►
From YouTube: Cloud Custodian Community Meeting 20230207
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
Check out our Slack for more info! http://slack.cloudcustodian.io
A
All
right
welcome
everybody,
it
is
February
21st
2023,
and
this
is
the
bi-weekly
Cloud
custodian
community.
Meeting
two
quick
things
to
remember
is
that
we
do
record
these
meetings
and
put
them
on
YouTube.
So
please
be
cognizant
of
that
and
secondly,
we
are
under
the
cncf's
cut
of
conduct,
so
please
be
excellent
to
each
other.
A
A
Some
quick
things
before
we
get
started
just
a
heads
up
about
python
3.7
this
year.
If
you're
watching
this
in
the
video
Sunny,
is
there
any
releasings
that
we
want
to
talk
about.
B
C
Sorry,
the
music,
the
release
would
go
out
last
week
and
it
seems
to
be
a
recurring
problem
with
the
S3
output
stuff,
but
that
hasn't
really
it's
not
a
regression
or
anything
like
that.
It's
continued
headache
from
that's
their
output,
which
I
think
could
people
had
a
PR
out
for
other?
Could
people
talk
about
if
he.
D
Wants
I
mean
it's
regression,
I
would
say
it's
like
is
it's
I
think
it
goes
back
to
like
I
think
catalog
try
to
catalog
our
sword
industry
with
this,
but
I
think
it
goes
back
to
nine
like
roughly
914
what
was
the
last
version
without
it,
but
the
regression
Only
Hits
certain
people
at
certain
things,
but
like
the
way
we
stuck
like
a
get
bucket
location,
because
so,
if
it's
all
over
the
issue,
the
issue
was,
we
were
certain
people
that
were
operating
cross
region
or
across
cross
region
across
count
or
not,
and
we're
seeing
errors
on
rights
effectively
where
they're,
but
where
they
were
executing
from
Cascadian
from
a
different
region
than
where
they
wanted
to
write.
D
I
was
trying
to
figure
out
if
you
could
actually
do
it
via
some
form
of
embedded
policy
Etc,
but
like
nutshell,
it
wasn't
really
that
you
know
we
changed
permissions
effectively
on
something
common
and
it
wasn't
really
clear
that
it
was
liable
for
some
of
these
cases
that
we
were
being
used
for
AJ
added
in
the
ability
to
use
anonymous
HPA.
It
calls
to
figure
out
the
bucket
location,
but
we
were
doing
it
because
we
were
doing
it
down
at
the
output
level.
We
were
we.
D
We
would
get
that
we
would
do
those
curls
effectively
in
the
in
the
fan
out
in
the
leaf
location
for
something
like
c7.org.
If
you
ever
executed
against
100.
D
In
100
regions,
it's
a
hundred
two
thousand,
you
know
or
sorry,
ten
thousand
API
calls
and
so
moving
it
up
to
upper
level.
Moving
the
anonymous
checking
up
a
level
effectively
solves
both
issues
and
also
removing
the
the
old
API
call
introduction
that
we
did
so
that
this
there
there
was
a
lot
of
permutations
on
this
effectively.
D
You
can
now
explicitly
specify
your
output
region
on
your
bucket
when
you
pass
in
the
output
location
there
there,
the
other,
so
there
was
issues
with
Lambda,
was
one
of
the
issues,
because
so.
D
Issues
with
across
count
There's
issues
with
different
partitions.
This,
hopefully
resolves
all
of
them.
That's
probably
the
tldr
and
also
greatly
reduces
the
volume
API
called
or
HTTP
calls
we
have
to
make,
and
it
reduces
retries.
In
the
face
of
common
issues.
We've
seen
that
people
have
reported
as
far
as
intermediary
proxies
and
other
things
in
actual
HP
errors
or
slowdowns
from
the
actual
API
itself,
but
yeah.
F
Just
question
on
that,
so
this
is
kind
of
it's
been
a
I
guess,
an
issue
for
for
a
while
going
back
quite
a
few
versions.
This
isn't
something
that
yeah
is
found
on,
like
the
latest
release
or
anything
like
that:
exclusive,
okay,
cool.
D
Let's
go
back,
I
mean
9,
14
is
what
I
saw.
People
were
saying
they
were
running
back
to
trying
to
avoid
stepping
on
this.
You
know
things
yeah
some
degree.
We
tried
to
fix
it
multiple
times
along
the
way,
but
we
I
don't
think
we
nailed
it
until
until
recently,
cool.
C
D
Although
I
would
definitely
consider
a
patch
release,
I
don't
know
releasing
on
debt.
24
early
just
to
real,
like
I,
haven't
closed
out
the
underlying
issues
for
those
because
I
want
it.
I
want
things
to
be.
We
haven't
gotten
to
that
level.
Yet,
generally
speaking,
we
we've
generally
closed
issues
and
easily
they
hit
trunk,
but
like
at
a
certain
degree
of
maturity.
D
You
don't
close
the
shoes
until
a
user
can
get
the
release
in
their
hands,
and
so
we're
like
at
least
for
these
I'm,
not
not
going
to
do
it
because
it
was
regression
until
it's
actually
available.
So
I
definitely
would
consider
pushing
up
924
to
the
first
week
of
March.
D
D
There
it
was
it's
a
close
PR
from.
D
Got
you
I
tried
a
document
the
journey,
although
I
don't
know
if
I've
documented
the
actual
fix
but
yeah
cool,
ldr,
I
think
for
the
actual
books,
yeah.
F
A
F
Yeah,
so
we
noticed
Darren
umita,
just.
F
We
have
some
policies
that
are
kind
of
config
based
and
they're
checking.
You
know
they
were
checking
specific.
You
know,
attributes
that
were
available
only
on
basically
provision
clusters
with
this
change.
This
adds
in
a
serverless
resource
types
as
well
is
my
understanding
so
this
you
know
this
looks
like
it's
going
to
break
some
of
our
existing
Integrations.
Basically,
because
now
we're
getting
serverless
resources
and
we
don't
see
a
way
to
basically
like
server
side,
filter
those
things
out
so
just
yeah.
F
It
was
just
a
call
out
really
that
you
know
this
right.
D
So
I
think
something
I'm
just
thinking
a
lot
like
we
we
collect.
Is
there
a
way
to
tell
inside
of
a
given
cluster
if
it's
serverless
or
not,
because
I
think
it
was
in
the
enclosure,
get
into
the
data
structures
and
we
remove
the
enclosure.
D
I
don't
know
if
it
was
still
distinguishable
directly
from
the
underlying.
You
know
resource
itself
as
like
an
additional
value,
filter
yeah
there.
C
Should
be
so,
can
you
go
to
files
changed
George,
no.
G
I
believe
it
should
be
like
a
API.
It
does
allow
you
to
pass
in
a
filter
to
say
what
kind
of
cluster
you
want
to
list.
C
Yeah
but
from
a
client-side
filtering
perspective,
so
let's
go
up
a
little
bit.
There's
that
serverless.
F
F
We
see
that
cluster
type
was
added
so
now,
with
this
version,
we're
able
to
you
know
basically
just
do
like
a
value
filter
thing,
but
the
problem
is
with
config.
Is
it
still
lists
out
the
resources
so
like
we
still
will
have
the
resources
showing
as
compliant
or
non-compliant
and
something
we
notice
with
the
serverless
resource
types
in
AWS
config
is
the
mapping
is
actually
incorrect
and
we
don't
know
why
that
is.
That
might
be
a
limitation
on
the
config
side,
but
for
provision
clusters,
the
config
mapping
shows
up
beautifully
for
serverless.
F
F
D
As
well
like
wanting
to
Target
a
a
configurable
policy
at
just
a
subset
of
the
full
resources
like.
D
And
so
I
think
I
I.
When
we
went
to
merge
that
I
think
there
was
also
I.
Think
I
added
the
notion
of
like
hey.
We
could
have
a
a
not
or
I
forgot
the
phrase
for
config
not
evaluated.
Not.
D
We
could
add
an
additional
set
of
filters
under
mode
for
the
resources
that
we
are
like
these,
like
not
sorry
not
applicable,
so
that
when
we
get
when
we
go
to
evaluate
the
resources,
we'll
additionally
evaluate
those
those
sets
of
filters
and
if
they
match,
then
we
because
I
mean
it's
three
valued
logic
right
right
now,
we're
just
in
bullying
where
we
just
do
compliant
knock-up
line.
But
if
we
add
in
the
third
option.
Third,
the
third
set
of
make
that
available.
D
Is
it
an
initial
set
of
filters
that
are
not
in
the
policy
body
but
are
actually
in
the
mode?
Then
we
could
get
that
additional
three
value
logic,
which
will
give
better
separation.
G
Do
you
prefer
that
over
just
adding
support
for
Server
side
filter.
D
G
D
D
Yeah,
this
gives
us
something
that
we've
already
seen
before,
and
it
gives
us
a
workaround
for
this
and
future.
G
G
Stephen,
you
understand
what
people
are
saying,
because
we
were
talking
about
adding
it
at
the
silver
side,
but
then
to
do
that,
it
will
be
more
like
specific
to
its
resources.
But
here,
if
we
do
it
at
the
config
level,
we
can
add
in
a
new
feature
to
a
country
polo,
for
example,
that
allow
us
to
do
additional
filtering
to
only
filter
the
the
resources
that
we're
interested
in,
and
that
would
be
a
better
song
for
any
future
resources
that
might
have
the
same
problem.
F
C
I
mean
I,
think
the
server-side
query
stuff
like
yeah
I,
do
agree,
though
we
should
probably
just
put
that
in
anyway
that
can
close
a
gap
for
the
time
being.
Yeah.
G
We
might
yeah
here
we
go
yeah
we
might
put
in
in
a
quick
ad
for
that
just
so,
we
can
upgrade
to
the
latest
version
and
work
on
the
longer
to
make
soon.
B
F
Evaluating
provision
types
for
non-compliance
and
then
just
you
know,
show
serverless
clusters
as
compliant
but
yeah.
We
do
sort
of
have
that
config
mapping
issue
and
then
we
have
kind
of
Downstream
collections
on
the
evidence
and
that
sort
of
affects
that
as
well.
So
yeah
sounds
like
a
couple
options
so.
D
A
combination
of
a
chat
here
that
I've
linked
to
through
the
issue
where
I
was
trying
to
talk
about
understanding
this
issue
more
fully
against
the
RDS
case,
but
also
trying
to
propose
something.
But
if
you,
if
you
do
want
to,
if
you
want
to
do
the
server
side,
filtering,
that's
fine
and
great.
If
you
want
to
explore
additional
capabilities
on
config
rule,
to
have
non-operable
be
able
to
be
used,
definitely
happy
to
do
a
breakout
on
that.
A
And
there's
there's
the
comment:
okay,
anything
else
on
this
one.
C
So
the
main
issue
is
that
config
doesn't
seem
to
display
the
results
properly
as
well.
That's
it's
part
of
it
right.
Yeah,.
F
Yeah,
that's
the
issue
on
the
config
said.
Is
you
know
basically
that
resource
you
know
I'm,
not
sure
if
it's,
because
maybe
it's
expecting
a
different
CFN
type
potentially
for
that
resource?
Maybe
it's
expecting
a
different
resource.
Id,
maybe
config
just
doesn't
support
it.
You
would
think
that
whatever
you
pass
in
for
provision,
you
know
the
CFN
type
and
then
also
the
resource
ID
would
work
the
same
for
serverless
when
you
add
it
to
config
but
yeah
we're
noticing.
F
If
you
drill
down
on
the
resource,
there
is
a
mapping
here,
so
you'll
see
that
config
is
unable
to
identify
that
resource
which
we've
seen
you
know.
B
F
F
C
Okay,
gotcha,
but
there
is
a
I
mean,
but
you
would
write
like
eventually.
You
would
write
a
policy
to
check
for
serverless
as
well
in
terms
of
compliance,
whether
I
mean
I,
don't
know
exactly
what
policy
you're
writing,
but
I
mean
there
would
be
a
equivalent
for
serverless
or
or
no
is
it
like
specifically.
F
B
F
Example,
if
you
want
to
check
for
say,
data,
encryption
right
or
encryption
at
rest
or
something
there's
a
specific
attribute,
you
need
to
pull
for
provision,
whereas
for
a
serverless
doesn't
have
that
attribute,
I
believe
it's
encrypted
by
default,
so
we
would
like
to
bundle
policies.
F
Another
example
of
where
it
doesn't
make
sense
for
serverless
is,
if
you're
looking
at
the
per
topic
per
broker
enablement,
you
can't
there
is
no
equivalent
check
for
serverless,
so
that
doesn't
really
make
sense.
So
in
that
case,
it's
probably
better
to
try
to
exclude
serverless
clusters.
C
Okay,
gotcha
thanks
for
the
the
context.
B
A
This
this
was
the
one
you
all
talked
about
when
I
was
disconnected
right
here,
yep
yep,
all
right,
so
that
leaves
that
that
is
everything
we
have
on
the
agenda.
So
far,
any
any
of
these
PRS
here,
jumping
out
at
everyone
at
anyone.
G
All
right
so
I
don't
have
any
PR
or
issue
specific
topic
to
talk.
A
G
Have
something
more
high
level?
It
was
ready
to
move
on
yeah,
so
yeah.
This
is
relate
to
the
whole
compliance
thing
that
we're
talking
about.
This
is
again
high
level
questions
for
c79
community,
and
maybe
even
for
stackler
too,
which
is
you
know.
G
D
In
production
on
AWS
I
think
the
number
of
the
I
last
saw,
which
came
from
someone
somewhere
I,
can't
disclose.
I
was
around
three
thousand
three.
G
D
Do
not
use
config,
they
use
to
Syrian,
typically
in
replacement
for
config
in.
D
A
lot
of
AWS
Pros
serve
right
now
has
deployed
it
as
a
set
of
config
has
used
the
configurable
capability
set
fairly
extensively
in
customer
engagements.
The.
G
One
one
of
the
thing
that
we
keep
on
hearing
back
from
the
security
team
and
when
they
work
with
the
auditor
is
that
a
lot
of
time
like
how
reputable
how
Choice
worthy
the
finding
or
the
evidence
from
cloud
custodia
versus
others
right
so,
for
example,
a
lot
of
the
things
that
that
Stephen.
When
we
talk
about
in
Conflict,
we
need
to
have
the
right
mapping
of
the
resource
and
then
the
there
there
has
to
be
evidence
right
under
inside
conflict.
G
The
resource
the
details
info
feel
we
should
have
all
of
the
appropriate.
You
know
evidence
things
like
that,
and
what
we
have
found
is
quite
a
few
for
some
of
the
resources
that
just
not
well
supported
in
Conflict,
for
example,
right
and
it
just
end
up
on
our
side.
We
have
to
do
additional
things
to
grab
additional
informations
to
provide
additional
evidence.
So
I'm
just
curious.
You
know
if
other
companies
have
run
into
the
same
problem
with
either
conflict
or
they
have
found.
G
Are
they
not
using
conflict
they're
using
security
Hub
where
they're
just
post
finding
to
security
help?
But
then,
when
you
post
finding
I,
don't
think
you
have
evidence
either
I
think
the
key
thing
I'm
trying
to
get
here
too,
is
the
evidence
part
which
I
find
to
be
something
that
is
inconsistent
across.
You
know
the
different
tools.
D
Or
Services
yeah,
or
whatever
very
specific,
AWS
Services,
let's
speak
where,
like
other
providers
are
different,
the
I
mean
the
AWS
Services
all
have
very
bespoke
mappings
and,
as
you've
noticed,
some
of
them
are
error.
Print,
like
kidvic,
supports,
select
resources
for
30
out
of
the
100.
That
says
it
supports.
You
know
like
where
you
get
the
differential
API
support
as
well,
and
the
mapping
is
arbitrary.
Security.
Hub
is
also
very
arbitrary
mapping
on
resources
like
and
a
lot
of
it.
D
A
lot
of
it
goes
to
underlying
database
technology
choices
that
unfortunately
leaked
through
to
the
the
consumer,
API
the
client
API
David.
You
want
to
weigh
on
this,
go
for
it.
E
Yeah
I
mean
we,
we
don't
heavily
rely
on
config
because
there's
just
too
many
damn
holes
in
it,
I
mean
we
love
AWS,
but
it's
just
too
holy
for
us
and
currently
I,
don't
like
wheat
attempt
to
do
a
lot
of
stuff
on
net
new
resource
creation,
and-
and
that's
not
really,
it's
sure
you
can
attempt
to
do
that
with
config.
E
But
by
the
time
you
get
the
data
it's
too
late
to
actually
take
action
on
something
you
really
care
about,
not
too
late,
but
it's
too
dangerous
like
if
I
have
somebody
spinning
up
an
RDS
and
they
forget
to
encrypt
it
somehow
or
they
make
it
ugly
accessible.
I
want
to
deal
with
that
immediately
and
config's
never
going
to
give
you
that
so
I
mean,
and
we
don't
I
mean
to
be
clear.
E
So
we
have
multiple
lines
of
Defense,
but
our
our
testers,
who
are
outside
of
my
group,
will
go
into
an
account
specifically
set
up
for
testing
of
our
controls
and
they'll,
create
known
bad
things
and
basically
collect
their
own
evidence
that
way,
so
they
they
know
that
in
my
environment,
if
you
create
an
S3
bucket-
and
you
decide
not
to
put
a
any
policy
on
it
at
all,
but
we're
going
to
do
something
about
that.
E
E
They
used
to
make
me
go,
hunt
down
the
emails
from
all
the
users
and
then
collect
all
the
evidence,
but
they've
gotten
to
the
point
now
where
our
Auditors,
just
you
know,
create
bad
resources
and
see
what
we
do
about
it,
which
is
a
little
bit
hanky,
but
I
mean
about
95
percent
of
our
Cloud.
Controls
are
managed
through
custodian
and,
and
you
know,
evidence
has
become
basically
they
collect
their
own
evidence.
That's.
G
And
in
terms
of
statlet
I
noticed
that
you
guys
have
these
compartment
packs.
Have
they
been
vetted?
Have
they
been
looked
by
third-party
vendors
or
certified
anything
like
that.
D
So
I
don't
know
if
this
is
the
right
form
for
that
discussion.
But
I
am
you
know,
happy
to
to
have
a
conversation
about
it.
That
would
probably
like
definitely
trying
to
keep
a
reasonable
wall
on
community
versus
yeah
yeah
virtual
products
in
the
space.
D
So
yeah
I'll
leave
that
there
I
mean
I'm
happy
to
talk
about
our
experiences
but
like
in
terms
of
like
product
features
and
like
pitches,
then
that
that
feels
not.
You
know.
D
I
did
want
to
ask
people
about
C7
on
the
left
and
evaluating
terraform
earlier
in
the
pipeline.
D
I
was
looking
at
our
download
numbers
for
it
instead
of
pretty
low,
but
it's
really
awesome
and
we're
trying
to
build
out
some
more
stuff
on
it.
This
is
basically,
and
so
I
was
just
curious.
Like
are,
are
people
interested
in
like
doing
enforcement
earlier
in
the
pipelines?
Do
you
have
access
to
be
able
to
push
things
to
pipelines?
Does
like
oh
heck,
resonate
in
general.
G
Yeah,
definitely
for
us
into
it,
that's
something
that
we
are
actively
working
on.
Unfortunately,
we're
not
a
terraform
shot.
I
think
I'll
mentioned
that
to
you
before.
Right
now
is
CFN
and
ncdk,
and
then
we're
also
doing
outside
of
cloud
resources
too,
but
with
the
kubernetes
resources.
But
for
that
we're
looking
more
into
existence
for
like
gatekeeper,
I,
think
I
mentioned
that
before
when
Sunny
was
demoing,
some
of
the
community
related
stuff
yeah.
G
So
that's
what
we're
doing,
because
definitely
a
shifting
left
and
shifting
and
doing
things
outside
of
cloud
resources.
That's
something
that
were
interesting.
D
B
D
Policies
would
be
compatible
between
the
two
there,
where
a
policy
right
against
the
left
would
work
against
the
right.
Would
that
provider
noted.
G
Yeah
definitely
interesting
in
well
system
and
can
can
support,
because
right
now,
as
I
mentioned,
we
have
I
would
say
two
policies,
languages
that
we
use
like
one
for
I'll,
say
runtown
right
and
then
one
for
Bill
town.
But
since
we
are
right
now
we're
using
Lego.
This
is
just
for
fighting
policy
to
check
against
confirmation
champion
at
DOTA.
G
So
we
have
our
cicd
Pipeline
and-
and
you
know
anytime,
when
people
want
to
deploy
some
confirmation,
changes
go
to
our
Pipeline
and
we
have
record
policies
to
check
and,
of
course,
we
we
want
to
have
a
single
policy
language
that
can
use
across
both
runtime
and
built-in.
That's
that's,
for
us
is
the
ideal
state.
D
G
And
then
one
thing
then
we're
talking
about.
Have
you
heard
about
config,
proactive
mode.
D
Yes,
there's
a
pair
up
for
it.
I
realize
it's
almost
useless
like
so
our
previous
discussion
about
config
I
think
because
I'm
being
polite,
so
I
I
thought
it
was
actually
looking
at
the
CFN
hooks,
but
it
doesn't
do
that.
B
D
It
is
is
a
note
on
the
effectively
the
proactive
part.
Is
you
do
more
work
yeah
so
effect,
so
there's
a
peer
up
for
it.
I
can
merge
it
like
it's.
It's
it's
harmless
and
easy
to
do
and
I
tested
it
out,
but
like
it
basically
means
that
you
have
to
extract
from
your
template
like
if
you
can
track
your
research
from
your
templates
in
a
very
particular
format.
Yeah.
G
That's
the
problem
right
now.
Is
they
don't
support
template
level?
They
you
have
to
grab
the
exact
I
would
say
the
resource
that
is
being
changed,
which
we
did
provide
feedback
to
them
and
they
actually
say
that
that
is
the
number
one
feedback
that
or
the
the
users
or
beta
user
I'll
be
giving
them.
So
they
do
plan
to
have
support
for
template,
support
and
adding
support
to
CFN
hook.
D
G
D
So
it
almost
feels
useless
to
me,
like
rather
I'm,
happy
to
support
it,
but
like
there's
the
laundry
list
of
caveats
on
it
is
pretty
large,
but
from
a
offering
a
general
capability
here,
it's
awcc
provider
supporting
CFN,
hope,
directly
and
I
made
a
stab
at
that
earlier,
but
I
for
poor
choice.
In
my
part,
I
I
tried
to
not
use
the
SDK
that
they
provided
and
it
caused
it
sort
of
exhausted
the
time
that
I
had
on
it.
I've
been
sorry.
Let
me
pull
off
what
I'm
talking
about.
D
Yeah
so
I
had
a
draft
hook
where
I
try
to
ask
you
the
use
of
the
of
the
CFN
hook,
SDK,
partly
because
it
was
using
a
couple
of
encryption,
libraries
that
felt
like
Superfluous,
and
it
wasn't
really
quite
why
they
were
exhumed
that
way,
because
it
would
get
to
kmf
decrypt
call.
But
at
this
point
there's
enough,
like
there's
enough
magic
under
the
hood
on
how
CFM
the
environment
that
CFN
hooks
operate
in,
because
it's
not
actually
a
Lambda.
D
It's
like
running
on
82
instances
inside
of
the
cloudformation
accounts
the
words
a
little
bit
weird
and
you
have
to
do
a
lot
of
multiplexing
between
different
credentials
and
different
environments
that
it's
probably
better
just
to
use
the
the
underlying
SDK.
D
But
to
answer
to
get
back
to
your
point
like
yes,
we
can
support
proactive
mode.
It
looks
almost
useless
to
me
and
second,
we
will
support.
We
can
support
CFN
hook
mode,
but
we'll
do
that
directly
and
it'll
be
independent
of
this.
Obviously,
if
they
eventually
supported
that
the
then
we
would
get
that
for
free.
B
I
didn't
want
to
let
the
meeting
close
without
saying
thanks
to
Darren
for
the
shield
work
that
Shield
the
elastic
IP
wonkiness
since
we
talked
about
resource
ID
mismatches
earlier.
That
was,
that
was
a
a
weird
one
and
definitely
did
not
have
the
resource
available
to
test
that
properly.
So
thanks
a
lot
for
picking
that
up.
G
A
D
All
right,
actually,
this
is
not
a
good
topic.
I'd,
like
you'd
like
to
get
to
Black
in
automatic
formatting
and
there's
a
proposal
up
as
a
GitHub
issue
and
so
I'm
trying
to
like
it's
good
practice,
anyways
but
I'm,
trying
to
draw
down
on
some
of
our
stuff,
so
I'm
trying
to
draw
down
on
some
PRS
and
just
get
through
some
stuff.
D
There's
some
additional
tooling
I
built
and
tools
just
to
show
like
what
are
the
open,
PRS
open
against
directory,
because
we're
gonna
have
to
do
this
incrementally
I.
Think-
and
here
let
me
drop
the
issue
if
I
could
find
it.
D
B
E
D
You
know
we
have
like
what
370
contributors
and,
like
everyone
comes
with
a
different
style
and,
like
you
know,
it
shows
different
files
like
it's
potpourri
and
what
you're
gonna
get
per
se,
and
this
will
give
us
a
little
bit
of
uniformis
and
I've
resisted
it,
mostly
in
the
past,
mostly
because,
like
we
have
so
many
extent,
PRS
like
like,
if
you
use
a
launcher
on
some
like
use
a
formatter
on
something
you're,
gonna
break
every
extent
PR
against
that
file,
and
it
was
just
hard
to
draw
down,
but
I
wanted
to
treat
it
like.
D
And
then
it
goes
into
like
it
won't
fail
again
on
Python,
3
and
sort
of
just
do
it
as
a
more
gradual
approach
from
the
for
the
purposes
of
like
blame
tools
and
other
things.
There's
a
there's
like
a
get
ignore,
commit
that
there's
a
way
to
configure
git
as
well
as
GitHub
to
ignore
certain
formatting
only
commits
so
we'll.
Just
add
to
that
as
we
do.
D
This
incrementally
I
did
want
to
at
least
try
to
get
one
big
batch
up
the
tool
that
the
tool
that
I
built
to
try
to
make
this
recent
rational,
reasonable
about.
D
Was
this
thing?
It's
also
just
useful
I,
think
in
general,
but
it
can
show
you
like
which
PR
is
such
a
certain
directory,
so
to
speak,
but
it
basically
grabs
all
the
xmprs
grabs
all
the
files
in
them,
and
then
you
point
it
to
local
directories
and
then
lets
you
figure
out,
which
ones
have
been
changed.
This.
A
Is
this
is
PR
check.py
you're
talking
about
right.
A
D
More
it'll,
be
it's
already
a
habit
actually
on
on
one
directory
for
the
C7
unlock
repo
sorry
directory
has
is
currently
has
CI
checks
on
black
got.
You
we'll
just
add
to
that
list
effectively
so
effectively,
you'll
basically
get
a
lymph
failure
on
as
we
gradually
gobble
this
up.
A
D
Not
fully
flushed
out
yet
like
okay,
all
right,
like
my
main
goal
at
the
moment,
was
trying
to
draw
down
as
much
as
possible
on
xmprs
there's
a
list
of
like
20
directories.
We
could
just
do
right
now,
yeah,
and
so,
but
after
that,
I
think
like
after
we
do
an
initial
batch
I
think
it's
going
to
be
an
open
question
like
I.
Think
it's
good
to
be
here
in
bubble
on
like
old,
PR
review
and
being
like.
Does
this
still
make
sense?
D
Is
this
merge
a
bowl
is
this?
Is
this
you
know
like
it'll,
be
a
lot
of
PR
review
triage
because
I
don't
want
to
enable
it
on
PR's.
If
we
have
a
PR
that
we
made
conceivably
merge
against
something,
then
against
a
directory
that
isn't
formatted
yet
or
then
we
shouldn't
enable
formatting
on
that
directory
until
that's
merch
right.
D
D
D
Right
well,
it'll,
the
NCAA
is
removing
all
the
individual
directory.
Lensing
commands
got
you.