►
From YouTube: Cloud Custodian Community Meeting 2022-04-26
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/cloud-custodian/community/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
All
right,
everyone
see
the
notes
we
have.
The
agenda
item
welcome
everybody.
The
date
is
april,
26
2022,
and
this
is
the
cloud
custodian
community
meeting
for
today.
As
always
just
a
reminder,
we
do
record
these
meetings
and
put
them
on
youtube
and
the
cncf
code
of
conduct
is
in
effect.
So
as
always,
let's
be
excellent
to
each
other.
A
bunch
of
us
are
in
seattle
right
now.
It's
sprinting
for
stockton,
where
we
work
so
aj
jameson
myself.
A
Liz
are
here
along
with
tori
and
we
wanted
to
keep
the
schedule
of
the
community
meetings
going
and
because
we
have
some
stuff
that
we
want
to
cover
and
yeah.
So
we're
going
to
go
through
the
agenda
and
we're
going
to
go
through
some
of
the
pr's
and
stuff
that
have
been
active
this
week,
as
always
the
open.
A
So
if
you
have
anything
that
you
would
like
for
us
to
discuss
in
the
url
there
for
the
notes
feel
free
to
just
add
it
directly
to
the
to
the
notes
and
then
we
will
get
to
it.
First.
Two
things
on
the
agenda
are
just
some
reminders
of
activities
that
are
coming
up.
So
pycon
is
happening.
That's
this
weekend,
then
right
yeah
this
weekend
and
aj
is
going
to
be
there
and
attending.
A
So
if
you're
go
click
through
there
and
there's
the
information
for
attending
the
event,
so
I
hope
to
see
you
there
and
aj
will
buy
you
better
products.
A
Next,
if
you're
going
to
go
to
kubecon,
we
we
looked
up
a
quick
survey,
monkey
link-
if
you
could
answer
it,
we
just
want
to
know
who's
going
to
go
a
coupon,
so
we
can
try
to
organize
a
dinner
or
get
together
or
something
like
that.
So
for
that
we
just
need
your
email
address.
So
if
you're
going
to
that-
and
you
want
to
check
us
out
at
kubecon,
then
we
will
do
that
all
right.
A
Okay,
first
things:
first
neil
got
kovic
on
his
way
here
to
the
spring,
so
I
know
that
we've
had
some
issues
that
we
want
to
block
as
unboxed
as
far
as
pr
reviews
and
things
we're
not
going
to
be
able
to
actively
work
with
him
for
a
while
he's
in
his
room.
He's
feeling
he's
feeling
fine
he's
okay,
but
he's
just
having
any
capacity
to
work,
probably
for
the
next
two
weeks.
He
might
be
stuck
here
in
seattle,
so
he's
not
even
gonna
be
able
to
travel
home.
A
So
apologies
for
that.
I
know.
We've
had
a
lot
of
work
items
that
have
been
depending
on
compeel's
review
and
we
just
made
every
everything
just
got
a
little
bit
harder
for
us.
So
apologies
for
that.
If
you've
been
waiting
on
my
work
but
we're
going
to
try
to
work
through
it,
because
I
mean
what
can
we
do
right,
anybody
got
any
concerns
or
comments
or
anything
of
that
nature.
He
sends
his
regards.
A
A
Here
we
go
you.
You
had
some
items
from
I'm
looking
at
aj,
yeah
aj
had
some
items
from
last
meeting.
A
You
were
working
on
your
your
team
was
working
on
that
config
poll
rule
mode.
We
did
get
that
one
merged
in
I.
You
may
have
seen
kathie's
comments
on
that
one
I
I
finally
so
I
was
helping
trying
to
add
some
documentation
and
the
documentation
was
was
not
clear
enough.
So
apologies
for
that.
I
took
your
perfectly
fine
pr
and
and
added
some
mud
to
it.
So
we'll
try
to
we'll
try
to
get
a
follow-up
to
clear
that
up
a
little
bit
so
claire.
A
A
The
the
reason
that
we
would
want
this
mode
was
when
we
want
a
related
resource
to
trigger
a
new
rule
evaluation,
and
I
tried
to
add
the
the
logic-
was
all
fine
in
the
pr
so
trying
to
help
for
when
people
are
browsing,
why
they
would
need
this
thing
in
the
first
place.
I
think
when
I
added
the
dots
it
suggested
that
you
wouldn't
need
it.
A
If,
if
you
were
filtering
on
a
related
resource
and
that's
just
not
it,
it's
not
true,
and
it
was
a
good
call
out
from
kapil,
so
it's
good
to
make
another
update
functionalities
there.
I
think
it's
useful,
as
is,
but
just
I
mean,
as
always,
making
the
dots
a
little
bit
clearer
is
nice.
B
C
Having
difficulty
with
the
deployment
population
of
pipeline
for
documentation
right.
A
That
is
funny
that
you
mentioned
that
one,
because
I
do
have
a
pr,
so
I
wanted
to
keep
it
separate
from
the
new
release.
Okay,
because
I
know
sunny
thanks
to
sunny,
he's,
got
a
lot
of
work
on
some
dependency
updates
for
the
next
release,
gotcha,
but
we'll
get
to
those.
We
should
talk
about
yeah,
we'll
definitely.
E
A
About
that,
but
I
do
have
a
draft
piece.
I
will
pop
that
here,
and
this
is
a
pretty
big.
It
ends
up
being
a
pretty
big
change
only
because
of
a
lot
of
ripple
effects
and
that's
including,
and
it
ties
into
what
you're
talking
about
during
the
talks,
because
we're
going
to
specify
all
of
the
ideas
of
the
proposal
yeah,
it
is
to
specify
all
of
our
subprojects
like
the
tools
mailer.
A
7216,
just
click
on
one
and
then
change
the
number
yeah
yeah,
yeah
cool,
so
yeah.
The
idea
is
to
have
all
of
those
projects
as
dev
dependencies.
So
when
we
run
a
poetry,
install
it's
going
to
do
editable,
installs
of
all
those
sub
projects
and
that
way
we're
looking
at
the
whole
resolving
dependency
tree
once
all
at
the
top
level
heading
out
into
all
those
sub
projects.
We
have
our
base.
We
end
up
with
a
pretty
gigantic
poetry,
lock
file,
but
what
was
happening
before
and
suddenly.
I
know
you
ran
into
this.
A
I'm
sure
other
folks
who
have
been
trying
to
do
a
make
and
stall
poetry
have
run
into
this
weird
sort
of
thing
where
it
progresses
through
multiple
installations
and
it's
kind
of
toggling
between
installing
and
uninstalling
packages
and
you're
wondering
what
the
heck
is
it
doing,
and
it's
just
because
there's
the
the
specific
requirements
vary
by
project
and
we're.
A
So
we've
got
like
multiple
dependency
resolution,
the
trees,
dependency
trees
at
per
sub
project
and
we're
kind
of
having
them
compete
at
install
time,
and
it's
just
kind
of
a
pain
for
people
who
want
to
contribute-
and
it's
scary
enough
that
I
now
left
the
meeting.
But
but
I
don't
like
this
yeah
yeah,
I'm
gonna
help
you
but
yeah.
So
the
idea
here
is
to
pull
everything
back
but
making
that
change
so
that
everything
is
part
of
our
root
dependency
tree
that
just
that
affects
a
lot
of
things.
A
One
of
those
is
updating
the
depth
of
the
install
yeah
to
say
that
we're
not
going
to
use
talks
anymore
because
we're
pulling
away
from
that
and
we're
just
doing
this
we're
getting
into
I
mean
making
soul
poetry
ends
up
being.
It
was
a
convenient
single
command
to
wrap
multiple
poetry
and
stalls
right
with
this
change.
It
just
becomes
like
an
alias
for
poetry
and
soul.
Basically,
we
just
keep
it
around
for
compatibility,
but
there's
yeah.
A
A
Right
and
we're
trying
to
get
off
of
that,
but
having
a
more
consistent,
predictable
developer,
install
gives
us
a
a
a
single
main
virtual
environment
that
we
can
also
use
to
reliably
build
docs.
We
were
having
some
issues
before
where,
depending
on
the
order
that
that
your
package
is
installed,
your
your
your
environment,
you
might
not
be
able
to
build
the
docks
properly
right.
I
knew
you
ran
into
some
weird
issues,
right,
yeah,
yeah,
and
then
I
wasn't
able
to
vote
so
will.
A
Yeah,
but
so
this
one,
if
anyone's
interested
in
this
sort
of
thing
or
wants
to
try,
it
feel
free
to
check
out
this.
Is
I'm
keeping
this
as
a
draft
right
now,
because
it
is
like
at
one
level
it
looks
like
a
really
minor
change
and
then
it's
like
you
pull
the
thread
and
the
whole
sweater
falls
apart,
yeah,
so
just
to
give
people
a
quick
summary
of
the
background
here.
A
Custodian's
pretty
old
in
a
lot
of
the
stuff
building
processes
were
set
up
a
long
time
ago,
using
instances
and
stuff,
and
it's
like
why.
Why
aren't
we
just
using
github
actions
to
build
stuff
and
what
I
do
dealie
would
like
to
get
to
is
when
you
do
a
pr
we'll
do
like
a
nice
netlify
preview
and
all
that
kind
of
good
stuff.
That's
where
I
envision
us
going
so
that
we
can
start
to
write
on
the
docs
and
make
them
pretty
and
do
all
that
good
stuff.
Well,.
C
A
A
A
minute,
where
did
all
my
changes
go
and
then
that's
where
we
frat
that's
what
we
found
that
it
was
broken
and
that's
when
aj
started
digging
and
pulling
on
the
thread
and
then
it
then.
C
A
Need
a
new
sweater,
but,
but
I
think
part
of
this
and
I'm
not
trying
to
package
too
many
documentation
updates
into
this
yeah,
but
part
of
it
is
very
related.
I
mean
we've
got.
We
were
referencing
dead,
snakes
which
I
know
has
come
up
in
previous
yeah.
C
A
Adds
up
a
few
at
some
point
fairly
recently,
we
don't
support
that.
I
think
we
implicitly
said
we
run
on
on
supporting
python
releases,
but
we
also
had
a
reference
to
python
36.
So
it's
just
a
little
bit
unclear
yeah.
So
we'll
talk
about
trying
to
figure
things
out
any
questions
on
docs.
A
F
Yeah
so
aj
mentioned
it
before,
but
there
is
a
release-
engineering
pr
number,
that's
just
in
preparation
for
the
upcoming
916
release.
That
is
pr
number.
D
Not
in
the
google
doc
that
can
be,
these
are
the
pr's
on
the
on
the
notes
or
the
ones
that
are
incoming
over
the
past.
F
Right
they're,
the
most
recent
ones-
yeah,
it's
7203,
I'll
post
them
be
the
chat
here
yeah,
so
that's
ready
for
it's
it's
been
approved
should
be
ready
to
go
the
there
are
two
issues
with
this
one:
the
ninja
project
released
a
minor
version
upgrade
that
included
a
lot
of
breaking
changes.
F
I
know
that
was
a
discussion.
We
had
last
time
their
stance
on
it
was
they
don't
use
semver
and
don't
recommend
anyone
december.
I'm
like
okay.
Well,
that's
not
what
like
the
rest
of
the
industry
does
so
that's
kind
of
annoying
but
worked
through
that
issue,
and
then
the
other
issue
was
exactly
what
aj
was
talking
about,
how
we
install
everything
through
poetry,
kind
of
stepwise
and
the
installation
uninstallation
of
dependencies
causes
issues.
F
The
basic
fix
was
that
was
moving
azure
to
the
end
of
the
installation
and
then
hopefully,
after
9
16,
we
can
merge
in
80's
changes
and
then
not
have
to
deal
with
what
order
things
get
built.
F
I
think
we're
aiming
so
now
that
we're
the
end
of
the
month,
I
think
we're
gonna
be
aiming
for.
May
I
think
it
was
the
second
tuesday
or
something
of
may
as
a
release,
it's
a
little
behind
schedule,
but
everything's
looking
good
so
far,
so
we
should
have
one
in
may
and
then
I
I
think,
we'll.
F
I
don't
know
if
we'll
do
the
release
live
or
not.
That
is
an
option
because
I
think
the
community
meeting
will
fall
on
that
day
anyway.
So,
okay.
A
D
Automation
and
stuff,
because
I
know
we
were
yeah,
I
would
say.
F
I
don't
have
a
clear
answer
on
like
when
we'll
be
able
to
fully
automate
it.
I
think
going
through
this.
It's
very
evident
that
there
is
still
a
lot
of
manual
stuff
that
I'm
not
sure
exactly
how
to
tackle
just
yet.
F
I
mean,
I
think,
certainly
like
a
lot
of
it
can
be
cleaned
up
by,
like
basically
a
shell
script
that
you
run
locally,
but
the
whole
like
release
engineering,
pr
that
has
to
go
up
and
then
some
of
the
weirdness
that
could
come
out
of
there.
I'm
just
a
little
has
on
like
fully
automating
that,
before
having
a
more
clear
picture
on
what
we
should
do.
F
Yeah
I
mean-
I
think
this,
like
this
specific
time
around,
I
was
like
wow
there's
a
lot
that
can
go
wrong
even
in
doing
the
step
before
the
release,
so
okay,
cool.
A
All
right
anything
else,
release
related
or
questions
for
sunny
twice
all
right.
Any
of
these
pr's
jumping
out
of
anybody
or
any
other
kind
of
discussion
topics.
F
Yeah
I
actually
I
saw
that
todd
is
on
the
call,
so
he
opened
a
an
issue
on
using
the
copy
related
tag.
Action
on
non-first-class
resource
types
in
custodian.
A
F
23
addresses
that
the
original
issue-
I
think
it's
not
emily.
A
F
There's
a
copy,
related
tags
action
which
can
cop
basically
take
the
tags
from
a
referenced
resource
in
your
resource
metadata
and
copy
those
tags
onto
the
the
actual
resource.
So
a
common
one
is
like
copying
tags
from
like
your
ebs
volume
onto
your
ec2
instance.
F
In
this
case,
what
todd
is
asking
and
since
he's
on
the
call
feel
free
to.
Let
me
know
if
I'm
misrepresenting
this,
but
not
every
resource
in
aws
is
supported
in
custodian.
That
may
be
for
a
whole
host
of
reasons,
but
that's
just
the
case
right.
F
However,
some
of
these
resources
are
supported
in
the
resource
groups.
Tagging
api,
where
all
you
have
to
do
is
pass
them
in
on
and
you
get
the
tags
back
so
liz.
If
you
scroll
down
a
little
bit
the
policy
here
rather
than
having
the
resource
type,
be
like
ec2
or
ebs,
it
would
be
resource
group
tagging
api
and
then
the
key
would
be
a
reference
to
an
arn
that
we
would
look
up.
F
And
I
guess
todd
if
there's
any
other
discussion
that
you
had
around
it,
I'd
love
to
hear
it
and
then,
if
anyone
else
has
any
any
thoughts
on
that
feel
free
to
speak
up
as.
B
Well,
no,
that
was
that's,
that's
the
basic
premise
behind
all
of
this.
I
think
a
previous
community
meeting
we
talked
about
this
kind
of
briefly.
I
think
I
asked
the
question
and
there
was
discussion
on
whether
or
not
research
groups,
tagging
api
would
itself
be
a
first
class
citizen,
because
there
had
been
discussion.
I
guess
around
being
able
to
do
something
as
that
I
I'm
not
sure
the
the
use
case
around
that
I
did
take
a
glance
at
your
pr.
B
It
seems
like
it
would
do
what
I'm
asking,
although
I
wonder
if
it
felt
like
there,
was
a
lot
of
duplication
of
code
potentially
and
like
right,
because
all
of
this
is
basically
being
implemented
strictly
for
the
copy
related
resources
action
as
opposed
to
a
more
generic
methodology
around
it.
So
I'm
not.
B
I
don't
know
if
I
really
care,
but
I
could
see
some
people
caring
about
that.
I
don't
know
that
was
the
only
thing
that
I
was
gonna
comment
on
and
but
hey.
This
is
the
basic
idea
yeah
just
being
able
to
reference
any
any
iron.
That's
supported
by
the
resource
groups,
tagging
api.
F
B
Yeah
and
that
that
seems
quite
useful
right,
I
I
was
actually
surprised
it
wasn't
supported,
because
I
would
have
thought
that
it
would
have
been
basically
the
same.
The
same
type
of
references
you
could
give
to
the
you
know:
value
filter,
essentially
yeah.
F
It
yeah
it's
slightly
different
because
this
one's
just
more
of
a
straight
james
path,
look
up,
but
there's
some
james
path,
like
syntax
magic
that
you
can
do
to
basically
get
the
same
result.
F
B
F
That's
all
I
had
on
it.
I
think
the
definitely
the
repeated
code.
It
is
still
in
the
draft.
It's
still
missing
tests
and
stuff,
but
it
works
locally
for
what
it's
worth,
but
it
works
on
my
machine.
It's
not
the
greatest
metric
todd.
Let
me
know
if
you
try.
It
out
feel
free
to
comment
on
the
pr
stuff.
B
Yeah,
I
will
I'll
I'll
take
a
closer
look
and
actually
put
some
feedback
on
there
as
opposed
to
just
glancing
at
it.
A
Yeah
I
did
have
one,
and
this
is
for
the
the
value
type,
the
cider
value
type.
This
is
kind
of
reviving
apr.
This
is
what
we
talked
about
in
the
previous
meeting
kind
of
trying
to
surgically
piece
together
a
couple
pr's
that
were
open
into
one.
I
see
people
nodding,
one
glorious
hole,
so
hopefully
I
I
think-
and
there
was
one
what
looked
like
an
unresolved
comment
there
from
from
palbasa
about
the
test
coverage,
but
I
think
with
kaden's
documentation
and
test
pulling
those
in.
A
I
think
that
addresses
any
open,
open
questions
there.
So
I
think
the
there
are
two
things
that
we
need
here.
One
is
just
anyone
involved.
Anyone
who
cares
just
have
a
look
see
if
there's
if
this
surgery
was
botched
or
if
that,
actually
it
does
things
the
way
you
would
expect,
and
the
other
thing
is
that
I
think
we
need
to
get
in
touch
with
austin
to
find
out
because
his
he
has
started
this
work
under
a
capital
one
address
and
his
normal
grad
capital,
one.
A
C
A
Of
you
do
I
mean
I'm
happy
to
reach
out
to
them,
but
somebody
has
an
exact
relationship.
F
Yeah
I
I
worked
with
austin
before
so
I
can.
I
can
reach
out
cool.
A
Yeah
I
didn't
want
to
like
I
I
saw
he's,
got
another
address
on
github,
but
I
want
to
go
like
rebase
his
commits
yeah
and
we're
going
to
sit
down
with
the
easy
cla
folks
in
general
that
you've
to
make
that
process,
not
so
awful
yeah.
So
all
right,
I
would
take
the
one
other
question
I
need
to
review.
I
just
want
to
shout
out
to
sunny
for
this
guy
7222
and
the
rds
engine
filter,
big
thanks
sonny
for
taking
a
request.
A
That
was
a
little
bit
weird
and
doing
the
what
looks
like
in
retrospect,
the
obvious
smartphone
that
looks
that
looks
really
nice
to
be
able
to
filter
by
rds
engine,
because
we
can
look
for
applications
and
things
like
that.
That
came
out
of
jameson's
work,
taking
in
rds
vulnerability
report
and
turning
it
into
an
example
policy.
And
then
we
had
some
discussion
and
getting
like
hey.
Could
we
make
this
a
smarter
look
up
and
then
with
some
discussion
and
then
the
pr
from
sunny,
I
think,
it'll
be
a
good
way.
A
Yep
thanks
honey,
thanks,
yeah
keith
was
asking:
when
do
we
have
the
next
release?
We
talked
about
that
earlier
in
the
meeting.
The
pull
request:
you're
looking
for
is
70
70
203.
Is
that
the
right
one
and
we're
going
to
shoot
for
the
second
tuesday
of
may
4.9.16?
I
hope
that
answers
your
question.
A
Yep
and
the
executive
summary
on
that
is,
we
thought
it'd
be
easy
for
me,
but
we're
going
to
make
some
progress
here
and
keep
on
churning
on
that
one
all
right
does
anybody
has
have
any
other
items
they'd
like
to.
E
Cover
dr
one
more
opr
that
I
actually
went
to
to
look
at
not
for
me
actually
kapil
started
this,
but
it.
C
E
Things
that
we
really
need,
I
pass
it
in
the
chat
box
there.
So
if
you
can
pull
it
up,
you
got
a
list.
A
E
E
Yeah
so
kapil
actually
started
on
this
high
level.
What
this
does
is
when
we
deploy
policies.
This
will
tag
the
associated
resources
with
the
appropriate
tags.
Right
now.
I
believe
they
only
tag
lambda
functions,
but
things
like
config
rules
or
cloud
watch
event
rules.
Those
are
not
tags
and
we
want
those
to
be
tagged
as
well.
So
this
pi
really
helps
us.
E
I
believe
the
last
comment
from
kapil
was:
you
know
this
looks
good,
but
it's
not
tested,
especially
especially
on
user.
That
has
a
large
number
of
policies.
Yeah.
Let's
hear
we
have
200
policies.
I
think
that
that's
a
good
numbers
of
policy,
if,
if
you
guys
want
us
to
be
the
one
to
test
this
we'll
be
more
than
happy
to
you,
know,
carry
out
the
testing
to
make
sure
that
this
is
good.
E
F
Yeah,
I
noticed
this
as
well
actually,
like
I
think
a
few
weeks
ago
as
well,
that
we
weren't
we
weren't
tagging
that
so
that
is.
That
would
definitely
be
useful.
I
don't
know
like
whether
are
you
just
not
tagging
the
associated
resources
at
all,
or
do
you
have
like
a
separate
role
that
goes
and
then.
E
We
were
going
with
what
was
recommended
before,
which
is
have
we.
We
would
have
a
policy
to
do
the
taggings
or
so,
but
it
it's
hard
to
roll
out
those
things
with
this.
So
we
have
so
many
things
to
tag
and
we
run
into
api
throwing
limits.
E
So
we
would,
I
think,
the
correct
way
is
to
tag
it
as
as,
as
we
roll
out
the
policy,
whatever
resources,
the
part
of
the
policy
create,
it
should
attack
at
that
time,
rather
than
having
some
policy
that
that
go
and
trying
to
attack
everything.
A
All
right
and
with
that
that
pretty
much
concludes
the
agenda.
Anyone
else
want
to
use
going
once
twice
if
you're
going
to
pyton,
we'll
see
you
there
if
you're
going
to
coupon,
please
let
us
know
kapila
and
I
will
be
there
for
sure.
Cathy
is
still
slated
to
go
to
kubecon,
but
we'll
see
I
for
sure,
I'm
going
so
I'm
looking
forward
to
meeting
people
there
and
have
everyone
asked
about
kubernetes
support.
That
should
be
a
lot
of
fun.
A
So
with
that,
thank
you,
everyone,
the
notes
and
everything
will
be
published
to
the
usual
places.
There
might
be
a
24-hour
delay
since
I
am
at
a
sprint.
So
can
I
do
the
best
I
can
to
get
it
out
for
you
with
that,
we'll
give
everyone
some
time
back.
Thank
you
very
much
and
thanks
for
your
patience,
everyone
appreciate
it
thanks.
Everybody
thanks.