Using structured and trusted facts for node group rules

Structured facts group related facts, and trusted facts are a type of structured fact.

Structured facts group related facts in a hash or array. For example, the os structured fact contains multiple individual facts about the operating system, such as architecture, family, and release. In the Puppet Enterprise (PE) console, when you view a node's facts, structured facts are surrounded by curly braces.

Trusted facts are a type of structured fact where the facts are immutable and extracted from a node’s certificate. Because these facts can’t be changed or overridden, trusted facts enhance security by verifying a node’s identity before sending sensitive data in its catalog.

You can use structured and trusted facts in dynamic node group rules.

If you use trusted facts to specify certificate extensions, in order for this fact to function properly in a node group rule, you must use short names for Puppet-specific registered IDs and numeric IDs for private extensions. Private extensions require numeric IDs whether or not you specify a short name in the custom_trusted_oid_mapping.yaml file.