rouster 0.42 → 0.53

data/lib/rouster/puppet.rb

@@ -5,8 +5,6 @@ require 'net/https'
 require 'socket'
 require 'uri'
 
-# TODO use @cache_timeout to invalidate data cached here
-
 class Rouster
 
   ##
@@ -18,8 +16,17 @@ class Rouster
   # * [cache] - whether to store/return cached facter data, if available
   # * [custom_facts] - whether to include custom facts in return (uses -p argument)
   def facter(cache=true, custom_facts=true)
+
     if cache.true? and ! self.facts.nil?
-      return self.facts
+
+      if self.cache_timeout and self.cache_timeout.is_a?(Integer) and (Time.now.to_i - self.cache[:facter]) > self.cache_timeout
+        @log.debug(sprintf('invalidating [facter] cache, was [%s] old, allowed [%s]', (Time.now.to_i - self.cache[:facter]), self.cache_timeout))
+        self.facts = nil
+      else
+        @log.debug(sprintf('using cached [facter] from [%s]', self.cache[:facter]))
+        return self.facts
+      end
+
     end
 
     raw  = self.run(sprintf('facter %s', custom_facts.true? ? '-p' : ''))
@@ -31,7 +38,9 @@ class Rouster
     end
 
     if cache.true?
+      @log.debug(sprintf('caching [facter] at [%s]', Time.now.asctime))
       self.facts = res
+      self.cache[:facter] = Time.now.to_i
     end
 
     res
@@ -53,7 +62,11 @@ class Rouster
     # post https://<puppetmaster>/catalog/<node>?facts_format=pson&facts=<pson URL encoded> == ht to patrick@puppetlabs
     certname     = hostname.nil? ? self.run('hostname --fqdn').chomp : hostname
     puppetmaster = puppetmaster.nil? ? 'puppet' : puppetmaster
-    facts        = facts.nil? ? self.facter() : facts # TODO check for presence of certain 'required' facts/datatype?
+    facts        = facts.nil? ? self.facter() : facts
+
+    %w(fqdn hostname operatingsystem operatingsystemrelease osfamily rubyversion).each do |required|
+      raise ArgumentError.new(sprintf('missing required fact[%s]', required)) unless facts.has_key?(required)
+    end
 
     raise InternalError.new('need to finish conversion of facts to PSON')
     facts.to_pson # this does not work, but needs to
@@ -124,13 +137,41 @@ class Rouster
   # returns hiera results from self
   #
   # parameters
-  # * <key> - hiera key to look up
-  # * [config] - path to hiera configuration -- this is only optional if you have a hiera.yaml file in ~/vagrant
-  def hiera(key, config=nil)
+  # * <key>     - hiera key to look up
+  # * [facts]   - hash of facts to be used in hiera lookup (technically optional, but most useful hiera lookups are based on facts)
+  # * [config]  - path to hiera configuration -- this is only optional if you have a hiera.yaml file in ~/vagrant, default option is correct for most puppet installations
+  # * [options] - any additional parameters to be passed to hiera directly
+  #
+  # note
+  # * if no facts are provided, facter() will be called - to really run hiera without facts, send an empty hash
+  # * this method is mostly useful on your puppet master, as your agents won't likely have /etc/puppet/hiera.yaml - to get data on another node, specify it's facts and call hiera on your ppm
+  def hiera(key, facts=nil, config='/etc/puppet/hiera.yaml', options=nil)
+    # TODO implement caching? where do we keep it? self.hiera{}? or self.deltas{} -- leaning towards #1
+
+    cmd = 'hiera'
+
+    if facts.nil?
+      @log.info('no facts provided, calling facter() automatically')
+      facts = self.facter()
+    end
+
+    if facts.keys.size > 0
+      scope_file = sprintf('/tmp/rouster-hiera_scope.%s.%s.json', $$, Time.now.to_i)
 
-    # TODO implement this
-    raise NotImplementedError.new()
+      File.write(scope_file, facts.to_json)
+      self.put(scope_file, scope_file)
+      File.delete(scope_file)
 
+      cmd << sprintf(' -j %s', scope_file)
+    end
+
+    cmd << sprintf(' -c %s', config) unless config.nil?
+    cmd << sprintf(' %s', options) unless options.nil?
+    cmd << sprintf(' %s', key)
+
+    raw = self.run(cmd)
+
+    JSON.parse(raw)
   end
 
   ##
@@ -230,7 +271,6 @@ class Rouster
     end
 
     # remove all nil references
-    # TODO make this more rubyish
     resources.each_key do |name|
       resources[name].each_pair do |k,v|
         unless v
@@ -246,6 +286,8 @@ class Rouster
     results
   end
 
+  # TODO: come up with better method names here.. remove_existing_certs() and remove_my_cert() are not very descriptive
+
   ##
   # remove_existing_certs
   #
@@ -254,16 +296,27 @@ class Rouster
   #
   # parameters
   # * <puppetmaster> - string/partial regex of certificate names to keep
-  def remove_existing_certs (puppetmaster)
-    hosts = Array.new()
+  def remove_existing_certs (except)
+    except = except.kind_of?(Array) ? except : [except] # need to move from <>.class.eql? to <>.kind_of? in a number of places
+    hosts  = Array.new()
 
     res = self.run('puppet cert list --all')
 
+    # TODO refactor this away from the hacky_break
     res.each_line do |line|
-      next if line.match(/#{puppetmaster}/)
+      hacky_break = false
+
+      except.each do |exception|
+        hacky_break = line.match(/#{exception}/)
+
+        next if hacky_break
+      end
+
+      next unless hacky_break
+
       host = $1 if line.match(/^\+\s"(.*?)"/)
 
-      hosts.push(host)
+      hosts.push(host) unless host.nil? # only want to clear signed certs
     end
 
     hosts.each do |host|
@@ -278,9 +331,15 @@ class Rouster
   # ... runs puppet on self, returns nothing
   #
   # currently supports 2 methods of running puppet:
-  #  * master - runs '/sbin/service puppet once -t'
+  #  * master - runs 'puppet agent -t'
   #    * supported options
   #      * expected_exitcode - string/integer/array of acceptable exit code(s)
+  #      * configtimeout - string/integer of the acceptable configtimeout value
+  #      * environment - string of the environment to use
+  #      * certname - string of the certname to use in place of the host fqdn
+  #      * pluginsync - bool value if pluginsync should be used
+  #      * server - string value of the puppetmasters fqdn / ip
+  #      * additional_options - string of various options that would be passed to puppet
   #  * masterless - runs 'puppet apply <options>' after determining version of puppet running and adjusting arguments
   #    * supported options
   #      * expected_exitcode - string/integer/array of acceptable exit code(s)
@@ -288,6 +347,10 @@ class Rouster
   #      * manifest_file - string/array of strings of paths to manifest(s) to apply
   #      * manifest_dir - string/array of strings of directories containing manifest(s) to apply - is recursive
   #      * module_dir - path to module directory -- currently a required parameter, is this correct?
+  #      * environment - string of the environment to use (default: production)
+  #      * certname - string of the certname to use in place of the host fqdn (default: unused)
+  #      * pluginsync - bool value if pluginsync should be used (default: true)
+  #      * additional_options - string of various options that would be passed to puppet
   #
   # parameters
   # * [mode] - method to run puppet, defaults to 'master'
@@ -296,18 +359,36 @@ class Rouster
 
     if mode.eql?('master')
       opts = {
-        :expected_exitcode => 0
+        :expected_exitcode  => 0,
+        :configtimeout      => nil,
+        :environment        => nil,
+        :certname           => nil,
+        :server             => nil,
+        :pluginsync         => false,
+        :additional_options => nil
       }.merge!(passed_opts)
 
-      self.run('/sbin/service puppet once -t', opts[:expected_exitcode])
+      cmd = 'puppet agent -t'
+      cmd << sprintf(' --configtimeout %s', opts[:configtimeout]) unless opts[:configtimeout].nil?
+      cmd << sprintf(' --environment %s', opts[:environment]) unless opts[:environment].nil?
+      cmd << sprintf(' --certname %s', opts[:certname]) unless opts[:certname].nil?
+      cmd << sprintf(' --server %s', opts[:server]) unless opts[:server].nil?
+      cmd << ' --pluginsync' if opts[:pluginsync]
+      cmd << opts[:additional_options] unless opts[:additional_options].nil?
+
+      self.run(cmd, opts[:expected_exitcode])
 
     elsif mode.eql?('masterless')
       opts = {
-        :expected_exitcode => 2,
-        :hiera_config      => nil,
-        :manifest_file     => nil, # can be a string or array, will 'puppet apply' each
-        :manifest_dir      => nil, # can be a string or array, will 'puppet apply' each module in the dir (recursively)
-        :module_dir        => nil
+        :expected_exitcode  => 2,
+        :hiera_config       => nil,
+        :manifest_file      => nil, # can be a string or array, will 'puppet apply' each
+        :manifest_dir       => nil, # can be a string or array, will 'puppet apply' each module in the dir (recursively)
+        :module_dir         => nil,
+        :environment        => nil,
+        :certname           => nil,
+        :pluginsync         => false,
+        :additional_options => nil
       }.merge!(passed_opts)
 
       ## validate required arguments
@@ -321,8 +402,14 @@ class Rouster
         opts[:manifest_file].each do |file|
           raise InternalError.new(sprintf('invalid manifest file specified[%s]', file)) unless self.is_file?(file)
 
-          self.run(sprintf('puppet apply %s --modulepath=%s %s', (puppet_version > '3.0') ? "--hiera_config=#{opts[:hiera_config]}" : '', opts[:module_dir], file), opts[:expected_exitcode])
+          cmd = sprintf('puppet apply %s --modulepath=%s', (puppet_version > '3.0') ? "--hiera_config=#{opts[:hiera_config]}" : '', opts[:module_dir])
+          cmd << sprintf(' --environment %s', opts[:environment]) unless opts[:environment].nil?
+          cmd << sprintf(' --certname %s', opts[:certname]) unless opts[:certname].nil?
+          cmd << ' --pluginsync' if opts[:pluginsync]
+          cmd << opts[:additional_options] unless opts[:additional_options].nil?
+          cmd << sprintf(' %s', file)
 
+          self.run(cmd, opts[:expected_exitcode])
         end
       end
 
@@ -335,8 +422,14 @@ class Rouster
 
           manifests.each do |m|
 
-            self.run(sprintf('puppet apply %s --modulepath=%s %s', (puppet_version > '3.0') ? "--hiera_config=#{opts[:hiera_config]}" : '', opts[:module_dir], m), opts[:expected_exitcode])
+            cmd = sprintf('puppet apply %s --modulepath=%s', (puppet_version > '3.0') ? "--hiera_config=#{opts[:hiera_config]}" : '', opts[:module_dir])
+            cmd << sprintf(' --environment %s', opts[:environment]) unless opts[:environment].nil?
+            cmd << sprintf(' --certname %s', opts[:certname]) unless opts[:certname].nil?
+            cmd << ' --pluginsync' if opts[:pluginsync]
+            cmd << opts[:additional_options] unless opts[:additional_options].nil?
+            cmd << sprintf(' %s', m)
 
+            self.run(cmd, opts[:expected_exitcode])
           end
 
         end
@@ -349,4 +442,4 @@ class Rouster
 
   end
 
-end
+end

data/lib/rouster/testing.rb

@@ -5,6 +5,11 @@ require 'rouster/deltas'
 
 class Rouster
 
+  ##
+  # validate_cron
+  #
+  # TODO how do we actually want to implement this? since cron jobs don't have names, what does the user specify instead?
+
   ##
   # validate_file
   #
@@ -13,6 +18,7 @@ class Rouster
   # parameters
   # * <name> - full file name or relative (to ~vagrant)
   # * <expectations> - hash of expectations, see examples
+  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # '/sys/kernel/mm/redhat_transparent_hugepage/enabled', {
@@ -46,7 +52,7 @@ class Rouster
   #   * :owner
   #   * :group
   #   * :constrain
-  def validate_file(name, expectations, cache=false)
+  def validate_file(name, expectations, fail_fast=false, cache=false)
 
     if expectations[:ensure].nil? and expectations[:exists].nil? and expectations[:directory].nil? and expectations[:file?].nil?
       expectations[:ensure] = 'file'
@@ -56,7 +62,15 @@ class Rouster
       expectations[:constrain] = expectations[:constrain].class.eql?(Array) ? expectations[:constrain] : [expectations[:constrain]]
 
       expectations[:constrain].each do |constraint|
-        fact, expectation = constraint.split("\s")
+        valid = constraint.match(/^(\S+?)\s(.*)$/)
+
+        if valid.nil?
+          raise InternalError.new(sprintf('invalid constraint[%s] specified', constraint))
+        end
+
+        fact        = $1
+        expectation = $2
+
         unless meets_constraint?(fact, expectation)
           @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
@@ -156,11 +170,12 @@ class Rouster
             local = false
           end
         when :type
-          # noop
+          # noop allowing parse_catalog() output to be passed directly
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
+      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
@@ -177,6 +192,7 @@ class Rouster
   # paramaters
   # * <name> - group name
   # * <expectations> - hash of expectations, see examples
+  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # 'root', {
@@ -198,7 +214,7 @@ class Rouster
   #  * :gid
   #  * :user|:users (string or array)
   #  * :constrain
-  def validate_group(name, expectations)
+  def validate_group(name, expectations, fail_fast=false)
     groups = self.get_groups(true)
 
     if expectations[:ensure].nil? and expectations[:exists].nil?
@@ -235,25 +251,33 @@ class Rouster
             local = v.to_s.match(/absent|false/).nil? ? false : true
           end
         when :gid
-          local = v.to_s.eql?(groups[name][:gid].to_s)
+          if groups[name].is_a?(Hash) and groups[name].has_key?(:gid)
+            local = v.to_s.eql?(groups[name][:gid].to_s)
+          else
+            local = false
+          end
         when :user, :users
           v = v.class.eql?(Array) ? v : [v]
           v.each do |user|
-            local = groups[name][:users].member?(user)
+            if groups[name].is_a?(Hash) and groups[name].has_key?(:users)
+              local = groups[name][:users].member?(user)
+            else
+              local = false
+            end
             break unless local.true? # need to make the return value smarter if we want to store data on which user failed
           end
         when :type
-          # noop
+          # noop allowing parse_catalog() output to be passed directly
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
+      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
-    @log.info(results.pretty_print_inspect())
+    @log.info(results)
     results.find{|k,v| v.false? }.nil?
-
   end
 
   ##
@@ -264,6 +288,7 @@ class Rouster
   # parameters
   # * <name> - package name
   # * <expectations> - hash of expectations, see examples
+  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # 'perl-Net-SNMP', {
@@ -284,7 +309,7 @@ class Rouster
   #  * :exists|ensure
   #  * :version  (literal or basic comparison)
   #  * :constrain
-  def validate_package(name, expectations)
+  def validate_package(name, expectations, fail_fast=false)
     packages = self.get_packages(true)
 
     if expectations[:ensure].nil? and expectations[:exists].nil?
@@ -321,26 +346,123 @@ class Rouster
             local = v.to_s.match(/absent|false/).nil? ? false : true
           end
         when :version
-          if v.split("\s").size > 1
-            ## generic comparator functionality
-            comp, expectation = v.split("\s")
-            local = generic_comparator(packages[name], comp, expectation)
+          if packages.has_key?(name)
+            if v.split("\s").size > 1
+              ## generic comparator functionality
+              comp, expectation = v.split("\s")
+              local = generic_comparator(packages[name], comp, expectation)
+            else
+              local = ! v.to_s.match(/#{packages[name]}/).nil?
+            end
           else
-            local = ! v.to_s.match(/#{packages[name]}/).nil?
+            local = false
           end
         when :type
-          # noop
+          # noop allowing parse_catalog() output to be passed directly
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
+      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
     # TODO figure out a good way to allow access to the entire hash, not just boolean -- for now just print at an info level
     @log.info(results)
 
-    # TODO should we implement a fail fast method? at least an option
+    results.find{|k,v| v.false? }.nil?
+  end
+
+  # given a port nnumber and a hash of expectations, returns true|false whether port meets expectations
+  #
+  # parameters
+  # * <number> - port number
+  # * <expectations> - hash of expectations, see examples
+  #
+  # example expectations:
+  # '22', {
+  #   :ensure => 'active',
+  #   :protocol => 'tcp',
+  #   :address => '0.0.0.0'
+  # },
+  #
+  # '1234', {
+  #   :ensure => 'open',
+  #   :address => '*',
+  #   :constrain => 'is_virtual false'
+  # }
+  #
+  # supported keys:
+  #  * :exists|ensure|state
+  #  * :address
+  #  * :protocol|proto
+  #  * :constrain
+  def validate_port(number, expectations, fail_fast=false)
+    number = number.to_s
+    ports  = self.get_ports(true)
+
+    if expectations[:ensure].nil? and expectations[:exists].nil? and expectations[:state].nil?
+      expectations[:ensure] = 'present'
+    end
+
+    if expectations[:protocol].nil? and expectations[:proto].nil?
+      expectations[:protocol] = 'tcp'
+    elsif ! expectations[:proto].nil?
+      expectations[:protocol] = expectations[:proto]
+    end
+
+    if expectations.has_key?(:constrain)
+      expectations[:constrain] = expectations[:constrain].class.eql?(Array) ? expectations[:constrain] : [expectations[:constrain]]
+
+      expectations[:constrain].each do |constraint|
+        fact, expectation = constraint.split("\s")
+        unless meets_constraint?(fact, expectation)
+          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          return true
+        end
+      end
+
+      expectations.delete(:constrain)
+    end
+
+    results = Hash.new()
+    local = nil
+
+    expectations.each do |k,v|
+      case k
+        when :ensure, :exists, :state
+          if v.to_s.match(/absent|false|open/)
+            local = ports[expectations[:protocol]][number].nil?
+          else
+            local = ! ports[expectations[:protocol]][number].nil?
+          end
+        when :protocol, :proto
+          # TODO rewrite this in a less hacky way
+          if expectations[:ensure].to_s.match(/absent|false|open/) or expectations[:exists].to_s.match(/absent|false|open/) or expectations[:state].to_s.match(/absent|false|open/)
+            local = true
+          else
+            local = ports[v].has_key?(number)
+          end
+
+        when :address
+          lr = Array.new
+          addresses = ports[expectations[:protocol]][number][:address]
+          addresses.each_key do |address|
+            lr.push(address.eql?(v.to_s))
+          end
+
+          local = ! lr.find{|e| e.true? }.nil? # this feels jankity
+
+        else
+          raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
+      end
+
+      return false if local.eql?(false) and fail_fast.eql?(true)
+      results[k] = local
+    end
+
+    @log.info(results)
+
     results.find{|k,v| v.false? }.nil?
   end
 
@@ -352,6 +474,7 @@ class Rouster
   # parameters
   # * <name> - service name
   # * <expectations> - hash of expectations, see examples
+  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # 'ntp', {
@@ -367,7 +490,7 @@ class Rouster
   #  * :exists|:ensure
   #  * :state,:status
   #  * :constrain
-  def validate_service(name, expectations)
+  def validate_service(name, expectations, fail_fast=false)
     services = self.get_services(true)
 
     if expectations[:ensure].nil? and expectations[:exists].nil?
@@ -404,17 +527,22 @@ class Rouster
             local = v.to_s.match(/absent|false/).nil? ? false : true
           end
         when :state, :status
-          local = ! v.match(/#{services[name]}/).nil?
+          if services.has_key?(name)
+            local = ! v.match(/#{services[name]}/).nil?
+          else
+            local = false
+          end
         when :type
-          # noop
+          # noop allowing parse_catalog() output to be passed directly
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
+      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
-    @log.info(results.pretty_print_inspect())
+    @log.info(results)
     results.find{|k,v| v.false? }.nil?
 
   end
@@ -427,6 +555,7 @@ class Rouster
   # parameters
   # * <name> - user name
   # * <expectations> - hash of expectations, see examples
+  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # 'root' => {
@@ -452,7 +581,7 @@ class Rouster
   #  * :uid
   #  * :gid
   #  * :constrain
-  def validate_user(name, expectations)
+  def validate_user(name, expectations, fail_fast=false)
     users = self.get_users(true)
 
     if expectations[:ensure].nil? and expectations[:exists].nil?
@@ -495,25 +624,46 @@ class Rouster
             break unless local.true?
           end
         when :gid
-          local = v.to_i.eql?(users[name][:gid].to_i)
+          if users[name].is_a?(Hash) and users[name].has_key?(:gid)
+            local = v.to_i.eql?(users[name][:gid].to_i)
+          else
+            local = false
+          end
         when :home
-          local = ! v.match(/#{users[name][:home]}/).nil?
+          if users[name].is_a?(Hash) and users[name].has_key?(:home)
+            local = ! v.match(/#{users[name][:home]}/).nil?
+          else
+            local = false
+          end
         when :home_exists
-          local = ! v.to_s.match(/#{users[name][:home_exists].to_s}/).nil?
+          if users[name].is_a?(Hash) and users[name].has_key?(:home_exists)
+            local = ! v.to_s.match(/#{users[name][:home_exists].to_s}/).nil?
+          else
+            local = false
+          end
         when :shell
-          local = ! v.match(/#{users[name][:shell]}/).nil?
+          if users[name].is_a?(Hash) and users[name].has_key?(:shell)
+            local = ! v.match(/#{users[name][:shell]}/).nil?
+          else
+            local = false
+          end
         when :uid
-          local = v.to_i.eql?(users[name][:uid].to_i)
+          if users[name].is_a?(Hash) and users[name].has_key?(:uid)
+            local = v.to_i.eql?(users[name][:uid].to_i)
+          else
+            local = false
+          end
         when :type
-          # noop
+          # noop allowing parse_catalog() output to be passed directly
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
+      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
-    @log.info(results.pretty_print_inspect())
+    @log.info(results)
     results.find{|k,v| v.false? }.nil?
 
   end
@@ -528,32 +678,41 @@ class Rouster
   # gets facts from node, and if fact expectation regex matches actual fact, returns true
   #
   # parameters
-  # * <fact> - fact
-  # * <expectation>
-  # * [cache]
-  def meets_constraint?(fact, expectation, cache=true)
+  # * <key>         - fact/hiera key to look up (actual value)
+  # * <expectation> -
+  # * [cache]       - boolean controlling whether facter lookups are cached
+  def meets_constraint?(key, expectation, cache=true)
 
-    unless self.respond_to?('facter')
-      # if we haven't loaded puppet.rb, we won't have access to facts
+    expectation = expectation.to_s
+
+    unless self.respond_to?('facter') or self.respond_to?('hiera')
+      # if we haven't loaded puppet.rb, we won't have access to facts/hiera lookups
       @log.warn('using constraints without loading [rouster/puppet] will not work, forcing no-op')
       return false
     end
 
-    expectation = expectation.to_s
-    facts = self.facter(cache)
+    facts  = self.facter(cache)
+    actual = nil
+
+    if facts[key]
+      actual = facts[key]
+    else
+      # value is not a fact, lets try to find it in hiera
+      # TODO how to handle the fact that this will really only work on the puppetmaster
+      actual = self.hiera(key, facts)
+    end
 
     res = nil
+
     if expectation.split("\s").size > 1
       ## generic comparator functionality
       comp, expectation = expectation.split("\s")
-
-      res = generic_comparator(facts[fact], comp, expectation)
-
+      res = generic_comparator(actual, comp, expectation)
     else
-      res = ! expectation.match(/#{facts[fact]}/).nil?
-      @log.debug(sprintf('meets_constraint?(%s, %s): %s', fact, expectation, res.nil?))
+      res = ! actual.to_s.match(/#{expectation}/).nil?
     end
 
+    @log.debug(sprintf('meets_constraint?(%s, %s): %s', key, expectation, res.nil?))
     res
   end
 
@@ -571,6 +730,7 @@ class Rouster
   def generic_comparator(comparand1, comparator, comparand2)
 
     # TODO rewrite this as an eval so we don't have to support everything..
+    # TODO come up with mechanism to determine when is it appropriate to call .to_i vs. otherwise -- comparisons will mainly be numerical (?), but need to support text matching too
     case comparator
       when '!='
         # ugh