auth.conf not parsable by the trapperkeeper lens

[damoxc]

Using the latest puppetserver, the auth.conf file can't be read or modified by the trapperkeeper lens. My knowledge of writing lens isn't great but I'm going to guess that this is due to the nested hashes inside the array rules.

Could not evaluate: Augeas didn't load /etc/puppetlabs/puppetserver/conf.d/auth.conf with Trapperkeeper.lns: Syntax error (line:3, character:10)

This is just using an unmodified auth.conf from the package.

[raphink]

auth.conf is not meant to be parsed with the Trapperkeeper.lns lens. It's not the same format at all. If you want to modify auth.conf, you need to the use Puppet_Auth.lns lens. I would actually recommend using the puppet_auth type from augeasproviders_puppet.

[damoxc]

This isn't the leacy Puppet auth.conf but the new auth.conf that uses Trapperkeeper authentication.

See https://docs.puppetlabs.com/puppetserver/latest/config_file_auth.html#aside-changes-to-authorization-in-puppet-server-220/

[damoxc]

Actually, just noticed PuppetLabs provide a module for managing it anyway, sorry!

[mvisonneau]

Got the same issue..! Had it with webserver.conf and puppetserver.conf as well. What is the module you're using @damoxc ?

[mvisonneau]

My bad webserver.conf and puppetserver.conf works fine..

[damoxc]

@mvisonneau There's a module for specifically auth.conf, https://forge.puppetlabs.com/puppetlabs/puppet_authorization and also a module for the file format, https://forge.puppetlabs.com/puppetlabs/hocon

[mvisonneau]

Cool, thanks for the info @damoxc !