Skip to content

Instantly share code, notes, and snippets.

@kapilt

kapilt/ChangelogX.md

Created February 7, 2024 10:34
Show Gist options
  • Save kapilt/b5838be6a1124775fd0e6d0c56e40749 to your computer and use it in GitHub Desktop.
Save kapilt/b5838be6a1124775fd0e6d0c56e40749 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ChangelogX.md

aws

  • AWS - SES - Create new resource type configuration-set for SES (#8457)
  • aws - add support for 'aws-iso' partition (#9103)
  • aws - rest-stage - add regex match support for wafv2-enabled filter and set-wafv2 action (#7946)
  • aws - route53 recovery readiness-check - add resource and tagging support (#8112)
  • aws - support python3.11 in lambda policy schema (#9047)
  • aws - access analyzer finding resource (#8895)
  • aws - account - add ses send metric filters (#7874)
  • aws - account - add support for bedrock model invocation logging configuration (#9259)
  • aws - account - check-cloudtrail filter: add include-management-events and log-metric-filter-pattern (#7851)
  • aws - account - check-cloudtrail sns subscription lookup refactor (#8020)
  • aws - account - managed config rule (#7029)
  • aws - account - organization filter (#8113)
  • aws - account service-limit filter - handle non-refreshable checks (#9072)
  • aws - actions - fix typo in documentation for invoke-lambda (#9180)
  • aws - add bedrock custom model resource (#9161)
  • aws - add connect-campaign resource and kms-key filter (#8681)
  • aws - add delete action to directory and cloud-directory (#8610)
  • aws - add emr-serverless-app resource and delete, tag, mark actions (#8197)
  • aws - add eni detach and eip disassociate actions, fix check-permissions filter (#9100)
  • aws - add in operator to vpc network-location filter (#9160)
  • aws - add more resource types (#8799)
  • aws - add pinpoint resource (#8514)
  • aws - add python3.12 runtime support, default to python3.11 (#9231)
  • aws - add ses-receipt-rule resource and delete action (#8671)
  • aws - add set-policy action for iam-profile resource (#9257)
  • aws - add support for opensearch serverless (#9058)
  • aws - add support for workspaces web (#9121)
  • aws - add value filter logic to waf-enabled and wafv2-enabled filters (#8407)
  • aws - airflow - update-environment and delete-environment (#8866)
  • aws - alb - delete - handle ResourceInUseException (#8705)
  • aws - allow excluding specific processes when resuming ASGs (#9252)
  • aws - ami - add cancel-launch-permission action (#8728)
  • aws - ami - add image-attribute filter (#8091)
  • aws - ami - add set-permissions and set-deprecation actions, org support for cross-account filter (#7974)
  • aws - ami - allow no 'add' in set-permissions action (#8327)
  • aws - ami - fix ou/org regex patterns in set-permissions (#9032)
  • aws - apigw - generate domain name arns (#8366)
  • aws - app-elb-target-group - retry wrapper for describe_target_group_attributes (#8916)
  • aws - appelb - added filter and action for target group attributes (#8037)
  • aws - appmesh support (#9260)
  • aws - arn parse explicit value error on invalid (#9071)
  • aws - asg - fix propagate-tags for asgs with no tags (#8612)
  • aws - asg - ignore UnsupportedOperation on asg suspend (#8076)
  • aws - asg - image filter - fix warning when image not found (#8473)
  • aws - asg - let valid/invalid filters work in explicit pull mode (#8308)
  • aws - asg - suspend includes InstanceRefresh process (#9142)
  • aws - asg rename-tag - don't propagate tags when there are no instances (#8762)
  • aws - asp-sync - delete action (#8419)
  • aws - autotag - fix none userinfo exception (#7984)
  • aws - autotag action - add principalId as option for value field (#8244)
  • aws - autotag action - autotag user with value (#7959)
  • aws - backup - add consecutive backups filter (#8030)
  • aws - batch - add tagging support and update/delete job queue actions (#9182)
  • aws - check-cloudtrail filter - fix (#9066)
  • aws - check-cloudtrail filter - update/expand matching logic (#8968)
  • aws - cloudfront - fix wafv2-enabled filter to find waf-classic associations (#7986)
  • aws - cloudfront - updating s3 regexes for mismatch-s3-origin filter (#8045)
  • aws - cloudhsm-cluster, augment and serverless mode (#7996)
  • aws - cloudwatch logs - added attribute to allow passing role arn to put-subscription-filter call (#8246)
  • aws - codecommit - add universal_augment to pull tags (#8576)
  • aws - composite-alarm - add resource and delete action (#7953)
  • aws - config - remediation filter: add rule_prefix to schema (#8171)
  • aws - connect - add set-attribute action (#8095)
  • aws - core - fix fetching resources by id for types with scalar server-side filters (#8614)
  • aws - cost optimization filter (#9209)
  • aws - cross-account filter - use case-insensitive checks for allowed condition keys (#7889)
  • aws - custodian lambda policy - arm64 / graviton support (#7917)
  • aws - dlm - use native arn attribute (#8027)
  • aws - docs - network-addr moved to elastic-ip resource (#8170)
  • aws - docs - add example policies for the finding filter (#8201)
  • aws - dynamodb - add update table action (#8023)
  • aws - dynamodb-table - avoid key errors in continuous-backup filter (#9266)
  • aws - dynamodb-table - delete protection config and force delete (#9125)
  • aws - ebs - EBS CreateDate should be CreateTime in docs example (#8153)
  • aws - ebs - encrypt-instance-volumes handle missing tags (#8683)
  • aws - ebs modify - support io2 (#8717)
  • aws - ebs-snapshot - cross-account filter - enable everyone_only (#8552)
  • aws - ec2 - fix query parser should be scoped to describe source only (#9167)
  • aws - ec2 - force stop override stop protection (#8007)
  • aws - ec2 - security-group filter - get from sg ids from all interfaces on an instance (#9126)
  • aws - ec2 - use a list instead of tuple for empty tag set (#8957)
  • aws - ec2 capacity reservation resource (#9147)
  • aws - ec2-reservation - fix typo in field (#9155)
  • aws - ecr - modify-policy update action schema validation (#8254)
  • aws - ecs - security-group/network-location filter for ecs-service and ecs-task (#8892)
  • aws - ecs cluster - including settings to check for container insights (#8380)
  • aws - ecs-cluster - ebs-storage filter (#8446)
  • aws - ecs-task-definition - support permanent deletion via force option (#8406)
  • aws - efs - add has-statement filter (#7884)
  • aws - efs-mount-point - network-location filter (#8347)
  • aws - efs-mount-target - support cloudtrail mode (#8631)
  • aws - eip - release - handle InvalidAddress.PtrSet and InvalidAddress.Locked exception (#8924)
  • aws - eks - add network-location filter (#8377)
  • aws - eks - adding associate-encryption-config action (#8426)
  • aws - elasticache - skip del replication group if not empty (#8025)
  • aws - elasticache and rg skip deletion when linked with global ds (#8876)
  • aws - elasticsearch - cross-account bug fix handle no access policy (#8403)
  • aws - elasticsearch - enable support for server-side query filtering (#8337)
  • aws - elasticsearch - fix tag operation error handling (#9070)
  • aws - elasticsearch - new action to enable audit logs to cloudwatch (#8232)
  • aws - emr - security configuration filter (#8268)
  • aws - enhance modify-security-groups action to support add groups by tag (#8356)
  • aws - event bus delete action (#8598)
  • aws - event-rule - add set-rule-state action (#7954)
  • aws - fis - adding aws.fis-experiment resource (#8470)
  • aws - fix ASG config resource id (#9248)
  • aws - fix import path for workspaces-web (#9136)
  • aws - fix transit-user resource type metadata (#8134)
  • aws - flow-log filter & action - refactor for kinesis/parquet support (#8757)
  • aws - fsx - rds - register aws_backup count filter (#8494)
  • aws - glue - fix toggle-metrics filter (#9051)
  • aws - glue catalog - kms-key filter and set-encryption refactor (#8833)
  • aws - glue connection - handle broken vpc/subnet references (#9163)
  • aws - glue-connection - tag read/write support (#8049)
  • aws - graphql-api - add api-cache filter (#8056)
  • aws - hosted zone - explicit config_id for config-rule support (#8269)
  • aws - hosted-zone - query-logging-enabled: add subscription filter details (#7988)
  • aws - iam-instance-profile - set-role action (#7999)
  • aws - iam-oidc-provider - add delete action (#9063)
  • aws - iam-profile, ec2 - add has-specific-managed-policy filter (#8006)
  • aws - iam-profile, ec2 - add value filter logic to has-specific-managed-policy filter (#8104)
  • aws - iam-user - add include-via option to policy filter for group inherited policies (#8372)
  • aws - iam-user - add set-policy action (#8125)
  • aws - identity-pool - include resource details from parent augment (#8692)
  • aws - inspector-v2 finding resource (#8934)
  • aws - internet-gateway - warn on dependency errors during delete (#9059)
  • aws - invoke-lambda action - support for assume role prior to invoke (#7904)
  • aws - kafka - migrate to list_clusters_v2 (#8077)
  • aws - key-pair unused filter - check autoscaling groups (#8755)
  • aws - kinesis-video add tag/remove tag action (#8454)
  • aws - kms related filter - resolve key alias to id before cache lookup (#8505)
  • aws - lambda - add has-specific-managed-policy filter (#8477)
  • aws - lambda - adjust kms key arn casing for securityhub finding (#7998)
  • aws - lambda - filter for lambda@edge (#8382)
  • aws - lambda mode - support python3.10 in schema (#8502)
  • aws - lambda mode - validate description length (#8497)
  • aws - launch-template-version - add cloudformation type (#8724)
  • aws - launch-template-version - include version number in synthetic arn (#8972)
  • aws - make wafv1 global, r53domains is not global (#9094)
  • aws - metrics filter - support client side evaluation across multiple periods (#8930)
  • aws - modify-sgs by tags - vpc id check (#9092)
  • aws - notify - prepare iam-saml-provider for notify (#8022)
  • aws - org unit filter (#9224)
  • aws - org unit resource (#9223)
  • aws - org-account and org-policy resources (#8194)
  • aws - output - metrics - allow enabling specific metrics and ignore zero values via query params (#8929)
  • aws - output - set region when using lambda exec options (#8471)
  • aws - output - strip trailing slashes from s3 output url paths (#8559)
  • aws - policy filter & action for ou & account (#9232)
  • aws - policy modify - handle statements without sids (#6943)
  • aws - post-finding - document usage of the title parameter (#8527)
  • aws - quota - fix usage-metric exceeds the limit of 1440 data points (cont.) (#7140)
  • aws - quotas - add a special filter in query section to reduce API calls (#9193)
  • aws - rds - add db-option-groups filter (#7807)
  • aws - rds - add pending-maintenance filter (#8793)
  • aws - rds - bug fix in consecutive-snapshots filter (#8357)
  • aws - rds - delete - filter aurora cluster members - use a cluster policy instead (#8713)
  • aws - rds - fix delete action filtering (#8891)
  • aws - rds - fix option group filter (#8433)
  • aws - rds - include db instance option values (#8236)
  • aws - rds - switch from other to db instance for post-finding action (#8183)
  • aws - rds cluster pending maintenance filter (#9099)
  • aws - rds, config-poll-rule - add server-side filter query support (#7696)
  • aws - rds, rds-cluster - add annotation to pending-maintenance filter (#9183)
  • aws - rds-cluster - add db-cluster-parameter filter (#7729)
  • aws - rds-cluster - use DbClusterResourceId as the config id (#8285)
  • aws - rds-proxy - delete action (#8751)
  • aws - rds-proxy fix cfn type (#9267)
  • aws - rds-snapshot - fix rds-snapshot multi retrieval w/ server side scalar filter (#8135)
  • aws - rds-snapshot - instance filter (#8764)
  • aws - rds-snapshot - skip automated snapshots during delete action (#7938)
  • aws - rdscluster - modified_db_cluster handle serverless v1 behavior (#8806)
  • aws - redshift - efs - add consecutive daily snapshot count filter (#7749)
  • aws - redshift - fix consecutive-snapshots date filtering (#8129)
  • aws - rest-stage - Scope down apigw ids with arn:aws:apigateway (#8111)
  • aws - reuse client for augment thread workers (#8456)
  • aws - route53 - define rrset and healthcheck as global resources (#8042)
  • aws - route53 - fix arn handling in query-logging-enabled filter (#8988)
  • aws - route53 - recovery-control-panel - add a safety-rule filter (#8381)
  • aws - route53 ARC - control panel: add resource and tagging (#8352)
  • aws - route53-arc - readiness-check cross-account filter (#8235)
  • aws - route53.recovery-cluster - add resource and tagging support (#8301)
  • aws - route53resolver - add resolver-logs resource and associate-vpc action (#7939)
  • aws - s3 - add bucket-replication filter (#8686)
  • aws - s3 - add support for intelligent tiering (#8712)
  • aws - s3 - adding bucket_key_enabled to bucket-encryption filter (#8868)
  • aws - s3 - check-public-filter handle access denied errors (#8374)
  • aws - s3 - lifecycle - add schema for newer rule options (#8564)
  • aws - s3 - only check account-local trails in data-events filter (#8960)
  • aws - s3 express directory resource (#9185)
  • aws - s3 output bucket region determination refactor (#8289)
  • aws - secrets manager delete and remove-statements action (#8152)
  • aws - secrets manager tag, ignore reserved tags (#9110)
  • aws - secrets-manager - add has-statement filter (#7930)
  • aws - secretsmanager - add set-encryption action (#8168)
  • aws - security-group - used filter - add interface usage annotation (#8028)
  • aws - security-group - used filter - handle ram vpc sharing eni when run in vpc owner (#8604)
  • aws - security-group unused filter - add batch compute envs (#8297)
  • aws - service-quotas - request-increase fix (#8939)
  • aws - ses - add ses-email-identity resource type (#8616)
  • aws - ses - add set-delivery-options action (#8635)
  • aws - ses - identity has-statement filter (#8640)
  • aws - sg - unused/used filter don't consider self references as usage (#8821)
  • aws - shield - handle elastic ip arn type delta (#8272)
  • aws - sns - fix metrics filter get_dimensions for topics (#8951)
  • aws - sns - migrate to universal augment (#8075)
  • aws - sns subscription - topic filter for unused and other use cases #8316 (#8336)
  • aws - ssm session manager (#8823)
  • aws - subnet - add ip-address-usage filter (#8521)
  • aws - tag rename action via universal/resource group tag api (#8878)
  • aws - tag variable interpolation fix (#8383)
  • aws - tags - copy-related-tag load resources during validation (#8219)
  • aws - tags - copy-related-tag using resourcegroupstaggingapi, support tags as key (#7223)
  • aws - timestream-table, timestream-database - add resources (#8159)
  • aws - transfer - add transfer resources (#6927)
  • aws - transit-attachment - Support CloudTrail mode (#7983)
  • aws - user-pool - include resource details from parent augment (#8684)
  • aws - userpool - register universal taggable (#8158)
  • aws - validate arn types on resources (#8143)
  • aws - vpc - bug fix security-groups-used on in-use eni with no attachment (#8099) (#8390)
  • aws - vpc - delete-empty action (#8854)
  • aws - vpc modify and network usage metrics (#8628)
  • aws - vpc-endpoint - add has-statement filter (#8463)
  • aws - waf and vpc - reduce noise from deprecated field validation (#8919)
  • aws - wafv2 - add logging filter (#8072)
  • aws - wafv2 - add scope param to list call in lambda modes (#8120)
  • aws - rds-proxy - add subnet, security-group and vpc filters (#8734)
  • aws - vpc metrics filter for vpce and tgw attachment (#8674)

awscc

  • awscc - update test for new access config properties on test resource (#9146)
  • awscc - update test to use a more stable resource for attribute checking (#9165)
  • awscc - use build step to fetch data files (#8840)

azure

  • azure - add CIDR support for network security group (#8798)
  • azure - add additional defender resources (#9061)
  • azure - add alert-logs resource (#8167)
  • azure - add azure.defender-alert resource (#8097)
  • azure - add azure.event-grid-domain (#9000)
  • azure - add cdn-custom-domain and cdn-endpoint resources (#8554)
  • azure - add desktop virtualization session-host and host-pool resources and filters (#8992)
  • azure - add mariadb resource (#8498)
  • azure - add open-shift resource (#8469)
  • azure - add recovery services vault resource (#8599)
  • azure - adding filter for subscription diagnostic settings (#8401)
  • azure - app-configuration (#8997)
  • azure - application insights resource (#8837)
  • azure - automation-account variable filter (#8999)
  • azure - azure.vm.filters.backup-status (#9242)
  • azure - bastion host resource (#8827)
  • azure - cdn - update package version (#8979)
  • azure - cdn - waf enabled filter (#8672)
  • azure - datalake-analytics (#8966)
  • azure - event mode - fix functions via include boto3 module #8203 (#8465)
  • azure - event-grid-topic resource (#9035)
  • azure - filter for the SQL Server TDE (#8652)
  • azure - filters - azure advisor recommendation filter (#8770)
  • azure - firewall filter - add option to include azure service 'magic' ip range (#8309)
  • azure - front-door waf filter (#9038)
  • azure - front-door-policy waf resource (#8811)
  • azure - frontdoor - waf enabled filter (#8662)
  • azure - key vault - filter to check rotation policy (#8905)
  • azure - key vault secret resource (#8184)
  • azure - kusho log analytics resource (#8971)
  • azure - machine-learning-workspace (#9039)
  • azure - mariadb-server (#9040)
  • azure - monitor logs profile storage filter (#8870)
  • azure - monitor-log-profile resource (#8580)
  • azure - mysql server - configuration filter (#8805)
  • azure - mysql-server security-alert-policy filter (#9042)
  • azure - network security group - add explicit icmp to filter vocab (#8438)
  • azure - network security group - fix filter bug. destinationPortRange field is always present (#8883)
  • azure - network watcher resource (#8230)
  • azure - network watcher resource name alias (#8970)
  • azure - network-security group - flow log filter (#8312)
  • azure - output - blob upload fix closes #8885 (#8884)
  • azure - postgresql-server - add configuration-parameter filter (#7876)
  • azure - redis firewall filter (#9045)
  • azure - replace deprecated mktemp function with mkstemp (#9171)
  • azure - resource servicebus namespace authrules (#8541)
  • azure - servicebus-namespace resource (#8536)
  • azure - servicebus-namespace-networkruleset (#8546)
  • azure - session - add _run_command timeout parameter (#8632)
  • azure - signalr resource (#9062)
  • azure - spring app resources (#8558)
  • azure - sql server auditing filter (#9097)
  • azure - sql-database.filters.data-encryption (#9098)
  • azure - sql-server - add value filter logic to the vulnerability-assessment filter (#7864)
  • azure - sql-server - add value filter logic to the auditing filter (#8314)
  • azure - sqlserver - add auditing filter (#7664)
  • azure - storage - add blob-services filter (#8082)
  • azure - storage - fix blob-services docs (#8086)
  • azure - storage container - fix public access (#8797)
  • azure - synapse resource (#9240)
  • azure - tests - trim cassette data (#8466)
  • azure - update azure dependencies / poetry lock (#9117)
  • azure - update azure poetry lock / dependencies (#9241)
  • azure - update dependencies (#9096)
  • azure - waf resource and waf filter for app gateway (#8641)
  • azure - webapp - add authentication filter (#7840)
  • c7n_azure - adding new resource for mysql flexibleserver and a new filter (#8241)

c7n-org

  • c7n-org - cli - support not-accounts option (#8036)
  • c7n-org - support org level vars in config file (#8033)

c7n_left

  • c7n_left - github action output annotation fixes (#8011)

core

  • core - add ability to add custom functions to jmespath (#8533)
  • core - cli entry point allows function parameters (#8464)
  • core - don't expand {now} placeholder during provisioning (#8509)
  • core - filters - add headers to value_from url (#8307)
  • core - filters - add list-item filter (#7739)
  • core - fix issue dumping FormatDate objects as json. (#7975)
  • core - handle non importable resources (#8199)
  • core - json dump support bytes (#9135)
  • core - notify use a dynamically sized buffer for notify (#8742)
  • core - offhours allow escaped - via ordinal hex (#8808)
  • core - offhours filter - fixing typo on fallback-schedule schema (#7929)
  • core - pass validate to load_data so intent to validate policies or not is fully respected (#8305)
  • core - policy - fix conditions.env_vars for c7n-org (#8434)
  • core - policy - have conditions support vars (#8014)
  • core - policy load - fix naming conflict between validate argument and import (#8265)
  • core - query - have resource manager init args match the base class (#8310)
  • core - utils reduce backoff_delays jitter (#8029)
  • core - validate - report errors per file (#8565)
  • core - value - support float value_type (#8927)
  • core - value filter - add jmespath value_path as option for supplying values (#8350)
  • resolver - support decompression when using value_from with s3 (#8851)

docs

  • docs - fix indentation on advanced example (#8405)
  • docs - add Pratyush Mishra as a maintainer (#8206)
  • docs - add example policy to add lifecycle policy on bucket delete (#8196)
  • docs - add governance-as-code day orgs (#7957)
  • docs - add policy example for rds reserved instances (#8835)
  • docs - add shift-left to main readme, flesh out c7n-left readme (#8412)
  • docs - aws - fix event filter example to use op: contains (#8959)
  • docs - clarify conditions behavior on serverless policies (#8933)
  • docs - clarify tag compliance and policy structure examples (#8990)
  • docs - cover list-item under generic filters (#9005)
  • docs - document gcp env vars explicitly along with noting workload federated identity support (#8606)
  • docs - fix c7n-left check encryption policy (#8874)
  • docs - fix sidebar formatting for c7n_kube (#8523)
  • docs - flesh out mailer config, plus various formatting/clarity fixes (#8944)
  • docs - minor gcp and c7n left fixes (#9129)
  • docs - oci corrected some documentation typos (#8871)
  • docs - readme - add Slack badge, add YouTube channel (#8229)
  • docs - readme update (#8516)
  • docs - remove extraneous quotes from example notify action (#8694)
  • docs - tencentcloud resource reference docs build (#8002)
  • docs - tencentcloud resources docs with examples (#8052)
  • docs - update mailer readme docker instructions (#9105)
  • docs - update tencent cloud object storage example (#8600)
  • docs - value filter - add subheadings and expanded examples (#8476)
  • docs - value filter - list in/not-in/contains under comparison and list operators (#8784)

gcp

  • gcp - add artifact-repository resource (#8444)
  • gcp - add big table asset types metadata (#8615)
  • gcp - add compute-project (#8461)
  • gcp - add datafusion resource (#8676)
  • gcp - add get_urns for gcp resource managers (#8061)
  • gcp - add more bigtable resources (instance, cluster, table, backup) (#8519)
  • gcp - add secret resource (#8421)
  • gcp - add support for impersonated credentials (#8571)
  • gcp - added notebook resource (#8680)
  • gcp - added redis instance (#8679)
  • gcp - adding effective-firewall filter to gke cluster (#9030)
  • gcp - api-key - Add gcp resource api key (#8094)
  • gcp - bq-job - update enum_spec (#8994)
  • gcp - bq-table - add augment to table for encryption config (#7952)
  • gcp - cloud armor-policy aka waf (#8666)
  • gcp - cloud run revision resource (#8697)
  • gcp - cloud-run iam-policy filter (#8978)
  • gcp - cloud-run service and job (#8452)
  • gcp - compute - add suspend and pause actions (#8877)
  • gcp - dataproc clusters (#8677)
  • gcp - deployment-manager normalize label format (#8540)
  • gcp - dns zone - records filter (#8829)
  • gcp - enabling 'missing' filter (#8234)
  • gcp - firewall - augment rules with port ranges (#9046)
  • gcp - fix metadata on a few resource types (#8569)
  • gcp - fix report fields metadata (#8573)
  • gcp - fix workload identity federation access (#9069)
  • gcp - gke cluster - label handling for zonal GKE clusters (#8802)
  • gcp - gke-cluster - fix augment when gke is not enabled (#8073)
  • gcp - iam filters (#8792)
  • gcp - instance-group-manager, zone (#8825)
  • gcp - kms keyring filter (#8903)
  • gcp - label action support w/ fingerprint refetch on gke, instance, image (#8557)
  • gcp - log sink - bucket filter (#8462)
  • gcp - log-project-metric - add metric alert filter (#8155)
  • gcp - mu - include boto3 in cloudfunctions requirements (#8242)
  • gcp - mu - update function runtime, update for new env variables, use struct logging (#8711)
  • gcp - new resources app service and app service version (#8425)
  • gcp - node pool and cluster - server-config filter (#8880)
  • gcp - org - policy filter (#8982)
  • gcp - organization - essential-contacts filter (#8303)
  • gcp - organization and folder iam policy filter (#9006)
  • gcp - patch-deployment resource (#8698)
  • gcp - project - access-approval filter (#8361)
  • gcp - project - add compute-meta filter (#7971)
  • gcp - recommender - handle empty recommend set (#8714)
  • gcp - recommender filter (#8544)
  • gcp - region psuedo resource from static data, and makefile data update target (#8517)
  • gcp - remove email addresses from image label test data (#8718)
  • gcp - replace ratelimiter with pyrate-limiter (#8060)
  • gcp - service-account - iam-policy filter (#8404)
  • gcp - spanner-backup: iam filter (#8938)
  • gcp - spanner-instance-backup (#8699)
  • gcp - sql - force option on delete and set-deletion-protection action (#8735)
  • gcp - sql instance - set ha action for zonal/regional configuration (#8967)
  • gcp - vpc-firewall-filter (#8901)

k8s

  • k8s - chore - black c7n_kube package (#8786)
  • k8s - tests - clean up threads, dont write to current directory (#8782)
  • c7n_kube - k8s-admission - add label and auto-label-user actions for k8s-admission mode (#7925)
  • kubernetes - add canonical_group for better matching in admission controller mode (#9207)
  • kubernetes - fix test via k8s registry url update (#8290)
  • kubernetes - report cli - fix reporting for k8s resources (#7942)

oci

  • oci - session factory & test refactor (#8700)
  • oci - bucket - fix metadata id field (#8768)
  • oci - cleanup extraneous data on user tests (#8785)
  • oci - filter and action name refactor (#8740)
  • oci - implement resource caching (#8869)
  • oci - metrics query compartment fix (#8809)
  • oci - metrics query optimization (#8754)
  • oci - multi-region and c7n-org support (#8748)
  • oci - native output support for logging and blob/object storage (#8810)
  • oci - new provider (#8620)
  • oci - remove extraneous test data from VCN cassette files (#8839)
  • oci - remove extraneous test data from group cassette files (#8845)
  • oci - remove extraneous test data on compartment cassette files (#8844)
  • oci - removed extraneous test data from the bucket cassette files (#8807)
  • oci - removed extraneous test data from the subnet cassette files (#8834)
  • oci - removed the extraneous test data from zone cassette files (#8801)
  • oci - support instance principal auth (#8998)
  • oci - update test session creation and flight recorder options (#8846)

openstack

  • openstack - add storage-container resource (#9145)
  • openstack - image resource (#9140)
  • openstack - secrets resource (#9143)
  • openstack - security-group resource (#9064)
  • openstack - server.filters.security-group (#9119)
  • openstack - user extended-info filler (#9123)

shift-left

  • c7n-left - allow for policy and resource pre execution filtering on cli (#8190)
  • c7n-left - cli entrypoint point reporter parameter (#9002)
  • c7n-left - cli output on module shows matching resource refs (#8906)
  • c7n-left - cli summary output (#8180)
  • c7n-left - data resource types are now prefixed w/ "data." (#8861)
  • c7n-left - default provider tags augment, handle empty resource tags (#8954)
  • c7n-left - dump cli command to show graph and input variables (#8974)
  • c7n-left - ensure tfmeta.type has value for all block types (#8904)
  • c7n-left - fix default tags with module resources (#8894)
  • c7n-left - fix handling of relative source dir (#8993)
  • c7n-left - fix matches resources on the cli and docs related to traverse (#8088)
  • c7n-left - fix multi resource using lists (#8447)
  • c7n-left - fix policy severity level filtering for --warn-on (#9261)
  • c7n-left - gitlab sast output (#8923)
  • c7n-left - graph traversal filter (#7943)
  • c7n-left - handle null provider tags when augmenting (#8984)
  • c7n-left - initialize variables with default value if none provided (#8958)
  • c7n-left - junit xml output (#8931)
  • c7n-left - only consider root module variables when injecting uninitialized defaults (#8995)
  • c7n-left - output - add description to console output (#7949)
  • c7n-left - policy testing (#8428)
  • c7n-left - policy testing allow filters (#8460)
  • c7n-left - support --var-file parameters (#8841)
  • c7n-left - support policy filtering for warn on (#9029)
  • c7n-left - support taggable filter and default provider tags (#8852)
  • c7n-left - terraform module resources now display instead the invoking module block (#8855)
  • c7n-left - test handling of terraform local modules (#8286)
  • c7n-left - traverse filter supports non value type filters (#8299)
  • c7n-left - value_from fix, env var interpolation support, and docs on data resources plus a tag test (#8882)

tencentcloud

  • c7n_tencentcloud - better vcr test options (#7992)
  • c7n_tencentcloud - cam - add resources (#7865)
  • c7n_tencentcloud - cls, es, vpc, tcr - add resources (#7905)
  • c7n_tencentcloud - resources - cdb & cdb_backup (#7908)
  • c7n_tencentcloud - resources - cos (#8044)
  • c7n_tencentcloud - security-group used filter (#8399)
  • tencentcloud - cbs-snapshot, security-group - fix service in resource_type (#8127)
  • tencentcloud - client - support for assume role (#8043)
  • tencentcloud - mysql-backup - fix for casting date when status is not SUCCESS (#8126)
  • tencentcloud - refactor metrics filter to support multi dimensions (#7994)
  • tencentcloud - security group filter - fix for empty port string (#9253)

tools

  • mailer - fix - multi emails in tag for gcp (#8074)
  • mailer - fix module not found error for azure mailer (#8182)
  • mailer - skip empty email address and filter out invalid cc email addresses (#8051)
  • tools/c7n-mailer - replay - support for slack (#5653)
  • tools/c7n-mailer - unique email list (#8370)
  • tools/c7n-mailer -replay - support mimicking sqs (#5655)
  • tools/c7n_mailer - add ms graph api delivery for email (#8687)
  • tools/c7n_mailer - handle empty execution_start in utils.py (#8260)
  • tools/c7n_mailer - handle lambda container images (#8329)
  • tools/c7n_mailer - option to assume role to send via centralized account SES (#6707)
  • tools/c7n_mailer - refactoring and fix SendGrid duplicated emails (#8642)
  • tools/c7n_mailer - strip newlines from slack token (#8645)
  • tools/c7n_org - exit early on an empty list of accounts or policies (#8515)
  • tools/c7n_policystream - bump pygit2 dependency (#8058)
  • tools/cask - support tencent cloud (#8047)
  • tools/dev - aws csm observability using vector.dev (#8556)
  • tools/dev - fix devcontainer poetry installation (#8317)
  • tools/dev - prcheck - add required fields and arg help (#8430)
  • tools/dev - prcheck can tag prs and recheck them (#8376)
  • tools/mugc - remove functions from regions where region is not set in policy (#6989)
  • tools/omni-ssm bump golang.org/x/sys (#8320)
  • tools/omnissm - bump github.com/aws/aws-sdk-go from 1.33.0 to 1.34.0 (#8273)
  • tools/omnissm - bump golang.org/x/text (#8311)
  • tools/ops - fix mugc.py policy filtering (#8670)
  • tools/ops - policy lambda cfn - allow specifying just role name instead of arn (#8448)
  • tools/policystream - add limits to avoid/fix possible DoS attack (#9176)

schema changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment