bolt 1.30.1 → 1.31.0

data/lib/bolt/plugin/aws_inventory.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Bolt
+  class Plugin
+    class AwsInventory
+      attr_accessor :client
+      attr_reader :config
+
+      def initialize(config:, **_kwargs)
+        require 'aws-sdk-ec2'
+        @config = config
+        @logger = Logging.logger[self]
+      end
+
+      def name
+        'aws_inventory'
+      end
+
+      def hooks
+        [:resolve_reference]
+      end
+
+      def config_client(opts)
+        return client if client
+
+        options = {}
+
+        if opts.key?('region')
+          options[:region] = opts['region']
+        end
+        if opts.key?('profile')
+          options[:profile] = opts['profile']
+        end
+
+        if config['credentials']
+          creds = File.expand_path(config['credentials'])
+          if File.exist?(creds)
+            options[:credentials] = ::Aws::SharedCredentials.new(path: creds)
+          else
+            raise Bolt::ValidationError, "Cannot load credentials file #{config['credentials']}"
+          end
+        end
+
+        ::Aws::EC2::Client.new(options)
+      end
+
+      def resolve_reference(opts)
+        client = config_client(opts)
+        resource = ::Aws::EC2::Resource.new(client: client)
+
+        # Retrieve a list of EC2 instances and create a list of targets
+        # Note: It doesn't seem possible to filter stubbed responses...
+        resource.instances(filters: opts['filters']).map do |instance|
+          next unless instance.state.name == 'running'
+          target = {}
+
+          if opts.key?('uri')
+            uri = lookup(instance, opts['uri'])
+            target['uri'] = uri if uri
+          end
+          if opts.key?('name')
+            real_name = lookup(instance, opts['name'])
+            target['name'] = real_name if real_name
+          end
+          if opts.key?('config')
+            target['config'] = resolve_config(instance, opts['config'])
+          end
+
+          target if target['uri'] || target['name']
+        end.compact
+      end
+
+      # Look for an instance attribute specified in the inventory file
+      def lookup(instance, attribute)
+        value = instance.data.respond_to?(attribute) ? instance.data[attribute] : nil
+        unless value
+          warn_missing_attribute(instance, attribute)
+        end
+        value
+      end
+
+      def warn_missing_attribute(instance, attribute)
+        @logger.warn("Could not find attribute #{attribute} of instance #{instance.instance_id}")
+      end
+
+      # Walk the "template" config mapping provided in the plugin config and
+      # replace all values with the corresponding value from the resource
+      # parameters.
+      def resolve_config(name, config_template)
+        Bolt::Util.walk_vals(config_template) do |value|
+          if value.is_a?(String)
+            lookup(name, value)
+          else
+            value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bolt/plugin/install_agent.rb

@@ -4,13 +4,15 @@ module Bolt
   class Plugin
     class InstallAgent
       def hooks
-        %w[puppet_library]
+        %i[puppet_library]
       end
 
       def name
         'install_agent'
       end
 
+      def initialize(*args); end
+
       def puppet_library(_opts, target, apply_prep)
         install_task = apply_prep.get_task("puppet_agent::install")
         service_task = apply_prep.get_task("service", 'action' => 'stop', 'name' => 'puppet')

data/lib/bolt/plugin/module.rb

@@ -0,0 +1,238 @@
+# frozen_string_literal: true
+
+require 'bolt/task/run'
+
+module Bolt
+  class Plugin
+    class Module
+      class InvalidPluginData < Bolt::Plugin::PluginError
+        def initialize(plugin, msg)
+          msg = "Invalid Plugin Data for #{plugin}: #{msg}"
+          super(msg, 'bolt/invalid-plugin-data')
+        end
+      end
+
+      def self.load(name, modules, opts)
+        mod = modules[name]
+        if mod&.plugin?
+          opts[:mod] = mod
+          plugin = Bolt::Plugin::Module.new(opts)
+          plugin.setup
+          plugin
+        else
+          raise PluginError::Unknown, name
+        end
+      end
+
+      attr_reader :config
+
+      def initialize(mod:, context:, config:, **_opts)
+        @module = mod
+        @config = config
+        @context = context
+      end
+
+      # This method interacts with the module on disk so it's separate from initialize
+      def setup
+        @data = load_data
+        @config_schema = process_schema(@data['config'] || {})
+
+        @hook_map = find_hooks(@data['hooks'] || {})
+
+        validate_config(@config, @config_schema)
+      end
+
+      def name
+        @module.name
+      end
+
+      def hooks
+        (@hook_map.keys + [:validate_resolve_reference]).uniq
+      end
+
+      def config?
+        @data.include?('config') && !@data['config'].empty?
+      end
+
+      def load_data
+        JSON.parse(File.read(@module.plugin_data_file))
+      rescue JSON::ParserError => e
+        raise InvalidPluginData.new(e.message, name)
+      end
+
+      def process_schema(schema)
+        raise InvalidPluginData.new('config specification is not an object', name) unless schema.is_a?(Hash)
+        schema.each do |key, val|
+          unless key =~ /\A[a-z][a-z0-9_]*\z/
+            raise InvalidPluginData.new("config specification key, '#{key}',  is not allowed", name)
+          end
+
+          unless val.is_a?(Hash) && (val['type'] || '').is_a?(String)
+            raise InvalidPluginData.new("config specification #{val.to_json} is not allowed", name)
+          end
+
+          type_string = val['type'] || 'Any'
+          begin
+            val['pcore_type'] = Puppet::Pops::Types::TypeParser.singleton.parse(type_string)
+            if val['pcore_type'].is_a? Puppet::Pops::Types::PTypeReferenceType
+              raise InvalidPluginData.new("Could not find type '#{type_string}' for #{key}", name)
+            end
+          rescue Puppet::ParseError
+            raise InvalidPluginData.new("Could not parse type '#{type_string}' for #{key}", name)
+          end
+        end
+
+        schema
+      end
+
+      def validate_config(config, config_schema)
+        config.keys.each do |key|
+          msg = "Config for #{name} plugin contains unexpected key #{key}"
+          raise Bolt::ValidationError, msg unless config_schema.include?(key)
+        end
+
+        config_schema.each do |key, spec|
+          val = config[key]
+
+          unless spec['pcore_type'].instance?(val)
+            raise Bolt::ValidationError, "#{name} plugin expects a #{spec['type']} for key #{key}, got: #{val}"
+          end
+          val.nil?
+        end
+        nil
+      end
+
+      def find_hooks(hook_data)
+        raise InvalidPluginData.new("'hooks' must be a hash", name) unless hook_data.is_a?(Hash)
+
+        hooks = {}
+        # Load hooks specified in the config
+        hook_data.each do |hook_name, hook_spec|
+          unless hook_spec.is_a?(Hash) && hook_spec['task'].is_a?(String)
+            msg = "Unexpected hook specification #{hook_spec.to_json} in #{@name} for hook #{hook_name}"
+            raise InvalidPluginData.new(msg, name)
+          end
+
+          begin
+            task = @context.get_validated_task(hook_spec['task'])
+          rescue Bolt::Error => e
+            msg = if e.kind == 'bolt/unknown-task'
+                    "Plugin #{name} specified an unkown task '#{hook_spec['task']}' for a hook"
+                  else
+                    "Plugin #{name} could not load task '#{hook_spec['task']}': #{e.message}"
+                  end
+            raise InvalidPluginData.new(msg, name)
+          end
+
+          hooks[hook_name.to_sym] = { 'task' => task }
+        end
+
+        # Check for tasks for any hooks not already defined
+        (Set.new(KNOWN_HOOKS.map) - hooks.keys).each do |hook_name|
+          task_name = "#{name}::#{hook_name}"
+          begin
+            task = @context.get_validated_task(task_name)
+          rescue Bolt::Error => e
+            raise e unless e.kind == 'bolt/unknown-task'
+          end
+          hooks[hook_name] = { 'task' => task } if task
+        end
+
+        Bolt::Util.symbolize_top_level_keys(hooks)
+      end
+
+      def validate_params(task, params)
+        @context.validate_params(task.name, params)
+      end
+
+      def process_params(task, opts)
+        # opts are passed directly from inventory but all of the _ options are
+        # handled previously. That may not always be the case so filter them
+        # out now.
+        _meta, params = opts.partition { |key, _val| key.start_with?('_') }.map(&:to_h)
+
+        metaparams = {}
+        metaparams['_config'] = config if config?
+        metaparams['_boltdir'] = @context.boltdir
+
+        validate_params(task, params)
+        [params, metaparams]
+      end
+
+      def run_task(task, opts)
+        params, metaparams = process_params(task, opts)
+        params = params.merge(metaparams)
+
+        # There are no executor options to pass now.
+        options = { "_catch_errors" => true }
+
+        result = @context.run_local_task(task,
+                                         params,
+                                         options).first
+
+        raise Bolt::Error.new(result.error_hash['msg'], result.error_hash['kind']) unless result.ok
+        result.value
+      end
+
+      def run_hook(hook_name, opts, value = true)
+        hook = @hook_map[hook_name]
+        # This shouldn't happen if the Plugin api is used
+        raise PluginError::UnsupportedHook.new(name, hook_name) unless hook
+        result = run_task(hook['task'], opts)
+
+        if value
+          unless result.include?('value')
+            msg = "Plugin #{name} result did not include a value, got #{result}"
+            raise Bolt::Plugin::PluginError::ExecutionError.new(msg, name, hook_name)
+          end
+
+          result['value']
+        end
+      end
+
+      def validate_resolve_reference(opts)
+        params = opts.reject { |k, _v| k.start_with?('_') }
+        sig = @hook_map[:resolve_reference]['task']
+        if sig
+          validate_params(sig, params)
+        end
+
+        if @hook_map.include?(:validate_resolve_reference)
+          run_hook(:validate_resolve_reference, opts, false)
+        end
+      end
+
+      # These are all the same but are defined explicitly for clarity
+      def resolve_reference(opts)
+        run_hook(__method__, opts)
+      end
+
+      def secret_encrypt(opts)
+        run_hook(__method__, opts)
+      end
+
+      def secret_decrypt(opts)
+        run_hook(__method__, opts)
+      end
+
+      def secret_createkeys(opts = {})
+        run_hook(__method__, opts)
+      end
+
+      def puppet_library(opts, target, apply_prep)
+        tasksig = @hook_map[:puppet_library]
+
+        # this also validates
+        params, meta_params = process_params(tasksig, opts)
+
+        # our metaparams are meant for the task not the executor
+        params = params.merge(meta_params)
+        task = Bolt::Task.new(tasksig)
+
+        proc do
+          apply_prep.run_task([target], task, params).first
+        end
+      end
+    end
+  end
+end

data/lib/bolt/plugin/pkcs7.rb

@@ -6,7 +6,7 @@ require 'fileutils'
 module Bolt
   class Plugin
     class Pkcs7 < Bolt::Secret::Base
-      def self.validate_config(config)
+      def self.validate_config(config = {})
         known_keys = %w[private-key public-key keysize]
         known_keys.each do |key|
           unless key.is_a? String
@@ -25,17 +25,21 @@ module Bolt
         'pkcs7'
       end
 
-      def initialize(boltdir, options)
-        self.class.validate_config(options)
+      def initialize(config:, context:, **_opts)
+        self.class.validate_config(config)
         require 'openssl'
-        @boltdir = boltdir
-        @options = options || {}
+        @context = context
+        @options = config || {}
         @logger = Logging.logger[self]
       end
 
+      def boltdir
+        @context.boltdir
+      end
+
       def private_key_path
         path = @options['private-key'] || 'keys/private_key.pkcs7.pem'
-        path = File.absolute_path(path, @boltdir)
+        path = File.absolute_path(path, boltdir)
         @logger.debug("Using private-key: #{path}")
         path
       end
@@ -46,7 +50,7 @@ module Bolt
 
       def public_key_path
         path = @options['public-key'] || 'keys/public_key.pkcs7.pem'
-        path = File.absolute_path(path, @boltdir)
+        path = File.absolute_path(path, boltdir)
         @logger.debug("Using public-key: #{path}")
         path
       end

data/lib/bolt/plugin/prompt.rb

@@ -4,24 +4,21 @@ require 'concurrent/delay'
 module Bolt
   class Plugin
     class Prompt
-      def initialize
-        # Might not need this
-        @logger = Logging.logger[self]
-      end
+      def initialize(*_args); end
 
       def name
         'prompt'
       end
 
       def hooks
-        ['inventory_config']
+        [:resolve_reference]
       end
 
-      def validate_inventory_config(opts)
+      def validate_resolve_reference(opts)
         raise Bolt::ValidationError, "Prompt requires a 'message'" unless opts['message']
       end
 
-      def inventory_config(opts)
+      def resolve_reference(opts)
         STDOUT.print "#{opts['message']}:"
         value = STDIN.noecho(&:gets).chomp
         STDOUT.puts

data/lib/bolt/plugin/puppetdb.rb

@@ -23,7 +23,7 @@ module Bolt
       end
 
       def hooks
-        ['inventory_targets']
+        [:resolve_reference]
       end
 
       def warn_missing_fact(certname, fact)
@@ -41,7 +41,7 @@ module Bolt
         end
       end
 
-      def inventory_targets(opts)
+      def resolve_reference(opts)
         targets = @puppetdb_client.query_certnames(opts['query'])
         facts = []