►
From YouTube: Cloud Custodian Community Meeting 2021-09-28
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/cloud-custodian/community/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
All
right
welcome
everybody.
The
date
is
september,
28
2021,
and
this
is
the
clock,
custodian
community
meeting,
just
a
quick
reminder
that
the
cncf
code
of
conduct
is
in
effect
and
we
are
recording
these
and
we
put
these
on
youtubes
and
we
publish
the
notes
in
the
github
repo
as
well.
So
please
be
cognizant
of
that
as
you're
making
comments,
here's
the
schedule
we
kind
of
go
through
the
same
schedule.
Every
time
we
have
a
quick
introduction,
section
some
agenda
items.
A
Every
two
weeks
publish
the
notes
into
github
and
then
rinse
and
repeat,
over
and
over
again
until
we
keep
busting
out
items
and
work
items
for
me
to
do
so
with
that,
usually
we
have
about
five
minutes
for
introductions.
If
this
is
your
first
meeting
or
you
haven't
been
in
a
while,
you
want
to
say
hello.
This
is
the
chance
to
do
it.
You
don't
have
to
it's
all
optional,
but
I'll
go
first.
My
name
is
george
castro.
A
I
work
at
stacklit
and
he
him
are
my
pronouns
and
I'm
in
ann
arbor
michigan.
If
anyone
else
wants
to
say
hello,
no
pressure.
B
Aj
kerrigan
at
stacklet
also
pronouns,
he
him
and
just
here
rocking
out
with
custody.
Good
morning,
hello.
A
All
right,
don't
worry,
I
added
a
section
on
changelog.py,
so
we
can
laugh
about
that.
A
All
right
and
with
that,
let's
just
move
on
to
the
agenda
here-
I'm
gonna
start
with
governance
as
code
day
first,
because
zumer
usually
has
a
time
limit
and
can't
stay
to
the
whole
meeting
and
is
one
big
event
that's
coming
up,
so
you
want
to
take
us
through
governance
as
code
day.
C
Yeah,
I
think
most
of
you
already
know
about
the
event
and
are
presenting
as
well.
So
thank
you
for
that.
We
have
the
schedule
published
we're
still
waiting
for
a
couple
of
more
talks,
approvals
like
internal
approvals
before
we
get
them
posted,
but
I'm
excited
to
announce.
We
have
brian
from
hbo
max
with
a
cso
there
and
they
use
custodian
at
scale
and
he's
going
to
talk
about
a
bunch
of
things
other
than
custodian
as
well,
more
strategic
in
nature.
C
How
you
know
security
can
actually
be
enabled,
and
then
you
know
the
typical
people
think
about
you.
Know:
security
inhibiting
stuff,
we'll
also
do
a
community
state
of
the
union
session
on
the
community
by
kapil
and
a
few
a
bunch
of
other
folks.
Then
we
have
a
bunch
of
you
know
speakers
from
zapier
code
42,
you
know,
keith
is
on
the
call
already
hey
will
be
one
of
the
presenters
as
well:
emily
freeman
who's,
the
writer
of
devops
dummy
she's,
also
a
principal
at
you,
know,
aws.
C
I
think
she
also
wrote
a
book
called
something
around
59
cloud
engineering
code.
So
I
think
that's
one
of
the
best
sellers
to
know,
but
I
ran
out
of
space
for
her
to
write
her
titles
and
her
compliments.
So,
but
definitely
I'm
super
excited
for
her
to
talk
to
talk
to
her
too,
and
then
we
have
austin
from
premise
data.
C
I
don't
think
austin
has
ever
joined
us
on
this
call,
maybe
once
or
twice
sony
on
this
call
as
well
he's
going
to
talk
about
safe
policy
rules
for
get
ops,
we're
still
waiting
for
a
couple
more
approvals
before
we
finalize
the
schedule
and
move
things
around,
and
then
we
have
a
talk
on
azure
as
well
john
hillgrass,
who
typically,
I
think
not
here
today,
but
he
joins.
C
These
calls
as
well
he's
one
of
the
maintainers
too
he's
going
to
be
talking
about
patent
filtering
with
within
amazon
eventbridge
as
well
and
carl.
Our
friend
he's
got
today
on
as
well
he's
doing
a
presentation
as
well
like
how
you
can
replace
some
of
the
actual
management
controls
within
aws
with
custodian
and
save
a
lot
of
money
right.
Everyone
loves
to
save
money,
yeah
and,
of
course,
our
very
own.
C
Liz
and
jamison
have
a
session
as
well
talking
about
some
of
the
other
tools
within
the
custodian
toolbox,
but
it's
I'm
pretty
excited
about
the
lineup.
We
are
still
waiting
for
a
couple
of
more
talks
to
be
finalized,
but
I
think
for
our
first
big
community
day,
this
seems
to
be
a
pretty
decent
startup,
so
I'm
super
excited
and
if
you
can
help
us
spread
the
word
as
well.
If
you
haven't
signed
up,
please
sign
up
for
the
talk
and
I
believe
we
have
a
lot
of
people
signed
up
already.
D
C
So
this
becomes
great
content
for
everyone
in
the
community
afterwards
and
honestly,
a
lot
of
virtual
events,
because
especially
free
events.
A
lot
of
this
stuff
is
done
for
recordings
as
well
right,
it's
recorded
afterwards,
but
but
if
you're
at
the
event,
virtually
you'll
have
the
capability
to
interact
with
people
like
hopkin
has
some
networking
capabilities
as
well
and
unfortunately
we
really
wish
it
was
a
physical
event.
So
we
can,
you
know,
meet
each
other
and
network
and
really
do
the
community
piece,
but
we'll
try
and
best
to
do
that
within
hop
in
as
well.
A
A
This
was
not
obvious
to
me
when
I
first
went
to
the
page
until
you
scroll,
but
these
three
tabs
here
will
take
you
to
the
different
sections
of
the
page.
So
that's
really
handy
all
right
anything
else
for
governance's
code
day
with
cloud
custodian,
I'm
going
to
get
that
title
right.
Somehow,
so
all
right
and
then
the
final
reminder,
remember
you
don't
need
to
be
registered
at
cubecon
or
cloudnativecon
to
attend.
You
can
just
send
whoever
you
want
to
show
up
to
that
link
and
they
can
register
for
free.
A
E
E
E
E
Last,
I
can
remember
when
it
was
I
was.
I
went
on
vacation,
so
I'm
just
back
in
this
week,
so
just
trying
to
get
reoriented.
So
there
was
an
issue
that
had
come
up.
It
was
asking
about
filtering
cloud,
custodian
filtering,
so
client-side
filtering
versus
server-side
filtering
and
it
their
issue
made
the
point
that
maybe
it
might
be
helpful
to
include
that
in
our
documentation
that
server
side
filtering
is
available
within
a
policy.
E
Query
block
me
and
aj
talked
about
it
this
morning
and
we
decided
that
this
might
be
like
documenting.
This
might
be
something
we
want
to
tackle
in
this
week's
doc
sprint
because
there's
a
lot
of
questions
there,
such
as
and
most
importantly,
how
do
we
document
this
without
adding
unnecessary
complexity
or
confusion,
and
so
be
a
really
cool
practice?
I
think,
for
the
doc
sprint
to
go
over.
F
This
together,
yeah
there's
also
a
there's
a
good
amount
of
unintended
complexity
as
well
due
to
how,
due
to
how
server-side
queries
affect
caches,
affect
resource
caching.
In
many
cases,
it
will
decrease
cache
utilization
for
people
running
lots
of
policies
against
the
same
resource
type.
So,
in
addition.
E
Yeah
yeah
no
aj-
and
I
talked
about
that
this
morning
and
exactly
like
that's
would
be
the
challenge
here
is
making
that.
How
do
you
convey
that
as
clearly
as
possible,
because
yeah
it
is?
It
is
a
very
like
there
is
very
limited
use
cases
for
this,
or
that
would
call
for.
F
E
But
yeah.
F
I
would
definitely
it's
definitely
useful
to
go
through
some
a
couple
of
worked.
Examples
like
if
you
have
20
reference
policies,
and
I
got
a
resource
then
doing
a
server-side
filter
here-
probably
isn't
appropriate.
On
the
other
hand,
if
you
have
2
million
ebs
snapshots
and
you
need
to
get
through
them,
this
is
potentially
useful
for
you
worked.
Examples
is
probably
the
only
way
I
can
think
of
to
make
it
approachable
and
not
shoot
to
in
the
weeds
nuanced
and
somehow,
if
we
documented
on
the
resource
level,
what
the
server-side
specific
filters
are.
F
A
Question
for
the
group:
how
is
something
determined,
whether
it
supports
server-side
filters
or
not?
Is
it
a
certain
class
of
resources?
Is
it
arbitrary
or
so.
F
Filters
are
for
the
default
source,
which
is
described.
F
It
is
done
on
a
resource-specific
basis,
and
it's
typically
where
the
underlying
service
exposes
some
additional
filtering
capabilities
that
we've
exposed
it,
and
there
was
direct
need
to
do
so
so
ec2
instances,
ebs
snapshots
and
it's
pretty
ad-hoc
and
we'd
have
to
probably
go
through
some
stuff
to
to
be
able
to
document
that
fully
for
other
sources
like
aws
config.
It's
actually
a
generic
capability
that
applies
across
all
resources,
so
it
is
both
source
specific
and
in
some
contexts,
resource
specific
resource
types,
good.
A
To
know
all
right
well,
if
you're
looking
to
help
out
liz
and
I
meet
on
fridays,
and
that
meeting
is
open
to
anyone
on
fridays
and
we
basically
take
an
hour
pick
something
that
the
community
wants
documented
and
document
this.
And
how
do
you
find
that
out?
Well,
if
you
go
to
the
cloud
custodian
website,
you'll
notice,
a
new
tab
here
in
the
top
right
that
says
calendar,
and
if
I
click
you
click
on
that
it
will
take
you
to
the
cloud
custodian
community
calendar
which
were
able
to
merge
in.
A
You'll
see
this
meeting
on
that
calendar
and
you'll
see
the
weekly
doc
sprints
as
well,
and
we're
basically
going
to
work
on
adding
any
time
there's
more
than
one
or
two
custodian
people
at
any
given
conference.
We
can
add
stuff
in
there
so
that
you
can
see
where
they're
at
and
that
kind
of
stuff
so
definitely
check
that
out.
You
can
click
the
button
there
to
subscribe
to
that.
A
Yeah
I
was
like
mangling
iframes
by
hand
yeah,
I
didn't
like
that,
but
it
was.
It
was
definitely
fun.
It
was.
It
was
a
good
good
thing
to
figure
out
and
something
that
will
definitely
help
us
in
the
future.
Once
we
get
a
nicer
website
and
stuff,
we
have
a
better
idea
of
what
we
want.
I
think
that
totally
helps
okay,
so
that
covers
that
I
want
to
go
back
now
and
get
us
back
in
order.
So
this
this,
this
item
is
now.
We
discussed
that
kapil.
A
You
have
an
item
from
last
week,
working
on
getting
ci
down
to
under
five
minutes
and,
however,
it's
tangibly
related,
we
had
a
issue
that
liz
filed
that
the
doc
html
wasn't
generating
properly
from
the
source
for
the
docs.
So
I
kind
of
lumped
all
these
together
into
kapil's,
doing
a
bunch
of
work
on
ci
to
bring
the
time
down
and.
F
So
there's
it's
maybe
worth
taking
a
a
high-level
view
for
a
second.
We
currently
use
all
the
ci
systems
we
have.
We
have,
you
know
azure
devops.
We
have
github
actions,
we
have
a
custom
drone
server,
we
have.
We
have
some
code
build
doing
functional
tests,
we
have
a
lot
of
different
things
and
we
also
have
docker
hub
automated
builds
like
we.
F
We
have
a
a
bunch
of
things
and
there
were
I'd,
say:
there's
four
like
there's
a
couple
high
level
goals
here,
one
we
want
to
make
it
really
easy
to
contribute
and
make
the
we
don't
want
developers
to
have
to
page
out
after
they
do
a
pr
contribution,
and
so
this
is.
This
is
all
really
around
contributor
ux,
as
well
as
simplification
and
the
first
part
of
this
work
has
landed,
which
has
been
revamping
our
our
ci
pipelines
to
do
better
cache
utilization.
We,
I
think
we
seem
to.
B
F
Basically,
have
the
time
and
reduced
a
lot
of
variance
out
of
ci,
so
ci
should
fully
complete
your
first.
Your
first
ended
test
run
should
be
under
two
minutes
about
two
minutes
on
the
on
the
spot,
so
that
that
works
done.
I
think
we
have
a
separate
thing
of
I'd
like
to
kill
the
drone
server
and
move
that
the
doc
image
the
documentation
publishing
to
github
actions.
There's
a
third
one.
F
Here,
that's
been
requested,
and
I
don't
know
how
I
think
this
is
for
other
people
on
the
call
but
arm
image,
support.
D
F
Aarh64
specifically,
I
think
this
is
mostly
for
people
in
aws,
because
I
don't
think
the
other
clouds
even
have
those
as
far
as
graviton
support
and
due
to
some
complications
of
how
we
have
built
we're
directly
talking
to
docker
to
do
a
lot
of
our
image
publishing.
So
this
is
switching
out
some
of
that
api
usage
for
switching
out
to
docker
build
x.
F
The
hope
is
that-
and
this
is
also
in
the
hopes
of
currently
the
the
slowest
part
of
our
build
at
the
moment-
is
now
the
docker
building.
So
this
is
also
addressing
to
you
know
two
birds
with
one
stone:
let's
get
ar64,
let's
also
get
our
docker
build
times
to
the
two
two
three
minutes
by
taking
advantage
of
of
that
of
the
github
action
cache
so
docker
our
docker,
build
matrix
is
actually
also
a
little
complex,
something
that
gets
built.
F
F
So
there's
a
notion
here
of
at
least
getting
the
ci
portion
of
that
moved
over
to
github
actions
from
azure,
devops
and
and
the
process
of
that
also
getting
to
supporting
ar-64,
which
is
really
just
using
you
know,
cross
compilation
and
build
x
is
pretty
nice,
and
so
we're
just
going
to
utilize
that
I
don't
know
that.
There's
a
huge
amount
of
priority
attached
to
that
work
right
now.
It
is
it.
It
is
nice,
it's
a
nice
to
have
definitely
interested.
F
There
is
a
github
issue
for
aarh64
support
and,
if
arm
64
support
matters
to
you,
please
start
that
issue.
That
would
be
great
just
to
know
that
there's
interest
in
that
I've
also
been
debating
because
of
how
big
our
doctor
images
are
getting
potentially
splitting
out
on
our
official
publications
images
by
provider,
specifically
the
azure
image.
The
azure
sdk
is
extremely
bloated
just
because
of
how
microsoft
publishes
the
way
they
publish
their
sdk
it
it
is
represents
over
well,
almost
two-thirds
of
our
image
size
is
represented
by
the
underlying
azure
sdk.
F
So
potentially
looking
at
there
there's
multiple
options.
One
is
we
strip
the
azure
sdk.
They
keep
old
versions
of.
They
keep
old
generated
code
versions
for
things
that
we
don't
care
about.
We
can
and
there
have
been
publications
to
the
effective.
This
is
how
you
can
strip
the
sdks
of
those
old
versions.
F
The
other
one
is
just,
let's
just
publish
exactly
what
you
need.
I
don't
know
that
we
would
do
that,
I'm
not
I'm
I'm.
We
would
continue
to
retain
all
of
our
existing
images,
so
people
that
are-
and
I
think
even
for
c7
and
org
we
would
continue.
As
is.
I
think,
though,
that
we
would
add
to
our
build
our
image
build
list,
a
set
of
provider-specific
images
with
corresponding
labels
to
our
existing
versions.
So
if
you
know
you
just
care
about
aws,
you
can
just
I'm
still
still
kneeling
on
that.
F
There's
other
implications
on
some
of
that
stuff,
but
it
is.
It
is
a
thought
if
anyone,
if
that
sounds
interesting
to
people,
then
definitely
curious
to
hear
feedback
from
others,
but
and
then
keeping
going.
F
A
So
the
end
state
would
be
no
drone
at
all
correct.
Okay,
all
right
second
question:
everyone
on
the
internet
is
talking
about
signed,
docker
images
since
we're
in
there
anyway.
Does
it
make
sense
if
I'm
pulling
on
the
wrong
string?
Does
that
mean
no.
F
So,
there's
a
bit
of
fragmentation
inside
of
the
docker
ecosystem.
With
regards
to
signed
images,
there
is
the
mechanism
that's
built
into
docker
itself,
which
is
notary.
B1
there's
been
active
work
going
on
notary
v2
for
in
two
years.
F
I
don't
know
that
it's
actually
ready
in
the
interim
there's
also
been
a
project,
and
notary
is
based
on
the
update
framework,
tough
and
it
has
a
notion
of
how
do
you
handle
build,
serve
compromises
etc
with
regard
to
secured
supply
chain
and
it's
basically
just
a
set
of
delegated
and
private
delegated
key
hierarchy.
Let's
say
where
you
can
revoke
the
build
keys
as
far
as
how
that
actually
works.
F
The
other
interesting
stuff
has
been
coming
out
of
google's
cosign
project
and
sorry
sig
store
project,
and
I
the
those
tools,
are
extremely
usable
and
extremely
simple,
they're,
just
not
built
into
anyone's
workflow,
but
we
could
document
how
you
could
verify
your
image
and
on
the
issue
with
notary
v1
is
that
the
signature
is
tied
to
the
repo
location.
So,
if
you're
republic,
if
you
pull
the
image
and
you
publish
to
an
internal
repo,
you
effectively
lose
a
signature
with
cosine.
F
The
signature
is
a
side
car
that
is
verifiable
independently
of
image
movement,
and
it
just
uses
the
blob
capability
on
the
docker
registry.
The
challenge
I've
had
with
this
is
that
we
would
to
do
we
could
we
would
have
to
we.
We
would
not.
We
would
have
to
expose
the
master
keys
effectively
for
these
signatures
through
rci
infrastructure
without
taking
advantage
of
stuff
like
tough.
There
is
a
separate
issue.
There
is
a
separate
capability
for
cosine
to
actually
store
directly
inside
of
a
provider
kms
store.
F
There
is
also,
but
that,
of
course,
needs
provider
keys
if
we're
primarily
moving
to
github
actions.
That
also
has
its
own
problems
that
you
can
only
expose
those
off
of
master
and
it
also
revolves
around
static
keys,
which
we
don't
want
to
do.
There's
been
separate
work
done
by
github
itself
with
regards
to
open
oidc,
open
identity
federation,
which
can
work
to
get
you
cloud
provider
credentials
without
static
keys
associated
to
the
the
project
for
the
action.
F
A
F
Yeah,
there's
there's
a
good
amount
of
moving
parts
and
we
do
well.
We
we
want
to.
We
don't
want
to
introduce
additional
complications
or
false
instances
of
security,
and
so
that
that
would
be
the
only
other
consideration
around
it.
It's
just
making
sure
we
get
somebody
to
help
us
review
on
that.
Just
because
of
the
there's
a
and
there's
there's
a
good
number
of
moving
parts
in
this
stuff.
F
We
also
the
currently
the
nightly
functional
builds
that
we
run
against.
Each
provider
are
not
currently
accessible
to
the
community.
We
should
be
able
to
toggle
that
switch
relatively
soon.
F
F
The
the
cloud
accounts
get
exposed
in
the
build
logs,
I
mean,
there's
no
sorry,
you.
C
F
Ci
is
one
of
those
things
that
everyone
should
have,
but
it
is
definitely
it's
it's
definitely
the
achilles
heel,
with
god's
contribution
or
or
and.
E
F
And
or
value
on
a
short-term
basis,
so
finding
the
right
prioritization
for
this
stuff
is
the
open
question
with
the
garcia
general
builds
built
like
supply
chain
security
like
they
actually,
the
move
to
poetry,
for
this
actually
has
caused
a
significant
increase.
We
now
do
checks
on
validation
against
our
entire
dependency
stack
for
any
builds
or
any
ci.
F
F
Apply
to
an
end
user,
doing
a
pip
install,
it
does
apply
to
our
docker
image
distribution,
as
well
as
to
users
that
are
pulling
and
using
poetry
themselves
or
installing
from
get.
I
should
probably
rephrase
a
dan
developer,
install.
A
A
You
know
I
follow
a
lot
of
the
sig
store
stuff
and
seeing
a
lot
of
projects
announcing
that
they're
signing
stuff
and
seeing
how
they
do
it
and
stuff
has
been
pretty
visible.
So
I
think
I
thought
I
would
ask,
because
it
looks
pretty
cool.
F
Yeah
supply
chain
attacks
cover
a
large
variety
of
things.
The
simply,
then,
the
nature
of
assigning
things
still
means
that
your
ci
server
becomes
a
more
valuable
target,
which
is
what
and
frankly
that
that's
that's.
You
know
some
of
the
the
major
supply
chain
attacks
over
the
last
few
years.
Those
have
been
the
primary
point
of
compromise,
the
php
one
or
the
source
fire
one.
It
was
really
around
the
ci
systems
that
the
x
elevated
access
was
created
to
inject
things
into
the
distributions
got
you.
A
Moving
on
to
the
cncf,
easy
cla
bot,
kapil
kind
of
showed
me
his
workflow
on
how
we
manage
people
signing
the
cla
for
the
project
and
I've
went
ahead
and
joined
the
cncf
channel
for
that
and
gonna
work
with
other
maintainers
to
see
how
they're
kind
of
managing
those
assets,
because
if
there's
certain
things
that
we'd
like
to
be
able
to
do
in
there
that
we
can't
like
search
for
people
who
have
actually
signed
the
cla
by
name
and
all
sorts
of
good
stuff.
A
D
F
F
Yeah
we
want
to
make
it
a
little
bit
easier,
we'd
love
to
be
able
to
also
just
email
contributors.
Hey
you
want
some
free
swag
other
things.
The
current
the
current
mechanism
that
we're
doing
with
easy
cli
is
not
easy
and
we're
investigating
some
some
options
with
them
and
potentially
looking
at.
If
we
want
to
do
something
else,
it's
right
now.
I
think
we're
at
the
process
we're
just
trying
to
document
all
the
people
that
have
had
problems
with
it
and.
F
They've
had
just
so
that
we
can
go
back
to
these
easy
cli
as
an
upsearch
project
and
to
see
if
there's
any
addressability
around
these
usability
pain
points.
A
All
right
any
questions
on
the
cla
we're
working
to
make
that
better
events
are
already
covered,
make
getter
easier,
which
is
one
of
my
long
long
going
projects
here.
The
element
project,
which
does
a
little
gui
for
matrix,
did
a
major
release
either
this
morning
or
yesterday,
and
I've
been
kicking
the
tires
on
that.
So
if
you
actually
go,
if
you
go
to
the
cloud
custodian
page
and
then
you
click
on
community,
it
actually
takes
you
to
this
chat
thing.
A
If
you
click
on
matrix
and
keep
clicking
forward,
you'll
end
up
on
a
web
app
that
might
or
not
might
not
be
working
here.
That
kind
of
gives.
E
A
Oh,
it
wasn't
working
this
morning,
but
it's
working
today
because
they
were
doing
like
a
deploy
or
something
I
don't
know
so.
This
kind
of
gives
you
an
alternate
chat,
I'm
not
quite
ready
to
say
hey.
We
should
use
this
as
the
fault
of
things
like
that,
but
I
am
experimenting
with
different
uis
and
things
like
that
for
chat,
and
it's
got
like
nice
search.
I
don't
think
we'd
ever
use
anything
like
the
video
calls
or
the
voice
calls
or
any
of
that.
F
A
B
D
A
I
literally
saw
the
release
announcement.
While
I
was
doing
stuff,
I
have
not
other
than
log
into
it
to
make
sure
it
works
to
show
everyone
in
the
meeting.
I
have
not
tried
it
yet,
and
I
know,
there's
native
clients
has
this.
This
might
be
a
small
sample.
Has
anyone
tried
the
wechat
plugin
by
any.
A
B
Plugin
in
the
past
I
mean
it
works
if
you're
a
terminal
person,
it
works
pretty
well,
but
you
do
lose
some
of
the
some
of
the
details.
The
code
formatting,
the
emotion.
D
B
A
Yeah
cause
anyone
see
that
everyone
see
that
still
so
we
click
here,
see
and
part
of
the
problem
is
I'm
trying
to
figure
out
how
to
sometimes
I
try
a
new
client
and
it's
like
input,
your
server
data,
and
I
don't
know
what
to
put
in
there,
because
it's
some
matrix
bridge
thing.
So,
if
I
click
on
this.
A
A
B
A
F
F
A
Yeah,
that
is
better
okay.
Well,
the
the
multi-year-long
process
of
evaluating
gooeys
continues
so
good
to
know
there
documented
server
side
filters.
We
did
that
and
then
the
last
tip
of
the
day
that
we
have
is
aj
and
I
were
doing
some
digging
and
I
found
this
tools.
A
Kapil
kapil
knows
this,
but
just
for
everybody
else
in
the
custodian
source,
there's
a
folder
called
tools
in
there
dev
and
there's
a
bunch
of
convenience
scripts
there
and
for
part
of
the
talks
that
we
wanted
to
do
for
governance's
code
day.
We
wanted
to
show
hey.
A
You
know
what
are
some
of
the
things
that
things
that
have
landed
in
the
past
year
without
us
manually
having
to
the
through
github,
so
there's
a
changelog.py
in
there,
and
it's
got
lots
of
features
that
you
can
help,
including
date
ranges
so
you
can
put
in
a
year.
A
You
know
a
year's
worth
of
dates
and
get
a
year's
worth
of
changes,
and
you
can
also
do
stuff
by
release.
So
this
is
definitely
interesting
to
look
at
if
you
find
yourself
doing
git
log
and
oh
no,
I
think
I
could
put
together
a
bash
script
to
do
stuff.
We
found
that
there
were
some
things
in
here
that
are
already
are
already.
F
Done,
I
think
we
actually
documented
when
we
did
the
recording
on
the
doing
a
casino
release
live
in
this
meeting
actually
showed
using
that
to
generate.
This
is
what
generates
all
really
stands
for
releases
as
well.
B
E
B
You
know
it
would
be
really
cool
if
you
could
just
get
diffs
between
arbitrary
custodian
versions
and
like
oh,
that
would
make
sense
in
the
changelog
and
it
it
will
give
you
a
schema
diff.
If
you
give
it
a
release,
start
date
a
starting
release
rather
than
a
date,
and
you
leave
the
end
off
it'll
do
like
the
schema
diff
between
that
release
and
the
current
code,
and
that
part
I
had
missed
so.
B
So
now
that
is,
that
is
enshrined
and
I've
seen
it
in
the
notes
and
just
didn't
see
that
that
was
the
the
right
combination
of
parameters
to
to
make
the
script
generate.
Those
schema
changes.
So
that's
that's
neat.
A
Yeah,
so
if
you
find
yourself,
maybe
you
did
an
upgrade
and
you're
like
oh,
this
thing
changed.
I
wonder
where
it
changed.
This
tool
might
help
you
to
like
search
through
all
that
stuff
and
find
out
exactly
where,
where
the
zig
turned
into
a
zag.
Any
other
comments
on
this
one
this
this
was
a
lot
of
fun.
A
This
was
aj
and
I
got
to
sit
and
dig
through
a
bunch
of
stuff
and
try
to
figure
things
out,
and
that
was
fun
so
yeah
if,
if
you're
running
through
the
code
base-
and
you
find
a
cool
tool
or
something
like
that
by
all
means,
feel
free
to,
let
us
know
about
it,.
B
We
have
liz,
was
liz,
was
up
there
talking
about
having
tools
so
yeah.
A
Hey,
if
you
see
it,
if
you
see
a
file
in
there
that
ends
in
py,
it's
probably
a
talk,
see
that's
a
talk
idea
so
and
with
that
we've
reached
the
end
of
the
official
agenda.
The
the
pr
issue
thing
I
wanted
to.
I
wanted
kapil
to
take
more
time
to
talk
about
where
we
want
to
move
to
ci.
So
that's
a
lot
of
moving
pieces
and
felt
it
was
kind
of
important
to
go
through
that.
A
Does
anybody
have
any
agenda
items
or
anything
they'd
like
to
bring
up
pet
issues?
Did
something
burn
you
this
week
or
is
there
a
burning
pr
that
you
need
or
anything
like
that,
now's,
your
chance
to
say
hello,
and
if
not,
we
will
give
everyone
20
full
minutes
back
all
right
thanks!
A
Everybody
look
for
my
post
on
the
google
group
with
the
link
to
the
youtube
video,
the
notes
and
the
registration
and
all
that
stuff,
and
the
link
to
the
schedule
will
all
be
in
the
notes
and
so
hope
to
see
you
all
here
soon.
We
are
coming
down
to
what
two
three
weeks,
maybe
until
until
kubecon
so
hope,
to
see
all
of
you
there
and
happy
wednesday.
Everyone.