ChefConf 2019: Exception Handling: Compliance as Code
In the coded enterprise, it is straight-forward to apply a profile across our entire fleet of systems. But in our enterprises, we run hundreds or thousands of applications, with various servers, and we must modify our profiles to accommodate all of these exceptions. This quickly turns into an agonizing sprawl of hundreds or thousands of profiles. How do we manage all of these profiles? How do we know which exceptions are approved, and how do we manage new ones? In this talk, we’ll discuss some of our experiences solving these issues inside the US Federal Government, and the solution that underpins the changes necessary to the waiver approval process in order for this to work.