Puppet Lint tests Puppet code against the recommended Puppet language style
guide. Puppet Lint validates only code style; it does not validate syntax. To test syntax, use Puppet's puppet parser validate command.
This tool is only supported on Puppet 7 & 8 environments. In cases where Puppet Lint is required in an environment with Puppet 6, we recommend pinning to version 2.5.2.
Install the Puppet Lint gem by running:
gem install puppet-lint
To test manifests for correct Puppet style, run the puppet-lint command with the path to the files you want to test.
For example:
puppet-lint ~/modules/puppetlabs-java/manifests/init.pp
puppet-lint ~/modules/puppetlabs-mysql/manifests
To instruct Lint to automatically fix any issues that it detects, use the --fix flag:
puppet-lint --fix /modules
Puppet Lint options allow you to modify which checks to run. You can disable any of the checks temporarily or permanently, or you can limit testing to specific checks.
To list all available checks along with basic usage documentation, use the --list-checks option.
To run only specific checks, use the --only-checks option, with a comma-separated list of arguments specifying which checks to make:
puppet-lint --only-checks trailing_whitespace,140chars modules/
To avoid enormous patch sets when using the --fix flag, use the --only-checks option to limit which checks Puppet Lint makes:
puppet-lint --only-checks trailing_whitespace --fix modules/
You can disable specific Lint checks on the command line, disable them permanently with a configuration file, or disable them with control comments within your Puppet code.
To disable any of the checks when running the puppet-lint command, add a --no-<check_name>-check flag to the command. For example, to skip the 140-character check, run:
puppet-lint --no-140chars-check modules/
To disable checks from within your Puppet code itself, use control comments. Disable checks on either a per-line or per-block basis using #lint:ignore:<check_name>.
For example:
class foo {
$bar = 'bar'
# This ignores the double_quoted_strings check over multiple lines
# lint:ignore:double_quoted_strings
$baz = "baz"
$gronk = "gronk"
# lint:endignore
# This ignores the 140chars check on a single line
$this_line_has_a_really_long_name_and_value_that_is_much_longer_than_the_style_guide_recommends = "I mean, a really, really long line like you can't believe" # lint:ignore:140chars
}Each time Puppet Lint starts up, it loads configuration from three files in order:
/etc/puppet-lint.rc~/.puppet-lint.rc.puppet-lint.rc
This means that a flag in the local .puppet-lint.rc will take precedence over a flag in the global /etc/puppet-lint.rc, for example. Flags specified on the command line take final precedence and override all config file options.
Any flag that can be specified on the command line can also be specified in the configuration file. For example, to always skip the hard tab character check, create ~/.puppet-lint.rc and include the line:
--no-hard_tabs-check
Or to specify an allowlist of allowed checks, include a line like:
--only-checks=trailing_whitespace,hard_tabs,duplicate_params,double_quoted_strings,unquoted_file_mode,only_variable_string,variables_not_enclosed,single_quote_string_with_variables,variable_contains_dash,ensure_not_symlink_target,unquoted_resource_title,relative_classname_inclusion,file_mode,resource_reference_without_title_capital,leading_zero,arrow_alignment,space_before_arrow,variable_is_lowercase,ensure_first_param,resource_reference_without_whitespace,file_ensure,trailing_comma,leading_zero
Please note that there is an important difference between reading options from the command line and reading options from a configuration file: In the former case the shell interprets one level of quotes. That does not happen in the latter case. So, it would make sense to quote some configuration values on the command line, like so:
$ puppet-lint --ignore-paths 'modules/stdlib/*' modules/
When reading from a configuration file those quotes would be passed on to the option parser -- probably not giving the expected result. Instead the line should read
--ignore-paths=modules/stdlib/*
To test your entire Puppet manifest directory, add require 'puppet-lint/tasks/puppet-lint' to your Rakefile and then run:
rake lint
To modify the default behaviour of the Rake task, modify the Puppet Lint configuration by defining the task yourself. For example:
PuppetLint::RakeTask.new :lint do |config|
# Pattern of files to check, defaults to `**/*.pp`
config.pattern = 'modules'
# Pattern of files to ignore
config.ignore_paths = ['modules/apt', 'modules/stdlib']
# List of checks to disable
config.disable_checks = ['documentation', '140chars']
# Should puppet-lint prefix it's output with the file being checked,
# defaults to true
config.with_filename = false
# Should the task fail if there were any warnings, defaults to false
config.fail_on_warnings = true
# Format string for puppet-lint's output (see the puppet-lint help output
# for details
config.log_format = '%{filename} - %{message}'
# Print out the context for the problem, defaults to false
config.with_context = true
# Enable automatic fixing of problems, defaults to false
config.fix = true
# Show ignored problems in the output, defaults to false
config.show_ignored = true
# Compare module layout relative to the module root
config.relative = true
endYou can also disable checks when running Puppet Lint through the supplied Rake task by modifying your Rakefile.
-
To disable a check, add the following line after the
requirestatement in yourRakefile:PuppetLint.configuration.send("disable_<check name>")
For example, to disable the 140-character check, add:
PuppetLint.configuration.send("disable_140chars")
-
To set the Lint Rake task to ignore certain paths:
PuppetLint.configuration.ignore_paths = ["vendor/**/*.pp"]
-
To set a pattern of files that Lint should check:
# Defaults to `**/*.pp` PuppetLint.configuration.pattern = "modules"
There is a GitHub Actions action available to get linter feedback in workflows:
GitLab users can use the --codeclimate-report-file configuration option to generate a report for use with the
Code Quality feature.
The easiest way to set this option, (and without having to modify rake tasks), is with the CODECLIMATE_REPORT_FILE environment variable.
For example, the following GitLab job sets the environment variable and archives the report produced.
validate lint check rubocop-Ruby 2.7.2-Puppet ~> 7:
stage: syntax
image: ruby:2.7.2
script:
- bundle exec rake validate lint check rubocop
variables:
PUPPET_GEM_VERSION: '~> 7'
CODECLIMATE_REPORT_FILE: 'gl-code-quality-report.json'
artifacts:
reports:
codequality: gl-code-quality-report.json
expire_in: 1 weekSee puppet-lint --help for a full list of command line options and checks.
For a complete list of checks, and how to resolve errors on each check, see the Puppet Lint checks page.
- Must use two-space soft tabs.
- Must not use literal tab characters.
- Must not contain trailing white space.
- Should not exceed an 140-character line width.
- An exception has been made for
source => 'puppet://...'lines as splitting these over multiple lines decreases the readability of the manifests.
- An exception has been made for
- Should align arrows (
=>) within blocks of attributes. - Should contain at most a single space before an arrows(
=>) where the parameter block contains exactly one parameter.
- All strings that do not contain variables should be enclosed in single quotes.
- An exception has been made for double-quoted strings containing \n or \t.
- All strings that contain variables must be enclosed in double quotes.
- All variables should be enclosed in braces when interpolated in a string.
- Variables standing by themselves should not be quoted.
- All variables should be in lowercase.
- All resource titles should be quoted.
- An exception has been made for resource titles that consist of only a variable standing by itself.
- If a resource declaration includes an
ensureattribute, it should be the first attribute specified. - Symbolic links should be declared by using an ensure value of
linkand explicitly specifying a value for thetargetattribute. - File modes should be represented as a 4-digit string enclosed in single quotes or use symbolic file modes.
- You should not intermingle conditionals inside resource declarations (that is, selectors inside resources).
- Case statements should have a default case.
- Relationship declarations with the chaining syntax should only be used in the 'left to right' direction.
- Classes should not be defined inside a class.
- Defines should not be defined inside a class.
- Classes should not inherit between namespaces.
- Required parameters in class & defined type definitions should be listed before optional parameters.
- When using top-scope variables, including facts, Puppet modules should explicitly specify the empty namespace.
- Chaining operators should appear on the same line as the right hand operand.
If you find a bug in Puppet Lint or its results, please create an issue in the repo issues tracker. Bonus points will be awarded if you also include a patch that fixes the issue.
Acceptance tests for this tool leverage puppet_litmus. To run the acceptance tests follow the instructions here. You can also find a tutorial and walkthrough of using Litmus and the PDK on YouTube.
If you run into an issue with this tool or would like to request a feature you can raise a PR with your suggested changes. Alternatively, you can raise a Github issue with a feature request or to report any bugs. Every other Tuesday the DevX team holds office hours in the Puppet Community Slack, where you can ask questions about this and any other supported tools. This session runs at 15:00 (GMT) for about an hour.
If you have problems getting this tool up and running, please contact Support.
Many thanks to the following people for contributing to puppet-lint
- James Turnbull (@kartar)
- Jan Vansteenkiste (@vStone)
- Julian Simpson (@simpsonjulian)
- S. Zachariah Sprackett (@zsprackett)
As well as the many people who have reported the issues they've had!
Copyright (c) 2011-2016 Tim Sharpe
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.