RubyGems - bolt - Versions diffs - 0.17.1 → 0.17.2 - Mend

bolt 0.17.1 → 0.17.2

Potentially problematic release.

This version of bolt might be problematic. Click here for more details.

Files changed (224) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8759e96b6a18784b8ede93ee47d24a108c69081d
-  data.tar.gz: 2555ed2cef120bca77905ca535a41b09ef12df07
+  metadata.gz: c9ea02d63dd2b45747f5eda9d07187f39842332f
+  data.tar.gz: 3768ff96fafe4b6cb9d05fdad94c17ce3809e2be
 SHA512:
-  metadata.gz: a65bc900d11f643783028dc846af43c2f115f4311c50c7b03630e091cf353e75a3b5ee79162fdaf0531a1e5c8b939d12c3a3838f7b94e373dd6ef0faec3f4133
-  data.tar.gz: 3334b078eb1012f1af15a75a22e3a1691fa578360eeddc0f9f3b239e0bf7f8ea3f876641693a3a1966a214419107ab81b935a28a19051f0d6190c5a5fc7b3c51
+  metadata.gz: 26863769817e4f0b644041dc32b2eda8c961d75ab34bc805db0ff497ff8c624672c5d3d6051cdd6add2fa921e862310d9236879cacf61aa35144fd795f159c03
+  data.tar.gz: 6b767b8e2dab9368e0bd5bc7feee4b397f18a39005eca646d2bad44e3a400bdca5009f1e6d1e51d1688ab8265e02996a2b127840e918cdd405c618a6fe00a52c

data/bolt-modules/boltlib/lib/puppet/functions/run_task.rb CHANGED

@@ -41,12 +41,6 @@ Puppet::Functions.create_function(:run_task) do
       )
     end
-    # TODO: use the compiler injection once PUP-8237 lands
-    task_signature = Puppet::Pal::ScriptCompiler.new(closure_scope.compiler).task_signature(task_name)
-    if task_signature.nil?
-      raise with_stack(:UNKNOWN_TASK, Bolt::Error.unknown_task(task_name))
-    end
     executor = Puppet.lookup(:bolt_executor) { nil }
     inventory = Puppet.lookup(:bolt_inventory) { nil }
     unless executor && inventory && Puppet.features.bolt?
@@ -55,18 +49,38 @@ Puppet::Functions.create_function(:run_task) do
       )
     end
+    # Ensure that given targets are all Target instances
+    targets = inventory.get_targets(targets)
     use_args = task_args.reject { |k, _| k.start_with?('_') }
-    task_signature.runnable_with?(use_args) do |mismatch_message|
-      raise with_stack(:TYPE_MISMATCH, mismatch_message)
-    end || (raise with_stack(:TYPE_MISMATCH, 'Task parameters do not match'))
+    # Don't bother loading the local task definition if all targets use the 'pcp' transport
+    # and the local-validation option is set to false for all of them
+    if !targets.empty? && targets.all? { |t| t.protocol == 'pcp' && t.options['local-validation'] == false }
+      # create a fake task
+      task = Puppet::Pops::Types::TypeFactory.task.from_hash(
+        'name'          => task_name,
+        'executable'    => '',
+        'supports_noop' => true
+      )
+    else
+      # TODO: use the compiler injection once PUP-8237 lands
+      task_signature = Puppet::Pal::ScriptCompiler.new(closure_scope.compiler).task_signature(task_name)
+      if task_signature.nil?
+        raise with_stack(:UNKNOWN_TASK, Bolt::Error.unknown_task(task_name))
+      end
+      task_signature.runnable_with?(use_args) do |mismatch_message|
+        raise with_stack(:TYPE_MISMATCH, mismatch_message)
+      end || (raise with_stack(:TYPE_MISMATCH, 'Task parameters do not match'))
+      task = task_signature.task
+    end
     unless Puppet::Pops::Types::TypeFactory.data.instance?(use_args)
       raise with_stack(:TYPE_NOT_DATA, 'Task parameters is not of type Data')
     end
-    task = task_signature.task
     if executor.noop
       if task.supports_noop
         use_args['_noop'] = true
@@ -75,8 +89,6 @@ Puppet::Functions.create_function(:run_task) do
       end
     end
-    # Ensure that given targets are all Target instances
-    targets = inventory.get_targets(targets)
     if targets.empty?
       Bolt::ResultSet.new([])
     else

data/lib/bolt/cli.rb CHANGED

@@ -10,6 +10,7 @@ require 'bolt/executor'
 require 'bolt/inventory'
 require 'bolt/logger'
 require 'bolt/outputter'
+require 'bolt/puppetdb'
 require 'bolt/pal'
 require 'bolt/target'
 require 'bolt/version'
@@ -129,6 +130,10 @@ Available options are:
                         '* port defaults to `5985` or `5986` for WinRM, based on the --[no-]ssl setting') do |nodes|
           @options[:nodes] << get_arg_input(nodes)
         end.extend(SwitchHider)
+        @query = define('-q', '--query QUERY',
+                        'Query PuppetDB to determine the targets') do |query|
+          @options[:query] = query
+        end.extend(SwitchHider)
         define('-u', '--user USER',
                'User to authenticate as (Optional)') do |user|
           @options[:user] = user
@@ -146,7 +151,7 @@ Available options are:
         end
         define('--private-key KEY',
                'Private ssh key to authenticate with (Optional)') do |key|
-          @options[:key] = key
+          @options[:'private-key'] = key
         end
         define('--tmpdir DIR',
                'The directory to upload and execute temporary files on the target (Optional)') do |tmpdir|
@@ -159,7 +164,7 @@ Available options are:
         end
         define('--connect-timeout TIMEOUT', Integer,
                'Connection timeout (Optional)') do |timeout|
-          @options[:connect_timeout] = timeout
+          @options[:'connect-timeout'] = timeout
         end
         define('--modulepath MODULES',
                'List of directories containing modules, ' \
@@ -177,28 +182,28 @@ Available options are:
         end
         define('--[no-]host-key-check',
                'Check host keys with SSH') do |host_key_check|
-          @options[:host_key_check] = host_key_check
+          @options[:'host-key-check'] = host_key_check
         end
         define('--[no-]ssl',
                'Use SSL with WinRM') do |ssl|
           @options[:ssl] = ssl
         end
-        define('--transport TRANSPORT', TRANSPORTS.map(&:to_s),
-               'Specify a default transport: ' << TRANSPORTS.join(', ')) do |t|
+        define('--transport TRANSPORT', TRANSPORTS.keys.map(&:to_s),
+               'Specify a default transport: ' << TRANSPORTS.keys.join(', ')) do |t|
           @options[:transport] = t
         end
         define('--run-as USER',
                'User to run as using privilege escalation') do |user|
-          @options[:run_as] = user
+          @options[:'run-as'] = user
         end
         define('--sudo-password [PASSWORD]',
                'Password for privilege escalation') do |password|
           if password.nil?
             STDOUT.print "Please enter your privilege escalation password: "
-            @options[:sudo_password] = STDIN.noecho(&:gets).chomp
+            @options[:'sudo-password'] = STDIN.noecho(&:gets).chomp
             STDOUT.puts
           else
-            @options[:sudo_password] = password
+            @options[:'sudo-password'] = password
           end
         end
         define('--configfile CONFIG_PATH',
@@ -207,6 +212,9 @@ Available options are:
         end
         define('--inventoryfile INVENTORY_PATH',
                'Specify where to load the inventory file from') do |path|
+          if ENV.include?(Bolt::Inventory::ENVIRONMENT_VAR)
+            raise Bolt::CLIError, "Cannot pass inventory file when #{Bolt::Inventory::ENVIRONMENT_VAR} is set"
+          end
           @options[:inventoryfile] = path
         end
         define_tail('--[no-]tty',
@@ -235,9 +243,14 @@ Available options are:
       end
       def update
+        # show the --nodes and --query switches by default
+        @nodes.hide = @query.hide = false
         # Update the banner according to the mode
         self.banner = case @options[:mode]
                       when 'plan'
+                        # don't show the --nodes and --query switches in the plan help
+                        @nodes.hide = @query.hide = true
                         PLAN_HELP
                       when 'command'
                         COMMAND_HELP
@@ -250,10 +263,6 @@ Available options are:
                       else
                         BANNER
                       end
-        # Only show the --nodes switch in the help message produced by
-        # the #help method when not dealing with plans
-        @nodes.hide = (@options[:mode] == 'plan')
       end
       def parse_params(params)
@@ -367,7 +376,12 @@ Available options are:
       # After validation, initialize inventory and targets. Errors here are better to catch early.
       unless options[:action] == 'show' || options[:mode] == 'plan'
-        options[:targets] = inventory.get_targets(options[:nodes]) if options[:nodes]
+        if options[:query]
+          nodes = query_puppetdb_nodes(options[:query])
+          options[:targets] = inventory.get_targets(nodes)
+        else
+          options[:targets] = inventory.get_targets(options[:nodes])
+        end
       end
       options
@@ -412,8 +426,12 @@ Available options are:
         end
       end
-      if options[:nodes].empty? && options[:mode] != 'plan' && options[:action] != 'show'
-        raise Bolt::CLIError, "Option '--nodes' must be specified"
+      if options[:mode] != 'plan' && options[:action] != 'show'
+        if options[:nodes].empty? && options[:query].nil?
+          raise Bolt::CLIError, "Targets must be specified with '--nodes' or '--query'"
+        elsif options[:nodes].any? && options[:query]
+          raise Bolt::CLIError, "Only one of '--nodes' or '--query' may be specified"
+        end
       end
       if options[:noop] && (options[:mode] != 'task' || options[:action] != 'run')
@@ -432,6 +450,18 @@ Available options are:
       raise Bolt::CLIError, "Unknown argument '#{e.args.first}'"
     end
+    def puppetdb_client
+      return @puppetdb_client if @puppetdb_client
+      puppetdb_config = Bolt::PuppetDB::Config.new(nil, config.puppetdb)
+      @puppetdb_client = Bolt::PuppetDB::Client.from_config(puppetdb_config)
+    end
+    def query_puppetdb_nodes(query)
+      puppetdb_client.query_certnames(query)
+    rescue StandardError => e
+      raise Bolt::CLIError, "Could not retrieve targets from PuppetDB: #{e}"
+    end
     def execute(options)
       message = nil

data/lib/bolt/config.rb CHANGED

@@ -1,9 +1,18 @@
 require 'yaml'
-require 'bolt/cli'
 require 'logging'
+require 'bolt/cli'
+require 'bolt/transport/ssh'
+require 'bolt/transport/winrm'
+require 'bolt/transport/orch'
+require 'bolt/transport/local'
 module Bolt
-  TRANSPORTS = %i[ssh winrm pcp local].freeze
+  TRANSPORTS = {
+    ssh: Bolt::Transport::SSH,
+    winrm: Bolt::Transport::WinRM,
+    pcp: Bolt::Transport::Orch,
+    local: Bolt::Transport::Local
+  }.freeze
   Config = Struct.new(
     :concurrency,
@@ -12,6 +21,7 @@ module Bolt
     :log_level,
     :log,
     :modulepath,
+    :puppetdb,
     :transport,
     :transports
   ) do
@@ -20,27 +30,29 @@ module Bolt
       concurrency: 100,
       transport: 'ssh',
       format: 'human',
-      modulepath: []
+      modulepath: [],
+      puppetdb: {}
     }.freeze
-    TRANSPORT_OPTIONS = %i[host_key_check password run_as sudo_password extensions
-                           ssl key tty tmpdir user connect_timeout cacert
-                           token-file task-environment service-url].freeze
+    TRANSPORT_OPTIONS = %i[password run-as sudo-password extensions
+                           private-key tty tmpdir user connect-timeout
+                           cacert token-file service-url].freeze
     TRANSPORT_DEFAULTS = {
-      connect_timeout: 10,
-      tty: false
+      'connect-timeout' => 10,
+      'tty' => false
     }.freeze
     TRANSPORT_SPECIFIC_DEFAULTS = {
       ssh: {
-        host_key_check: true
+        'host-key-check' => true
       },
       winrm: {
-        ssl: true
+        'ssl' => true
       },
       pcp: {
-        :"task-environment" => 'production'
+        'task-environment' => 'production',
+        'local-validation' => false
       },
       local: {}
     }.freeze
@@ -55,10 +67,9 @@ module Bolt
       self[:log]['console'] ||= {}
       self[:transports] ||= {}
-      TRANSPORTS.each do |transport|
-        unless self[:transports][transport]
-          self[:transports][transport] = {}
-        end
+      TRANSPORTS.each_key do |transport|
+        self[:transports][transport] ||= {}
         TRANSPORT_DEFAULTS.each do |k, v|
           unless self[:transports][transport][k]
             self[:transports][transport][k] = v
@@ -109,74 +120,16 @@ module Bolt
         self[:modulepath] = data['modulepath'].split(File::PATH_SEPARATOR)
       end
-      if data['inventoryfile']
-        self[:inventoryfile] = data['inventoryfile']
-      end
-      if data['concurrency']
-        self[:concurrency] = data['concurrency']
-      end
-      if data['format']
-        self[:format] = data['format']
-      end
-      if data['ssh']
-        if data['ssh']['private-key']
-          self[:transports][:ssh][:key] = data['ssh']['private-key']
-        end
-        if data['ssh'].key?('host-key-check')
-          self[:transports][:ssh][:host_key_check] = data['ssh']['host-key-check']
-        end
-        if data['ssh']['connect-timeout']
-          self[:transports][:ssh][:connect_timeout] = data['ssh']['connect-timeout']
-        end
-        if data['ssh']['tmpdir']
-          self[:transports][:ssh][:tmpdir] = data['ssh']['tmpdir']
-        end
-        if data['ssh']['run-as']
-          self[:transports][:ssh][:run_as] = data['ssh']['run-as']
-        end
-      end
-      if data['winrm']
-        if data['winrm']['connect-timeout']
-          self[:transports][:winrm][:connect_timeout] = data['winrm']['connect-timeout']
-        end
-        if data['winrm'].key?('ssl')
-          self[:transports][:winrm][:ssl] = data['winrm']['ssl']
-        end
-        if data['winrm']['tmpdir']
-          self[:transports][:winrm][:tmpdir] = data['winrm']['tmpdir']
-        end
-        if data['winrm']['cacert']
-          self[:transports][:winrm][:cacert] = data['winrm']['cacert']
-        end
-        if data['winrm']['extensions']
-          # Accept a single entry or a list, ensure each is prefixed with '.'
-          self[:transports][:winrm][:extensions] =
-            [data['winrm']['extensions']].flatten.map { |ext| ext[0] != '.' ? '.' + ext : ext }
+      %w[inventoryfile concurrency format puppetdb].each do |key|
+        if data[key]
+          self[key.to_sym] = data[key]
         end
       end
-      if data['pcp']
-        if data['pcp']['service-url']
-          self[:transports][:pcp][:"service-url"] = data['pcp']['service-url']
-        end
-        if data['pcp']['cacert']
-          self[:transports][:pcp][:cacert] = data['pcp']['cacert']
-        end
-        if data['pcp']['token-file']
-          self[:transports][:pcp][:"token-file"] = data['pcp']['token-file']
-        end
-        if data['pcp']['task-environment']
-          self[:transports][:pcp][:"task-environment"] = data['pcp']['task-environment']
-        end
-      end
-      if data['local']
-        if data['local']['tmpdir']
-          self[:transports][:local][:tmpdir] = data['local']['tmpdir']
+      TRANSPORTS.each do |key, impl|
+        if data[key.to_s]
+          selected = data[key.to_s].select { |k| impl.options.include?(k) }
+          self[:transports][key].merge!(selected)
         end
       end
     end
@@ -198,23 +151,22 @@ module Bolt
         self[:log]['console'][:level] = :info
       end
-      TRANSPORT_OPTIONS.each do |key|
-        TRANSPORTS.each do |transport|
-          unless %i[ssl host_key_check task-environment].any? { |k| k == key }
-            self[:transports][transport][key] = options[key] if options[key]
-            next
-          end
-          if key == :ssl && transport == :winrm
-            # this defaults to true so we need to check the presence of the key
-            self[:transports][transport][key] = options[key] if options.key?(key)
-            next
-          elsif key == :host_key_check && transport == :ssh
-            # this defaults to true so we need to check the presence of the key
-            self[:transports][transport][key] = options[key] if options.key?(key)
-            next
+      TRANSPORTS.each_key do |transport|
+        transport = self[:transports][transport]
+        TRANSPORT_OPTIONS.each do |key|
+          if options[key]
+            transport[key.to_s] = Bolt::Util.walk_keys(options[key], &:to_s)
           end
         end
       end
+      if options.key?(:ssl) # this defaults to true so we need to check the presence of the key
+        self[:transports][:winrm]['ssl'] = options[:ssl]
+      end
+      if options.key?(:'host-key-check') # this defaults to true so we need to check the presence of the key
+        self[:transports][:ssh]['host-key-check'] = options[:'host-key-check']
+      end
     end
     def update_from_inventory(data)
@@ -223,19 +175,6 @@ module Bolt
       if data['transport']
         self[:transport] = data['transport']
       end
-      # Add options that aren't allowed in a config file, but are allowed in inventory
-      %w[user password port].each do |opt|
-        (TRANSPORTS - [:pcp]).each do |transport|
-          if data[transport.to_s] && data[transport.to_s][opt]
-            self[:transports][transport][opt.to_sym] = data[transport.to_s][opt]
-          end
-        end
-      end
-      if data['ssh'] && data['ssh']['sudo-password']
-        self[:transports][:ssh][:sudo_password] = data['ssh']['sudo-password']
-      end
     end
     def transport_conf
@@ -244,10 +183,6 @@ module Bolt
     end
     def validate
-      TRANSPORTS.each do |transport|
-        self[:transports][transport]
-      end
       self[:log].each_pair do |name, params|
         if params.key?(:level) && !Bolt::Logger.valid_level?(params[:level])
           raise Bolt::CLIError,
@@ -262,27 +197,8 @@ module Bolt
         raise Bolt::CLIError, "Unsupported format: '#{self[:format]}'"
       end
-      if self[:transports][:ssh][:sudo_password] && self[:transports][:ssh][:run_as].nil?
-        @logger.warn("--sudo-password will not be used without specifying a " \
-                     "user to escalate to with --run-as")
-      end
-      host_key = self[:transports][:ssh][:host_key_check]
-      unless !!host_key == host_key
-        raise Bolt::CLIError, 'host-key-check option must be a Boolean true or false'
-      end
-      ssl_flag = self[:transports][:winrm][:ssl]
-      unless !!ssl_flag == ssl_flag
-        raise Bolt::CLIError, 'ssl option must be a Boolean true or false'
-      end
-      self[:transports].each_value do |v|
-        timeout_value = v[:connect_timeout]
-        unless timeout_value.is_a?(Integer) || timeout_value.nil?
-          error_msg = "connect-timeout value must be an Integer, received #{timeout_value}:#{timeout_value.class}"
-          raise Bolt::CLIError, error_msg
-        end
+      TRANSPORTS.each do |transport, impl|
+        impl.validate(self[:transports][transport])
       end
     end
   end