Add validate_augeas command

[raphink]

This PR adds a new validate_augeas function, which takes a string and an Augeas lens, and validates the string against the Augeas lens. Example:

validate_augeas("root ALL=(ALL) ALL\n", "Sudoers.lns")

The function optionally takes an array of paths which should not be found in the content.

For example, if you want to make sure your passwd content never contains a user foo, you could write:

validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])

Or if you wanted to ensure that no users used the '/bin/barsh' shell, you could use:

validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell="/bin/barsh"]']

Like all validate_* functions, it fails compilation if the check fails. It also takes an optional 4rd argument to specify a nicer message.

[jeffmccune]

Watch out for whitespace errors. I found this with git diff --check master.

[jeffmccune]

(I'll fix it up in my own topic branch, no action required.)

[raphink]

Thanks.

[jeffmccune]

@raphink Does this function require augeaus? If so, I'd like to discuss the pros and cons of merging it into stdlib rather than another module. As it currently stands, stdlib does not have any dependencies other than Ruby and Puppet AFAIK, so this would be a big change from a dependency and requirements stand point.

[raphink]

The function does require augeas indeed. That said, it will not make stdlib depend on augeas per se. Rather, you will need ruby-augeas to use this function only. I could probably add a check for augeas in the function to issue a clean warning if it is not available.

[jeffmccune]

@raphink Yes, if the function disabled itself if Augeas isn't present then I think it would be OK to include. It may also be worth checking how the Augeas types and providers perform this check. If it's a public API then this parser function could re-use the behavior.

[raphink]

@jeffmccune I added changes to:

• Ensure the augeas handler is always closed
• Ensure the tmpfile is always closed and unlinked
• Ensure Puppet has the augeas feature

[jeffmccune]

This is good, but I think it would be great if the error message helped the end user with next steps to make this work. For example, perhaps a URL to a document that describes how to enable the augeas feature in Puppet.

Hopefully we have this documented at http://docs.puppetlabs.com/

Maybe something like, "requires the ruby augeas bindings. Information about how to satisfy this requirements is available at: http://..."

I think this would be great because a ParseError aborts catalog compilation entirely, so the user is sort of "stuck" if they encounter this error.

[jeffmccune]

I think this is ready to go once the one comment about "next steps" when the augeas feature is not available is addressed and the tests are passing.

-Jeff

[raphink]

@jeffmccune This URL is where augeas installation for puppet is documented.

[jeffmccune]

Merged into master as 4d24bd3.

This should be released in 3.3.0.

Thanks again for the contribution!

-Jeff