bolt 2.15.0 → 2.20.0

data/lib/bolt/puppetdb/client.rb

@@ -96,6 +96,8 @@ module Bolt
         @http = HTTPClient.new
         @http.ssl_config.set_client_cert_file(@config.cert, @config.key) if @config.cert
         @http.ssl_config.add_trust_ca(@config.cacert)
+        @http.connect_timeout = @config.connect_timeout if @config.connect_timeout
+        @http.receive_timeout = @config.read_timeout if @config.read_timeout
 
         @http
       end

data/lib/bolt/puppetdb/config.rb

@@ -132,6 +132,22 @@ module Bolt
         end
       end
 
+      def connect_timeout
+        validate_timeout('connect_timeout')
+        @settings['connect_timeout']
+      end
+
+      def read_timeout
+        validate_timeout('read_timeout')
+        @settings['read_timeout']
+      end
+
+      def validate_timeout(timeout)
+        unless @settings[timeout].nil? || (@settings[timeout].is_a?(Integer) && @settings[timeout] > 0)
+          raise Bolt::PuppetDBError, "#{timeout} must be a positive integer, received #{@settings[timeout]}"
+        end
+      end
+
       def to_hash
         @settings.dup
       end

data/lib/bolt/result.rb

@@ -79,6 +79,13 @@ module Bolt
       new(target, message: "Uploaded '#{source}' to '#{target.host}:#{destination}'", action: 'upload', object: source)
     end
 
+    def self.for_download(target, source, destination, download)
+      msg   = "Downloaded '#{target.host}:#{source}' to '#{destination}'"
+      value = { 'path' => download }
+
+      new(target, value: value, message: msg, action: 'download', object: source)
+    end
+
     # Satisfies the Puppet datatypes API
     def self.from_asserted_args(target, value)
       new(target, value: value)

data/lib/bolt/shell/bash.rb

@@ -23,7 +23,7 @@ module Bolt
 
       def run_command(command, options = {})
         running_as(options[:run_as]) do
-          output = execute(command, sudoable: true)
+          output = execute(command, environment: options[:env_vars], sudoable: true)
           Bolt::Result.for_command(target,
                                    output.stdout.string,
                                    output.stderr.string,
@@ -35,9 +35,9 @@ module Bolt
       def upload(source, destination, options = {})
         running_as(options[:run_as]) do
           with_tmpdir do |dir|
-            basename = File.basename(destination)
+            basename = File.basename(source)
             tmpfile = File.join(dir.to_s, basename)
-            conn.copy_file(source, tmpfile)
+            conn.upload_file(source, tmpfile)
             # pass over file ownership if we're using run-as to be a different user
             dir.chown(run_as)
             result = execute(['mv', '-f', tmpfile, destination], sudoable: true)
@@ -50,6 +50,27 @@ module Bolt
         end
       end
 
+      def download(source, destination, options = {})
+        running_as(options[:run_as]) do
+          # Target OS may be either Unix or Windows. Without knowing the target OS before-hand
+          # we can't assume whether the path separator is '/' or '\'. Assume we're connecting
+          # to a target with Unix and then check if the path exists after downloading.
+          download = File.join(destination, Bolt::Util.unix_basename(source))
+
+          conn.download_file(source, destination, download)
+
+          # If the download path doesn't exist, then the file was likely downloaded from Windows
+          # using a source path with backslashes (e.g. 'C:\Users\Administrator\foo'). The file
+          # should be saved to the expected location, so update the download path assuming a
+          # Windows basename so the result shows the correct local path.
+          unless File.exist?(download)
+            download = File.join(destination, Bolt::Util.windows_basename(source))
+          end
+
+          Bolt::Result.for_download(target, source, destination, download)
+        end
+      end
+
       def run_script(script, arguments, options = {})
         # unpack any Sensitive data
         arguments = unwrap_sensitive_args(arguments)
@@ -58,7 +79,7 @@ module Bolt
           with_tmpdir do |dir|
             path = write_executable(dir.to_s, script)
             dir.chown(run_as)
-            output = execute([path, *arguments], sudoable: true)
+            output = execute([path, *arguments], environment: options[:env_vars], sudoable: true)
             Bolt::Result.for_command(target,
                                      output.stdout.string,
                                      output.stderr.string,
@@ -95,7 +116,7 @@ module Bolt
               task_dir = File.join(dir.to_s, task.tasks_dir)
               dir.mkdirs([task.tasks_dir] + extra_files.map { |file| File.dirname(file['name']) })
               extra_files.each do |file|
-                conn.copy_file(file['path'], File.join(dir.to_s, file['name']))
+                conn.upload_file(file['path'], File.join(dir.to_s, file['name']))
               end
             end
 
@@ -170,7 +191,7 @@ module Bolt
       def check_sudo(out, inp, stdin)
         buffer = out.readpartial(CHUNK_SIZE)
         # Split on newlines, including the newline
-        lines = buffer.split(/(?<=[\n])/)
+        lines = buffer.split(/(?<=\n)/)
         # handle_sudo will return the line if it is not a sudo prompt or error
         lines.map! { |line| handle_sudo(inp, line, stdin) }
         lines.join("")
@@ -257,7 +278,7 @@ module Bolt
       def write_executable(dir, file, filename = nil)
         filename ||= File.basename(file)
         remote_path = File.join(dir.to_s, filename)
-        conn.copy_file(file, remote_path)
+        conn.upload_file(file, remote_path)
         make_executable(remote_path)
         remote_path
       end
@@ -277,31 +298,8 @@ module Bolt
         end
       end
 
-      # In the case where a task is run with elevated privilege and needs stdin
-      # a random string is echoed to stderr indicating that the stdin is available
-      # for task input data because the sudo password has already either been
-      # provided on stdin or was not needed.
-      def prepend_sudo_success(sudo_id, command_str)
-        command_str = "cd; #{command_str}" if conn.reset_cwd?
-        "sh -c #{Shellwords.shellescape("echo #{sudo_id} 1>&2; #{command_str}")}"
-      end
-
-      def prepend_chdir(command_str)
-        "sh -c #{Shellwords.shellescape("cd; #{command_str}")}"
-      end
-
-      # A helper to build up a single string that contains all of the options for
-      # privilege escalation. A wrapper script is used to direct task input to stdin
-      # when a tty is allocated and thus we do not need to prepend_sudo_success when
-      # using the wrapper or when the task does not require stdin data.
-      def build_sudoable_command_str(command_str, sudo_str, sudo_id, options)
-        if options[:stdin] && !options[:wrapper]
-          "#{sudo_str} #{prepend_sudo_success(sudo_id, command_str)}"
-        elsif conn.reset_cwd?
-          "#{sudo_str} #{prepend_chdir(command_str)}"
-        else
-          "#{sudo_str} #{command_str}"
-        end
+      def sudo_success(sudo_id)
+        "echo #{sudo_id} 1>&2"
       end
 
       # Returns string with the interpreter conditionally prepended
@@ -322,27 +320,37 @@ module Bolt
         escalate = sudoable && run_as && conn.user != run_as
         use_sudo = escalate && @target.options['run-as-command'].nil?
 
-        command_str = inject_interpreter(options[:interpreter], command)
+        # Depending on the transport, whether we're using sudo and whether
+        # there are environment variables to set, we may need to stitch
+        # together multiple commands into a single sh invocation
+        commands = [inject_interpreter(options[:interpreter], command)]
 
         if options[:environment]
-          env_decls = options[:environment].map do |env, val|
+          env_decl = options[:environment].map do |env, val|
             "#{env}=#{Shellwords.shellescape(val)}"
-          end
-          command_str = "#{env_decls.join(' ')} #{command_str}"
+          end.join(' ')
         end
 
         if escalate
-          if use_sudo
-            sudo_exec = target.options['sudo-executable'] || "sudo"
-            sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", sudo_prompt]
-            sudo_flags += ["-E"] if options[:environment]
-            sudo_str = Shellwords.shelljoin(sudo_flags)
-          else
-            sudo_str = Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])
-          end
-          command_str = build_sudoable_command_str(command_str, sudo_str, @sudo_id, options)
+          sudo_str = if use_sudo
+                       sudo_exec = target.options['sudo-executable'] || "sudo"
+                       sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", sudo_prompt]
+                       Shellwords.shelljoin(sudo_flags)
+                     else
+                       Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])
+                     end
+          commands.unshift('cd') if conn.reset_cwd?
+          commands.unshift(sudo_success(@sudo_id)) if options[:stdin] && !options[:wrapper]
         end
 
+        command_str = if sudo_str || env_decl
+                        "sh -c #{Shellwords.shellescape(commands.join('; '))}"
+                      else
+                        commands.last
+                      end
+
+        command_str = [sudo_str, env_decl, command_str].compact.join(' ')
+
         @logger.debug { "Executing: #{command_str}" }
 
         in_buffer = if !use_sudo && options[:stdin]

data/lib/bolt/shell/powershell.rb

@@ -71,8 +71,10 @@ module Bolt
         end
       end
 
-      def set_env(arg, val)
-        "[Environment]::SetEnvironmentVariable('#{arg}', @'\n#{val}\n'@)"
+      def env_declarations(env_vars)
+        env_vars.map do |var, val|
+          "[Environment]::SetEnvironmentVariable('#{var}', @'\n#{val}\n'@)"
+        end
       end
 
       def quote_string(string)
@@ -83,7 +85,7 @@ module Bolt
         filename ||= File.basename(file)
         validate_extensions(File.extname(filename))
         destination = "#{dir}\\#{filename}"
-        conn.copy_file(file, destination)
+        conn.upload_file(file, destination)
         destination
       end
 
@@ -111,7 +113,8 @@ module Bolt
       end
 
       def mkdirs(dirs)
-        mkdir_command = "mkdir -Force #{dirs.uniq.sort.join(',')}"
+        paths = dirs.uniq.sort.join('","')
+        mkdir_command = "mkdir -Force -Path (\"#{paths}\")"
         result = execute(mkdir_command)
         if result.exit_code != 0
           message = "Could not create directories: #{result.stderr.string}"
@@ -161,11 +164,19 @@ module Bolt
       end
 
       def upload(source, destination, _options = {})
-        conn.copy_file(source, destination)
+        conn.upload_file(source, destination)
         Bolt::Result.for_upload(target, source, destination)
       end
 
-      def run_command(command, _options = {})
+      def download(source, destination, _options = {})
+        download = File.join(destination, Bolt::Util.windows_basename(source))
+        conn.download_file(source, destination, download)
+        Bolt::Result.for_download(target, source, destination, download)
+      end
+
+      def run_command(command, options = {})
+        command = [*env_declarations(options[:env_vars]), command].join("\r\n") if options[:env_vars]
+
         output = execute(command)
         Bolt::Result.for_command(target,
                                  output.stdout.string,
@@ -174,7 +185,7 @@ module Bolt
                                  'command', command)
       end
 
-      def run_script(script, arguments, _options = {})
+      def run_script(script, arguments, options = {})
         # unpack any Sensitive data
         arguments = unwrap_sensitive_args(arguments)
         with_tmpdir do |dir|
@@ -186,6 +197,8 @@ module Bolt
                       args += escape_arguments(arguments)
                       execute_process(path, args)
                     end
+          command = [*env_declarations(options[:env_vars]), command].join("\r\n") if options[:env_vars]
+
           output = execute(command)
           Bolt::Result.for_command(target,
                                    output.stdout.string,
@@ -213,7 +226,7 @@ module Bolt
             task_dir = File.join(dir, task.tasks_dir)
             mkdirs([task_dir] + extra_files.map { |file| File.join(dir, File.dirname(file['name'])) })
             extra_files.each do |file|
-              conn.copy_file(file['path'], File.join(dir, file['name']))
+              conn.upload_file(file['path'], File.join(dir, file['name']))
             end
           end
 
@@ -236,9 +249,7 @@ module Bolt
                     end
 
           env_assignments = if Bolt::Task::ENVIRONMENT_METHODS.include?(input_method)
-                              envify_params(arguments).map do |(arg, val)|
-                                set_env(arg, val)
-                              end
+                              env_declarations(envify_params(arguments))
                             else
                               []
                             end
@@ -257,7 +268,7 @@ module Bolt
           return with_tmpdir do |dir|
             command += "\r\nif (!$?) { if($LASTEXITCODE) { exit $LASTEXITCODE } else { exit 1 } }"
             script_file = File.join(dir, "#{SecureRandom.uuid}_wrapper.ps1")
-            conn.copy_file(StringIO.new(command), script_file)
+            conn.upload_file(StringIO.new(command), script_file)
             args = escape_arguments([script_file])
             script_invocation = ['powershell.exe', *PS_ARGS, '-File', *args].join(' ')
             execute(script_invocation)

data/lib/bolt/shell/powershell/snippets.rb

@@ -85,12 +85,21 @@ module Bolt
 
           def shell_init
             <<~PS
-            $ENV:PATH += ";${ENV:ProgramFiles}\\Puppet Labs\\Puppet\\bin\\;" +
-            "${ENV:ProgramFiles}\\Puppet Labs\\Puppet\\puppet\\bin;" +
-            "${ENV:ProgramFiles}\\Puppet Labs\\Puppet\\sys\\ruby\\bin\\"
-            $ENV:RUBYLIB = "${ENV:ProgramFiles}\\Puppet Labs\\Puppet\\puppet\\lib;" +
-            "${ENV:ProgramFiles}\\Puppet Labs\\Puppet\\facter\\lib;" +
-            "${ENV:ProgramFiles}\\Puppet Labs\\Puppet\\hiera\\lib;" +
+            $installRegKey = Get-ItemProperty -Path "HKLM:\\Software\\Puppet Labs\\Puppet" -ErrorAction 0
+            if(![string]::IsNullOrEmpty($installRegKey.RememberedInstallDir64)){
+              $boltBaseDir = $installRegKey.RememberedInstallDir64
+            }elseif(![string]::IsNullOrEmpty($installRegKey.RememberedInstallDir)){
+              $boltBaseDir = $installRegKey.RememberedInstallDir
+            }else{
+              $boltBaseDir = "${ENV:ProgramFiles}\\Puppet Labs\\Puppet"
+            }
+
+            $ENV:PATH += ";${boltBaseDir}\\bin\\;" +
+            "${boltBaseDir}\\puppet\\bin;" +
+            "${boltBaseDir}\\sys\\ruby\\bin\\"
+            $ENV:RUBYLIB = "${boltBaseDir}\\puppet\\lib;" +
+            "${boltBaseDir}\\facter\\lib;" +
+            "${boltBaseDir}\\hiera\\lib;" +
             $ENV:RUBYLIB
 
             Add-Type -AssemblyName System.ServiceModel.Web, System.Runtime.Serialization

data/lib/bolt/transport/base.rb

@@ -167,6 +167,25 @@ module Bolt
         end
       end
 
+      # Downloads the given source file from a batch of targets to the destination location
+      # on the host.
+      #
+      # The default implementation only supports batches of size 1 and will fail otherwise.
+      #
+      # Transports may override this method to implement their own batch processing.
+      def batch_download(targets, source, destination, options = {}, &callback)
+        require 'erb'
+
+        assert_batch_size_one("batch_download()", targets)
+        target = targets.first
+        with_events(target, callback, 'download') do
+          escaped_name = ERB::Util.url_encode(target.safe_name)
+          target_destination = File.expand_path(escaped_name, destination)
+          @logger.debug { "Downloading: '#{source}' on #{target.safe_name} to #{target_destination}" }
+          download(target, source, target_destination, options)
+        end
+      end
+
       def batch_connected?(targets)
         assert_batch_size_one("connected?()", targets)
         connected?(targets.first)
@@ -201,6 +220,11 @@ module Bolt
         raise NotImplementedError, "upload() must be implemented by the transport class"
       end
 
+      # Transports should override this method with their own implementation of file download.
+      def download(*_args)
+        raise NotImplementedError, "download() must be implemented by the transport class"
+      end
+
       # Transports should override this method with their own implementation of a connection test.
       def connected?(_targets)
         raise NotImplementedError, "connected?() must be implemented by the transport class"

data/lib/bolt/transport/docker.rb

@@ -20,7 +20,7 @@ module Bolt
       def upload(target, source, destination, _options = {})
         with_connection(target) do |conn|
           conn.with_remote_tmpdir do |dir|
-            basename = File.basename(destination)
+            basename = File.basename(source)
             tmpfile = "#{dir}/#{basename}"
             if File.directory?(source)
               conn.write_remote_directory(source, tmpfile)
@@ -38,8 +38,18 @@ module Bolt
         end
       end
 
+      def download(target, source, destination, _options = {})
+        with_connection(target) do |conn|
+          download = File.join(destination, Bolt::Util.unix_basename(source))
+          conn.download_remote_content(source, destination)
+          Bolt::Result.for_download(target, source, destination, download)
+        end
+      end
+
       def run_command(target, command, options = {})
-        options[:tty] = target.options['tty']
+        execute_options = {}
+        execute_options[:tty] = target.options['tty']
+        execute_options[:environment] = options[:env_vars]
 
         if target.options['shell-command'] && !target.options['shell-command'].empty?
           # escape any double quotes in command
@@ -47,19 +57,21 @@ module Bolt
           command = "#{target.options['shell-command']} \" #{command}\""
         end
         with_connection(target) do |conn|
-          stdout, stderr, exitcode = conn.execute(*Shellwords.split(command), options)
+          stdout, stderr, exitcode = conn.execute(*Shellwords.split(command), execute_options)
           Bolt::Result.for_command(target, stdout, stderr, exitcode, 'command', command)
         end
       end
 
-      def run_script(target, script, arguments, _options = {})
+      def run_script(target, script, arguments, options = {})
         # unpack any Sensitive data
         arguments = unwrap_sensitive_args(arguments)
+        execute_options = {}
+        execute_options[:environment] = options[:env_vars]
 
         with_connection(target) do |conn|
           conn.with_remote_tmpdir do |dir|
             remote_path = conn.write_remote_executable(dir, script)
-            stdout, stderr, exitcode = conn.execute(remote_path, *arguments, {})
+            stdout, stderr, exitcode = conn.execute(remote_path, *arguments, execute_options)
             Bolt::Result.for_command(target, stdout, stderr, exitcode, 'script', script)
           end
         end

data/lib/bolt/transport/docker/connection.rb

@@ -82,7 +82,9 @@ module Bolt
         def write_remote_file(source, destination)
           @logger.debug { "Uploading #{source}, to #{destination}" }
           _, stdout_str, status = execute_local_docker_command('cp', [source, "#{container_id}:#{destination}"])
-          raise "Error writing file to container #{@container_id}: #{stdout_str}" unless status.exitstatus.zero?
+          unless status.exitstatus.zero?
+            raise "Error writing file to container #{@container_id}: #{stdout_str}"
+          end
         rescue StandardError => e
           raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
         end
@@ -90,7 +92,23 @@ module Bolt
         def write_remote_directory(source, destination)
           @logger.debug { "Uploading #{source}, to #{destination}" }
           _, stdout_str, status = execute_local_docker_command('cp', [source, "#{container_id}:#{destination}"])
-          raise "Error writing directory to container #{@container_id}: #{stdout_str}" unless status.exitstatus.zero?
+          unless status.exitstatus.zero?
+            raise "Error writing directory to container #{@container_id}: #{stdout_str}"
+          end
+        rescue StandardError => e
+          raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
+        end
+
+        def download_remote_content(source, destination)
+          @logger.debug { "Downloading #{source} to #{destination}" }
+          # Create the destination directory, otherwise copying a source directory with Docker will
+          # copy the *contents* of the directory.
+          # https://docs.docker.com/engine/reference/commandline/cp/
+          FileUtils.mkdir_p(destination)
+          _, stdout_str, status = execute_local_docker_command('cp', ["#{container_id}:#{source}", destination])
+          unless status.exitstatus.zero?
+            raise "Error downloading content from container #{@container_id}: #{stdout_str}"
+          end
         rescue StandardError => e
           raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
         end