[augeas-devel] Some ideas about how to use Augeas with IPA

[Dominique Dumont]

Hello

I hope David will not mind me pushing another project which is more
complementary than competitive to Augeas.

Dmitri Pal <dpal at redhat.com> writes:
> I have been evaluating the Augeas library for potential use with IPA
> (especially for the centralized policy management) and found that
> though it is a pretty powerful tool there are certain features that
> would make it much more attractive for the IPA project.
> I will list the requirements with the explanation of the use case .

I think that Config::Model [1] on top of Augeas would fill most of
your requirements. Please read on for more detailed explanations.

> 1) When setting the value validate the provided data against the
> regular expression.  Let us say that we have a file that reads
> several comma separated values per rule.  Then the lenses will
> contain a definition of the "word" as any character that is not a
> space or a comma. The defined "word" will be used in the parsing
> rule. If then when use set command to update the values in the entry
> we provide value that contains comma the set command should fail
> since the data when saved will violate the lenses grammar and
> library will fail to parse it back.

With Config::Model, Augeas would be used to read your IPA
configuration file and store IPA conf data into Config::Model internal
representation. Your user would need to use Config::Model equivalent
of "set_command" to enter new data. Config::Model would check the
validity of the new configuration data at that time, not when saving
data.

> 2) The match command matches the exact value of the label. It would
> be very useful to be able to do the regular expression
> searches. This would help if you have to combine two files and want
> to extract a subset of the entries that matches the regular
> expression. I also means that there should be a way to iterate
> through the result set.

I've not understood this use case.

> 3) Currently the library is bound to the physical file. There should
> be an option to save/read the data to/from the buffer so that the
> caller can take advantage of the fact that data can come from
> different sources. This can be used when parts of the file are stored
> in the external facility other than the file - for example in the DB
> or LDAP. Let us imagine that there is an XML data stored in the ldap
> field. The application can connect to LDAP, request the attribute,
> feed it to Augeas library specifying a read lenses and then save the
> Augeas tree in a file using a different lenses. It creates a very
> powerful mechanism.

With Config::Model you can write data back with several
backends. Could be Augeas, XML, or LDAP. The only hitch is that these
backends are not (yet) implemented.

> 4) Managing the order of the entries. Currently I do not see a way of
> inserting the entries in the middle of the file. Some configuration
> files have rules that are applied in order so capability of inserting
> a new entry in the middle is very important.

Not a problem with Config::Model. Could you specify if you want to
offer your user an interactive session or batch session for
configuration activities ?

> 5) To be able to effectively merge the configuration data from
> different sources and apply changes to the file it might be very
> beneficial to be able to sort the entries in the node tree by a
> specific criteria. This capability will allow a much simpler
> implementation logic when 2 different trees need to be compared and
> merged.

Data are sorted according to the IPA configuration model stored in
Config::Model. The catch: you would need to provide this configuration
model that describe the structure and constraints of IPA
configuration. See [2] as an example of a configuration model for
sshd_config.

Simple merge would means loading one IPA conf file and then
another. The second file would override already existing data. Do you
need more "subtle" merge functionality ?

> 6) Create a copy of the node tree. If I have a tree that I read from
> the file and I want to start playing with it in therms of sorting or
> merging it would be nice to be able create a copy of the tree before
> starting the procedure so that the original tree can be preserved
> and would not require re-red from the disk of merge comes to an
> unresolvable error.

That would be possible with Config::Model since it uses an internal
tree representation of data (an instance in Config::Model's doc).

Feel free to ask more details.

All the best

Dominique