►
From YouTube: Cloud Custodian Community Meeting 2022-06-07
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/orgs/cloud-custodian/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian
A
And
I
have
started
the
recording.
The
date
is
june,
7th
2022
and
welcome
to
the
cloud
custodian
community
meeting.
This
is
the
bi-weekly
community
meeting
where
we
talk
about
stuff,
that's
happening
in
the
community,
open,
pr's
issues.
Whatever's
on
your
mind,
we
do
have
an
open
agenda
which
I
will
paste
in
chat
again
and
if
there's
anything
that
you
would
like
to
add
feel
free
to
do
that.
What
I
do
is
I
have
a
script
that
runs.
A
It
kind
of
shows
what's
been
happening
over
the
last
two
weeks
and
if
there's
something
that
you
want
to
discuss,
stick
a
little
colon
boom
colon
emoji
next
to
it
and
that's
how
we're
keeping
track
of
what
we're
discussing
or
you
can
always
just
add
stuff
to
the
agenda.
You
know
prior
to
the
meeting
like
some
people
have-
or
you
could
just
let
me
know,
and
then
we
can
add
things
to
talk
about.
Usually
I
try
to.
A
We
try
to
pick
things
that
are
interesting
and
and
might
affect
a
bunch
of
people
so
that
we
can
have
a
fun
meeting.
These
meetings
are
recorded
and
being
put
on
youtube.
So
be
cognizant
of
that
and
as
always
we're
under
the
cncf
code
of
conduct,
so
please
be
excellent
to
each
other.
A
Okay,
I'm
just
gonna
share
my
screen
with
the
notes
and
then
we
will
move
along
and
anybody
new
want
to
say.
Hi.
Anyone
have
like
a
burning.
A
Issue
or
announcements,
if
you've
got
a
burning
pr
or
agenda
item,
feel
free
to
put
it
in
chat.
We
can
get
to
it
with
that
I'll
move
on,
so
we've
turned
on
github
discussions.
A
This
is
we've
been
tracking
people
coming
in
and
asking
questions
via
github
issues,
and
that
was
a
forum
with
a
template
that
people
filled
out
stuff
and
then
that
kind
of
put
it
in
into
github
issues
and
we
had
a
tag
called
kind,
slash
question:
github
discussions
added
a
feature
that
allowed
us
to
mass
migrate
everything
under
that
tag
into
github
discussions.
So
I'm
just
going
to
show
you
that
real
quick.
A
So
if
people
have,
if
you
ever
have
people
ask
you
questions,
it's
just
surfaced
here
at
the
org
level
and
it
will
kind
of
just
take
you
directly
to
the
repo
discussions,
and
here
we've
imported
all
the
let
me
make
that
bigger
we've
imported
all
the
old
questions
and
I've
organized
it
under
cloud
provider
as
well
under
aws,
azure,
gcp
and
general.
So
if
you
have
questions,
you
could
just
ask
them
in
here.
One
of
the
nice
things
is.
A
It
lets
users
kind
of
mark
when
a
question
has
been
answered
and
it
kind
of
gives
that
person
of
a
thanks,
so
sonny
was
able
to
answer
this
question
and
that
gets
marked
as
a
thing,
and
this
is
pretty
nice
because
it
kind
of
shows
up
under
github
statistics
and
things
like
that,
and
you
see
that
there's
a
cute
little
leaderboard
of
someone
who's
doing
helping
out
the
community.
A
One
of
the
things
I
would
like
to
do
is
get
us
to
a
spot
where
we
can
auto
import,
useful
things
from
getter
chat
into
discussions
so
that
that
just
doesn't
get
lost
in
the
ether
because
searching
through
that
stuff
has
just
been
not
not
as
fun
as
we
say.
All
right
so
shiny
says.
I
want
to
discuss
the
lake
formation
pr
7273
I'll,
go
ahead
and
add
that
to
the
list
does
anybody
else
have
any.
B
No
sorry,
I
put
a
couple
of
key
items
not
in
the
agenda
items
not
in
the
things.
C
A
Okay,
got
you
all
right,
so
we'll
we've
got
7274
also
on
here,
which
oh,
no
that's
7273,
I'm
sorry,
I'm
convincing!
I'm
mixing
up
my
prs
one
second,.
A
A
All
right,
you
know
I'll
just
toss
it
in
here
and
we'll
get
to
it
when
we
get
to
it.
Sorry
about
that
folks,
all
right,
so
that's
the
discussions
thing
any
questions
on
that
before
we
move
on.
A
All
right,
kapil,
you
added
this
one
move
cast
from
tools
into
its
own
repo.
B
A
B
I
I
I
also
wonder
if
anyone's
actually
ever
used
cask
but
yeah.
So
cask
is
a
docker
front
end
that
makes
that
looks
like
the
c7
ncli
except
it
is
actually
running
custodian
and
docker
engine
and
it's
a
bit
of
go.
D
B
B
I
think
it's
still
useful
for
us
to
maintain,
but
we
should
just
like.
I
would
rather
just
pull
it
out
into
a
separate
repo
so
that
we're
not
going
with
and
there's
unfortunately,
also
some.
I
was
trying
to
update
it
the
other
day
because
there's
still
like
four
cds
against
it
and
I
ran
into
it's
gonna
require
some.
It's
not
just
a
simple
go
update.
It
requires
some
code
changes,
so
I'd
rather
just
have
that
pulled
out
just
so.
We
don't
have
any
flags
on
our
repo.
B
B
It
basically
tries
to
like
extract
you
away
from
having
past
environment
variables
and
volumes
and
stuff
it's
basically,
it's
basically
a
convenience
thing
to
make
running
custodian
and
docker.
Look
the
same
as
running
the
regular
cli.
F
D
B
So,
like
contributors
on
the
repo
get
like.
B
There
are
occasionally
other
sources,
but
we
we
basically
try
to
handle.
Those
fairly
rapidly
looks
like
there
is
one
against
pi
jwt,
but
I
already
got
merged.
So
there
are
one
two
three
four
against
right
now
against
the
cast
tool
and
that's
the
only
one
that's
extended.
B
G
B
Things
like
that
that
second
one
is
actually
a
python
dependency
for
azure,
that's
already
been
merged,
and
then
the
other
ones
are
all
cask.
C
B
Better
secure
containers,
but
it
is,
it
is
an
upgrade.
It's
an
upgraded
hamster
wheel
for
sure.
A
B
I
think
this
is
what
johnny
was
referencing
so
because
I
think
it
was
herper
originally
and
then
we
were
trying
to
do
some
fix
up
on
it.
Data
lake
is
not
actually
a
resource.
Sorry,
so
data.
C
B
Is
an
aws
service,
its
native
domain
model
is
things
like
tables
and
queries,
except
the
resource
that
was
added
was
a
reference
to
s3
from
there
and
it
wasn't
clear:
that's
not
actually
like,
there's,
no,
that's
not
actually
a
resource
in
the
data
lake
services
model,
it's
just
a
reference
to
an
s3
bucket,
and
so
that
makes
more
sense
to
me
as
like.
If
you
look
at
the
data
like
tagging
api,
it
doesn't
apply
to
this
thing.
B
It
only
applies
to
its
own
internal
object
model
so
having
that
instead
as
a
filter
and
s3,
would
make
it
so
that
on
the
estuary
buckets
themselves,
you
can
take
addition
all
those
stated
actions.
B
So
I
guess
you
know
this
is
probably
a
question
for
you
johnny
on.
If
I'm
pronouncing
your
name
wrong,
please
correct
me
on
what
the
use
cases
were
that
sort
of
had
for
it.
H
Yeah
so
so
couple
the
the
first
use
case
I
have
is
like
if
we
want
to
check
the
lake
formation
created
within
specific
account
and
it's
it's
pointing
out
to
external
s3
bucket.
So
definitely
we
can
use
the
external
bucket
with
the
lake
formation.
So
if
we
want
to
check
the
lake
formation
in
a
particular
account,
how
can
we
do
that.
B
B
Could
you
put
that
on
the
pr
I
don't
I
have
to
middle
on
that
because.
B
H
H
B
Does
lake
formation
support
like
access
points,
because
the
part
of
the
challenge
is
that
the
the
sre
you'd
have
to
have
a
separate
value
from
with
all
of
your
buckets
in
the
account
as
well,
because
there's
no
there's
no
aren't
there's
no
accounting
in
the
s3
arms.
But
if
you
were
able
to
use
something
like
if
you're
able
to
use
an
access
point
for
it,
then
you're
able
to
you're
you're
able
to
see
that
it's
in
the
same
account
very
easily.
B
Well
true
default
s3
does
but
like
if
you're
using
access
points,
then
they
do
have
account
ids
in
the
rns.
H
Oh
okay,
okay
yeah!
Maybe
I
can
dig
more
on
the
access
point
in
the
link
formation
api,
but
I
don't
see
anything
else
with
the
information
api
regarding
access
point.
B
B
H
So
I
just
want
to
check
if
it's
not
in
the
same
account,
I
want
to
say
we
don't
use
it
just
to
prevent
our
data.
C
H
Yeah,
and
do
you
have
reference
to
the
access
point
you
can,
can
you
give
me
some
link,
or
so
I
can.
B
Yeah,
if
you
just
google
s3
access
points,
I
I'm
unfortunately
on
a
ipad
which
I
have.
I.
B
A
Also
welcome
feel
free
to
stop
by
at
any
time.
Thank
you
all
right,
any
any
other
discussions
on
this
one
before
we.
B
And
the
current
reason
is
the
release.
Blocker
is
if
we
change
it
out.
Well,
hey
we're
changing
the
name
from
being
like
formation
to
being
like
formation
research,
but
if
we
switch
out
from
a
resource
to
a
filter
like
both
both
of
those
things
have
backwards
compatibility
implications.
So
I
want
to
try
to
address
that
before
the
next
release.
A
A
All
right,
since
you
mentioned
releases,
I
know
that
we'd
we
targeted
the
second
tuesday
of
every
month
and
that's
two
weeks
from
today
and
I
know
that
we've
been
making
some
progress
in
there.
That's
my
nice
way
of
saying
sonny.
You
got
any
updates
for
us.
A
I
know
that
we
wanted
to
roll
back
some
stuff
and
I
know
aj
was
involved,
but
he
might
not
be
here
till
later,
so
we
might
have
to
come
back
to
this.
If
you're
afk.
A
Okay,
so
I
have
a
few
issues
here
that
we'd
like
to
discuss
this
pi
tz
dependency
is
not
needed.
I
know
I
think
sunny
and
aj
wanted
to
talk
about
this
one,
but
it's
merged.
B
B
Yeah
effectively
tcp
was
returning
back,
turns
back
results
with
tz
information
and
we
had
picked
up
a
pi
tv
dependency
and
that
dependency
ended
up
conflicting
between
azure
sdk
and
gcp
sdk
and
we're
like
well.
Do
we
really
need
this
for
gcp
we
yanked
it.
B
There
is
maybe
a
little
nuance
there,
because
pi
tz
is
effectively
the
whole
time
zone
database
shift
in
the
package,
and
if
we
don't
have
that,
we
will
the
only
thing
we
guaran
that
we
know
we
have
then
we're,
depending
on
what's
in
the
local
file
system,
effectively
like
what's
in
the
os,
and
that
depends
on
whether
or
not
you
have
the
tv
packages
for
the
tc
package
installed
on
your
local
system.
B
Most
desktops
do
most
operating
systems
have
some
subset
and
then
most
containers
don't
have
it
at
all
right.
And
so,
if
gcp
returns
back
utc
we're
good,
no
problems.
If
it
returns
back
something
like
american
slash
chicago,
then
the
we
wouldn't
necessarily
have
that
we
wouldn't
necessarily
be
able
to
compare
that
readily.
So
because
we
just
don't
it
doesn't
the
we
couldn't,
compare
it
to
utc,
because
we
don't
have
the
local
time
zone
to
reconstruct
what
that
offset
is
so
there's.
B
It's
not
clear
that
a
little
bit
unclear
to
me
in
what
context
gsp
is
actually
going
to
return
back
a
random
time
zone
so
to
speak
versus
returning
back
utc.
I
just
yeah,
and
it
could
be
on
a
regional
basis
like
it's.
I
don't
know
why
it
would
ever
not
return
back
utc,
but
it
is
technically
something
that's
available
and
I
think
sonny
and
aj
had
more
contact.
So
I
was
just
poking
around.
G
Yeah
it,
it
didn't
seem
to
me
that
the
the
crucial
pie
tz
like
again,
I'm
not
speaking
out
of
like
full
authority
here
on
what
gcp
is
going
to
return,
but
it
would
surprise
me
a
lot
if
it
wasn't
returning
at
utc
time
or
wasn't
able
to
deal
with
utc
time.
The
only
potential
change
here
would
be
to,
instead
of
having
a
utc,
now
returns
a
time
so
naive
representation
of
utc.
G
Now
the
only
potential
changes
to
maybe
use
the
standard
library
to
pass
in
the
time
zone
to
have
it
fully
timezone
aware
it's.
B
B
Yeah,
so
I
looked
at
it.
Well,
no
aj,
I
think,
was
oh.
A
B
Was
that
self-assigned
it
effectively
when
we
go
to
set
the
values
on
cloudfront?
B
If
it's
a,
if
it's
a
value
in
a
nested
dictionary
like
we
merge
the
top-level
keys
for
setting,
but
we
don't
merge
the
the
nested
keys,
we
override
them
and
that
isn't
acceptable
for
cloudfront,
which
causes
this
internal
error.
So
you
have
to
specify,
like
the
full,
the
full
set
of
things
in
this
case
the
user
just
wanted
to
set
like
https
like
one
two,
and
so
instead
of
having
them
have
to
specify
the
full
beer
options.
B
They
want
to
be
able
to
just
set
the
the
one
line
patch
that
they
want
to
make,
and
we
just
need
to
make
sure
that
we
do
a
recursive
merge
with
the
current
state
of
the
cloud
formation.
The
cloudfront
distribution,
with
the
user's
intended
patch.
A
All
right
it
looks
like
aj's
got
this.
I
need
to
confirm,
with
some
tests
fresh
acknowledgement
of
the
issue
and
a
placeholder
for
a
potential
fix
cool
all
right.
This
was
a
question.
I
think
that
we
are
bringing
up
to
people's
attention
easy
way
to
automate
lambda
roles
and
then
aj
and
jameson
told
me
that
they
run
into
this
a
lot
and.
F
A
Aj
started
it.
B
Is
kind
of
impossible
yeah,
my
concern
is,
we
don't
know
we
have
stuff
inside
of
the
code
that
works
and
what
permissions
the
filter
action
need.
I'm!
Okay!
If
we
added
something
in
mainline
like
this
part
of
validate,
to
make
sure
that
whatever
the
active
role
is,
has
those
permissions
the
problem
with
generating
the
permissions?
B
Is
we
don't
know
if
that's
the
full
set
in
all
cases,
and
so
it's
much
less
safe
for
users,
like
my
concerns
as
having
a
support
burden
on
something
where
we
don't
have
solid,
functional
testing
that
validates
that
those
statements
are
true,
especially
when
we
get
into
execution
modes
and
other
things
like,
and
then
you
actually
have
to
there's
two
different
permissions
of
provisioning
permission
set
and
then
the
execution
permission
set,
and
so
I'm
not
comfortable
like
it
can
be
used
as
guidance
and
as
like
we
can
distribute
the
out-of-band
tool
as
here's
guidance,
we
can
stick
it
in
scripts.
B
I
think
we
have
a
script,
ops
directory
that
we
could
stick
it
in,
but
I
think
there
is
a
notional
piece
here
that
that
is
not
authoritative
or
necessarily
the
only
thing
you
need
and
then
potentially
on
the
validate
we
could
have.
You
know
dash
dash.
I
am
that
also
checks
checks.
This,
because
I
think
I
think
we
are
clear
that
we
have
some
set
of
permissions.
G
Good,
at
least
for
the
provisioning
part
that
should
be
relatively
static
right.
I
think
that
that
may
be
an
issue
that
a
lot
of
people
getting
started.
B
B
To
check
against
and
you're
generating,
are
you
generating
one
role
for
both?
Are
you
generating
one
for
execution
or
you're,
generating
one
just
for
provisioning,
and
so
you
get
into
it
gets
a
little
bit
muddled.
If
you
want
to
define
drink.
G
B
F
B
B
And
I
think
I
would
also
you
know
reiterate
like,
even
even
on
the
permit,
like
even
on
while
we
validate
the
correctness
of
the
permissions
on
our
annotations
for
filters
and
actions,
we
don't
neces,
we
don't
necessarily
validate
that
they're.
All
the
things
needed
like
if
you
missed
one
when
the
implementation
of
a
policy
or
doing
code
review
that
would
still
that
would
effectively
become
a
runtime
failure
as
well.
Actually.
G
B
Yeah
we
could
the
stuff
this
notion
of
annotating
predated
the
client-side
cs
or
the
client-side
monitoring
stuff
in
the
aws
sdk.
So,
and
we
also
do
this,
this
isn't
not
so
well,
it's
also.
B
We
would
need
to
do
something
similar
in
gcp.
We
don't
do
annotations
yet
and
azure
the
azure
permissions.
That
is
different.
It's
probably
the
right
way
to
say
it,
so
we
would
also
need
to
be
functionally
executing
everything
to
have
it.
I
don't
know,
I
don't
know
if
we
would
say
that
the
unit
tests
are
enough,
maybe
yeah.
Maybe
it's
definitely
definitely
something
interesting.
There.
B
A
All
right
moving
on
this
is
a
long
one,
or
this
one
has
been
that
multiple
weeks
here
specify
subproject
is
dev
dependencies
here.
I
think
this
is
more
aj.
A
B
But
I
think
the
I
mean
just
to
describe
current
state,
I
mean,
or
summarize
it
like,
especially
right
now
we
have
each
separate
provider
described,
defining
its
own
dependencies
and
we
do
a
bit
of
hackery
whackery
to
when
we
do
the
install
to
make
sure
that
everything
installs
into
the
same
virtual
line
but-
and
that
requires
occasionally
dealing
with
completing
dependencies
between
the
different
things.
B
The
notion
here
was
to
try
to
invert
that
to
make
the
top
level
c7n,
at
least
in
code
in
the
sorry
in
the
git
repo
depend
on
all
the
sub
projects,
which
would
effectively
mean
that
we
get
a
single,
unified,
poetry,
lock
file
instead
of
having
separate
ones
per
se
per
sub
repo
doesn't
really
change
the
fact
that
we
would
potentially
have
conflicts.
B
B
I
have
noted
some
of
our
dependencies
have
been
had
really
poor
support
for
certain
platforms
and
runtimes
google
cough
jrpc
cough
like
it's
like
it
took
four
like
if
they
literally
just
got
m1
support
like
in
the
last
few
weeks
for
grpc
python
like,
and
so
that
would
have
been
a
blocker
for
doing
any
development
on
that
one.
On
custodian,
whereas
pre,
like
with
the
current
setup,
you
can
use
as
long
as
you're,
not
touching
gcp,
it
would
have
been
fine.
A
Yeah,
that's
what
you're
saying
here.
I
get
it
all
right,
we'll
we'll
table
this
one
then
for
when
aj.
A
Wow
all
right,
this
is
kind
of
an
older
one.
This
is
the
the
cider
ingress
bug
fix.
I
think
this
one's
been
back
and
forth
for
a
while.
C
Yeah,
so
I
put
this
one
in
this
is
to
support
list
of
citing
when
doing
filtering,
comparing
to
see
if
something
belongs
within
the
list
of
cider,
there
were
another
pr
which
we
closed
in
favor
of
this
one,
since
we
believe
this
one,
the
the
solution
is
more
elegant
in
terms
of
not
making
the
value
filter
code
even
more
gnarly,
and
that
was
the
the
feedback
that
the
consensus
people
were
were
involving
the
other
pr.
We
wanted
to
go
with
this
pr.
C
I
believe,
kapil,
you
kind
of
look
at
this
and
you
say
yeah.
This
is
what
we
want
to
do
and
I
believe
the
last
time.
What
needs
to
be
done,
though,
is
there's
two
items.
One
is
the
original
contributor.
He
I
believe,
he's
from
capital
one
and
we
need
to
get
him
to.
B
C
B
He's
not
a
capital
one
he's
at
another
company.
He
doesn't
really
do
aws
anymore,
he's
currently
in
gcp,
and
he
has
contributed
significant
things
yeah
and
from
gcp.
I
can
try
to
reach
out
to
him
or
we
can
try
to.
I
think
his
pr.
His
pr
branches
are
generally
pushable
on
the
like.
If
you
have
the
maintainer
a
bit
flipped
on
the
repo,
so
we
can
try
to
do
the
work,
I
guess
as
well
yeah
or
we
can
try
to
do
the
work
for
him.
Yeah.
C
Okay,
will
you
be
able
to
reach.
E
B
It's
an
interesting
topic
because
I
think
he
wrote
this
when
he
was
at
capital,
one
so
technically
that's
covered
under
that
cla
and
we
would
just
you
know,
explain
to
the
cell
a
lot
of
your
folk.
You
know
when
that
time
comes
yeah
I
mean
that's
one
option.
I
did
make
some
progress
by
the
way.
I
don't
know
if
anyone
else
does
gets
frustrated
with
our
current
cli
tool
on.
B
I
have
been
exploring
with
cncf
more
than
enough
there's
alternatives.
We
can
use
and
talk
to
a
few
of
the
talk,
members
and
kubecon
cloudnativecon
in
europe
and
they
were
open
to
the
foundation.
Better,
supporting
projects
needs,
let's
say,
and
so
we
may
be
able
to
they.
F
B
Think
the
only
requirements
that
we
couldn't
host
it
ourselves,
that
has
to
be
run
as
foundation
infrastructure,
but
outside
of
that
there
was
some
consideration
that
I'd
like.
B
I
think
the
problem
is
as
soon
as
you
enter
into
the
linux
foundation
tooling,
and
it's
not
it's
not
intuitive
or
user-friendly
in
any
shape
or
form.
In
my
opinion,
and
so
switching
out,
some
like
sap
bot,
saps
cli
bot,
which
is
open
source,
would
potentially
alleviate
a
lot
of
the
pain
since
it's
relatively
straightforward
because
you
don't
have
to
sign
up
for
a
separate
account
and
everything.
A
B
Yeah
we
take
the
action
item,
george
and
for
me
to
follow
up
in
ccu
and
just
see
if
we
can
get
that
cleared.
I
think
the
flip
side
is
is
we
can
also
if
we
want
to
just
directly
start
working
on
this
and
then
I
think
we
have
enough.
B
We
have
cleared
out
like
maybe
if
we
just
get
like
an
email
or
from
him
on
yes
confirming
his
appointment
or
whatever
under
the
the
previous
cli
to
cover
off
on
this
there's,
not,
I
forgot
when
we
exactly
when
we
switched
over
to
the
cncfcli
it'd
be
worth
recording.
That
date,
like
I
think,
we'll
come
into
other
pr's
like
that
when
we
get
to
older
prs
that
we
want
to
try
to
get
over
the
finish
line.
B
So
this
is
not
it's
not
isolated
to
this,
and
so
I
think
it's
it's
worth
sort
of
us
defining
a
process
potentially
even
talking
to
a
cncf
foundation
about
it.
You
know
all
like
how
do
we
deal
with
effectively
accident
extent,
people
that
have
already
signed
what
was
project's
previous
cli
when
it
was
right
contributed
to
the
cncf,
which
I
I
want
to
say,
was
sometime
in
2020.
B
I'm
super
fuzzy
on
these
dates,
so
this.
A
C
A
A
lot
of
these
booms
here
related
to
things
that
we've
talked
about
7277
who's.
This.
B
A
B
Super
excited
to
see
this
because
it's
been
like
a
known,
big
to-do
item,
but
we
now
yeah
this.
This
is
definitely
a
release.
It's
a
big
one
and
it's
a
release
highlight
it's
a
lot.
A
Nice
all
right,
so
thanks
harish,
let's
see,
there's
aws
lake
formation
again.
A
The
there's
that
pie,
jwt
dependency
and
a
bunch
of
the
issues
closed
are
because
they
were
questions
that
we
moved
to
to
discussion.
So
that's
why
those
are
making
that
kind
of
noise
that
leaves
us
with
release
stuff
sunny
sunny.
Are
you
back
at
the
keyboard.
A
Yeah,
so
second,
it's
the
first
tuesday
today
of
june-
and
I
know
we
were
trying
to
do
second
tuesday.
Do
you
have
an
update
for
us?
What
what's
I
know
I
know
aj
would
wanted
to
roll
back
some
stuff.
B
B
Right
now
we
need
to
fix
the
like
information
stuff.
If
and
if
we
don't
have
that
resolved
like
we,
I
mean
worst
case
we
we
would
have
to
yank
it
to
get
the
release
out
the
door
on
that
schedule.
The
alternative
would
be
the
push
to
release.
If
we
want
to
keep
the
cadence,
then
the
we
would
have
to
effectively
yank
that
pr
and
figure
out
what
what
we
want
to
do
outside
of
the
release
cycle.
B
G
The
the
the
commentary
on
the
the
cross
account
like
formation
stuff
has
been
really
useful
today,
but
I
I
mean
we
can
aim
for
it.
B
So
I
think
I
think
we
want
to
generally
hold
to
doing
the
schedule,
the
release
schedule,
and
so
in
that
context
I
think
the
right
thing
to
do
is
to
to
just
back
it
out
as
a
resource
and
make
the
make
the
release
on
on
the
schedule,
and
then
we
come
back
to
it
to
get
it
in
the
way.
In
a
way
that
makes
sense,
and
so
we
just
don't
have
we
don't
have
to
fix
compatibility
after
the
fact.
Sorry,
we
don't
have
to
deal
with
backward
compatibility
issues
around
this.
C
A
G
A
Okay,
cool
and
he's
not
here,
so
he
gets
assigned
stuff
all
right,
so
I'll
follow
up
with
both
of
you
out
of
band.
Then.
B
B
I
B
I
I
B
B
I
think
you
have
to
do
a
custom
field
for
that.
To
get
that,
you
could
do
like
a
dash
f,
something.
B
I
I
B
D
B
I
B
I
B
I
A
My
my
work
item,
then,
is
to
make
appeal.
Leave
you
a
comment
on
seven,
four,
four,
four:
two:
it.
A
A
I
D
D
B
I
don't
think
we'd
actually
do
that
there,
because
we
have
to
know
that
you
have
to
assign
the
principal
and
credential
for
the
different
works
right,
but
the
separate
notion
of
do
we
model
and
org
and
or
org
accounts
as
a
resource,
I
think,
is
valid
like
we
do
it
in
gcp
like
as
far
as
folders
and
org
structure.
So
I
think
there
is
some
the
definite
utility
in
it,
especially
when
we
try.
When
we
talk
about
like
scps,
you
know.
D
D
B
Mean
the
c7
or
accounts
file,
the
general.
The
script
that
we
use
generate
is
just
using
orgs
api
to
go
grab
that
all.
E
B
Good
to
generate
the
org
account
file,
but
you're.
B
B
D
B
The
fcp
and
yeah
I
hear
you
oregon,
oh
you
or
yeah
yeah
that
too
sorry.
B
Or
org
account
and
oh
you
and
sorry
so,
there's
three
potential
resources
there
for
account.
B
D
B
B
Right
and.
D
B
From
on
the
scp
management
aspect
of
that.
D
B
Yep,
so
we
already
to,
I
am
the
check
permission.
Stuff
already
works
with
scps.
It's
we're
just
passing
through.
I
am
simulate
so
you'll.