bolt 2.20.0 → 2.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a72c179da8e6e3fd3d8f883366e88f98026de00eee08ae2410515b2103a3810d
-  data.tar.gz: 968edc1c0c30a370ed06b1c9bd5498ccaaaa5e15f3c47307cad1e68f2af5dafb
+  metadata.gz: ef2991c1d3979e03b9070dc168be0e8c44c309914fd7eb02badc60e5b5d907bf
+  data.tar.gz: 9508d434488486b8b16d062f910f6d3bcf8d7b3e89121ccb8033dd393a7a21db
 SHA512:
-  metadata.gz: a906282180c5df824978979d8e12da5cbe2f835ccef2ae65f2e2fc892bcfa1514a4f8f76418b866fe9cbfe8ce8f8f28b66306055b7acc67de6a7a2e13bb7edbf
-  data.tar.gz: ee4c33740e8e29ad4b3026e5b75b3f0d29556c92e9277bc34101c5f8acfe80db599389c8544aab5946c6c444502a49ddb515da0a854b5796b0aae54fc0875ffc
+  metadata.gz: 351084ca010d6f3d051a588e0d216f07d32473026703378dd7003c9f71f411fa2499926d4e1c6272df55cffc8eeb360fbc6fff4c5a0930c14cba006dfbf3874c
+  data.tar.gz: eef7d1b6b0dfe5584bd216bb5ebe421b61b9e25a4131509cf310f33fc75f7a3afa072e919215eefadb43ac7415cdd51546e6b634daf53d8a7a568366bb31ee68

data/Puppetfile

@@ -5,7 +5,7 @@ forge "http://forge.puppetlabs.com"
 moduledir File.join(File.dirname(__FILE__), 'modules')
 
 # Core modules used by 'apply'
-mod 'puppetlabs-service', '1.2.0'
+mod 'puppetlabs-service', '1.3.0'
 mod 'puppetlabs-puppet_agent', '3.2.0'
 mod 'puppetlabs-facts', '1.0.0'
 
@@ -28,6 +28,7 @@ mod 'puppetlabs-python_task_helper', '0.4.3'
 mod 'puppetlabs-reboot', '3.0.0'
 mod 'puppetlabs-ruby_task_helper', '0.5.1'
 mod 'puppetlabs-ruby_plugin_helper', '0.1.0'
+mod 'puppetlabs-stdlib', '6.3.0'
 
 # Plugin modules
 mod 'puppetlabs-aws_inventory', '0.5.0'
@@ -42,3 +43,4 @@ mod 'puppetlabs-yaml', '0.2.0'
 mod 'canary', local: true
 mod 'aggregate', local: true
 mod 'puppetdb_fact', local: true
+mod 'secure_env_vars', local: true

data/bolt-modules/boltlib/lib/puppet/functions/run_plan.rb

@@ -11,6 +11,9 @@ Puppet::Functions.create_function(:run_plan, Puppet::Functions::InternalFunction
   # @param args A hash of arguments to the plan. Can also include additional options.
   # @option args [Boolean] _catch_errors Whether to catch raised errors.
   # @option args [String] _run_as User to run as using privilege escalation.
+  #   This option sets the [run-as user](privilege_escalation.md) for all
+  #   targets whenever Bolt connects to a target. This is set for all functions
+  #   in the called plan, including `run_plan()`.
   # @return [PlanResult] The result of running the plan. Undef if plan does not explicitly return results.
   # @example Run a plan
   #   run_plan('canary', 'command' => 'false', 'targets' => $targets, '_catch_errors' => true)
@@ -31,6 +34,9 @@ Puppet::Functions.create_function(:run_plan, Puppet::Functions::InternalFunction
   # @param args A hash of arguments to the plan. Can also include additional options.
   # @option args [Boolean] _catch_errors Whether to catch raised errors.
   # @option args [String] _run_as User to run as using privilege escalation.
+  #   This option sets the [run-as user](privilege_escalation.md) for all
+  #   targets whenever Bolt connects to a target. This is set for all functions
+  #   in the called plan, including `run_plan()`.
   # @return [PlanResult] The result of running the plan. Undef if plan does not explicitly return results.
   # @example Run a plan
   #   run_plan('canary', $targets, 'command' => 'false')

data/bolt-modules/dir/lib/puppet/functions/dir/children.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'pathname'
+
+# Returns an array containing all of the filenames except for "." and ".." in the given directory.
+Puppet::Functions.create_function(:'dir::children', Puppet::Functions::InternalFunction) do
+  # @param dirname Absolute path or Puppet module name.
+  # @return Array of files in the given directory.
+  # @example List filenames from an absolute path.
+  #   dir::children('/home/user/subdir/')
+  # @example List filenames from a Puppet file path.
+  #   dir::children('puppet_agent')
+  dispatch :children do
+    scope_param
+    required_param 'String', :dirname
+    return_type 'Array'
+  end
+
+  def children(scope, dirname)
+    # Send Analytics Report
+    Puppet.lookup(:bolt_executor) {}&.report_function_call(self.class.name)
+    modname, subpath = dirname.split(File::SEPARATOR, 2)
+    mod_path = scope.compiler.environment.module(modname)&.path
+
+    full_mod_path = File.join(mod_path, subpath || '') if mod_path
+
+    # Expand relative to the project directory if path is relative
+    project = Puppet.lookup(:bolt_project_data)
+    pathname = Pathname.new(dirname)
+    full_dir = pathname.absolute? ? dirname : File.expand_path(File.join(project.path, dirname))
+
+    # Sort for testability
+    Dir.children(full_mod_path || full_dir).sort
+  end
+end

data/lib/bolt/bolt_option_parser.rb

@@ -25,7 +25,7 @@ module Bolt
       when 'command'
         case action
         when 'run'
-          { flags: ACTION_OPTS,
+          { flags: ACTION_OPTS + %w[env-var],
             banner: COMMAND_RUN_HELP }
         else
           { flags: OPTIONS[:global],
@@ -106,7 +106,7 @@ module Bolt
       when 'script'
         case action
         when 'run'
-          { flags: ACTION_OPTS + %w[tmpdir],
+          { flags: ACTION_OPTS + %w[tmpdir env-var],
             banner: SCRIPT_RUN_HELP }
         else
           { flags: OPTIONS[:global],
@@ -761,6 +761,15 @@ module Bolt
         @options[:'save-rerun'] = save
       end
 
+      separator "\nREMOTE ENVIRONMENT OPTIONS"
+      define('--env-var ENVIRONMENT_VARIABLES', 'Environment variables to set on the target') do |envvar|
+        unless envvar.include?('=')
+          raise Bolt::CLIError, "Environment variables must be specified using 'myenvvar=key' format"
+        end
+        @options[:env_vars] ||= {}
+        @options[:env_vars].store(*envvar.split('=', 2))
+      end
+
       separator "\nTRANSPORT OPTIONS"
       define('--transport TRANSPORT', TRANSPORTS.keys.map(&:to_s),
              "Specify a default transport: #{TRANSPORTS.keys.join(', ')}") do |t|

data/lib/bolt/cli.rb

@@ -258,6 +258,13 @@ module Bolt
               "Option '--noop' may only be specified when running a task or applying manifest code"
       end
 
+      if options[:env_vars]
+        unless %w[command script].include?(options[:subcommand]) && options[:action] == 'run'
+          raise Bolt::CLIError,
+                "Option '--env-var' may only be specified when running a command or script"
+        end
+      end
+
       if options[:subcommand] == 'apply' && (options[:object] && options[:code])
         raise Bolt::CLIError, "--execute is unsupported when specifying a manifest file"
       end
@@ -450,6 +457,7 @@ module Bolt
         elapsed_time = Benchmark.realtime do
           executor_opts = {}
           executor_opts[:description] = options[:description] if options.key?(:description)
+          executor_opts[:env_vars] = options[:env_vars] if options.key?(:env_vars)
           executor.subscribe(outputter)
           executor.subscribe(log_outputter)
           results =

data/lib/bolt/executor.rb

@@ -322,7 +322,13 @@ module Bolt
 
     def download_file(targets, source, destination, options = {})
       description = options.fetch(:description, "file download from #{source} to #{destination}")
-      FileUtils.mkdir_p(destination)
+
+      begin
+        FileUtils.mkdir_p(destination)
+      rescue Errno::EEXIST => e
+        message = "#{e.message}; unable to create destination directory #{destination}"
+        raise Bolt::Error.new(message, 'bolt/file-exist-error')
+      end
 
       log_action(description, targets) do
         options[:run_as] = run_as if run_as && !options.key?(:run_as)

data/lib/bolt/pal/yaml_plan/evaluator.rb

@@ -108,6 +108,10 @@ module Bolt
           apply_manifest(scope, targets, manifest)
         end
 
+        def message_step(scope, step)
+          scope.call_function('out::message', step['message'])
+        end
+
         def generate_manifest(resources)
           # inspect returns the Ruby representation of the resource hashes,
           # which happens to be the same as the Puppet representation

data/lib/bolt/pal/yaml_plan/step.rb

@@ -12,7 +12,19 @@ module Bolt
           Set['name', 'description', 'target', 'targets']
         end
 
-        STEP_KEYS = %w[command script task plan source destination eval resources upload download].freeze
+        STEP_KEYS = %w[
+          command
+          destination
+          download
+          eval
+          message
+          plan
+          resources
+          script
+          source
+          task
+          upload
+        ].freeze
 
         def self.create(step_body, step_number)
           type_keys = (STEP_KEYS & step_body.keys)
@@ -165,3 +177,4 @@ require 'bolt/pal/yaml_plan/step/script'
 require 'bolt/pal/yaml_plan/step/task'
 require 'bolt/pal/yaml_plan/step/upload'
 require 'bolt/pal/yaml_plan/step/download'
+require 'bolt/pal/yaml_plan/step/message'

data/lib/bolt/pal/yaml_plan/step/message.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Bolt
+  class PAL
+    class YamlPlan
+      class Step
+        class Message < Step
+          def self.allowed_keys
+            super + Set['message']
+          end
+
+          def self.required_keys
+            Set['message']
+          end
+
+          def initialize(step_body)
+            super
+            @message = step_body['message']
+          end
+
+          def transpile
+            code = String.new("  ")
+            code << function_call('out::message', [@message])
+            code << "\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bolt/transport/winrm/connection.rb

@@ -111,12 +111,21 @@ module Bolt
           out_rd, out_wr = IO.pipe('UTF-8')
           err_rd, err_wr = IO.pipe('UTF-8')
           th = Thread.new do
+            # By default, any exception raised in a thread will be reported to
+            # stderr as a stacktrace. Since we know these errors are going to
+            # propagate to the main thread via the shell, there's no chance
+            # they will be unhandled, so the default stack trace is unneeded.
+            Thread.current.report_on_exception = false
             result = @session.run(command)
             out_wr << result.stdout
             err_wr << result.stderr
             out_wr.close
             err_wr.close
             result.exitcode
+          ensure
+            # Close the streams to avoid the caller deadlocking
+            out_wr.close
+            err_wr.close
           end
 
           [inp, out_rd, err_rd, th]

data/lib/bolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bolt
-  VERSION = '2.20.0'
+  VERSION = '2.21.0'
 end

data/modules/secure_env_vars/plans/init.pp

@@ -0,0 +1,20 @@
+plan secure_env_vars(
+  TargetSpec $targets,
+  Optional[String] $command = undef,
+  Optional[String] $script = undef
+) {
+  $env_vars = parsejson(system::env('BOLT_ENV_VARS'))
+  unless type($command) == Undef or type($script) == Undef {
+      fail_plan('Cannot specify both script and command for secure_env_vars')
+  }
+
+  return if $command {
+           run_command($command, $targets, '_env_vars' => $env_vars)
+         }
+         elsif $script {
+           run_script($script, $targets, '_env_vars' => $env_vars)
+         }
+         else {
+           fail_plan('Must specify either script or command for secure_env_vars')
+         }
+}

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bolt
 version: !ruby/object:Gem::Version
-  version: 2.20.0
+  version: 2.21.0
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-07-27 00:00:00.000000000 Z
+date: 2020-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -427,6 +427,7 @@ files:
 - bolt-modules/boltlib/types/targetspec.pp
 - bolt-modules/ctrl/lib/puppet/functions/ctrl/do_until.rb
 - bolt-modules/ctrl/lib/puppet/functions/ctrl/sleep.rb
+- bolt-modules/dir/lib/puppet/functions/dir/children.rb
 - bolt-modules/file/lib/puppet/functions/file/exists.rb
 - bolt-modules/file/lib/puppet/functions/file/join.rb
 - bolt-modules/file/lib/puppet/functions/file/read.rb
@@ -482,6 +483,7 @@ files:
 - lib/bolt/pal/yaml_plan/step/command.rb
 - lib/bolt/pal/yaml_plan/step/download.rb
 - lib/bolt/pal/yaml_plan/step/eval.rb
+- lib/bolt/pal/yaml_plan/step/message.rb
 - lib/bolt/pal/yaml_plan/step/plan.rb
 - lib/bolt/pal/yaml_plan/step/resources.rb
 - lib/bolt/pal/yaml_plan/step/script.rb
@@ -576,6 +578,7 @@ files:
 - modules/canary/lib/puppet/functions/canary/skip.rb
 - modules/canary/plans/init.pp
 - modules/puppetdb_fact/plans/init.pp
+- modules/secure_env_vars/plans/init.pp
 homepage: https://github.com/puppetlabs/bolt
 licenses:
 - Apache-2.0