bolt 2.24.1 → 2.29.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a424969e4d64b199e77f75c0d67f2f8d668124dea01c8feaec98f7c8d6acd8a
-  data.tar.gz: c877c94c963b4dcca169b8bad3cf85fe547c1ca9a6050c9554fcc0685cb324b5
+  metadata.gz: ec167b23fc4ceec9d9b3048ae64582a3fcf2baa1eceb8100fb26cc3c6df95cb6
+  data.tar.gz: 4621d274f8c14f4986dae819755c0db162cd056fbd9412275a0bcffc2169edee
 SHA512:
-  metadata.gz: 7720901d8ad877de79b073b3d2d845e78845366bd3e556b4e9c7f4c3be7907e4f9bbf95de06a2583fa2b8d773494855bc3ff1d03fbd3a05217afa969caa1b703
-  data.tar.gz: f9f4ffb0512f5be6962497bec3f64f69e58f79862fb0337c7d7d67d8964a124afc01ea99cec2f39c12952943e06006d8bc99bb2651e592b909f599791d2b0b4d
+  metadata.gz: 1af9a8df65a1a95a7404a0b94f74bfeb9086e3a97ba03e1f19a53acbb626757249b69d812f7afe87e2da05a06d698f515b05313018a649621d98269eabfe2f93
+  data.tar.gz: 24f0b0f56451570d5e97d74ddb66556b48fd8c14a79fd7a0c09f10a4ef1c8590684ccee1675c4dd4126cdbcbc781bad6bf83ba2aa4d8ada0cd13279c15f53876

data/Puppetfile

@@ -6,7 +6,7 @@ moduledir File.join(File.dirname(__FILE__), 'modules')
 
 # Core modules used by 'apply'
 mod 'puppetlabs-service', '1.3.0'
-mod 'puppetlabs-puppet_agent', '3.2.0'
+mod 'puppetlabs-puppet_agent', '4.1.1'
 mod 'puppetlabs-facts', '1.0.0'
 
 # Core types and providers for Puppet 6

data/bolt-modules/boltlib/lib/puppet/datatypes/result.rb

@@ -9,11 +9,12 @@ Puppet::DataTypes.create_type('Result') do
     functions => {
       error => Callable[[], Optional[Error]],
       message => Callable[[], Optional[String]],
+      sensitive => Callable[[], Optional[Sensitive[Data]]],
       action => Callable[[], String],
       status => Callable[[], String],
       to_data => Callable[[], Hash],
       ok => Callable[[], Boolean],
-      '[]' => Callable[[String[1]], Data]
+      '[]' => Callable[[String[1]], Variant[Data, Sensitive[Data]]]
     }
   PUPPET
 

data/bolt-modules/boltlib/lib/puppet/functions/download_file.rb

@@ -96,7 +96,7 @@ Puppet::Functions.create_function(:download_file, Puppet::Functions::InternalFun
 
     # Paths expand relative to the default downloads directory for the project
     # e.g. ~/.puppetlabs/bolt/downloads/
-    destination = Puppet.lookup(:bolt_project_data).downloads + destination
+    destination = Puppet.lookup(:bolt_project).downloads + destination
 
     # If the destination directory already exists, delete any existing contents
     if Dir.exist?(destination)

data/bolt-modules/dir/lib/puppet/functions/dir/children.rb

@@ -25,7 +25,7 @@ Puppet::Functions.create_function(:'dir::children', Puppet::Functions::InternalF
     full_mod_path = File.join(mod_path, subpath || '') if mod_path
 
     # Expand relative to the project directory if path is relative
-    project = Puppet.lookup(:bolt_project_data)
+    project = Puppet.lookup(:bolt_project)
     pathname = Pathname.new(dirname)
     full_dir = pathname.absolute? ? dirname : File.expand_path(File.join(project.path, dirname))
 

data/lib/bolt/analytics.rb

@@ -27,7 +27,7 @@ module Bolt
     }.freeze
 
     def self.build_client
-      logger = Logging.logger[self]
+      logger = Bolt::Logger.logger(self)
       begin
         config_file = config_path(logger)
         config = load_config(config_file, logger)
@@ -93,6 +93,10 @@ module Bolt
     def self.write_config(filename, config)
       FileUtils.mkdir_p(File.dirname(filename))
       File.write(filename, config.to_yaml)
+    rescue StandardError => e
+      Bolt::Logger.warn_once('unwriteable_file', "Could not write analytics configuration to #{filename}.")
+      # This will get caught by build_client and create a NoopClient
+      raise e
     end
 
     class Client
@@ -106,7 +110,7 @@ module Bolt
         require 'httpclient'
         require 'locale'
 
-        @logger = Logging.logger[self]
+        @logger = Bolt::Logger.logger(self)
         @http = HTTPClient.new
         @user_id = user_id
         @executor = Concurrent.global_io_executor
@@ -210,7 +214,7 @@ module Bolt
       attr_accessor :bundled_content
 
       def initialize
-        @logger = Logging.logger[self]
+        @logger = Bolt::Logger.logger(self)
         @bundled_content = []
       end
 

data/lib/bolt/applicator.rb

@@ -28,7 +28,7 @@ module Bolt
       @apply_settings = apply_settings || {}
 
       @pool = Concurrent::ThreadPoolExecutor.new(name: 'apply', max_threads: max_compiles)
-      @logger = Logging.logger[self]
+      @logger = Bolt::Logger.logger(self)
     end
 
     private def libexec
@@ -50,15 +50,15 @@ module Bolt
 
     def catalog_apply_task
       @catalog_apply_task ||= begin
-                                path = File.join(libexec, 'apply_catalog.rb')
-                                file = { 'name' => 'apply_catalog.rb', 'path' => path }
-                                metadata = { 'supports_noop' => true, 'input_method' => 'stdin',
-                                             'implementations' => [
-                                               { 'name' => 'apply_catalog.rb' },
-                                               { 'name' => 'apply_catalog.rb', 'remote' => true }
-                                             ] }
-                                Bolt::Task.new('apply_helpers::apply_catalog', metadata, [file])
-                              end
+        path = File.join(libexec, 'apply_catalog.rb')
+        file = { 'name' => 'apply_catalog.rb', 'path' => path }
+        metadata = { 'supports_noop' => true, 'input_method' => 'stdin',
+                     'implementations' => [
+                       { 'name' => 'apply_catalog.rb' },
+                       { 'name' => 'apply_catalog.rb', 'remote' => true }
+                     ] }
+        Bolt::Task.new('apply_helpers::apply_catalog', metadata, [file])
+      end
     end
 
     def query_resources_task
@@ -75,34 +75,35 @@ module Bolt
       end
     end
 
-    def compile(target, catalog_input)
+    def compile(target, scope)
       # This simplified Puppet node object is what .local uses to determine the
       # certname of the target
       node = Puppet::Node.from_data_hash('name' => target.name,
                                          'parameters' => { 'clientcert' => target.name })
       trusted = Puppet::Context::TrustedInformation.local(node)
-      catalog_input[:target] = {
+      target_data = {
         name: target.name,
         facts: @inventory.facts(target).merge('bolt' => true),
         variables: @inventory.vars(target),
         trusted: trusted.to_h
       }
+      catalog_request = scope.merge(target: target_data)
 
       bolt_catalog_exe = File.join(libexec, 'bolt_catalog')
       old_path = ENV['PATH']
       ENV['PATH'] = "#{RbConfig::CONFIG['bindir']}#{File::PATH_SEPARATOR}#{old_path}"
-      out, err, stat = Open3.capture3('ruby', bolt_catalog_exe, 'compile', stdin_data: catalog_input.to_json)
+      out, err, stat = Open3.capture3('ruby', bolt_catalog_exe, 'compile', stdin_data: catalog_request.to_json)
       ENV['PATH'] = old_path
 
       # If bolt_catalog does not return valid JSON, we should print stderr to
       # see what happened
       print_logs = stat.success?
       result = begin
-                 JSON.parse(out)
-               rescue JSON::ParserError
-                 print_logs = true
-                 { 'message' => "Something's gone terribly wrong! STDERR is logged." }
-               end
+        JSON.parse(out)
+      rescue JSON::ParserError
+        print_logs = true
+        { 'message' => "Something's gone terribly wrong! STDERR is logged." }
+      end
 
       # Any messages logged by Puppet will be on stderr as JSON hashes, so we
       # parse those and store them here. Any message on stderr that is not
@@ -183,17 +184,16 @@ module Bolt
                                                                        type_by_reference: true,
                                                                        local_reference: true)
 
-      bolt_project = @project if @project&.name
       scope = {
         code_ast: ast,
         modulepath: @modulepath,
-        project: bolt_project.to_h,
+        project: @project.to_h,
         pdb_config: @pdb_client.config.to_hash,
         hiera_config: @hiera_config,
         plan_vars: plan_vars,
         # This data isn't available on the target config hash
         config: @inventory.transport_data_get
-      }
+      }.freeze
       description = options[:description] || 'apply catalog'
 
       required_modules = options[:required_modules].nil? ? nil : Array(options[:required_modules])

data/lib/bolt/bolt_option_parser.rb

@@ -64,6 +64,21 @@ module Bolt
       when 'guide'
         { flags: OPTIONS[:global] + %w[format],
           banner: GUIDE_HELP }
+      when 'module'
+        case action
+        when 'install'
+          { flags: OPTIONS[:global] + %w[configfile force project],
+            banner: MODULE_INSTALL_HELP }
+        when 'show'
+          { flags: OPTIONS[:global] + OPTIONS[:global_config_setters],
+            banner: MODULE_SHOW_HELP }
+        when 'generate-types'
+          { flags: OPTIONS[:global] + OPTIONS[:global_config_setters],
+            banner: MODULE_GENERATETYPES_HELP }
+        else
+          { flags: OPTIONS[:global],
+            banner: MODULE_HELP }
+        end
       when 'plan'
         case action
         when 'convert'
@@ -341,6 +356,59 @@ module Bolt
           Show the list of targets an action would run on.
     HELP
 
+    MODULE_HELP = <<~HELP
+      NAME
+          module
+      
+      USAGE
+          bolt module <action> [options]
+
+      DESCRIPTION
+          Install and list modules and generate type references
+
+      ACTIONS
+          generate-types        Generate type references to register in plans
+          install               Install the project's modules
+          show                  List modules available to the Bolt project
+    HELP
+
+    MODULE_INSTALL_HELP = <<~HELP
+      NAME
+          install
+      
+      USAGE
+          bolt module install [options]
+
+      DESCRIPTION
+          Install the project's modules.
+
+          Module declarations are loaded from the project's configuration
+          file. Bolt will automatically resolve all module dependencies,
+          generate a Puppetfile, and install the modules.
+    HELP
+
+    MODULE_GENERATETYPES_HELP = <<~HELP
+      NAME
+          generate-types
+
+      USAGE
+          bolt module generate-types [options]
+
+      DESCRIPTION
+          Generate type references to register in plans.
+    HELP
+
+    MODULE_SHOW_HELP = <<~HELP
+      NAME
+          show
+
+      USAGE
+          bolt module show [options]
+
+      DESCRIPTION
+          List modules available to the Bolt project.
+    HELP
+
     PLAN_HELP = <<~HELP
       NAME
           plan
@@ -366,11 +434,11 @@ module Bolt
           bolt plan convert <path> [options]
 
       DESCRIPTION
-          Convert a YAML plan to a Bolt plan.
+          Convert a YAML plan to a Puppet language plan and print the converted plan to stdout.
 
           Converting a YAML plan may result in a plan that is syntactically
           correct but has different behavior. Always verify a converted plan's
-          functionality.
+          functionality. Note that the converted plan is not written to a file.
 
       EXAMPLES
           bolt plan convert path/to/plan/myplan.yaml
@@ -421,9 +489,9 @@ module Bolt
           the plan, including a list of available parameters.
 
       EXAMPLES
-          Display a list of available tasks
+          Display a list of available plans
             bolt plan show
-          Display documentation for the canary task
+          Display documentation for the aggregate::count plan
             bolt plan show aggregate::count
     HELP
 
@@ -678,7 +746,7 @@ module Bolt
              'For SSH, port defaults to `22`',
              'For WinRM, port defaults to `5985` or `5986` based on the --[no-]ssl setting') do |targets|
         @options[:targets] ||= []
-        @options[:targets] << get_arg_input(targets)
+        @options[:targets] << Bolt::Util.get_arg_input(targets)
       end
       define('-q', '--query QUERY', 'Query PuppetDB to determine the targets') do |query|
         @options[:query] = query
@@ -828,7 +896,7 @@ module Bolt
              "This option is experimental.") do |exec|
         @options[:'copy-command'] = exec
       end
-      define('--connect-timeout TIMEOUT', Integer, 'Connection timeout (defaults vary)') do |timeout|
+      define('--connect-timeout TIMEOUT', Integer, 'Connection timeout in seconds (defaults vary)') do |timeout|
         @options[:'connect-timeout'] = timeout
       end
       define('--[no-]tty', 'Request a pseudo TTY on targets that support it') do |tty|
@@ -864,9 +932,9 @@ module Bolt
       define('--modules MODULES',
              'A comma-separated list of modules to install from the Puppet Forge',
              'when initializing a project. Resolves and installs all dependencies.') do |modules|
-        @options[:modules] = modules.split(',')
+        @options[:modules] = modules.split(',').map { |mod| { 'name' => mod } }
       end
-      define('--force', 'Overwrite existing key pairs') do |_force|
+      define('--force', 'Force a destructive action') do |_force|
         @options[:force] = true
       end
 
@@ -917,27 +985,10 @@ module Bolt
     end
 
     def parse_params(params)
-      json = get_arg_input(params)
+      json = Bolt::Util.get_arg_input(params)
       JSON.parse(json)
     rescue JSON::ParserError => e
       raise Bolt::CLIError, "Unable to parse --params value as JSON: #{e}"
     end
-
-    def get_arg_input(value)
-      if value.start_with?('@')
-        file = value.sub(/^@/, '')
-        read_arg_file(file)
-      elsif value == '-'
-        $stdin.read
-      else
-        value
-      end
-    end
-
-    def read_arg_file(file)
-      File.read(File.expand_path(file))
-    rescue StandardError => e
-      raise Bolt::FileError.new("Error attempting to read #{file}: #{e}", file)
-    end
   end
 end

data/lib/bolt/catalog.rb

@@ -57,8 +57,10 @@ module Bolt
 
     def compile_catalog(request)
       pdb_client = Bolt::PuppetDB::Client.new(Bolt::PuppetDB::Config.new(request['pdb_config']))
-      project = request['project'] || {}
-      bolt_project = Struct.new(:name, :path).new(project['name'], project['path']) unless project.empty?
+      project = request['project']
+      bolt_project = Struct.new(:name, :path, :load_as_module?).new(project['name'],
+                                                                    project['path'],
+                                                                    project['load_as_module?'])
       inv = Bolt::ApplyInventory.new(request['config'])
       puppet_overrides = {
         bolt_pdb_client: pdb_client,

data/lib/bolt/cli.rb

@@ -40,13 +40,14 @@ module Bolt
                  'group' => %w[show],
                  'project' => %w[init migrate],
                  'apply' => %w[],
-                 'guide' => %w[] }.freeze
+                 'guide' => %w[],
+                 'module' => %w[install show generate-types] }.freeze
 
     attr_reader :config, :options
 
     def initialize(argv)
       Bolt::Logger.initialize_logging
-      @logger = Logging.logger[self]
+      @logger = Bolt::Logger.logger(self)
       @argv = argv
       @options = {}
     end
@@ -79,7 +80,7 @@ module Bolt
 
     # Wrapper method that is called by the Bolt executable. Parses the command and
     # then loads the project and config. Once config is loaded, it completes the
-    # setup process by configuring Bolt and issuing warnings.
+    # setup process by configuring Bolt and logging messages.
     #
     # This separation is needed since the Bolt::Outputter class that normally handles
     # printing errors relies on config being loaded. All setup that happens before
@@ -106,6 +107,11 @@ module Bolt
 
       options[:object] = remaining.shift
 
+      # Handle reading a command from a file
+      if options[:subcommand] == 'command' && options[:object]
+        options[:object] = Bolt::Util.get_arg_input(options[:object])
+      end
+
       # Only parse task_options for task or plan
       if %w[task plan].include?(options[:subcommand])
         task_options, remaining = remaining.partition { |s| s =~ /.+=/ }
@@ -167,20 +173,17 @@ module Bolt
       raise e
     end
 
-    # Completes the setup process by configuring Bolt and issuing warnings
+    # Completes the setup process by configuring Bolt and log messages
     def finalize_setup
       Bolt::Logger.configure(config.log, config.color)
       Bolt::Logger.analytics = analytics
 
-      # Logger must be configured before checking path case and project file, otherwise warnings will not display
+      # Logger must be configured before checking path case and project file, otherwise logs will not display
       config.check_path_case('modulepath', config.modulepath)
       config.project.check_deprecated_file
 
-      # Log the file paths for loaded config files
-      config_loaded
-
-      # Display warnings created during parser and config initialization
-      config.warnings.each { |warning| @logger.warn(warning[:msg]) }
+      # Log messages created during parser and config initialization
+      config.logs.each { |log| @logger.send(log.keys[0], log.values[0]) }
       @parser_deprecations.each { |dep| Bolt::Logger.deprecation_warning(dep[:type], dep[:msg]) }
       config.deprecations.each { |dep| Bolt::Logger.deprecation_warning(dep[:type], dep[:msg]) }
 
@@ -213,10 +216,14 @@ module Bolt
     end
 
     def validate(options)
-      unless COMMANDS.include?(options[:subcommand])
+      # Disables the 'module' subcommand unless the module feature flag is set.
+      commands = COMMANDS.dup
+      commands.delete('module') unless ENV['BOLT_MODULE_FEATURE']
+
+      unless commands.include?(options[:subcommand])
         raise Bolt::CLIError,
               "Expected subcommand '#{options[:subcommand]}' to be one of " \
-              "#{COMMANDS.keys.join(', ')}"
+              "#{commands.keys.join(', ')}"
       end
 
       actions = COMMANDS[options[:subcommand]]
@@ -356,7 +363,7 @@ module Bolt
       # Initialize inventory and targets. Errors here are better to catch early.
       # options[:target_args] will contain a string/array version of the targetting options this is passed to plans
       # options[:targets] will contain a resolved set of Target objects
-      unless %w[project puppetfile secret guide].include?(options[:subcommand]) ||
+      unless %w[guide module project puppetfile secret].include?(options[:subcommand]) ||
              %w[convert new show].include?(options[:action])
         update_targets(options)
       end
@@ -407,6 +414,8 @@ module Bolt
           end
         when 'group'
           list_groups
+        when 'module'
+          list_modules
         end
         return 0
       when 'show-modules'
@@ -446,12 +455,19 @@ module Bolt
         when 'run'
           code = run_plan(options[:object], options[:task_options], options[:target_args], options)
         end
+      when 'module'
+        case options[:action]
+        when 'install'
+          code = install_project_modules
+        when 'generate-types'
+          code = generate_types
+        end
       when 'puppetfile'
         case options[:action]
         when 'generate-types'
           code = generate_types
         when 'install'
-          code = install_puppetfile(config.puppetfile_config, config.puppetfile, config.modulepath)
+          code = install_puppetfile(config.puppetfile_config, config.puppetfile, config.modulepath.first)
         end
       when 'secret'
         code = Bolt::Secret.execute(plugins, outputter, options)
@@ -801,36 +817,38 @@ module Bolt
       old_config = project + 'bolt.yaml'
       config     = project + 'bolt-project.yaml'
       puppetfile = project + 'Puppetfile'
-      modulepath = [project + 'modules']
+      moduledir  = project + 'modules'
+
+      # Warn the user if the project directory already exists. We don't error
+      # here since users might not have installed any modules yet. If both
+      # bolt.yaml and bolt-project.yaml exist, this will just warn about
+      # bolt-project.yaml and subsequent Bolt actions will warn about both files
+      # existing.
+      if config.exist?
+        @logger.warn "Found existing project directory at #{project}. Skipping file creation."
+      elsif old_config.exist?
+        @logger.warn "Found existing #{old_config.basename} at #{project}. "\
+                    "#{old_config.basename} is deprecated, please rename to #{config.basename}."
+      end
 
-      # If modules were specified, first check if there is already a Puppetfile at the project
-      # directory, erroring if there is. If there is no Puppetfile, generate the Puppetfile
-      # content by resolving the specified modules and all their dependencies.
-      # We generate the Puppetfile first so that any errors in resolving modules and their
-      # dependencies are caught early and do not create a project directory.
+      # If modules were specified, first check if there is already a Puppetfile
+      # at the project directory, erroring if there is. If there is no
+      # Puppetfile, install the specified modules. The module installer will
+      # resolve dependencies, generate a Puppetfile, and install the modules.
       if options[:modules]
         if puppetfile.exist?
           raise Bolt::CLIError,
-                "Found existing Puppetfile at #{puppetfile}, unable to initialize project with "\
-                "#{options[:modules].join(', ')}"
-        else
-          puppetfile_specs = resolve_puppetfile_specs
+                "Found existing Puppetfile at #{puppetfile}, unable to initialize "\
+                "project with modules."
         end
+
+        install_modules(puppetfile, {}, moduledir, options[:modules])
       end
 
-      # Warn the user if the project directory already exists. We don't error here since users
-      # might not have installed any modules yet.
-      # If both bolt.yaml and bolt-project.yaml exist, this will just warn
-      # about bolt-project.yaml and subsequent Bolt actions will warn about
-      # both files existing
-      if config.exist?
-        @logger.warn "Found existing project directory at #{project}. Skipping file creation."
-      # This won't get called if bolt-project.yaml exists
-      elsif old_config.exist?
-        @logger.warn "Found existing #{old_config.basename} at #{project}. "\
-          "#{old_config.basename} is deprecated, please rename to #{config.basename}."
-      # Bless the project directory as a...wait for it...project
-      else
+      # If either bolt.yaml or bolt-project.yaml exist, the user has already
+      # been warned and we can just finish project creation. Otherwise, create a
+      # bolt-project.yaml with the project name in it.
+      unless config.exist? || old_config.exist?
         begin
           content = { 'name' => name }
           File.write(config.to_path, content.to_yaml)
@@ -840,109 +858,86 @@ module Bolt
         end
       end
 
-      # Write the generated Puppetfile to the fancy new project
-      if puppetfile_specs
-        File.write(puppetfile, puppetfile_specs.join("\n"))
-        outputter.print_message "Successfully created Puppetfile at #{puppetfile}"
-        # Install the modules from our shiny new Puppetfile
-        if install_puppetfile({}, puppetfile, modulepath)
-          outputter.print_message "Successfully installed #{options[:modules].join(', ')}"
-        else
-          raise Bolt::CLIError, "Could not install #{options[:modules].join(', ')}"
-        end
-      end
-
       0
     end
 
-    # Resolves Puppetfile specs from user-specified modules and dependencies resolved
-    # by the puppetfile-resolver gem.
-    def resolve_puppetfile_specs
-      require 'puppetfile-resolver'
-
-      # Build the document model from the module names, defaulting to the latest version of each module
-      model = PuppetfileResolver::Puppetfile::Document.new('')
-      options[:modules].each do |mod_name|
-        model.add_module(
-          PuppetfileResolver::Puppetfile::ForgeModule.new(mod_name).tap { |mod| mod.version = :latest }
-        )
-      end
-
-      # Make sure the Puppetfile model is valid
-      unless model.valid?
-        raise Bolt::ValidationError,
-              "Unable to resolve dependencies for #{options[:modules].join(', ')}"
+    # Installs modules declared in the project configuration file.
+    #
+    def install_project_modules
+      if config.project.modules.nil?
+        outputter.print_message "Project configuration file '#{config.project.project_file}' "\
+                                "does not specify any module dependencies. Nothing to do."
+        return 0
       end
 
-      # Create the resolver using the Puppetfile model. nil disables Puppet version restrictions.
-      resolver = PuppetfileResolver::Resolver.new(model, nil)
-
-      # Configure and resolve the dependency graph
-      result = resolver.resolve(
-        cache:                 nil,
-        ui:                    nil,
-        module_paths:          [],
-        allow_missing_modules: true
+      install_modules(
+        config.puppetfile,
+        config.puppetfile_config,
+        config.project.path + '.modules',
+        config.project.modules
       )
+    end
 
-      # Validate that the modules exist
-      missing_graph = result.specifications.select do |_name, spec|
-        spec.instance_of? PuppetfileResolver::Models::MissingModuleSpecification
-      end
-
-      if missing_graph.any?
-        titles = model.modules.each_with_object({}) do |mod, acc|
-          acc[mod.name] = mod.title
+    # Installs modules declared in the project configuration file.
+    #
+    def install_modules(puppetfile_path, config, moduledir, modules)
+      require 'bolt/puppetfile'
+      require 'bolt/puppetfile/installer'
+
+      puppetfile = Bolt::Puppetfile.new(modules)
+
+      # If the Puppetfile exists, check if it includes specs for each declared
+      # module, erroring if there are any missing. Otherwise, resolve the
+      # module dependencies and write a new Puppetfile. Users can forcibly
+      # overwrite an existing Puppetfile with the '--force' option.
+      if puppetfile_path.exist? && !options[:force]
+        outputter.print_message "Parsing existing Puppetfile at #{puppetfile_path}"
+        existing = Bolt::Puppetfile.parse(puppetfile_path)
+
+        unless existing.modules.superset? puppetfile.modules
+          missing_modules = puppetfile.modules - existing.modules
+
+          message = <<~MESSAGE.chomp
+            Puppetfile #{puppetfile_path} is missing specifications for the following
+            module declarations:
+            
+            #{missing_modules.map(&:to_hash).to_yaml.lines.drop(1).join.chomp}
+
+            This may not be a Puppetfile managed by Bolt. To forcibly overwrite the
+            Puppetfile, run 'bolt module install --force'.
+          MESSAGE
+
+          raise Bolt::Error.new(message, 'bolt/missing-module-specs')
         end
-
-        names = titles.values_at(*missing_graph.keys)
-        plural = names.count == 1 ? '' : 's'
-
-        raise Bolt::ValidationError,
-              "Unknown module name#{plural} #{names.join(', ')}"
-      end
-
-      # Filter the dependency graph to only include module specifications
-      spec_graph = result.specifications.select do |_name, spec|
-        spec.instance_of? PuppetfileResolver::Models::ModuleSpecification
+      else
+        outputter.print_message "Resolving module dependencies, this may take a moment"
+        puppetfile.resolve
+        outputter.print_message "Writing Puppetfile at #{puppetfile_path}"
+        puppetfile.write(puppetfile_path, force: true)
       end
 
-      # Map specification models to a Puppetfile specification
-      spec_graph.values.map do |spec|
-        "mod '#{spec.owner}-#{spec.name}', '#{spec.version}'"
-      end
-    end
+      outputter.print_message "Syncing modules from #{puppetfile_path} to #{moduledir}"
+      ok = Bolt::Puppetfile::Installer.new(config).install(puppetfile_path, moduledir)
 
-    def install_puppetfile(config, puppetfile, modulepath)
-      require 'r10k/cli'
-      require 'bolt/r10k_log_proxy'
+      # Automatically generate types after installing modules.
+      pal.generate_types
 
-      if puppetfile.exist?
-        moduledir = modulepath.first.to_s
-        r10k_opts = {
-          root: puppetfile.dirname.to_s,
-          puppetfile: puppetfile.to_s,
-          moduledir: moduledir
-        }
+      outputter.print_puppetfile_result(ok, puppetfile_path, moduledir)
+      ok ? 0 : 1
+    end
 
-        settings = R10K::Settings.global_settings.evaluate(config)
-        R10K::Initializers::GlobalInitializer.new(settings).call
-        install_action = R10K::Action::Puppetfile::Install.new(r10k_opts, nil)
+    # Loads a Puppetfile and installs its modules.
+    #
+    def install_puppetfile(config, puppetfile, moduledir)
+      require 'bolt/puppetfile/installer'
 
-        # Override the r10k logger with a proxy to our own logger
-        R10K::Logging.instance_variable_set(:@outputter, Bolt::R10KLogProxy.new)
+      ok = Bolt::Puppetfile::Installer.new(config).install(puppetfile, moduledir)
 
-        ok = install_action.call
-        outputter.print_puppetfile_result(ok, puppetfile, moduledir)
-        # Automatically generate types after installing modules
-        pal.generate_types
+      # Automatically generate types after installing modules.
+      pal.generate_types
 
-        ok ? 0 : 1
-      else
-        raise Bolt::FileError.new("Could not find a Puppetfile at #{puppetfile}", puppetfile)
-      end
-    rescue R10K::Error => e
-      raise PuppetfileError, e
+      outputter.print_puppetfile_result(ok, puppetfile, moduledir)
+      ok ? 0 : 1
     end
 
     def pal
@@ -958,17 +953,17 @@ module Bolt
     # Collects the list of Bolt guides and maps them to their topics.
     def guides
       @guides ||= begin
-                    root_path = File.expand_path(File.join(__dir__, '..', '..', 'guides'))
-                    files     = Dir.children(root_path).sort
-
-                    files.each_with_object({}) do |file, guides|
-                      next if file !~ /\.txt\z/
-                      topic = File.basename(file, '.txt')
-                      guides[topic] = File.join(root_path, file)
-                    end
-                  rescue SystemCallError => e
-                    raise Bolt::FileError.new("#{e.message}: unable to load guides directory", root_path)
-                  end
+        root_path = File.expand_path(File.join(__dir__, '..', '..', 'guides'))
+        files     = Dir.children(root_path).sort
+
+        files.each_with_object({}) do |file, guides|
+          next if file !~ /\.txt\z/
+          topic = File.basename(file, '.txt')
+          guides[topic] = File.join(root_path, file)
+        end
+      rescue SystemCallError => e
+        raise Bolt::FileError.new("#{e.message}: unable to load guides directory", root_path)
+      end
     end
 
     # Display the list of available Bolt guides.
@@ -1019,10 +1014,10 @@ module Bolt
 
     def analytics
       @analytics ||= begin
-                       client = Bolt::Analytics.build_client
-                       client.bundled_content = bundled_content
-                       client
-                     end
+        client = Bolt::Analytics.build_client
+        client.bundled_content = bundled_content
+        client
+      end
     end
 
     def bundled_content
@@ -1057,17 +1052,10 @@ module Bolt
       content
     end
 
-    def config_loaded
-      msg = <<~MSG.chomp
-        Loaded configuration from: '#{config.config_files.join("', '")}'
-      MSG
-      @logger.info(msg)
-    end
-
     # Gem installs include the aggregate, canary, and puppetdb_fact modules, while
     # package installs include modules listed in the Bolt repo Puppetfile
     def incomplete_install?
-      (Dir.children(Bolt::PAL::MODULES_PATH) - %w[aggregate canary puppetdb_fact]).empty?
+      (Dir.children(Bolt::PAL::MODULES_PATH) - %w[aggregate canary puppetdb_fact secure_env_vars]).empty?
     end
 
     # Mimicks the output from Outputter::Human#fatal_error. This should be used to print