bolt 2.23.0 → 2.27.0

data/lib/bolt/transport/local/connection.rb

@@ -16,7 +16,7 @@ module Bolt
           @target = target
           # The familiar problem: Etc.getlogin is broken on osx
           @user = ENV['USER'] || Etc.getlogin
-          @logger = Logging.logger[self]
+          @logger = Bolt::Logger.logger(self)
         end
 
         def shell
@@ -28,7 +28,7 @@ module Bolt
         end
 
         def upload_file(source, dest)
-          @logger.debug { "Uploading #{source}, to #{dest}" }
+          @logger.trace { "Uploading #{source} to #{dest}" }
           if source.is_a?(StringIO)
             Tempfile.create(File.basename(dest)) do |f|
               f.write(source.read)
@@ -46,7 +46,7 @@ module Bolt
         end
 
         def download_file(source, dest, _download)
-          @logger.debug { "Downloading #{source} to #{dest}" }
+          @logger.trace { "Downloading #{source} to #{dest}" }
           # Create the destination directory for the target, or the
           # copied file will have the target's name
           FileUtils.mkdir_p(dest)

data/lib/bolt/transport/orch.rb

@@ -38,7 +38,7 @@ module Bolt
           @connections.each_value do |conn|
             conn.finish_plan(result)
           rescue StandardError => e
-            @logger.debug("Failed to finish plan on #{conn.key}: #{e.message}")
+            @logger.trace("Failed to finish plan on #{conn.key}: #{e.message}")
           end
         end
       end
@@ -133,7 +133,7 @@ module Bolt
           next unless File.file?(file)
 
           tar_path = Pathname.new(file).relative_path_from(Pathname.new(directory))
-          @logger.debug("Packing #{file} to #{tar_path}")
+          @logger.trace("Packing #{file} to #{tar_path}")
           stat = File.stat(file)
           content = File.binread(file)
           output.tar.add_file_simple(
@@ -146,7 +146,7 @@ module Bolt
         end
 
         duration = Time.now - start_time
-        @logger.debug("Packed upload in #{duration * 1000} ms")
+        @logger.trace("Packed upload in #{duration * 1000} ms")
 
         output.close
         io.string

data/lib/bolt/transport/ssh.rb

@@ -17,7 +17,7 @@ module Bolt
         rescue LoadError
           logger.debug("Authentication method 'gssapi-with-mic' (Kerberos) is not available.")
         end
-        @transport_logger = Logging.logger[Net::SSH]
+        @transport_logger = Bolt::Logger.logger(Net::SSH)
         @transport_logger.level = :warn
       end
 

data/lib/bolt/transport/ssh/connection.rb

@@ -26,9 +26,9 @@ module Bolt
           @user = @target.user || ssh_config[:user] || Etc.getlogin
           @strict_host_key_checking = ssh_config[:strict_host_key_checking]
 
-          @logger = Logging.logger[@target.safe_name]
+          @logger = Bolt::Logger.logger(@target.safe_name)
           @transport_logger = transport_logger
-          @logger.debug("Initializing ssh connection to #{@target.safe_name}")
+          @logger.trace("Initializing ssh connection to #{@target.safe_name}")
 
           if target.options['private-key']&.instance_of?(String)
             begin
@@ -131,7 +131,7 @@ module Bolt
 
           @session = Net::SSH.start(target.host, @user, options)
           validate_ssh_version
-          @logger.debug { "Opened session" }
+          @logger.trace { "Opened session" }
         rescue Net::SSH::AuthenticationFailed => e
           raise Bolt::Node::ConnectError.new(
             e.message,
@@ -161,7 +161,7 @@ module Bolt
             rescue Timeout::Error
               @session.shutdown!
             end
-            @logger.debug { "Closed session" }
+            @logger.trace { "Closed session" }
           end
         end
 
@@ -237,7 +237,7 @@ module Bolt
 
         def upload_file(source, destination)
           # Do not log wrapper script content
-          @logger.debug { "Uploading #{source}, to #{destination}" } unless source.is_a?(StringIO)
+          @logger.trace { "Uploading #{source} to #{destination}" } unless source.is_a?(StringIO)
           @session.scp.upload!(source, destination, recursive: true)
         rescue StandardError => e
           raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')
@@ -245,7 +245,7 @@ module Bolt
 
         def download_file(source, destination, _download)
           # Do not log wrapper script content
-          @logger.debug { "Downloading #{source} to #{destination}" }
+          @logger.trace { "Downloading #{source} to #{destination}" }
           @session.scp.download!(source, destination, recursive: true)
         rescue StandardError => e
           raise Bolt::Node::FileError.new(e.message, 'WRITE_ERROR')

data/lib/bolt/transport/ssh/exec_connection.rb

@@ -14,7 +14,7 @@ module Bolt
           @target = target
           ssh_config = Net::SSH::Config.for(target.host)
           @user = @target.user || ssh_config[:user] || Etc.getlogin
-          @logger = Logging.logger[self]
+          @logger = Bolt::Logger.logger(self)
         end
 
         # This is used to verify we can connect to targets with `connected?`
@@ -66,7 +66,7 @@ module Bolt
         end
 
         def upload_file(source, dest)
-          @logger.debug { "Uploading #{source}, to #{userhost}:#{dest}" } unless source.is_a?(StringIO)
+          @logger.trace { "Uploading #{source} to #{dest}" } unless source.is_a?(StringIO)
 
           cp_conf = @target.transport_config['copy-command'] || ["scp", "-r"]
           cp_cmd = Array(cp_conf)
@@ -87,7 +87,7 @@ module Bolt
                          end
 
           if stat.success?
-            @logger.debug "Successfully uploaded #{source} to #{dest}"
+            @logger.trace "Successfully uploaded #{source} to #{dest}"
           else
             message = "Could not copy file to #{dest}: #{err}"
             raise Bolt::Node::FileError.new(message, 'COPY_ERROR')
@@ -95,7 +95,7 @@ module Bolt
         end
 
         def download_file(source, dest, _download)
-          @logger.debug { "Downloading #{userhost}:#{source} to #{dest}" }
+          @logger.trace { "Downloading #{userhost}:#{source} to #{dest}" }
 
           FileUtils.mkdir_p(dest)
 
@@ -108,7 +108,7 @@ module Bolt
           _, err, stat = Open3.capture3(*cp_cmd)
 
           if stat.success?
-            @logger.debug "Successfully downloaded #{userhost}:#{source} to #{dest}"
+            @logger.trace "Successfully downloaded #{userhost}:#{source} to #{dest}"
           else
             message = "Could not copy file to #{dest}: #{err}"
             raise Bolt::Node::FileError.new(message, 'COPY_ERROR')

data/lib/bolt/transport/winrm.rb

@@ -11,7 +11,7 @@ module Bolt
         require 'winrm'
         require 'winrm-fs'
 
-        @transport_logger = Logging.logger[::WinRM]
+        @transport_logger = Bolt::Logger.logger(::WinRM)
         @transport_logger.level = :warn
       end
 

data/lib/bolt/transport/winrm/connection.rb

@@ -18,8 +18,8 @@ module Bolt
           @user = @target.user
           # Build set of extensions from extensions config as well as interpreters
 
-          @logger = Logging.logger[@target.safe_name]
-          logger.debug("Initializing winrm connection to #{@target.safe_name}")
+          @logger = Bolt::Logger.logger(@target.safe_name)
+          logger.trace("Initializing winrm connection to #{@target.safe_name}")
           @transport_logger = transport_logger
         end
 
@@ -55,7 +55,7 @@ module Bolt
 
             @session = @connection.shell(:powershell)
             @session.run('$PSVersionTable.PSVersion')
-            @logger.debug { "Opened session" }
+            @logger.trace { "Opened session" }
           end
         rescue Timeout::Error
           # If we're using the default port with SSL, a timeout probably means the
@@ -97,11 +97,11 @@ module Bolt
         def disconnect
           @session&.close
           @client&.disconnect!
-          @logger.debug { "Closed session" }
+          @logger.trace { "Closed session" }
         end
 
         def execute(command)
-          @logger.debug { "Executing command: #{command}" }
+          @logger.trace { "Executing command: #{command}" }
 
           inp = StringIO.new
           # This transport doesn't accept stdin, so close the stream to ensure
@@ -134,12 +134,12 @@ module Bolt
             "with 'ulimit -n 1024'. See https://puppet.com/docs/bolt/latest/bolt_known_issues.html for details."
           raise Bolt::Error.new(msg, 'bolt/too-many-files')
         rescue StandardError
-          @logger.debug { "Command aborted" }
+          @logger.trace { "Command aborted" }
           raise
         end
 
         def upload_file(source, destination)
-          @logger.debug { "Uploading #{source}, to #{destination}" }
+          @logger.trace { "Uploading #{source} to #{destination}" }
           if target.options['file-protocol'] == 'smb'
             upload_file_smb(source, destination)
           else
@@ -185,7 +185,7 @@ module Bolt
         end
 
         def download_file(source, destination, download)
-          @logger.debug { "Downloading #{source} to #{destination}" }
+          @logger.trace { "Downloading #{source} to #{destination}" }
           if target.options['file-protocol'] == 'smb'
             download_file_smb(source, destination)
           else
@@ -257,7 +257,7 @@ module Bolt
           status = @client.login
           case status
           when WindowsError::NTStatus::STATUS_SUCCESS
-            @logger.debug { "Connected to #{@client.dns_host_name}" }
+            @logger.trace { "Connected to #{@client.dns_host_name}" }
           when WindowsError::NTStatus::STATUS_LOGON_FAILURE
             raise Bolt::Node::ConnectError.new(
               "SMB authentication failed for #{target.safe_name}",

data/lib/bolt/util.rb

@@ -6,14 +6,14 @@ module Bolt
       def read_yaml_hash(path, file_name)
         require 'yaml'
 
-        logger = Logging.logger[self]
+        logger = Bolt::Logger.logger(self)
         path = File.expand_path(path)
         content = File.open(path, "r:UTF-8") { |f| YAML.safe_load(f.read) } || {}
         unless content.is_a?(Hash)
           msg = "Invalid content for #{file_name} file: #{path} should be a Hash or empty, not #{content.class}"
           raise Bolt::FileError.new(msg, path)
         end
-        logger.debug("Loaded #{file_name} from #{path}")
+        logger.trace("Loaded #{file_name} from #{path}")
         content
       rescue Errno::ENOENT
         raise Bolt::FileError.new("Could not read #{file_name} file: #{path}", path)

data/lib/bolt/util/puppet_log_level.rb

@@ -4,9 +4,10 @@ module Bolt
   module Util
     module PuppetLogLevel
       MAPPING = {
-        debug: :debug,
-        info: :info,
-        notice: :notice,
+        # Demote Puppet's logs by one level, since Puppet is an implementation detail of Bolt
+        debug: :trace,
+        info: :debug,
+        notice: :info,
         warning: :warn,
         err: :error,
         # The following are used by Puppet functions of the same name, and are all treated as

data/lib/bolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bolt
-  VERSION = '2.23.0'
+  VERSION = '2.27.0'
 end

data/lib/bolt_server/base_config.rb

@@ -7,7 +7,7 @@ module BoltServer
   class BaseConfig
     def config_keys
       %w[host port ssl-cert ssl-key ssl-ca-cert
-         ssl-cipher-suites loglevel logfile whitelist]
+         ssl-cipher-suites loglevel logfile whitelist projects-dir]
     end
 
     def env_keys
@@ -16,7 +16,7 @@ module BoltServer
 
     def defaults
       { 'host' => '127.0.0.1',
-        'loglevel' => 'notice',
+        'loglevel' => 'warn',
         'ssl-cipher-suites' => %w[ECDHE-ECDSA-AES256-GCM-SHA384
                                   ECDHE-RSA-AES256-GCM-SHA384
                                   ECDHE-ECDSA-CHACHA20-POLY1305

data/lib/bolt_server/config.rb

@@ -7,7 +7,7 @@ require 'bolt/error'
 module BoltServer
   class Config < BoltServer::BaseConfig
     def config_keys
-      super + %w[concurrency cache-dir file-server-conn-timeout file-server-uri]
+      super + %w[concurrency cache-dir file-server-conn-timeout file-server-uri projects-dir]
     end
 
     def env_keys

data/lib/bolt_server/file_cache.rb

@@ -33,7 +33,7 @@ module BoltServer
       @executor = executor
       @cache_dir = config['cache-dir']
       @config = config
-      @logger = Logging.logger[self]
+      @logger = Bolt::Logger.logger(self)
       @cache_dir_mutex = cache_dir_mutex
 
       if do_purge

data/lib/bolt_server/transport_app.rb

@@ -5,6 +5,7 @@ require 'addressable/uri'
 require 'bolt'
 require 'bolt/error'
 require 'bolt/inventory'
+require 'bolt/project'
 require 'bolt/target'
 require 'bolt_server/file_cache'
 require 'bolt/task/puppet_server'
@@ -191,20 +192,44 @@ module BoltServer
     end
 
     def in_pe_pal_env(environment)
-      if environment.nil?
-        [400, '`environment` is a required argument']
-      else
-        @pal_mutex.synchronize do
-          pal = BoltServer::PE::PAL.new({}, environment)
-          yield pal
-        rescue Puppet::Environments::EnvironmentNotFound
-          [400, {
-            "class" => 'bolt/unknown-environment',
-            "message" => "Environment #{environment} not found"
-          }.to_json]
-        rescue Bolt::Error => e
-          [400, e.to_json]
-        end
+      return [400, '`environment` is a required argument'] if environment.nil?
+      @pal_mutex.synchronize do
+        pal = BoltServer::PE::PAL.new({}, environment)
+        yield pal
+      rescue Puppet::Environments::EnvironmentNotFound
+        [400, {
+          "class" => 'bolt/unknown-environment',
+          "message" => "Environment #{environment} not found"
+        }.to_json]
+      rescue Bolt::Error => e
+        [400, e.to_json]
+      end
+    end
+
+    def in_bolt_project(bolt_project)
+      return [400, '`project_ref` is a required argument'] if bolt_project.nil?
+      project_dir = File.join(@config['projects-dir'], bolt_project)
+      return [400, "`project_ref`: #{project_dir} does not exist"] unless Dir.exist?(project_dir)
+      @pal_mutex.synchronize do
+        project = Bolt::Project.create_project(project_dir)
+        bolt_config = Bolt::Config.from_project(project, {})
+        pal = Bolt::PAL.new(bolt_config.modulepath, nil, nil, nil, nil, nil, bolt_config.project)
+        module_path = [
+          BoltServer::PE::PAL::PE_BOLTLIB_PATH,
+          Bolt::PAL::BOLTLIB_PATH,
+          *bolt_config.modulepath,
+          Bolt::PAL::MODULES_PATH
+        ]
+        # CODEREVIEW: I *think* this is the only thing we need to make different between bolt's PAL. Is it acceptable
+        # to hack this? Modulepath is currently a readable attribute, could we make it writeable?
+        pal.instance_variable_set(:@modulepath, module_path)
+        context = {
+          pal: pal,
+          config: bolt_config
+        }
+        yield context
+      rescue Bolt::Error => e
+        [400, e.to_json]
       end
     end
 
@@ -221,6 +246,67 @@ module BoltServer
       plan_info
     end
 
+    def build_puppetserver_uri(file_identifier, module_name, parameters)
+      segments = file_identifier.split('/', 3)
+      if segments.size == 1
+        {
+          'path' => "/puppet/v3/file_content/tasks/#{module_name}/#{file_identifier}",
+          'params' => parameters
+        }
+      else
+        module_segment, mount_segment, name_segment = *segments
+        {
+          'path' => case mount_segment
+                    when 'files'
+                      "/puppet/v3/file_content/modules/#{module_segment}/#{name_segment}"
+                    when 'tasks'
+                      "/puppet/v3/file_content/tasks/#{module_segment}/#{name_segment}"
+                    when 'lib'
+                      "/puppet/v3/file_content/plugins/#{name_segment}"
+                    end,
+          'params' => parameters
+        }
+      end
+    end
+
+    def pe_task_info(pal, module_name, task_name, parameters)
+      # Handle case where task name is simply module name with special `init` task
+      task_name = if task_name == 'init' || task_name.nil?
+                    module_name
+                  else
+                    "#{module_name}::#{task_name}"
+                  end
+      task = pal.get_task(task_name)
+      files = task.files.map do |file_hash|
+        {
+          'filename' => file_hash['name'],
+          'sha256' => Digest::SHA256.hexdigest(File.read(file_hash['path'])),
+          'size_bytes' => File.size(file_hash['path']),
+          'uri' => build_puppetserver_uri(file_hash['name'], module_name, parameters)
+        }
+      end
+      {
+        'metadata' => task.metadata,
+        'name' => task.name,
+        'files' => files
+      }
+    end
+
+    def allowed_helper(metadata, allowlist)
+      allowed = allowlist.nil? || allowlist.include?(metadata['name']) ? true : false
+      metadata.merge({ 'allowed' => allowed })
+    end
+
+    def task_list(pal)
+      tasks = pal.list_tasks
+      tasks.map { |task_name, _description| { 'name' => task_name } }
+    end
+
+    def plan_list(pal)
+      plans = pal.list_plans.flatten
+      plans.map { |plan_name| { 'name' => plan_name } }
+    end
+
     get '/' do
       200
     end
@@ -351,6 +437,44 @@ module BoltServer
       end
     end
 
+    # Fetches the metadata for a single plan
+    #
+    # @param project_ref [String] the project to fetch the plan from
+    get '/project_plans/:module_name/:plan_name' do
+      in_bolt_project(params['project_ref']) do |context|
+        plan_info = pe_plan_info(context[:pal], params[:module_name], params[:plan_name])
+        plan_info = allowed_helper(plan_info, context[:config].project.plans)
+        [200, plan_info.to_json]
+      end
+    end
+
+    # Fetches the metadata for a single task
+    #
+    # @param environment [String] the environment to fetch the task from
+    get '/tasks/:module_name/:task_name' do
+      in_pe_pal_env(params['environment']) do |pal|
+        ps_parameters = {
+          'environment' => params['environment']
+        }
+        task_info = pe_task_info(pal, params[:module_name], params[:task_name], ps_parameters)
+        [200, task_info.to_json]
+      end
+    end
+
+    # Fetches the metadata for a single task
+    #
+    # @param bolt_project_ref [String] the reference to the bolt-project directory to load task metadata from
+    get '/project_tasks/:module_name/:task_name' do
+      in_bolt_project(params['project_ref']) do |context|
+        ps_parameters = {
+          'project' => params['project_ref']
+        }
+        task_info = pe_task_info(context[:pal], params[:module_name], params[:task_name], ps_parameters)
+        task_info = allowed_helper(task_info, context[:config].project.tasks)
+        [200, task_info.to_json]
+      end
+    end
+
     # Fetches the list of plans for an environment, optionally fetching all metadata for each plan
     #
     # @param environment [String] the environment to fetch the list of plans from
@@ -375,6 +499,57 @@ module BoltServer
       end
     end
 
+    # Fetches the list of plans for a project
+    #
+    # @param project_ref [String] the project to fetch the list of plans from
+    get '/project_plans' do
+      in_bolt_project(params['project_ref']) do |context|
+        plans_response = plan_list(context[:pal])
+
+        # Dig in context for the allowlist of plans from project object
+        plans_response.map! { |metadata| allowed_helper(metadata, context[:config].project.plans) }
+
+        # We structure this array of plans to be an array of hashes so that it matches the structure
+        # returned by the puppetserver API that serves data like this. Structuring the output this way
+        # makes switching between puppetserver and bolt-server easier, which makes changes to switch
+        # to bolt-server smaller/simpler.
+        [200, plans_response.to_json]
+      end
+    end
+
+    # Fetches the list of tasks for an environment
+    #
+    # @param environment [String] the environment to fetch the list of tasks from
+    get '/tasks' do
+      in_pe_pal_env(params['environment']) do |pal|
+        tasks_response = task_list(pal).to_json
+
+        # We structure this array of tasks to be an array of hashes so that it matches the structure
+        # returned by the puppetserver API that serves data like this. Structuring the output this way
+        # makes switching between puppetserver and bolt-server easier, which makes changes to switch
+        # to bolt-server smaller/simpler.
+        [200, tasks_response]
+      end
+    end
+
+    # Fetches the list of tasks for a bolt-project
+    #
+    # @param project_ref [String] the project to fetch the list of tasks from
+    get '/project_tasks' do
+      in_bolt_project(params['project_ref']) do |context|
+        tasks_response = task_list(context[:pal])
+
+        # Dig in context for the allowlist of tasks from project object
+        tasks_response.map! { |metadata| allowed_helper(metadata, context[:config].project.tasks) }
+
+        # We structure this array of tasks to be an array of hashes so that it matches the structure
+        # returned by the puppetserver API that serves data like this. Structuring the output this way
+        # makes switching between puppetserver and bolt-server easier, which makes changes to switch
+        # to bolt-server smaller/simpler.
+        [200, tasks_response.to_json]
+      end
+    end
+
     error 404 do
       err = Bolt::Error.new("Could not find route #{request.path}",
                             'boltserver/not-found')