bolt 2.35.0 → 2.40.2

data/lib/bolt/{project_migrator/inventory.rb → project_manager/inventory_migrator.rb}

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
-require 'bolt/project_migrator/base'
+require 'bolt/project_manager/migrator'
 
 module Bolt
-  class ProjectMigrator
-    class Inventory < Base
+  class ProjectManager
+    class InventoryMigrator < Migrator
       def migrate(inventory_file, backup_dir)
         inventory1to2(inventory_file, backup_dir)
       end

data/lib/bolt/{project_migrator/base.rb → project_manager/migrator.rb}

@@ -4,8 +4,8 @@ require 'fileutils'
 require 'bolt/error'
 
 module Bolt
-  class ProjectMigrator
-    class Base
+  class ProjectManager
+    class Migrator
       def initialize(outputter)
         @outputter = outputter
       end

data/lib/bolt/{project_migrator/modules.rb → project_manager/module_migrator.rb}

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
-require 'bolt/project_migrator/base'
+require 'bolt/project_manager/migrator'
 
 module Bolt
-  class ProjectMigrator
-    class Modules < Base
+  class ProjectManager
+    class ModuleMigrator < Migrator
       def migrate(project, configured_modulepath)
         return true unless project.modules.nil?
 
@@ -61,6 +61,7 @@ module Bolt
         # Create specs to resolve from
         specs = Bolt::ModuleInstaller::Specs.new(modules.map(&:to_hash))
 
+        @outputter.start_spin
         # Attempt to resolve dependencies
         begin
           @outputter.print_message('')
@@ -72,6 +73,7 @@ module Bolt
         end
 
         migrate_managed_modules(puppetfile, puppetfile_path, managed_moduledir)
+        @outputter.stop_spin
 
         # Move remaining modules to 'modules'
         consolidate_modules(modulepath)

data/lib/bolt/puppetdb/client.rb

@@ -18,6 +18,7 @@ module Bolt
       def query_certnames(query)
         return [] unless query
 
+        @logger.debug("Querying certnames")
         results = make_query(query)
 
         if results&.first && !results.first&.key?('certname')
@@ -34,6 +35,8 @@ module Bolt
         certnames.uniq!
         name_query = certnames.map { |c| ["=", "certname", c] }
         name_query.insert(0, "or")
+
+        @logger.debug("Querying certnames")
         result = make_query(name_query, 'inventory')
 
         result&.each_with_object({}) do |node, coll|
@@ -52,6 +55,8 @@ module Bolt
         facts_query.insert(0, "or")
 
         query = ['and', name_query, facts_query]
+
+        @logger.debug("Querying certnames")
         result = make_query(query, 'fact-contents')
         result.map! { |h| h.delete_if { |k, _v| %w[environment name].include?(k) } }
         result.group_by { |c| c['certname'] }
@@ -63,11 +68,13 @@ module Bolt
         url += "/#{path}" if path
 
         begin
+          @logger.debug("Sending PuppetDB query to #{url}")
           response = http_client.post(url, body: body, header: headers)
         rescue StandardError => e
           raise Bolt::PuppetDBFailoverError, "Failed to query PuppetDB: #{e}"
         end
 
+        @logger.debug("Got response code #{response.code} from PuppetDB")
         if response.code != 200
           msg = "Failed to query PuppetDB: #{response.body}"
           if response.code == 400
@@ -92,6 +99,7 @@ module Bolt
         return @http if @http
         # lazy-load expensive gem code
         require 'httpclient'
+        @logger.trace("Creating HTTP Client")
         @http = HTTPClient.new
         @http.ssl_config.set_client_cert_file(@config.cert, @config.key) if @config.cert
         @http.ssl_config.add_trust_ca(@config.cacert)

data/lib/bolt/puppetdb/config.rb

@@ -18,8 +18,7 @@ module Bolt
       end
 
       def self.default_windows_config
-        require 'win32/dir'
-        File.expand_path(File.join(Dir::COMMON_APPDATA, 'PuppetLabs/client-tools/puppetdb.conf'))
+        File.expand_path(File.join(ENV['ALLUSERSPROFILE'], 'PuppetLabs/client-tools/puppetdb.conf'))
       end
 
       def self.load_config(options, project_path = nil)

data/lib/bolt/rerun.rb

@@ -12,15 +12,11 @@ module Bolt
     end
 
     def data
-      @data ||= JSON.parse(File.read(@path))
+      @data ||= Bolt::Util.read_json_file(@path, 'rerun')
       unless @data.is_a?(Array) && @data.all? { |r| r['target'] && r['status'] }
         raise Bolt::FileError.new("Missing data in rerun file: #{@path}", @path)
       end
       @data
-    rescue JSON::ParserError
-      raise Bolt::FileError.new("Could not parse rerun file: #{@path}", @path)
-    rescue IOError, SystemCallError
-      raise Bolt::FileError.new("Could not read rerun file: #{@path}", @path)
     end
 
     def get_targets(filter)

data/lib/bolt/shell/bash.rb

@@ -199,7 +199,7 @@ module Bolt
         lines = buffer.split(/(?<=\n)/)
         # handle_sudo will return the line if it is not a sudo prompt or error
         lines.map! { |line| handle_sudo(inp, line, stdin) }
-        lines.join("")
+        lines.join
       # If stream has reached EOF, no password prompt is expected
       # return an empty string
       rescue EOFError
@@ -436,8 +436,14 @@ module Bolt
         result_output.stderr << read_streams[err]
         result_output.exit_code = t.value.respond_to?(:exitstatus) ? t.value.exitstatus : t.value
 
-        if result_output.exit_code == 0
+        case result_output.exit_code
+        when 0
           @logger.trace { "Command `#{command_str}` returned successfully" }
+        when 126
+          msg = "\n\nThis may be caused by the default tmpdir being mounted "\
+            "using 'noexec'. See http://pup.pt/task-failure for details and workarounds."
+          result_output.stderr << msg
+          @logger.trace { "Command #{command_str} failed with exit code #{result_output.exit_code}" }
         else
           @logger.trace { "Command #{command_str} failed with exit code #{result_output.exit_code}" }
         end

data/lib/bolt/shell/powershell.rb

@@ -14,6 +14,22 @@ module Bolt
         extensions = [target.options['extensions'] || []].flatten.map { |ext| ext[0] == '.' ? ext : '.' + ext }
         extensions += target.options['interpreters'].keys if target.options['interpreters']
         @extensions = DEFAULT_EXTENSIONS + extensions
+        validate_ps_version
+      end
+
+      def validate_ps_version
+        version = execute("$PSVersionTable.PSVersion.Major").stdout.string.chomp
+        if !version.empty? && version.to_i < 3
+          # This lets us know how many targets have Powershell 2, and lets the
+          # user know how many targets they have with PS2
+          msg = "Detected PowerShell 2 on one or more targets.\nPowerShell 2 "\
+            "is deprecated, and support will be removed in Bolt 3.0. See "\
+            "bolt-debug.log or run with '--log-level debug' to see the full "\
+            "list of targets with PowerShell 2."
+
+          Bolt::Logger.deprecation_warning("PowerShell 2", msg)
+          @logger.debug("Detected PowerShell 2 on #{target}.")
+        end
       end
 
       def provided_features
@@ -177,7 +193,8 @@ module Bolt
       def run_command(command, options = {}, position = [])
         command = [*env_declarations(options[:env_vars]), command].join("\r\n") if options[:env_vars]
 
-        output = execute(command)
+        wrap_command = conn.is_a?(Bolt::Transport::Local::Connection)
+        output = execute(command, wrap_command)
         Bolt::Result.for_command(target,
                                  output.stdout.string,
                                  output.stderr.string,
@@ -268,8 +285,9 @@ module Bolt
         end
       end
 
-      def execute(command)
-        if conn.max_command_length && command.length > conn.max_command_length
+      def execute(command, wrap_command = false)
+        if (conn.max_command_length && command.length > conn.max_command_length) ||
+           wrap_command
           return with_tmpdir do |dir|
             command += "\r\nif (!$?) { if($LASTEXITCODE) { exit $LASTEXITCODE } else { exit 1 } }"
             script_file = File.join(dir, "#{SecureRandom.uuid}_wrapper.ps1")

data/lib/bolt/target.rb

@@ -80,6 +80,10 @@ module Bolt
       inventory_target.resources
     end
 
+    def set_local_defaults
+      inventory_target.set_local_defaults
+    end
+
     # rubocop:disable Naming/AccessorMethodName
     def set_resource(resource)
       inventory_target.set_resource(resource)

data/lib/bolt/task/run.rb

@@ -42,7 +42,7 @@ module Bolt
         if targets.empty?
           Bolt::ResultSet.new([])
         else
-          result = executor.run_task_with_minimal_logging(targets, task, params, options)
+          result = executor.run_task(targets, task, params, options, [], :trace)
 
           if !result.ok && !options[:catch_errors]
             raise Bolt::RunFailure.new(result, 'run_task', task.name)

data/lib/bolt/transport/local.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'bolt/logger'
 require 'bolt/transport/simple'
 
 module Bolt
@@ -10,6 +11,18 @@ module Bolt
       end
 
       def with_connection(target)
+        if target.transport_config['bundled-ruby'] || target.name == 'localhost'
+          target.set_local_defaults
+        end
+
+        if target.name != 'localhost' &&
+           !target.transport_config.key?('bundled-ruby')
+          msg = "The local transport will default to using Bolt's Ruby interpreter and "\
+            "setting the 'puppet-agent' feature in Bolt 3.0. Enable or disable these "\
+            "defaults by setting 'bundled-ruby' in the local transport config."
+          Bolt::Logger.warn_once('local default config', msg)
+        end
+
         yield Connection.new(target)
       end
     end

data/lib/bolt/transport/ssh/exec_connection.rb

@@ -12,8 +12,12 @@ module Bolt
           raise Bolt::ValidationError, "Target #{target.safe_name} does not have a host" unless target.host
 
           @target = target
-          ssh_config = Net::SSH::Config.for(target.host)
-          @user = @target.user || ssh_config[:user] || Etc.getlogin
+          begin
+            ssh_config = Net::SSH::Config.for(target.host)
+            @user = @target.user || ssh_config[:user] || Etc.getlogin
+          rescue StandardError
+            @user = @target.user || Etc.getlogin
+          end
           @logger = Bolt::Logger.logger(self)
         end
 

data/lib/bolt/util.rb

@@ -22,6 +22,28 @@ module Bolt
         raise Bolt::FileError.new("Error attempting to read #{file}: #{e}", file)
       end
 
+      def read_json_file(path, filename)
+        require 'json'
+
+        logger = Bolt::Logger.logger(self)
+        path = File.expand_path(path)
+        content = JSON.parse(File.read(path))
+        logger.trace("Loaded #{filename} from #{path}")
+        content
+      rescue Errno::ENOENT
+        raise Bolt::FileError.new("Could not read #{filename} file at #{path}", path)
+      rescue JSON::ParserError => e
+        msg = "Unable to parse #{filename} file at #{path} as JSON: #{e.message}"
+        raise Bolt::FileError.new(msg, path)
+      rescue IOError, SystemCallError => e
+        raise Bolt::FileError.new("Could not read #{filename} file at #{path}\n#{e.message}",
+                                  path)
+      end
+
+      def read_optional_json_file(path, file_name)
+        File.exist?(path) && !File.zero?(path) ? read_yaml_hash(path, file_name) : {}
+      end
+
       def read_yaml_hash(path, file_name)
         require 'yaml'
 
@@ -29,19 +51,26 @@ module Bolt
         path = File.expand_path(path)
         content = File.open(path, "r:UTF-8") { |f| YAML.safe_load(f.read) } || {}
         unless content.is_a?(Hash)
-          msg = "Invalid content for #{file_name} file: #{path} should be a Hash or empty, not #{content.class}"
-          raise Bolt::FileError.new(msg, path)
+          raise Bolt::FileError.new(
+            "Invalid content for #{file_name} file at #{path}\nContent should be a Hash or empty, "\
+            "not #{content.class}",
+            path
+          )
         end
         logger.trace("Loaded #{file_name} from #{path}")
         content
       rescue Errno::ENOENT
-        raise Bolt::FileError.new("Could not read #{file_name} file: #{path}", path)
+        raise Bolt::FileError.new("Could not read #{file_name} file at #{path}", path)
+      rescue Psych::SyntaxError => e
+        raise Bolt::FileError.new("Could not parse #{file_name} file at #{path}, line #{e.line}, "\
+                                  "column #{e.column}\n#{e.problem}",
+                                  path)
       rescue Psych::Exception => e
-        raise Bolt::FileError.new("Could not parse #{file_name} file: #{path}\n"\
-                                  "Error at line #{e.line} column #{e.column}", path)
+        raise Bolt::FileError.new("Could not parse #{file_name} file at #{path}\n#{e.message}",
+                                  path)
       rescue IOError, SystemCallError => e
-        raise Bolt::FileError.new("Could not read #{file_name} file: #{path}\n"\
-                                  "error: #{e}", path)
+        raise Bolt::FileError.new("Could not read #{file_name} file at #{path}\n#{e.message}",
+                                  path)
       end
 
       def read_optional_yaml_hash(path, file_name)

data/lib/bolt/validator.rb

@@ -0,0 +1,227 @@
+# frozen_string_literal: true
+
+require 'bolt/error'
+
+# This class validates config against a schema, raising an error that includes
+# details about any invalid configuration.
+#
+module Bolt
+  class Validator
+    attr_reader :deprecations, :warnings
+
+    def initialize
+      @errors       = []
+      @deprecations = []
+      @warnings     = []
+      @path         = []
+    end
+
+    # This is the entry method for validating data against the schema.
+    #
+    def validate(data, schema, location = nil)
+      @schema   = schema
+      @location = location
+
+      validate_value(data, schema)
+
+      raise_error
+    end
+
+    # Raises a ValidationError if there are any errors. All error messages
+    # created during validation are concatenated into a single error
+    # message.
+    #
+    private def raise_error
+      return unless @errors.any?
+
+      message = "Invalid configuration"
+      message += " at #{@location}" if @location
+      message += ":\n"
+      message += @errors.map { |error| "\s\s#{error}" }.join("\n")
+
+      raise Bolt::ValidationError, message
+    end
+
+    # Validate an individual value. This performs validation that is
+    # common to all values, including type validation. After validating
+    # the value's type, the value is passed off to an individual
+    # validation method for the value's type.
+    #
+    private def validate_value(value, definition, plugin_supported = false)
+      definition       = @schema.dig(:definitions, definition[:_ref]) if definition[:_ref]
+      plugin_supported = definition[:_plugin] if definition.key?(:_plugin)
+
+      return if plugin_reference?(value, plugin_supported)
+      return unless valid_type?(value, definition)
+
+      case value
+      when Hash
+        validate_hash(value, definition, plugin_supported)
+      when Array
+        validate_array(value, definition, plugin_supported)
+      when String
+        validate_string(value, definition)
+      when Numeric
+        validate_number(value, definition)
+      end
+    end
+
+    # Validates a hash value, logging errors for any validations that fail.
+    # This will enumerate each key-value pair in the hash and validate each
+    # value individually.
+    #
+    private def validate_hash(value, definition, plugin_supported)
+      properties = definition[:properties] ? definition[:properties].keys : []
+
+      if definition[:properties] && definition[:additionalProperties].nil?
+        validate_keys(value.keys, properties)
+      end
+
+      if definition[:required] && (definition[:required] - value.keys).any?
+        missing = definition[:required] - value.keys
+        @errors << "Value at '#{path}' is missing required keys #{missing.join(', ')}"
+      end
+
+      value.each_pair do |key, val|
+        @path.push(key)
+
+        if properties.include?(key)
+          check_deprecated(key, definition[:properties][key])
+          validate_value(val, definition[:properties][key], plugin_supported)
+        elsif definition[:additionalProperties].is_a?(Hash)
+          validate_value(val, definition[:additionalProperties], plugin_supported)
+        end
+      ensure
+        @path.pop
+      end
+    end
+
+    # Validates an array value, logging errors for any validations that fail.
+    # This will enumerate the items in the array and validate each item
+    # individually.
+    #
+    private def validate_array(value, definition, plugin_supported)
+      if definition[:uniqueItems] && value.size != value.uniq.size
+        @errors << "Value at '#{path}' must not include duplicate elements"
+        return
+      end
+
+      return unless definition.key?(:items)
+
+      value.each_with_index do |item, index|
+        @path.push(index)
+        validate_value(item, definition[:items], plugin_supported)
+      ensure
+        @path.pop
+      end
+    end
+
+    # Validates a string value, logging errors for any validations that fail.
+    #
+    private def validate_string(value, definition)
+      if definition.key?(:enum) && !definition[:enum].include?(value)
+        message  = "Value at '#{path}' must be "
+        message += "one of " if definition[:enum].count > 1
+        message += definition[:enum].join(', ')
+        multitype_error(message, value, definition)
+      end
+    end
+
+    # Validates a numeric value, logging errors for any validations that fail.
+    #
+    private def validate_number(value, definition)
+      if definition.key?(:minimum) && value < definition[:minimum]
+        @errors << "Value at '#{path}' must be a minimum of #{definition[:minimum]}"
+      end
+
+      if definition.key?(:maximum) && value > definition[:maximum]
+        @errors << "Value at '#{path}' must be a maximum of #{definition[:maximum]}"
+      end
+    end
+
+    # Adds warnings for unknown config options.
+    #
+    private def validate_keys(keys, known_keys)
+      (keys - known_keys).each do |key|
+        message  = "Unknown option '#{key}'"
+        message += " at '#{path}'" if @path.any?
+        message += " at #{@location}" if @location
+        message += "."
+        @warnings << message
+      end
+    end
+
+    # Adds a warning if the given option is deprecated.
+    #
+    private def check_deprecated(key, definition)
+      definition = @schema.dig(:definitions, definition[:_ref]) if definition[:_ref]
+
+      if definition.key?(:_deprecation)
+        message  = "Option '#{path}' "
+        message += "at #{@location} " if @location
+        message += "is deprecated. #{definition[:_deprecation]}"
+        @deprecations << { option: key, message: message }
+      end
+    end
+
+    # Returns true if a value is a plugin reference. This also validates whether
+    # a value can be a plugin reference in the first place. If the value is a
+    # plugin reference but cannot be one according to the schema, then this will
+    # log an error.
+    #
+    private def plugin_reference?(value, plugin_supported)
+      if value.is_a?(Hash) && value.key?('_plugin')
+        unless plugin_supported
+          @errors << "Value at '#{path}' is a plugin reference, which is unsupported at "\
+                      "this location"
+        end
+
+        true
+      else
+        false
+      end
+    end
+
+    # Asserts the type for each option against the type specified in the schema
+    # definition. The schema definition can specify multiple valid types, so the
+    # value needs to only match one of the types to be valid. Returns early if
+    # there is no type in the definition (in practice this shouldn't happen, but
+    # this will safeguard against any dev mistakes).
+    #
+    private def valid_type?(value, definition)
+      return unless definition.key?(:type)
+
+      types = Array(definition[:type])
+
+      if types.include?(value.class)
+        true
+      else
+        if types.include?(TrueClass) || types.include?(FalseClass)
+          types = types - [TrueClass, FalseClass] + ['Boolean']
+        end
+
+        @errors << "Value at '#{path}' must be of type #{types.join(' or ')}"
+
+        false
+      end
+    end
+
+    # Adds an error that includes additional helpful information for values
+    # that accept multiple types.
+    #
+    private def multitype_error(message, value, definition)
+      if Array(definition[:type]).count > 1
+        types    = Array(definition[:type]) - [value.class]
+        message += " or must be of type #{types.join(' or ')}"
+      end
+
+      @errors << message
+    end
+
+    # Returns the formatted path for the key.
+    #
+    private def path
+      @path.join('.')
+    end
+  end
+end