Skip to content

@kapilt kapilt released this Jun 18, 2019 · 259 commits to master since this release

Authors: 42 Pull Requests: 136

Core

  • webhook action (#4074) (#4113)
  • add value_type: date to value filter (#4052)
  • value filter support extracting values from strings using regex (#4019)
  • reformat spacing in log messages (#3971)
  • update dependencies and ci matrix responsibilities (#3902)
  • jsonschema shrink fix typo in ref (#3866)
  • jsonschema shrink via inline and reference value_filter parts, more aliases, with better error messages (#3808)
  • notify - send policy execution start time in notify messages and expose in mailer templates (#3884)
  • cli - expand refs in schema command (#3983)

Aws

  • ebs snapshot use consistent snapshot api (#4151)
  • remove-statements support wildcard removal in schema (#4152)
  • glue job resource and delete action (#4129)
  • securityhub - post-finding action support custom finding type categories and classifiers (#4116)
  • account service limit filter - check and poll on check status (#4035)
  • eni delete action (#4101)
  • glue dev endpoint tagging (#4079)
  • remove locked filter, sphere11 is sandbox/unsupported (#4071)
  • security group filter support value_from on nested attributes (#4068)
  • asg mark for op batch size fix (#4050)
  • cloudtrail is-shadow filter fixes (#4040)
  • enable offhours for rds cluster (#3977)
  • acm certificate fix augment (#3950)
  • rds-reserved resource (#3855)
  • s3 get resources implementation (#3909)
  • copy-related-tags action skip aws prefixed tags (#3917)
  • remove dynamodb tagging waiter (#3898)
  • update default lambda timeout, also better handling of errors in pythonpackage del (#3889)
  • config select resource query support (#3847)
  • fix set-snapshot-copy-tags action, also mark deprecated (#3891)
  • config recorder resource (#2367)
  • rds fix start/stop permissions (#3876)
  • policy phd mode include lambda mode schema for full configuration (#3863)
  • serverless policy fix role name expansion (#3848)
  • ebs-snapshot unused filter handle no block device mapping in launch template (#3833)
  • security hub post-finding - add title to action schema (#3823)
  • sns - add delete topic action (#4062)
  • sechub - use target region in product arn when posting cross-region (#3976)
  • asg - handle launch template version type inconsistency via cast to string (#3832)

Azure

  • logic app action (#4139)
  • update autotag doc (#4163)
  • sqldatabase backup retention actions (#4153)
  • Enable tag operations for 'armresource' (#4154)
  • Examples for cleaning orphan resources (#4146)
  • add 'type' attribute for resource groups (#4130)
  • Databricks stub (#4108)
  • aks resource (#4107)
  • update resource examples in docs (#4081)
  • Fix hierarchy of Azure advanced usage section (#4075)
  • update sync triggers and test script (#4065)
  • Add Auto Scaling to App Service Plans (#3885)
  • fix azure-mgmt-subscription api and pin azure-cli-core (#4064)
  • refactor actions and fix sdk break(#4034)
  • mailer fixes (#4028)
  • function packaging fixes sas generation signature change and modules (#4016)
  • Storage firewall rules filter (#3920)
  • KeyVault Keys resource & filters (#3897)
  • SqlDatabase Backup Retention Policy Filter (#3874)
  • Remove Azure Functions extensions dlls (#3930)
  • Replace cache folder with prebuild cache zip archive (#3857)
  • test infrastructure improvements (#3911)
  • remove future pkg from dependencies (#3914)
  • Sqlserver firewall filter (#3845)
  • Fix environment variable name to match docs (#3912)
  • Key Vault Update Access Policy Action (#3836)
  • set network rules storage (#3797)
  • management group support (#3814)
  • Child Resources and SQL Database (#3856)
  • getting started doc (#3865)
  • keyvault with zero policies throws error (#3621) (#3815)
  • add azure route table resource (#3827)
  • add v1 of effective route table filter (#3802)

Gcp

  • fix sql-backup-run and sql-ssl-cert get method (#4083)
  • fix pubsub-subscription get method (#4084)
  • fix get method on sql instance resource (#3873)
  • fix test dns flights names and get parameters (#3900)
  • add big query tables resource (#4067)
  • spanner database (#4111)
  • remove organization get method (#4046)
  • app engine firewall rule - use priority field instead of id for an id (#3926)
  • appengine (firewall, domain mapping, app, certificate) resources (#3899)
  • sql - user, ssl cert, backup resources (#3908)
  • deployment manager deployment resource (#3858)
  • machine learning job resource (#3835)
  • add support for nested resources (#3736)
  • dataflow jobs use aggregate multi-region list (#3819)

Tools

  • auto doc generator (#4150)
  • org log operation name on access denied (#4134)
  • add SMTP support for Azure (#4077)
  • mailer - Splunk delivery support (#4044)
  • creator log fix, another readme example (#4039)
  • include readme for long description (#4008)
  • org - use describe_regions method instead of get_available_regions (#4006)
  • org - work around python osx multiprocessing bug (#3934)
  • aws resource creator retroactive tagging script (#3850)
  • mailer - document using sdk environment variables for aws profile (#3871)
  • support doc builds in docker (#3882)
  • org - chained sts role support (#3859)
  • mailer - redo c7n-mailer docker packaging for azure support (#3838)
  • compatibility with latest sendgrid sdk (#3852)

Docs

  • fix ec2 unpatched workflow example (#4145)
  • gcp developer guide and policy examples (#4088)
  • expand metrics docs to mention master and namespace options (#4058)
  • readme minors (#4036)
  • updates to readme and AWS Getting Started (#4004)
  • pycon 2019 sprint (#4002)
  • add svg and transparent png logos (#3980)
  • update repo links (#3901)
  • readme update coverage and gitter links (#3878)
  • update aws periodic function example with role information (#3841)
Assets 2
Apr 17, 2019
0.8.43.1 - release (#3810)

@kapilt kapilt released this Apr 13, 2019 · 409 commits to master since this release

core

  • cli schema support showing mode documentation #3744
  • cli schema summary group by provider #3654
  • validate now checks for duplicate keys on mapping #3675
  • report supports json output #3692
  • value filter support case sensitive regex #3666
  • serverless accept default configuration from cli (metrics, log dir, etc) #3610
  • ebs snapshot handle invalid
  • iam role support tags actions/filters #3542
  • inline policy docs validation #3767
  • support max resources count and percent #3743

azure

aws

  • security hub default batch_size to 1 work around ui bugs in the service #3512
  • iam entity usage filter #3648
  • workspace resources and tag actions and metrics filter #3757
  • aws api gateway support for config rules/query #3725
  • eks support updating configuration #3708 #3769
  • vpc related filters for subnets, nat, igw #3715
  • rds modify cluster action #3711
  • ebs unused filter #3651
  • lambda policies allow role by name in addition to arn #3661
  • s3 has statements interpolate bucket info when checking statements #3655
  • invoke-lambda action configurable timeouts #3632
  • account guard duty filter fix #3627
  • kms key filter for efs, redshift, sqs #3772
  • iam role delete action #3741
  • trail status filter handle shadow trails #3762

gcp

  • big query job and project resources #3747
  • iam global role resource #3749
  • pub sub snapshot and subscriber resource #3735
  • data flow jobs #3748
  • zone and policy resources #3748
  • report subcommand compatibility via id on metadata #3697
  • spanner resource #3766
  • network-router #3791
  • load-balancer associated resource #3775 #3780 #3788

k8s

  • support custom resources definitions #3717
  • generic label and delete actions #3707

tools

  • c7n-org - py3 compat around file opening (affected by LC_LANG_ encodings) - #3732
  • c7n-org - fix docker build #3634
  • autodoc - configuration defined in config file, ui improvements #3731
  • mailer - support jmespath search in templates #3678
  • mailer - render subject with additional variables #3751
  • mailer - py3 compat around file opening for replay command #3676
  • mailer - on slack error show status and error code #3652
  • traildb - py3 support #3671
  • log_exporter - bug fixes around new internal signature #3624

docs

  • mailer install docs #3646
  • new subreddit #3647
  • lambda config rule setup #3613
Assets 2
Mar 7, 2019
release - 0.8.42.1 (#3631)

@kapilt kapilt released this Mar 4, 2019 · 488 commits to master since this release

core

  • schema cli now uses yaml output for jsonschema #3574
  • dependency pin update (remove pyyaml < 4) #3543
  • cli deprecate metrics subcommand #3597

aws

  • asg launch template fixes #3586 and #3606
  • iam role tag retrieval #3588
  • iam permission checker filter #3587
  • ec2 and lambda permission checker filter #3598
  • ami deregister action option to remove snapshots #3599
  • ecs tag filters/actions
  • ecs modify service action
  • step function tag filters/actions #3539
  • rds cluster tag retrival handle errors #3449
  • light sail resources (db, lb, instance) #3076
  • aws.rds stop/start for multi-az instances
  • aws rds cluster start/stop #3556
  • aws account guard duty filter #3567
  • mark-for-op fixes (0.8.41.0 regression fix) #3568
  • security hub post finding handle value size limit #3604
  • s3 set-statements handle duplicate or missing sids #3609

gcp

tools

  • mailer declarare c7n dependency for pip install #3541
Assets 2

@kapilt kapilt released this Feb 18, 2019 · 534 commits to master since this release

core

  • upgrade pyyaml to 4.2b4 to avoid cve flagging (custodian is unaffected as we use safe load in all cases). (#3520)

aws

  • autoscaling launch template support (#3484)
  • govcloud/china partition awareness for arns (#3518, #3527)
  • dynamodb sleep for on create events (#3516)
  • lambda policy support for setting layers and concurrent executions (#3491)
  • phd event policy lambda support (#3269)
  • copy-related-tag action (#3489)
  • managed kafka resource (#3467)
  • ecr tag actions/filters (#3490)
  • security hub - allow configuration finding of batch size to work around ux bug (#3512)
  • lambda resource use resource group tagging api (#3513)
  • codebuild / acm certificate / cloud directory tag actions/filters (#3515)
  • secrets manager cross-account filter (#2596)
  • kms key filter for fsx and fsx backup (#3487)
  • network related filters don't require value with match-resource (#3524)
  • refactor tag machinery to avoid session creation in threads (#3498)
  • bug fix ecs agent update action (#3502)

azure

  • support windows client upload of serverless policies (#3466)

tools

  • c7n_mailer - restore support cc recipients in email (#3517)
  • c7n_mailer - support sending slack message to owner contact absent (#3533)
Assets 2

@kapilt kapilt released this Jan 31, 2019 · 558 commits to master since this release

core

  • respect max-resources when using cached resources #3478
  • cli nice jsonschema error messages on py3 #3308

azure

  • azure consumption plan based serverless policies #3307
  • event grid mode filter #3331
  • common exception handling #3415
  • retry logic and request limit tracking #3351
  • serverless auth error handling #3379
  • docs on adding new resources #3428
  • azure container registry resource #3369
  • azure serverless depmgr fix #3306

aws

  • cli early exit 1 on assume role failure #3365
  • lambda policies default to python 3.7 runtime #3288
  • cft tag update handle required params, capabilities, tag merge #3480 #3464
  • ssm ec2 filter #3472
  • ssm send-command #3473
  • notify support alternative partitions #3465
  • ingress/egress support matching on sg permission description #3459
  • mq tag actions #3431
  • ecs support lambda policy for task and service #3455
  • dynamodb tagging switch to resource group tagging api #3488
  • iam user support tagging #3421
  • security hub post-finding bug fix #3430
  • security hub finding filter #3309
  • cloud trail additional filters & actions #3366
  • asg mark-for-op support all asg actions #3409
  • vpc flow log filter support s3 destination #3396
  • transit gateway resource #3378
  • backup plan resource #3382
  • kms filter for dynamodb table #3377
  • fsx delete action #3272
  • ebs server side query support #3358

gcp

  • periodic serverless policy support #3282
  • cscc post-finding #3284
  • iam service account and project role #3281
  • bigquery dataset #3280

k8s

  • expand resource coverage across apps and core apis #3312

tools

  • tools/ops/sam_deployer - alternative lambda policy deploy via sam/cfn template
  • tools/c7n_guardian - update for incompatible guard duty api change #3410
  • tools/c7n_mailer fix lambda packaging code #3446
  • tools/c7n_autodoc new policy html generator #3439
  • tools/org-pr-monitor update for output refactor #3488
Assets 2

@kapilt kapilt released this Jan 1, 2019 · 646 commits to master since this release

Core

  • cli clean up help and lazy load modules for less latency (#3247)
  • move ci over to azure pipelines (#3249 #3250)
  • move coverage reports over to codecov (#3286 #3289 #3215)
  • update validate methods to be nesting aware that checked for filter usage. (#3197)
  • core - boolean group filters propagate validate & dateutil zoneinfo deprecation fixes (#2970)
  • cli - on yaml syntax error exit 1 (#3150)
  • outputs - always log to blob storage irrespective of -l usage (#3136)

AWS

  • security hub post finding and improvements (#3266 #3183)
  • aws pagination with retry fixes (#3291 #3170)
  • apigw integration methods filters (#3121)
  • aws fsx backup resources & tag actions and filters (#3243)
  • dlm policy resource (#2811)
  • aws lambda layer resource w/ cross account filter, remove-statements action (#3223)
  • support lambda policies on python 3.7
  • vpce cross-account filter
  • aws fsx resource, update, tag, and backup actions (#3233)
  • iam role set-policy for add/remove policy (#3240)
  • aws,sns - kms filter and set encryption action (#3230)
  • iam user access-key/credential filter and remove key action refactor (#3198)
  • rds modify-db action (#3156)
  • api stats and user agent better handling across policies (#3169)
  • aws.firehose - set S3 destination encryption on delivery streams (#2752)
  • aws.route53 - filter & action to set dns query logging (#2383)
  • aws.log-group - set-encryption action (#2382)
  • aws.ecr - lifecycle policy filter & set action (#3103)
  • aws - vpc flow log filtering on destination type (#3157)
  • aws.account - s3 public access blocks filter & action (#3151)
  • aws.cloudhsm - v2 cluster resource w/ tag augment and actions (#3145)
  • aws.emr - metrics filter correct default cloudwatch metric namespace for emr (#3134)
  • aws.apigw - delete-stage action (#3119)

Azure

  • msi authentication support (#3186)
  • handle service accounts, groups and unknown principals in auto-tag-user (#3265 #3236)
  • app service plan include basic sku in validation (#3141)
  • add event advance filtering for event grid subscription (#3182)

GCP

  • periodic serverless policy support (#3282)
  • service account and project role resources (#3281)
  • big query data set resource (#3280)
  • managed sql resource fixes and delete action (#3077)
  • gcp.instance - value filter tag/label support, onhours/offhours filters and start action (#3106)

Tools

  • tools/c7n_policystream - handle some corner cases around commits workflows
  • tools/c7n_mailer - update default slack_template to strip chars for json values (#3199)
  • tools/omnissm - don't omit IsTagged/IsInventoried to avoid nulls in dynamo (#3213)
  • tools/omnissm - initial windows os support (#3176)
  • tools/c7n_mailer - fix c7n-mailer-replay cli for custom template dirs, broken after #3017 (#3148)
  • tools/ops/mugc - fixes and multi-region cli parameter support (#3142)
Assets 2
You can’t perform that action at this time.