►
From YouTube: Cloud Custodian Community Meeting 2023-06-13
Description
A few topics from this meeting:
- Review initial work on the Oracle Cloud provider
- Docker build failures
- Our reliance on the Azure CLI
You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions or at HackMD:
- https://github.com/orgs/cloud-custodian/discussions/8659
- https://hackmd.io/@c7n/ryyiU-Lv2
Check out our Slack for more info! http://slack.cloudcustodian.io
A
Everyone
has
it
and
then
I'll
share
and
we'll
talk
through
it
a
bit.
The
first
section
is,
as
always,
is
the
intros.
So
if
anyone
New
or
Old
to
the
community
meeting
wants
to
jump
in
with
some
introductions,
Now's
the
Time.
B
Yeah
maybe
I'll
go.
My
name
is
Robert
Campbell
I
work
with
Oracle
I'm
based
in
California,
the
Bay
Area,
so
we've
recently
put
together
a
provider
for
oci
cloud
custodian
provider,
and
so
we're
just
going
through
the
the
process
for
getting
that
integrated
into
the
builds
and
aqua
sodium
builds.
A
That's
good
if
anyone's
interested
in
the
work
that
goes
into
adding
a
provider
that
pull
request
and
I
should
actually
share
that
one
that
there's
just
there's
so
much
good
work
there
and
and
documentation
there's
a
lot
of
really
cool
stuff
in
there.
Let's
pull
it
up.
A
B
A
Oh
okay,
I
didn't
see
you
come
in
there,
hello,
I
didn't
know.
If,
if
you
were
in
the
midst
of
a
reinforced
stuff
because
I
know,
that's
that's
online.
D
Sure
yeah
I'm
Ryan
I
work
at
Capital
One.
This
is
my
second
meeting
and
yeah
I'm
working
on
some
SES
stuff
to
support
one
of
the
services
we're
launching.
E
Hi
I'm
mandine:
this
is
my
first
meeting
I.
Have
you
Cloud
custodian
at
my
last
year,
I
implemented
a
bunch
of
AWS
policies.
This
year,
I'm
working
on
Azure
and
I've
had
a
lot
of
fun
working
with
this
code
base.
So
I'm
happy
to
be
here,
cool
welcome.
A
B
A
All
right
come
back
to
intros
later
if
we
have
any
more
okay,
so
some
of
the
agenda
items
for
we've
got
some
fixed,
some
things
that
are
still
in
here
from
from
previous
meetings,
still
a
note
about
moving
on
from
python37
and
about
the
the
tips
and
tricks
section
in
discussions.
A
E
A
Yet
okay
I
find
it
that
that's
there's
a
couple
examples
in
the
docs
around
using
sending
out
to
teams,
but
it's
not
it's
not
as
fleshed
out
as
some
of
the
some
of
like
the
slack
integration.
I
think
the
tips
and
tricks
might
be
a
good
way.
We've
had
some
slack
discussion
there,
some
ways
to
make
that
stuff
a
little
clearer.
A
But
if
you
come
across
anything
that
seems
under
documented
or
inaccurately
documented
on
the
Azure
side
would
be
cool,
even
if
it's
just
an
issue
to
let
us
know
we're
jumping
into
slack.
That
would
be
good,
so
we
can
help
that
okay.
A
Okay
and
then
policy
packs,
so
this
was
Darren's
point
I
know
Darren's
not
here
today,
but
in
the
last
meeting
he
was
talking
about
just
having
to
be
a
repository
of
examples,
I
think
Kapil.
You
may
have
mentioned
creating
them
per
provider,
but
under
the
custodian
org.
C
D
A
D
A
C
I
also
wanted
to
add
in
there
was
a
question
about
the
Azure
CLI,
like
the
the
fact
that
we
depend
on
the
Azure
CLI
for
the
for
getting
information.
It
wasn't
clear
because,
on
that
one
I
wanted
to
just
walk
through.
Why?
Why
we
couldn't
just
read
the
follow
ourselves
and
said,
depending
on
the
you'll,
see
a
lot.
A
Yeah
and
actually
I
wonder
if
I
not
that
I
want
to
we'll
command
you
to
the
meeting
and
ask
her
a
bunch
of
questions
about
editor,
but
there
was
it
looked
like
we
were.
Let
me
let
me
pull
up
the
one.
The
pull
request
with
this.
A
And
this
one,
what
happened
there
was
a.
There
was
a
change
to
the
Azure
SDK,
where
it
added
it.
Had
this
internal
method,
a
run
command
method
and
they
added
a
required
timeout
parameter,
and
we
weren't
using
that.
So
so
some
calls
started
breaking
and
it
looked
like
where
we
were
using
that
it
was
to
have
I
mean
we
include
the
Azure
identity,
SDK
and
that
supports
CLI
credentials,
which
it
can.
A
A
Basically
what
that's
doing
is
parsing
the
the
Azure
profile.json
file
in
your
home
directory
and
it
looked
like
that's
what
it
did
in
like
90
plus
percent
of
cases,
but
it
seemed
like
it
was
also
possible
that
that
config
information
would
get
stored
somewhere
else
like
a
Mac
keychain
or
something
like
that.
And
so,
if
we
tried
to
parse
that
file
directly,
there
would
be
edge
cases
where
it
would
fail.
I.
C
C
Rather
avoid
a
depencing
on
the
Azure
CLI,
because
I
don't
like
we
don't
install
in
our
Docker
images,
like
there's
other
reasons
for
why
we
shouldn't
depend
on
the
S
on
the
CLI
I
guess
in
the
context
of
like
we
would
hit
the
metadata
server
so
to
speak
and
or
we
can
be
explicitly
provided,
but
yeah
I'd
rather
avoid
it
dependency.
C
Depend
on
clis
from
the
cloud
providers
if
this
seems
like
a
weird
case,
it
might
be
worth
tracking
through
on
the
CLI
likes
to
go.
Stick
a
debug
statement
and
walk
up
the
chain
from
the
entry
point
to
see.
If
there's
any
other
paths
that
it
can
go
down.
But
that's.
C
Since
we
really
encoded
Json
file-
and
that's
that's
really
about
it-
and
if
we
can
describe
that
directly,
then
I
think
we
can
save
installations
on
or
save
some
paypoints.
Okay.
A
Yeah,
that
seems
reasonably
me,
I.
Think
the
where
I
tripped
was
that
I
am
not
as
familiar
with
Azure
and
it
looked
like.
There
was
a
potential
Edge
case
and
I
thought.
Oh,
let
me
just
fix
the
most
the
simplest
thing
and
then
we'll
come
back
to
this.
So
if
the
next
pass
is
to
parse
Json
file
that
works
for
me
and
again,
no
pressure
but
Mandy.
If
you
do
have
any
input
on
this,
if
any
of
this
sounds
like
something
you've
bumped
into
inside,
welcome
yeah.
C
E
Yeah
I'm
not
super
familiar
with
Azure,
either
I
just
found
that
line
and
just
got
it
working
for
whenever
I
needed
it,
but.
E
A
So
Kapil
that
was
the
yeah.
That
was
the
Azure
piece.
The
other
thing
we
see
Dr
builds
Docker
builds
were
failing,
the
only
one
that
I
know
was
failing
with
the
C7
on
left
and
that's
right.
This
so.
C
They
are
open
issues
with
c7n
left
I
I,
don't
know
that
I
want
to
go
down
this
VR
route
because
it
feels
strange
sure,
generally
speaking,
we
we
build.
We
build
the
full
image
from
entry,
and
the
way
this
is
set
up
is
that
it'll
build
the
image
from
release
artifacts
as
well,
which
doesn't
allow
for
testing
off
a
branch.
Let's
say
it
did
put
in
mind
the
question
of
why
this
wasn't
failing
in
CI
I.
C
Think
it's
gonna
be
only
do
the
docker
build
for
Maine
NCI
as
far
as
the
seven
unlocked
image,
the
other
issues
that
we
actually
need
to
get
binary
to
be
installed.
We're
currently
using
the
C7
left
images
a
little
bit
different
because
we're
using
chain
guards
Wolfie
images,
because
it's
all
to
have
better
supply
chain
security,
minimal
images,
stuff,
I
think
in
unfortunately,
modifying
those
images
requires
adopting
a
bunch
more
custom
stuff
which
isn't
going
to
work
in
our
Matrix,
build
on
Docker
images.
C
C
The
left
is
typically
deployed
inside
of
application
pipeline,
so
we
want
to
try
to
keep
the
if
people
are
using
the
documents
we
want
to
keep
the
dependencies
set
minimal,
so
it'll
be
different
than
standard
custodian
images
which
are
typically
Ubuntu
based,
but
I,
don't
know
if
that's
going
to
be
a
huge
that
will
that
won't
necessarily
be
a
significant
risk
in
this
context,
because
this
is
more
of
a
you
know:
Source
static
analysis
versus
all
the
other
capabilities
on
policies,
so
this
is
I
actually
would
like
this.
C
This
is
a
release
blocker
as
well.
We
also
don't
have
a
corresponding
GitHub
issue
for
this,
which
I
think
we
should
do
first.
Oh,
that's,
fair
and
then
we'll
label
that,
as
early
as
Blocker
in
terms
of
getting
a
release
out,
I
think
there's
still,
but.
C
I'm
hopeful
that
we'll
at
least
be
practicing
our
release,
automation,
stuff
for
July.
So
we
that's
it's
more
push
button,
but
yeah
this.
This
is
definitely
a
blocker
like
because
it
prevented
the
less
our
signed
images
for
the
last
release
going
out,
as
well
as
blocking
you
out
on
the
daily
day
of
images.
C
A
A
Ion
I
did
want
to
talk
about
that
that
RDS
won
the
multiple
resources,
but
we
can.
We
can
come
back
to
that
because
I've
been
yapping
a
bunch
we'll
see
if
anyone
else
has
something
yep.
D
Yeah
one
question:
just
from
like
workflow
point
of
view:
do
you
guys
usually
update
through
with
like
the
git
like
tool.
C
So
you
like
gently
speaking
because
we
have
people
from
all
walks
of
life
as
far
as
their
familiarity
with
Git.
We
don't
really
require
anything
as
far
as
how
like
the
actual
process
on
the
pr,
we
will
do
a
squash
merge.
C
So
anything
we're
also
going
to
commit
to
the
pr
we'll
effectively
do
a
single
merge
as
a
single
commit
back
into
the
history.
I
mean
generally,
the
the
request
would
be.
You
know
if,
if
you're
getting
reviews
on
things
to
leave
separate
commits
after
the
reviews,
just
so
that
it's
obvious,
what's
being
addressed
from
review
feedback.
B
F
Yeah
I
took
a
look
at
this
I
had
a
question
on
this
with
regards
to
capturing
email
identities,
but
I
think
that's
clarified
now,
I
think
it
only
captures
yeah.
C
Good
I
I
would
mean
my
I
mean
if
it's
operator,
email
addresses,
yeah
less
concerns
just
because
we
already
pulled
out
with
some
tags
anyways
for
delivery
purposes.
So
we
don't
feel
like
we're
done
anything
it's
like
in
customer
type
stuff,
then
that
would
be
a
different
concern
and
what
I'm
significant
concerned.
B
Yeah
I'm
not
sure
this
is
the
right
form,
just
be
so
8620,
so
the
initial
CI
provider
commit
so
just
a
question
out
to
anyone
here.
Just
if
there's
anything
left
to
do,
we
don't
have
anything
handing
on
our
side
that
we
know
of
so.
C
B
B
I
just
saying,
if
there's
anything,
you
notice,
that's
missing
that
you
know
maybe
isn't
urgent,
but
we
we
can
phase
that
out
and
just
figure
out
when.
C
Getting
things
in
so
any
review
comments
would
be
on.
What's
what's
going
on
right
now,
when
will
your
future
enhancements
out
PR
sure
sure.
F
Okay,
yeah,
we
don't
have
anything.
I
was
trying
to
see
if
you
could
get
an
eye
on
the
SNS
too
long
message:
error,
which
is
PR
861.
It
I
think
it's
still
in
craft
mode,
but
just
wanted
to
see.
If
that's
what
a
couple
you
were
looking
for
with
regards
to
getting
this
issue
resolved.
C
It
will
probably
be
this
week,
but
I
could
not
tell
you
when
sorry
SMS,
yeah.
C
Yes,
no
I
think
it's
doing
the
right
doing
the
thing
I
want
to
structure
differently
because
we
have
to
deal
with
compression,
but
yeah
I'll
try
to
do
some
feedback.
B
C
B
A
C
Yeah,
this
isn't
actually
it.
This
will
end
up
double
encoding
messages,
the
antennas
that
we
actually
assembled
the
envelope
manually
at
the
end
too,
so
we
don't
get
because
right
now
this
is
serializing
the
message:
there's
still
housing,
each
individual
resource
adding
to
a
batch
and
then
saying
Json
serial
is
the
batch,
which
means
you
get
a
double
encoding
on
the
resources.
So
it
just
isn't
quite
right.
A
I
did
want
to
point
out
this
one.
This
8614
I
think
that
this
came
through
as
a
fix
to
the
propagate
tags,
National,
Property
or
copy
copy
related
text
for
RDS
and
redshift,
but
it
was
we
made.
You
ended
up
making
the
change
at
a
at
a
higher
level
here
in
in
queries,
I
think
we
were
it's
just
worth
calling
out
in
case.
Anyone
comes
across.
This
may
fix
other
things,
which
means
there's
always
an
outside
chance
that
it
will
break
other
things.
A
A
If
we
had
more
than
one
identity
and
so
fixing
this
fixed
copy
related
tag,
it
could
also
fix
some
some
event-based
policy
triggers,
but
mostly
just
want
to
call
that
out
just
in
case
I
would
hope.
The
only
other
side
effect
is
that
some
other
things
start
working.
F
Yeah
we
haven't
like
really
pulled
it
into
our
platform
or
our
environment,
yet
but
I
think
once
we
do
that
I'll
definitely
have
more
visibility
in
terms
of
something
that
this
might
end
up.
Breaking.
A
C
Is
there
are
black
Ken
took
up
the
mailer
formatting,
so
I
think
that's
probably
going
to
go
through
separately.
Then
the
fermenting
the
rest
of
the
tree,
because
I
think
he's
got
some
active
work.
He
wants
to
do
on
the
mailer
and
he
wanted
to
take
care
of
that
first.
So
as.
C
See
I
I'm
going
to
just
do
this
one
by
itself
and
rebate
the
other
one
once
this
is
landed.
A
A
Yeah
and
that's
what
it's
not
configured
there
it's
configured
for
rough,
but
not
for
black,
so
yeah
I
was
gonna.
Let
him
know
that
we
should
add
that
configuration
there
and
add
mailer
to
the
format
set
as
part
of
this
PR.
Also,
if
there's
gonna,
if
we're
gonna,
combine
a
black
with
a
refactor
I'm
wondering
if
we
should
split
it
out
and
then
add
the
format
pass
to
like
an
excluded
commit
list.
So
we
can
filter
those
out
later
or
if
we,
if
we
care
that
much.
C
Related
to
the
the
mouse
reformat
I'm,
okay
like
leaving
it
out
suppose
we
get
like
a
you
know.
The
rinky
dig
one-liner
commit
I
mean
which
is
fine
but
like
it
feels
it
feels
part
and
parcel,
like
otherwise,
I
think
if
we
were
to
structure
it,
otherwise
I
guess
doesn't
matter
if
it
comes
before
or
after,
but
I
mean
I.
Think
it's
it's
pretty
reasonable
to
I
understand
what
you're
saying
you're
like
a
semantic
change
here,
but
it's
a
one-liner
so
I'm!
Okay
with
that.
A
Yeah
I'm
fine
with
it
and
just
I,
know
that,
as
we
start
doing,
and
this
ties
in
a
little
bit
to
the
the
oci
commit
too,
because
I
think
there
was,
there
was
a
different
length
there
and
I
was
thinking.
Well,
if
we're
gonna,
if
we're
gonna,
have
a
formatting,
we
should
just
keep
that
the
same
the
same
line
length
and
then
add
oci
to
the
format
specs
so
that
that
lint
pass
touches,
touch
that
out
of
the
gate.
C
That's
a
good
point.
We
can
probably
directly
like
push
some
of
that
stuff
to
the
PR's
that
are
extent
to
make
it
a
little
bit
easier
but
yeah.
Those
are
all
good
callouts.
A
Okay,
oh
well,
follow
up
on
this
one
then,
but
yeah
thanks
for
bringing
that
up
because
I
forgot
about
it.
A
Okay,
so
I
think
that's
it
for
this
meeting,
then
thanks
everybody
for
coming
more
questions,
any
other
follow-up
stuff
that
comes
up
after
we
can
handle
in
slack
and
oh
Kapil.
You
also
pointed
out.
We
should
have
these
notes
going
in
as
GitHub
discussions.
So
if
we
have
any
direct
meeting
follow-up,
we
can
have
it
right
in
GitHub
and
I
had
not
been
posting
those
there.
So
I'm
going
to
start
doing
that
with
today's
actually.
C
Do
we
have,
are
we
do
we
have
the
flow
for
meeting
recordings
going
into
our
YouTube
channel?
Yes,.
A
We're
putting
them
in
it's
a
bit
of
a
manual
thing
actually,
unless
somebody
knows
of
a
way
to
do
it
directly
from
the
Google
me
to
YouTube,
but
we've
been
putting
those
over
there
and
then
because
they
get
added
to
the
community
meeting
playlist.
They
also
end
up
in
that
they
get
transcribed
and
they
end
up
in
that
list
at
where
is
this
spot?
A
C
Advice,
I,
don't
know
if
there's
a
way
to
get
a
feed
on
that,
because
currently
strong
cleaning
for
like
two
or
three
years
ago,
and
like
just
wondering
about
updating
our
page
to
like
Point
people
to
the
link,
as
opposed
to
a
multi-year-old
meeting.
A
C
A
It's
in
case
it's
not
clear,
I'm,
still
very
much
figuring
this
stuff
out
arm
wheel,
so
yeah,
but
that's
a
good
call
out
too
I'll.
Try
to
get
that
updated,
that'll,
be
cool.
A
A
Yeah
I
saw
something
about
live
streams
and
I
was
hesitant
to
do
that
because
occasionally,
we'll
have
a
discussion
on
someone
asked
a
question
and
they
post
credits
or
account
IDs
sensitive
info
and
it's
nice
to
have
that
editing
a
while,
but
I
like
the
option
of
having
the
edit
pass
to
pull
that
stuff
out.
Maybe
we
don't
need
it
anymore,
though.
Maybe
we're
in
a
live
streaming
world
and
we
should
just
live
stream.
The
thing
do
we
is
since
we're
we're
in
a
community
meeting.
A
Does
anyone
have
opinions
one
way
or
the
other
about
live
streaming
as
opposed
to
to
just
taking
the
recording.
E
A
E
A
All
right
cool!
Well,
thanks
now
we
have
something
to
look
look
forward
to
for
next
time.
I'll
have
to
look
into
live
streaming,
foreign.