bolt 2.11.1 → 2.16.0

data/lib/bolt/outputter.rb

@@ -8,6 +8,8 @@ module Bolt
         Bolt::Outputter::Human.new(color, verbose, trace)
       when 'json'
         Bolt::Outputter::JSON.new(color, verbose, trace)
+      when 'rainbow'
+        Bolt::Outputter::Rainbow.new(color, verbose, trace)
       when nil
         raise "Cannot use outputter before parsing."
       end
@@ -24,4 +26,5 @@ end
 
 require 'bolt/outputter/human'
 require 'bolt/outputter/json'
+require 'bolt/outputter/rainbow'
 require 'bolt/outputter/logger'

data/lib/bolt/outputter/rainbow.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'bolt/pal'
+require 'paint'
+
+module Bolt
+  class Outputter
+    class Rainbow < Bolt::Outputter::Human
+      def initialize(color, verbose, trace, stream = $stdout)
+        super
+        @line_color = 0
+        @color = 0
+        @state = :normal
+      end
+
+      # The algorithm is from lolcat (https://github.com/busyloop/lolcat)
+      # lolcat is released with WTFPL
+      def rainbow
+        red = Math.sin(0.3 * @color + 0) * 127 + 128
+        green = Math.sin(0.3 * @color + 2 * Math::PI / 3) * 127 + 128
+        blue  = Math.sin(0.3 * @color + 4 * Math::PI / 3) * 127 + 128
+        @color += 1 / 8.0
+        format("%<red>02X%<green>02X%<blue>02X", red: red, green: green, blue: blue)
+      end
+
+      def colorize(color, string)
+        if @color && @stream.isatty
+          if %i[green rainbow].include?(color)
+            a = string.chars.map do |c|
+              case @state
+              when :normal
+                if c == "\e"
+                  @state = :ansi
+                elsif c == "\n"
+                  @line_color += 1
+                  @color = @line_color
+                  c
+                else
+                  Paint[c, rainbow]
+                end
+              when :ansi
+                @state = :normal if c == 'm'
+              end
+            end
+            a.join('')
+          else
+            "\033[#{COLORS[color]}m#{string}\033[0m"
+          end
+        else
+          string
+        end
+      end
+
+      def print_summary(results, elapsed_time = nil)
+        ok_set = results.ok_set
+        unless ok_set.empty?
+          @stream.puts colorize(:rainbow, format('Successful on %<size>d target%<plural>s: %<names>s',
+                                                 size: ok_set.size,
+                                                 plural: ok_set.size == 1 ? '' : 's',
+                                                 names: ok_set.targets.map(&:safe_name).join(',')))
+        end
+
+        error_set = results.error_set
+        unless error_set.empty?
+          @stream.puts colorize(:red,
+                                format('Failed on %<size>d target%<plural>s: %<names>s',
+                                       size: error_set.size,
+                                       plural: error_set.size == 1 ? '' : 's',
+                                       names: error_set.targets.map(&:safe_name).join(',')))
+        end
+
+        total_msg = format('Ran on %<size>d target%<plural>s',
+                           size: results.size,
+                           plural: results.size == 1 ? '' : 's')
+        total_msg << " in #{duration_to_string(elapsed_time)}" unless elapsed_time.nil?
+        @stream.puts colorize(:rainbow, total_msg)
+      end
+    end
+  end
+end

data/lib/bolt/pal.rb

@@ -137,7 +137,9 @@ module Bolt
       # TODO: If we always call this inside a bolt_executor we can remove this here
       setup
       r = Puppet::Pal.in_tmp_environment('bolt', modulepath: @modulepath, facts: {}) do |pal|
-        Puppet.override(bolt_project: @project,
+        # Only load the project if it a) exists, b) has a name it can be loaded with
+        bolt_project = @project if @project&.name
+        Puppet.override(bolt_project: bolt_project,
                         yaml_plan_instantiator: Bolt::PAL::YamlPlan::Loader) do
           pal.with_script_compiler do |compiler|
             alias_types(compiler)
@@ -190,6 +192,7 @@ module Bolt
           # versions of "core" types, which are already present on the agent,
           # but may cause issues on Puppet 5 agents.
           @original_modulepath,
+          @project,
           pdb_client,
           @hiera_config,
           @max_compiles,
@@ -359,6 +362,7 @@ module Bolt
           name = param.name
           if signature_params.include?(name)
             params[name] = { 'type' => param.types.first }
+            params[name]['sensitive'] = param.types.first =~ /\ASensitive(\[.*\])?\z/ ? true : false
             params[name]['default_value'] = defaults[name] if defaults.key?(name)
             params[name]['description'] = param.text unless param.text.empty?
           else
@@ -390,6 +394,7 @@ module Bolt
                        param.type_expr
                      end
           params[name] = { 'type' => type_str }
+          params[name]['sensitive'] = param.type_expr.instance_of?(Puppet::Pops::Types::PSensitiveType)
           params[name]['default_value'] = param.value
           params[name]['description'] = param.description if param.description
         end

data/lib/bolt/project.rb

@@ -2,21 +2,27 @@
 
 require 'pathname'
 require 'bolt/pal'
+require 'bolt/config'
 
 module Bolt
   class Project
     BOLTDIR_NAME = 'Boltdir'
     PROJECT_SETTINGS = {
       "name"  => "The name of the project",
-      "plans" => "An array of plan names to whitelist. Whitelisted plans are included in `bolt plan show` output",
-      "tasks" => "An array of task names to whitelist. Whitelisted plans are included in `bolt task show` output"
+      "plans" => "An array of plan names to show, if they exist in the project."\
+                 "These plans are included in `bolt plan show` output",
+      "tasks" => "An array of task names to show, if they exist in the project."\
+                 "These tasks are included in `bolt task show` output"
     }.freeze
 
-    attr_reader :path, :config_file, :inventory_file, :modulepath, :hiera_config,
-                :puppetfile, :rerunfile, :type, :resource_types
+    attr_reader :path, :data, :config_file, :inventory_file, :modulepath, :hiera_config,
+                :puppetfile, :rerunfile, :type, :resource_types, :warnings, :project_file
 
     def self.default_project
-      Project.new(File.join('~', '.puppetlabs', 'bolt'), 'user')
+      create_project(File.expand_path(File.join('~', '.puppetlabs', 'bolt')), 'user')
+    # If homedir isn't defined use the system config path
+    rescue ArgumentError
+      create_project(Bolt::Config.system_path, 'system')
     end
 
     # Search recursively up the directory hierarchy for the Project. Look for a
@@ -26,9 +32,9 @@ module Bolt
     def self.find_boltdir(dir)
       dir = Pathname.new(dir)
       if (dir + BOLTDIR_NAME).directory?
-        new(dir + BOLTDIR_NAME, 'embedded')
+        create_project(dir + BOLTDIR_NAME, 'embedded')
       elsif (dir + 'bolt.yaml').file? || (dir + 'bolt-project.yaml').file?
-        new(dir, 'local')
+        create_project(dir, 'local')
       elsif dir.root?
         default_project
       else
@@ -36,9 +42,25 @@ module Bolt
       end
     end
 
-    def initialize(path, type = 'option')
+    def self.create_project(path, type = 'option')
+      fullpath = Pathname.new(path).expand_path
+      project_file = File.join(fullpath, 'bolt-project.yaml')
+      data = Bolt::Util.read_optional_yaml_hash(File.expand_path(project_file), 'project')
+      new(data, path, type)
+    end
+
+    def initialize(raw_data, path, type = 'option')
       @path = Pathname.new(path).expand_path
-      @config_file = @path + 'bolt.yaml'
+      @project_file = @path + 'bolt-project.yaml'
+
+      @warnings = []
+      if (@path + 'bolt.yaml').file? && project_file?
+        msg = "Project-level configuration in bolt.yaml is deprecated if using bolt-project.yaml. "\
+          "Transport config should be set in inventory.yaml, all other config should be set in "\
+          "bolt-project.yaml."
+        @warnings << { msg: msg }
+      end
+
       @inventory_file = @path + 'inventory.yaml'
       @modulepath = [(@path + 'modules').to_s, (@path + 'site-modules').to_s, (@path + 'site').to_s]
       @hiera_config = @path + 'hiera.yaml'
@@ -47,9 +69,26 @@ module Bolt
       @resource_types = @path + '.resource_types'
       @type = type
 
-      @project_file = @path + 'bolt-project.yaml'
-      @data = Bolt::Util.read_optional_yaml_hash(File.expand_path(@project_file), 'project') || {}
-      validate if load_as_module?
+      tc = Bolt::Config::INVENTORY_OPTIONS.keys & raw_data.keys
+      if tc.any?
+        msg = "Transport configuration isn't supported in bolt-project.yaml. Ignoring keys #{tc}"
+        @warnings << { msg: msg }
+      end
+
+      @data = raw_data.reject { |k, _| Bolt::Config::INVENTORY_OPTIONS.include?(k) }
+
+      # Once bolt.yaml deprecation is removed, this attribute should be removed
+      # and replaced with .project_file in lib/bolt/config.rb
+      @config_file = if (Bolt::Config::BOLT_OPTIONS & @data.keys).any?
+                       if (@path + 'bolt.yaml').file?
+                         msg = "bolt-project.yaml contains valid config keys, bolt.yaml will be ignored"
+                         @warnings << { msg: msg }
+                       end
+                       @project_file
+                     else
+                       @path + 'bolt.yaml'
+                     end
+      validate if project_file?
     end
 
     def to_s
@@ -67,15 +106,12 @@ module Bolt
     end
     alias == eql?
 
-    def load_as_module?
+    def project_file?
       @project_file.file?
     end
 
     def name
-      # If the project is in mymod/Boltdir/bolt-project.yaml, use mymod as the project name
-      dirname = @path.basename.to_s == 'Boltdir' ? @path.parent.basename.to_s : @path.basename.to_s
-      pname = @data['name'] || dirname
-      pname.include?('-') ? pname.split('-', 2)[1] : pname
+      @data['name']
     end
 
     def tasks
@@ -86,36 +122,20 @@ module Bolt
       @data['plans']
     end
 
-    def project_directory_name?(name)
-      # it must match an installed project name according to forge validator
-      name =~ /^[a-z][a-z0-9_]*$/
-    end
-
-    def project_namespaced_name?(name)
-      # it must match the full project name according to forge validator
-      name =~ /^[a-zA-Z0-9]+[-][a-z][a-z0-9_]*$/
-    end
-
     def validate
-      n = @data['name']
-      if n && !project_directory_name?(n) && !project_namespaced_name?(n)
-        raise Bolt::ValidationError, <<~ERROR_STRING
-        Invalid project name '#{n}' in bolt-project.yaml; project names must match either:
-        An installed project name (ex. projectname) matching the expression /^[a-z][a-z0-9_]*$/ -or-
-        A namespaced project name (ex. author-projectname) matching the expression /^[a-zA-Z0-9]+[-][a-z][a-z0-9_]*$/
-        ERROR_STRING
-      elsif !project_directory_name?(name) && !project_namespaced_name?(name)
-        raise Bolt::ValidationError, <<~ERROR_STRING
-        Invalid project name '#{name}'; project names must match either:
-        A project name (ex. projectname) matching the expression /^[a-z][a-z0-9_]*$/ -or-
-        A namespaced project name (ex. author-projectname) matching the expression /^[a-zA-Z0-9]+[-][a-z][a-z0-9_]*$/
-
-        Configure project name in <project_dir>/bolt-project.yaml
-        ERROR_STRING
-      # If the project name is the same as one of the built-in modules raise a warning
-      elsif Dir.children(Bolt::PAL::BOLTLIB_PATH).include?(name)
-        raise Bolt::ValidationError, "The project '#{name}' will not be loaded. The project name conflicts "\
-          "with a built-in Bolt module of the same name."
+      if name
+        name_regex = /^[a-z][a-z0-9_]*$/
+        if name !~ name_regex
+          raise Bolt::ValidationError, <<~ERROR_STRING
+          Invalid project name '#{name}' in bolt-project.yaml; project name must match #{name_regex.inspect}
+          ERROR_STRING
+        elsif Dir.children(Bolt::PAL::BOLTLIB_PATH).include?(name)
+          raise Bolt::ValidationError, "The project '#{name}' will not be loaded. The project name conflicts "\
+            "with a built-in Bolt module of the same name."
+        end
+      else
+        message = "No project name is specified in bolt-project.yaml. Project-level content will not be available."
+        @warnings << { msg: message }
       end
 
       %w[tasks plans].each do |conf|

data/lib/bolt/resource_instance.rb

@@ -30,8 +30,7 @@ module Bolt
       @target        = resource_hash['target']
       @type          = resource_hash['type'].to_s.capitalize
       @title         = resource_hash['title']
-      # get_resources() returns observed state under the 'parameters' key
-      @state         = resource_hash['state'] || resource_hash['parameters'] || {}
+      @state         = resource_hash['state'] || {}
       @desired_state = resource_hash['desired_state'] || {}
       @events        = resource_hash['events'] || []
     end
@@ -84,11 +83,19 @@ module Bolt
       to_hash.to_json(opts)
     end
 
+    def self.format_reference(type, title)
+      "#{type.capitalize}[#{title}]"
+    end
+
     def reference
-      "#{type}[#{title}]"
+      self.class.format_reference(@type, @title)
     end
     alias to_s reference
 
+    def [](attribute)
+      @state[attribute]
+    end
+
     def add_event(event)
       @events << event
     end

data/lib/bolt/shell/bash.rb

@@ -35,7 +35,7 @@ module Bolt
       def upload(source, destination, options = {})
         running_as(options[:run_as]) do
           with_tmpdir do |dir|
-            basename = File.basename(destination)
+            basename = File.basename(source)
             tmpfile = File.join(dir.to_s, basename)
             conn.copy_file(source, tmpfile)
             # pass over file ownership if we're using run-as to be a different user
@@ -332,14 +332,14 @@ module Bolt
         end
 
         if escalate
-          if use_sudo
-            sudo_exec = target.options['sudo-executable'] || "sudo"
-            sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", sudo_prompt]
-            sudo_flags += ["-E"] if options[:environment]
-            sudo_str = Shellwords.shelljoin(sudo_flags)
-          else
-            sudo_str = Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])
-          end
+          sudo_str = if use_sudo
+                       sudo_exec = target.options['sudo-executable'] || "sudo"
+                       sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", sudo_prompt]
+                       sudo_flags += ["-E"] if options[:environment]
+                       Shellwords.shelljoin(sudo_flags)
+                     else
+                       Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])
+                     end
           command_str = build_sudoable_command_str(command_str, sudo_str, @sudo_id, options)
         end
 

data/lib/bolt/shell/powershell.rb

@@ -111,7 +111,8 @@ module Bolt
       end
 
       def mkdirs(dirs)
-        mkdir_command = "mkdir -Force #{dirs.uniq.sort.join(',')}"
+        paths = dirs.uniq.sort.join('","')
+        mkdir_command = "mkdir -Force -Path (\"#{paths}\")"
         result = execute(mkdir_command)
         if result.exit_code != 0
           message = "Could not create directories: #{result.stderr.string}"

data/lib/bolt/shell/powershell/snippets.rb

@@ -20,6 +20,14 @@ module Bolt
             PS
           end
 
+          def exit_with_code(command)
+            <<~PS
+            #{command}
+            if (-not $? -and ($LASTEXITCODE -eq $null)) { exit 1 }
+            exit $LASTEXITCODE
+            PS
+          end
+
           def make_tmpdir(parent)
             <<~PS
             $parent = #{parent}

data/lib/bolt/transport/docker.rb

@@ -20,7 +20,7 @@ module Bolt
       def upload(target, source, destination, _options = {})
         with_connection(target) do |conn|
           conn.with_remote_tmpdir do |dir|
-            basename = File.basename(destination)
+            basename = File.basename(source)
             tmpfile = "#{dir}/#{basename}"
             if File.directory?(source)
               conn.write_remote_directory(source, tmpfile)

data/lib/bolt/transport/local/connection.rb

@@ -50,7 +50,8 @@ module Bolt
             # If it's already a powershell command then invoke it normally.
             # Otherwise, wrap it in powershell.exe.
             unless command.start_with?('powershell.exe')
-              command = ['powershell.exe', *Bolt::Shell::Powershell::PS_ARGS, '-Command', command]
+              cmd = Bolt::Shell::Powershell::Snippets.exit_with_code(command)
+              command = ['powershell.exe', *Bolt::Shell::Powershell::PS_ARGS, '-Command', cmd]
             end
           end
 

data/lib/bolt/transport/ssh/connection.rb

@@ -78,6 +78,28 @@ module Bolt
 
           options[:proxy] = Net::SSH::Proxy::Jump.new(target.options['proxyjump']) if target.options['proxyjump']
 
+          # Override the default supported algorithms for net-ssh. By default, a subset of supported algorithms
+          # are enabled in 6.x, while several are deprecated and not enabled by default. The *-algorithms
+          # options can be used to specify a list of algorithms to enable in net-ssh. Any algorithms not in the
+          # list are disabled, including ones that are normally enabled by default. Support for deprecated
+          # algorithms will be removed in 7.x.
+          # https://github.com/net-ssh/net-ssh#supported-algorithms
+          if target.options['encryption-algorithms']
+            options[:encryption] = net_ssh_algorithms(:encryption, target.options['encryption-algorithms'])
+          end
+
+          if target.options['host-key-algorithms']
+            options[:host_key] = net_ssh_algorithms(:host_key, target.options['host-key-algorithms'])
+          end
+
+          if target.options['kex-algorithms']
+            options[:kex] = net_ssh_algorithms(:kex, target.options['kex-algorithms'])
+          end
+
+          if target.options['mac-algorithms']
+            options[:hmac] = net_ssh_algorithms(:hmac, target.options['mac-algorithms'])
+          end
+
           # This option was to address discrepency betwen net-ssh host-key-check and ssh(1)
           # For the net-ssh 5.x series it defaults to true, in 6.x it will default to false, and will be removed in 7.x
           # https://github.com/net-ssh/net-ssh/pull/663#issuecomment-469979931
@@ -246,6 +268,19 @@ module Bolt
           end
         end
 
+        # Add all default algorithms if the 'defaults' key is present and filter
+        # out any unsupported algorithms.
+        def net_ssh_algorithms(type, algorithms)
+          if algorithms.include?('defaults')
+            defaults = Net::SSH::Transport::Algorithms::DEFAULT_ALGORITHMS[type]
+            algorithms += defaults
+          end
+
+          known = Net::SSH::Transport::Algorithms::ALGORITHMS[type]
+
+          algorithms & known
+        end
+
         def shell
           @shell ||= if target.options['login-shell'] == 'powershell'
                        Bolt::Shell::Powershell.new(target, self)