If you were writing Bash or Python or Java programs to build out your infrastructure you'd have a fighting chance of them being possible to debug and maintain because you won't be fighting with a declarative system that has a structural mismatch with the domain. And those scripts are not likely to break going from JDK 8 to JDK 17 or Python 3.6 to 3.11. If they do it is because of some superficial change, not because they traded one structurally wrong model for another one.

All of those things like puppet are a problem instead of a solution. None of those things absolve you from understanding how to write bash scripts, but they do make you learn a complex model that doesn't quite fit the domain and then make you fight with that model to do the simplest things.