bolt 2.33.2 → 2.38.0

data/lib/bolt/validator.rb

@@ -0,0 +1,226 @@
+# frozen_string_literal: true
+
+require 'bolt/error'
+
+# This class validates config against a schema, raising an error that includes
+# details about any invalid configuration.
+#
+module Bolt
+  class Validator
+    attr_reader :deprecations, :warnings
+
+    def initialize
+      @errors       = []
+      @deprecations = []
+      @warnings     = []
+      @path         = []
+    end
+
+    # This is the entry method for validating data against the schema.
+    #
+    def validate(data, schema, location = nil)
+      @schema   = schema
+      @location = location
+
+      validate_value(data, schema)
+
+      raise_error
+    end
+
+    # Raises a ValidationError if there are any errors. All error messages
+    # created during validation are concatenated into a single error
+    # message.
+    #
+    private def raise_error
+      return unless @errors.any?
+
+      message = "Invalid configuration"
+      message += " at #{@location}" if @location
+      message += ":\n"
+      message += @errors.map { |error| "\s\s#{error}" }.join("\n")
+
+      raise Bolt::ValidationError, message
+    end
+
+    # Validate an individual value. This performs validation that is
+    # common to all values, including type validation. After validating
+    # the value's type, the value is passed off to an individual
+    # validation method for the value's type.
+    #
+    private def validate_value(value, definition)
+      definition = @schema.dig(:definitions, definition[:_ref]) if definition[:_ref]
+
+      return if plugin_reference?(value, definition)
+      return unless valid_type?(value, definition)
+
+      case value
+      when Hash
+        validate_hash(value, definition)
+      when Array
+        validate_array(value, definition)
+      when String
+        validate_string(value, definition)
+      when Numeric
+        validate_number(value, definition)
+      end
+    end
+
+    # Validates a hash value, logging errors for any validations that fail.
+    # This will enumerate each key-value pair in the hash and validate each
+    # value individually.
+    #
+    private def validate_hash(value, definition)
+      properties = definition[:properties] ? definition[:properties].keys : []
+
+      if definition[:properties] && definition[:additionalProperties].nil?
+        validate_keys(value.keys, properties)
+      end
+
+      if definition[:required] && (definition[:required] - value.keys).any?
+        missing = definition[:required] - value.keys
+        @errors << "Value at '#{path}' is missing required keys #{missing.join(', ')}"
+      end
+
+      value.each_pair do |key, val|
+        @path.push(key)
+
+        if properties.include?(key)
+          check_deprecated(key, definition[:properties][key])
+          validate_value(val, definition[:properties][key])
+        elsif definition[:additionalProperties]
+          validate_value(val, definition[:additionalProperties])
+        end
+      ensure
+        @path.pop
+      end
+    end
+
+    # Validates an array value, logging errors for any validations that fail.
+    # This will enumerate the items in the array and validate each item
+    # individually.
+    #
+    private def validate_array(value, definition)
+      if definition[:uniqueItems] && value.size != value.uniq.size
+        @errors << "Value at '#{path}' must not include duplicate elements"
+        return
+      end
+
+      return unless definition.key?(:items)
+
+      value.each_with_index do |item, index|
+        @path.push(index)
+        validate_value(item, definition[:items])
+      ensure
+        @path.pop
+      end
+    end
+
+    # Validates a string value, logging errors for any validations that fail.
+    #
+    private def validate_string(value, definition)
+      if definition.key?(:enum) && !definition[:enum].include?(value)
+        message  = "Value at '#{path}' must be "
+        message += "one of " if definition[:enum].count > 1
+        message += definition[:enum].join(', ')
+        multitype_error(message, value, definition)
+      end
+    end
+
+    # Validates a numeric value, logging errors for any validations that fail.
+    #
+    private def validate_number(value, definition)
+      if definition.key?(:minimum) && value < definition[:minimum]
+        @errors << "Value at '#{path}' must be a minimum of #{definition[:minimum]}"
+      end
+
+      if definition.key?(:maximum) && value > definition[:maximum]
+        @errors << "Value at '#{path}' must be a maximum of #{definition[:maximum]}"
+      end
+    end
+
+    # Adds warnings for unknown config options.
+    #
+    private def validate_keys(keys, known_keys)
+      (keys - known_keys).each do |key|
+        message  = "Unknown option '#{key}'"
+        message += " at '#{path}'" if @path.any?
+        message += " at #{@location}" if @location
+        message += "."
+        @warnings << message
+      end
+    end
+
+    # Adds a warning if the given option is deprecated.
+    #
+    private def check_deprecated(key, definition)
+      definition = @schema.dig(:definitions, definition[:_ref]) if definition[:_ref]
+
+      if definition.key?(:_deprecation)
+        message  = "Option '#{path}' "
+        message += "at #{@location} " if @location
+        message += "is deprecated. #{definition[:_deprecation]}"
+        @deprecations << { option: key, message: message }
+      end
+    end
+
+    # Returns true if a value is a plugin reference. This also validates whether
+    # a value can be a plugin reference in the first place. If the value is a
+    # plugin reference but cannot be one according to the schema, then this will
+    # log an error.
+    #
+    private def plugin_reference?(value, definition)
+      if value.is_a?(Hash) && value.key?('_plugin')
+        unless definition[:_plugin]
+          @errors << "Value at '#{path}' is a plugin reference, which is unsupported at "\
+                      "this location"
+        end
+
+        true
+      else
+        false
+      end
+    end
+
+    # Asserts the type for each option against the type specified in the schema
+    # definition. The schema definition can specify multiple valid types, so the
+    # value needs to only match one of the types to be valid. Returns early if
+    # there is no type in the definition (in practice this shouldn't happen, but
+    # this will safeguard against any dev mistakes).
+    #
+    private def valid_type?(value, definition)
+      return unless definition.key?(:type)
+
+      types = Array(definition[:type])
+
+      if types.include?(value.class)
+        true
+      else
+        if types.include?(TrueClass) || types.include?(FalseClass)
+          types = types - [TrueClass, FalseClass] + ['Boolean']
+        end
+
+        @errors << "Value at '#{path}' must be of type #{types.join(' or ')}"
+
+        false
+      end
+    end
+
+    # Adds an error that includes additional helpful information for values
+    # that accept multiple types.
+    #
+    private def multitype_error(message, value, definition)
+      if Array(definition[:type]).count > 1
+        types    = Array(definition[:type]) - [value.class]
+        message += " or must be of type #{types.join(' or ')}"
+      end
+
+      @errors << message
+    end
+
+    # Returns the formatted path for the key.
+    #
+    private def path
+      @path.join('.')
+    end
+  end
+end

data/lib/bolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bolt
-  VERSION = '2.33.2'
+  VERSION = '2.38.0'
 end

data/lib/bolt/yarn.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'fiber'
+
+module Bolt
+  class Yarn
+    attr_reader :fiber, :value, :index
+
+    def initialize(fiber, index)
+      @fiber = fiber
+      @index = index
+      @value = nil
+    end
+
+    def alive?
+      fiber.alive?
+    end
+
+    def resume
+      @value = fiber.resume
+    end
+  end
+end

data/lib/bolt_server/base_config.rb

@@ -7,7 +7,9 @@ module BoltServer
   class BaseConfig
     def config_keys
       %w[host port ssl-cert ssl-key ssl-ca-cert
-         ssl-cipher-suites loglevel logfile allowlist projects-dir]
+         ssl-cipher-suites loglevel logfile allowlist
+         projects-dir environments-codedir
+         environmentpath basemodulepath]
     end
 
     def env_keys

data/lib/bolt_server/config.rb

@@ -7,7 +7,9 @@ require 'bolt/error'
 module BoltServer
   class Config < BoltServer::BaseConfig
     def config_keys
-      super + %w[concurrency cache-dir file-server-conn-timeout file-server-uri projects-dir]
+      super + %w[concurrency cache-dir file-server-conn-timeout
+                 file-server-uri projects-dir environments-codedir
+                 environmentpath basemodulepath]
     end
 
     def env_keys

data/lib/bolt_server/file_cache.rb

@@ -63,6 +63,7 @@ module BoltServer
     end
 
     def client
+      # rubocop:disable Naming/VariableNumber
       @client ||= begin
         uri = URI(@config['file-server-uri'])
         https = Net::HTTP.new(uri.host, uri.port)
@@ -75,6 +76,7 @@ module BoltServer
         https.open_timeout = @config['file-server-conn-timeout']
         https
       end
+      # rubocop:enable Naming/VariableNumber
     end
 
     def request_file(path, params, file)

data/lib/bolt_server/plugin.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'bolt/error'
+
+module BoltServer
+  class Plugin
+    class PluginNotSupported < Bolt::Error
+      def initialize(msg, plugin_name)
+        super(msg, 'bolt/plugin-not-supported', { "plugin_name" => plugin_name })
+      end
+    end
+  end
+end

data/lib/bolt_server/plugin/puppet_connect_data.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module BoltServer
+  class Plugin
+    class PuppetConnectData
+      def initialize(data, **_opts)
+        @data = data
+      end
+
+      def name
+        'puppet_connect_data'
+      end
+
+      def hooks
+        %i[resolve_reference validate_resolve_reference]
+      end
+
+      def resolve_reference(opts)
+        key = opts['key']
+
+        @data.dig(key, 'value')
+      end
+
+      def validate_resolve_reference(opts)
+        unless opts['key']
+          raise Bolt::ValidationError,
+                "puppet_connect_data plugin requires that 'key' be specified"
+        end
+
+        unless @data.key?(opts['key'])
+          raise Bolt::ValidationError,
+                "puppet_connect_data plugin tried to lookup key '#{opts['key']}' but no value was found"
+        end
+      end
+    end
+  end
+end

data/lib/bolt_server/schemas/connect-data.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "title": "project_inventory_targets connect plugin data",
+  "description": "POST project_inventory_targets connect plugin data",
+  "type": "object",
+  "properties": {
+    "puppet_connect_data": {
+      "type": "object",
+      "patternProperties": {
+        ".*": {
+          "type": "object",
+          "properties": {
+            "value": {}
+          },
+          "required": ["value"]
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  "required": ["puppet_connect_data"]
+}

data/lib/bolt_server/schemas/partials/task.json

@@ -64,7 +64,7 @@
                     "description": "Environment the task is in",
                     "type": "string"
                   },
-                  "project": {
+                  "versioned_project": {
                     "description": "Project the task is in",
                     "type": "string"
                   }
@@ -77,7 +77,7 @@
                   },
                   {
                     "required": [
-                      "project"
+                      "versioned_project"
                     ]
                   }
                 ],              

data/lib/bolt_server/transport_app.rb

@@ -8,6 +8,8 @@ require 'bolt/inventory'
 require 'bolt/project'
 require 'bolt/target'
 require 'bolt_server/file_cache'
+require 'bolt_server/plugin'
+require 'bolt_server/plugin/puppet_connect_data'
 require 'bolt/task/puppet_server'
 require 'json'
 require 'json-schema'
@@ -35,6 +37,7 @@ module BoltServer
       action-upload_file
       transport-ssh
       transport-winrm
+      connect-data
     ].freeze
 
     # PE_BOLTLIB_PATH is intended to function exactly like the BOLTLIB_PATH used
@@ -48,6 +51,10 @@ module BoltServer
     # See the `orchestrator.bolt.codedir` tk config setting.
     DEFAULT_BOLT_CODEDIR = '/opt/puppetlabs/server/data/orchestration-services/code'
 
+    MISSING_VERSIONED_PROJECT_RESPONSE = [
+      400, Bolt::ValidationError.new('`versioned_project` is a required argument').to_json
+    ].freeze
+
     def initialize(config)
       @config = config
       @schemas = Hash[REQUEST_SCHEMAS.map do |basename|
@@ -231,9 +238,9 @@ module BoltServer
     #
     # WARNING: THIS FUNCTION SHOULD ONLY BE CALLED INSIDE A SYNCHRONIZED PAL MUTEX
     def modulepath_from_environment(environment_name)
-      codedir = DEFAULT_BOLT_CODEDIR
-      environmentpath = "#{codedir}/environments"
-      basemodulepath = "#{codedir}/modules:/opt/puppetlabs/puppet/modules"
+      codedir = @config['environments-codedir'] || DEFAULT_BOLT_CODEDIR
+      environmentpath = @config['environmentpath'] || "#{codedir}/environments"
+      basemodulepath = @config['basemodulepath'] || "#{codedir}/modules:/opt/puppetlabs/puppet/modules"
       modulepath_dirs = nil
       with_pe_pal_init_settings(codedir, environmentpath, basemodulepath) do
         environment = Puppet.lookup(:environments).get!(environment_name)
@@ -261,13 +268,16 @@ module BoltServer
       end
     end
 
-    def in_bolt_project(bolt_project)
-      return [400, '`project_ref` is a required argument'] if bolt_project.nil?
-      project_dir = File.join(@config['projects-dir'], bolt_project)
-      return [400, "`project_ref`: #{project_dir} does not exist"] unless Dir.exist?(project_dir)
+    def config_from_project(versioned_project)
+      project_dir = File.join(@config['projects-dir'], versioned_project)
+      raise Bolt::ValidationError, "`versioned_project`: #{project_dir} does not exist" unless Dir.exist?(project_dir)
+      project = Bolt::Project.create_project(project_dir)
+      Bolt::Config.from_project(project, { log: { 'bolt-debug.log' => 'disable' } })
+    end
+
+    def in_bolt_project(versioned_project)
       @pal_mutex.synchronize do
-        project = Bolt::Project.create_project(project_dir)
-        bolt_config = Bolt::Config.from_project(project, { log: { 'bolt-debug.log' => 'disable' } })
+        bolt_config = config_from_project(versioned_project)
         modulepath_object = Bolt::Config::Modulepath.new(
           bolt_config.modulepath,
           boltlib_path: [PE_BOLTLIB_PATH, Bolt::Config::Modulepath::BOLTLIB_PATH]
@@ -278,8 +288,6 @@ module BoltServer
           config: bolt_config
         }
         yield context
-      rescue Bolt::Error => e
-        [400, e.to_json]
       end
     end
 
@@ -506,13 +514,16 @@ module BoltServer
 
     # Fetches the metadata for a single plan
     #
-    # @param project_ref [String] the project to fetch the plan from
+    # @param versioned_project [String] the project to fetch the plan from
     get '/project_plans/:module_name/:plan_name' do
-      in_bolt_project(params['project_ref']) do |context|
+      return MISSING_VERSIONED_PROJECT_RESPONSE if params['versioned_project'].nil?
+      in_bolt_project(params['versioned_project']) do |context|
         plan_info = pe_plan_info(context[:pal], params[:module_name], params[:plan_name])
         plan_info = allowed_helper(plan_info, context[:config].project.plans)
         [200, plan_info.to_json]
       end
+    rescue Bolt::Error => e
+      [400, e.to_json]
     end
 
     # Fetches the metadata for a single task
@@ -530,16 +541,19 @@ module BoltServer
 
     # Fetches the metadata for a single task
     #
-    # @param bolt_project_ref [String] the reference to the bolt-project directory to load task metadata from
+    # @param bolt_versioned_project [String] the reference to the bolt-project directory to load task metadata from
     get '/project_tasks/:module_name/:task_name' do
-      in_bolt_project(params['project_ref']) do |context|
+      return MISSING_VERSIONED_PROJECT_RESPONSE if params['versioned_project'].nil?
+      in_bolt_project(params['versioned_project']) do |context|
         ps_parameters = {
-          'project' => params['project_ref']
+          'versioned_project' => params['versioned_project']
         }
         task_info = pe_task_info(context[:pal], params[:module_name], params[:task_name], ps_parameters)
         task_info = allowed_helper(task_info, context[:config].project.tasks)
         [200, task_info.to_json]
       end
+    rescue Bolt::Error => e
+      [400, e.to_json]
     end
 
     # Fetches the list of plans for an environment, optionally fetching all metadata for each plan
@@ -568,9 +582,10 @@ module BoltServer
 
     # Fetches the list of plans for a project
     #
-    # @param project_ref [String] the project to fetch the list of plans from
+    # @param versioned_project [String] the project to fetch the list of plans from
     get '/project_plans' do
-      in_bolt_project(params['project_ref']) do |context|
+      return MISSING_VERSIONED_PROJECT_RESPONSE if params['versioned_project'].nil?
+      in_bolt_project(params['versioned_project']) do |context|
         plans_response = plan_list(context[:pal])
 
         # Dig in context for the allowlist of plans from project object
@@ -582,6 +597,8 @@ module BoltServer
         # to bolt-server smaller/simpler.
         [200, plans_response.to_json]
       end
+    rescue Bolt::Error => e
+      [400, e.to_json]
     end
 
     # Fetches the list of tasks for an environment
@@ -601,9 +618,10 @@ module BoltServer
 
     # Fetches the list of tasks for a bolt-project
     #
-    # @param project_ref [String] the project to fetch the list of tasks from
+    # @param versioned_project [String] the project to fetch the list of tasks from
     get '/project_tasks' do
-      in_bolt_project(params['project_ref']) do |context|
+      return MISSING_VERSIONED_PROJECT_RESPONSE if params['versioned_project'].nil?
+      in_bolt_project(params['versioned_project']) do |context|
         tasks_response = task_list(context[:pal])
 
         # Dig in context for the allowlist of tasks from project object
@@ -615,28 +633,69 @@ module BoltServer
         # to bolt-server smaller/simpler.
         [200, tasks_response.to_json]
       end
+    rescue Bolt::Error => e
+      [400, e.to_json]
     end
 
     # Implements puppetserver's file_metadatas endpoint for projects.
     #
-    # @param project_ref [String] the project_ref to fetch the file metadatas from
+    # @param versioned_project [String] the versioned_project to fetch the file metadatas from
     get '/project_file_metadatas/:module_name/*' do
-      in_bolt_project(params['project_ref']) do |context|
+      return MISSING_VERSIONED_PROJECT_RESPONSE if params['versioned_project'].nil?
+      in_bolt_project(params['versioned_project']) do |context|
         file = params[:splat].first
         metadatas = file_metadatas(context[:pal], params[:module_name], file)
         [200, metadatas.to_json]
       end
+    rescue Bolt::Error => e
+      [400, e.to_json]
     rescue ArgumentError => e
       [400, e.message]
     end
 
+    # Returns a list of targets parsed from a Project inventory
+    #
+    # @param versioned_project [String] the versioned_project to compute the inventory from
+    post '/project_inventory_targets' do
+      return MISSING_VERSIONED_PROJECT_RESPONSE if params['versioned_project'].nil?
+      content_type :json
+      body = JSON.parse(request.body.read)
+      error = validate_schema(@schemas["connect-data"], body)
+      return [400, error_result(error).to_json] unless error.nil?
+      in_bolt_project(params['versioned_project']) do |context|
+        if context[:config].inventoryfile &&
+           context[:config].project.inventory_file.to_s !=
+           context[:config].inventoryfile
+          raise Bolt::ValidationError, "Project inventory must be defined in the " \
+            "inventory.yaml file at the root of the project directory"
+        end
+
+        Bolt::Util.validate_file('inventory file', context[:config].project.inventory_file)
+
+        begin
+          connect_plugin = BoltServer::Plugin::PuppetConnectData.new(body['puppet_connect_data'])
+          plugins = Bolt::Plugin.setup(context[:config], context[:pal], load_plugins: false)
+          plugins.add_plugin(connect_plugin)
+          inventory = Bolt::Inventory.from_config(context[:config], plugins)
+          target_list = inventory.get_targets('all').map { |targ| targ.to_h.merge({ 'transport' => targ.transport }) }
+        rescue Bolt::Plugin::PluginError::LoadingDisabled => e
+          msg = "Cannot load plugin #{e.details['plugin_name']}: plugin not supported"
+          raise BoltServer::Plugin::PluginNotSupported.new(msg, e.details['plugin_name'])
+        end
+
+        [200, target_list.to_json]
+      end
+    rescue Bolt::Error => e
+      [500, e.to_json]
+    end
+
     error 404 do
       err = Bolt::Error.new("Could not find route #{request.path}",
                             'boltserver/not-found')
       [404, err.to_json]
     end
 
-    error 500 do
+    error StandardError do
       e = env['sinatra.error']
       err = Bolt::Error.new("500: Unknown error: #{e.message}",
                             'boltserver/server-error')