faster local testing of templates * [#4686](https://github.com/cloud-custodian/cloud-custodian/issues/4686): azure - storage firewall actions has some failures * [#3860](https://github.com/cloud-custodian/cloud-custodian/issues/3860): Implement Azure Pipeline Cache/Restore Tasks