RubyGems - bolt - Versions diffs - 2.24.1 → 2.29.0 - Mend

bolt 2.24.1 → 2.29.0

Potentially problematic release.

This version of bolt might be problematic. Click here for more details.

Files changed (50) hide show

checksums.yaml +4 -4
data/Puppetfile +1 -1
data/bolt-modules/boltlib/lib/puppet/datatypes/result.rb +2 -1
data/bolt-modules/boltlib/lib/puppet/functions/download_file.rb +1 -1
data/bolt-modules/dir/lib/puppet/functions/dir/children.rb +1 -1
data/lib/bolt/analytics.rb +7 -3
data/lib/bolt/applicator.rb +21 -21
data/lib/bolt/bolt_option_parser.rb +77 -26
data/lib/bolt/catalog.rb +4 -2
data/lib/bolt/cli.rb +135 -147
data/lib/bolt/config.rb +48 -25
data/lib/bolt/config/options.rb +34 -2
data/lib/bolt/executor.rb +1 -1
data/lib/bolt/inventory.rb +8 -1
data/lib/bolt/inventory/group.rb +1 -1
data/lib/bolt/inventory/inventory.rb +1 -1
data/lib/bolt/inventory/target.rb +1 -1
data/lib/bolt/logger.rb +35 -21
data/lib/bolt/outputter/logger.rb +1 -1
data/lib/bolt/pal.rb +21 -10
data/lib/bolt/pal/yaml_plan/evaluator.rb +1 -1
data/lib/bolt/plugin/puppetdb.rb +1 -1
data/lib/bolt/project.rb +62 -17
data/lib/bolt/puppetdb/client.rb +1 -1
data/lib/bolt/puppetdb/config.rb +1 -1
data/lib/bolt/puppetfile.rb +160 -0
data/lib/bolt/puppetfile/installer.rb +43 -0
data/lib/bolt/puppetfile/module.rb +89 -0
data/lib/bolt/r10k_log_proxy.rb +1 -1
data/lib/bolt/rerun.rb +2 -2
data/lib/bolt/result.rb +23 -0
data/lib/bolt/shell.rb +1 -1
data/lib/bolt/task.rb +1 -1
data/lib/bolt/transport/base.rb +5 -5
data/lib/bolt/transport/docker/connection.rb +1 -1
data/lib/bolt/transport/local/connection.rb +1 -1
data/lib/bolt/transport/ssh.rb +1 -1
data/lib/bolt/transport/ssh/connection.rb +1 -1
data/lib/bolt/transport/ssh/exec_connection.rb +1 -1
data/lib/bolt/transport/winrm.rb +1 -1
data/lib/bolt/transport/winrm/connection.rb +1 -1
data/lib/bolt/util.rb +30 -11
data/lib/bolt/version.rb +1 -1
data/lib/bolt_server/base_config.rb +1 -1
data/lib/bolt_server/config.rb +1 -1
data/lib/bolt_server/file_cache.rb +12 -12
data/lib/bolt_server/transport_app.rb +125 -26
data/lib/bolt_spec/bolt_context.rb +4 -4
data/lib/bolt_spec/run.rb +3 -0
metadata +11 -14

@@ -7,7 +7,7 @@ module Bolt
     def initialize
       super('bolt')
-      @logger = Logging.logger[self]
+      @logger = Bolt::Logger.logger(self)
     end
     def canonical_log(event)

data/lib/bolt/rerun.rb CHANGED

@@ -8,7 +8,7 @@ module Bolt
     def initialize(path, save_failures)
       @path = path
       @save_failures = save_failures
-      @logger = Logging.logger[self]
+      @logger = Bolt::Logger.logger(self)
     end
     def data
@@ -53,7 +53,7 @@ module Bolt
         end
       end
     rescue StandardError => e
-      @logger.warn("Failed to save result to #{@path}: #{e.message}")
+      Bolt::Logger.warn_once('unwriteable_file', "Failed to save result to #{@path}: #{e.message}")
     end
   end
 end

data/lib/bolt/result.rb CHANGED

@@ -65,6 +65,25 @@ module Bolt
                             'msg' => msg,
                             'details' => { 'exit_code' => exit_code } }
       end
+      if value.key?('_error')
+        unless value['_error'].is_a?(Hash) && value['_error'].key?('msg')
+          value['_error'] = {
+            'msg'     => "Invalid error returned from task #{task}: #{value['_error'].inspect}. Error "\
+                         "must be an object with a msg key.",
+            'kind'    => 'bolt/invalid-task-error',
+            'details' => { 'original_error' => value['_error'] }
+          }
+        end
+        value['_error']['kind']    ||= 'bolt/error'
+        value['_error']['details'] ||= {}
+      end
+      if value.key?('_sensitive')
+        value['_sensitive'] = Puppet::Pops::Types::PSensitiveType::Sensitive.new(value['_sensitive'])
+      end
       new(target, value: value, action: 'task', object: task)
     end
@@ -205,5 +224,9 @@ module Bolt
       end
     end
+    def sensitive
+      value['_sensitive']
+    end
   end
 end

data/lib/bolt/shell.rb CHANGED

@@ -7,7 +7,7 @@ module Bolt
     def initialize(target, conn)
       @target = target
       @conn = conn
-      @logger = Logging.logger[@target.safe_name]
+      @logger = Bolt::Logger.logger(@target.safe_name)
     end
     def run_command(*_args)

data/lib/bolt/task.rb CHANGED

@@ -26,7 +26,7 @@ module Bolt
       @metadata = metadata
       @files = files
       @remote = remote
-      @logger = Logging.logger[self]
+      @logger = Bolt::Logger.logger(self)
       validate_metadata
     end

data/lib/bolt/transport/base.rb CHANGED

@@ -40,17 +40,17 @@ module Bolt
       attr_reader :logger
       def initialize
-        @logger = Logging.logger[self]
+        @logger = Bolt::Logger.logger(self)
       end
       def with_events(target, callback, action)
         callback&.call(type: :node_start, target: target)
         result = begin
-                   yield
-                 rescue StandardError, NotImplementedError => e
-                   Bolt::Result.from_exception(target, e, action: action)
-                 end
+          yield
+        rescue StandardError, NotImplementedError => e
+          Bolt::Result.from_exception(target, e, action: action)
+        end
         callback&.call(type: :node_result, result: result)
         result

data/lib/bolt/transport/docker/connection.rb CHANGED

@@ -10,7 +10,7 @@ module Bolt
         def initialize(target)
           raise Bolt::ValidationError, "Target #{target.safe_name} does not have a host" unless target.host
           @target = target
-          @logger = Logging.logger[target.safe_name]
+          @logger = Bolt::Logger.logger(target.safe_name)
           @docker_host = @target.options['service-url']
           @logger.trace("Initializing docker connection to #{@target.safe_name}")
         end

data/lib/bolt/transport/local/connection.rb CHANGED

@@ -16,7 +16,7 @@ module Bolt
           @target = target
           # The familiar problem: Etc.getlogin is broken on osx
           @user = ENV['USER'] || Etc.getlogin
-          @logger = Logging.logger[self]
+          @logger = Bolt::Logger.logger(self)
         end
         def shell

data/lib/bolt/transport/ssh.rb CHANGED

@@ -17,7 +17,7 @@ module Bolt
         rescue LoadError
           logger.debug("Authentication method 'gssapi-with-mic' (Kerberos) is not available.")
         end
-        @transport_logger = Logging.logger[Net::SSH]
+        @transport_logger = Bolt::Logger.logger(Net::SSH)
         @transport_logger.level = :warn
       end

data/lib/bolt/transport/ssh/connection.rb CHANGED

@@ -26,7 +26,7 @@ module Bolt
           @user = @target.user || ssh_config[:user] || Etc.getlogin
           @strict_host_key_checking = ssh_config[:strict_host_key_checking]
-          @logger = Logging.logger[@target.safe_name]
+          @logger = Bolt::Logger.logger(@target.safe_name)
           @transport_logger = transport_logger
           @logger.trace("Initializing ssh connection to #{@target.safe_name}")

data/lib/bolt/transport/ssh/exec_connection.rb CHANGED

@@ -14,7 +14,7 @@ module Bolt
           @target = target
           ssh_config = Net::SSH::Config.for(target.host)
           @user = @target.user || ssh_config[:user] || Etc.getlogin
-          @logger = Logging.logger[self]
+          @logger = Bolt::Logger.logger(self)
         end
         # This is used to verify we can connect to targets with `connected?`

data/lib/bolt/transport/winrm.rb CHANGED

@@ -11,7 +11,7 @@ module Bolt
         require 'winrm'
         require 'winrm-fs'
-        @transport_logger = Logging.logger[::WinRM]
+        @transport_logger = Bolt::Logger.logger(::WinRM)
         @transport_logger.level = :warn
       end

data/lib/bolt/transport/winrm/connection.rb CHANGED

@@ -18,7 +18,7 @@ module Bolt
           @user = @target.user
           # Build set of extensions from extensions config as well as interpreters
-          @logger = Logging.logger[@target.safe_name]
+          @logger = Bolt::Logger.logger(@target.safe_name)
           logger.trace("Initializing winrm connection to #{@target.safe_name}")
           @transport_logger = transport_logger
         end

data/lib/bolt/util.rb CHANGED

@@ -3,10 +3,29 @@
 module Bolt
   module Util
     class << self
+      # Gets input for an argument.
+      def get_arg_input(value)
+        if value.start_with?('@')
+          file = value.sub(/^@/, '')
+          read_arg_file(file)
+        elsif value == '-'
+          $stdin.read
+        else
+          value
+        end
+      end
+      # Reads a file passed as an argument to a command.
+      def read_arg_file(file)
+        File.read(File.expand_path(file))
+      rescue StandardError => e
+        raise Bolt::FileError.new("Error attempting to read #{file}: #{e}", file)
+      end
       def read_yaml_hash(path, file_name)
         require 'yaml'
-        logger = Logging.logger[self]
+        logger = Bolt::Logger.logger(self)
         path = File.expand_path(path)
         content = File.open(path, "r:UTF-8") { |f| YAML.safe_load(f.read) } || {}
         unless content.is_a?(Hash)
@@ -179,16 +198,16 @@ module Bolt
           # object was frozen
           frozen = obj.frozen?
           cl = begin
-                 obj.clone(freeze: false)
-                 # Some datatypes, such as FalseClass, can't be unfrozen. These
-                 # aren't the types we recurse on, so we can leave them frozen
-               rescue ArgumentError => e
-                 if e.message =~ /can't unfreeze/
-                   obj.clone
-                 else
-                   raise e
-                 end
-               end
+            obj.clone(freeze: false)
+          # Some datatypes, such as FalseClass, can't be unfrozen. These
+          # aren't the types we recurse on, so we can leave them frozen
+          rescue ArgumentError => e
+            if e.message =~ /can't unfreeze/
+              obj.clone
+            else
+              raise e
+            end
+          end
         rescue *error_types
           cloned[obj.object_id] = obj
           obj

data/lib/bolt/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Bolt
-  VERSION = '2.24.1'
+  VERSION = '2.29.0'
 end

data/lib/bolt_server/base_config.rb CHANGED

@@ -7,7 +7,7 @@ module BoltServer
   class BaseConfig
     def config_keys
       %w[host port ssl-cert ssl-key ssl-ca-cert
-         ssl-cipher-suites loglevel logfile whitelist]
+         ssl-cipher-suites loglevel logfile whitelist projects-dir]
     end
     def env_keys

data/lib/bolt_server/config.rb CHANGED

@@ -7,7 +7,7 @@ require 'bolt/error'
 module BoltServer
   class Config < BoltServer::BaseConfig
     def config_keys
-      super + %w[concurrency cache-dir file-server-conn-timeout file-server-uri]
+      super + %w[concurrency cache-dir file-server-conn-timeout file-server-uri projects-dir]
     end
     def env_keys

data/lib/bolt_server/file_cache.rb CHANGED

@@ -33,7 +33,7 @@ module BoltServer
       @executor = executor
       @cache_dir = config['cache-dir']
       @config = config
-      @logger = Logging.logger[self]
+      @logger = Bolt::Logger.logger(self)
       @cache_dir_mutex = cache_dir_mutex
       if do_purge
@@ -64,17 +64,17 @@ module BoltServer
     def client
       @client ||= begin
-                    uri = URI(@config['file-server-uri'])
-                    https = Net::HTTP.new(uri.host, uri.port)
-                    https.use_ssl = true
-                    https.ssl_version = :TLSv1_2
-                    https.ca_file = @config['ssl-ca-cert']
-                    https.cert = OpenSSL::X509::Certificate.new(ssl_cert)
-                    https.key = OpenSSL::PKey::RSA.new(ssl_key)
-                    https.verify_mode = OpenSSL::SSL::VERIFY_PEER
-                    https.open_timeout = @config['file-server-conn-timeout']
-                    https
-                  end
+        uri = URI(@config['file-server-uri'])
+        https = Net::HTTP.new(uri.host, uri.port)
+        https.use_ssl = true
+        https.ssl_version = :TLSv1_2
+        https.ca_file = @config['ssl-ca-cert']
+        https.cert = OpenSSL::X509::Certificate.new(ssl_cert)
+        https.key = OpenSSL::PKey::RSA.new(ssl_key)
+        https.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        https.open_timeout = @config['file-server-conn-timeout']
+        https
+      end
     end
     def request_file(path, params, file)

data/lib/bolt_server/transport_app.rb CHANGED

@@ -5,6 +5,7 @@ require 'addressable/uri'
 require 'bolt'
 require 'bolt/error'
 require 'bolt/inventory'
+require 'bolt/project'
 require 'bolt/target'
 require 'bolt_server/file_cache'
 require 'bolt/task/puppet_server'
@@ -191,20 +192,44 @@ module BoltServer
     end
     def in_pe_pal_env(environment)
-      if environment.nil?
-        [400, '`environment` is a required argument']
-      else
-        @pal_mutex.synchronize do
-          pal = BoltServer::PE::PAL.new({}, environment)
-          yield pal
-        rescue Puppet::Environments::EnvironmentNotFound
-          [400, {
-            "class" => 'bolt/unknown-environment',
-            "message" => "Environment #{environment} not found"
-          }.to_json]
-        rescue Bolt::Error => e
-          [400, e.to_json]
-        end
+      return [400, '`environment` is a required argument'] if environment.nil?
+      @pal_mutex.synchronize do
+        pal = BoltServer::PE::PAL.new({}, environment)
+        yield pal
+      rescue Puppet::Environments::EnvironmentNotFound
+        [400, {
+          "class" => 'bolt/unknown-environment',
+          "message" => "Environment #{environment} not found"
+        }.to_json]
+      rescue Bolt::Error => e
+        [400, e.to_json]
+      end
+    end
+    def in_bolt_project(bolt_project)
+      return [400, '`project_ref` is a required argument'] if bolt_project.nil?
+      project_dir = File.join(@config['projects-dir'], bolt_project)
+      return [400, "`project_ref`: #{project_dir} does not exist"] unless Dir.exist?(project_dir)
+      @pal_mutex.synchronize do
+        project = Bolt::Project.create_project(project_dir)
+        bolt_config = Bolt::Config.from_project(project, { log: { 'bolt-debug.log' => 'disable' } })
+        pal = Bolt::PAL.new(bolt_config.modulepath, nil, nil, nil, nil, nil, bolt_config.project)
+        module_path = [
+          BoltServer::PE::PAL::PE_BOLTLIB_PATH,
+          Bolt::PAL::BOLTLIB_PATH,
+          *bolt_config.modulepath,
+          Bolt::PAL::MODULES_PATH
+        ]
+        # CODEREVIEW: I *think* this is the only thing we need to make different between bolt's PAL. Is it acceptable
+        # to hack this? Modulepath is currently a readable attribute, could we make it writeable?
+        pal.instance_variable_set(:@modulepath, module_path)
+        context = {
+          pal: pal,
+          config: bolt_config
+        }
+        yield context
+      rescue Bolt::Error => e
+        [400, e.to_json]
       end
     end
@@ -221,14 +246,12 @@ module BoltServer
       plan_info
     end
-    def build_puppetserver_uri(file_identifier, module_name, environment)
+    def build_puppetserver_uri(file_identifier, module_name, parameters)
       segments = file_identifier.split('/', 3)
       if segments.size == 1
         {
           'path' => "/puppet/v3/file_content/tasks/#{module_name}/#{file_identifier}",
-          'params' => {
-            'environment' => environment
-          }
+          'params' => parameters
         }
       else
         module_segment, mount_segment, name_segment = *segments
@@ -241,14 +264,12 @@ module BoltServer
                     when 'lib'
                       "/puppet/v3/file_content/plugins/#{name_segment}"
                     end,
-          'params' => {
-            'environment' => environment
-          }
+          'params' => parameters
         }
       end
     end
-    def pe_task_info(pal, module_name, task_name, environment)
+    def pe_task_info(pal, module_name, task_name, parameters)
       # Handle case where task name is simply module name with special `init` task
       task_name = if task_name == 'init' || task_name.nil?
                     module_name
@@ -261,7 +282,7 @@ module BoltServer
           'filename' => file_hash['name'],
           'sha256' => Digest::SHA256.hexdigest(File.read(file_hash['path'])),
           'size_bytes' => File.size(file_hash['path']),
-          'uri' => build_puppetserver_uri(file_hash['name'], module_name, environment)
+          'uri' => build_puppetserver_uri(file_hash['name'], module_name, parameters)
         }
       end
       {
@@ -271,6 +292,21 @@ module BoltServer
       }
     end
+    def allowed_helper(metadata, allowlist)
+      allowed = allowlist.nil? || allowlist.include?(metadata['name']) ? true : false
+      metadata.merge({ 'allowed' => allowed })
+    end
+    def task_list(pal)
+      tasks = pal.list_tasks
+      tasks.map { |task_name, _description| { 'name' => task_name } }
+    end
+    def plan_list(pal)
+      plans = pal.list_plans.flatten
+      plans.map { |plan_name| { 'name' => plan_name } }
+    end
     get '/' do
       200
     end
@@ -401,12 +437,40 @@ module BoltServer
       end
     end
+    # Fetches the metadata for a single plan
+    #
+    # @param project_ref [String] the project to fetch the plan from
+    get '/project_plans/:module_name/:plan_name' do
+      in_bolt_project(params['project_ref']) do |context|
+        plan_info = pe_plan_info(context[:pal], params[:module_name], params[:plan_name])
+        plan_info = allowed_helper(plan_info, context[:config].project.plans)
+        [200, plan_info.to_json]
+      end
+    end
     # Fetches the metadata for a single task
     #
     # @param environment [String] the environment to fetch the task from
     get '/tasks/:module_name/:task_name' do
       in_pe_pal_env(params['environment']) do |pal|
-        task_info = pe_task_info(pal, params[:module_name], params[:task_name], params['environment'])
+        ps_parameters = {
+          'environment' => params['environment']
+        }
+        task_info = pe_task_info(pal, params[:module_name], params[:task_name], ps_parameters)
+        [200, task_info.to_json]
+      end
+    end
+    # Fetches the metadata for a single task
+    #
+    # @param bolt_project_ref [String] the reference to the bolt-project directory to load task metadata from
+    get '/project_tasks/:module_name/:task_name' do
+      in_bolt_project(params['project_ref']) do |context|
+        ps_parameters = {
+          'project' => params['project_ref']
+        }
+        task_info = pe_task_info(context[:pal], params[:module_name], params[:task_name], ps_parameters)
+        task_info = allowed_helper(task_info, context[:config].project.tasks)
         [200, task_info.to_json]
       end
     end
@@ -435,13 +499,30 @@ module BoltServer
       end
     end
+    # Fetches the list of plans for a project
+    #
+    # @param project_ref [String] the project to fetch the list of plans from
+    get '/project_plans' do
+      in_bolt_project(params['project_ref']) do |context|
+        plans_response = plan_list(context[:pal])
+        # Dig in context for the allowlist of plans from project object
+        plans_response.map! { |metadata| allowed_helper(metadata, context[:config].project.plans) }
+        # We structure this array of plans to be an array of hashes so that it matches the structure
+        # returned by the puppetserver API that serves data like this. Structuring the output this way
+        # makes switching between puppetserver and bolt-server easier, which makes changes to switch
+        # to bolt-server smaller/simpler.
+        [200, plans_response.to_json]
+      end
+    end
     # Fetches the list of tasks for an environment
     #
     # @param environment [String] the environment to fetch the list of tasks from
     get '/tasks' do
       in_pe_pal_env(params['environment']) do |pal|
-        tasks = pal.list_tasks
-        tasks_response = tasks.map { |task_name, _description| { 'name' => task_name } }.to_json
+        tasks_response = task_list(pal).to_json
         # We structure this array of tasks to be an array of hashes so that it matches the structure
         # returned by the puppetserver API that serves data like this. Structuring the output this way
@@ -451,6 +532,24 @@ module BoltServer
       end
     end
+    # Fetches the list of tasks for a bolt-project
+    #
+    # @param project_ref [String] the project to fetch the list of tasks from
+    get '/project_tasks' do
+      in_bolt_project(params['project_ref']) do |context|
+        tasks_response = task_list(context[:pal])
+        # Dig in context for the allowlist of tasks from project object
+        tasks_response.map! { |metadata| allowed_helper(metadata, context[:config].project.tasks) }
+        # We structure this array of tasks to be an array of hashes so that it matches the structure
+        # returned by the puppetserver API that serves data like this. Structuring the output this way
+        # makes switching between puppetserver and bolt-server easier, which makes changes to switch
+        # to bolt-server smaller/simpler.
+        [200, tasks_response.to_json]
+      end
+    end
     error 404 do
       err = Bolt::Error.new("Could not find route #{request.path}",
                             'boltserver/not-found')