bolt 2.15.0 → 2.20.0

data/lib/bolt/inventory/target.rb

@@ -30,6 +30,10 @@ module Bolt
           @safe_name = @uri_obj.omit(:password).to_str.sub(%r{^//}, '')
         end
 
+        if @name == 'localhost'
+          target_data = localhost_defaults(target_data)
+        end
+
         @config = target_data['config'] || {}
         @vars = target_data['vars'] || {}
         @facts = target_data['facts'] || {}
@@ -45,6 +49,20 @@ module Bolt
         validate
       end
 
+      def localhost_defaults(data)
+        defaults = {
+          'config' => {
+            'transport' => 'local',
+            'local' => { 'interpreters' => { '.rb' => RbConfig.ruby } }
+          },
+          'features' => ['puppet-agent']
+        }
+        data = Bolt::Util.deep_merge(defaults, data)
+        # If features is an empty array deep_merge won't add the puppet-agent
+        data['features'] += ['puppet-agent'] if data['features'].empty?
+        data
+      end
+
       # rubocop:disable Naming/AccessorMethodName
       def set_resource(resource)
         if (existing_resource = resources[resource.reference])
@@ -218,11 +236,6 @@ module Bolt
             'target_alias' => []
           }
 
-          # This should be handled by `get_targets`
-          if @name == 'localhost'
-            group_data = Bolt::Inventory::Inventory.localhost_defaults(group_data)
-          end
-
           @group_cache = group_data
         end
 

data/lib/bolt/logger.rb

@@ -15,6 +15,7 @@ module Bolt
       return if Logging.initialized?
 
       Logging.init :debug, :info, :notice, :warn, :error, :fatal, :any
+      @mutex = Mutex.new
 
       Logging.color_scheme(
         'bolt',
@@ -66,6 +67,10 @@ module Bolt
       end
     end
 
+    def self.analytics=(analytics)
+      @analytics = analytics
+    end
+
     def self.console_layout(color)
       color_scheme = :bolt if color
       Logging.layouts.pattern(
@@ -89,8 +94,10 @@ module Bolt
       :notice
     end
 
+    # Explicitly check the log level names instead of the log level number, as levels
+    # that are stringified integers (e.g. "level" => "42") will return a truthy value
     def self.valid_level?(level)
-      !Logging.level_num(level).nil?
+      Logging::LEVELS.include?(Logging.levelify(level))
     end
 
     def self.levels
@@ -100,5 +107,21 @@ module Bolt
     def self.reset_logging
       Logging.reset
     end
+
+    def self.warn_once(type, msg)
+      @mutex.synchronize {
+        @warnings ||= []
+        @logger ||= Logging.logger[self]
+        unless @warnings.include?(type)
+          @logger.warn(msg)
+          @warnings << type
+        end
+      }
+    end
+
+    def self.deprecation_warning(type, msg)
+      @analytics&.event('Warn', 'deprecation', label: type)
+      warn_once(type, msg)
+    end
   end
 end

data/lib/bolt/outputter.rb

@@ -26,5 +26,5 @@ end
 
 require 'bolt/outputter/human'
 require 'bolt/outputter/json'
-require 'bolt/outputter/rainbow'
 require 'bolt/outputter/logger'
+require 'bolt/outputter/rainbow'

data/lib/bolt/outputter/rainbow.rb

@@ -1,12 +1,22 @@
 # frozen_string_literal: true
 
 require 'bolt/pal'
-require 'paint'
 
 module Bolt
   class Outputter
     class Rainbow < Bolt::Outputter::Human
       def initialize(color, verbose, trace, stream = $stdout)
+        begin
+          require 'paint'
+          if Bolt::Util.windows?
+            # the Paint gem thinks that windows does not support ansi colors
+            # but windows 10 or later does
+            # we can display colors if we force mode to TRUE_COLOR
+            Paint.mode = 0xFFFFFF
+          end
+        rescue LoadError
+          raise "The 'paint' gem is required to use the rainbow outputter."
+        end
         super
         @line_color = 0
         @color = 0
@@ -29,9 +39,10 @@ module Bolt
             a = string.chars.map do |c|
               case @state
               when :normal
-                if c == "\e"
+                case c
+                when "\e"
                   @state = :ansi
-                elsif c == "\n"
+                when "\n"
                   @line_color += 1
                   @color = @line_color
                   c

data/lib/bolt/pal.rb

@@ -15,25 +15,36 @@ module Bolt
     # PALError is used to convert errors from executing puppet code into
     # Bolt::Errors
     class PALError < Bolt::Error
-      # Puppet sometimes rescues exceptions notes the location and reraises.
-      # Return the original error.
       def self.from_preformatted_error(err)
         if err.cause&.is_a? Bolt::Error
           err.cause
         else
-          from_error(err.cause || err)
+          from_error(err)
         end
       end
 
       # Generate a Bolt::Pal::PALError for non-bolt errors
       def self.from_error(err)
-        e = new(err.message)
+        # Use the original error message if available
+        message = err.cause ? err.cause.message : err.message
+
+        # Provide the location of an error if it came from a plan
+        details = if defined?(err.file) && err.file
+                    { file:   err.file,
+                      line:   err.line,
+                      column: err.pos }.compact
+                  else
+                    {}
+                  end
+
+        e = new(message, details)
+
         e.set_backtrace(err.backtrace)
         e
       end
 
-      def initialize(msg)
-        super(msg, 'bolt/pal-error')
+      def initialize(msg, details = {})
+        super(msg, 'bolt/pal-error', details)
       end
     end
 
@@ -137,7 +148,14 @@ module Bolt
       # TODO: If we always call this inside a bolt_executor we can remove this here
       setup
       r = Puppet::Pal.in_tmp_environment('bolt', modulepath: @modulepath, facts: {}) do |pal|
-        Puppet.override(bolt_project: @project,
+        # Only load the project if it a) exists, b) has a name it can be loaded with
+        bolt_project = @project if @project&.name
+        # Puppet currently won't receive the project unless it is a named project. Since
+        # the download_file plan function needs access to the project path, add it to the
+        # context.
+        bolt_project_data = @project
+        Puppet.override(bolt_project: bolt_project,
+                        bolt_project_data: bolt_project_data,
                         yaml_plan_instantiator: Bolt::PAL::YamlPlan::Loader) do
           pal.with_script_compiler do |compiler|
             alias_types(compiler)
@@ -157,8 +175,9 @@ module Bolt
               if e.issue_code == :UNKNOWN_VARIABLE &&
                  %w[facts trusted server_facts settings].include?(e.arguments[:name])
                 message = "Evaluation Error: Variable '#{e.arguments[:name]}' is not available in the current scope "\
-                  "unless explicitly defined. (file: #{e.file}, line: #{e.line}, column: #{e.pos})"
-                PALError.new(message)
+                          "unless explicitly defined."
+                details = { file: e.file, line: e.line, column: e.pos }
+                PALError.new(message, details)
               else
                 PALError.from_preformatted_error(e)
               end
@@ -265,9 +284,10 @@ module Bolt
 
     def parse_params(type, object_name, params)
       in_bolt_compiler do |compiler|
-        if type == 'task'
+        case type
+        when 'task'
           param_spec = compiler.task_signature(object_name)&.task_hash&.dig('parameters')
-        elsif type == 'plan'
+        when 'plan'
           plan = compiler.plan_signature(object_name)
           param_spec = plan.params_type.elements&.each_with_object({}) { |t, h| h[t.name] = t.value_type } if plan
         end

data/lib/bolt/pal/yaml_plan/evaluator.rb

@@ -73,7 +73,7 @@ module Bolt
         end
 
         def upload_step(scope, step)
-          source = step['source']
+          source = step['upload'] || step['source']
           destination = step['destination']
           targets = step['targets'] || step['target']
           description = step['description']
@@ -83,6 +83,17 @@ module Bolt
           scope.call_function('upload_file', args)
         end
 
+        def download_step(scope, step)
+          source = step['download']
+          destination = step['destination']
+          targets = step['targets'] || step['target']
+          description = step['description']
+
+          args = [source, destination, targets]
+          args << description if description
+          scope.call_function('download_file', args)
+        end
+
         def eval_step(_scope, step)
           step['eval']
         end
@@ -142,7 +153,13 @@ module Bolt
           if plan.steps.any? { |step| step.body.key?('target') }
             msg = "The 'target' parameter for YAML plan steps is deprecated and will be removed "\
                   "in a future version of Bolt. Use the 'targets' parameter instead."
-            @logger.warn(msg)
+            Bolt::Logger.deprecation_warning("Using 'target' parameter for YAML plan steps, not 'targets'", msg)
+          end
+
+          if plan.steps.any? { |step| step.body.key?('source') }
+            msg = "The 'source' parameter for YAML plan upload steps is deprecated and will be removed "\
+                  "in a future version of Bolt. Use the 'upload' parameter instead."
+            Bolt::Logger.deprecation_warning("Using 'source' parameter for YAML upload steps, not 'upload'", msg)
           end
 
           plan_result = closure_scope.with_local_scope(args_hash) do |scope|

data/lib/bolt/pal/yaml_plan/step.rb

@@ -12,7 +12,7 @@ module Bolt
           Set['name', 'description', 'target', 'targets']
         end
 
-        STEP_KEYS = %w[command script task plan source destination eval resources].freeze
+        STEP_KEYS = %w[command script task plan source destination eval resources upload download].freeze
 
         def self.create(step_body, step_number)
           type_keys = (STEP_KEYS & step_body.keys)
@@ -22,8 +22,10 @@ module Bolt
           when 1
             type = type_keys.first
           else
-            if type_keys.to_set == Set['source', 'destination']
+            if [Set['source', 'destination'], Set['upload', 'destination']].include?(type_keys.to_set)
               type = 'upload'
+            elsif type_keys.to_set == Set['download', 'destination']
+              type = 'download'
             else
               raise step_error("Multiple action keys detected: #{type_keys.inspect}", step_body['name'], step_number)
             end
@@ -89,6 +91,12 @@ module Bolt
             missing_keys -= ['targets']
           end
 
+          # Handle cases where upload step uses deprecated 'source' key instead of 'upload'
+          # TODO: Remove when 'source' is removed
+          if body.include?('source')
+            missing_keys -= ['upload']
+          end
+
           if missing_keys.any?
             error_message = "The #{step_type.inspect} step requires: #{missing_keys.to_a.inspect} key(s)"
             err = step_error(error_message, body['name'], step_number)
@@ -156,3 +164,4 @@ require 'bolt/pal/yaml_plan/step/resources'
 require 'bolt/pal/yaml_plan/step/script'
 require 'bolt/pal/yaml_plan/step/task'
 require 'bolt/pal/yaml_plan/step/upload'
+require 'bolt/pal/yaml_plan/step/download'

data/lib/bolt/pal/yaml_plan/step/download.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Bolt
+  class PAL
+    class YamlPlan
+      class Step
+        class Download < Step
+          def self.allowed_keys
+            super + Set['download', 'destination']
+          end
+
+          def self.required_keys
+            Set['download', 'destination', 'targets']
+          end
+
+          def initialize(step_body)
+            super
+            @source = step_body['download']
+            @destination = step_body['destination']
+          end
+
+          def transpile
+            code = String.new("  ")
+            code << "$#{@name} = " if @name
+
+            fn = 'download_file'
+            args = [@source, @destination, @targets]
+            args << @description if @description
+
+            code << function_call(fn, args)
+
+            code << "\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bolt/pal/yaml_plan/step/upload.rb

@@ -6,16 +6,16 @@ module Bolt
       class Step
         class Upload < Step
           def self.allowed_keys
-            super + Set['source', 'destination']
+            super + Set['source', 'destination', 'upload']
           end
 
           def self.required_keys
-            Set['destination', 'source', 'targets']
+            Set['upload', 'destination', 'targets']
           end
 
           def initialize(step_body)
             super
-            @source = step_body['source']
+            @source = step_body['upload'] || step_body['source']
             @destination = step_body['destination']
           end
 

data/lib/bolt/plugin/module.rb

@@ -184,12 +184,10 @@ module Bolt
       # Raises a deprecation warning if the pkcs7 plugin is using deprecated keys and
       # modifies the keys so they are the correct format
       def handle_deprecated_pkcs7_keys(params)
-        if (params.key?('private-key') || params.key?('public-key')) && !@deprecation_warning_issued
-          @deprecation_warning_issued = true
-
+        if params.key?('private-key') || params.key?('public-key')
           message = "pkcs7 keys 'private-key' and 'public-key' have been deprecated and will be "\
                     "removed in a future version of Bolt; use 'private_key' and 'public_key' instead."
-          Logging.logger[self].warn(message)
+          Bolt::Logger.deprecation_warning('PKCS7 keys using hyphens, not underscores', message)
         end
 
         params['private_key'] = params.delete('private-key') if params.key?('private-key')

data/lib/bolt/plugin/puppetdb.rb

@@ -85,7 +85,8 @@ module Bolt
 
       def resolve_facts(config, certname, target_data)
         Bolt::Util.walk_vals(config) do |value|
-          if value.is_a?(String)
+          case value
+          when String
             if value == 'certname'
               certname
             else
@@ -94,7 +95,7 @@ module Bolt
               # If there's no fact data this will be nil
               data&.fetch('value', nil)
             end
-          elsif value.is_a?(Array) || value.is_a?(Hash)
+          when Array, Hash
             value
           else
             raise FactLookupError.new(value, "fact lookups must be a string")

data/lib/bolt/project.rb

@@ -1,20 +1,23 @@
 # frozen_string_literal: true
 
 require 'pathname'
-require 'bolt/pal'
 require 'bolt/config'
+require 'bolt/pal'
 
 module Bolt
   class Project
     BOLTDIR_NAME = 'Boltdir'
     PROJECT_SETTINGS = {
       "name"  => "The name of the project",
-      "plans" => "An array of plan names to whitelist. Whitelisted plans are included in `bolt plan show` output",
-      "tasks" => "An array of task names to whitelist. Whitelisted plans are included in `bolt task show` output"
+      "plans" => "An array of plan names to show, if they exist in the project."\
+                 "These plans are included in `bolt plan show` output",
+      "tasks" => "An array of task names to show, if they exist in the project."\
+                 "These tasks are included in `bolt task show` output"
     }.freeze
 
     attr_reader :path, :data, :config_file, :inventory_file, :modulepath, :hiera_config,
-                :puppetfile, :rerunfile, :type, :resource_types, :warnings, :project_file
+                :puppetfile, :rerunfile, :type, :resource_types, :warnings, :project_file,
+                :deprecations, :downloads
 
     def self.default_project
       create_project(File.expand_path(File.join('~', '.puppetlabs', 'bolt')), 'user')
@@ -29,6 +32,7 @@ module Bolt
     # hierarchy, falling back to the default if we reach the root.
     def self.find_boltdir(dir)
       dir = Pathname.new(dir)
+
       if (dir + BOLTDIR_NAME).directory?
         create_project(dir + BOLTDIR_NAME, 'embedded')
       elsif (dir + 'bolt.yaml').file? || (dir + 'bolt-project.yaml').file?
@@ -42,6 +46,15 @@ module Bolt
 
     def self.create_project(path, type = 'option')
       fullpath = Pathname.new(path).expand_path
+
+      if !Bolt::Util.windows? && type != 'environment' && fullpath.world_writable?
+        raise Bolt::Error.new(
+          "Project directory '#{fullpath}' is world-writable which poses a security risk. Set "\
+          "BOLT_PROJECT='#{fullpath}' to force the use of this project directory.",
+          "bolt/world-writable-error"
+        )
+      end
+
       project_file = File.join(fullpath, 'bolt-project.yaml')
       data = Bolt::Util.read_optional_yaml_hash(File.expand_path(project_file), 'project')
       new(data, path, type)
@@ -49,14 +62,16 @@ module Bolt
 
     def initialize(raw_data, path, type = 'option')
       @path = Pathname.new(path).expand_path
+
       @project_file = @path + 'bolt-project.yaml'
 
       @warnings = []
+      @deprecations = []
       if (@path + 'bolt.yaml').file? && project_file?
         msg = "Project-level configuration in bolt.yaml is deprecated if using bolt-project.yaml. "\
           "Transport config should be set in inventory.yaml, all other config should be set in "\
           "bolt-project.yaml."
-        @warnings << { msg: msg }
+        @deprecations << { type: 'Using bolt.yaml for project configuration', msg: msg }
       end
 
       @inventory_file = @path + 'inventory.yaml'
@@ -66,18 +81,19 @@ module Bolt
       @rerunfile = @path + '.rerun.json'
       @resource_types = @path + '.resource_types'
       @type = type
+      @downloads = @path + 'downloads'
 
-      tc = Bolt::Config::INVENTORY_CONFIG.keys & raw_data.keys
+      tc = Bolt::Config::INVENTORY_OPTIONS.keys & raw_data.keys
       if tc.any?
         msg = "Transport configuration isn't supported in bolt-project.yaml. Ignoring keys #{tc}"
         @warnings << { msg: msg }
       end
 
-      @data = raw_data.reject { |k, _| Bolt::Config::INVENTORY_CONFIG.keys.include?(k) }
+      @data = raw_data.reject { |k, _| Bolt::Config::INVENTORY_OPTIONS.include?(k) }
 
       # Once bolt.yaml deprecation is removed, this attribute should be removed
       # and replaced with .project_file in lib/bolt/config.rb
-      @config_file = if (Bolt::Config::OPTIONS.keys & @data.keys).any?
+      @config_file = if (Bolt::Config::BOLT_OPTIONS & @data.keys).any?
                        if (@path + 'bolt.yaml').file?
                          msg = "bolt-project.yaml contains valid config keys, bolt.yaml will be ignored"
                          @warnings << { msg: msg }
@@ -96,7 +112,7 @@ module Bolt
     # This API is used to prepend the project as a module to Puppet's internal
     # module_references list. CHANGE AT YOUR OWN RISK
     def to_h
-      { path: @path, name: name }
+      { path: @path.to_s, name: name }
     end
 
     def eql?(other)
@@ -109,10 +125,7 @@ module Bolt
     end
 
     def name
-      # If the project is in mymod/Boltdir/bolt-project.yaml, use mymod as the project name
-      dirname = @path.basename.to_s == 'Boltdir' ? @path.parent.basename.to_s : @path.basename.to_s
-      pname = @data['name'] || dirname
-      pname.include?('-') ? pname.split('-', 2)[1] : pname
+      @data['name']
     end
 
     def tasks
@@ -123,36 +136,20 @@ module Bolt
       @data['plans']
     end
 
-    def project_directory_name?(name)
-      # it must match an installed project name according to forge validator
-      name =~ /^[a-z][a-z0-9_]*$/
-    end
-
-    def project_namespaced_name?(name)
-      # it must match the full project name according to forge validator
-      name =~ /^[a-zA-Z0-9]+[-][a-z][a-z0-9_]*$/
-    end
-
     def validate
-      n = @data['name']
-      if n && !project_directory_name?(n) && !project_namespaced_name?(n)
-        raise Bolt::ValidationError, <<~ERROR_STRING
-        Invalid project name '#{n}' in bolt-project.yaml; project names must match either:
-        An installed project name (ex. projectname) matching the expression /^[a-z][a-z0-9_]*$/ -or-
-        A namespaced project name (ex. author-projectname) matching the expression /^[a-zA-Z0-9]+[-][a-z][a-z0-9_]*$/
-        ERROR_STRING
-      elsif !project_directory_name?(name) && !project_namespaced_name?(name)
-        raise Bolt::ValidationError, <<~ERROR_STRING
-        Invalid project name '#{name}'; project names must match either:
-        A project name (ex. projectname) matching the expression /^[a-z][a-z0-9_]*$/ -or-
-        A namespaced project name (ex. author-projectname) matching the expression /^[a-zA-Z0-9]+[-][a-z][a-z0-9_]*$/
-
-        Configure project name in <project_dir>/bolt-project.yaml
-        ERROR_STRING
-      # If the project name is the same as one of the built-in modules raise a warning
-      elsif Dir.children(Bolt::PAL::BOLTLIB_PATH).include?(name)
-        raise Bolt::ValidationError, "The project '#{name}' will not be loaded. The project name conflicts "\
-          "with a built-in Bolt module of the same name."
+      if name
+        name_regex = /^[a-z][a-z0-9_]*$/
+        if name !~ name_regex
+          raise Bolt::ValidationError, <<~ERROR_STRING
+          Invalid project name '#{name}' in bolt-project.yaml; project name must match #{name_regex.inspect}
+          ERROR_STRING
+        elsif Dir.children(Bolt::PAL::BOLTLIB_PATH).include?(name)
+          raise Bolt::ValidationError, "The project '#{name}' will not be loaded. The project name conflicts "\
+            "with a built-in Bolt module of the same name."
+        end
+      else
+        message = "No project name is specified in bolt-project.yaml. Project-level content will not be available."
+        @warnings << { msg: message }
       end
 
       %w[tasks plans].each do |conf|
@@ -164,8 +161,8 @@ module Bolt
 
     def check_deprecated_file
       if (@path + 'project.yaml').file?
-        logger = Logging.logger[self]
-        logger.warn "Project configuration file 'project.yaml' is deprecated; use 'bolt-project.yaml' instead."
+        msg = "Project configuration file 'project.yaml' is deprecated; use 'bolt-project.yaml' instead."
+        Bolt::Logger.deprecation_warning('Using project.yaml instead of bolt-project.yaml', msg)
       end
     end
   end