Iterate over a Puppet Hiera hash in a puppet manifest

Question

Update 1

I've changed the structure of the Hiera data a little and trying a different manifest style.

---

I'm trying to iterate over the following Hiera hash in a Puppet manifest:

windows-10.yaml:

---
message: "This node is using Windows 10 data"
#profile::hiera_test::backups_enabled: false

profile::hiera_test::firewall:
  rule1:
    groupName: 'Cortana'
    profileNames: ['Private','Public']
    action: 'Deny'
  rule2:
    groupName: 'Microsoft Photos'
    profileNames: 'Public'
    action: 'Deny'

Although I've updated the data structure and puppet lookup... returns what appears to be valid, I'm not entirely confident in the structure.

I have tried multiple permutations of the manifest. The latest of which looks like the following (based on this answer given by Matt Schuchard):

hiera_test.pp:

class profile::hiera_test (
    Hash $data = lookup('profile::hiera_test::firewall', "merge" => 'hash'),
){
  $data.each | String $key, Hash $value = {}|{
    notify {
      default:
        name    => "Demo_${key}",
        message => 'Item DEFAULT',
      ;
      $key:
        * => $value,
    }
  }
}

And the error / output from the above:

PS C:\Users\LocalAdmin> puppet agent -t
Notice: Local environment: 'production' doesn't match server specified node environment 'development', switching agent to 'development'.
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: no parameter named 'groupName' (file: /etc/puppetlabs/code/environments/development/site-modules/profile/manifests/hiera_test.pp, line: 31) on Notify[rule1] (file: /etc/puppetlabs/code/environments/development/site-modules/profile/manifests/hiera_test.pp, line: 31) on node winnode1.domain.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Ideally, I want it to work inside a class declaration (why?, because that's about as far as my Puppet learning has got, but happy to further my learning. I'm also using Puppet Enterprise (2019.0.2)).

There are several similar questions around the internet, but they are either out of date (Hiera <5), have incomplete examples including this, or I can't work out how to transpose them into what I need. Apparently create_resources is due for depreciation ?

If anyone can tell me where I'm going wrong that would be great.

Answer 1

I have got a working solution, but hopefully someone can chime in with a better way.

With the example in the question, the line * => $value substitutes * with keys from the Hiera hash. These keys are used as parameters of the notify resource and as per the error, there is no such parameter groupName for notify. I'd either have to change the keys in my Hiera data to match the parameters of notify which wouldn't make much sense or learn how to use the Hiera data keys as parameters...

Anyway, the Hiera data is the same as in the question, but the class is as follows:

class profile::hiera_test (
    Hash $data = lookup('profile::hiera_test::firewall', "merge" => 'hash'),
){
  $data.each | String $key, Hash $value = {}|{
    notify {
      default:
        name    => "Demo_${key}",
        message => 'Item DEFAULT',
      ;
      $key:
        name    => "Demo_${key}",
        message => "Output: GroupName: ${value['groupName']}, Profile Names: ${value['profileNames']}, Action: ${value['action']}",
    }
  }
}

As you can see, I've replaced * with valid parameters of the notify resource.

And the output:

Notice: Output: GroupName: Cortana, Profile Names: [Private, Public], Action: Deny
Notice: Output: GroupName: Microsoft Photos, Profile Names: Public, Action: Deny

Now to replace Notify with the real exec resource. Converting the profileNames array to PowerShell will be fun, I have no doubt.