bolt 2.4.0 → 2.5.0

data/lib/bolt/transport/local/shell.rb

@@ -1,216 +0,0 @@
-# frozen_string_literal: true
-
-require 'open3'
-require 'fileutils'
-require 'bolt/node/output'
-require 'bolt/util'
-
-module Bolt
-  module Transport
-    class Local < Sudoable
-      class Shell < Sudoable::Connection
-        attr_accessor :user, :logger, :target
-        attr_writer :run_as
-
-        CHUNK_SIZE = 4096
-
-        def initialize(target)
-          @target = target
-          # The familiar problem: Etc.getlogin is broken on osx
-          @user = ENV['USER'] || Etc.getlogin
-          @run_as = target.options['run-as']
-          @logger = Logging.logger[self]
-          @sudo_id = SecureRandom.uuid
-        end
-
-        # If prompted for sudo password, send password to stdin and return an
-        # empty string. Otherwise, check for sudo errors and raise Bolt error.
-        # If sudo_id is detected, that means the task needs to have stdin written.
-        # If error is not sudo-related, return the stderr string to be added to
-        # node output
-        def handle_sudo(stdin, err, pid, sudo_stdin)
-          if err.include?(Sudoable.sudo_prompt)
-            # A wild sudo prompt has appeared!
-            if @target.options['sudo-password']
-              stdin.write("#{@target.options['sudo-password']}\n")
-              ''
-            else
-              raise Bolt::Node::EscalateError.new(
-                "Sudo password for user #{@user} was not provided for localhost",
-                'NO_PASSWORD'
-              )
-            end
-          elsif err =~ /^#{@sudo_id}/
-            if sudo_stdin
-              stdin.write("#{sudo_stdin}\n")
-              stdin.close
-            end
-            ''
-          else
-            handle_sudo_errors(err, pid)
-          end
-        end
-
-        def handle_sudo_errors(err, pid)
-          if err =~ /^#{@user} is not in the sudoers file\./
-            @logger.debug { err }
-            raise Bolt::Node::EscalateError.new(
-              "User #{@user} does not have sudo permission on localhost",
-              'SUDO_DENIED'
-            )
-          elsif err =~ /^Sorry, try again\./
-            @logger.debug { err }
-            # CODEREVIEW can we kill a sudo process without sudo password?
-            Process.kill('TERM', pid)
-            raise Bolt::Node::EscalateError.new(
-              "Sudo password for user #{@user} not recognized on localhost",
-              'BAD_PASSWORD'
-            )
-          else
-            # No need to raise an error - just return the string
-            err
-          end
-        end
-
-        def copy_file(source, dest)
-          @logger.debug { "Uploading #{source}, to #{dest}" }
-          if source.is_a?(StringIO)
-            File.open("tempfile", "w") { |f| f.write(source.read) }
-            execute(['mv', 'tempfile', dest])
-          else
-            # Mimic the behavior of `cp --remove-destination`
-            # since the flag isn't supported on MacOS
-            result = execute(['rm', '-rf', dest])
-            if result.exit_code != 0
-              message = "Could not remove existing file #{dest}: #{result.stderr.string}"
-              raise Bolt::Node::FileError.new(message, 'REMOVE_ERROR')
-            end
-
-            result = execute(['cp', '-r', source, dest])
-            if result.exit_code != 0
-              message = "Could not copy file to #{dest}: #{result.stderr.string}"
-              raise Bolt::Node::FileError.new(message, 'COPY_ERROR')
-            end
-          end
-        end
-
-        def with_tmpscript(script)
-          with_tempdir do |dir|
-            dest = File.join(dir.to_s, File.basename(script))
-            copy_file(script, dest)
-            yield dest, dir
-          end
-        end
-
-        # See if there's a sudo prompt in the output
-        # If not, return the output
-        def check_sudo(out, inp, pid, stdin)
-          buffer = out.readpartial(CHUNK_SIZE)
-          # Split on newlines, including the newline
-          lines = buffer.split(/(?<=[\n])/)
-          # handle_sudo will return the line if it is not a sudo prompt or error
-          lines.map! { |line| handle_sudo(inp, line, pid, stdin) }
-          lines.join("")
-        # If stream has reached EOF, no password prompt is expected
-        # return an empty string
-        rescue EOFError
-          ''
-        end
-
-        def execute(command, sudoable: true, **options)
-          run_as = options[:run_as] || self.run_as
-          escalate = sudoable && run_as && @user != run_as
-          use_sudo = escalate && @target.options['run-as-command'].nil?
-
-          command_str = inject_interpreter(options[:interpreter], command)
-
-          if escalate
-            if use_sudo
-              sudo_exec = target.options['sudo-executable'] || "sudo"
-              sudo_flags = [sudo_exec, "-k", "-S", "-u", run_as, "-p", Sudoable.sudo_prompt]
-              sudo_flags += ["-E"] if options[:environment]
-              sudo_str = Shellwords.shelljoin(sudo_flags)
-            else
-              sudo_str = Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])
-            end
-            command_str = build_sudoable_command_str(command_str, sudo_str, @sudo_id, options)
-          end
-
-          command_arr = options[:environment].nil? ? [command_str] : [options[:environment], command_str]
-
-          # Prepare the variables!
-          result_output = Bolt::Node::Output.new
-          # Sudo handler will pass stdin if needed.
-          in_buffer = !use_sudo && options[:stdin] ? options[:stdin] : ''
-          # Chunks of this size will be read in one iteration
-          index = 0
-          timeout = 0.1
-
-          inp, out, err, t = Open3.popen3(*command_arr)
-          read_streams = { out => String.new,
-                           err => String.new }
-          write_stream = in_buffer.empty? ? [] : [inp]
-
-          # See if there's a sudo prompt
-          if use_sudo
-            ready_read = select([err], nil, nil, timeout * 5)
-            read_streams[err] << check_sudo(err, inp, t.pid, options[:stdin]) if ready_read
-          end
-
-          # True while the process is running or waiting for IO input
-          while t.alive?
-            # See if we can read from out or err, or write to in
-            ready_read, ready_write, = select(read_streams.keys, write_stream, nil, timeout)
-
-            # Read from out and err
-            ready_read&.each do |stream|
-              # Check for sudo prompt
-              read_streams[stream] << if use_sudo
-                                        check_sudo(stream, inp, t.pid, options[:stdin])
-                                      else
-                                        stream.readpartial(CHUNK_SIZE)
-                                      end
-            rescue EOFError
-            end
-
-            # select will either return an empty array if there are no
-            # writable streams or nil if no IO object is available before the
-            # timeout is reached.
-            writable = if ready_write.respond_to?(:empty?)
-                         !ready_write.empty?
-                       else
-                         !ready_write.nil?
-                       end
-
-            begin
-              if writable && index < in_buffer.length
-                to_print = in_buffer[index..-1]
-                written = inp.write_nonblock to_print
-                index += written
-
-                if index >= in_buffer.length && !write_stream.empty?
-                  inp.close
-                  write_stream = []
-                end
-              end
-              # If a task has stdin as an input_method but doesn't actually
-              # read from stdin, the task may return and close the input stream
-            rescue Errno::EPIPE
-              write_stream = []
-            end
-          end
-          # Read any remaining data in the pipe. Do not wait for
-          # EOF in case the pipe is inherited by a child process.
-          read_streams.each do |stream, _|
-            loop { read_streams[stream] << stream.read_nonblock(CHUNK_SIZE) }
-          rescue Errno::EAGAIN, EOFError
-          end
-          result_output.stdout << read_streams[out]
-          result_output.stderr << read_streams[err]
-          result_output.exit_code = t.value.exitstatus
-          result_output
-        end
-      end
-    end
-  end
-end

data/lib/bolt/transport/sudoable.rb

@@ -1,150 +0,0 @@
-# frozen_string_literal: true
-
-require 'shellwords'
-require 'bolt/transport/base'
-
-module Bolt
-  module Transport
-    class Sudoable < Base
-      def self.sudo_prompt
-        '[sudo] Bolt needs to run as another user, password: '
-      end
-
-      def run_command(target, command, options = {})
-        with_connection(target) do |conn|
-          conn.running_as(options[:run_as]) do
-            output = conn.execute(command, sudoable: true)
-            Bolt::Result.for_command(target,
-                                     output.stdout.string,
-                                     output.stderr.string,
-                                     output.exit_code,
-                                     'command', command)
-          end
-        end
-      end
-
-      def upload(target, source, destination, options = {})
-        with_connection(target) do |conn|
-          conn.running_as(options[:run_as]) do
-            conn.with_tempdir do |dir|
-              basename = File.basename(destination)
-              tmpfile = File.join(dir.to_s, basename)
-              conn.copy_file(source, tmpfile)
-              # pass over file ownership if we're using run-as to be a different user
-              dir.chown(conn.run_as)
-              result = conn.execute(['mv', '-f', tmpfile, destination], sudoable: true)
-              if result.exit_code != 0
-                message = "Could not move temporary file '#{tmpfile}' to #{destination}: #{result.stderr.string}"
-                raise Bolt::Node::FileError.new(message, 'MV_ERROR')
-              end
-            end
-            Bolt::Result.for_upload(target, source, destination)
-          end
-        end
-      end
-
-      def run_script(target, script, arguments, options = {})
-        # unpack any Sensitive data
-        arguments = unwrap_sensitive_args(arguments)
-
-        with_connection(target) do |conn|
-          conn.running_as(options[:run_as]) do
-            conn.with_tempdir do |dir|
-              path = conn.write_executable(dir.to_s, script)
-              dir.chown(conn.run_as)
-              output = conn.execute([path, *arguments], sudoable: true)
-              Bolt::Result.for_command(target,
-                                       output.stdout.string,
-                                       output.stderr.string,
-                                       output.exit_code,
-                                       'script', script)
-            end
-          end
-        end
-      end
-
-      def run_task(target, task, arguments, options = {})
-        implementation = select_implementation(target, task)
-        executable = implementation['path']
-        input_method = implementation['input_method']
-        extra_files = implementation['files']
-
-        with_connection(target) do |conn|
-          conn.running_as(options[:run_as]) do
-            stdin, output = nil
-            execute_options = {}
-            execute_options[:interpreter] = select_interpreter(executable, target.options['interpreters'])
-            interpreter_debug = if execute_options[:interpreter]
-                                  " using '#{execute_options[:interpreter]}' interpreter"
-                                end
-            # log the arguments with sensitive data redacted, do NOT log unwrapped_arguments
-            logger.debug("Running '#{executable}' with #{arguments.to_json}#{interpreter_debug}")
-            # unpack any Sensitive data
-            arguments = unwrap_sensitive_args(arguments)
-
-            conn.with_tempdir do |dir|
-              if extra_files.empty?
-                task_dir = dir
-              else
-                # TODO: optimize upload of directories
-                arguments['_installdir'] = dir.to_s
-                task_dir = File.join(dir.to_s, task.tasks_dir)
-                dir.mkdirs([task.tasks_dir] + extra_files.map { |file| File.dirname(file['name']) })
-                extra_files.each do |file|
-                  conn.copy_file(file['path'], File.join(dir.to_s, file['name']))
-                end
-              end
-
-              if STDIN_METHODS.include?(input_method)
-                stdin = JSON.dump(arguments)
-              end
-
-              if ENVIRONMENT_METHODS.include?(input_method)
-                execute_options[:environment] = envify_params(arguments)
-              end
-
-              remote_task_path = conn.write_executable(task_dir, executable)
-
-              # Avoid the horrors of passing data on stdin via a tty on multiple platforms
-              # by writing a wrapper script that directs stdin to the task.
-              if stdin && target.options['tty']
-                wrapper = make_wrapper_stringio(remote_task_path, stdin, execute_options[:interpreter])
-                execute_options.delete(:interpreter)
-                execute_options[:wrapper] = true
-                remote_task_path = conn.write_executable(dir, wrapper, 'wrapper.sh')
-              end
-
-              dir.chown(conn.run_as)
-
-              execute_options[:stdin] = stdin
-              execute_options[:sudoable] = true if conn.run_as
-              output = conn.execute(remote_task_path, execute_options)
-            end
-            Bolt::Result.for_task(target, output.stdout.string,
-                                  output.stderr.string,
-                                  output.exit_code,
-                                  task.name)
-          end
-        end
-      end
-
-      def make_wrapper_stringio(task_path, stdin, interpreter = nil)
-        if interpreter
-          StringIO.new(<<~SCRIPT)
-            #!/bin/sh
-            '#{interpreter}' '#{task_path}' <<'EOF'
-            #{stdin}
-            EOF
-            SCRIPT
-        else
-          StringIO.new(<<~SCRIPT)
-            #!/bin/sh
-            '#{task_path}' <<'EOF'
-            #{stdin}
-            EOF
-            SCRIPT
-        end
-      end
-    end
-  end
-end

data/lib/bolt/transport/sudoable/connection.rb

@@ -1,118 +0,0 @@
-# frozen_string_literal: true
-
-require 'bolt/transport/sudoable/tmpdir'
-
-module Bolt
-  module Transport
-    class Sudoable < Base
-      class Connection
-        attr_accessor :target
-
-        def initialize(target)
-          @target = target
-          @run_as = nil
-          @logger = Logging.logger[@target.safe_name]
-        end
-
-        # This method allows the @run_as variable to be used as a per-operation
-        # override for the user to run as. When @run_as is unset, the user
-        # specified on the target will be used.
-        def run_as
-          @run_as || target.options['run-as']
-        end
-
-        # Run as the specified user for the duration of the block.
-        def running_as(user)
-          @run_as = user
-          yield
-        ensure
-          @run_as = nil
-        end
-
-        def make_executable(path)
-          result = execute(['chmod', 'u+x', path])
-          if result.exit_code != 0
-            message = "Could not make file '#{path}' executable: #{result.stderr.string}"
-            raise Bolt::Node::FileError.new(message, 'CHMOD_ERROR')
-          end
-        end
-
-        def make_tempdir
-          tmpdir = @target.options.fetch('tmpdir', '/tmp')
-          script_dir = @target.options.fetch('script-dir', SecureRandom.uuid)
-          tmppath = File.join(tmpdir, script_dir)
-          command = ['mkdir', '-m', 700, tmppath]
-
-          result = execute(command)
-          if result.exit_code != 0
-            raise Bolt::Node::FileError.new("Could not make tempdir: #{result.stderr.string}", 'TEMPDIR_ERROR')
-          end
-          path = tmppath || result.stdout.string.chomp
-          Sudoable::Tmpdir.new(self, path)
-        end
-
-        def write_executable(dir, file, filename = nil)
-          filename ||= File.basename(file)
-          remote_path = File.join(dir.to_s, filename)
-          copy_file(file, remote_path)
-          make_executable(remote_path)
-          remote_path
-        end
-
-        # A helper to create and delete a tempdir on the remote system. Yields the
-        # directory name.
-        def with_tempdir
-          dir = make_tempdir
-          yield dir
-        ensure
-          dir&.delete
-        end
-
-        def execute(*_args)
-          message = "#{self.class.name} must implement #{method} to execute commands"
-          raise NotImplementedError, message
-        end
-
-        # In the case where a task is run with elevated privilege and needs stdin
-        # a random string is echoed to stderr indicating that the stdin is available
-        # for task input data because the sudo password has already either been
-        # provided on stdin or was not needed.
-        def prepend_sudo_success(sudo_id, command_str, reset_cwd)
-          command_str = "cd && #{command_str}" if reset_cwd
-          "sh -c 'echo #{sudo_id} 1>&2; #{command_str}'"
-        end
-
-        def prepend_chdir(command_str)
-          "sh -c 'cd && #{command_str}'"
-        end
-
-        # A helper to build up a single string that contains all of the options for
-        # privilege escalation. A wrapper script is used to direct task input to stdin
-        # when a tty is allocated and thus we do not need to prepend_sudo_success when
-        # using the wrapper or when the task does not require stdin data.
-        def build_sudoable_command_str(command_str, sudo_str, sudo_id, options)
-          if options[:stdin] && !options[:wrapper]
-            "#{sudo_str} #{prepend_sudo_success(sudo_id, command_str, options[:reset_cwd])}"
-          elsif options[:reset_cwd]
-            "#{sudo_str} #{prepend_chdir(command_str)}"
-          else
-            "#{sudo_str} #{command_str}"
-          end
-        end
-
-        # Returns string with the interpreter conditionally prepended
-        def inject_interpreter(interpreter, command)
-          if interpreter
-            if command.is_a?(Array)
-              command.unshift(interpreter)
-            else
-              command = [interpreter, command]
-            end
-          end
-
-          command.is_a?(String) ? command : Shellwords.shelljoin(command)
-        end
-      end
-    end
-  end
-end