rouster 0.7 → 0.41

data/lib/rouster/puppet.rb

@@ -5,6 +5,8 @@ require 'net/https'
 require 'socket'
 require 'uri'
 
+# TODO use @cache_timeout to invalidate data cached here
+
 class Rouster
 
   ##
@@ -16,17 +18,8 @@ class Rouster
   # * [cache] - whether to store/return cached facter data, if available
   # * [custom_facts] - whether to include custom facts in return (uses -p argument)
   def facter(cache=true, custom_facts=true)
-
     if cache.true? and ! self.facts.nil?
-
-      if self.cache_timeout and self.cache_timeout.is_a?(Integer) and (Time.now.to_i - self.cache[:facter]) > self.cache_timeout
-        @logger.debug(sprintf('invalidating [facter] cache, was [%s] old, allowed [%s]', (Time.now.to_i - self.cache[:facter]), self.cache_timeout))
-        self.facts = nil
-      else
-        @logger.debug(sprintf('using cached [facter] from [%s]', self.cache[:facter]))
-        return self.facts
-      end
-
+      return self.facts
     end
 
     raw  = self.run(sprintf('facter %s', custom_facts.true? ? '-p' : ''))
@@ -38,35 +31,12 @@ class Rouster
     end
 
     if cache.true?
-      @logger.debug(sprintf('caching [facter] at [%s]', Time.now.asctime))
       self.facts = res
-      self.cache[:facter] = Time.now.to_i
     end
 
     res
   end
 
-  ##
-  # did_exec_fire?
-  #
-  # given the name of an Exec resource, parse the output from the most recent puppet run
-  # and return true/false based on whether the exec in question was fired
-  def did_exec_fire?(resource_name, puppet_run = self.last_puppet_run)
-    # Notice: /Stage[main]//Exec[foo]/returns: executed successfully
-    # Error: /Stage[main]//Exec[bar]/returns: change from notrun to 0 failed: Could not find command '/bin/bar'
-    matchers = [
-      'Notice: /Stage\[.*\]//Exec\[%s\]/returns: executed successfully',
-      'Error: /Stage\[.*\]//Exec\[%s\]/returns: change from notrun to 0 failed'
-    ]
-
-    matchers.each do |m|
-      matcher = sprintf(m, resource_name)
-      return true if puppet_run.match(matcher)
-    end
-
-    false
-  end
-
   ##
   # get_catalog
   #
@@ -83,11 +53,7 @@ class Rouster
     # post https://<puppetmaster>/catalog/<node>?facts_format=pson&facts=<pson URL encoded> == ht to patrick@puppetlabs
     certname     = hostname.nil? ? self.run('hostname --fqdn').chomp : hostname
     puppetmaster = puppetmaster.nil? ? 'puppet' : puppetmaster
-    facts        = facts.nil? ? self.facter() : facts
-
-    %w(fqdn hostname operatingsystem operatingsystemrelease osfamily rubyversion).each do |required|
-      raise ArgumentError.new(sprintf('missing required fact[%s]', required)) unless facts.has_key?(required)
-    end
+    facts        = facts.nil? ? self.facter() : facts # TODO check for presence of certain 'required' facts/datatype?
 
     raise InternalError.new('need to finish conversion of facts to PSON')
     facts.to_pson # this does not work, but needs to
@@ -114,17 +80,8 @@ class Rouster
   # parameters
   # * [input] - string to look at, defaults to self.get_output()
   def get_puppet_errors(input=nil)
-    str       = input.nil? ? self.get_output() : input
-    errors    = nil
-    errors_27 = str.scan(/35merr:.*/)
-    errors_30 = str.scan(/Error:.*/)
-
-    # TODO this is a little less than efficient, don't scan for 3.0 if you found 2.7
-    if errors_27.size > 0
-      errors = errors_27
-    else
-      errors = errors_30
-    end
+    str    = input.nil? ? self.get_output() : input
+    errors = str.scan(/35merr:.*/)
 
     errors.empty? ? nil : errors
   end
@@ -137,17 +94,8 @@ class Rouster
   # parameters
   # * [input] - string to look at, defaults to self.get_output()
   def get_puppet_notices(input=nil)
-    str        = input.nil? ? self.get_output() : input
-    notices    = nil
-    notices_27 = str.scan(/36mnotice:.*/) # not sure when this stopped working
-    notices_30 = str.scan(/Notice:.*/)
-
-    # TODO this is a little less than efficient, don't scan for 3.0 if you found 2.7
-    if notices_27.size > 0
-      notices = notices_27
-    else
-      notices = notices_30
-    end
+    str     = input.nil? ? self.get_output() : input
+    notices = str.scan(/36mnotice:.*/)
 
     notices.empty? ? nil : notices
   end
@@ -176,41 +124,13 @@ class Rouster
   # returns hiera results from self
   #
   # parameters
-  # * <key>     - hiera key to look up
-  # * [facts]   - hash of facts to be used in hiera lookup (technically optional, but most useful hiera lookups are based on facts)
-  # * [config]  - path to hiera configuration -- this is only optional if you have a hiera.yaml file in ~/vagrant, default option is correct for most puppet installations
-  # * [options] - any additional parameters to be passed to hiera directly
-  #
-  # note
-  # * if no facts are provided, facter() will be called - to really run hiera without facts, send an empty hash
-  # * this method is mostly useful on your puppet master, as your agents won't likely have /etc/puppet/hiera.yaml - to get data on another node, specify it's facts and call hiera on your ppm
-  def hiera(key, facts=nil, config='/etc/puppet/hiera.yaml', options=nil)
-    # TODO implement caching? where do we keep it? self.hiera{}? or self.deltas{} -- leaning towards #1
-
-    cmd = 'hiera'
+  # * <key> - hiera key to look up
+  # * [config] - path to hiera configuration -- this is only optional if you have a hiera.yaml file in ~/vagrant
+  def hiera(key, config=nil)
 
-    if facts.nil?
-      @logger.info('no facts provided, calling facter() automatically')
-      facts = self.facter()
-    end
-
-    if facts.keys.size > 0
-      scope_file = sprintf('/tmp/rouster-hiera_scope.%s.%s.json', $$, Time.now.to_i)
+    # TODO implement this
+    raise NotImplementedError.new()
 
-      File.write(scope_file, facts.to_json)
-      self.put(scope_file, scope_file)
-      File.delete(scope_file)
-
-      cmd << sprintf(' -j %s', scope_file)
-    end
-
-    cmd << sprintf(' -c %s', config) unless config.nil?
-    cmd << sprintf(' %s', options) unless options.nil?
-    cmd << sprintf(' %s', key)
-
-    raw = self.run(cmd)
-
-    JSON.parse(raw)
   end
 
   ##
@@ -310,6 +230,7 @@ class Rouster
     end
 
     # remove all nil references
+    # TODO make this more rubyish
     resources.each_key do |name|
       resources[name].each_pair do |k,v|
         unless v
@@ -318,14 +239,13 @@ class Rouster
       end
     end
 
+
     results[:classes]   = classes
     results[:resources] = resources
 
     results
   end
 
-  # TODO: come up with better method names here.. remove_existing_certs() and remove_specific_cert() are not very descriptive
-
   ##
   # remove_existing_certs
   #
@@ -334,57 +254,16 @@ class Rouster
   #
   # parameters
   # * <puppetmaster> - string/partial regex of certificate names to keep
-  def remove_existing_certs (except)
-    except = except.kind_of?(Array) ? except : [except] # need to move from <>.class.eql? to <>.kind_of? in a number of places
-    hosts  = Array.new()
-
-    res = self.run('puppet cert list --all')
-
-    # TODO refactor this away from the hacky_break
-    res.each_line do |line|
-      hacky_break = false
-
-      except.each do |exception|
-        next if hacky_break
-        hacky_break = line.match(/#{exception}/)
-      end
-
-      next if hacky_break
-
-      host = $1 if line.match(/^\+\s"(.*?)"/)
-
-      hosts.push(host) unless host.nil? # only want to clear signed certs
-    end
-
-    hosts.each do |host|
-      self.run(sprintf('puppet cert --clean %s', host))
-    end
-
-  end
-
-  ##
-  # remove_specific_cert
-  #
-  # ... removes a specific (or several specific) certificates, effectively the reverse of remove_existing_certs() - and again, really only useful when called on a puppet master
-  def remove_specific_cert (targets)
-    targets = targets.kind_of?(Array) ? targets : [targets]
+  def remove_existing_certs (puppetmaster)
     hosts = Array.new()
 
     res = self.run('puppet cert list --all')
 
     res.each_line do |line|
-      hacky_break = true
-
-      targets.each do |target|
-        next unless hacky_break
-        hacky_break = line.match(/#{target}/)
-      end
-
-      next unless hacky_break
-
+      next if line.match(/#{puppetmaster}/)
       host = $1 if line.match(/^\+\s"(.*?)"/)
-      hosts.push(host) unless host.nil?
 
+      hosts.push(host)
     end
 
     hosts.each do |host|
@@ -393,22 +272,15 @@ class Rouster
 
   end
 
-
   ##
   # run_puppet
   #
   # ... runs puppet on self, returns nothing
   #
   # currently supports 2 methods of running puppet:
-  #  * master - runs 'puppet agent -t'
+  #  * master - runs '/sbin/service puppet once -t'
   #    * supported options
   #      * expected_exitcode - string/integer/array of acceptable exit code(s)
-  #      * configtimeout - string/integer of the acceptable configtimeout value
-  #      * environment - string of the environment to use
-  #      * certname - string of the certname to use in place of the host fqdn
-  #      * pluginsync - bool value if pluginsync should be used
-  #      * server - string value of the puppetmasters fqdn / ip
-  #      * additional_options - string of various options that would be passed to puppet
   #  * masterless - runs 'puppet apply <options>' after determining version of puppet running and adjusting arguments
   #    * supported options
   #      * expected_exitcode - string/integer/array of acceptable exit code(s)
@@ -416,80 +288,41 @@ class Rouster
   #      * manifest_file - string/array of strings of paths to manifest(s) to apply
   #      * manifest_dir - string/array of strings of directories containing manifest(s) to apply - is recursive
   #      * module_dir - path to module directory -- currently a required parameter, is this correct?
-  #      * environment - string of the environment to use (default: production)
-  #      * certname - string of the certname to use in place of the host fqdn (default: unused)
-  #      * pluginsync - bool value if pluginsync should be used (default: true)
-  #      * additional_options - string of various options that would be passed to puppet
   #
   # parameters
   # * [mode] - method to run puppet, defaults to 'master'
   # * [opts] - hash of additional options
-  def run_puppet(mode='master', passed_opts={})
+  def run_puppet(mode='master', passed_opts=nil)
 
     if mode.eql?('master')
       opts = {
-        :expected_exitcode  => 0,
-        :configtimeout      => nil,
-        :environment        => nil,
-        :certname           => nil,
-        :server             => nil,
-        :pluginsync         => false,
-        :additional_options => nil
+        :expected_exitcode => 0
       }.merge!(passed_opts)
 
-      cmd = 'puppet agent -t'
-      cmd << sprintf(' --configtimeout %s', opts[:configtimeout]) unless opts[:configtimeout].nil?
-      cmd << sprintf(' --environment %s', opts[:environment]) unless opts[:environment].nil?
-      cmd << sprintf(' --certname %s', opts[:certname]) unless opts[:certname].nil?
-      cmd << sprintf(' --server %s', opts[:server]) unless opts[:server].nil?
-      cmd << ' --pluginsync' if opts[:pluginsync]
-      cmd << opts[:additional_options] unless opts[:additional_options].nil?
-
-      self.run(cmd, opts[:expected_exitcode])
+      self.run('/sbin/service puppet once -t', opts[:expected_exitcode])
 
     elsif mode.eql?('masterless')
       opts = {
-        :expected_exitcode  => 2,
-        :hiera_config       => nil,
-        :manifest_file      => nil, # can be a string or array, will 'puppet apply' each
-        :manifest_dir       => nil, # can be a string or array, will 'puppet apply' each module in the dir (recursively)
-        :module_dir         => nil,
-        :environment        => nil,
-        :certname           => nil,
-        :pluginsync         => false,
-        :additional_options => nil
+        :expected_exitcode => 2,
+        :hiera_config      => nil,
+        :manifest_file     => nil, # can be a string or array, will 'puppet apply' each
+        :manifest_dir      => nil, # can be a string or array, will 'puppet apply' each module in the dir (recursively)
+        :module_dir        => nil
       }.merge!(passed_opts)
 
-      ## validate arguments -- can do better here (:manifest_dir, :manifest_file)
-      puppet_version = self.get_puppet_version() # hiera_config specification is only supported in >3.0, but NOT required anywhere
+      ## validate required arguments
+      raise InternalError.new(sprintf('invalid hiera config specified[%s]', opts[:hiera_config])) unless self.is_file?(opts[:hiera_config])
+      raise InternalError.new(sprintf('invalid module dir specified[%s]', opts[:module_dir])) unless self.is_dir?(opts[:module_dir])
 
-      if opts[:hiera_config]
-        if puppet_version > '3.0'
-          raise InternalError.new(sprintf('invalid hiera config specified[%s]', opts[:hiera_config])) unless self.is_file?(opts[:hiera_config])
-        else
-          @logger.error(sprintf('puppet version[%s] does not support --hiera_config, ignoring', puppet_version))
-        end
-      end
-
-      if opts[:module_dir]
-        raise InternalError.new(sprintf('invalid module dir specified[%s]', opts[:module_dir])) unless self.is_dir?(opts[:module_dir])
-      end
+      puppet_version = self.get_puppet_version() # hiera_config specification is only supported in >3.0
 
       if opts[:manifest_file]
         opts[:manifest_file] = opts[:manifest_file].class.eql?(Array) ? opts[:manifest_file] : [opts[:manifest_file]]
         opts[:manifest_file].each do |file|
           raise InternalError.new(sprintf('invalid manifest file specified[%s]', file)) unless self.is_file?(file)
 
-          cmd = 'puppet apply --detailed-exitcodes'
-          cmd << sprintf(' --modulepath=%s', opts[:module_dir]) unless opts[:module_dir].nil?
-          cmd << sprintf(' --hiera_config=%s', opts[:hiera_config]) unless opts[:hiera_config].nil? or puppet_version < '3.0'
-          cmd << sprintf(' --environment %s', opts[:environment]) unless opts[:environment].nil?
-          cmd << sprintf(' --certname %s', opts[:certname]) unless opts[:certname].nil?
-          cmd << ' --pluginsync' if opts[:pluginsync]
-          cmd << sprintf(' %s', opts[:additional_options]) unless opts[:additional_options].nil?
-          cmd << sprintf(' %s', file)
+          self.run(sprintf('puppet apply %s --modulepath=%s %s', (puppet_version > '3.0') ? "--hiera_config=#{opts[:hiera_config]}" : '', opts[:module_dir], file), opts[:expected_exitcode])
 
-          self.last_puppet_run = self.run(cmd, opts[:expected_exitcode])
         end
       end
 
@@ -502,16 +335,8 @@ class Rouster
 
           manifests.each do |m|
 
-            cmd = 'puppet apply --detailed-exitcodes'
-            cmd << sprintf(' --modulepath=%s', opts[:module_dir]) unless opts[:module_dir].nil?
-            cmd << sprintf(' --hiera_config=%s', opts[:hiera_config]) unless opts[:hiera_config].nil? or puppet_version < '3.0'
-            cmd << sprintf(' --environment %s', opts[:environment]) unless opts[:environment].nil?
-            cmd << sprintf(' --certname %s', opts[:certname]) unless opts[:certname].nil?
-            cmd << ' --pluginsync' if opts[:pluginsync]
-            cmd << sprintf(' %s', opts[:additional_options]) unless opts[:additional_options].nil?
-            cmd << sprintf(' %s', m)
+            self.run(sprintf('puppet apply %s --modulepath=%s %s', (puppet_version > '3.0') ? "--hiera_config=#{opts[:hiera_config]}" : '', opts[:module_dir], m), opts[:expected_exitcode])
 
-            self.last_puppet_run = self.run(cmd, opts[:expected_exitcode])
           end
 
         end
@@ -524,4 +349,4 @@ class Rouster
 
   end
 
-end
+end

data/lib/rouster/testing.rb

@@ -5,103 +5,6 @@ require 'rouster/deltas'
 
 class Rouster
 
-  ##
-  # validate_cron
-  #
-  # given the name of the user who owns crontab, the cron's command to execute and a hash of expectations, returns true|false whether cron matches expectations
-  #
-  # parameters
-  # * <user> - name of user who owns crontab
-  # * <name> - the cron's command to execute
-  # * <expectations> - hash of expectations, see examples
-  # * <fail_fast> - return false immediately on any failure (default is false)
-  #
-  # example expectations:
-  # 'username',
-  # '/home/username/test.pl', {
-  #    :ensure => 'present',
-  #    :minute => 1,
-  #    :hour   => 0,
-  #    :dom    => '*',
-  #    :mon    => '*',
-  #    :dow    => '*',
-  # }
-  #
-  # 'root',
-  # 'printf > /var/log/apache/error_log', {
-  #    :minute => 59,
-  #    :hour   => [8, 12],
-  #    :dom    => '*',
-  #    :mon    => '*',
-  #    :dow    => '*',
-  # }
-  #
-  # supported keys:
-  #   * :exists|:ensure -- defaults to present if not specified
-  #   * :minute
-  #   * :hour
-  #   * :dom -- day of month
-  #   * :mon -- month
-  #   * :dow  -- day of week
-  #   * :constrain
-  def validate_cron(user, name, expectations, fail_fast=false)
-    if user.nil?
-      raise InternalError.new('no user specified constraint')
-    end
-
-    crontabs = self.get_crontab(user)
-
-    if expectations[:ensure].nil? and expectations[:exists].nil?
-      expectations[:ensure] = 'present'
-    end
-
-    if expectations.has_key?(:constrain)
-      expectations[:constrain] = expectations[:constrain].class.eql?(Array) ? expectations[:constrain] : [expectations[:constrain]]
-
-      expectations[:constrain].each do |constraint|
-        fact, expectation = constraint.split("\s")
-        unless meets_constraint?(fact, expectation)
-          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
-          return true
-        end
-      end
-
-      expectations.delete(:constrain)
-    end
-
-    results = Hash.new()
-    local = nil
-
-    expectations.each do |k,v|
-      case k
-        when :ensure, :exists
-          if crontabs.has_key?(name)
-            if v.to_s.match(/absent|false/).nil?
-              local = true
-            else
-              local = false
-            end
-          else
-            local = v.to_s.match(/absent|false/).nil? ? false : true
-          end
-        when :minute, :hour, :dom, :mon, :dow
-          if crontabs.has_key?(name) and crontabs[name].has_key?(k) and crontabs[name][k].to_s.eql?(v.to_s)
-            local = true
-          else
-            local = false
-          end
-        else
-          raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
-      end
-
-      return false if local.eql?(false) and fail_fast.eql?(true)
-      results[k] = local
-    end
-
-    @logger.info("#{name} [#{expectations}] => #{results}")
-    results.find{|k,v| v.false? }.nil?
-  end
-
   ##
   # validate_file
   #
@@ -110,7 +13,6 @@ class Rouster
   # parameters
   # * <name> - full file name or relative (to ~vagrant)
   # * <expectations> - hash of expectations, see examples
-  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # '/sys/kernel/mm/redhat_transparent_hugepage/enabled', {
@@ -144,9 +46,9 @@ class Rouster
   #   * :owner
   #   * :group
   #   * :constrain
-  def validate_file(name, expectations, fail_fast=false, cache=false)
+  def validate_file(name, expectations, cache=false)
 
-    if expectations[:ensure].nil? and expectations[:exists].nil? and expectations[:directory].nil? and expectations[:file?].nil?
+    if expectations[:ensure].nil? and expectations[:exists].nil?
       expectations[:ensure] = 'file'
     end
 
@@ -154,17 +56,9 @@ class Rouster
       expectations[:constrain] = expectations[:constrain].class.eql?(Array) ? expectations[:constrain] : [expectations[:constrain]]
 
       expectations[:constrain].each do |constraint|
-        valid = constraint.match(/^(\S+?)\s(.*)$/)
-
-        if valid.nil?
-          raise InternalError.new(sprintf('invalid constraint[%s] specified', constraint))
-        end
-
-        fact        = $1
-        expectation = $2
-
+        fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -172,7 +66,7 @@ class Rouster
       expectations.delete(:constrain)
     end
 
-    properties = (expectations[:ensure].eql?('file')) ?  self.file(name, cache) : self.dir(name, cache)
+    properties = (! expectations[:ensure].eql?('file')) ?  self.file(name, cache) : self.dir(name, cache)
     results = Hash.new()
     local = nil
 
@@ -184,14 +78,6 @@ class Rouster
             local = true
           elsif properties.nil?
             local = false
-          elsif v.to_s.match(/symlink|link/)
-            if expectations[:target].nil?
-              # don't validate the link path, just check whether we're a link
-              local = properties[:symlink?]
-            else
-              # validate the link path
-              local = properties[:target].eql?(expectations[:target])
-            end
           else
             case v
               when 'dir', 'directory'
@@ -223,7 +109,7 @@ class Rouster
             if properties[:directory?]
               local = v.to_s.match(/absent|false/).nil?
             else
-              local = ! v.to_s.match(/absent|false/).nil?
+              local = true
             end
           else
             local = false
@@ -234,22 +120,10 @@ class Rouster
             local = true
             begin
               self.run(sprintf("grep -c '%s' %s", regex, name))
-            rescue => e
+            rescue
               local = false
             end
-            break if local.false?
-          end
-        when :notcontains, :doesntcontain # TODO determine the appropriate attribute title here
-          v = v.class.eql?(Array) ? v : [v]
-          v.each do |regex|
-            local = true
-            begin
-              self.run(sprintf("grep -c '%s' %s", regex, name))
-              local = false
-            rescue => e
-              local = true
-            end
-            break if local.false?
+            next if local.false?
           end
         when :mode, :permissions
           if properties.nil?
@@ -282,19 +156,17 @@ class Rouster
             local = false
           end
         when :type
-          # noop allowing parse_catalog() output to be passed directly
-        when :target
-          # noop allowing ensure => 'link' / 'symlink' to specify their .. target
+          # noop
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
-      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
-    @logger.info("#{name} [#{expectations}] => #{results}")
+    @log.info(results)
     results.find{|k,v| v.false? }.nil?
+
   end
 
   ##
@@ -305,7 +177,6 @@ class Rouster
   # paramaters
   # * <name> - group name
   # * <expectations> - hash of expectations, see examples
-  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # 'root', {
@@ -327,7 +198,7 @@ class Rouster
   #  * :gid
   #  * :user|:users (string or array)
   #  * :constrain
-  def validate_group(name, expectations, fail_fast=false)
+  def validate_group(name, expectations)
     groups = self.get_groups(true)
 
     if expectations[:ensure].nil? and expectations[:exists].nil?
@@ -340,7 +211,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -364,33 +235,25 @@ class Rouster
             local = v.to_s.match(/absent|false/).nil? ? false : true
           end
         when :gid
-          if groups[name].is_a?(Hash) and groups[name].has_key?(:gid)
-            local = v.to_s.eql?(groups[name][:gid].to_s)
-          else
-            local = false
-          end
+          local = v.to_s.eql?(groups[name][:gid].to_s)
         when :user, :users
           v = v.class.eql?(Array) ? v : [v]
           v.each do |user|
-            if groups[name].is_a?(Hash) and groups[name].has_key?(:users)
-              local = groups[name][:users].member?(user)
-            else
-              local = false
-            end
+            local = groups[name][:users].member?(user)
             break unless local.true? # need to make the return value smarter if we want to store data on which user failed
           end
         when :type
-          # noop allowing parse_catalog() output to be passed directly
+          # noop
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
-      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
-    @logger.info("#{name} [#{expectations}] => #{results}")
+    @log.info(results.pretty_print_inspect())
     results.find{|k,v| v.false? }.nil?
+
   end
 
   ##
@@ -401,7 +264,6 @@ class Rouster
   # parameters
   # * <name> - package name
   # * <expectations> - hash of expectations, see examples
-  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # 'perl-Net-SNMP', {
@@ -422,7 +284,7 @@ class Rouster
   #  * :exists|ensure
   #  * :version  (literal or basic comparison)
   #  * :constrain
-  def validate_package(name, expectations, fail_fast=false)
+  def validate_package(name, expectations)
     packages = self.get_packages(true)
 
     if expectations[:ensure].nil? and expectations[:exists].nil?
@@ -435,7 +297,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -459,148 +321,26 @@ class Rouster
             local = v.to_s.match(/absent|false/).nil? ? false : true
           end
         when :version
-          # TODO support determination based on multiple versions of the same package installed (?)
-          if packages.has_key?(name)
-
-            lps = packages[name].is_a?(Array) ? packages[name] : [ packages[name] ]
-
-            lps.each do |lp|
-              if v.split("\s").size > 1
-                ## generic comparator functionality
-                comp, expectation = v.split("\s")
-                local = generic_comparator(lp[:version], comp, expectation)
-                break unless local.eql?(true)
-              else
-                local = ! v.to_s.match(/#{lp[:version]}/).nil?
-                break unless local.eql?(true)
-              end
-            end
+          if v.split("\s").size > 1
+            ## generic comparator functionality
+            comp, expectation = v.split("\s")
+            local = generic_comparator(packages[name], comp, expectation)
           else
-            local = false
-          end
-        when :arch, :architecture
-          if packages.has_key?(name)
-            archs = []
-            lps   = packages[name].is_a?(Array) ? packages[name] : [ packages[name] ]
-            lps.each { |p| archs << p[:arch] }
-            if v.is_a?(Array)
-              v.each do |arch|
-                local = archs.member?(arch)
-                break unless local.eql?(true) # fail fast - if we are looking for an arch that DNE, bail out
-              end
-            else
-              local = archs.member?(v)
-            end
+            local = ! v.to_s.match(/#{packages[name]}/).nil?
           end
         when :type
-          # noop allowing parse_catalog() output to be passed directly
+          # noop
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
-      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
     # TODO figure out a good way to allow access to the entire hash, not just boolean -- for now just print at an info level
+    @log.info(results)
 
-    @logger.info("#{name} [#{expectations}] => #{results}")
-    results.find{|k,v| v.false? }.nil?
-  end
-
-  # given a port nnumber and a hash of expectations, returns true|false whether port meets expectations
-  #
-  # parameters
-  # * <number> - port number
-  # * <expectations> - hash of expectations, see examples
-  #
-  # example expectations:
-  # '22', {
-  #   :ensure => 'active',
-  #   :protocol => 'tcp',
-  #   :address => '0.0.0.0'
-  # },
-  #
-  # '1234', {
-  #   :ensure => 'open',
-  #   :address => '*',
-  #   :constrain => 'is_virtual false'
-  # }
-  #
-  # supported keys:
-  #  * :exists|ensure|state
-  #  * :address
-  #  * :protocol|proto
-  #  * :constrain
-  def validate_port(number, expectations, fail_fast=false)
-    number = number.to_s
-    ports  = self.get_ports(true)
-
-    if expectations[:ensure].nil? and expectations[:exists].nil? and expectations[:state].nil?
-      expectations[:ensure] = 'present'
-    end
-
-    if expectations[:protocol].nil? and expectations[:proto].nil?
-      expectations[:protocol] = 'tcp'
-    elsif ! expectations[:proto].nil?
-      expectations[:protocol] = expectations[:proto]
-    end
-
-    if expectations.has_key?(:constrain)
-      expectations[:constrain] = expectations[:constrain].class.eql?(Array) ? expectations[:constrain] : [expectations[:constrain]]
-
-      expectations[:constrain].each do |constraint|
-        fact, expectation = constraint.split("\s")
-        unless meets_constraint?(fact, expectation)
-          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
-          return true
-        end
-      end
-
-      expectations.delete(:constrain)
-    end
-
-    results = Hash.new()
-    local = nil
-
-    expectations.each do |k,v|
-      case k
-        when :ensure, :exists, :state
-          if v.to_s.match(/absent|false|open/)
-            local = ports[expectations[:protocol]][number].nil?
-          else
-            local = ! ports[expectations[:protocol]][number].nil?
-          end
-        when :protocol, :proto
-          # TODO rewrite this in a less hacky way
-          if expectations[:ensure].to_s.match(/absent|false|open/) or expectations[:exists].to_s.match(/absent|false|open/) or expectations[:state].to_s.match(/absent|false|open/)
-            local = true
-          else
-            local = ports[v].has_key?(number)
-          end
-
-        when :address
-          lr = Array.new
-          if ports[expectations[:protocol]][number]
-            addresses = ports[expectations[:protocol]][number][:address]
-            addresses.each_key do |address|
-              lr.push(address.eql?(v.to_s))
-            end
-
-            local = ! lr.find{|e| e.true? }.nil? # this feels jankity
-          else
-            # this port isn't open in the first place, won't match any addresses we expect to see it on
-            local = false
-          end
-        else
-          raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
-      end
-
-      return false if local.eql?(false) and fail_fast.eql?(true)
-      results[k] = local
-    end
-
-    @logger.info("#{name} [#{expectations}] => #{results}")
+    # TODO should we implement a fail fast method? at least an option
     results.find{|k,v| v.false? }.nil?
   end
 
@@ -612,7 +352,6 @@ class Rouster
   # parameters
   # * <name> - service name
   # * <expectations> - hash of expectations, see examples
-  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # 'ntp', {
@@ -628,7 +367,7 @@ class Rouster
   #  * :exists|:ensure
   #  * :state,:status
   #  * :constrain
-  def validate_service(name, expectations, fail_fast=false)
+  def validate_service(name, expectations)
     services = self.get_services(true)
 
     if expectations[:ensure].nil? and expectations[:exists].nil?
@@ -641,7 +380,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -665,23 +404,19 @@ class Rouster
             local = v.to_s.match(/absent|false/).nil? ? false : true
           end
         when :state, :status
-          if services.has_key?(name)
-            local = ! v.match(/#{services[name]}/).nil?
-          else
-            local = false
-          end
+          local = ! v.match(/#{services[name]}/).nil?
         when :type
-          # noop allowing parse_catalog() output to be passed directly
+          # noop
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
-      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
-    @logger.info("#{name} [#{expectations}] => #{results}")
+    @log.info(results.pretty_print_inspect())
     results.find{|k,v| v.false? }.nil?
+
   end
 
   ##
@@ -692,7 +427,6 @@ class Rouster
   # parameters
   # * <name> - user name
   # * <expectations> - hash of expectations, see examples
-  # * <fail_fast> - return false immediately on any failure (default is false)
   #
   # example expectations:
   # 'root' => {
@@ -718,7 +452,7 @@ class Rouster
   #  * :uid
   #  * :gid
   #  * :constrain
-  def validate_user(name, expectations, fail_fast=false)
+  def validate_user(name, expectations)
     users = self.get_users(true)
 
     if expectations[:ensure].nil? and expectations[:exists].nil?
@@ -731,7 +465,7 @@ class Rouster
       expectations[:constrain].each do |constraint|
         fact, expectation = constraint.split("\s")
         unless meets_constraint?(fact, expectation)
-          @logger.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
+          @log.info(sprintf('returning true for expectation [%s], did not meet constraint[%s/%s]', name, fact, expectation))
           return true
         end
       end
@@ -761,47 +495,27 @@ class Rouster
             break unless local.true?
           end
         when :gid
-          if users[name].is_a?(Hash) and users[name].has_key?(:gid)
-            local = v.to_i.eql?(users[name][:gid].to_i)
-          else
-            local = false
-          end
+          local = v.to_i.eql?(users[name][:gid].to_i)
         when :home
-          if users[name].is_a?(Hash) and users[name].has_key?(:home)
-            local = ! v.match(/#{users[name][:home]}/).nil?
-          else
-            local = false
-          end
+          local = ! v.match(/#{users[name][:home]}/).nil?
         when :home_exists
-          if users[name].is_a?(Hash) and users[name].has_key?(:home_exists)
-            local = ! v.to_s.match(/#{users[name][:home_exists].to_s}/).nil?
-          else
-            local = false
-          end
+          local = ! v.to_s.match(/#{users[name][:home_exists].to_s}/).nil?
         when :shell
-          if users[name].is_a?(Hash) and users[name].has_key?(:shell)
-            local = ! v.match(/#{users[name][:shell]}/).nil?
-          else
-            local = false
-          end
+          local = ! v.match(/#{users[name][:shell]}/).nil?
         when :uid
-          if users[name].is_a?(Hash) and users[name].has_key?(:uid)
-            local = v.to_i.eql?(users[name][:uid].to_i)
-          else
-            local = false
-          end
+          local = v.to_i.eql?(users[name][:uid].to_i)
         when :type
-          # noop allowing parse_catalog() output to be passed directly
+          # noop
         else
           raise InternalError.new(sprintf('unknown expectation[%s / %s]', k, v))
       end
 
-      return false if local.eql?(false) and fail_fast.eql?(true)
       results[k] = local
     end
 
-    @logger.info("#{name} [#{expectations}] => #{results}")
+    @log.info(results.pretty_print_inspect())
     results.find{|k,v| v.false? }.nil?
+
   end
 
   ## internal methods
@@ -814,59 +528,38 @@ class Rouster
   # gets facts from node, and if fact expectation regex matches actual fact, returns true
   #
   # parameters
-  # * <key>         - fact/hiera key to look up (actual value)
-  # * <expectation> -
-  # * [cache]       - boolean controlling whether facter lookups are cached
-  def meets_constraint?(key, expectation, cache=true)
-
-    expectation = expectation.to_s
-
-    unless self.respond_to?('facter') or self.respond_to?('hiera')
-      # if we haven't loaded puppet.rb, we won't have access to facts/hiera lookups
-      @logger.warn('using constraints without loading [rouster/puppet] will not work, forcing no-op')
+  # * <fact> - fact
+  # * <expectation>
+  # * [cache]
+  def meets_constraint?(fact, expectation, cache=true)
+
+    unless self.respond_to?('facter')
+      # if we haven't loaded puppet.rb, we won't have access to facts
+      @log.warn('using constraints without loading [rouster/puppet] will not work, forcing no-op')
       return false
     end
 
-    facts  = self.facter(cache)
-    actual = nil
-
-    if facts[key]
-      actual = facts[key]
-    else
-      # value is not a fact, lets try to find it in hiera
-      # TODO how to handle the fact that this will really only work on the puppetmaster
-      actual = self.hiera(key, facts)
-    end
+    expectation = expectation.to_s
+    facts = self.facter(cache)
 
     res = nil
-
     if expectation.split("\s").size > 1
       ## generic comparator functionality
       comp, expectation = expectation.split("\s")
-      res = generic_comparator(actual, comp, expectation)
+
+      res = generic_comparator(facts[fact], comp, expectation)
+
     else
-      res = ! actual.to_s.match(/#{expectation}/).nil?
+      res = ! expectation.match(/#{facts[fact]}/).nil?
+      @log.debug(sprintf('meets_constraint?(%s, %s): %s', fact, expectation, res.nil?))
     end
 
-    @logger.debug(sprintf('meets_constraint?(%s, %s): %s', key, expectation, res.nil?))
     res
   end
 
-  ##
-  # generic_comparator
-  #
-  # powers the 3 argument form of constraint (i.e. 'is_virtual != true', '<package_version> > 3.0', etc)
-  #
-  # should really be an eval{} of some sort (or would be in the perl world)
-  #
-  # parameters
-  # * <comparand1> - left side of the comparison
-  # * <comparator> - comparison to make
-  # * <comparand2> - right side of the comparison
   def generic_comparator(comparand1, comparator, comparand2)
 
     # TODO rewrite this as an eval so we don't have to support everything..
-    # TODO come up with mechanism to determine when is it appropriate to call .to_i vs. otherwise -- comparisons will mainly be numerical (?), but need to support text matching too
     case comparator
       when '!='
         # ugh