bolt 2.37.0 → 2.44.0

data/lib/bolt/project_manager.rb

@@ -103,7 +103,9 @@ module Bolt
       # early here and not initialize the project if the modules cannot be
       # resolved and installed.
       if modules
+        @outputter.start_spin
         Bolt::ModuleInstaller.new(@outputter, @pal).install(modules, puppetfile, moduledir)
+        @outputter.stop_spin
       end
 
       data = { 'name' => project_name }

data/lib/bolt/project_manager/config_migrator.rb

@@ -72,7 +72,15 @@ module Bolt
         data     = Bolt::Util.read_yaml_hash(project_file, 'config')
         modified = false
 
-        [%w[apply_settings apply-settings], %w[plugin_hooks plugin-hooks]].each do |old, new|
+        # Keys to update. The first element is the old key, while the second is
+        # the key update it to.
+        to_update = [
+          %w[apply_settings apply-settings],
+          %w[puppetfile module-install],
+          %w[plugin_hooks plugin-hooks]
+        ]
+
+        to_update.each do |old, new|
           next unless data.key?(old)
 
           if data.key?(new)

data/lib/bolt/project_manager/module_migrator.rb

@@ -61,6 +61,7 @@ module Bolt
         # Create specs to resolve from
         specs = Bolt::ModuleInstaller::Specs.new(modules.map(&:to_hash))
 
+        @outputter.start_spin
         # Attempt to resolve dependencies
         begin
           @outputter.print_message('')
@@ -72,6 +73,7 @@ module Bolt
         end
 
         migrate_managed_modules(puppetfile, puppetfile_path, managed_moduledir)
+        @outputter.stop_spin
 
         # Move remaining modules to 'modules'
         consolidate_modules(modulepath)

data/lib/bolt/puppetdb/client.rb

@@ -18,6 +18,7 @@ module Bolt
       def query_certnames(query)
         return [] unless query
 
+        @logger.debug("Querying certnames")
         results = make_query(query)
 
         if results&.first && !results.first&.key?('certname')
@@ -34,6 +35,8 @@ module Bolt
         certnames.uniq!
         name_query = certnames.map { |c| ["=", "certname", c] }
         name_query.insert(0, "or")
+
+        @logger.debug("Querying certnames")
         result = make_query(name_query, 'inventory')
 
         result&.each_with_object({}) do |node, coll|
@@ -52,6 +55,8 @@ module Bolt
         facts_query.insert(0, "or")
 
         query = ['and', name_query, facts_query]
+
+        @logger.debug("Querying certnames")
         result = make_query(query, 'fact-contents')
         result.map! { |h| h.delete_if { |k, _v| %w[environment name].include?(k) } }
         result.group_by { |c| c['certname'] }
@@ -63,11 +68,13 @@ module Bolt
         url += "/#{path}" if path
 
         begin
+          @logger.debug("Sending PuppetDB query to #{url}")
           response = http_client.post(url, body: body, header: headers)
         rescue StandardError => e
           raise Bolt::PuppetDBFailoverError, "Failed to query PuppetDB: #{e}"
         end
 
+        @logger.debug("Got response code #{response.code} from PuppetDB")
         if response.code != 200
           msg = "Failed to query PuppetDB: #{response.body}"
           if response.code == 400
@@ -92,6 +99,7 @@ module Bolt
         return @http if @http
         # lazy-load expensive gem code
         require 'httpclient'
+        @logger.trace("Creating HTTP Client")
         @http = HTTPClient.new
         @http.ssl_config.set_client_cert_file(@config.cert, @config.key) if @config.cert
         @http.ssl_config.add_trust_ca(@config.cacert)

data/lib/bolt/rerun.rb

@@ -49,7 +49,7 @@ module Bolt
         end
       end
     rescue StandardError => e
-      Bolt::Logger.warn_once('unwriteable_file', "Failed to save result to #{@path}: #{e.message}")
+      Bolt::Logger.warn_once("unwriteable_file", "Failed to save result to #{@path}: #{e.message}")
     end
   end
 end

data/lib/bolt/shell/bash.rb

@@ -299,7 +299,7 @@ module Bolt
           if target.options['cleanup']
             dir.delete
           else
-            @logger.warn("Skipping cleanup of tmpdir #{dir}")
+            Bolt::Logger.warn("skip_cleanup", "Skipping cleanup of tmpdir #{dir}")
           end
         end
       end

data/lib/bolt/shell/bash/tmpdir.rb

@@ -48,7 +48,10 @@ module Bolt
         def delete
           result = @shell.execute(['rm', '-rf', @path], sudoable: true, run_as: @owner)
           if result.exit_code != 0
-            @logger.warn("Failed to clean up tmpdir '#{@path}': #{result.stderr.string}")
+            Bolt::Logger.warn(
+              "fail_cleanup",
+              "Failed to clean up tmpdir '#{@path}': #{result.stderr.string}"
+            )
           end
           # For testing
           result.stderr.string

data/lib/bolt/shell/powershell.rb

@@ -27,7 +27,7 @@ module Bolt
             "bolt-debug.log or run with '--log-level debug' to see the full "\
             "list of targets with PowerShell 2."
 
-          Bolt::Logger.deprecation_warning("PowerShell 2", msg)
+          Bolt::Logger.deprecate_once("powershell_2", msg)
           @logger.debug("Detected PowerShell 2 on #{target}.")
         end
       end
@@ -163,7 +163,7 @@ module Bolt
           if target.options['cleanup']
             rmdir(@tmpdir)
           else
-            @logger.warn("Skipping cleanup of tmpdir '#{@tmpdir}'")
+            Bolt::Logger.warn("Skipping cleanup of tmpdir '#{@tmpdir}'", "skip_cleanup")
           end
         end
       end
@@ -193,7 +193,8 @@ module Bolt
       def run_command(command, options = {}, position = [])
         command = [*env_declarations(options[:env_vars]), command].join("\r\n") if options[:env_vars]
 
-        output = execute(command)
+        wrap_command = conn.is_a?(Bolt::Transport::Local::Connection)
+        output = execute(command, wrap_command)
         Bolt::Result.for_command(target,
                                  output.stdout.string,
                                  output.stderr.string,
@@ -284,8 +285,9 @@ module Bolt
         end
       end
 
-      def execute(command)
-        if conn.max_command_length && command.length > conn.max_command_length
+      def execute(command, wrap_command = false)
+        if (conn.max_command_length && command.length > conn.max_command_length) ||
+           wrap_command
           return with_tmpdir do |dir|
             command += "\r\nif (!$?) { if($LASTEXITCODE) { exit $LASTEXITCODE } else { exit 1 } }"
             script_file = File.join(dir, "#{SecureRandom.uuid}_wrapper.ps1")

data/lib/bolt/target.rb

@@ -80,6 +80,10 @@ module Bolt
       inventory_target.resources
     end
 
+    def set_local_defaults
+      inventory_target.set_local_defaults
+    end
+
     # rubocop:disable Naming/AccessorMethodName
     def set_resource(resource)
       inventory_target.set_resource(resource)

data/lib/bolt/task.rb

@@ -149,7 +149,7 @@ module Bolt
       if unknown_keys.any?
         msg = "Metadata for task '#{@name}' contains unknown keys: #{unknown_keys.join(', ')}."
         msg += " This could be a typo in the task metadata or may result in incorrect behavior."
-        @logger.warn(msg)
+        Bolt::Logger.warn("unknown_task_metadata_keys", msg)
       end
     end
   end

data/lib/bolt/transport/docker/connection.rb

@@ -140,10 +140,10 @@ module Bolt
             if @target.options['cleanup']
               _, stderr, exitcode = execute('rm', '-rf', dir, {})
               if exitcode != 0
-                @logger.warn("Failed to clean up tmpdir '#{dir}': #{stderr}")
+                Bolt::Logger.warn("fail_cleanup", "Failed to clean up tmpdir '#{dir}': #{stderr}")
               end
             else
-              @logger.warn("Skipping cleanup of tmpdir '#{dir}'")
+              Bolt::Logger.warn("skip_cleanup", "Skipping cleanup of tmpdir '#{dir}'")
             end
           end
         end

data/lib/bolt/transport/local.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'bolt/logger'
 require 'bolt/transport/simple'
 
 module Bolt
@@ -10,6 +11,18 @@ module Bolt
       end
 
       def with_connection(target)
+        if target.transport_config['bundled-ruby'] || target.name == 'localhost'
+          target.set_local_defaults
+        end
+
+        if target.name != 'localhost' &&
+           !target.transport_config.key?('bundled-ruby')
+          msg = "The local transport will default to using Bolt's Ruby interpreter and "\
+            "setting the 'puppet-agent' feature in Bolt 3.0. Enable or disable these "\
+            "defaults by setting 'bundled-ruby' in the local transport config."
+          Bolt::Logger.warn_once("local_default_config", msg)
+        end
+
         yield Connection.new(target)
       end
     end

data/lib/bolt/transport/orch/connection.rb

@@ -21,7 +21,7 @@ module Bolt
 
           @logger = logger
           @key = self.class.get_key(opts)
-          client_opts = opts.slice('token-file', 'cacert', 'job-poll-interval', 'job-poll-timeout')
+          client_opts = opts.slice('token-file', 'cacert', 'job-poll-interval', 'job-poll-timeout', 'read-timeout')
 
           if opts['service-url']
             uri = Addressable::URI.parse(opts['service-url'])

data/lib/bolt/transport/ssh.rb

@@ -23,8 +23,7 @@ module Bolt
 
       def with_connection(target)
         if target.transport_config['ssh-command'] && !target.transport_config['native-ssh']
-          Bolt::Logger.warn_once("ssh-command and native-ssh conflict",
-                                 "native-ssh must be true to use ssh-command")
+          Bolt::Logger.warn_once("native_ssh_disabled", "native-ssh must be true to use ssh-command")
         end
 
         conn = if target.transport_config['native-ssh']

data/lib/bolt/transport/ssh/connection.rb

@@ -34,7 +34,7 @@ module Bolt
             begin
               Bolt::Util.validate_file('ssh key', target.options['private-key'])
             rescue Bolt::FileError => e
-              @logger.warn(e.msg)
+              Bolt::Logger.warn("invalid_ssh_key", e.msg)
             end
           end
         end

data/lib/bolt/validator.rb

@@ -0,0 +1,227 @@
+# frozen_string_literal: true
+
+require 'bolt/error'
+
+# This class validates config against a schema, raising an error that includes
+# details about any invalid configuration.
+#
+module Bolt
+  class Validator
+    attr_reader :deprecations, :warnings
+
+    def initialize
+      @errors       = []
+      @deprecations = []
+      @warnings     = []
+      @path         = []
+    end
+
+    # This is the entry method for validating data against the schema.
+    #
+    def validate(data, schema, location = nil)
+      @schema   = schema
+      @location = location
+
+      validate_value(data, schema)
+
+      raise_error
+    end
+
+    # Raises a ValidationError if there are any errors. All error messages
+    # created during validation are concatenated into a single error
+    # message.
+    #
+    private def raise_error
+      return unless @errors.any?
+
+      message = "Invalid configuration"
+      message += " at #{@location}" if @location
+      message += ":\n"
+      message += @errors.map { |error| "\s\s#{error}" }.join("\n")
+
+      raise Bolt::ValidationError, message
+    end
+
+    # Validate an individual value. This performs validation that is
+    # common to all values, including type validation. After validating
+    # the value's type, the value is passed off to an individual
+    # validation method for the value's type.
+    #
+    private def validate_value(value, definition, plugin_supported = false)
+      definition       = @schema.dig(:definitions, definition[:_ref]) if definition[:_ref]
+      plugin_supported = definition[:_plugin] if definition.key?(:_plugin)
+
+      return if plugin_reference?(value, plugin_supported)
+      return unless valid_type?(value, definition)
+
+      case value
+      when Hash
+        validate_hash(value, definition, plugin_supported)
+      when Array
+        validate_array(value, definition, plugin_supported)
+      when String
+        validate_string(value, definition)
+      when Numeric
+        validate_number(value, definition)
+      end
+    end
+
+    # Validates a hash value, logging errors for any validations that fail.
+    # This will enumerate each key-value pair in the hash and validate each
+    # value individually.
+    #
+    private def validate_hash(value, definition, plugin_supported)
+      properties = definition[:properties] ? definition[:properties].keys : []
+
+      if definition[:properties] && definition[:additionalProperties].nil?
+        validate_keys(value.keys, properties)
+      end
+
+      if definition[:required] && (definition[:required] - value.keys).any?
+        missing = definition[:required] - value.keys
+        @errors << "Value at '#{path}' is missing required keys #{missing.join(', ')}"
+      end
+
+      value.each_pair do |key, val|
+        @path.push(key)
+
+        if properties.include?(key)
+          check_deprecated(key, definition[:properties][key])
+          validate_value(val, definition[:properties][key], plugin_supported)
+        elsif definition[:additionalProperties].is_a?(Hash)
+          validate_value(val, definition[:additionalProperties], plugin_supported)
+        end
+      ensure
+        @path.pop
+      end
+    end
+
+    # Validates an array value, logging errors for any validations that fail.
+    # This will enumerate the items in the array and validate each item
+    # individually.
+    #
+    private def validate_array(value, definition, plugin_supported)
+      if definition[:uniqueItems] && value.size != value.uniq.size
+        @errors << "Value at '#{path}' must not include duplicate elements"
+        return
+      end
+
+      return unless definition.key?(:items)
+
+      value.each_with_index do |item, index|
+        @path.push(index)
+        validate_value(item, definition[:items], plugin_supported)
+      ensure
+        @path.pop
+      end
+    end
+
+    # Validates a string value, logging errors for any validations that fail.
+    #
+    private def validate_string(value, definition)
+      if definition.key?(:enum) && !definition[:enum].include?(value)
+        message  = "Value at '#{path}' must be "
+        message += "one of " if definition[:enum].count > 1
+        message += definition[:enum].join(', ')
+        multitype_error(message, value, definition)
+      end
+    end
+
+    # Validates a numeric value, logging errors for any validations that fail.
+    #
+    private def validate_number(value, definition)
+      if definition.key?(:minimum) && value < definition[:minimum]
+        @errors << "Value at '#{path}' must be a minimum of #{definition[:minimum]}"
+      end
+
+      if definition.key?(:maximum) && value > definition[:maximum]
+        @errors << "Value at '#{path}' must be a maximum of #{definition[:maximum]}"
+      end
+    end
+
+    # Adds warnings for unknown config options.
+    #
+    private def validate_keys(keys, known_keys)
+      (keys - known_keys).each do |key|
+        message  = "Unknown option '#{key}'"
+        message += " at '#{path}'" if @path.any?
+        message += " at #{@location}" if @location
+        message += "."
+        @warnings << { id: 'unknown_option', msg: message }
+      end
+    end
+
+    # Adds a warning if the given option is deprecated.
+    #
+    private def check_deprecated(key, definition)
+      definition = @schema.dig(:definitions, definition[:_ref]) if definition[:_ref]
+
+      if definition.key?(:_deprecation)
+        message  = "Option '#{path}' "
+        message += "at #{@location} " if @location
+        message += "is deprecated. #{definition[:_deprecation]}"
+        @deprecations << { id: "#{key}_option", msg: message }
+      end
+    end
+
+    # Returns true if a value is a plugin reference. This also validates whether
+    # a value can be a plugin reference in the first place. If the value is a
+    # plugin reference but cannot be one according to the schema, then this will
+    # log an error.
+    #
+    private def plugin_reference?(value, plugin_supported)
+      if value.is_a?(Hash) && value.key?('_plugin')
+        unless plugin_supported
+          @errors << "Value at '#{path}' is a plugin reference, which is unsupported at "\
+                      "this location"
+        end
+
+        true
+      else
+        false
+      end
+    end
+
+    # Asserts the type for each option against the type specified in the schema
+    # definition. The schema definition can specify multiple valid types, so the
+    # value needs to only match one of the types to be valid. Returns early if
+    # there is no type in the definition (in practice this shouldn't happen, but
+    # this will safeguard against any dev mistakes).
+    #
+    private def valid_type?(value, definition)
+      return unless definition.key?(:type)
+
+      types = Array(definition[:type])
+
+      if types.include?(value.class)
+        true
+      else
+        if types.include?(TrueClass) || types.include?(FalseClass)
+          types = types - [TrueClass, FalseClass] + ['Boolean']
+        end
+
+        @errors << "Value at '#{path}' must be of type #{types.join(' or ')}"
+
+        false
+      end
+    end
+
+    # Adds an error that includes additional helpful information for values
+    # that accept multiple types.
+    #
+    private def multitype_error(message, value, definition)
+      if Array(definition[:type]).count > 1
+        types    = Array(definition[:type]) - [value.class]
+        message += " or must be of type #{types.join(' or ')}"
+      end
+
+      @errors << message
+    end
+
+    # Returns the formatted path for the key.
+    #
+    private def path
+      @path.join('.')
+    end
+  end
+end