...
Use Puppet Resource tags to refer to CCE ids.(Trevor doesn't like tags because they are mutable under some circumstances)- Provide an inert custom type to track CCE->resource mappings as metadata in the catalog.
- It will accept:
- The CCE ID
- A collection of mapped resources (as a list or individually)
- Additional (optional) annotations for a given CCE(s)
Hypothetical example:
cce{ 'cce_indentifieridentifier':resources => [Package['foo'], Service['foo']. File['/etc/foo.bar']] comments => 'An optional annotation about this particular mapping'
}
- It will accept:
- Use the catalog compiled for a given system to compil relevant security-compliance documentation.
...