Why does Augeas Puppet resource type need 3 argume

I'm trying to add or update a user in an xml config file using augeas resource type in Puppet, here the manifest:

  augeas { "nexus_user_newadmin":
    lens    => "Xml.lns",
    incl    => "security.xml",
    root    => "/usr/local/nexus/conf",
    changes => [
      "defnode user /files/security.xml/security/users/user[id/#text='newadmin']",
      "set $user/id/#text 'newadmin'",
      "set $user/firstName/#text 'first name'",
      "set $user/lastName/#text 'last name'",
      "set $user/password/#text 'passhere'",
      "set $user/status/#text 'active'",
      "set $user/email/#text 'test@domain.com'",
    ],
  }

The xml file looks like :

<?xml version="1.0"?>
<security>
          <users>
            ...
            <user>
              <id>deployment</id>
              <firstName>Deployment</firstName>
              <lastName>User</lastName>
              <password>somepasshere</password>
              <status>active</status>
              <email>changeme1@yourcompany.com</email>
            </user>
          </users>
</security>

I get the error following when I run the manifest:

Main/Augeas[nexus_user_newadmin]: Could not evaluate: missing string argument 3 for defnode

It looks like the command defnode needs 3 mandatory arguments when used from puppet, but only 2 (and 1 optional) when used from augtool. (see my original post)

How can I overcome this limitations in augeas implementation in Puppet ?

There's several issues there.

First, while defnode takes an optional third argument (a value) in augtool, this argument is mandatory in Ruby/Puppet. You can however set it to an empty string.

Second, the $user variable is parsed by Puppet because you're using double quotes, so Augeas doesn't receive it (it's empty). You must either use single quotes or escape the dollar sign. In general, it is recommended to use single quotes in Puppet unless you need variables to be expanded.

Third, it'll be better to use incl and lens rather than root. You will benefit from an automatic context in Puppet, too:

augeas { 'nexus_user_newadmin':
  lens    => 'Xml.lns',
  incl    => '/usr/local/nexus/conf/security.xml',
  changes => [
    'defnode user security/users/user[id/#text="newadmin"] ""',
    'set $user/id/#text "newadmin"',
    'set $user/firstName/#text "first name"',
    'set $user/lastName/#text "last name"',
    'set $user/password/#text "passhere"',
    'set $user/status/#text "active"',
    'set $user/email/#text "test@domain.com"',
  ],
}