Overview

The type allows you to specify individual properties of native Puppet types as resources in a Puppet catalog.

This can be usefull when you need to add specific properties to an exsiting resource, but need to do it somewhere else in your puppet code. Here is an contrived example:

 file {'/etc/a.a':
   ensure => 'present',
   group  => 'root',
 }

and in some other manifest:

resource_value{ "File[/etc/a.a]owner":
  value => 'vagrant'
}

here you add the owner property to the resource File[/etc/a.a]. When you run this manifest, you will only see that the File[/etc/a.a] beeing managed once and all properties beeing set to the correct value.

By default the resource_value doesn’t allow you to override the existing value. So this means when the value is already set somewhere in the catalog. So when we try this example:

file {'/etc/a.a':
  ensure => 'present',
  group  => 'root',
  owner  => 'root'
}

resource_value{ "File[/etc/a.a]owner":
  value => 'vagrant'
}

This happens:

Error: /Stage[main]/Main/Resource_value[File[/etc/a.a]owner]: Resource_value[File[/etc/a.a]owner]: Property owner value already defined on File[/etc/a.a] in catalog.
Error: Failed to apply catalog: Some pre-run checks failed

When you want to override this behavior check the ` allow_redefine` parameter.

By default the resource_value type uses an existing resource in the catalog. When you try to use resource_value without existing resource this happens:

Error: /Stage[main]/Main/Resource_value[File[/etc/a.a]owner]: Resource_value[File[/etc/a.a]owner]: resource 'File[/etc/a.a]' not found in catalog
Error: Failed to apply catalog: Some pre-run checks failed

When you want resource_value to create the resource, you have to set the allow_create property to true.

WARNING

The resource_value is a type that can be useful in specific cases. We have build it to support CIS benchmarks in Puppet. Our use case was to allow the manifest writer to “just do his thing” and us to add the extra security layer. Without knowing to much about each other. That said. Don’t over use this type. Specially the add_value and the remove_value override existing values without warning and searching for (logical) errors in your manifest becomes very difficult.

Attributes

Attribute Name Short Description
add_value The value you want to add to the array resource property.
allow_create Allow creation of the resource if it is not yet in the catalog.
allow_redefine Allow redefinition of the property value.
disable_corrective_change Disable the modification of a resource when Puppet decides it is a corrective change.
disable_corrective_ensure Disable the creation or removal of a resource when Puppet decides is a corrective change.
name The full qualified name of the resource value you want to set.
property_name The property of the resource you want to manage.
provider resource.
remove_value The value you want to remove an entry from the array resource property.
resource_title The title of the resource you want to manage.
resource_type The name of the type you want to manage.
unique The unique maker of the resource you want to manage.
value The actual value you want the resource property to be set to.
warnings Do emmit warnings when catalog items are changed.

add_value

The value you want to add to the array resource property.

Here is an example on how to use this:

ora_user { 'USER@test':
  ensure               => 'present',
  default_tablespace   => 'USERS',
  grants               => ['ALTER SYSTEM', 'ALTER DATABASE'],
}

Somewhere else in your manifest, you want to add an extra grant. You can do this like this:

resource_value{'Ora_user[USER@test]grants/1':
  add_value => 'SELECT ANY DICTIONARY',
}

The add_value property also supports an array value:

resource_value{'Ora_user[USER@test]grants/more_grants':
  add_value => ['ALTER SESSION', 'CONNECT'],
}

Back to overview of resource_value

allow_create

Allow creation of the resource if it is not yet in the catalog.

By default the resource_value requires an existing entry in the catalog. When you set allow_create to true, when the catalog doesn’t contain the resource, resource_value wil create it.

To allow this, the resource must allow a creation with just the specfied parameter name.

Back to overview of resource_value

allow_redefine

Allow redefinition of the property value.

By default the resource_value doesn’t allow you to override the value of a property. It just allows the aditional definition of a property not yet defined.

When you set allow_redefine to true, this is allowed.

WARNING This must be used with great care. It might unkowningly redefine a property value.

Back to overview of resource_value

disable_corrective_change

Disable the modification of a resource when Puppet decides it is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ...
  disable_corrective_change => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:

    Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)

Back to overview of resource_value

disable_corrective_ensure

Disable the creation or removal of a resource when Puppet decides is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ensure                    => 'present',
  ...
  disable_corrective_ensure => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:

    Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)

Back to overview of resource_value

name

The full qualified name of the resource value you want to set. The full qualified name contains:

  • The type name (e.g. Host)
  • The resource title (e.g. ‘myhost.example.com’)
  • The property name (e.g. ‘host_aliases’)

When you want to work with array values, you can use the serial number

  • The serial number (e.g. 1,2…etc)

Here is an example of a full qualified name:

propery_value { 'Host[myhost.example.com]host_aliases/1':
  ...
}

Back to overview of resource_value

property_name

The property of the resource you want to manage. It is the part after the ]. In the next example:

propery_value { 'File[/tmp/a.a]owner':
  ...
}

owner is the property name.

Back to overview of resource_value

provider

The specific backend to use for this resource_value resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:

simple
Manage individual properties as a full resource

Back to overview of resource_value

remove_value

The value you want to remove an entry from the array resource property.

Here is an example on how to use this:

ora_user { 'USER@test':
  ensure               => 'present',
  default_tablespace   => 'USERS',
  grants               => ['ALTER SYSTEM', 'ALTER DATABASE', 'SELECT ANY DICTIONARY', 'CONNECT'],
}

Somewhere else in your manifest, you want to remove some of these grants. You can do this like this:

resource_value{'Ora_user[USER@test]grants/1':
  remove_value => 'SELECT ANY DICTIONARY',
}

The remove_value property also supports an array value:

resource_value{'Ora_user[USER@test]grants/more_grants':
  remove_value => ['ALTER SESSION', 'CONNECT'],
}

Back to overview of resource_value

resource_title

The title of the resource you want to manage. It is the part between the [ and the ]. In the next example:

propery_value { 'File[/tmp/a.a]owner':
  ...
}

/tmp/a.a is the type name.

Back to overview of resource_value

resource_type

The name of the type you want to manage. It is the first part of the title. In the next example:

propery_value { 'File[/tmp/a.a]owner':
  ...
}

File is the type name.

Back to overview of resource_value

unique

The unique maker of the resource you want to manage.

When using the add_value or remove_value use cases, you might want to create multiple resource_value definitions on the same basic resource. Because Puppet mandates unique titles, we have added the possibility to add a unique maker to the end of the title. It has no other functional use than making the title unique. It is the last part of the title.

propery_array_value { 'Host[www.example.com]host_aliases/1':
  ...
}

In this example the number 1 is the number that makes the title unique. But it doesn’t have to be a number. It can also be a string.

propery_array_value { 'Host[www.example.com]host_aliases/add_extra':
...
}

Back to overview of resource_value

value

The actual value you want the resource property to be set to.

In the next example, you want to set the property owner to the value root for the file /tmp/a.a.

propery_value { 'File[/tmp/a.a]owner':
  value => 'root'
}

Back to overview of resource_value

warnings

Do emmit warnings when catalog items are changed.

When allow_redefine is set to true you may override a current value in the catalog. It will however emit an warning by default. When you don’t want the warning, you can suppress it by setting warning to false.

WARNING This must be used with great care. It might unkowningly redefine a property value, without you nowing about it.

Back to overview of resource_value