bolt 2.6.0 → 2.11.0

data/bolt-modules/file/lib/puppet/functions/file/exists.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-# Check if a file exists.
+# Check if a local file exists using Puppet's
+# `Puppet::Parser::Files.find_file()` function. This will only check files that
+# are on the machine Bolt is run on.
 Puppet::Functions.create_function(:'file::exists', Puppet::Functions::InternalFunction) do
   # @param filename Absolute path or Puppet file path.
   # @return Whether the file exists.

data/bolt-modules/file/lib/puppet/functions/file/join.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Join file paths.
+# Join file paths using ruby's `File.join()` function.
 Puppet::Functions.create_function(:'file::join') do
   # @param paths The paths to join.
   # @return The joined file path.

data/bolt-modules/file/lib/puppet/functions/file/read.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-# Read a file and return its contents.
+# Read a file on localhost and return its contents using ruby's `File.read`. This will
+# only read files on the machine you run Bolt on.
 Puppet::Functions.create_function(:'file::read', Puppet::Functions::InternalFunction) do
   # @param filename Absolute path or Puppet file path.
   # @return The file's contents.

data/bolt-modules/file/lib/puppet/functions/file/readable.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-# Check if a file is readable.
+# Check if a local file is readable using Puppet's
+# `Puppet::Parser::Files.find_file()` function. This will only check files on the
+# machine you run Bolt on.
 Puppet::Functions.create_function(:'file::readable', Puppet::Functions::InternalFunction) do
   # @param filename Absolute path or Puppet file path.
   # @return Whether the file is readable.

data/bolt-modules/file/lib/puppet/functions/file/write.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-# Write a string to a file.
+# Write a string to a file on localhost using ruby's `File.write`. This will
+# only write files to the machine you run Bolt on. Use `write_file()` to write
+# to remote targets.
 Puppet::Functions.create_function(:'file::write') do
   # @param filename Absolute path.
   # @param content File content to write.

data/bolt-modules/prompt/lib/puppet/functions/prompt.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'bolt/error'
+
+# Display a prompt and wait for a response.
+#
+# > **Note:** Not available in apply block
+Puppet::Functions.create_function(:prompt) do
+  # @param prompt The prompt to display.
+  # @param options A hash of additional options.
+  # @option options [Boolean] sensitive Disable echo back and mark the response as sensitive.
+  # @return The response to the prompt.
+  # @example Prompt the user if plan execution should continue
+  #   $response = prompt('Continue executing plan? [Y\N]')
+  # @example Prompt the user for sensitive information
+  #   $password = prompt('Enter your password', 'sensitive' => true)
+  dispatch :prompt do
+    param 'String', :prompt
+    optional_param 'Hash[String[1], Any]', :options
+    return_type 'Variant[String, Sensitive]'
+  end
+
+  def prompt(prompt, options = {})
+    unless Puppet[:tasks]
+      raise Puppet::ParseErrorWithIssue
+        .from_issue_and_stack(Bolt::PAL::Issues::PLAN_OPERATION_NOT_SUPPORTED_WHEN_COMPILING,
+                              action: 'prompt')
+    end
+
+    options = options.transform_keys(&:to_sym)
+
+    executor = Puppet.lookup(:bolt_executor)
+    executor.report_function_call(self.class.name)
+
+    response = executor.prompt(prompt, options)
+
+    if options[:sensitive]
+      Puppet::Pops::Types::PSensitiveType::Sensitive.new(response)
+    else
+      response
+    end
+  end
+end

data/lib/bolt/analytics.rb

@@ -63,7 +63,7 @@ module Bolt
               disabled: true
 
             Read more about what data Bolt collects and why here:
-              https://puppet.com/docs/bolt/latest/bolt_installing.html#concept-8242
+              https://puppet.com/docs/bolt/latest/bolt_installing.html#analytics-data-collection
             ANALYTICS
         end
 

data/lib/bolt/applicator.rb

@@ -34,6 +34,8 @@ module Bolt
           search_dirs << mod.plugins if mod.plugins?
           search_dirs << mod.pluginfacts if mod.pluginfacts?
           search_dirs << mod.files if mod.files?
+          type_files = "#{mod.path}/types"
+          search_dirs << type_files if File.exist?(type_files)
           search_dirs
         end
       end
@@ -155,7 +157,6 @@ module Bolt
       end
 
       plan_vars = scope.to_hash(true, true)
-      %w[trusted server_facts facts].each { |k| plan_vars.delete(k) }
 
       targets = @inventory.get_targets(args[0])
 
@@ -182,7 +183,7 @@ module Bolt
                                                                        rich_data: true,
                                                                        symbol_as_string: true,
                                                                        type_by_reference: true,
-                                                                       local_reference: false)
+                                                                       local_reference: true)
 
       scope = {
         code_ast: ast,

data/lib/bolt/apply_inventory.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'bolt/boltdir'
+require 'bolt/project'
 require 'bolt/config'
 require 'bolt/error'
 

data/lib/bolt/apply_result.rb

@@ -57,7 +57,7 @@ module Bolt
           msg = "Report result contains an '_output' key. Catalog application may have printed extraneous output to stdout: #{result['_output']}"
           # rubocop:enable Layout/LineLength
         else
-          msg = "Report did not contain all expected keys missing: #{missing_keys.join(' ,')}"
+          msg = "Report did not contain all expected keys missing: #{missing_keys.join(', ')}"
         end
 
         { 'msg' => msg,

data/lib/bolt/apply_target.rb

@@ -3,7 +3,7 @@
 module Bolt
   class ApplyTarget
     ATTRIBUTES = %i[uri name target_alias config vars facts features
-                    plugin_hooks safe_name].freeze
+                    plugin_hooks resources safe_name].freeze
     COMPUTED = %i[host password port protocol user].freeze
 
     attr_reader(*ATTRIBUTES)
@@ -24,7 +24,8 @@ module Bolt
                                 facts = nil,
                                 vars = nil,
                                 features = nil,
-                                plugin_hooks = nil)
+                                plugin_hooks = nil,
+                                resources = nil)
       raise Bolt::Error.new("Target objects cannot be instantiated inside apply blocks", 'bolt/apply-error')
     end
     # rubocop:enable Lint/UnusedMethodArgument
@@ -57,6 +58,10 @@ module Bolt
       @user = Addressable::URI.unencode_component(uri_obj.user) || t_conf['user']
     end
 
+    def to_s
+      @safe_name
+    end
+
     def parse_uri(string)
       require 'addressable/uri'
       if string.nil?
@@ -73,5 +78,9 @@ module Bolt
     rescue Addressable::URI::InvalidURIError => e
       raise Bolt::ParseError, "Could not parse target URI: #{e.message}"
     end
+
+    def hash
+      @name.hash
+    end
   end
 end

data/lib/bolt/bolt_option_parser.rb

@@ -9,9 +9,9 @@ module Bolt
     OPTIONS = { inventory: %w[targets query rerun description],
                 authentication: %w[user password password-prompt private-key host-key-check ssl ssl-verify],
                 escalation: %w[run-as sudo-password sudo-password-prompt sudo-executable],
-                run_context: %w[concurrency inventoryfile save-rerun],
+                run_context: %w[concurrency inventoryfile save-rerun cleanup],
                 global_config_setters: %w[modulepath boltdir configfile],
-                transports: %w[transport connect-timeout tty],
+                transports: %w[transport connect-timeout tty ssh-command copy-command],
                 display: %w[format color verbose trace],
                 global: %w[help version debug] }.freeze
 
@@ -64,7 +64,7 @@ module Bolt
           { flags: OPTIONS[:global] + OPTIONS[:global_config_setters],
             banner: PLAN_CONVERT_HELP }
         when 'run'
-          { flags: ACTION_OPTS + %w[params compile-concurrency tmpdir],
+          { flags: ACTION_OPTS + %w[params compile-concurrency tmpdir hiera-config],
             banner: PLAN_RUN_HELP }
         when 'show'
           { flags: OPTIONS[:global] + OPTIONS[:global_config_setters] + %w[filter format],
@@ -112,7 +112,7 @@ module Bolt
       when 'secret'
         case action
         when 'createkeys'
-          { flags: OPTIONS[:global] + OPTIONS[:global_config_setters] + %w[plugin],
+          { flags: OPTIONS[:global] + OPTIONS[:global_config_setters] + %w[plugin force],
             banner: SECRET_CREATEKEYS_HELP }
         when 'decrypt'
           { flags: OPTIONS[:global] + OPTIONS[:global_config_setters] + %w[plugin],
@@ -594,6 +594,7 @@ module Bolt
     HELP
 
     attr_reader :warnings
+
     def initialize(options)
       super()
 
@@ -655,8 +656,8 @@ module Bolt
         @options[:password] = STDIN.noecho(&:gets).chomp
         STDERR.puts
       end
-      define('--private-key KEY', 'Private ssh key to authenticate with') do |key|
-        @options[:'private-key'] = key
+      define('--private-key KEY', 'Path to private ssh key to authenticate with') do |key|
+        @options[:'private-key'] = File.expand_path(key)
       end
       define('--[no-]host-key-check', 'Check host keys with SSH') do |host_key_check|
         @options[:'host-key-check'] = host_key_check
@@ -688,13 +689,17 @@ module Bolt
 
       separator "\nRUN CONTEXT OPTIONS"
       define('-c', '--concurrency CONCURRENCY', Integer,
-             'Maximum number of simultaneous connections (default: 100)') do |concurrency|
+             'Maximum number of simultaneous connections') do |concurrency|
         @options[:concurrency] = concurrency
       end
       define('--compile-concurrency CONCURRENCY', Integer,
              'Maximum number of simultaneous manifest block compiles (default: number of cores)') do |concurrency|
         @options[:'compile-concurrency'] = concurrency
       end
+      define('--[no-]cleanup',
+             'Whether to clean up temporary files created on targets') do |cleanup|
+        @options[:cleanup] = cleanup
+      end
       define('-m', '--modulepath MODULES',
              "List of directories containing modules, separated by '#{File::PATH_SEPARATOR}'",
              'Directories are case-sensitive') do |modulepath|
@@ -712,6 +717,10 @@ module Bolt
              'Directory containing bolt.yaml will be used as the Boltdir.') do |path|
         @options[:configfile] = path
       end
+      define('--hiera-config FILEPATH',
+             'Specify where to load Hiera config from (default: ~/.puppetlabs/bolt/hiera.yaml)') do |path|
+        @options[:'hiera-config'] = File.expand_path(path)
+      end
       define('-i', '--inventoryfile FILEPATH',
              'Specify where to load inventory from (default: ~/.puppetlabs/bolt/inventory.yaml)') do |path|
         if ENV.include?(Bolt::Inventory::ENVIRONMENT_VAR)
@@ -733,6 +742,14 @@ module Bolt
              "Specify a default transport: #{TRANSPORTS.keys.join(', ')}") do |t|
         @options[:transport] = t
       end
+      define('--ssh-command EXEC', "Executable to use instead of the net-ssh ruby library. ",
+             "This option is experimental.") do |exec|
+        @options[:'ssh-command'] = exec
+      end
+      define('--copy-command EXEC', "Command to copy files to remote hosts if using external SSH. ",
+             "This option is experimental.") do |exec|
+        @options[:'copy-command'] = exec
+      end
       define('--connect-timeout TIMEOUT', Integer, 'Connection timeout (defaults vary)') do |timeout|
         @options[:'connect-timeout'] = timeout
       end
@@ -771,6 +788,9 @@ module Bolt
              'when initializing a project. Resolves and installs all dependencies.') do |modules|
         @options[:modules] = modules.split(',')
       end
+      define('--force', 'Overwrite existing key pairs') do |_force|
+        @options[:force] = true
+      end
 
       separator "\nGLOBAL OPTIONS"
       define('-h', '--help', 'Display help') do |_|

data/lib/bolt/catalog.rb

@@ -70,9 +70,38 @@ module Bolt
                           bolt_inventory: inv) do
             Puppet.lookup(:pal_current_node).trusted_data = target['trusted']
             pal.with_catalog_compiler do |compiler|
-              # This needs to happen inside the catalog compiler so loaders are initialized for loading
-              vars = Puppet::Pops::Serialization::FromDataConverter.convert(request['plan_vars'])
-              pal.send(:add_variables, compiler.send(:topscope), target['variables'].merge(vars))
+              # Deserializing needs to happen inside the catalog compiler so
+              # loaders are initialized for loading
+              plan_vars = Puppet::Pops::Serialization::FromDataConverter.convert(request['plan_vars'])
+
+              # Facts will be set by the catalog compiler, so we need to ensure
+              # that any plan or target variables with the same name are not
+              # passed into the apply block to avoid a redefinition error.
+              # Filter out plan and target vars separately and raise a Puppet
+              # warning if there are any collisions for either. Puppet warning
+              # is the only way to log a message that will make it back to Bolt
+              # to be printed.
+              pv_collisions, pv_filtered = plan_vars.partition do |k, _|
+                target['facts'].keys.include?(k)
+              end.map(&:to_h)
+              unless pv_collisions.empty?
+                print_pv = pv_collisions.keys.map { |k| "$#{k}" }.join(', ')
+                plural = pv_collisions.keys.length == 1 ? '' : 's'
+                Puppet.warning("Plan variable#{plural} #{print_pv} will be overridden by fact#{plural} " \
+                               "of the same name in the apply block")
+              end
+
+              tv_collisions, tv_filtered = target['variables'].partition do |k, _|
+                target['facts'].keys.include?(k)
+              end.map(&:to_h)
+              unless tv_collisions.empty?
+                print_tv = tv_collisions.keys.map { |k| "$#{k}" }.join(', ')
+                plural = tv_collisions.keys.length == 1 ? '' : 's'
+                Puppet.warning("Target variable#{plural} #{print_tv} " \
+                               "will be overridden by fact#{plural} of the same name in the apply block")
+              end
+
+              pal.send(:add_variables, compiler.send(:topscope), tv_filtered.merge(pv_filtered))
 
               # Configure language strictness in the CatalogCompiler. We want Bolt to be able
               # to compile most Puppet 4+ manifests, so we default to allowing deprecated functions.

data/lib/bolt/cli.rb

@@ -114,18 +114,19 @@ module Bolt
       @config = if options[:configfile]
                   Bolt::Config.from_file(options[:configfile], options)
                 else
-                  boltdir = if options[:boltdir]
-                              Bolt::Boltdir.new(options[:boltdir])
+                  project = if options[:boltdir]
+                              Bolt::Project.new(options[:boltdir])
                             else
-                              Bolt::Boltdir.find_boltdir(Dir.pwd)
+                              Bolt::Project.find_boltdir(Dir.pwd)
                             end
-                  Bolt::Config.from_boltdir(boltdir, options)
+                  Bolt::Config.from_project(project, options)
                 end
 
       Bolt::Logger.configure(config.log, config.color)
 
-      # Logger must be configured before checking path case, otherwise warnings will not display
+      # Logger must be configured before checking path case and project file, otherwise warnings will not display
       @config.check_path_case('modulepath', @config.modulepath)
+      @config.project.check_deprecated_file
 
       # Log the file paths for loaded config files
       config_loaded
@@ -238,6 +239,12 @@ module Bolt
       if options[:subcommand] == 'command' && (!options[:object] || options[:object].empty?)
         raise Bolt::CLIError, "Must specify a command to run"
       end
+
+      if options[:subcommand] == 'secret' &&
+         (options[:action] == 'decrypt' || options[:action] == 'encrypt') &&
+         !options[:object]
+        raise Bolt::CLIError, "Must specify a value to #{options[:action]}"
+      end
     end
 
     def handle_parser_errors
@@ -251,13 +258,11 @@ module Bolt
     end
 
     def puppetdb_client
-      return @puppetdb_client if @puppetdb_client
-      puppetdb_config = Bolt::PuppetDB::Config.load_config(nil, config.puppetdb, config.boltdir.path)
-      @puppetdb_client = Bolt::PuppetDB::Client.new(puppetdb_config)
+      plugins.puppetdb_client
     end
 
     def plugins
-      @plugins ||= Bolt::Plugin.setup(config, pal, puppetdb_client, analytics)
+      @plugins ||= Bolt::Plugin.setup(config, pal, analytics)
     end
 
     def query_puppetdb_nodes(query)
@@ -314,7 +319,8 @@ module Bolt
 
       screen_view_fields = {
         output_format: config.format,
-        boltdir_type: config.boltdir.type
+        # For continuity
+        boltdir_type: config.project.type
       }
 
       # Only include target and inventory info for commands that take a targets
@@ -447,6 +453,7 @@ module Bolt
     def list_tasks
       tasks = pal.list_tasks
       tasks.select! { |task| task.first.include?(options[:filter]) } if options[:filter]
+      tasks.select! { |task| config.project.tasks.include?(task.first) } unless config.project.tasks.nil?
       outputter.print_tasks(tasks, pal.list_modulepath)
     end
 
@@ -457,6 +464,7 @@ module Bolt
     def list_plans
       plans = pal.list_plans
       plans.select! { |plan| plan.first.include?(options[:filter]) } if options[:filter]
+      plans.select! { |plan| config.project.plans.include?(plan.first) } unless config.project.plans.nil?
       outputter.print_plans(plans, pal.list_modulepath)
     end
 
@@ -567,10 +575,10 @@ module Bolt
     # Initializes a specified directory as a Bolt project and installs any modules
     # specified by the user, along with their dependencies
     def initialize_project
-      boltdir    = Pathname.new(File.expand_path(options[:object] || Dir.pwd))
-      config     = boltdir + 'bolt.yaml'
-      puppetfile = boltdir + 'Puppetfile'
-      modulepath = [boltdir + 'modules']
+      project    = Pathname.new(File.expand_path(options[:object] || Dir.pwd))
+      config     = project + 'bolt.yaml'
+      puppetfile = project + 'Puppetfile'
+      modulepath = [project + 'modules']
 
       # If modules were specified, first check if there is already a Puppetfile at the project
       # directory, erroring if there is. If there is no Puppetfile, generate the Puppetfile
@@ -590,20 +598,20 @@ module Bolt
       # Warn the user if the project directory already exists. We don't error here since users
       # might not have installed any modules yet.
       if config.exist?
-        @logger.warn "Found existing project directory at #{boltdir}"
+        @logger.warn "Found existing project directory at #{project}"
       end
 
       # Create the project directory
-      FileUtils.mkdir_p(boltdir)
+      FileUtils.mkdir_p(project)
 
-      # Bless the project directory as a boltdir
+      # Bless the project directory as a...wait for it...project
       if FileUtils.touch(config)
-        outputter.print_message "Successfully created Bolt project at #{boltdir}"
+        outputter.print_message "Successfully created Bolt project at #{project}"
       else
-        raise Bolt::FileError.new("Could not create Bolt project directory at #{boltdir}", nil)
+        raise Bolt::FileError.new("Could not create Bolt project directory at #{project}", nil)
       end
 
-      # Write the generated Puppetfile to the fancy new boltdir
+      # Write the generated Puppetfile to the fancy new project
       if puppetfile_specs
         File.write(puppetfile, puppetfile_specs.join("\n"))
         outputter.print_message "Successfully created Puppetfile at #{puppetfile}"
@@ -752,12 +760,14 @@ module Bolt
     end
 
     def pal
+      project = config.project.load_as_module? ? config.project : nil
       @pal ||= Bolt::PAL.new(config.modulepath,
                              config.hiera_config,
-                             config.boltdir.resource_types,
+                             config.project.resource_types,
                              config.compile_concurrency,
                              config.trusted_external,
-                             config.apply_settings)
+                             config.apply_settings,
+                             project)
     end
 
     def convert_plan(plan)
@@ -793,6 +803,20 @@ module Bolt
     end
 
     def bundled_content
+      # If the bundled content directory is empty, Bolt is likely installed as a gem.
+      if ENV['BOLT_GEM'].nil? && incomplete_install?
+        msg = <<~MSG.chomp
+          Bolt may be installed as a gem. To use Bolt reliably and with all of its
+          dependencies, uninstall the 'bolt' gem and install Bolt as a package:
+          https://puppet.com/docs/bolt/latest/bolt_installing.html
+
+          If you meant to install Bolt as a gem and want to disable this warning,
+          set the BOLT_GEM environment variable.
+        MSG
+
+        @logger.warn(msg)
+      end
+
       # We only need to enumerate bundled content when running a task or plan
       content = { 'Plan' => [],
                   'Task' => [],
@@ -816,5 +840,11 @@ module Bolt
       MSG
       @logger.debug(msg)
     end
+
+    # Gem installs include the aggregate, canary, and puppetdb_fact modules, while
+    # package installs include modules listed in the Bolt repo Puppetfile
+    def incomplete_install?
+      (Dir.children(Bolt::PAL::MODULES_PATH) - %w[aggregate canary puppetdb_fact]).empty?
+    end
   end
 end