bolt 1.15.0 → 1.16.0

data/lib/bolt/transport/local_windows.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'fileutils'
+require 'open3'
+require 'tmpdir'
+require 'bolt/node/output'
+require 'bolt/transport/base'
+require 'bolt/transport/powershell'
+require 'bolt/util'
+
+module Bolt
+  module Transport
+    class LocalWindows < Base
+      def self.options
+        %w[tmpdir interpreters run-as run-as-command sudo-password]
+      end
+
+      def provided_features
+        ['powershell']
+      end
+
+      def default_input_method(executable)
+        input_method ||= Powershell.powershell_file?(executable) ? 'powershell' : 'both'
+        input_method
+      end
+
+      def self.validate(options)
+        logger = Logging.logger[self]
+        if options['sudo-password'] || options['run-as'] || options['run-as-command'] || options['_run_as']
+          logger.warn("run-as is not supported for Windows hosts using the local transport")
+        end
+      end
+
+      def in_tmpdir(base)
+        args = base ? [nil, base] : []
+        dir = begin
+                Dir.mktmpdir(*args)
+              rescue StandardError => e
+                raise Bolt::Node::FileError.new("Could not make tempdir: #{e.message}", 'TEMPDIR_ERROR')
+              end
+
+        yield dir
+      ensure
+        FileUtils.remove_entry dir if dir
+      end
+      private :in_tmpdir
+
+      def copy_file(source, destination)
+        FileUtils.cp_r(source, destination, remove_destination: true)
+      rescue StandardError => e
+        raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
+      end
+
+      def with_tmpscript(script, base)
+        in_tmpdir(base) do |dir|
+          dest = File.join(dir, File.basename(script))
+          copy_file(script, dest)
+          File.chmod(0o750, dest)
+          yield dest, dir
+        end
+      end
+      private :with_tmpscript
+
+      def execute(*command, options)
+        command.unshift(options[:interpreter]) if options[:interpreter]
+        command = [options[:env]] + command if options[:env]
+
+        if options[:stdin]
+          stdout, stderr, rc = Open3.capture3(*command, stdin_data: options[:stdin], chdir: options[:dir])
+        else
+          stdout, stderr, rc = Open3.capture3(*command, chdir: options[:dir])
+        end
+
+        result_output = Bolt::Node::Output.new
+        result_output.stdout << stdout unless stdout.nil?
+        result_output.stderr << stderr unless stderr.nil?
+        result_output.exit_code = rc.exitstatus
+        result_output
+      end
+
+      def upload(target, source, destination, options = {})
+        self.class.validate(options)
+        copy_file(source, destination)
+        Bolt::Result.for_upload(target, source, destination)
+      end
+
+      def run_command(target, command, options = {})
+        self.class.validate(options)
+        in_tmpdir(target.options['tmpdir']) do |dir|
+          output = execute(command, dir: dir)
+          Bolt::Result.for_command(target,
+                                   output.stdout.string,
+                                   output.stderr.string,
+                                   output.exit_code,
+                                   'command', command)
+        end
+      end
+
+      def run_script(target, script, arguments, options = {})
+        self.class.validate(options)
+        with_tmpscript(File.absolute_path(script), target.options['tmpdir']) do |file, dir|
+          logger.debug "Running '#{file}' with #{arguments}"
+
+          # unpack any Sensitive data AFTER we log
+          arguments = unwrap_sensitive_args(arguments)
+          if Powershell.powershell_file?(file)
+            command = Powershell.run_script(arguments, file)
+            output = execute(command, dir: dir, env: "powershell.exe")
+          else
+            path, args = *Powershell.process_from_extension(file)
+            args += Powershell.escape_arguments(arguments)
+            command = args.unshift(path).join(' ')
+            output = execute(command, dir: dir)
+          end
+          Bolt::Result.for_command(target,
+                                   output.stdout.string,
+                                   output.stderr.string,
+                                   output.exit_code,
+                                   'script', script)
+        end
+      end
+
+      def run_task(target, task, arguments, options = {})
+        self.class.validate(options)
+        implementation = select_implementation(target, task)
+        executable = implementation['path']
+        input_method = implementation['input_method']
+        extra_files = implementation['files']
+
+        in_tmpdir(target.options['tmpdir']) do |dir|
+          if extra_files.empty?
+            script = File.join(dir, File.basename(executable))
+          else
+            arguments['_installdir'] = dir
+            script_dest = File.join(dir, task.tasks_dir)
+            FileUtils.mkdir_p([script_dest] + extra_files.map { |file| File.join(dir, File.dirname(file['name'])) })
+
+            script = File.join(script_dest, File.basename(executable))
+            extra_files.each do |file|
+              dest = File.join(dir, file['name'])
+              copy_file(file['path'], dest)
+              File.chmod(0o750, dest)
+            end
+          end
+
+          copy_file(executable, script)
+          File.chmod(0o750, script)
+
+          interpreter = select_interpreter(script, target.options['interpreters'])
+          interpreter_debug = interpreter ? " using '#{interpreter}' interpreter" : nil
+          # log the arguments with sensitive data redacted, do NOT log unwrapped_arguments
+          logger.debug("Running '#{script}' with #{arguments}#{interpreter_debug}")
+          unwrapped_arguments = unwrap_sensitive_args(arguments)
+
+          stdin = STDIN_METHODS.include?(input_method) ? JSON.dump(unwrapped_arguments) : nil
+          if ENVIRONMENT_METHODS.include?(input_method)
+            environment_params = envify_params(unwrapped_arguments).each_with_object([]) do |(arg, val), list|
+              list << Powershell.set_env(arg, val)
+            end
+            environment_params = environment_params.join("\n") + "\n"
+          else
+            environment_params = ""
+          end
+
+          if Powershell.powershell_file?(script) && stdin.nil?
+            command = Powershell.run_ps_task(arguments, script, input_method)
+            command = environment_params + Powershell.shell_init + command
+            interpreter ||= 'powershell.exe'
+            output =
+              if input_method == 'powershell'
+                execute(command, dir: dir, interpreter: interpreter)
+              else
+                execute(command, dir: dir, stdin: stdin, interpreter: interpreter)
+              end
+          end
+          unless output
+            if interpreter
+              env = ENVIRONMENT_METHODS.include?(input_method) ? envify_params(unwrapped_arguments) : nil
+              output = execute(script, stdin: stdin, env: env, dir: dir, interpreter: interpreter)
+            else
+              path, args = *Powershell.process_from_extension(script)
+              command = args.unshift(path).join(' ')
+              command = environment_params + Powershell.shell_init + command
+              output = execute(command, dir: dir, stdin: stdin, interpreter: 'powershell.exe')
+            end
+          end
+          Bolt::Result.for_task(target,
+                                output.stdout.string,
+                                output.stderr.string,
+                                output.exit_code,
+                                task.name)
+        end
+      end
+
+      def connected?(_targets)
+        true
+      end
+    end
+  end
+end
+
+require 'bolt/transport/local/shell'

data/lib/bolt/transport/orch.rb

@@ -3,9 +3,7 @@
 require 'base64'
 require 'find'
 require 'json'
-require 'minitar'
 require 'pathname'
-require 'zlib'
 require 'bolt/transport/base'
 require 'bolt/transport/orch/connection'
 
@@ -24,7 +22,7 @@ module Bolt
       attr_writer :plan_context
 
       def self.options
-        %w[service-url cacert token-file task-environment]
+        %w[host service-url cacert token-file task-environment]
       end
 
       def self.default_options
@@ -68,7 +66,7 @@ module Bolt
       end
 
       def process_run_results(targets, results, task_name)
-        targets_by_name = Hash[targets.map(&:host).zip(targets)]
+        targets_by_name = Hash[targets.map { |t| t.host || t.name }.zip(targets)]
         results.map do |node_result|
           target = targets_by_name[node_result['name']]
           state = node_result['state']
@@ -128,6 +126,10 @@ module Bolt
       end
 
       def pack(directory)
+        # lazy-load expensive gem code
+        require 'minitar'
+        require 'zlib'
+
         start_time = Time.now
         io = StringIO.new
         output = Minitar::Output.new(Zlib::GzipWriter.new(io))

data/lib/bolt/transport/orch/connection.rb

@@ -58,13 +58,17 @@ module Bolt
           end
         end
 
+        def get_certnames(targets)
+          targets.map { |t| t.host || t.name }
+        end
+
         def build_request(targets, task, arguments, description = nil)
           body = { task: task.name,
                    environment: @environment,
                    noop: arguments['_noop'],
                    params: arguments.reject { |k, _| k.start_with?('_') },
                    scope: {
-                     nodes: targets.map(&:host)
+                     nodes: get_certnames(targets)
                    } }
           body[:description] = description if description
           body[:plan_job] = @plan_job if @plan_job
@@ -77,7 +81,7 @@ module Bolt
         end
 
         def query_inventory(targets)
-          @client.post('inventory', nodes: targets.map(&:host))
+          @client.post('inventory', nodes: get_certnames(targets))
         end
       end
     end

data/lib/bolt/transport/ssh.rb

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
 
 require 'bolt/node/errors'
-require 'bolt/transport/base'
+require 'bolt/transport/sudoable'
 require 'json'
 require 'shellwords'
 
 module Bolt
   module Transport
-    class SSH < Base
+    class SSH < Sudoable
       def self.options
-        %w[port user password sudo-password private-key host-key-check
+        %w[host port user password sudo-password private-key host-key-check
            connect-timeout tmpdir run-as tty run-as-command proxyjump interpreters]
       end
 
@@ -17,7 +17,8 @@ module Bolt
         {
           'connect-timeout' => 10,
           'host-key-check' => true,
-          'tty' => false
+          'tty' => false,
+          'load-config' => true
         }
       end
 
@@ -27,11 +28,7 @@ module Bolt
 
       def self.validate(options)
         logger = Logging.logger[self]
-
-        if options['sudo-password'] && options['run-as'].nil?
-          logger.warn("--sudo-password will not be used without specifying a " \
-                       "user to escalate to with --run-as")
-        end
+        validate_sudo_options(options, logger)
 
         host_key = options['host-key-check']
         unless !!host_key == host_key
@@ -50,11 +47,6 @@ module Bolt
           error_msg = "connect-timeout value must be an Integer, received #{timeout_value}:#{timeout_value.class}"
           raise Bolt::ValidationError, error_msg
         end
-
-        run_as_cmd = options['run-as-command']
-        if run_as_cmd && (!run_as_cmd.is_a?(Array) || run_as_cmd.any? { |n| !n.is_a?(String) })
-          raise Bolt::ValidationError, "run-as-command must be an Array of Strings, received #{run_as_cmd}"
-        end
       end
 
       def initialize
@@ -72,147 +64,15 @@ module Bolt
         @transport_logger.level = :warn
       end
 
-      def with_connection(target, load_config = true)
-        conn = Connection.new(target, @transport_logger, load_config)
+      def with_connection(target)
+        conn = Connection.new(target, @transport_logger)
         conn.connect
         yield conn
       ensure
         begin
           conn&.disconnect
-        rescue StandardError => ex
-          logger.info("Failed to close connection to #{target.uri} : #{ex.message}")
-        end
-      end
-
-      def upload(target, source, destination, options = {})
-        with_connection(target) do |conn|
-          conn.running_as(options['_run_as']) do
-            conn.with_remote_tempdir do |dir|
-              basename = File.basename(destination)
-              tmpfile = "#{dir}/#{basename}"
-              conn.write_remote_file(source, tmpfile)
-              # pass over file ownership if we're using run-as to be a different user
-              dir.chown(conn.run_as)
-              result = conn.execute(['mv', tmpfile, destination], sudoable: true)
-              if result.exit_code != 0
-                message = "Could not move temporary file '#{tmpfile}' to #{destination}: #{result.stderr.string}"
-                raise Bolt::Node::FileError.new(message, 'MV_ERROR')
-              end
-            end
-            Bolt::Result.for_upload(target, source, destination)
-          end
-        end
-      end
-
-      def run_command(target, command, options = {})
-        with_connection(target) do |conn|
-          conn.running_as(options['_run_as']) do
-            output = conn.execute(command, sudoable: true)
-            Bolt::Result.for_command(target,
-                                     output.stdout.string,
-                                     output.stderr.string,
-                                     output.exit_code,
-                                     'command', command)
-          end
-        end
-      end
-
-      def run_script(target, script, arguments, options = {})
-        # unpack any Sensitive data
-        arguments = unwrap_sensitive_args(arguments)
-
-        with_connection(target) do |conn|
-          conn.running_as(options['_run_as']) do
-            conn.with_remote_tempdir do |dir|
-              remote_path = conn.write_remote_executable(dir, script)
-              dir.chown(conn.run_as)
-              output = conn.execute([remote_path, *arguments], sudoable: true)
-              Bolt::Result.for_command(target,
-                                       output.stdout.string,
-                                       output.stderr.string,
-                                       output.exit_code,
-                                       'script', script)
-            end
-          end
-        end
-      end
-
-      def run_task(target, task, arguments, options = {})
-        implementation = select_implementation(target, task)
-        executable = implementation['path']
-        input_method = implementation['input_method']
-        extra_files = implementation['files']
-
-        # unpack any Sensitive data
-        arguments = unwrap_sensitive_args(arguments)
-        with_connection(target, options.fetch('_load_config', true)) do |conn|
-          conn.running_as(options['_run_as']) do
-            stdin, output = nil
-            command = []
-            execute_options = {}
-            execute_options[:interpreter] = select_interpreter(executable, target.options['interpreters'])
-
-            conn.with_remote_tempdir do |dir|
-              if extra_files.empty?
-                task_dir = dir
-              else
-                # TODO: optimize upload of directories
-                arguments['_installdir'] = dir.to_s
-                task_dir = File.join(dir.to_s, task.tasks_dir)
-                dir.mkdirs([task.tasks_dir] + extra_files.map { |file| File.dirname(file['name']) })
-                extra_files.each do |file|
-                  conn.write_remote_file(file['path'], File.join(dir.to_s, file['name']))
-                end
-              end
-
-              remote_task_path = conn.write_remote_executable(task_dir, executable)
-
-              if STDIN_METHODS.include?(input_method)
-                stdin = JSON.dump(arguments)
-              end
-
-              if ENVIRONMENT_METHODS.include?(input_method)
-                execute_options[:environment] = envify_params(arguments)
-              end
-
-              if conn.run_as && stdin
-                # Inject interpreter in to wrapper script and remove from execute options
-                wrapper = make_wrapper_stringio(remote_task_path, stdin, execute_options[:interpreter])
-                execute_options.delete(:interpreter)
-                remote_wrapper_path = conn.write_remote_executable(dir, wrapper, 'wrapper.sh')
-                command << remote_wrapper_path
-              else
-                command << remote_task_path
-                execute_options[:stdin] = stdin
-              end
-              dir.chown(conn.run_as)
-
-              execute_options[:sudoable] = true if conn.run_as
-              output = conn.execute(command, execute_options)
-            end
-            Bolt::Result.for_task(target, output.stdout.string,
-                                  output.stderr.string,
-                                  output.exit_code,
-                                  task.name)
-          end
-        end
-      end
-
-      def make_wrapper_stringio(task_path, stdin, interpreter = nil)
-        if interpreter
-          StringIO.new(<<-SCRIPT)
-#!/bin/sh
-'#{interpreter}' '#{task_path}' <<'EOF'
-#{stdin}
-EOF
-SCRIPT
-        else
-          StringIO.new(<<-SCRIPT)
-#!/bin/sh
-'#{task_path}' <<'EOF'
-#{stdin}
-EOF
-SCRIPT
+        rescue StandardError => e
+          logger.info("Failed to close connection to #{target.uri} : #{e.message}")
         end
       end