From 3a97c2314c67245be3190cc485cff63e40a833fd Mon Sep 17 00:00:00 2001 From: Raphaël Pinson Date: Thu, 6 Dec 2012 11:33:43 +0100 Subject: Add validate_augeas function --- lib/puppet/parser/functions/validate_augeas.rb | 70 ++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 lib/puppet/parser/functions/validate_augeas.rb (limited to 'lib') diff --git a/lib/puppet/parser/functions/validate_augeas.rb b/lib/puppet/parser/functions/validate_augeas.rb new file mode 100644 index 0000000..01a2e91 --- /dev/null +++ b/lib/puppet/parser/functions/validate_augeas.rb @@ -0,0 +1,70 @@ +module Puppet::Parser::Functions + newfunction(:validate_augeas, :doc => <<-'ENDHEREDOC') do |args| + Perform validation of a string using an Augeas lens + The first argument of this function should be a string to + test, and the second argument should be the name of the Augeas lens to use. + If Augeas fails to parse the string with the lens, the compilation will + abort with a parse error. + + A third argument can be specified, listing paths which should + not be found in the file. The `$file` variable points to the location + of the temporary file being tested in the Augeas tree. + + For example, if you want to make sure your passwd content never contains + a user `foo`, you could write: + + validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo']) + + Or if you wanted to ensure that no users used the '/bin/barsh' shell, + you could use: + + validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell="/bin/barsh"]'] + + If a fourth argument is specified, this will be the error message raised and + seen by the user. + + A helpful error message can be returned like this: + + validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas') + + ENDHEREDOC + if (args.length < 2) or (args.length > 4) then + raise Puppet::ParseError, ("validate_augeas(): wrong number of arguments (#{args.length}; must be 2, 3, or 4)") + end + + msg = args[3] || "validate_augeas(): Failed to validate content against #{args[1].inspect}" + + require 'augeas' + aug = Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) + + content = args[0] + + # Test content in a temporary file + tmpfile = Tempfile.new("validate_augeas") + tmpfile.write(content) + tmpfile.close + + # Check for syntax + lens = args[1] + aug.transform( + :lens => lens, + :name => 'Validate_augeas', + :incl => tmpfile.path + ) + aug.load! + + unless aug.match("/augeas/files#{tmpfile.path}//error").empty? + error = aug.get("/augeas/files#{tmpfile.path}//error/message") + msg += " with error: #{error}" + raise Puppet::ParseError, (msg) + end + + # Launch unit tests + tests = args[2] || [] + aug.defvar('file', "/files#{tmpfile.path}") + tests.each do |t| + msg += " testing path #{t}" + raise Puppet::ParseError, (msg) unless aug.match(t).empty? + end + end +end -- cgit v1.2.3 From 41bc722139028929b9ab1f9a14b318d1a23206f9 Mon Sep 17 00:00:00 2001 From: Raphaël Pinson Date: Fri, 18 Jan 2013 21:42:54 +0100 Subject: validate_augeas: Ensure augeas handler gets closed --- lib/puppet/parser/functions/validate_augeas.rb | 55 ++++++++++++++------------ 1 file changed, 29 insertions(+), 26 deletions(-) (limited to 'lib') diff --git a/lib/puppet/parser/functions/validate_augeas.rb b/lib/puppet/parser/functions/validate_augeas.rb index 01a2e91..273b954 100644 --- a/lib/puppet/parser/functions/validate_augeas.rb +++ b/lib/puppet/parser/functions/validate_augeas.rb @@ -17,7 +17,7 @@ module Puppet::Parser::Functions Or if you wanted to ensure that no users used the '/bin/barsh' shell, you could use: - + validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell="/bin/barsh"]'] If a fourth argument is specified, this will be the error message raised and @@ -36,35 +36,38 @@ module Puppet::Parser::Functions require 'augeas' aug = Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) + begin + content = args[0] - content = args[0] - - # Test content in a temporary file - tmpfile = Tempfile.new("validate_augeas") - tmpfile.write(content) - tmpfile.close + # Test content in a temporary file + tmpfile = Tempfile.new("validate_augeas") + tmpfile.write(content) + tmpfile.close - # Check for syntax - lens = args[1] - aug.transform( - :lens => lens, - :name => 'Validate_augeas', - :incl => tmpfile.path - ) - aug.load! + # Check for syntax + lens = args[1] + aug.transform( + :lens => lens, + :name => 'Validate_augeas', + :incl => tmpfile.path + ) + aug.load! - unless aug.match("/augeas/files#{tmpfile.path}//error").empty? - error = aug.get("/augeas/files#{tmpfile.path}//error/message") - msg += " with error: #{error}" - raise Puppet::ParseError, (msg) - end + unless aug.match("/augeas/files#{tmpfile.path}//error").empty? + error = aug.get("/augeas/files#{tmpfile.path}//error/message") + msg += " with error: #{error}" + raise Puppet::ParseError, (msg) + end - # Launch unit tests - tests = args[2] || [] - aug.defvar('file', "/files#{tmpfile.path}") - tests.each do |t| - msg += " testing path #{t}" - raise Puppet::ParseError, (msg) unless aug.match(t).empty? + # Launch unit tests + tests = args[2] || [] + aug.defvar('file', "/files#{tmpfile.path}") + tests.each do |t| + msg += " testing path #{t}" + raise Puppet::ParseError, (msg) unless aug.match(t).empty? + end + ensure + aug.close end end end -- cgit v1.2.3 From d568c4e0f7a6323cf462045159e8203b4715e196 Mon Sep 17 00:00:00 2001 From: Raphaël Pinson Date: Fri, 18 Jan 2013 21:54:35 +0100 Subject: validate_augeas: Ensure tmpfile is closed and unlinked --- lib/puppet/parser/functions/validate_augeas.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/puppet/parser/functions/validate_augeas.rb b/lib/puppet/parser/functions/validate_augeas.rb index 273b954..a407118 100644 --- a/lib/puppet/parser/functions/validate_augeas.rb +++ b/lib/puppet/parser/functions/validate_augeas.rb @@ -41,8 +41,11 @@ module Puppet::Parser::Functions # Test content in a temporary file tmpfile = Tempfile.new("validate_augeas") - tmpfile.write(content) - tmpfile.close + begin + tmpfile.write(content) + ensure + tmpfile.close + end # Check for syntax lens = args[1] @@ -68,6 +71,7 @@ module Puppet::Parser::Functions end ensure aug.close + tmpfile.unlink end end end -- cgit v1.2.3 From 35f9a01879858fcbd0c93c1fd90ff71365a27d9b Mon Sep 17 00:00:00 2001 From: Raphaël Pinson Date: Fri, 18 Jan 2013 21:59:47 +0100 Subject: validate_augeas: requires augeas --- lib/puppet/parser/functions/validate_augeas.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/puppet/parser/functions/validate_augeas.rb b/lib/puppet/parser/functions/validate_augeas.rb index a407118..d66e340 100644 --- a/lib/puppet/parser/functions/validate_augeas.rb +++ b/lib/puppet/parser/functions/validate_augeas.rb @@ -28,6 +28,10 @@ module Puppet::Parser::Functions validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas') ENDHEREDOC + unless Puppet.features.augeas? + raise Puppet::ParseError, ("validate_augeas(): requires the ruby augeas bindings") + end + if (args.length < 2) or (args.length > 4) then raise Puppet::ParseError, ("validate_augeas(): wrong number of arguments (#{args.length}; must be 2, 3, or 4)") end -- cgit v1.2.3 From c5f0309b1d3806a6caab9160033653cd40634894 Mon Sep 17 00:00:00 2001 From: Raphaël Pinson Date: Sun, 20 Jan 2013 13:15:22 +0100 Subject: Add an URL to a doc on how to activate augeas in puppet --- lib/puppet/parser/functions/validate_augeas.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/puppet/parser/functions/validate_augeas.rb b/lib/puppet/parser/functions/validate_augeas.rb index d66e340..154d660 100644 --- a/lib/puppet/parser/functions/validate_augeas.rb +++ b/lib/puppet/parser/functions/validate_augeas.rb @@ -29,7 +29,7 @@ module Puppet::Parser::Functions ENDHEREDOC unless Puppet.features.augeas? - raise Puppet::ParseError, ("validate_augeas(): requires the ruby augeas bindings") + raise Puppet::ParseError, ("validate_augeas(): this function requires the augeas feature. See http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Augeas#Pre-requisites for how to activate it.") end if (args.length < 2) or (args.length > 4) then -- cgit v1.2.3