Puppet Forge Version Puppet Forge Downloads Puppet Forge Endorsement Build Status Coverage Status Gemnasium

puppet: types/providers for Puppet files for Puppet

This module provides a new type/provider for Puppet to read and modify Puppet config files using the Augeas configuration library.

The advantage of using Augeas over the default Puppet parsedfile implementations is that Augeas will go to great lengths to preserve file formatting and comments, while also failing safely when needed.

This provider will hide all of the Augeas commands etc., you don't need to know anything about Augeas to make use of it.


Ensure both Augeas and ruby-augeas 0.3.0+ bindings are installed and working as normal.

See Puppet/Augeas pre-requisites.


On Puppet 2.7.14+, the module can be installed easily (documentation):

puppet module install herculesteam/augeasproviders_puppet

You may see an error similar to this on Puppet 2.x (#13858):

Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type `puppet_auth` at ...

Ensure the module is present in your puppetmaster's own environment (it doesn't have to use it) and that the master has pluginsync enabled. Run the agent on the puppetmaster to cause the custom types to be synced to its local libdir (puppet master --configprint libdir) and then restart the puppetmaster so it loads them.


Puppet versions

Minimum of Puppet 2.7.

Augeas versions

Augeas Versions 0.10.0 1.0.0 1.1.0 1.2.0
puppet_auth yes yes yes yes

Documentation and examples

Type documentation can be generated with puppet doc -r type or viewed on the Puppet Forge page.

puppet_auth provider

This is a custom type and provider supplied by augeasproviders.

It requires the Puppet_Auth.lns lens, which is provided with versions of Augeas strictly greater than 0.10.0.

manage simple entry

puppet_auth { 'Deny /facts':
  ensure        => present,
  path          => '/facts',
  authenticated => 'any',

manage regex entry

puppet_auth { 'Deny ~ ^/facts/([^/]+)$':
  ensure        => present,
  path          => '^/facts/([^/]+)$',
  path_regex    => true,
  authenticated => 'any',

add multiple environments

puppet_auth { 'Allow /facts for prod and dev environments from same client':
  ensure        => present,
  path          => '/facts',
  authenticated => 'any',
  allow         => '$1',
  environments  => ['prod', 'dev'],

ensure an entry is before a given path

ins_after provides the opposite functionality, so an entry is created after a given path.

puppet_auth { 'Allow /facts before first denied rule':
  ensure        => present,
  path          => '/facts',
  authenticated => 'any',
  allow         => '*',
  ins_before    => 'first deny',

delete entry

puppet_auth { 'Remove /facts':
  ensure => absent,
  path   => '/facts',


Please file any issues or suggestions on GitHub.