Using augeas with puppet to add an attribute to a root node

Question

So I'm trying to do something that looks identical to the question at "Issues adding attribute to XML root node via augeas", but the answer provided there doesn't work for me. Without the insert command, I'm getting this error message (in puppet agent -t --debug --verbose mode):

Debug: Augeas[context.xml](provider=augeas): /augeas/files/usr/share/tomcat/conf/context.xml/error/message = Failed to match 
    { /#attribute/ }?({ /#text/ = /(\\]\\]\\]*[^]\001-\004<>][^]\001-\004<]*\\]|(\\][^]\001-\004<]|[^]\001-\004<][^]\001-\004<])[^]\001-\004<]*\\]|[^]\001-\004<]\\])(\\]\\]*[^]\001-\004<>][^]\001-\004<]*\\]|[^]\001-\004<][^]\001-\004<]*\\])*(\\]\\]*([^]\001-\004<>][^]\001-\004<]*|)|[^]\001-\004<][^]\001-\004<]*|)|\\]\\]\\]*([^]\001-\004<>][^]\001-\004<]*|)|(\\][^]\001-\004<]|[^]\001-\004<][^]\001-\004<])[^]\001-\004<]*|\\]|[^]\001-\004<]/ } | { /#comment/ = /([^\001-\004-]|-[^\001-\004-])*/ } | <<rec>> | { /[:A-Z_a-z][.0-:A-Z_a-z-]*/ = /#empty/ } | { /#pi/ })*
  with tree
    { "#text" = "

    " } { "#comment" = " Default set of monitored resources " } { "#text" = "
    " } { "WatchedResource" } { "#text" = "
    " } { "#comment" = " Uncomment this to disable session persistence across Tomcat restarts " } { "#text" = "
    " } { "#comment" = "
    <Manager pathname="" />
    " } { "#text" = "

    " } { "#comment" = " Uncomment this to enable Comet connection tacking (provides events
         on session expiration as well as webapp lifecycle) " } { "#text" = "
    " } { "#comment" = "
    <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
    " } { "#text" = "

" } { "Manager" } { "#attribute" }
Debug: Augeas[context.xml](provider=augeas): Closed the augeas connection
Error: /Stage[main]/mytomcat::Hardening::Context-xml/Augeas[context.xml]: Could not evaluate: Saving failed, see debug

Which is basically what we saw in that other post. With the insert command, here's the relevant code I'm using:

class mytomcat::hardening::context-xml {
  require ::augeas
  augeas{ 'context.xml':
    lens    => 'Xml.lns',
    incl    => '/usr/share/tomcat/conf/context.xml',
    changes => [
      'ins #attribute before Context/#text',
      'set Context/#attribute/allowLinking false', 
    ],
  }
}

Which gives me this error:

Debug: Augeas[context.xml](provider=augeas): sending command 'ins' with params ["#attribute", "before", "/files/usr/share/tomcat/conf/context.xml/Context/#text"]
Debug: Augeas[context.xml](provider=augeas): Closed the augeas connection
Error: /Stage[main]/mytomcat::Hardening::Context-xml/Augeas[context.xml]: Could not evaluate: Error sending command 'ins' with params ["#attribute", "before", "/files/usr/share/tomcat/conf/context.xml/Context/#text"]/Error sending command 'ins' with params ["#attribute", "before", "/files/usr/share/tomcat/conf/context.xml/Context/#text"]

I tried using touch instead of insert, based on the "Puppet Type Reference" page for Augeas with this code:

class mytomcat::hardening::context-xml {
  require ::augeas
  augeas{ 'context.xml':
    lens    => 'Xml.lns',
    incl    => '/usr/share/tomcat/conf/context.xml',
    changes => [
      'touch Context/#attribute',
      'touch Context/#attribute/allowLinking',
      'set Context/#attribute/allowLinking false', 
    ],
  }
}

But then I get the error message:

Error: /Stage[main]/mytomcat::Hardening::Context-xml/Augeas[context.xml]: Could not evaluate: Unknown command touch

EDIT: I tried doing a clear instead of touch, but that seems to be a NOOP command, and does not give me a different result than the first one shown at the very top of this post.

So, I can't do touch, using a full XPath to try to set the attribute doesn't work because you have to add the #attribute node before the #text node, clear appears to be a NOOP, and then when I try to do the "insert" command as recommended it also doesn't work.

Any idea what is going wrong here and how I can fix it?