No symbolic file modes - puppet-lint check

Modern versions of Puppet allow you to specify the mode of a file resource in one of two ways, either as a traditional octal value or the (newer addition) symbolic file modes. Although these may seem equivalent there is a minor difference that recently caused an issue on a project I do a little bit of puppet work for.

Below are two example resources that each set the files permissions so the user can read and write it.

    file { '/tmp/octal-mode':
      mode => '0600',
    }

    file { '/tmp/symbolic-mode':
      mode => 'u=rw',
    }

Although the mode is expressed differently each resource ends up with the same permissions on the filesystem. Now we’ll get a little more creative. What mode does this file have?

    class symbolic_file_mode {
      file { '/tmp/symbolic-mode':
        mode => 'g+w,o+rx',
      }
    }

Without additional context from outside your puppet manifest it’s impossible to know. They’d actually hit this as an issue, their source permissions changed and as they were adding to, not explicitly setting, them they had some oddness. So I wrote No symbolic file modes puppet-lint check for them. It flags all symbolic modes as warnings. It’d be simple to change this to only complain about additive symbolic modes but after they’d been bitten the local style rules were changed to disallow them completely. Hopefully someone else also finds it useful.