bolt 2.26.0 → 2.31.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 195c9ad94788e4811c9a90accb11515fc707346106827e15ef71995b016efbcc
-  data.tar.gz: 7259f2a7b9af58dab4b4f8224360fe8f1570e042c43b6becb183a0dd1257d91e
+  metadata.gz: 4b9f29b79c8544029c9a69f6dc76b083857a87e178c9aae0359e49c59ce3cfdb
+  data.tar.gz: 02166a6dda2dc381365b7556f506a419e2717267e88f6015af430f7f725d75d0
 SHA512:
-  metadata.gz: 2092172d760e7a806e865a3a1315ec2687cff1835b8b44addec9de208711a16be2193ff570a9cae65a620b6d9203575ccb64c2798c71509dd2fc1a0d41ca3399
-  data.tar.gz: 77828dd923626abe08c0bbf8ef0f30175462aab55a8584127359dde412f37b17d7cd952a4bd1be2ce115f47db4f8d6f4269eb455f063ff01ee1297a4637c03c8
+  metadata.gz: 3a282194ca9ccf988e7282afc3a3a0b57b4edc16bb5bf61790fb0eb0ef234e0c7a76c0ea6cd44915047a99e6d423311be1307f435d8000c568d0552268f6afa6
+  data.tar.gz: 957e6be1a72af03bd448fe070e6f9bb0b78aa1bb65e90a8bda251ef0f6c56e5ffaa8ff64aa0c5852963d9fecb87144b61ffd24494fe0aabcbdff43ecde9947a3

data/Puppetfile

@@ -7,33 +7,34 @@ moduledir File.join(File.dirname(__FILE__), 'modules')
 # Core modules used by 'apply'
 mod 'puppetlabs-service', '1.3.0'
 mod 'puppetlabs-puppet_agent', '4.1.1'
-mod 'puppetlabs-facts', '1.0.0'
+mod 'puppetlabs-facts', '1.1.0'
 
 # Core types and providers for Puppet 6
-mod 'puppetlabs-augeas_core', '1.0.5'
+mod 'puppetlabs-augeas_core', '1.1.1'
 mod 'puppetlabs-host_core', '1.0.3'
-mod 'puppetlabs-scheduled_task', '2.0.1'
-mod 'puppetlabs-sshkeys_core', '1.0.3'
-mod 'puppetlabs-zfs_core', '1.0.4'
-mod 'puppetlabs-cron_core', '1.0.3'
+mod 'puppetlabs-scheduled_task', '2.2.1'
+mod 'puppetlabs-sshkeys_core', '2.1.0'
+mod 'puppetlabs-zfs_core', '1.1.0'
+mod 'puppetlabs-cron_core', '1.0.4'
 mod 'puppetlabs-mount_core', '1.0.4'
 mod 'puppetlabs-selinux_core', '1.0.4'
-mod 'puppetlabs-yumrepo_core', '1.0.6'
+mod 'puppetlabs-yumrepo_core', '1.0.7'
 mod 'puppetlabs-zone_core', '1.0.3'
 
 # Useful additional modules
-mod 'puppetlabs-package', '1.1.0'
+mod 'puppetlabs-package', '1.3.0'
 mod 'puppetlabs-puppet_conf', '0.6.0'
 mod 'puppetlabs-python_task_helper', '0.4.3'
 mod 'puppetlabs-reboot', '3.0.0'
 mod 'puppetlabs-ruby_task_helper', '0.5.1'
 mod 'puppetlabs-ruby_plugin_helper', '0.1.0'
-mod 'puppetlabs-stdlib', '6.3.0'
+mod 'puppetlabs-stdlib', '6.5.0'
 
 # Plugin modules
-mod 'puppetlabs-aws_inventory', '0.5.0'
-mod 'puppetlabs-azure_inventory', '0.3.0'
-mod 'puppetlabs-gcloud_inventory', '0.1.1'
+mod 'puppetlabs-aws_inventory', '0.5.2'
+mod 'puppetlabs-azure_inventory', '0.4.1'
+mod 'puppetlabs-gcloud_inventory', '0.1.3'
+mod 'puppetlabs-http_request', '0.1.0'
 mod 'puppetlabs-pkcs7', '0.1.1'
 mod 'puppetlabs-terraform', '0.5.0'
 mod 'puppetlabs-vault', '0.3.0'

data/bolt-modules/boltlib/lib/puppet/functions/write_file.rb

@@ -6,15 +6,15 @@ require 'tempfile'
 #
 # > **Note:** Not available in apply block
 Puppet::Functions.create_function(:write_file) do
-  # @param targets A pattern identifying zero or more targets. See {get_targets} for accepted patterns.
   # @param content File content to write.
   # @param destination An absolute path on the target(s).
+  # @param targets A pattern identifying zero or more targets. See {get_targets} for accepted patterns.
   # @option options [Boolean] _catch_errors Whether to catch raised errors.
   # @option options [String] _run_as User to run as using privilege escalation.
   # @return A list of results, one entry per target.
   # @example Write a file to a target
   #   $content = 'Hello, world!'
-  #   write_file($targets, $content, '/Users/me/hello.txt')
+  #   write_file($content, '/Users/me/hello.txt', $targets)
   dispatch :write_file do
     required_param 'String', :content
     required_param 'String[1]', :destination

data/lib/bolt/analytics.rb

@@ -93,6 +93,10 @@ module Bolt
     def self.write_config(filename, config)
       FileUtils.mkdir_p(File.dirname(filename))
       File.write(filename, config.to_yaml)
+    rescue StandardError => e
+      Bolt::Logger.warn_once('unwriteable_file', "Could not write analytics configuration to #{filename}.")
+      # This will get caught by build_client and create a NoopClient
+      raise e
     end
 
     class Client

data/lib/bolt/applicator.rb

@@ -50,15 +50,15 @@ module Bolt
 
     def catalog_apply_task
       @catalog_apply_task ||= begin
-                                path = File.join(libexec, 'apply_catalog.rb')
-                                file = { 'name' => 'apply_catalog.rb', 'path' => path }
-                                metadata = { 'supports_noop' => true, 'input_method' => 'stdin',
-                                             'implementations' => [
-                                               { 'name' => 'apply_catalog.rb' },
-                                               { 'name' => 'apply_catalog.rb', 'remote' => true }
-                                             ] }
-                                Bolt::Task.new('apply_helpers::apply_catalog', metadata, [file])
-                              end
+        path = File.join(libexec, 'apply_catalog.rb')
+        file = { 'name' => 'apply_catalog.rb', 'path' => path }
+        metadata = { 'supports_noop' => true, 'input_method' => 'stdin',
+                     'implementations' => [
+                       { 'name' => 'apply_catalog.rb' },
+                       { 'name' => 'apply_catalog.rb', 'remote' => true }
+                     ] }
+        Bolt::Task.new('apply_helpers::apply_catalog', metadata, [file])
+      end
     end
 
     def query_resources_task
@@ -75,34 +75,35 @@ module Bolt
       end
     end
 
-    def compile(target, catalog_input)
+    def compile(target, scope)
       # This simplified Puppet node object is what .local uses to determine the
       # certname of the target
       node = Puppet::Node.from_data_hash('name' => target.name,
                                          'parameters' => { 'clientcert' => target.name })
       trusted = Puppet::Context::TrustedInformation.local(node)
-      catalog_input[:target] = {
+      target_data = {
         name: target.name,
         facts: @inventory.facts(target).merge('bolt' => true),
         variables: @inventory.vars(target),
         trusted: trusted.to_h
       }
+      catalog_request = scope.merge(target: target_data)
 
       bolt_catalog_exe = File.join(libexec, 'bolt_catalog')
       old_path = ENV['PATH']
       ENV['PATH'] = "#{RbConfig::CONFIG['bindir']}#{File::PATH_SEPARATOR}#{old_path}"
-      out, err, stat = Open3.capture3('ruby', bolt_catalog_exe, 'compile', stdin_data: catalog_input.to_json)
+      out, err, stat = Open3.capture3('ruby', bolt_catalog_exe, 'compile', stdin_data: catalog_request.to_json)
       ENV['PATH'] = old_path
 
       # If bolt_catalog does not return valid JSON, we should print stderr to
       # see what happened
       print_logs = stat.success?
       result = begin
-                 JSON.parse(out)
-               rescue JSON::ParserError
-                 print_logs = true
-                 { 'message' => "Something's gone terribly wrong! STDERR is logged." }
-               end
+        JSON.parse(out)
+      rescue JSON::ParserError
+        print_logs = true
+        { 'message' => "Something's gone terribly wrong! STDERR is logged." }
+      end
 
       # Any messages logged by Puppet will be on stderr as JSON hashes, so we
       # parse those and store them here. Any message on stderr that is not
@@ -192,7 +193,7 @@ module Bolt
         plan_vars: plan_vars,
         # This data isn't available on the target config hash
         config: @inventory.transport_data_get
-      }
+      }.freeze
       description = options[:description] || 'apply catalog'
 
       required_modules = options[:required_modules].nil? ? nil : Array(options[:required_modules])

data/lib/bolt/bolt_option_parser.rb

@@ -64,6 +64,24 @@ module Bolt
       when 'guide'
         { flags: OPTIONS[:global] + %w[format],
           banner: GUIDE_HELP }
+      when 'module'
+        case action
+        when 'add'
+          { flags: OPTIONS[:global] + %w[configfile project],
+            banner: MODULE_ADD_HELP }
+        when 'generate-types'
+          { flags: OPTIONS[:global] + OPTIONS[:global_config_setters],
+            banner: MODULE_GENERATETYPES_HELP }
+        when 'install'
+          { flags: OPTIONS[:global] + %w[configfile force project resolve],
+            banner: MODULE_INSTALL_HELP }
+        when 'show'
+          { flags: OPTIONS[:global] + OPTIONS[:global_config_setters],
+            banner: MODULE_SHOW_HELP }
+        else
+          { flags: OPTIONS[:global],
+            banner: MODULE_HELP }
+        end
       when 'plan'
         case action
         when 'convert'
@@ -169,6 +187,7 @@ module Bolt
           group             Show the list of groups in the inventory
           guide             View guides for Bolt concepts and features
           inventory         Show the list of targets an action would run on
+          module            Manage Bolt project modules
           plan              Convert, create, show, and run Bolt plans
           project           Create and migrate Bolt projects
           puppetfile        Install and list modules and generate type references
@@ -341,6 +360,87 @@ module Bolt
           Show the list of targets an action would run on.
     HELP
 
+    MODULE_HELP = <<~HELP
+      NAME
+          module
+      
+      USAGE
+          bolt module <action> [options]
+
+      DESCRIPTION
+          Manage Bolt project modules
+
+          The module command is only supported when a project is configured
+          with the 'modules' key.
+
+      ACTIONS
+          add                   Add a module to the project
+          generate-types        Generate type references to register in plans
+          install               Install the project's modules
+          show                  List modules available to the Bolt project
+    HELP
+
+    MODULE_ADD_HELP = <<~HELP
+      NAME
+          add
+      
+      USAGE
+          bolt module add <module> [options]
+
+      DESCRIPTION
+          Add a module to the project.
+
+          Module declarations are loaded from the project's configuration
+          file. Bolt will automatically resolve all module dependencies,
+          generate a Puppetfile, and install the modules.
+
+          The module command is only supported when a project is configured
+          with the 'modules' key.
+    HELP
+
+    MODULE_GENERATETYPES_HELP = <<~HELP
+      NAME
+          generate-types
+
+      USAGE
+          bolt module generate-types [options]
+
+      DESCRIPTION
+          Generate type references to register in plans.
+
+          The module command is only supported when a project is configured
+          with the 'modules' key.
+    HELP
+
+    MODULE_INSTALL_HELP = <<~HELP
+      NAME
+          install
+      
+      USAGE
+          bolt module install [options]
+
+      DESCRIPTION
+          Install the project's modules.
+
+          Module declarations are loaded from the project's configuration
+          file. Bolt will automatically resolve all module dependencies,
+          generate a Puppetfile, and install the modules.
+    HELP
+
+    MODULE_SHOW_HELP = <<~HELP
+      NAME
+          show
+
+      USAGE
+          bolt module show [options]
+
+      DESCRIPTION
+          List modules available to the Bolt project.
+
+          The module command is only supported when a project is configured
+          with the 'modules' key.
+    HELP
+
     PLAN_HELP = <<~HELP
       NAME
           plan
@@ -678,7 +778,7 @@ module Bolt
              'For SSH, port defaults to `22`',
              'For WinRM, port defaults to `5985` or `5986` based on the --[no-]ssl setting') do |targets|
         @options[:targets] ||= []
-        @options[:targets] << get_arg_input(targets)
+        @options[:targets] << Bolt::Util.get_arg_input(targets)
       end
       define('-q', '--query QUERY', 'Query PuppetDB to determine the targets') do |query|
         @options[:query] = query
@@ -828,7 +928,7 @@ module Bolt
              "This option is experimental.") do |exec|
         @options[:'copy-command'] = exec
       end
-      define('--connect-timeout TIMEOUT', Integer, 'Connection timeout (defaults vary)') do |timeout|
+      define('--connect-timeout TIMEOUT', Integer, 'Connection timeout in seconds (defaults vary)') do |timeout|
         @options[:'connect-timeout'] = timeout
       end
       define('--[no-]tty', 'Request a pseudo TTY on targets that support it') do |tty|
@@ -838,6 +938,13 @@ module Bolt
         @options[:tmpdir] = tmpdir
       end
 
+      separator "\nMODULE OPTIONS"
+      define('--[no-]resolve',
+             'Use --no-resolve to install modules listed in the Puppetfile without resolving modules configured',
+             'in Bolt project configuration') do |resolve|
+        @options[:resolve] = resolve
+      end
+
       separator "\nDISPLAY OPTIONS"
       define('--filter FILTER', 'Filter tasks and plans by a matching substring') do |filter|
         unless /^[a-z0-9_:]+$/.match(filter)
@@ -864,9 +971,9 @@ module Bolt
       define('--modules MODULES',
              'A comma-separated list of modules to install from the Puppet Forge',
              'when initializing a project. Resolves and installs all dependencies.') do |modules|
-        @options[:modules] = modules.split(',')
+        @options[:modules] = modules.split(',').map { |mod| { 'name' => mod } }
       end
-      define('--force', 'Overwrite existing key pairs') do |_force|
+      define('--force', 'Force a destructive action') do |_force|
         @options[:force] = true
       end
 
@@ -917,27 +1024,10 @@ module Bolt
     end
 
     def parse_params(params)
-      json = get_arg_input(params)
+      json = Bolt::Util.get_arg_input(params)
       JSON.parse(json)
     rescue JSON::ParserError => e
       raise Bolt::CLIError, "Unable to parse --params value as JSON: #{e}"
     end
-
-    def get_arg_input(value)
-      if value.start_with?('@')
-        file = value.sub(/^@/, '')
-        read_arg_file(file)
-      elsif value == '-'
-        $stdin.read
-      else
-        value
-      end
-    end
-
-    def read_arg_file(file)
-      File.read(File.expand_path(file))
-    rescue StandardError => e
-      raise Bolt::FileError.new("Error attempting to read #{file}: #{e}", file)
-    end
   end
 end

data/lib/bolt/catalog.rb

@@ -97,7 +97,7 @@ module Bolt
       }
 
       with_puppet_settings(puppet_settings) do
-        Puppet::Pal.in_tmp_environment('bolt_catalog', env_conf) do |pal|
+        Puppet::Pal.in_tmp_environment('bolt_catalog', **env_conf) do |pal|
           Puppet.override(puppet_overrides) do
             Puppet.lookup(:pal_current_node).trusted_data = target['trusted']
             pal.with_catalog_compiler do |compiler|

data/lib/bolt/cli.rb

@@ -20,27 +20,31 @@ require 'bolt/logger'
 require 'bolt/outputter'
 require 'bolt/puppetdb'
 require 'bolt/plugin'
-require 'bolt/project_migrate'
+require 'bolt/project_migrator'
 require 'bolt/pal'
 require 'bolt/target'
 require 'bolt/version'
 require 'bolt/secret'
+require 'bolt/module_installer'
 
 module Bolt
   class CLIExit < StandardError; end
   class CLI
-    COMMANDS = { 'command' => %w[run],
-                 'script' => %w[run],
-                 'task' => %w[show run],
-                 'plan' => %w[show run convert new],
-                 'file' => %w[download upload],
-                 'puppetfile' => %w[install show-modules generate-types],
-                 'secret' => %w[encrypt decrypt createkeys],
-                 'inventory' => %w[show],
-                 'group' => %w[show],
-                 'project' => %w[init migrate],
-                 'apply' => %w[],
-                 'guide' => %w[] }.freeze
+    COMMANDS = {
+      'command'    => %w[run],
+      'script'     => %w[run],
+      'task'       => %w[show run],
+      'plan'       => %w[show run convert new],
+      'file'       => %w[download upload],
+      'puppetfile' => %w[install show-modules generate-types],
+      'secret'     => %w[encrypt decrypt createkeys],
+      'inventory'  => %w[show],
+      'group'      => %w[show],
+      'project'    => %w[init migrate],
+      'module'     => %w[add generate-types install show],
+      'apply'      => %w[],
+      'guide'      => %w[]
+    }.freeze
 
     attr_reader :config, :options
 
@@ -98,6 +102,10 @@ module Bolt
       # This part aims to handle both `bolt <mode> --help` and `bolt help <mode>`.
       remaining = handle_parser_errors { parser.permute(@argv) } unless @argv.empty?
       if @argv.empty? || help?(remaining)
+        # If the subcommand is not enabled, display the default
+        # help text
+        options[:subcommand] = nil unless COMMANDS.include?(options[:subcommand])
+
         # Update the parser for the subcommand (or lack thereof)
         parser.update
         puts parser.help
@@ -106,6 +114,11 @@ module Bolt
 
       options[:object] = remaining.shift
 
+      # Handle reading a command from a file
+      if options[:subcommand] == 'command' && options[:object]
+        options[:object] = Bolt::Util.get_arg_input(options[:object])
+      end
+
       # Only parse task_options for task or plan
       if %w[task plan].include?(options[:subcommand])
         task_options, remaining = remaining.partition { |s| s =~ /.+=/ }
@@ -183,6 +196,10 @@ module Bolt
 
       warn_inventory_overrides_cli(options)
 
+      # Assert whether the puppetfile/module commands are available depending
+      # on whether 'modules' is configured.
+      assert_puppetfile_or_module_command(config.project.modules)
+
       options
     rescue Bolt::Error => e
       outputter.fatal_error(e)
@@ -230,12 +247,6 @@ module Bolt
         end
       end
 
-      if options[:subcommand] != 'file' && options[:subcommand] != 'script' &&
-         !options[:leftovers].empty?
-        raise Bolt::CLIError,
-              "Unknown argument(s) #{options[:leftovers].join(', ')}"
-      end
-
       if %w[task plan].include?(options[:subcommand]) && options[:action] == 'run'
         if options[:object].nil?
           raise Bolt::CLIError, "Must specify a #{options[:subcommand]} to run"
@@ -247,23 +258,6 @@ module Bolt
         end
       end
 
-      if options[:boltdir] && options[:configfile]
-        raise Bolt::CLIError, "Only one of '--boltdir', '--project', or '--configfile' may be specified"
-      end
-
-      if options[:noop] &&
-         !(options[:subcommand] == 'task' && options[:action] == 'run') && options[:subcommand] != 'apply'
-        raise Bolt::CLIError,
-              "Option '--noop' may only be specified when running a task or applying manifest code"
-      end
-
-      if options[:env_vars]
-        unless %w[command script].include?(options[:subcommand]) && options[:action] == 'run'
-          raise Bolt::CLIError,
-                "Option '--env-var' may only be specified when running a command or script"
-        end
-      end
-
       if options[:subcommand] == 'apply' && (options[:object] && options[:code])
         raise Bolt::CLIError, "--execute is unsupported when specifying a manifest file"
       end
@@ -286,6 +280,38 @@ module Bolt
         raise Bolt::CLIError, "Must specify a plan name."
       end
 
+      if options[:subcommand] == 'module' && options[:action] == 'add' && !options[:object]
+        raise Bolt::CLIError, "Must specify a module name."
+      end
+
+      if options[:subcommand] == 'module' && options[:action] == 'install' && options[:object]
+        raise Bolt::CLIError, "Invalid argument '#{options[:object]}'. To add a new module to "\
+                              "the project, run 'bolt module add #{options[:object]}'."
+      end
+
+      if options[:subcommand] != 'file' && options[:subcommand] != 'script' &&
+         !options[:leftovers].empty?
+        raise Bolt::CLIError,
+              "Unknown argument(s) #{options[:leftovers].join(', ')}"
+      end
+
+      if options[:boltdir] && options[:configfile]
+        raise Bolt::CLIError, "Only one of '--boltdir', '--project', or '--configfile' may be specified"
+      end
+
+      if options[:noop] &&
+         !(options[:subcommand] == 'task' && options[:action] == 'run') && options[:subcommand] != 'apply'
+        raise Bolt::CLIError,
+              "Option '--noop' may only be specified when running a task or applying manifest code"
+      end
+
+      if options[:env_vars]
+        unless %w[command script].include?(options[:subcommand]) && options[:action] == 'run'
+          raise Bolt::CLIError,
+                "Option '--env-var' may only be specified when running a command or script"
+        end
+      end
+
       if options.key?(:debug) && options.key?(:log)
         raise Bolt::CLIError, "Only one of '--debug' or '--log-level' may be specified"
       end
@@ -353,7 +379,7 @@ module Bolt
       # Initialize inventory and targets. Errors here are better to catch early.
       # options[:target_args] will contain a string/array version of the targetting options this is passed to plans
       # options[:targets] will contain a resolved set of Target objects
-      unless %w[project puppetfile secret guide].include?(options[:subcommand]) ||
+      unless %w[guide module project puppetfile secret].include?(options[:subcommand]) ||
              %w[convert new show].include?(options[:action])
         update_targets(options)
       end
@@ -379,7 +405,7 @@ module Bolt
                                   inventory_version: inventory.version)
       end
 
-      analytics.screen_view(screen, screen_view_fields)
+      analytics.screen_view(screen, **screen_view_fields)
 
       case options[:action]
       when 'show'
@@ -404,6 +430,8 @@ module Bolt
           end
         when 'group'
           list_groups
+        when 'module'
+          list_modules
         end
         return 0
       when 'show-modules'
@@ -432,9 +460,7 @@ module Bolt
         when 'init'
           code = initialize_project
         when 'migrate'
-          inv = config.inventoryfile
-          path = config.project.path
-          code = Bolt::ProjectMigrate.new(path, outputter, inv).migrate_project
+          code = Bolt::ProjectMigrator.new(config, outputter).migrate
         end
       when 'plan'
         case options[:action]
@@ -443,12 +469,25 @@ module Bolt
         when 'run'
           code = run_plan(options[:object], options[:task_options], options[:target_args], options)
         end
+      when 'module'
+        case options[:action]
+        when 'add'
+          code = add_project_module(options[:object], config.project)
+        when 'install'
+          code = install_project_modules(config.project, options[:force], options[:resolve])
+        when 'generate-types'
+          code = generate_types
+        end
       when 'puppetfile'
         case options[:action]
         when 'generate-types'
           code = generate_types
         when 'install'
-          code = install_puppetfile(config.puppetfile_config, config.puppetfile, config.modulepath)
+          code = install_puppetfile(
+            config.puppetfile_config,
+            config.puppetfile,
+            config.modulepath.first
+          )
         end
       when 'secret'
         code = Bolt::Secret.execute(plugins, outputter, options)
@@ -548,8 +587,24 @@ module Bolt
     end
 
     def list_targets
+      inventoryfile = config.inventoryfile || config.default_inventoryfile
+
+      # Retrieve the known group and target names. This needs to be done before
+      # updating targets, as that will add adhoc targets to the inventory.
+      known_names = inventory.target_names
+
       update_targets(options)
-      outputter.print_targets(options[:targets])
+
+      inventory_targets, adhoc_targets = options[:targets].partition do |target|
+        known_names.include?(target.name)
+      end
+
+      target_list = {
+        inventory: inventory_targets,
+        adhoc:     adhoc_targets
+      }
+
+      outputter.print_targets(target_list, inventoryfile)
     end
 
     def show_targets
@@ -578,10 +633,10 @@ module Bolt
         message = <<~MESSAGE.chomp
           Invalid plan name '#{plan_name}'. Plan names are composed of one or more name segments
           separated by double colons '::'.
-          
+
           Each name segment must begin with a lowercase letter, and may only include lowercase
           letters, digits, and underscores.
-          
+
           Examples of valid plan names:
               - #{config.project.name}
               - #{config.project.name}::my_plan
@@ -798,36 +853,39 @@ module Bolt
       old_config = project + 'bolt.yaml'
       config     = project + 'bolt-project.yaml'
       puppetfile = project + 'Puppetfile'
-      modulepath = [project + 'modules']
+      moduledir  = project + 'modules'
 
-      # If modules were specified, first check if there is already a Puppetfile at the project
-      # directory, erroring if there is. If there is no Puppetfile, generate the Puppetfile
-      # content by resolving the specified modules and all their dependencies.
-      # We generate the Puppetfile first so that any errors in resolving modules and their
-      # dependencies are caught early and do not create a project directory.
+      # Warn the user if the project directory already exists. We don't error
+      # here since users might not have installed any modules yet. If both
+      # bolt.yaml and bolt-project.yaml exist, this will just warn about
+      # bolt-project.yaml and subsequent Bolt actions will warn about both files
+      # existing.
+      if config.exist?
+        @logger.warn "Found existing project directory at #{project}. Skipping file creation."
+      elsif old_config.exist?
+        @logger.warn "Found existing #{old_config.basename} at #{project}. "\
+                    "#{old_config.basename} is deprecated, please rename to #{config.basename}."
+      end
+
+      # If modules were specified, first check if there is already a Puppetfile
+      # at the project directory, erroring if there is. If there is no
+      # Puppetfile, install the specified modules. The module installer will
+      # resolve dependencies, generate a Puppetfile, and install the modules.
       if options[:modules]
         if puppetfile.exist?
           raise Bolt::CLIError,
-                "Found existing Puppetfile at #{puppetfile}, unable to initialize project with "\
-                "#{options[:modules].join(', ')}"
-        else
-          puppetfile_specs = resolve_puppetfile_specs
+                "Found existing Puppetfile at #{puppetfile}, unable to initialize "\
+                "project with modules."
         end
+
+        installer = Bolt::ModuleInstaller.new(outputter, pal)
+        installer.install(options[:modules], puppetfile, moduledir)
       end
 
-      # Warn the user if the project directory already exists. We don't error here since users
-      # might not have installed any modules yet.
-      # If both bolt.yaml and bolt-project.yaml exist, this will just warn
-      # about bolt-project.yaml and subsequent Bolt actions will warn about
-      # both files existing
-      if config.exist?
-        @logger.warn "Found existing project directory at #{project}. Skipping file creation."
-      # This won't get called if bolt-project.yaml exists
-      elsif old_config.exist?
-        @logger.warn "Found existing #{old_config.basename} at #{project}. "\
-          "#{old_config.basename} is deprecated, please rename to #{config.basename}."
-      # Bless the project directory as a...wait for it...project
-      else
+      # If either bolt.yaml or bolt-project.yaml exist, the user has already
+      # been warned and we can just finish project creation. Otherwise, create a
+      # bolt-project.yaml with the project name in it.
+      unless config.exist? || old_config.exist?
         begin
           content = { 'name' => name }
           File.write(config.to_path, content.to_yaml)
@@ -837,113 +895,91 @@ module Bolt
         end
       end
 
-      # Write the generated Puppetfile to the fancy new project
-      if puppetfile_specs
-        File.write(puppetfile, puppetfile_specs.join("\n"))
-        outputter.print_message "Successfully created Puppetfile at #{puppetfile}"
-        # Install the modules from our shiny new Puppetfile
-        if install_puppetfile({}, puppetfile, modulepath)
-          outputter.print_message "Successfully installed #{options[:modules].join(', ')}"
-        else
-          raise Bolt::CLIError, "Could not install #{options[:modules].join(', ')}"
-        end
-      end
-
       0
     end
 
-    # Resolves Puppetfile specs from user-specified modules and dependencies resolved
-    # by the puppetfile-resolver gem.
-    def resolve_puppetfile_specs
-      require 'puppetfile-resolver'
-
-      # Build the document model from the module names, defaulting to the latest version of each module
-      model = PuppetfileResolver::Puppetfile::Document.new('')
-      options[:modules].each do |mod_name|
-        model.add_module(
-          PuppetfileResolver::Puppetfile::ForgeModule.new(mod_name).tap { |mod| mod.version = :latest }
-        )
-      end
-
-      # Make sure the Puppetfile model is valid
-      unless model.valid?
-        raise Bolt::ValidationError,
-              "Unable to resolve dependencies for #{options[:modules].join(', ')}"
-      end
-
-      # Create the resolver using the Puppetfile model. nil disables Puppet version restrictions.
-      resolver = PuppetfileResolver::Resolver.new(model, nil)
-
-      # Configure and resolve the dependency graph
-      result = resolver.resolve(
-        cache:                 nil,
-        ui:                    nil,
-        module_paths:          [],
-        allow_missing_modules: true
-      )
+    # Installs modules declared in the project configuration file.
+    #
+    def install_project_modules(project, force, resolve)
+      assert_project_file(project)
 
-      # Validate that the modules exist
-      missing_graph = result.specifications.select do |_name, spec|
-        spec.instance_of? PuppetfileResolver::Models::MissingModuleSpecification
+      unless project.modules
+        outputter.print_message "Project configuration file #{project.project_file} does not "\
+                                "specify any module dependencies. Nothing to do."
+        return 0
       end
 
-      if missing_graph.any?
-        titles = model.modules.each_with_object({}) do |mod, acc|
-          acc[mod.name] = mod.title
-        end
+      installer = Bolt::ModuleInstaller.new(outputter, pal)
 
-        names = titles.values_at(*missing_graph.keys)
-        plural = names.count == 1 ? '' : 's'
+      ok = installer.install(project.modules,
+                             project.puppetfile,
+                             project.managed_moduledir,
+                             force: force,
+                             resolve: resolve)
+      ok ? 0 : 1
+    end
 
-        raise Bolt::ValidationError,
-              "Unknown module name#{plural} #{names.join(', ')}"
-      end
+    # Adds a single module to the project.
+    #
+    def add_project_module(name, project)
+      assert_project_file(project)
+
+      modules   = project.modules || []
+      installer = Bolt::ModuleInstaller.new(outputter, pal)
+
+      ok = installer.add(name,
+                         modules,
+                         project.puppetfile,
+                         project.managed_moduledir,
+                         project.project_file)
+      ok ? 0 : 1
+    end
 
-      # Filter the dependency graph to only include module specifications
-      spec_graph = result.specifications.select do |_name, spec|
-        spec.instance_of? PuppetfileResolver::Models::ModuleSpecification
-      end
+    # Asserts that there is a project configuration file.
+    #
+    def assert_project_file(project)
+      unless project.project_file?
+        msg = if project.config_file.exist?
+                "Detected Bolt configuration file #{project.config_file}, unable to install "\
+                "modules. To update to a project configuration file, run 'bolt project migrate'."
+              else
+                "Could not find project configuration file #{project.project_file}, unable "\
+                "to install modules. To create a Bolt project, run 'bolt project init'."
+              end
 
-      # Map specification models to a Puppetfile specification
-      spec_graph.values.map do |spec|
-        "mod '#{spec.owner}-#{spec.name}', '#{spec.version}'"
+        raise Bolt::Error.new(msg, 'bolt/missing-project-config-error')
       end
     end
 
-    def install_puppetfile(config, puppetfile, modulepath)
-      require 'r10k/cli'
-      require 'bolt/r10k_log_proxy'
-
-      if puppetfile.exist?
-        moduledir = modulepath.first.to_s
-        r10k_opts = {
-          root: puppetfile.dirname.to_s,
-          puppetfile: puppetfile.to_s,
-          moduledir: moduledir
-        }
-
-        settings = R10K::Settings.global_settings.evaluate(config)
-        R10K::Initializers::GlobalInitializer.new(settings).call
-        install_action = R10K::Action::Puppetfile::Install.new(r10k_opts, nil)
-
-        # Override the r10k logger with a proxy to our own logger
-        R10K::Logging.instance_variable_set(:@outputter, Bolt::R10KLogProxy.new)
-
-        ok = install_action.call
-        outputter.print_puppetfile_result(ok, puppetfile, moduledir)
-        # Automatically generate types after installing modules
-        pal.generate_types
+    # Loads a Puppetfile and installs its modules.
+    #
+    def install_puppetfile(config, puppetfile, moduledir)
+      outputter.print_message("Installing modules from Puppetfile")
+      installer = Bolt::ModuleInstaller.new(outputter, pal)
+      ok = installer.install_puppetfile(puppetfile, moduledir, config)
+      ok ? 0 : 1
+    end
 
-        ok ? 0 : 1
-      else
-        raise Bolt::FileError.new("Could not find a Puppetfile at #{puppetfile}", puppetfile)
+    # Raises an error if the 'puppetfile install' command is deprecated due to
+    # modules being configured.
+    #
+    def assert_puppetfile_or_module_command(modules)
+      if modules && options[:subcommand] == 'puppetfile'
+        raise Bolt::CLIError,
+              "Unable to use command 'bolt puppetfile #{options[:action]}' when "\
+              "'modules' is configured in bolt-project.yaml. Use the 'module' command "\
+              "instead. For a list of available actions for the 'module' command, run "\
+              "'bolt module --help'."
+      elsif modules.nil? && options[:subcommand] == 'module'
+        raise Bolt::CLIError,
+              "Unable to use command 'bolt module #{options[:action]}'. To use "\
+              "this command, update your project configuration to manage module "\
+              "dependencies."
       end
-    rescue R10K::Error => e
-      raise PuppetfileError, e
     end
 
     def pal
-      @pal ||= Bolt::PAL.new(config.modulepath,
+      @pal ||= Bolt::PAL.new(Bolt::Config::Modulepath.new(config.modulepath),
                              config.hiera_config,
                              config.project.resource_types,
                              config.compile_concurrency,
@@ -955,17 +991,17 @@ module Bolt
     # Collects the list of Bolt guides and maps them to their topics.
     def guides
       @guides ||= begin
-                    root_path = File.expand_path(File.join(__dir__, '..', '..', 'guides'))
-                    files     = Dir.children(root_path).sort
-
-                    files.each_with_object({}) do |file, guides|
-                      next if file !~ /\.txt\z/
-                      topic = File.basename(file, '.txt')
-                      guides[topic] = File.join(root_path, file)
-                    end
-                  rescue SystemCallError => e
-                    raise Bolt::FileError.new("#{e.message}: unable to load guides directory", root_path)
-                  end
+        root_path = File.expand_path(File.join(__dir__, '..', '..', 'guides'))
+        files     = Dir.children(root_path).sort
+
+        files.each_with_object({}) do |file, guides|
+          next if file !~ /\.txt\z/
+          topic = File.basename(file, '.txt')
+          guides[topic] = File.join(root_path, file)
+        end
+      rescue SystemCallError => e
+        raise Bolt::FileError.new("#{e.message}: unable to load guides directory", root_path)
+      end
     end
 
     # Display the list of available Bolt guides.
@@ -1016,10 +1052,10 @@ module Bolt
 
     def analytics
       @analytics ||= begin
-                       client = Bolt::Analytics.build_client
-                       client.bundled_content = bundled_content
-                       client
-                     end
+        client = Bolt::Analytics.build_client
+        client.bundled_content = bundled_content
+        client
+      end
     end
 
     def bundled_content
@@ -1042,7 +1078,7 @@ module Bolt
                   'Task' => [],
                   'Plugin' => Bolt::Plugin::BUILTIN_PLUGINS }
       if %w[plan task].include?(options[:subcommand]) && options[:action] == 'run'
-        default_content = Bolt::PAL.new([], nil, nil)
+        default_content = Bolt::PAL.new(Bolt::Config::Modulepath.new([]), nil, nil)
         content['Plan'] = default_content.list_plans.each_with_object([]) do |iter, col|
           col << iter&.first
         end
@@ -1057,7 +1093,7 @@ module Bolt
     # Gem installs include the aggregate, canary, and puppetdb_fact modules, while
     # package installs include modules listed in the Bolt repo Puppetfile
     def incomplete_install?
-      (Dir.children(Bolt::PAL::MODULES_PATH) - %w[aggregate canary puppetdb_fact]).empty?
+      (Dir.children(Bolt::Config::Modulepath::MODULES_PATH) - %w[aggregate canary puppetdb_fact secure_env_vars]).empty?
     end
 
     # Mimicks the output from Outputter::Human#fatal_error. This should be used to print