Versions Compared

Version Old Version 10 New Version Current
Changes made by

Judith Johnson

Trevor Vaughan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
label
Status
Status
colourYellowBlue
titleIn progressCOMPLETE
StakeholdersTrevor Vaughan Chris Tessmer 
OutcomeThe pupmod-compliance_mapper was created to address this issue and appears to be working quite well.
Due date
OwnerChris Tessmer 

...

The CCE is a unique and immutable reference used by compliance-checking solutions such as OpenSCAP.

The Proposed Approach: Embed CCE->Resource Mappings & Compliance Results in the Catalog

  • This is hastily written down after an after-hours TrevoRant
  • Embed CCE-to-resource mapping data in the module itself, including how to determine the expected value
  • During catalog compiles on the Puppet Server, use a function to build a data structure of the CCE-to-resource mappings, their compliant values, and the actual values.
  • After the data structure is complete, add it to the catalog.
  • Create tool to build using the data structure in the catalog

 

An Older Proposed Approach: Embed CCE->Resource Mappings in the Catalog

Our approach within modules will be to record the CCE->resource mapping in the Puppet catalog itself:

...