bolt 2.29.0 → 2.33.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ec167b23fc4ceec9d9b3048ae64582a3fcf2baa1eceb8100fb26cc3c6df95cb6
-  data.tar.gz: 4621d274f8c14f4986dae819755c0db162cd056fbd9412275a0bcffc2169edee
+  metadata.gz: 956382104b8c11e17fdafa4349b50ec3d7c5ce6b03eaa57ce429bbfad768f8d3
+  data.tar.gz: dd838e10c07c8f0f87266ff5edf3af4f5595fab45e6aab0ebf82e381226d3897
 SHA512:
-  metadata.gz: 1af9a8df65a1a95a7404a0b94f74bfeb9086e3a97ba03e1f19a53acbb626757249b69d812f7afe87e2da05a06d698f515b05313018a649621d98269eabfe2f93
-  data.tar.gz: 24f0b0f56451570d5e97d74ddb66556b48fd8c14a79fd7a0c09f10a4ef1c8590684ccee1675c4dd4126cdbcbc781bad6bf83ba2aa4d8ada0cd13279c15f53876
+  metadata.gz: 6c2b97a1c268d0fd93f1086efe623c740b74d9d1318596b9a74720e0e944455e244bfc2be2d02ba18634ed543a6ad87f6f27b88dc19189b22cd8fa495b75de02
+  data.tar.gz: cff4bdac98aad6247866f989f9f3814dd11497fd73d90b08ecf15824ef0ee2b36c73fffeb296ecb8a6cae19eb2e71ec7b834dfe461fdbadd06d46b05b560a758

data/Puppetfile

@@ -6,35 +6,37 @@ moduledir File.join(File.dirname(__FILE__), 'modules')
 
 # Core modules used by 'apply'
 mod 'puppetlabs-service', '1.3.0'
-mod 'puppetlabs-puppet_agent', '4.1.1'
-mod 'puppetlabs-facts', '1.0.0'
+mod 'puppetlabs-puppet_agent', '4.2.0'
+mod 'puppetlabs-facts', '1.2.0'
 
 # Core types and providers for Puppet 6
-mod 'puppetlabs-augeas_core', '1.0.5'
+mod 'puppetlabs-augeas_core', '1.1.1'
 mod 'puppetlabs-host_core', '1.0.3'
-mod 'puppetlabs-scheduled_task', '2.0.1'
-mod 'puppetlabs-sshkeys_core', '1.0.3'
-mod 'puppetlabs-zfs_core', '1.0.4'
-mod 'puppetlabs-cron_core', '1.0.3'
+mod 'puppetlabs-scheduled_task', '2.2.1'
+mod 'puppetlabs-sshkeys_core', '2.2.0'
+mod 'puppetlabs-zfs_core', '1.2.0'
+mod 'puppetlabs-cron_core', '1.0.5'
 mod 'puppetlabs-mount_core', '1.0.4'
 mod 'puppetlabs-selinux_core', '1.0.4'
-mod 'puppetlabs-yumrepo_core', '1.0.6'
+mod 'puppetlabs-yumrepo_core', '1.0.7'
 mod 'puppetlabs-zone_core', '1.0.3'
 
 # Useful additional modules
-mod 'puppetlabs-package', '1.1.0'
+mod 'puppetlabs-package', '1.3.0'
 mod 'puppetlabs-puppet_conf', '0.6.0'
 mod 'puppetlabs-python_task_helper', '0.4.3'
 mod 'puppetlabs-reboot', '3.0.0'
 mod 'puppetlabs-ruby_task_helper', '0.5.1'
 mod 'puppetlabs-ruby_plugin_helper', '0.1.0'
-mod 'puppetlabs-stdlib', '6.3.0'
+mod 'puppetlabs-stdlib', '6.5.0'
 
 # Plugin modules
-mod 'puppetlabs-aws_inventory', '0.5.0'
-mod 'puppetlabs-azure_inventory', '0.3.0'
-mod 'puppetlabs-gcloud_inventory', '0.1.1'
+mod 'puppetlabs-aws_inventory', '0.5.2'
+mod 'puppetlabs-azure_inventory', '0.4.1'
+mod 'puppetlabs-gcloud_inventory', '0.1.3'
+mod 'puppetlabs-http_request', '0.2.0'
 mod 'puppetlabs-pkcs7', '0.1.1'
+mod 'puppetlabs-secure_env_vars', '0.1.0'
 mod 'puppetlabs-terraform', '0.5.0'
 mod 'puppetlabs-vault', '0.3.0'
 mod 'puppetlabs-yaml', '0.2.0'
@@ -43,4 +45,3 @@ mod 'puppetlabs-yaml', '0.2.0'
 mod 'canary', local: true
 mod 'aggregate', local: true
 mod 'puppetdb_fact', local: true
-mod 'secure_env_vars', local: true

data/bolt-modules/boltlib/lib/puppet/functions/download_file.rb

@@ -112,7 +112,7 @@ Puppet::Functions.create_function(:download_file, Puppet::Functions::InternalFun
       call_function('debug', "Simulating file download of '#{source}' - no targets given - no action taken")
       r = Bolt::ResultSet.new([])
     else
-      r = executor.download_file(targets, source, destination, options)
+      r = executor.download_file(targets, source, destination, options, Puppet::Pops::PuppetStack.top_of_stack)
     end
 
     if !r.ok && !options[:catch_errors]

data/bolt-modules/boltlib/lib/puppet/functions/facts.rb

@@ -3,6 +3,12 @@
 require 'bolt/error'
 
 # Returns the facts hash for a target.
+#
+# Using the `facts` function does not automatically collect facts for a target,
+# and will only return facts that are currently set in the inventory. To collect
+# facts from a target and set them in the inventory, run the
+# [facts](writing_plans.md#collect-facts-from-targets) plan or
+# [puppetdb_fact](writing_plans.md#collect-facts-from-puppetdb) plan.
 Puppet::Functions.create_function(:facts) do
   # @param target A target.
   # @return The target's facts.

data/bolt-modules/boltlib/lib/puppet/functions/puppetdb_query.rb

@@ -2,12 +2,12 @@
 
 require 'bolt/error'
 
-# Makes a query to {https://puppet.com/docs/puppetdb/latest/index.html puppetdb}
+# Makes a query to [puppetdb](https://puppet.com/docs/puppetdb/latest/index.html)
 # using Bolt's PuppetDB client.
 Puppet::Functions.create_function(:puppetdb_query) do
   # rubocop:disable Layout/LineLength
   # @param query A PQL query.
-  #   {https://puppet.com/docs/puppetdb/latest/api/query/tutorial-pql.html Learn more about Puppet's query language, PQL}
+  #   Learn more about [Puppet's query language](https://puppet.com/docs/puppetdb/latest/api/query/tutorial-pql.html), PQL.
   # @return Results of the PuppetDB query.
   # @example Request certnames for all nodes
   #   puppetdb_query('nodes[certname] {}')

data/bolt-modules/boltlib/lib/puppet/functions/run_command.rb

@@ -69,7 +69,7 @@ Puppet::Functions.create_function(:run_command) do
       call_function('debug', "Simulating run_command('#{command}') - no targets given - no action taken")
       r = Bolt::ResultSet.new([])
     else
-      r = executor.run_command(targets, command, options)
+      r = executor.run_command(targets, command, options, Puppet::Pops::PuppetStack.top_of_stack)
     end
 
     if !r.ok && !options[:catch_errors]

data/bolt-modules/boltlib/lib/puppet/functions/run_script.rb

@@ -87,7 +87,7 @@ Puppet::Functions.create_function(:run_script, Puppet::Functions::InternalFuncti
     r = if targets.empty?
           Bolt::ResultSet.new([])
         else
-          executor.run_script(targets, found, arguments, options)
+          executor.run_script(targets, found, arguments, options, Puppet::Pops::PuppetStack.top_of_stack)
         end
 
     if !r.ok && !options[:catch_errors]

data/bolt-modules/boltlib/lib/puppet/functions/run_task.rb

@@ -133,7 +133,7 @@ Puppet::Functions.create_function(:run_task) do
     if targets.empty?
       Bolt::ResultSet.new([])
     else
-      result = executor.run_task(targets, task, params, options)
+      result = executor.run_task(targets, task, params, options, Puppet::Pops::PuppetStack.top_of_stack)
       if !result.ok && !options[:catch_errors]
         raise Bolt::RunFailure.new(result, 'run_task', task_name)
       end

data/bolt-modules/boltlib/lib/puppet/functions/run_task_with.rb

@@ -180,7 +180,7 @@ Puppet::Functions.create_function(:run_task_with) do
     else
       # Combine the results from the task run with any failing results that were
       # generated earlier when creating the target mapping
-      task_result = executor.run_task_with(target_mapping, task, options)
+      task_result = executor.run_task_with(target_mapping, task, options, Puppet::Pops::PuppetStack.top_of_stack)
       result = Bolt::ResultSet.new(task_result.results + error_set)
 
       if !result.ok && !options[:catch_errors]

data/bolt-modules/boltlib/lib/puppet/functions/upload_file.rb

@@ -83,7 +83,7 @@ Puppet::Functions.create_function(:upload_file, Puppet::Functions::InternalFunct
       call_function('debug', "Simulating file upload of '#{found}' - no targets given - no action taken")
       r = Bolt::ResultSet.new([])
     else
-      r = executor.upload_file(targets, found, destination, options)
+      r = executor.upload_file(targets, found, destination, options, Puppet::Pops::PuppetStack.top_of_stack)
     end
 
     if !r.ok && !options[:catch_errors]

data/bolt-modules/boltlib/lib/puppet/functions/write_file.rb

@@ -6,15 +6,15 @@ require 'tempfile'
 #
 # > **Note:** Not available in apply block
 Puppet::Functions.create_function(:write_file) do
-  # @param targets A pattern identifying zero or more targets. See {get_targets} for accepted patterns.
   # @param content File content to write.
   # @param destination An absolute path on the target(s).
+  # @param targets A pattern identifying zero or more targets. See {get_targets} for accepted patterns.
   # @option options [Boolean] _catch_errors Whether to catch raised errors.
   # @option options [String] _run_as User to run as using privilege escalation.
   # @return A list of results, one entry per target.
   # @example Write a file to a target
   #   $content = 'Hello, world!'
-  #   write_file($targets, $content, '/Users/me/hello.txt')
+  #   write_file($content, '/Users/me/hello.txt', $targets)
   dispatch :write_file do
     required_param 'String', :content
     required_param 'String[1]', :destination

data/bolt-modules/out/lib/puppet/functions/out/message.rb

@@ -26,8 +26,51 @@ Puppet::Functions.create_function(:'out::message') do
     # Send Analytics Report
     executor.report_function_call(self.class.name)
 
-    executor.publish_event(type: :message, message: message)
+    executor.publish_event(type: :message, message: stringify(message))
 
     nil
   end
+
+  def stringify(message)
+    formatted = format_message(message)
+    if formatted.is_a?(Hash) || formatted.is_a?(Array)
+      ::JSON.pretty_generate(formatted)
+    else
+      formatted
+    end
+  end
+
+  def format_message(message)
+    case message
+    when Array
+      message.map { |item| format_message(item) }
+    when Bolt::ApplyResult
+      format_apply_result(message)
+    when Bolt::Result, Bolt::ResultSet
+      # This is equivalent to to_s, but formattable
+      message.to_data
+    when Bolt::RunFailure
+      formatted_resultset = message.result_set.to_data
+      message.to_h.merge('result_set' => formatted_resultset)
+    when Hash
+      message.each_with_object({}) do |(k, v), h|
+        h[format_message(k)] = format_message(v)
+      end
+    when Integer, Float, NilClass
+      message
+    else
+      message.to_s
+    end
+  end
+
+  def format_apply_result(result)
+    logs = result.resource_logs&.map do |log|
+      # Omit low-level info/debug messages
+      next if %w[info debug].include?(log['level'])
+      indent(2, format_log(log))
+    end
+    hash = result.to_data
+    hash['logs'] = logs unless logs.empty?
+    hash
+  end
 end

data/bolt-modules/prompt/lib/puppet/functions/prompt.rb

@@ -9,11 +9,14 @@ Puppet::Functions.create_function(:prompt) do
   # @param prompt The prompt to display.
   # @param options A hash of additional options.
   # @option options [Boolean] sensitive Disable echo back and mark the response as sensitive.
+  #   The returned value will be wrapped by the `Sensitive` data type. To access the raw
+  #   value, use the `unwrap` function (i.e. `$sensitive_value.unwrap`).
   # @return The response to the prompt.
   # @example Prompt the user if plan execution should continue
   #   $response = prompt('Continue executing plan? [Y\N]')
   # @example Prompt the user for sensitive information
   #   $password = prompt('Enter your password', 'sensitive' => true)
+  #   out::message("Password is: ${password.unwrap}")
   dispatch :prompt do
     param 'String', :prompt
     optional_param 'Hash[String[1], Any]', :options

data/guides/logging.txt

@@ -0,0 +1,18 @@
+TOPIC
+    logging
+
+DESCRIPTION
+    Bolt prints messages both to the console and to log files. Messages can
+    either come from Bolt's 'outputter', which logs user-facing messages like
+    progress and results, or from the 'logger', which logs warnings, errors, and
+    log-structured output to log files. Both of these message streams are
+    configurable.
+
+    By default, Bolt logs to the console at 'warn' level and writes a log file to
+    '<project>/bolt-debug.log' at 'debug' level. Unless you are running a plan,
+    Bolt runs in verbose mode by default.
+
+    To learn more about projects, see the 'project' guide.
+
+DOCUMENTATION
+    https://pup.pt/bolt-logging

data/guides/module.txt

@@ -0,0 +1,19 @@
+TOPIC
+    module
+
+DESCRIPTION
+    Modules are shareable, reusable packages of Puppet content. They can include
+    tasks, plans, functions, and other types of content that you can use in your
+    project. You can download and install modules to your project from the
+    Puppet Forge or write your own modules. Bolt also ships with several helpful
+    modules pre-installed that are available to all of your projects.
+
+    Bolt makes it easy to manage the modules that your project depends on. You
+    can use Bolt commands to install a project's modules, add new modules to a
+    project, and view the modules that are available to the project.
+    
+    To learn more about managing modules in a project, see the documentation.
+    To learn how modules are loaded by Bolt, see the 'modulepath' guide.
+
+DOCUMENTATION
+    https://pup.pt/bolt-modules

data/guides/modulepath.txt

@@ -0,0 +1,25 @@
+TOPIC
+    modulepath
+
+DESCRIPTION
+    The modulepath is an ordered list of directories that Bolt loads modules
+    from. When Bolt runs a command, it automatically loads modules from the
+    modulepath.
+    
+    While Bolt has a default modulepath, you can also configure your own
+    modulepath, which can include directories within the project or directories
+    elsewhere on your system. Regardless of whether your project uses a default
+    or configured modulepath, Bolt automatically adds directories to the
+    modulepath. This includes modules containing core Bolt content, which is
+    added to the beginning of the modulepath, and bundled content, which is
+    added to the end of the modulepath.
+
+    Modules loaded from a directory listed earlier in the modulepath take
+    precedence over modules with the same name loaded from a directory later in
+    the modulepath. Bolt will not warn or error when two modules share a name
+    and instead will ignore modules with a lower precedence.
+
+    To learn more about modules, see the 'module' guide.
+
+DOCUMENTATION
+    https://pup.pt/bolt-project-reference#modulepath

data/lib/bolt/bolt_option_parser.rb

@@ -66,15 +66,18 @@ module Bolt
           banner: GUIDE_HELP }
       when 'module'
         case action
+        when 'add'
+          { flags: OPTIONS[:global] + %w[configfile project],
+            banner: MODULE_ADD_HELP }
+        when 'generate-types'
+          { flags: OPTIONS[:global] + OPTIONS[:global_config_setters],
+            banner: MODULE_GENERATETYPES_HELP }
         when 'install'
-          { flags: OPTIONS[:global] + %w[configfile force project],
+          { flags: OPTIONS[:global] + %w[configfile force project resolve],
             banner: MODULE_INSTALL_HELP }
         when 'show'
           { flags: OPTIONS[:global] + OPTIONS[:global_config_setters],
             banner: MODULE_SHOW_HELP }
-        when 'generate-types'
-          { flags: OPTIONS[:global] + OPTIONS[:global_config_setters],
-            banner: MODULE_GENERATETYPES_HELP }
         else
           { flags: OPTIONS[:global],
             banner: MODULE_HELP }
@@ -184,6 +187,7 @@ module Bolt
           group             Show the list of groups in the inventory
           guide             View guides for Bolt concepts and features
           inventory         Show the list of targets an action would run on
+          module            Manage Bolt project modules
           plan              Convert, create, show, and run Bolt plans
           project           Create and migrate Bolt projects
           puppetfile        Install and list modules and generate type references
@@ -364,27 +368,34 @@ module Bolt
           bolt module <action> [options]
 
       DESCRIPTION
-          Install and list modules and generate type references
+          Manage Bolt project modules
+
+          The module command is only supported when a project is configured
+          with the 'modules' key.
 
       ACTIONS
+          add                   Add a module to the project
           generate-types        Generate type references to register in plans
           install               Install the project's modules
           show                  List modules available to the Bolt project
     HELP
 
-    MODULE_INSTALL_HELP = <<~HELP
+    MODULE_ADD_HELP = <<~HELP
       NAME
-          install
+          add
       
       USAGE
-          bolt module install [options]
+          bolt module add <module> [options]
 
       DESCRIPTION
-          Install the project's modules.
+          Add a module to the project.
 
           Module declarations are loaded from the project's configuration
           file. Bolt will automatically resolve all module dependencies,
           generate a Puppetfile, and install the modules.
+
+          The module command is only supported when a project is configured
+          with the 'modules' key.
     HELP
 
     MODULE_GENERATETYPES_HELP = <<~HELP
@@ -396,6 +407,24 @@ module Bolt
 
       DESCRIPTION
           Generate type references to register in plans.
+
+          The module command is only supported when a project is configured
+          with the 'modules' key.
+    HELP
+
+    MODULE_INSTALL_HELP = <<~HELP
+      NAME
+          install
+      
+      USAGE
+          bolt module install [options]
+
+      DESCRIPTION
+          Install the project's modules.
+
+          Module declarations are loaded from the project's configuration
+          file. Bolt will automatically resolve all module dependencies,
+          generate a Puppetfile, and install the modules.
     HELP
 
     MODULE_SHOW_HELP = <<~HELP
@@ -407,6 +436,9 @@ module Bolt
 
       DESCRIPTION
           List modules available to the Bolt project.
+
+          The module command is only supported when a project is configured
+          with the 'modules' key.
     HELP
 
     PLAN_HELP = <<~HELP
@@ -906,6 +938,13 @@ module Bolt
         @options[:tmpdir] = tmpdir
       end
 
+      separator "\nMODULE OPTIONS"
+      define('--[no-]resolve',
+             'Use --no-resolve to install modules listed in the Puppetfile without resolving modules configured',
+             'in Bolt project configuration') do |resolve|
+        @options[:resolve] = resolve
+      end
+
       separator "\nDISPLAY OPTIONS"
       define('--filter FILTER', 'Filter tasks and plans by a matching substring') do |filter|
         unless /^[a-z0-9_:]+$/.match(filter)

data/lib/bolt/catalog.rb

@@ -97,7 +97,7 @@ module Bolt
       }
 
       with_puppet_settings(puppet_settings) do
-        Puppet::Pal.in_tmp_environment('bolt_catalog', env_conf) do |pal|
+        Puppet::Pal.in_tmp_environment('bolt_catalog', **env_conf) do |pal|
           Puppet.override(puppet_overrides) do
             Puppet.lookup(:pal_current_node).trusted_data = target['trusted']
             pal.with_catalog_compiler do |compiler|

data/lib/bolt/cli.rb

@@ -20,28 +20,31 @@ require 'bolt/logger'
 require 'bolt/outputter'
 require 'bolt/puppetdb'
 require 'bolt/plugin'
-require 'bolt/project_migrate'
+require 'bolt/project_migrator'
 require 'bolt/pal'
 require 'bolt/target'
 require 'bolt/version'
 require 'bolt/secret'
+require 'bolt/module_installer'
 
 module Bolt
   class CLIExit < StandardError; end
   class CLI
-    COMMANDS = { 'command' => %w[run],
-                 'script' => %w[run],
-                 'task' => %w[show run],
-                 'plan' => %w[show run convert new],
-                 'file' => %w[download upload],
-                 'puppetfile' => %w[install show-modules generate-types],
-                 'secret' => %w[encrypt decrypt createkeys],
-                 'inventory' => %w[show],
-                 'group' => %w[show],
-                 'project' => %w[init migrate],
-                 'apply' => %w[],
-                 'guide' => %w[],
-                 'module' => %w[install show generate-types] }.freeze
+    COMMANDS = {
+      'command'    => %w[run],
+      'script'     => %w[run],
+      'task'       => %w[show run],
+      'plan'       => %w[show run convert new],
+      'file'       => %w[download upload],
+      'puppetfile' => %w[install show-modules generate-types],
+      'secret'     => %w[encrypt decrypt createkeys],
+      'inventory'  => %w[show],
+      'group'      => %w[show],
+      'project'    => %w[init migrate],
+      'module'     => %w[add generate-types install show],
+      'apply'      => %w[],
+      'guide'      => %w[]
+    }.freeze
 
     attr_reader :config, :options
 
@@ -99,6 +102,10 @@ module Bolt
       # This part aims to handle both `bolt <mode> --help` and `bolt help <mode>`.
       remaining = handle_parser_errors { parser.permute(@argv) } unless @argv.empty?
       if @argv.empty? || help?(remaining)
+        # If the subcommand is not enabled, display the default
+        # help text
+        options[:subcommand] = nil unless COMMANDS.include?(options[:subcommand])
+
         # Update the parser for the subcommand (or lack thereof)
         parser.update
         puts parser.help
@@ -189,6 +196,10 @@ module Bolt
 
       warn_inventory_overrides_cli(options)
 
+      # Assert whether the puppetfile/module commands are available depending
+      # on whether 'modules' is configured.
+      assert_puppetfile_or_module_command(config.project.modules)
+
       options
     rescue Bolt::Error => e
       outputter.fatal_error(e)
@@ -216,14 +227,10 @@ module Bolt
     end
 
     def validate(options)
-      # Disables the 'module' subcommand unless the module feature flag is set.
-      commands = COMMANDS.dup
-      commands.delete('module') unless ENV['BOLT_MODULE_FEATURE']
-
-      unless commands.include?(options[:subcommand])
+      unless COMMANDS.include?(options[:subcommand])
         raise Bolt::CLIError,
               "Expected subcommand '#{options[:subcommand]}' to be one of " \
-              "#{commands.keys.join(', ')}"
+              "#{COMMANDS.keys.join(', ')}"
       end
 
       actions = COMMANDS[options[:subcommand]]
@@ -240,12 +247,6 @@ module Bolt
         end
       end
 
-      if options[:subcommand] != 'file' && options[:subcommand] != 'script' &&
-         !options[:leftovers].empty?
-        raise Bolt::CLIError,
-              "Unknown argument(s) #{options[:leftovers].join(', ')}"
-      end
-
       if %w[task plan].include?(options[:subcommand]) && options[:action] == 'run'
         if options[:object].nil?
           raise Bolt::CLIError, "Must specify a #{options[:subcommand]} to run"
@@ -257,23 +258,6 @@ module Bolt
         end
       end
 
-      if options[:boltdir] && options[:configfile]
-        raise Bolt::CLIError, "Only one of '--boltdir', '--project', or '--configfile' may be specified"
-      end
-
-      if options[:noop] &&
-         !(options[:subcommand] == 'task' && options[:action] == 'run') && options[:subcommand] != 'apply'
-        raise Bolt::CLIError,
-              "Option '--noop' may only be specified when running a task or applying manifest code"
-      end
-
-      if options[:env_vars]
-        unless %w[command script].include?(options[:subcommand]) && options[:action] == 'run'
-          raise Bolt::CLIError,
-                "Option '--env-var' may only be specified when running a command or script"
-        end
-      end
-
       if options[:subcommand] == 'apply' && (options[:object] && options[:code])
         raise Bolt::CLIError, "--execute is unsupported when specifying a manifest file"
       end
@@ -296,6 +280,38 @@ module Bolt
         raise Bolt::CLIError, "Must specify a plan name."
       end
 
+      if options[:subcommand] == 'module' && options[:action] == 'add' && !options[:object]
+        raise Bolt::CLIError, "Must specify a module name."
+      end
+
+      if options[:subcommand] == 'module' && options[:action] == 'install' && options[:object]
+        raise Bolt::CLIError, "Invalid argument '#{options[:object]}'. To add a new module to "\
+                              "the project, run 'bolt module add #{options[:object]}'."
+      end
+
+      if options[:subcommand] != 'file' && options[:subcommand] != 'script' &&
+         !options[:leftovers].empty?
+        raise Bolt::CLIError,
+              "Unknown argument(s) #{options[:leftovers].join(', ')}"
+      end
+
+      if options[:boltdir] && options[:configfile]
+        raise Bolt::CLIError, "Only one of '--boltdir', '--project', or '--configfile' may be specified"
+      end
+
+      if options[:noop] &&
+         !(options[:subcommand] == 'task' && options[:action] == 'run') && options[:subcommand] != 'apply'
+        raise Bolt::CLIError,
+              "Option '--noop' may only be specified when running a task or applying manifest code"
+      end
+
+      if options[:env_vars]
+        unless %w[command script].include?(options[:subcommand]) && options[:action] == 'run'
+          raise Bolt::CLIError,
+                "Option '--env-var' may only be specified when running a command or script"
+        end
+      end
+
       if options.key?(:debug) && options.key?(:log)
         raise Bolt::CLIError, "Only one of '--debug' or '--log-level' may be specified"
       end
@@ -389,7 +405,7 @@ module Bolt
                                   inventory_version: inventory.version)
       end
 
-      analytics.screen_view(screen, screen_view_fields)
+      analytics.screen_view(screen, **screen_view_fields)
 
       case options[:action]
       when 'show'
@@ -444,9 +460,7 @@ module Bolt
         when 'init'
           code = initialize_project
         when 'migrate'
-          inv = config.inventoryfile
-          path = config.project.path
-          code = Bolt::ProjectMigrate.new(path, outputter, inv).migrate_project
+          code = Bolt::ProjectMigrator.new(config, outputter).migrate
         end
       when 'plan'
         case options[:action]
@@ -457,8 +471,10 @@ module Bolt
         end
       when 'module'
         case options[:action]
+        when 'add'
+          code = add_project_module(options[:object], config.project)
         when 'install'
-          code = install_project_modules
+          code = install_project_modules(config.project, options[:force], options[:resolve])
         when 'generate-types'
           code = generate_types
         end
@@ -467,7 +483,11 @@ module Bolt
         when 'generate-types'
           code = generate_types
         when 'install'
-          code = install_puppetfile(config.puppetfile_config, config.puppetfile, config.modulepath.first)
+          code = install_puppetfile(
+            config.puppetfile_config,
+            config.puppetfile,
+            config.modulepath.first
+          )
         end
       when 'secret'
         code = Bolt::Secret.execute(plugins, outputter, options)
@@ -567,8 +587,24 @@ module Bolt
     end
 
     def list_targets
+      inventoryfile = config.inventoryfile || config.default_inventoryfile
+
+      # Retrieve the known group and target names. This needs to be done before
+      # updating targets, as that will add adhoc targets to the inventory.
+      known_names = inventory.target_names
+
       update_targets(options)
-      outputter.print_targets(options[:targets])
+
+      inventory_targets, adhoc_targets = options[:targets].partition do |target|
+        known_names.include?(target.name)
+      end
+
+      target_list = {
+        inventory: inventory_targets,
+        adhoc:     adhoc_targets
+      }
+
+      outputter.print_targets(target_list, inventoryfile)
     end
 
     def show_targets
@@ -597,10 +633,10 @@ module Bolt
         message = <<~MESSAGE.chomp
           Invalid plan name '#{plan_name}'. Plan names are composed of one or more name segments
           separated by double colons '::'.
-          
+
           Each name segment must begin with a lowercase letter, and may only include lowercase
           letters, digits, and underscores.
-          
+
           Examples of valid plan names:
               - #{config.project.name}
               - #{config.project.name}::my_plan
@@ -842,7 +878,8 @@ module Bolt
                 "project with modules."
         end
 
-        install_modules(puppetfile, {}, moduledir, options[:modules])
+        installer = Bolt::ModuleInstaller.new(outputter, pal)
+        installer.install(options[:modules], puppetfile, moduledir)
       end
 
       # If either bolt.yaml or bolt-project.yaml exist, the user has already
@@ -863,85 +900,86 @@ module Bolt
 
     # Installs modules declared in the project configuration file.
     #
-    def install_project_modules
-      if config.project.modules.nil?
-        outputter.print_message "Project configuration file '#{config.project.project_file}' "\
-                                "does not specify any module dependencies. Nothing to do."
+    def install_project_modules(project, force, resolve)
+      assert_project_file(project)
+
+      unless project.modules
+        outputter.print_message "Project configuration file #{project.project_file} does not "\
+                                "specify any module dependencies. Nothing to do."
         return 0
       end
 
-      install_modules(
-        config.puppetfile,
-        config.puppetfile_config,
-        config.project.path + '.modules',
-        config.project.modules
-      )
+      installer = Bolt::ModuleInstaller.new(outputter, pal)
+
+      ok = installer.install(project.modules,
+                             project.puppetfile,
+                             project.managed_moduledir,
+                             force: force,
+                             resolve: resolve)
+      ok ? 0 : 1
     end
 
-    # Installs modules declared in the project configuration file.
+    # Adds a single module to the project.
     #
-    def install_modules(puppetfile_path, config, moduledir, modules)
-      require 'bolt/puppetfile'
-      require 'bolt/puppetfile/installer'
-
-      puppetfile = Bolt::Puppetfile.new(modules)
-
-      # If the Puppetfile exists, check if it includes specs for each declared
-      # module, erroring if there are any missing. Otherwise, resolve the
-      # module dependencies and write a new Puppetfile. Users can forcibly
-      # overwrite an existing Puppetfile with the '--force' option.
-      if puppetfile_path.exist? && !options[:force]
-        outputter.print_message "Parsing existing Puppetfile at #{puppetfile_path}"
-        existing = Bolt::Puppetfile.parse(puppetfile_path)
-
-        unless existing.modules.superset? puppetfile.modules
-          missing_modules = puppetfile.modules - existing.modules
-
-          message = <<~MESSAGE.chomp
-            Puppetfile #{puppetfile_path} is missing specifications for the following
-            module declarations:
-            
-            #{missing_modules.map(&:to_hash).to_yaml.lines.drop(1).join.chomp}
-
-            This may not be a Puppetfile managed by Bolt. To forcibly overwrite the
-            Puppetfile, run 'bolt module install --force'.
-          MESSAGE
-
-          raise Bolt::Error.new(message, 'bolt/missing-module-specs')
-        end
-      else
-        outputter.print_message "Resolving module dependencies, this may take a moment"
-        puppetfile.resolve
-        outputter.print_message "Writing Puppetfile at #{puppetfile_path}"
-        puppetfile.write(puppetfile_path, force: true)
-      end
+    def add_project_module(name, project)
+      assert_project_file(project)
 
-      outputter.print_message "Syncing modules from #{puppetfile_path} to #{moduledir}"
-      ok = Bolt::Puppetfile::Installer.new(config).install(puppetfile_path, moduledir)
+      modules   = project.modules || []
+      installer = Bolt::ModuleInstaller.new(outputter, pal)
 
-      # Automatically generate types after installing modules.
-      pal.generate_types
-
-      outputter.print_puppetfile_result(ok, puppetfile_path, moduledir)
+      ok = installer.add(name,
+                         modules,
+                         project.puppetfile,
+                         project.managed_moduledir,
+                         project.project_file)
       ok ? 0 : 1
     end
 
-    # Loads a Puppetfile and installs its modules.
+    # Asserts that there is a project configuration file.
     #
-    def install_puppetfile(config, puppetfile, moduledir)
-      require 'bolt/puppetfile/installer'
-
-      ok = Bolt::Puppetfile::Installer.new(config).install(puppetfile, moduledir)
+    def assert_project_file(project)
+      unless project.project_file?
+        msg = if project.config_file.exist?
+                "Detected Bolt configuration file #{project.config_file}, unable to install "\
+                "modules. To update to a project configuration file, run 'bolt project migrate'."
+              else
+                "Could not find project configuration file #{project.project_file}, unable "\
+                "to install modules. To create a Bolt project, run 'bolt project init'."
+              end
 
-      # Automatically generate types after installing modules.
-      pal.generate_types
+        raise Bolt::Error.new(msg, 'bolt/missing-project-config-error')
+      end
+    end
 
-      outputter.print_puppetfile_result(ok, puppetfile, moduledir)
+    # Loads a Puppetfile and installs its modules.
+    #
+    def install_puppetfile(config, puppetfile, moduledir)
+      outputter.print_message("Installing modules from Puppetfile")
+      installer = Bolt::ModuleInstaller.new(outputter, pal)
+      ok = installer.install_puppetfile(puppetfile, moduledir, config)
       ok ? 0 : 1
     end
 
+    # Raises an error if the 'puppetfile install' command is deprecated due to
+    # modules being configured.
+    #
+    def assert_puppetfile_or_module_command(modules)
+      if modules && options[:subcommand] == 'puppetfile'
+        raise Bolt::CLIError,
+              "Unable to use command 'bolt puppetfile #{options[:action]}' when "\
+              "'modules' is configured in bolt-project.yaml. Use the 'module' command "\
+              "instead. For a list of available actions for the 'module' command, run "\
+              "'bolt module --help'."
+      elsif modules.nil? && options[:subcommand] == 'module'
+        raise Bolt::CLIError,
+              "Unable to use command 'bolt module #{options[:action]}'. To use "\
+              "this command, update your project configuration to manage module "\
+              "dependencies."
+      end
+    end
+
     def pal
-      @pal ||= Bolt::PAL.new(config.modulepath,
+      @pal ||= Bolt::PAL.new(Bolt::Config::Modulepath.new(config.modulepath),
                              config.hiera_config,
                              config.project.resource_types,
                              config.compile_concurrency,
@@ -1040,7 +1078,7 @@ module Bolt
                   'Task' => [],
                   'Plugin' => Bolt::Plugin::BUILTIN_PLUGINS }
       if %w[plan task].include?(options[:subcommand]) && options[:action] == 'run'
-        default_content = Bolt::PAL.new([], nil, nil)
+        default_content = Bolt::PAL.new(Bolt::Config::Modulepath.new([]), nil, nil)
         content['Plan'] = default_content.list_plans.each_with_object([]) do |iter, col|
           col << iter&.first
         end
@@ -1055,7 +1093,7 @@ module Bolt
     # Gem installs include the aggregate, canary, and puppetdb_fact modules, while
     # package installs include modules listed in the Bolt repo Puppetfile
     def incomplete_install?
-      (Dir.children(Bolt::PAL::MODULES_PATH) - %w[aggregate canary puppetdb_fact secure_env_vars]).empty?
+      (Dir.children(Bolt::Config::Modulepath::MODULES_PATH) - %w[aggregate canary puppetdb_fact secure_env_vars]).empty?
     end
 
     # Mimicks the output from Outputter::Human#fatal_error. This should be used to print