bolt 2.17.0 → 2.22.0

data/lib/bolt/pal/yaml_plan/evaluator.rb

@@ -73,7 +73,7 @@ module Bolt
         end
 
         def upload_step(scope, step)
-          source = step['source']
+          source = step['upload'] || step['source']
           destination = step['destination']
           targets = step['targets'] || step['target']
           description = step['description']
@@ -83,6 +83,17 @@ module Bolt
           scope.call_function('upload_file', args)
         end
 
+        def download_step(scope, step)
+          source = step['download']
+          destination = step['destination']
+          targets = step['targets'] || step['target']
+          description = step['description']
+
+          args = [source, destination, targets]
+          args << description if description
+          scope.call_function('download_file', args)
+        end
+
         def eval_step(_scope, step)
           step['eval']
         end
@@ -97,6 +108,10 @@ module Bolt
           apply_manifest(scope, targets, manifest)
         end
 
+        def message_step(scope, step)
+          scope.call_function('out::message', step['message'])
+        end
+
         def generate_manifest(resources)
           # inspect returns the Ruby representation of the resource hashes,
           # which happens to be the same as the Puppet representation
@@ -142,7 +157,13 @@ module Bolt
           if plan.steps.any? { |step| step.body.key?('target') }
             msg = "The 'target' parameter for YAML plan steps is deprecated and will be removed "\
                   "in a future version of Bolt. Use the 'targets' parameter instead."
-            @logger.warn(msg)
+            Bolt::Logger.deprecation_warning("Using 'target' parameter for YAML plan steps, not 'targets'", msg)
+          end
+
+          if plan.steps.any? { |step| step.body.key?('source') }
+            msg = "The 'source' parameter for YAML plan upload steps is deprecated and will be removed "\
+                  "in a future version of Bolt. Use the 'upload' parameter instead."
+            Bolt::Logger.deprecation_warning("Using 'source' parameter for YAML upload steps, not 'upload'", msg)
           end
 
           plan_result = closure_scope.with_local_scope(args_hash) do |scope|

data/lib/bolt/pal/yaml_plan/step.rb

@@ -12,7 +12,19 @@ module Bolt
           Set['name', 'description', 'target', 'targets']
         end
 
-        STEP_KEYS = %w[command script task plan source destination eval resources].freeze
+        STEP_KEYS = %w[
+          command
+          destination
+          download
+          eval
+          message
+          plan
+          resources
+          script
+          source
+          task
+          upload
+        ].freeze
 
         def self.create(step_body, step_number)
           type_keys = (STEP_KEYS & step_body.keys)
@@ -22,8 +34,10 @@ module Bolt
           when 1
             type = type_keys.first
           else
-            if type_keys.to_set == Set['source', 'destination']
+            if [Set['source', 'destination'], Set['upload', 'destination']].include?(type_keys.to_set)
               type = 'upload'
+            elsif type_keys.to_set == Set['download', 'destination']
+              type = 'download'
             else
               raise step_error("Multiple action keys detected: #{type_keys.inspect}", step_body['name'], step_number)
             end
@@ -89,6 +103,12 @@ module Bolt
             missing_keys -= ['targets']
           end
 
+          # Handle cases where upload step uses deprecated 'source' key instead of 'upload'
+          # TODO: Remove when 'source' is removed
+          if body.include?('source')
+            missing_keys -= ['upload']
+          end
+
           if missing_keys.any?
             error_message = "The #{step_type.inspect} step requires: #{missing_keys.to_a.inspect} key(s)"
             err = step_error(error_message, body['name'], step_number)
@@ -156,3 +176,5 @@ require 'bolt/pal/yaml_plan/step/resources'
 require 'bolt/pal/yaml_plan/step/script'
 require 'bolt/pal/yaml_plan/step/task'
 require 'bolt/pal/yaml_plan/step/upload'
+require 'bolt/pal/yaml_plan/step/download'
+require 'bolt/pal/yaml_plan/step/message'

data/lib/bolt/pal/yaml_plan/step/download.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Bolt
+  class PAL
+    class YamlPlan
+      class Step
+        class Download < Step
+          def self.allowed_keys
+            super + Set['download', 'destination']
+          end
+
+          def self.required_keys
+            Set['download', 'destination', 'targets']
+          end
+
+          def initialize(step_body)
+            super
+            @source = step_body['download']
+            @destination = step_body['destination']
+          end
+
+          def transpile
+            code = String.new("  ")
+            code << "$#{@name} = " if @name
+
+            fn = 'download_file'
+            args = [@source, @destination, @targets]
+            args << @description if @description
+
+            code << function_call(fn, args)
+
+            code << "\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bolt/pal/yaml_plan/step/message.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Bolt
+  class PAL
+    class YamlPlan
+      class Step
+        class Message < Step
+          def self.allowed_keys
+            super + Set['message']
+          end
+
+          def self.required_keys
+            Set['message']
+          end
+
+          def initialize(step_body)
+            super
+            @message = step_body['message']
+          end
+
+          def transpile
+            code = String.new("  ")
+            code << function_call('out::message', [@message])
+            code << "\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bolt/pal/yaml_plan/step/upload.rb

@@ -6,16 +6,16 @@ module Bolt
       class Step
         class Upload < Step
           def self.allowed_keys
-            super + Set['source', 'destination']
+            super + Set['source', 'destination', 'upload']
           end
 
           def self.required_keys
-            Set['destination', 'source', 'targets']
+            Set['upload', 'destination', 'targets']
           end
 
           def initialize(step_body)
             super
-            @source = step_body['source']
+            @source = step_body['upload'] || step_body['source']
             @destination = step_body['destination']
           end
 

data/lib/bolt/plugin/module.rb

@@ -184,12 +184,10 @@ module Bolt
       # Raises a deprecation warning if the pkcs7 plugin is using deprecated keys and
       # modifies the keys so they are the correct format
       def handle_deprecated_pkcs7_keys(params)
-        if (params.key?('private-key') || params.key?('public-key')) && !@deprecation_warning_issued
-          @deprecation_warning_issued = true
-
+        if params.key?('private-key') || params.key?('public-key')
           message = "pkcs7 keys 'private-key' and 'public-key' have been deprecated and will be "\
                     "removed in a future version of Bolt; use 'private_key' and 'public_key' instead."
-          Logging.logger[self].warn(message)
+          Bolt::Logger.deprecation_warning('PKCS7 keys using hyphens, not underscores', message)
         end
 
         params['private_key'] = params.delete('private-key') if params.key?('private-key')

data/lib/bolt/plugin/puppetdb.rb

@@ -85,7 +85,8 @@ module Bolt
 
       def resolve_facts(config, certname, target_data)
         Bolt::Util.walk_vals(config) do |value|
-          if value.is_a?(String)
+          case value
+          when String
             if value == 'certname'
               certname
             else
@@ -94,7 +95,7 @@ module Bolt
               # If there's no fact data this will be nil
               data&.fetch('value', nil)
             end
-          elsif value.is_a?(Array) || value.is_a?(Hash)
+          when Array, Hash
             value
           else
             raise FactLookupError.new(value, "fact lookups must be a string")

data/lib/bolt/project.rb

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
 require 'pathname'
-require 'bolt/pal'
 require 'bolt/config'
+require 'bolt/pal'
+require 'bolt/module'
 
 module Bolt
   class Project
@@ -16,7 +17,8 @@ module Bolt
     }.freeze
 
     attr_reader :path, :data, :config_file, :inventory_file, :modulepath, :hiera_config,
-                :puppetfile, :rerunfile, :type, :resource_types, :warnings, :project_file
+                :puppetfile, :rerunfile, :type, :resource_types, :warnings, :project_file,
+                :deprecations, :downloads, :plans_path
 
     def self.default_project
       create_project(File.expand_path(File.join('~', '.puppetlabs', 'bolt')), 'user')
@@ -31,6 +33,7 @@ module Bolt
     # hierarchy, falling back to the default if we reach the root.
     def self.find_boltdir(dir)
       dir = Pathname.new(dir)
+
       if (dir + BOLTDIR_NAME).directory?
         create_project(dir + BOLTDIR_NAME, 'embedded')
       elsif (dir + 'bolt.yaml').file? || (dir + 'bolt-project.yaml').file?
@@ -44,6 +47,15 @@ module Bolt
 
     def self.create_project(path, type = 'option')
       fullpath = Pathname.new(path).expand_path
+
+      if !Bolt::Util.windows? && type != 'environment' && fullpath.world_writable?
+        raise Bolt::Error.new(
+          "Project directory '#{fullpath}' is world-writable which poses a security risk. Set "\
+          "BOLT_PROJECT='#{fullpath}' to force the use of this project directory.",
+          "bolt/world-writable-error"
+        )
+      end
+
       project_file = File.join(fullpath, 'bolt-project.yaml')
       data = Bolt::Util.read_optional_yaml_hash(File.expand_path(project_file), 'project')
       new(data, path, type)
@@ -51,14 +63,16 @@ module Bolt
 
     def initialize(raw_data, path, type = 'option')
       @path = Pathname.new(path).expand_path
+
       @project_file = @path + 'bolt-project.yaml'
 
       @warnings = []
+      @deprecations = []
       if (@path + 'bolt.yaml').file? && project_file?
         msg = "Project-level configuration in bolt.yaml is deprecated if using bolt-project.yaml. "\
           "Transport config should be set in inventory.yaml, all other config should be set in "\
           "bolt-project.yaml."
-        @warnings << { msg: msg }
+        @deprecations << { type: 'Using bolt.yaml for project configuration', msg: msg }
       end
 
       @inventory_file = @path + 'inventory.yaml'
@@ -68,6 +82,8 @@ module Bolt
       @rerunfile = @path + '.rerun.json'
       @resource_types = @path + '.resource_types'
       @type = type
+      @downloads = @path + 'downloads'
+      @plans_path = @path + 'plans'
 
       tc = Bolt::Config::INVENTORY_OPTIONS.keys & raw_data.keys
       if tc.any?
@@ -98,7 +114,7 @@ module Bolt
     # This API is used to prepend the project as a module to Puppet's internal
     # module_references list. CHANGE AT YOUR OWN RISK
     def to_h
-      { path: @path, name: name }
+      { path: @path.to_s, name: name }
     end
 
     def eql?(other)
@@ -124,11 +140,9 @@ module Bolt
 
     def validate
       if name
-        name_regex = /^[a-z][a-z0-9_]*$/
-        if name !~ name_regex
-          raise Bolt::ValidationError, <<~ERROR_STRING
-          Invalid project name '#{name}' in bolt-project.yaml; project name must match #{name_regex.inspect}
-          ERROR_STRING
+        if name !~ Bolt::Module::MODULE_NAME_REGEX
+          raise Bolt::ValidationError, "Invalid project name #{name.inspect.tr('"', "'")} in bolt-project.yaml; "\
+                                       "project name must match #{Bolt::Module::MODULE_NAME_REGEX.inspect}"
         elsif Dir.children(Bolt::PAL::BOLTLIB_PATH).include?(name)
           raise Bolt::ValidationError, "The project '#{name}' will not be loaded. The project name conflicts "\
             "with a built-in Bolt module of the same name."
@@ -147,8 +161,8 @@ module Bolt
 
     def check_deprecated_file
       if (@path + 'project.yaml').file?
-        logger = Logging.logger[self]
-        logger.warn "Project configuration file 'project.yaml' is deprecated; use 'bolt-project.yaml' instead."
+        msg = "Project configuration file 'project.yaml' is deprecated; use 'bolt-project.yaml' instead."
+        Bolt::Logger.deprecation_warning('Using project.yaml instead of bolt-project.yaml', msg)
       end
     end
   end

data/lib/bolt/puppetdb/client.rb

@@ -96,6 +96,8 @@ module Bolt
         @http = HTTPClient.new
         @http.ssl_config.set_client_cert_file(@config.cert, @config.key) if @config.cert
         @http.ssl_config.add_trust_ca(@config.cacert)
+        @http.connect_timeout = @config.connect_timeout if @config.connect_timeout
+        @http.receive_timeout = @config.read_timeout if @config.read_timeout
 
         @http
       end

data/lib/bolt/puppetdb/config.rb

@@ -132,6 +132,22 @@ module Bolt
         end
       end
 
+      def connect_timeout
+        validate_timeout('connect_timeout')
+        @settings['connect_timeout']
+      end
+
+      def read_timeout
+        validate_timeout('read_timeout')
+        @settings['read_timeout']
+      end
+
+      def validate_timeout(timeout)
+        unless @settings[timeout].nil? || (@settings[timeout].is_a?(Integer) && @settings[timeout] > 0)
+          raise Bolt::PuppetDBError, "#{timeout} must be a positive integer, received #{@settings[timeout]}"
+        end
+      end
+
       def to_hash
         @settings.dup
       end

data/lib/bolt/result.rb

@@ -79,6 +79,13 @@ module Bolt
       new(target, message: "Uploaded '#{source}' to '#{target.host}:#{destination}'", action: 'upload', object: source)
     end
 
+    def self.for_download(target, source, destination, download)
+      msg   = "Downloaded '#{target.host}:#{source}' to '#{destination}'"
+      value = { 'path' => download }
+
+      new(target, value: value, message: msg, action: 'download', object: source)
+    end
+
     # Satisfies the Puppet datatypes API
     def self.from_asserted_args(target, value)
       new(target, value: value)

data/lib/bolt/shell/bash.rb

@@ -37,7 +37,7 @@ module Bolt
           with_tmpdir do |dir|
             basename = File.basename(source)
             tmpfile = File.join(dir.to_s, basename)
-            conn.copy_file(source, tmpfile)
+            conn.upload_file(source, tmpfile)
             # pass over file ownership if we're using run-as to be a different user
             dir.chown(run_as)
             result = execute(['mv', '-f', tmpfile, destination], sudoable: true)
@@ -50,6 +50,27 @@ module Bolt
         end
       end
 
+      def download(source, destination, options = {})
+        running_as(options[:run_as]) do
+          # Target OS may be either Unix or Windows. Without knowing the target OS before-hand
+          # we can't assume whether the path separator is '/' or '\'. Assume we're connecting
+          # to a target with Unix and then check if the path exists after downloading.
+          download = File.join(destination, Bolt::Util.unix_basename(source))
+
+          conn.download_file(source, destination, download)
+
+          # If the download path doesn't exist, then the file was likely downloaded from Windows
+          # using a source path with backslashes (e.g. 'C:\Users\Administrator\foo'). The file
+          # should be saved to the expected location, so update the download path assuming a
+          # Windows basename so the result shows the correct local path.
+          unless File.exist?(download)
+            download = File.join(destination, Bolt::Util.windows_basename(source))
+          end
+
+          Bolt::Result.for_download(target, source, destination, download)
+        end
+      end
+
       def run_script(script, arguments, options = {})
         # unpack any Sensitive data
         arguments = unwrap_sensitive_args(arguments)
@@ -95,7 +116,7 @@ module Bolt
               task_dir = File.join(dir.to_s, task.tasks_dir)
               dir.mkdirs([task.tasks_dir] + extra_files.map { |file| File.dirname(file['name']) })
               extra_files.each do |file|
-                conn.copy_file(file['path'], File.join(dir.to_s, file['name']))
+                conn.upload_file(file['path'], File.join(dir.to_s, file['name']))
               end
             end
 
@@ -257,7 +278,7 @@ module Bolt
       def write_executable(dir, file, filename = nil)
         filename ||= File.basename(file)
         remote_path = File.join(dir.to_s, filename)
-        conn.copy_file(file, remote_path)
+        conn.upload_file(file, remote_path)
         make_executable(remote_path)
         remote_path
       end
@@ -314,7 +335,6 @@ module Bolt
           sudo_str = if use_sudo
                        sudo_exec = target.options['sudo-executable'] || "sudo"
                        sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", sudo_prompt]
-                       sudo_flags += ["-E"] if options[:environment]
                        Shellwords.shelljoin(sudo_flags)
                      else
                        Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])

data/lib/bolt/shell/powershell.rb

@@ -85,7 +85,7 @@ module Bolt
         filename ||= File.basename(file)
         validate_extensions(File.extname(filename))
         destination = "#{dir}\\#{filename}"
-        conn.copy_file(file, destination)
+        conn.upload_file(file, destination)
         destination
       end
 
@@ -164,10 +164,16 @@ module Bolt
       end
 
       def upload(source, destination, _options = {})
-        conn.copy_file(source, destination)
+        conn.upload_file(source, destination)
         Bolt::Result.for_upload(target, source, destination)
       end
 
+      def download(source, destination, _options = {})
+        download = File.join(destination, Bolt::Util.windows_basename(source))
+        conn.download_file(source, destination, download)
+        Bolt::Result.for_download(target, source, destination, download)
+      end
+
       def run_command(command, options = {})
         command = [*env_declarations(options[:env_vars]), command].join("\r\n") if options[:env_vars]
 
@@ -220,7 +226,7 @@ module Bolt
             task_dir = File.join(dir, task.tasks_dir)
             mkdirs([task_dir] + extra_files.map { |file| File.join(dir, File.dirname(file['name'])) })
             extra_files.each do |file|
-              conn.copy_file(file['path'], File.join(dir, file['name']))
+              conn.upload_file(file['path'], File.join(dir, file['name']))
             end
           end
 
@@ -262,7 +268,7 @@ module Bolt
           return with_tmpdir do |dir|
             command += "\r\nif (!$?) { if($LASTEXITCODE) { exit $LASTEXITCODE } else { exit 1 } }"
             script_file = File.join(dir, "#{SecureRandom.uuid}_wrapper.ps1")
-            conn.copy_file(StringIO.new(command), script_file)
+            conn.upload_file(StringIO.new(command), script_file)
             args = escape_arguments([script_file])
             script_invocation = ['powershell.exe', *PS_ARGS, '-File', *args].join(' ')
             execute(script_invocation)