C7N Community Meeting Minutes 2023-04-04

# C7N Community Meeting Minutes 2023-04-04 ## April 4th 2023 :::info - **URL:** meet.google.com/mii-evqh-esh - **Date:** March 21st, 2023 (2:00 PM (ET) / 11:00 AM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20220621T180000&p1=263&p2=224&p3=136&p4=37&p5=367&p6=438&p7=248&p8=22)** - **Agenda** 1. Intros `10m` 1. Agenda Items `20m` 1. PR Party `30m` - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Video Archive and Transcripts**: https://mtngs.io/cloud-custodian/community-meetings/ ::: ## Agenda Items - Intros, etc. - We're testing Slack! Join us: - [Invite page](https://communityinviter.com/apps/cloud-custodian/c7n-chat) - We're moving on from Python 3.7 this year, details TBD, heads up: - https://github.com/cloud-custodian/cloud-custodian/issues/8092 - Tips and Tricks section in Discussions - https://github.com/cloud-custodian/cloud-custodian/discussions/categories/tips-and-tricks # Weekly Report Weekly status report for cloud-custodian/cloud-custodian Week #14 2023 ## Here's what the team has focused on this week: ## Weekly Stats | | Opened this week| Closed this week| |--|---|-----| |Issues| 18 | 13| |PR's| 31 | 29| | | | |--|--| | New stars | 10| | New forks | 2| ## PR's Opened * [#8461](https://github.com/cloud-custodian/cloud-custodian/pull/8461): gcp - added gce-project, regions, zones * [#8460](https://github.com/cloud-custodian/cloud-custodian/pull/8460): c7n-left - policy testing allow filters * [#8457](https://github.com/cloud-custodian/cloud-custodian/pull/8457): AWS - SES - Create new resource type configuration-set for SES * [#8456](https://github.com/cloud-custodian/cloud-custodian/pull/8456): aws - reuse client for augment thread workers * [#8454](https://github.com/cloud-custodian/cloud-custodian/pull/8454): aws- add tag/remove tag action to kinesis-video * [#8453](https://github.com/cloud-custodian/cloud-custodian/pull/8453): aws - augment reuse client in workers * [#8452](https://github.com/cloud-custodian/cloud-custodian/pull/8452): gcp - cloud-run service and job * [#8448](https://github.com/cloud-custodian/cloud-custodian/pull/8448): Fixing the Role name to arn for Ops tool for SAM Transformation * [#8447](https://github.com/cloud-custodian/cloud-custodian/pull/8447): c7n-left - fix multi resource using lists * [#8446](https://github.com/cloud-custodian/cloud-custodian/pull/8446): Add storage filter to ECS resource * [#8444](https://github.com/cloud-custodian/cloud-custodian/pull/8444): gcp - added the artifactregistry-repository resource and gcp-iam-policy-filter * [#8438](https://github.com/cloud-custodian/cloud-custodian/pull/8438): Added support for ICMP protocol in NSG * [#8437](https://github.com/cloud-custodian/cloud-custodian/pull/8437): ensuring webacl detail is present for wafv2 resources * [#8434](https://github.com/cloud-custodian/cloud-custodian/pull/8434): policy - fix conditions.env_vars being wiped in #8014 * [#8433](https://github.com/cloud-custodian/cloud-custodian/pull/8433): aws - rds - db-option-groups filter fix * [#8431](https://github.com/cloud-custodian/cloud-custodian/pull/8431): releng - release prep 0.9.25 * [#8430](https://github.com/cloud-custodian/cloud-custodian/pull/8430): tools/dev - prcheck - add required fields and arg help * [#8428](https://github.com/cloud-custodian/cloud-custodian/pull/8428): c7n-left - policy testing * [#8427](https://github.com/cloud-custodian/cloud-custodian/pull/8427): c7n-left - policy testing cli * [#8426](https://github.com/cloud-custodian/cloud-custodian/pull/8426): aws - eks - adding associate-encryption-config action * [#8425](https://github.com/cloud-custodian/cloud-custodian/pull/8425): Gcp new resources app service and app service version * [#8424](https://github.com/cloud-custodian/cloud-custodian/pull/8424): aws - cloudtrail mode - support glob patterns for event and source * [#8422](https://github.com/cloud-custodian/cloud-custodian/pull/8422): releng - policy stream fix test oddity - use explicit rm * [#8421](https://github.com/cloud-custodian/cloud-custodian/pull/8421): gcp - added gcp-secret resource * [#8420](https://github.com/cloud-custodian/cloud-custodian/pull/8420): Add api-key feature to values_from * [#8419](https://github.com/cloud-custodian/cloud-custodian/pull/8419): Delete Action for AppSync * [#8417](https://github.com/cloud-custodian/cloud-custodian/pull/8417): Delete Action for AppSync * [#8415](https://github.com/cloud-custodian/cloud-custodian/pull/8415): Delete Action for AppSync * [#8413](https://github.com/cloud-custodian/cloud-custodian/pull/8413): releng - terraform fmt check in ci * [#8412](https://github.com/cloud-custodian/cloud-custodian/pull/8412): docs - add shift-left to main readme, flush out c7n-left readme * [#8411](https://github.com/cloud-custodian/cloud-custodian/pull/8411): releng - remove obsolete devcontainer and vscode configs ## PR's Closed * [#8460](https://github.com/cloud-custodian/cloud-custodian/pull/8460): c7n-left - policy testing allow filters * [#8456](https://github.com/cloud-custodian/cloud-custodian/pull/8456): aws - reuse client for augment thread workers * [#8453](https://github.com/cloud-custodian/cloud-custodian/pull/8453): aws - augment reuse client in workers * [#8447](https://github.com/cloud-custodian/cloud-custodian/pull/8447): c7n-left - fix multi resource using lists * [#8438](https://github.com/cloud-custodian/cloud-custodian/pull/8438): Added support for ICMP protocol in NSG * [#8434](https://github.com/cloud-custodian/cloud-custodian/pull/8434): policy - fix conditions.env_vars being wiped in #8014 * [#8433](https://github.com/cloud-custodian/cloud-custodian/pull/8433): aws - rds - db-option-groups filter fix * [#8431](https://github.com/cloud-custodian/cloud-custodian/pull/8431): releng - release prep 0.9.25 * [#8430](https://github.com/cloud-custodian/cloud-custodian/pull/8430): tools/dev - prcheck - add required fields and arg help * [#8428](https://github.com/cloud-custodian/cloud-custodian/pull/8428): c7n-left - policy testing * [#8427](https://github.com/cloud-custodian/cloud-custodian/pull/8427): c7n-left - policy testing cli * [#8422](https://github.com/cloud-custodian/cloud-custodian/pull/8422): releng - policy stream fix test oddity - use explicit rm * [#8421](https://github.com/cloud-custodian/cloud-custodian/pull/8421): gcp - added gcp-secret resource * [#8419](https://github.com/cloud-custodian/cloud-custodian/pull/8419): Delete Action for AppSync * [#8417](https://github.com/cloud-custodian/cloud-custodian/pull/8417): Delete Action for AppSync * [#8415](https://github.com/cloud-custodian/cloud-custodian/pull/8415): Delete Action for AppSync * [#8413](https://github.com/cloud-custodian/cloud-custodian/pull/8413): releng - terraform fmt check in ci * [#8412](https://github.com/cloud-custodian/cloud-custodian/pull/8412): docs - add shift-left to main readme, flush out c7n-left readme * [#8411](https://github.com/cloud-custodian/cloud-custodian/pull/8411): releng - remove obsolete devcontainer and vscode configs * [#8409](https://github.com/cloud-custodian/cloud-custodian/pull/8409): releng - policy stream test ensure debug output on failure * [#8406](https://github.com/cloud-custodian/cloud-custodian/pull/8406): aws - delete task definition action * [#8404](https://github.com/cloud-custodian/cloud-custodian/pull/8404): feat: add iam-policy filter for gcp.service-account resource * [#8399](https://github.com/cloud-custodian/cloud-custodian/pull/8399): c7n_tencentcloud - resources - SecurityGroup * [#8384](https://github.com/cloud-custodian/cloud-custodian/pull/8384): Add api-key feature to values_from * [#8381](https://github.com/cloud-custodian/cloud-custodian/pull/8381): aws - route53 - recovery - control - panel: add a safety rule filter * [#8378](https://github.com/cloud-custodian/cloud-custodian/pull/8378): releng - add black as dev dependency and add to make lint * [#8376](https://github.com/cloud-custodian/cloud-custodian/pull/8376): tools/dev - prcheck can tag prs and recheck them * [#8312](https://github.com/cloud-custodian/cloud-custodian/pull/8312): feat: new filter for azure network security group flow logs * [#8309](https://github.com/cloud-custodian/cloud-custodian/pull/8309): feat: adding flag to allow the inclusion of the azure 'magic' ip range for sql and postgresql ## Issues Opened * [#8459](https://github.com/cloud-custodian/cloud-custodian/issues/8459): c7n-left - support finer-grained matches against JSON blocks * [#8458](https://github.com/cloud-custodian/cloud-custodian/issues/8458): c7n-left - finding in module should record caller * [#8455](https://github.com/cloud-custodian/cloud-custodian/issues/8455): c7n-left - include c7n as release dependency * [#8451](https://github.com/cloud-custodian/cloud-custodian/issues/8451): Add resource for ElastiCache reserved instances * [#8450](https://github.com/cloud-custodian/cloud-custodian/issues/8450): Anomaly with AssumeRole calls at runtime * [#8449](https://github.com/cloud-custodian/cloud-custodian/issues/8449): aws - kinesisvideo tagging action * [#8445](https://github.com/cloud-custodian/cloud-custodian/issues/8445): c7n-policystream 0.4.23 fails to install on Ubuntu 20.04 with python3.8 * [#8443](https://github.com/cloud-custodian/cloud-custodian/issues/8443): DynamoDB tables always report that "DeletionProtectionEnabled" is not enabled. * [#8442](https://github.com/cloud-custodian/cloud-custodian/issues/8442): using has-statement filter to match s3 bucket policy actions doesn't yield desired results * [#8441](https://github.com/cloud-custodian/cloud-custodian/issues/8441): c7n-org fails if all policies filtered out * [#8440](https://github.com/cloud-custodian/cloud-custodian/issues/8440): Add Cloud Custodian to the CNCF Project Summary Table * [#8439](https://github.com/cloud-custodian/cloud-custodian/issues/8439): shift-left - policies silently run against invalid terraform files * [#8436](https://github.com/cloud-custodian/cloud-custodian/issues/8436): c7n-left - capture ci context in output * [#8435](https://github.com/cloud-custodian/cloud-custodian/issues/8435): c7n-left - junitxml output * [#8432](https://github.com/cloud-custodian/cloud-custodian/issues/8432): jinja2 dependency error with mailer 0.6.23 * [#8429](https://github.com/cloud-custodian/cloud-custodian/issues/8429): Dependency pinning in 0.9.24 does not seem to be working * [#8418](https://github.com/cloud-custodian/cloud-custodian/issues/8418): Issue with Assume role on regular custodian cli * [#8414](https://github.com/cloud-custodian/cloud-custodian/issues/8414): `AttributeError: region` since 0.9.22.0 ## Issues Closed * [#8450](https://github.com/cloud-custodian/cloud-custodian/issues/8450): Anomaly with AssumeRole calls at runtime * [#8445](https://github.com/cloud-custodian/cloud-custodian/issues/8445): c7n-policystream 0.4.23 fails to install on Ubuntu 20.04 with python3.8 * [#8439](https://github.com/cloud-custodian/cloud-custodian/issues/8439): shift-left - policies silently run against invalid terraform files * [#8432](https://github.com/cloud-custodian/cloud-custodian/issues/8432): jinja2 dependency error with mailer 0.6.23 * [#8429](https://github.com/cloud-custodian/cloud-custodian/issues/8429): Dependency pinning in 0.9.24 does not seem to be working * [#8373](https://github.com/cloud-custodian/cloud-custodian/issues/8373): Delete an ECS task definition * [#8368](https://github.com/cloud-custodian/cloud-custodian/issues/8368): c7n-left policy testing * [#8296](https://github.com/cloud-custodian/cloud-custodian/issues/8296): Plugin-able architecture for resources, filters and actions * [#8270](https://github.com/cloud-custodian/cloud-custodian/issues/8270): Delete Action for AppSync * [#8222](https://github.com/cloud-custodian/cloud-custodian/issues/8222): shift-left - resolve local module references above the root directory * [#7635](https://github.com/cloud-custodian/cloud-custodian/issues/7635): Support for lambda layers and how to adjust environment/handler? * [#7175](https://github.com/cloud-custodian/cloud-custodian/issues/7175): The jitter of backoff_delays is too high * [#7166](https://github.com/cloud-custodian/cloud-custodian/issues/7166): NoCredentialsError reported occasionally, thread-safe problems?