bolt 2.4.0 → 2.5.0

data/lib/bolt/{transport/sudoable → shell/bash}/tmpdir.rb

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
 module Bolt
-  module Transport
-    class Sudoable < Base
+  class Shell
+    class Bash < Shell
       class Tmpdir
-        def initialize(node, path)
-          @conn = node
-          @owner = node.user
+        def initialize(shell, path)
+          @shell = shell
+          @owner = shell.conn.user
           @path = path
-          @logger = node.logger
+          @logger = shell.logger
         end
 
         def to_s
@@ -17,7 +17,7 @@ module Bolt
 
         def mkdirs(subdirs)
           abs_subdirs = subdirs.map { |subdir| File.join(@path, subdir) }
-          result = @conn.execute(['mkdir', '-p'] + abs_subdirs)
+          result = @shell.execute(['mkdir', '-p'] + abs_subdirs)
           if result.exit_code != 0
             message = "Could not create subdirectories in '#{@path}': #{result.stderr.string}"
             raise Bolt::Node::FileError.new(message, 'MKDIR_ERROR')
@@ -27,7 +27,7 @@ module Bolt
         def chown(owner)
           return if owner.nil? || owner == @owner
 
-          result = @conn.execute(['id', '-g', owner])
+          result = @shell.execute(['id', '-g', owner])
           if result.exit_code != 0
             message = "Could not identify group of user #{owner}: #{result.stderr.string}"
             raise Bolt::Node::FileError.new(message, 'ID_ERROR')
@@ -35,7 +35,7 @@ module Bolt
           group = result.stdout.string.chomp
 
           # Chown can only be run by root.
-          result = @conn.execute(['chown', '-R', "#{owner}:#{group}", @path], sudoable: true, run_as: 'root')
+          result = @shell.execute(['chown', '-R', "#{owner}:#{group}", @path], sudoable: true, run_as: 'root')
           if result.exit_code != 0
             message = "Could not change owner of '#{@path}' to #{owner}: #{result.stderr.string}"
             raise Bolt::Node::FileError.new(message, 'CHOWN_ERROR')
@@ -46,7 +46,7 @@ module Bolt
         end
 
         def delete
-          result = @conn.execute(['rm', '-rf', @path], sudoable: true, run_as: @owner)
+          result = @shell.execute(['rm', '-rf', @path], sudoable: true, run_as: @owner)
           if result.exit_code != 0
             @logger.warn("Failed to clean up tempdir '#{@path}': #{result.stderr.string}")
           end

data/lib/bolt/target.rb

@@ -129,6 +129,11 @@ module Bolt
       inventory_target.transport
     end
 
+    def transport_config
+      inventory_target.transport_config.to_h
+    end
+    alias options transport_config
+
     def protocol
       inventory_target.protocol || inventory_target.transport
     end
@@ -141,10 +146,6 @@ module Bolt
       inventory_target.password
     end
 
-    def options
-      inventory_target.options
-    end
-
     def plugin_hooks
       inventory_target.plugin_hooks
     end

data/lib/bolt/task.rb

@@ -9,6 +9,9 @@ module Bolt
   end
 
   class Task
+    STDIN_METHODS       = %w[both stdin].freeze
+    ENVIRONMENT_METHODS = %w[both environment].freeze
+
     METADATA_KEYS = %w[description extensions files implementations
                        input_method parameters private puppet_task_version
                        remote supports_noop].freeze

data/lib/bolt/transport/base.rb

@@ -37,22 +37,19 @@ module Bolt
     # before executing, and a :node_result event for each Target after
     # execution.
     class Base
-      STDIN_METHODS       = %w[both stdin].freeze
-      ENVIRONMENT_METHODS = %w[both environment].freeze
-
       attr_reader :logger
 
       def initialize
         @logger = Logging.logger[self]
       end
 
-      def with_events(target, callback)
+      def with_events(target, callback, action)
         callback&.call(type: :node_start, target: target)
 
         result = begin
                    yield
                  rescue StandardError, NotImplementedError => e
-                   Bolt::Result.from_exception(target, e)
+                   Bolt::Result.from_exception(target, e, action: action)
                  end
 
         callback&.call(type: :node_result, result: result)
@@ -106,7 +103,7 @@ module Bolt
       def batch_task(targets, task, arguments, options = {}, &callback)
         assert_batch_size_one("batch_task()", targets)
         target = targets.first
-        with_events(target, callback) do
+        with_events(target, callback, 'task') do
           @logger.debug { "Running task run '#{task}' on #{target.safe_name}" }
           run_task(target, task, arguments, options)
         end
@@ -120,7 +117,7 @@ module Bolt
       def batch_command(targets, command, options = {}, &callback)
         assert_batch_size_one("batch_command()", targets)
         target = targets.first
-        with_events(target, callback) do
+        with_events(target, callback, 'command') do
           @logger.debug("Running command '#{command}' on #{target.safe_name}")
           run_command(target, command, options)
         end
@@ -134,7 +131,7 @@ module Bolt
       def batch_script(targets, script, arguments, options = {}, &callback)
         assert_batch_size_one("batch_script()", targets)
         target = targets.first
-        with_events(target, callback) do
+        with_events(target, callback, 'script') do
           @logger.debug { "Running script '#{script}' on #{target.safe_name}" }
           run_script(target, script, arguments, options)
         end
@@ -148,7 +145,7 @@ module Bolt
       def batch_upload(targets, source, destination, options = {}, &callback)
         assert_batch_size_one("batch_upload()", targets)
         target = targets.first
-        with_events(target, callback) do
+        with_events(target, callback, 'upload') do
           @logger.debug { "Uploading: '#{source}' to #{destination} on #{target.safe_name}" }
           upload(target, source, destination, options)
         end

data/lib/bolt/transport/docker.rb

@@ -92,11 +92,11 @@ module Bolt
 
             remote_task_path = conn.write_remote_executable(task_dir, executable)
 
-            if STDIN_METHODS.include?(input_method)
+            if Bolt::Task::STDIN_METHODS.include?(input_method)
               execute_options[:stdin] = StringIO.new(JSON.dump(arguments))
             end
 
-            if ENVIRONMENT_METHODS.include?(input_method)
+            if Bolt::Task::ENVIRONMENT_METHODS.include?(input_method)
               execute_options[:environment] = envify_params(arguments)
             end
 

data/lib/bolt/transport/local.rb

@@ -1,22 +1,19 @@
 # frozen_string_literal: true
 
+require 'bolt/transport/simple'
+
 module Bolt
   module Transport
-    class Local < Sudoable
-      def provided_features
-        ['shell']
-      end
-
-      def with_connection(target, *_args)
-        conn = Shell.new(target)
-        yield conn
+    class Local < Simple
+      def connected?(_target)
+        true
       end
 
-      def connected?(_targets)
-        true
+      def with_connection(target)
+        yield Connection.new(target)
       end
     end
   end
 end
 
-require 'bolt/transport/local/shell'
+require 'bolt/transport/local/connection'

data/lib/bolt/transport/local/connection.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'open3'
+require 'fileutils'
+require 'bolt/node/output'
+require 'bolt/util'
+
+module Bolt
+  module Transport
+    class Local < Simple
+      class Connection
+        attr_accessor :user, :logger, :target
+
+        def initialize(target)
+          @target = target
+          # The familiar problem: Etc.getlogin is broken on osx
+          @user = ENV['USER'] || Etc.getlogin
+          @logger = Logging.logger[self]
+        end
+
+        def shell
+          @shell ||= if Bolt::Util.windows?
+                       Bolt::Shell::Powershell.new(target, self)
+                     else
+                       Bolt::Shell::Bash.new(target, self)
+                     end
+        end
+
+        def copy_file(source, dest)
+          @logger.debug { "Uploading #{source}, to #{dest}" }
+          if source.is_a?(StringIO)
+            Tempfile.create(File.basename(dest)) do |f|
+              f.write(source.read)
+              FileUtils.mv(t, dest)
+            end
+          else
+            # Mimic the behavior of `cp --remove-destination`
+            # since the flag isn't supported on MacOS
+            FileUtils.cp_r(source, dest, remove_destination: true)
+          end
+        rescue StandardError => e
+          message = "Could not copy file to #{dest}: #{e}"
+          raise Bolt::Node::FileError.new(message, 'COPY_ERROR')
+        end
+
+        def execute(command)
+          Open3.popen3(command)
+        end
+
+        # This is used by the Bash shell to decide whether to `cd` before
+        # executing commands as a run-as user
+        def reset_cwd?
+          false
+        end
+      end
+    end
+  end
+end

data/lib/bolt/transport/local_windows.rb

@@ -141,8 +141,8 @@ module Bolt
           logger.debug("Running '#{script}' with #{arguments.to_json}#{interpreter_debug}")
           unwrapped_arguments = unwrap_sensitive_args(arguments)
 
-          stdin = STDIN_METHODS.include?(input_method) ? JSON.dump(unwrapped_arguments) : nil
-          if ENVIRONMENT_METHODS.include?(input_method)
+          stdin = Bolt::Task::STDIN_METHODS.include?(input_method) ? JSON.dump(unwrapped_arguments) : nil
+          if Bolt::Task::ENVIRONMENT_METHODS.include?(input_method)
             environment_params = envify_params(unwrapped_arguments).each_with_object([]) do |(arg, val), list|
               list << Powershell.set_env(arg, val)
             end
@@ -164,7 +164,7 @@ module Bolt
           end
           unless output
             if interpreter
-              env = ENVIRONMENT_METHODS.include?(input_method) ? envify_params(unwrapped_arguments) : nil
+              env = Bolt::Task::ENVIRONMENT_METHODS.include?(input_method) ? envify_params(unwrapped_arguments) : nil
               output = execute(script, stdin: stdin, env: env, dir: dir, interpreter: interpreter)
             else
               path, args = *Powershell.process_from_extension(script)

data/lib/bolt/transport/orch.rb

@@ -197,7 +197,7 @@ module Bolt
           end
         rescue StandardError => e
           targets.map do |target|
-            Bolt::Result.from_exception(target, e)
+            Bolt::Result.from_exception(target, e, 'task')
           end
         end
       end

data/lib/bolt/transport/remote.rb

@@ -34,7 +34,7 @@ module Bolt
         remote_task = task.remote_instance
 
         result = transport.run_task(proxy_target, remote_task, arguments, options)
-        Bolt::Result.new(target, value: result.value)
+        Bolt::Result.new(target, value: result.value, action: 'task', object: task.name)
       end
     end
   end

data/lib/bolt/transport/simple.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'logging'
+require 'bolt/result'
+require 'bolt/shell'
+require 'bolt/transport/base'
+
+module Bolt
+  module Transport
+    # A simple transport has a single connection per target and delegates its
+    # operation to a target-specific shell.
+    class Simple < Base
+      def with_connection(_target)
+        raise NotImplementedError, "with_connection() must be implemented by the transport class"
+      end
+
+      def connected?(target)
+        with_connection(target) { true }
+      rescue Bolt::Node::ConnectError
+        false
+      end
+
+      def run_command(target, command, options = {})
+        with_connection(target) do |conn|
+          conn.shell.run_command(command, options)
+        end
+      end
+
+      def upload(target, source, destination, options = {})
+        with_connection(target) do |conn|
+          conn.shell.upload(source, destination, options)
+        end
+      end
+
+      def run_script(target, script, arguments, options = {})
+        with_connection(target) do |conn|
+          conn.shell.run_script(script, arguments, options)
+        end
+      end
+
+      def run_task(target, task, arguments, options = {})
+        with_connection(target) do |conn|
+          conn.shell.run_task(task, arguments, options)
+        end
+      end
+    end
+  end
+end

data/lib/bolt/transport/ssh.rb

@@ -1,17 +1,11 @@
 # frozen_string_literal: true
 
 require 'bolt/node/errors'
-require 'bolt/transport/sudoable'
-require 'json'
-require 'shellwords'
+require 'bolt/transport/simple'
 
 module Bolt
   module Transport
-    class SSH < Sudoable
-      def provided_features
-        ['shell']
-      end
-
+    class SSH < Simple
       def initialize
         super
 
@@ -38,12 +32,6 @@ module Bolt
           logger.info("Failed to close connection to #{target.safe_name} : #{e.message}")
         end
       end
-
-      def connected?(target)
-        with_connection(target) { true }
-      rescue Bolt::Node::ConnectError
-        false
-      end
     end
   end
 end

data/lib/bolt/transport/ssh/connection.rb

@@ -4,15 +4,13 @@ require 'logging'
 require 'shellwords'
 require 'bolt/node/errors'
 require 'bolt/node/output'
-require 'bolt/transport/sudoable/connection'
 require 'bolt/util'
 
 module Bolt
   module Transport
-    class SSH < Sudoable
-      class Connection < Sudoable::Connection
+    class SSH < Simple
+      class Connection
         attr_reader :logger, :user, :target
-        attr_writer :run_as
 
         def initialize(target, transport_logger)
           # lazy-load expensive gem code
@@ -20,22 +18,18 @@ module Bolt
           require 'net/ssh/proxy/jump'
 
           raise Bolt::ValidationError, "Target #{target.safe_name} does not have a host" unless target.host
-          @sudo_id = SecureRandom.uuid
 
           @target = target
           @load_config = target.options['load-config']
 
           ssh_config = @load_config ? Net::SSH::Config.for(target.host) : {}
           @user = @target.user || ssh_config[:user] || Etc.getlogin
-          @run_as = nil
           @strict_host_key_checking = ssh_config[:strict_host_key_checking]
 
           @logger = Logging.logger[@target.safe_name]
           @transport_logger = transport_logger
           @logger.debug("Initializing ssh connection to #{@target.safe_name}")
 
-          @sudo_password = @target.options['sudo-password'] || @target.password
-
           if target.options['private-key']&.instance_of?(String)
             begin
               Bolt::Util.validate_file('ssh key', target.options['private-key'])
@@ -148,119 +142,70 @@ module Bolt
           end
         end
 
-        def handled_sudo(channel, data, stdin)
-          if data.lines.include?(Sudoable.sudo_prompt)
-            if @sudo_password
-              channel.send_data("#{@sudo_password}\n")
-              channel.wait
-              return true
-            else
-              # Cancel the sudo prompt to prevent later commands getting stuck
-              channel.close
-              raise Bolt::Node::EscalateError.new(
-                "Sudo password for user #{@user} was not provided for #{target.safe_name}",
-                'NO_PASSWORD'
-              )
-            end
-          elsif data =~ /^#{@sudo_id}/
-            if stdin
-              channel.send_data(stdin)
-              channel.eof!
-            end
-            return true
-          elsif data =~ /^#{@user} is not in the sudoers file\./
-            @logger.debug { data }
-            raise Bolt::Node::EscalateError.new(
-              "User #{@user} does not have sudo permission on #{target.safe_name}",
-              'SUDO_DENIED'
-            )
-          elsif data =~ /^Sorry, try again\./
-            @logger.debug { data }
-            raise Bolt::Node::EscalateError.new(
-              "Sudo password for user #{@user} not recognized on #{target.safe_name}",
-              'BAD_PASSWORD'
-            )
-          end
-          false
-        end
-
-        def execute(command, sudoable: false, **options)
-          result_output = Bolt::Node::Output.new
-          run_as = options[:run_as] || self.run_as
-          escalate = sudoable && run_as && @user != run_as
-          use_sudo = escalate && @target.options['run-as-command'].nil?
-
-          command_str = inject_interpreter(options[:interpreter], command)
-          if escalate
-            if use_sudo
-              sudo_exec = target.options['sudo-executable'] || "sudo"
-              sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", Sudoable.sudo_prompt]
-              sudo_flags += ["-E"] if options[:environment]
-              sudo_str = Shellwords.shelljoin(sudo_flags)
-            else
-              sudo_str = Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])
-            end
-            command_str = build_sudoable_command_str(command_str, sudo_str, @sudo_id, options.merge(reset_cwd: true))
-          end
-
-          # Including the environment declarations in the shelljoin will escape
-          # the = sign, so we have to handle them separately.
-          if options[:environment]
-            env_decls = options[:environment].map do |env, val|
-              "#{env}=#{Shellwords.shellescape(val)}"
-            end
-            command_str = "#{env_decls.join(' ')} #{command_str}"
-          end
-
-          @logger.debug { "Executing: #{command_str}" }
-
-          session_channel = @session.open_channel do |channel|
-            # Request a pseudo tty
-            channel.request_pty if target.options['tty']
+        def execute(command_str)
+          in_rd, in_wr = IO.pipe
+          out_rd, out_wr = IO.pipe
+          err_rd, err_wr = IO.pipe
+          th = Thread.new do
+            exit_code = nil
+            session_channel = @session.open_channel do |channel|
+              # Request a pseudo tty
+              channel.request_pty if target.options['tty']
 
-            channel.exec(command_str) do |_, success|
-              unless success
-                raise Bolt::Node::ConnectError.new(
-                  "Could not execute command: #{command_str.inspect}",
-                  'EXEC_ERROR'
-                )
-              end
+              channel.exec(command_str) do |_, success|
+                unless success
+                  raise Bolt::Node::ConnectError.new(
+                    "Could not execute command: #{command_str.inspect}",
+                    'EXEC_ERROR'
+                  )
+                end
 
-              channel.on_data do |_, data|
-                unless use_sudo && handled_sudo(channel, data, options[:stdin])
-                  result_output.stdout << data
+                channel.on_data do |_, data|
+                  out_wr << data
                 end
-                @logger.debug { "stdout: #{data.strip}" }
-              end
 
-              channel.on_extended_data do |_, _, data|
-                unless use_sudo && handled_sudo(channel, data, options[:stdin])
-                  result_output.stderr << data
+                channel.on_extended_data do |_, _, data|
+                  err_wr << data
                 end
-                @logger.debug { "stderr: #{data.strip}" }
-              end
 
-              channel.on_request("exit-status") do |_, data|
-                result_output.exit_code = data.read_long
+                channel.on_request("exit-status") do |_, data|
+                  exit_code = data.read_long
+                end
               end
-              # A wrapper is used to direct stdin when elevating privilage or using tty
-              if options[:stdin] && !use_sudo && !options[:wrapper]
-                channel.send_data(options[:stdin])
-                channel.eof!
+            end
+            write_th = Thread.new do
+              chunk_size = 4096
+              eof = false
+              active = true
+              readable = false
+              while active && !eof
+                @session.loop(0.1) do
+                  active = session_channel.active?
+                  readable = select([in_rd], [], [], 0)
+                  # Loop as long as the channel is still live and there's nothing to be written
+                  active && !readable
+                end
+                if readable
+                  if in_rd.eof?
+                    session_channel.eof!
+                    eof = true
+                  else
+                    to_write = in_rd.readpartial(chunk_size)
+                    session_channel.send_data(to_write)
+                  end
+                end
               end
+              session_channel.wait
             end
+            write_th.join
+            exit_code
+          ensure
+            write_th.terminate
+            in_rd.close
+            out_wr.close
+            err_wr.close
           end
-          session_channel.wait
-
-          if result_output.exit_code == 0
-            @logger.debug { "Command returned successfully" }
-          else
-            @logger.info { "Command failed with exit code #{result_output.exit_code}" }
-          end
-          result_output
-        rescue StandardError
-          @logger.debug { "Command aborted" }
-          raise
+          [in_wr, out_rd, err_rd, th]
         end
 
         def copy_file(source, destination)
@@ -295,6 +240,16 @@ module Bolt
             end
           end
         end
+
+        def shell
+          @shell ||= Bolt::Shell::Bash.new(target, self)
+        end
+
+        # This is used by the Bash shell to decide whether to `cd` before
+        # executing commands as a run-as user
+        def reset_cwd?
+          true
+        end
       end
     end
   end