rouster 0.5 → 0.7

data/lib/rouster/puppet.rb

@@ -5,8 +5,6 @@ require 'net/https'
 require 'socket'
 require 'uri'
 
-# TODO use @cache_timeout to invalidate data cached here
-
 class Rouster
 
   ##
@@ -18,8 +16,17 @@ class Rouster
   # * [cache] - whether to store/return cached facter data, if available
   # * [custom_facts] - whether to include custom facts in return (uses -p argument)
   def facter(cache=true, custom_facts=true)
+
     if cache.true? and ! self.facts.nil?
-      return self.facts
+
+      if self.cache_timeout and self.cache_timeout.is_a?(Integer) and (Time.now.to_i - self.cache[:facter]) > self.cache_timeout
+        @logger.debug(sprintf('invalidating [facter] cache, was [%s] old, allowed [%s]', (Time.now.to_i - self.cache[:facter]), self.cache_timeout))
+        self.facts = nil
+      else
+        @logger.debug(sprintf('using cached [facter] from [%s]', self.cache[:facter]))
+        return self.facts
+      end
+
     end
 
     raw  = self.run(sprintf('facter %s', custom_facts.true? ? '-p' : ''))
@@ -31,12 +38,35 @@ class Rouster
     end
 
     if cache.true?
+      @logger.debug(sprintf('caching [facter] at [%s]', Time.now.asctime))
       self.facts = res
+      self.cache[:facter] = Time.now.to_i
     end
 
     res
   end
 
+  ##
+  # did_exec_fire?
+  #
+  # given the name of an Exec resource, parse the output from the most recent puppet run
+  # and return true/false based on whether the exec in question was fired
+  def did_exec_fire?(resource_name, puppet_run = self.last_puppet_run)
+    # Notice: /Stage[main]//Exec[foo]/returns: executed successfully
+    # Error: /Stage[main]//Exec[bar]/returns: change from notrun to 0 failed: Could not find command '/bin/bar'
+    matchers = [
+      'Notice: /Stage\[.*\]//Exec\[%s\]/returns: executed successfully',
+      'Error: /Stage\[.*\]//Exec\[%s\]/returns: change from notrun to 0 failed'
+    ]
+
+    matchers.each do |m|
+      matcher = sprintf(m, resource_name)
+      return true if puppet_run.match(matcher)
+    end
+
+    false
+  end
+
   ##
   # get_catalog
   #
@@ -84,8 +114,17 @@ class Rouster
   # parameters
   # * [input] - string to look at, defaults to self.get_output()
   def get_puppet_errors(input=nil)
-    str    = input.nil? ? self.get_output() : input
-    errors = str.scan(/35merr:.*/)
+    str       = input.nil? ? self.get_output() : input
+    errors    = nil
+    errors_27 = str.scan(/35merr:.*/)
+    errors_30 = str.scan(/Error:.*/)
+
+    # TODO this is a little less than efficient, don't scan for 3.0 if you found 2.7
+    if errors_27.size > 0
+      errors = errors_27
+    else
+      errors = errors_30
+    end
 
     errors.empty? ? nil : errors
   end
@@ -98,8 +137,17 @@ class Rouster
   # parameters
   # * [input] - string to look at, defaults to self.get_output()
   def get_puppet_notices(input=nil)
-    str     = input.nil? ? self.get_output() : input
-    notices = str.scan(/36mnotice:.*/)
+    str        = input.nil? ? self.get_output() : input
+    notices    = nil
+    notices_27 = str.scan(/36mnotice:.*/) # not sure when this stopped working
+    notices_30 = str.scan(/Notice:.*/)
+
+    # TODO this is a little less than efficient, don't scan for 3.0 if you found 2.7
+    if notices_27.size > 0
+      notices = notices_27
+    else
+      notices = notices_30
+    end
 
     notices.empty? ? nil : notices
   end
@@ -128,16 +176,41 @@ class Rouster
   # returns hiera results from self
   #
   # parameters
-  # * <key> - hiera key to look up
-  # * [config] - path to hiera configuration -- this is only optional if you have a hiera.yaml file in ~/vagrant
-  def hiera(key, config=nil, options=nil)
+  # * <key>     - hiera key to look up
+  # * [facts]   - hash of facts to be used in hiera lookup (technically optional, but most useful hiera lookups are based on facts)
+  # * [config]  - path to hiera configuration -- this is only optional if you have a hiera.yaml file in ~/vagrant, default option is correct for most puppet installations
+  # * [options] - any additional parameters to be passed to hiera directly
+  #
+  # note
+  # * if no facts are provided, facter() will be called - to really run hiera without facts, send an empty hash
+  # * this method is mostly useful on your puppet master, as your agents won't likely have /etc/puppet/hiera.yaml - to get data on another node, specify it's facts and call hiera on your ppm
+  def hiera(key, facts=nil, config='/etc/puppet/hiera.yaml', options=nil)
+    # TODO implement caching? where do we keep it? self.hiera{}? or self.deltas{} -- leaning towards #1
 
     cmd = 'hiera'
+
+    if facts.nil?
+      @logger.info('no facts provided, calling facter() automatically')
+      facts = self.facter()
+    end
+
+    if facts.keys.size > 0
+      scope_file = sprintf('/tmp/rouster-hiera_scope.%s.%s.json', $$, Time.now.to_i)
+
+      File.write(scope_file, facts.to_json)
+      self.put(scope_file, scope_file)
+      File.delete(scope_file)
+
+      cmd << sprintf(' -j %s', scope_file)
+    end
+
     cmd << sprintf(' -c %s', config) unless config.nil?
     cmd << sprintf(' %s', options) unless options.nil?
     cmd << sprintf(' %s', key)
 
-    self.run(cmd)
+    raw = self.run(cmd)
+
+    JSON.parse(raw)
   end
 
   ##
@@ -245,13 +318,14 @@ class Rouster
       end
     end
 
-
     results[:classes]   = classes
     results[:resources] = resources
 
     results
   end
 
+  # TODO: come up with better method names here.. remove_existing_certs() and remove_specific_cert() are not very descriptive
+
   ##
   # remove_existing_certs
   #
@@ -260,13 +334,23 @@ class Rouster
   #
   # parameters
   # * <puppetmaster> - string/partial regex of certificate names to keep
-  def remove_existing_certs (puppetmaster)
-    hosts = Array.new()
+  def remove_existing_certs (except)
+    except = except.kind_of?(Array) ? except : [except] # need to move from <>.class.eql? to <>.kind_of? in a number of places
+    hosts  = Array.new()
 
     res = self.run('puppet cert list --all')
 
+    # TODO refactor this away from the hacky_break
     res.each_line do |line|
-      next if line.match(/#{puppetmaster}/)
+      hacky_break = false
+
+      except.each do |exception|
+        next if hacky_break
+        hacky_break = line.match(/#{exception}/)
+      end
+
+      next if hacky_break
+
       host = $1 if line.match(/^\+\s"(.*?)"/)
 
       hosts.push(host) unless host.nil? # only want to clear signed certs
@@ -278,6 +362,38 @@ class Rouster
 
   end
 
+  ##
+  # remove_specific_cert
+  #
+  # ... removes a specific (or several specific) certificates, effectively the reverse of remove_existing_certs() - and again, really only useful when called on a puppet master
+  def remove_specific_cert (targets)
+    targets = targets.kind_of?(Array) ? targets : [targets]
+    hosts = Array.new()
+
+    res = self.run('puppet cert list --all')
+
+    res.each_line do |line|
+      hacky_break = true
+
+      targets.each do |target|
+        next unless hacky_break
+        hacky_break = line.match(/#{target}/)
+      end
+
+      next unless hacky_break
+
+      host = $1 if line.match(/^\+\s"(.*?)"/)
+      hosts.push(host) unless host.nil?
+
+    end
+
+    hosts.each do |host|
+      self.run(sprintf('puppet cert --clean %s', host))
+    end
+
+  end
+
+
   ##
   # run_puppet
   #
@@ -308,7 +424,7 @@ class Rouster
   # parameters
   # * [mode] - method to run puppet, defaults to 'master'
   # * [opts] - hash of additional options
-  def run_puppet(mode='master', passed_opts=nil)
+  def run_puppet(mode='master', passed_opts={})
 
     if mode.eql?('master')
       opts = {
@@ -344,25 +460,36 @@ class Rouster
         :additional_options => nil
       }.merge!(passed_opts)
 
-      ## validate required arguments
-      raise InternalError.new(sprintf('invalid hiera config specified[%s]', opts[:hiera_config])) unless self.is_file?(opts[:hiera_config])
-      raise InternalError.new(sprintf('invalid module dir specified[%s]', opts[:module_dir])) unless self.is_dir?(opts[:module_dir])
+      ## validate arguments -- can do better here (:manifest_dir, :manifest_file)
+      puppet_version = self.get_puppet_version() # hiera_config specification is only supported in >3.0, but NOT required anywhere
 
-      puppet_version = self.get_puppet_version() # hiera_config specification is only supported in >3.0
+      if opts[:hiera_config]
+        if puppet_version > '3.0'
+          raise InternalError.new(sprintf('invalid hiera config specified[%s]', opts[:hiera_config])) unless self.is_file?(opts[:hiera_config])
+        else
+          @logger.error(sprintf('puppet version[%s] does not support --hiera_config, ignoring', puppet_version))
+        end
+      end
+
+      if opts[:module_dir]
+        raise InternalError.new(sprintf('invalid module dir specified[%s]', opts[:module_dir])) unless self.is_dir?(opts[:module_dir])
+      end
 
       if opts[:manifest_file]
         opts[:manifest_file] = opts[:manifest_file].class.eql?(Array) ? opts[:manifest_file] : [opts[:manifest_file]]
         opts[:manifest_file].each do |file|
           raise InternalError.new(sprintf('invalid manifest file specified[%s]', file)) unless self.is_file?(file)
 
-          cmd = sprintf('puppet apply %s --modulepath=%s', (puppet_version > '3.0') ? "--hiera_config=#{opts[:hiera_config]}" : '', opts[:module_dir])
+          cmd = 'puppet apply --detailed-exitcodes'
+          cmd << sprintf(' --modulepath=%s', opts[:module_dir]) unless opts[:module_dir].nil?
+          cmd << sprintf(' --hiera_config=%s', opts[:hiera_config]) unless opts[:hiera_config].nil? or puppet_version < '3.0'
           cmd << sprintf(' --environment %s', opts[:environment]) unless opts[:environment].nil?
           cmd << sprintf(' --certname %s', opts[:certname]) unless opts[:certname].nil?
           cmd << ' --pluginsync' if opts[:pluginsync]
-          cmd << opts[:additional_options] unless opts[:additional_options].nil?
+          cmd << sprintf(' %s', opts[:additional_options]) unless opts[:additional_options].nil?
           cmd << sprintf(' %s', file)
 
-          self.run(cmd, opts[:expected_exitcode])
+          self.last_puppet_run = self.run(cmd, opts[:expected_exitcode])
         end
       end
 
@@ -375,14 +502,16 @@ class Rouster
 
           manifests.each do |m|
 
-            cmd = sprintf('puppet apply %s --modulepath=%s', (puppet_version > '3.0') ? "--hiera_config=#{opts[:hiera_config]}" : '', opts[:module_dir])
+            cmd = 'puppet apply --detailed-exitcodes'
+            cmd << sprintf(' --modulepath=%s', opts[:module_dir]) unless opts[:module_dir].nil?
+            cmd << sprintf(' --hiera_config=%s', opts[:hiera_config]) unless opts[:hiera_config].nil? or puppet_version < '3.0'
             cmd << sprintf(' --environment %s', opts[:environment]) unless opts[:environment].nil?
             cmd << sprintf(' --certname %s', opts[:certname]) unless opts[:certname].nil?
             cmd << ' --pluginsync' if opts[:pluginsync]
-            cmd << opts[:additional_options] unless opts[:additional_options].nil?
+            cmd << sprintf(' %s', opts[:additional_options]) unless opts[:additional_options].nil?
             cmd << sprintf(' %s', m)
 
-            self.run(cmd, opts[:expected_exitcode])
+            self.last_puppet_run = self.run(cmd, opts[:expected_exitcode])
           end
 
         end

data/lib/rouster/testing.rb

@@ -5,6 +5,103 @@ require 'rouster/deltas'
 
 class Rouster
 
+  ##
+  # validate_cron
+  #
+  # given the name of the user who owns crontab, the cron's command to execute and a hash of expectations, returns true|false whether cron matches expectations
+  #
+  # parameters
+  # * <user> - name of user who owns crontab
+  # * <name> - the cron's command to execute
+  # * <expectations> - hash of expectations, see examples
+  # * <fail_fast> - return false immediately on any failure (default is false)
+  #
+  # example expectations:
+  # 'username',
+  # '/home/username/test.pl', {
+  #    :ensure => 'present',
+  #    :minute => 1,
+  #    :hour   => 0,
+  #    :dom    => '*',
+  #    :mon    => '*',
+  #    :dow    => '*',
+  # }
+  #
+  # 'root',
+  # 'printf > /var/log/apache/error_log', {
+  #    :minute => 59,
+  #    :hour   => [8, 12],
+  #    :dom    => '*',
+  #    :mon    => '*',
+  #    :dow    => '*',
+  # }
+  #
+  # supported keys:
+  #   * :exists|:ensure -- defaults to present if not specified
+  #   * :minute
+  #   * :hour
+  #   * :dom -- day of month
+  #   * :mon -- month
+  #   * :dow  -- day of week
+  #   * :constrain
+  def validate_cron(user, name, expectations, fail_fast=false)
+    if user.nil?
+      raise InternalError.new('no user specified constraint')
+    end
+
+    crontabs = self.get_crontab(user)
+
+    if expectations[:ensure].nil? and expectations[:exists].nil?
+      expectations[:ensure] = 'present'
+    end
+
+    if expectations.has_key?(:constrain)
+      expectations[:constrain] = expectations[:constrain].class.eql?(Array) ? expectations[:constrain] : [expectations[:constrain]]
+
+      expectations[:constrain].each do |constraint|
+        fact, expectation = constraint.split("\s")
+        unless meets_constraint?(fact, expectation)
+          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          return true
+        end
+      end
+
+      expectations.delete(:constrain)
+    end
+
+    results = Hash.new()
+    local = nil
+
+    expectations.each do |k,v|
+      case k
+        when :ensure, :exists
+          if crontabs.has_key?(name)
+            if v.to_s.match(/absent|false/).nil?
+              local = true
+            else
+              local = false
+            end
+          else
+            local = v.to_s.match(/absent|false/).nil? ? false : true
+          end
+        when :minute, :hour, :dom, :mon, :dow
+          if crontabs.has_key?(name) and crontabs[name].has_key?(k) and crontabs[name][k].to_s.eql?(v.to_s)
+            local = true
+          else
+            local = false
+          end
+        else
+          raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
+      end
+
+      return false if local.eql?(false) and fail_fast.eql?(true)
+      results[k] = local
+    end
+
+    @logger.info("#{name} [#{expectations}] => #{results}")
+    results.find{|k,v| v.false? }.nil?
+  end
+
   ##
   # validate_file
   #
@@ -57,9 +154,17 @@ class Rouster
       expectations[:constrain] = expectations[:constrain].class.eql?(Array) ? expectations[:constrain] : [expectations[:constrain]]
 
       expectations[:constrain].each do |constraint|
-        fact, expectation = constraint.split("\s")
+        valid = constraint.match(/^(\S+?)\s(.*)$/)
+
+        if valid.nil?
+          raise InternalError.new(sprintf('invalid constraint[%s] specified', constraint))
+        end
+
+        fact        = $1
+        expectation = $2
+
         unless meets_constraint?(fact, expectation)
-          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -79,6 +184,14 @@ class Rouster
             local = true
           elsif properties.nil?
             local = false
+          elsif v.to_s.match(/symlink|link/)
+            if expectations[:target].nil?
+              # don't validate the link path, just check whether we're a link
+              local = properties[:symlink?]
+            else
+              # validate the link path
+              local = properties[:target].eql?(expectations[:target])
+            end
           else
             case v
               when 'dir', 'directory'
@@ -121,10 +234,22 @@ class Rouster
             local = true
             begin
               self.run(sprintf("grep -c '%s' %s", regex, name))
-            rescue
+            rescue => e
               local = false
             end
-            next if local.false?
+            break if local.false?
+          end
+        when :notcontains, :doesntcontain # TODO determine the appropriate attribute title here
+          v = v.class.eql?(Array) ? v : [v]
+          v.each do |regex|
+            local = true
+            begin
+              self.run(sprintf("grep -c '%s' %s", regex, name))
+              local = false
+            rescue => e
+              local = true
+            end
+            break if local.false?
           end
         when :mode, :permissions
           if properties.nil?
@@ -158,6 +283,8 @@ class Rouster
           end
         when :type
           # noop allowing parse_catalog() output to be passed directly
+        when :target
+          # noop allowing ensure => 'link' / 'symlink' to specify their .. target
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
@@ -166,9 +293,8 @@ class Rouster
       results[k] = local
     end
 
-    @log.info(results)
+    @logger.info("#{name} [#{expectations}] => #{results}")
     results.find{|k,v| v.false? }.nil?
-
   end
 
   ##
@@ -214,7 +340,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -263,7 +389,7 @@ class Rouster
       results[k] = local
     end
 
-    @log.info(results)
+    @logger.info("#{name} [#{expectations}] => #{results}")
     results.find{|k,v| v.false? }.nil?
   end
 
@@ -309,7 +435,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -333,17 +459,39 @@ class Rouster
             local = v.to_s.match(/absent|false/).nil? ? false : true
           end
         when :version
+          # TODO support determination based on multiple versions of the same package installed (?)
           if packages.has_key?(name)
-            if v.split("\s").size > 1
-              ## generic comparator functionality
-              comp, expectation = v.split("\s")
-              local = generic_comparator(packages[name], comp, expectation)
-            else
-              local = ! v.to_s.match(/#{packages[name]}/).nil?
+
+            lps = packages[name].is_a?(Array) ? packages[name] : [ packages[name] ]
+
+            lps.each do |lp|
+              if v.split("\s").size > 1
+                ## generic comparator functionality
+                comp, expectation = v.split("\s")
+                local = generic_comparator(lp[:version], comp, expectation)
+                break unless local.eql?(true)
+              else
+                local = ! v.to_s.match(/#{lp[:version]}/).nil?
+                break unless local.eql?(true)
+              end
             end
           else
             local = false
           end
+        when :arch, :architecture
+          if packages.has_key?(name)
+            archs = []
+            lps   = packages[name].is_a?(Array) ? packages[name] : [ packages[name] ]
+            lps.each { |p| archs << p[:arch] }
+            if v.is_a?(Array)
+              v.each do |arch|
+                local = archs.member?(arch)
+                break unless local.eql?(true) # fail fast - if we are looking for an arch that DNE, bail out
+              end
+            else
+              local = archs.member?(v)
+            end
+          end
         when :type
           # noop allowing parse_catalog() output to be passed directly
         else
@@ -355,8 +503,8 @@ class Rouster
     end
 
     # TODO figure out a good way to allow access to the entire hash, not just boolean -- for now just print at an info level
-    @log.info(results)
 
+    @logger.info("#{name} [#{expectations}] => #{results}")
     results.find{|k,v| v.false? }.nil?
   end
 
@@ -404,7 +552,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -433,13 +581,17 @@ class Rouster
 
         when :address
           lr = Array.new
-          addresses = ports[expectations[:protocol]][number][:address]
-          addresses.each_key do |address|
-            lr.push(address.eql?(v.to_s))
-          end
-
-          local = ! lr.find{|e| e.true? }.nil? # this feels jankity
+          if ports[expectations[:protocol]][number]
+            addresses = ports[expectations[:protocol]][number][:address]
+            addresses.each_key do |address|
+              lr.push(address.eql?(v.to_s))
+            end
 
+            local = ! lr.find{|e| e.true? }.nil? # this feels jankity
+          else
+            # this port isn't open in the first place, won't match any addresses we expect to see it on
+            local = false
+          end
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
@@ -448,8 +600,7 @@ class Rouster
       results[k] = local
     end
 
-    @log.info(results)
-
+    @logger.info("#{name} [#{expectations}] => #{results}")
     results.find{|k,v| v.false? }.nil?
   end
 
@@ -490,7 +641,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -529,9 +680,8 @@ class Rouster
       results[k] = local
     end
 
-    @log.info(results)
+    @logger.info("#{name} [#{expectations}] => #{results}")
     results.find{|k,v| v.false? }.nil?
-
   end
 
   ##
@@ -581,7 +731,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -650,9 +800,8 @@ class Rouster
       results[k] = local
     end
 
-    @log.info(results)
+    @logger.info("#{name} [#{expectations}] => #{results}")
     results.find{|k,v| v.false? }.nil?
-
   end
 
   ## internal methods
@@ -665,32 +814,41 @@ class Rouster
   # gets facts from node, and if fact expectation regex matches actual fact, returns true
   #
   # parameters
-  # * <fact> - fact
-  # * <expectation>
-  # * [cache]
-  def meets_constraint?(fact, expectation, cache=true)
-
-    unless self.respond_to?('facter')
-      # if we haven't loaded puppet.rb, we won't have access to facts
-      @log.warn('using constraints without loading [rouster/puppet] will not work, forcing no-op')
+  # * <key>         - fact/hiera key to look up (actual value)
+  # * <expectation> -
+  # * [cache]       - boolean controlling whether facter lookups are cached
+  def meets_constraint?(key, expectation, cache=true)
+
+    expectation = expectation.to_s
+
+    unless self.respond_to?('facter') or self.respond_to?('hiera')
+      # if we haven't loaded puppet.rb, we won't have access to facts/hiera lookups
+      @logger.warn('using constraints without loading [rouster/puppet] will not work, forcing no-op')
       return false
     end
 
-    expectation = expectation.to_s
-    facts = self.facter(cache)
+    facts  = self.facter(cache)
+    actual = nil
+
+    if facts[key]
+      actual = facts[key]
+    else
+      # value is not a fact, lets try to find it in hiera
+      # TODO how to handle the fact that this will really only work on the puppetmaster
+      actual = self.hiera(key, facts)
+    end
 
     res = nil
+
     if expectation.split("\s").size > 1
       ## generic comparator functionality
       comp, expectation = expectation.split("\s")
-
-      res = generic_comparator(facts[fact], comp, expectation)
-
+      res = generic_comparator(actual, comp, expectation)
     else
-      res = ! expectation.match(/#{facts[fact]}/).nil?
-      @log.debug(sprintf('meets_constraint?(%s, %s): %s', fact, expectation, res.nil?))
+      res = ! actual.to_s.match(/#{expectation}/).nil?
     end
 
+    @logger.debug(sprintf('meets_constraint?(%s, %s): %s', key, expectation, res.nil?))
     res
   end
 
@@ -708,6 +866,7 @@ class Rouster
   def generic_comparator(comparand1, comparator, comparand2)
 
     # TODO rewrite this as an eval so we don't have to support everything..
+    # TODO come up with mechanism to determine when is it appropriate to call .to_i vs. otherwise -- comparisons will mainly be numerical (?), but need to support text matching too
     case comparator
       when '!='
         # ugh