bolt 2.6.0 → 2.11.0

data/lib/bolt/result_set.rb

@@ -99,17 +99,14 @@ module Bolt
       self.class == other.class && @results == other.results
     end
 
-    def to_a
-      @results.map(&:status_hash)
-    end
-
     def to_json(opts = nil)
-      @results.map(&:status_hash).to_json(opts)
+      to_data.to_json(opts)
     end
 
     def to_data
       @results.map(&:to_data)
     end
+    alias to_a to_data
 
     def to_s
       to_json

data/lib/bolt/secret.rb

@@ -1,17 +1,33 @@
 # frozen_string_literal: true
 
+require 'bolt/plugin'
+
 module Bolt
   class Secret
+    KNOWN_KEYS = {
+      'createkeys' => %w[keysize private_key public_key],
+      'encrypt'    => %w[public_key],
+      'decrypt'    => %w[private_key public_key]
+    }.freeze
+
     def self.execute(plugins, outputter, options)
-      plugin = options[:plugin] || 'pkcs7'
+      name   = options[:plugin] || 'pkcs7'
+      plugin = plugins.by_name(name)
+
+      unless plugin
+        raise Bolt::Plugin::PluginError::Unknown, name
+      end
+
       case options[:action]
       when 'createkeys'
-        plugins.get_hook(plugin, :secret_createkeys).call
+        opts = { 'force' => options[:force] }.compact
+        result = plugins.get_hook(name, :secret_createkeys).call(opts)
+        outputter.print_message(result)
       when 'encrypt'
-        encrypted = plugins.get_hook(plugin, :secret_encrypt).call('plaintext_value' => options[:object])
+        encrypted = plugins.get_hook(name, :secret_encrypt).call('plaintext_value' => options[:object])
         outputter.print_message(encrypted)
       when 'decrypt'
-        decrypted = plugins.get_hook(plugin, :secret_decrypt).call('encrypted_value' => options[:object])
+        decrypted = plugins.get_hook(name, :secret_decrypt).call('encrypted_value' => options[:object])
         outputter.print_message(decrypted)
       end
 

data/lib/bolt/shell/bash.rb

@@ -34,7 +34,7 @@ module Bolt
 
       def upload(source, destination, options = {})
         running_as(options[:run_as]) do
-          with_tempdir do |dir|
+          with_tmpdir do |dir|
             basename = File.basename(destination)
             tmpfile = File.join(dir.to_s, basename)
             conn.copy_file(source, tmpfile)
@@ -55,7 +55,7 @@ module Bolt
         arguments = unwrap_sensitive_args(arguments)
 
         running_as(options[:run_as]) do
-          with_tempdir do |dir|
+          with_tmpdir do |dir|
             path = write_executable(dir.to_s, script)
             dir.chown(run_as)
             output = execute([path, *arguments], sudoable: true)
@@ -86,7 +86,7 @@ module Bolt
           # unpack any Sensitive data
           arguments = unwrap_sensitive_args(arguments)
 
-          with_tempdir do |dir|
+          with_tmpdir do |dir|
             if extra_files.empty?
               task_dir = dir
             else
@@ -150,8 +150,14 @@ module Bolt
           end
         elsif err =~ /^#{@sudo_id}/
           if sudo_stdin
-            stdin.write("#{sudo_stdin}\n")
-            stdin.close
+            begin
+              stdin.write("#{sudo_stdin}\n")
+              stdin.close
+            # If a task has stdin as an input_method but doesn't actually read
+            # from stdin, the task may return and close the input stream before
+            # we finish writing
+            rescue Errno::EPIPE
+            end
           end
           ''
         else
@@ -234,7 +240,7 @@ module Bolt
         end
       end
 
-      def make_tempdir
+      def make_tmpdir
         tmpdir = @target.options.fetch('tmpdir', '/tmp')
         script_dir = @target.options.fetch('script-dir', SecureRandom.uuid)
         tmppath = File.join(tmpdir, script_dir)
@@ -242,7 +248,7 @@ module Bolt
 
         result = execute(command)
         if result.exit_code != 0
-          raise Bolt::Node::FileError.new("Could not make tempdir: #{result.stderr.string}", 'TEMPDIR_ERROR')
+          raise Bolt::Node::FileError.new("Could not make tmpdir: #{result.stderr.string}", 'TMPDIR_ERROR')
         end
         path = tmppath || result.stdout.string.chomp
         Bolt::Shell::Bash::Tmpdir.new(self, path)
@@ -256,13 +262,19 @@ module Bolt
         remote_path
       end
 
-      # A helper to create and delete a tempdir on the remote system. Yields the
+      # A helper to create and delete a tmpdir on the remote system. Yields the
       # directory name.
-      def with_tempdir
-        dir = make_tempdir
+      def with_tmpdir
+        dir = make_tmpdir
         yield dir
       ensure
-        dir&.delete
+        if dir
+          if target.options['cleanup']
+            dir.delete
+          else
+            @logger.warn("Skipping cleanup of tmpdir #{dir}")
+          end
+        end
       end
 
       # In the case where a task is run with elevated privilege and needs stdin
@@ -341,9 +353,9 @@ module Bolt
         # Chunks of this size will be read in one iteration
         index = 0
         timeout = 0.1
+        result_output = Bolt::Node::Output.new
 
         inp, out, err, t = conn.execute(command_str)
-        result_output = Bolt::Node::Output.new
         read_streams = { out => String.new,
                          err => String.new }
         write_stream = in_buffer.empty? ? [] : [inp]
@@ -393,8 +405,9 @@ module Bolt
                 write_stream = []
               end
             end
-          # If a task has stdin as an input_method but doesn't actually
-          # read from stdin, the task may return and close the input stream
+          # If a task has stdin as an input_method but doesn't actually read
+          # from stdin, the task may return and close the input stream before
+          # we finish writing
           rescue Errno::EPIPE
             write_stream = []
           end

data/lib/bolt/shell/bash/tmpdir.rb

@@ -48,7 +48,7 @@ module Bolt
         def delete
           result = @shell.execute(['rm', '-rf', @path], sudoable: true, run_as: @owner)
           if result.exit_code != 0
-            @logger.warn("Failed to clean up tempdir '#{@path}': #{result.stderr.string}")
+            @logger.warn("Failed to clean up tmpdir '#{@path}': #{result.stderr.string}")
           end
           # For testing
           result.stderr.string

data/lib/bolt/shell/powershell.rb

@@ -6,7 +6,7 @@ module Bolt
   class Shell
     class Powershell < Shell
       DEFAULT_EXTENSIONS = Set.new(%w[.ps1 .rb .pp])
-      PS_ARGS = %w[-NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass -File].freeze
+      PS_ARGS = %w[-NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass].freeze
 
       def initialize(target, conn)
         super
@@ -45,7 +45,7 @@ module Bolt
         when '.ps1'
           [
             'powershell.exe',
-            [*PS_ARGS, path]
+            [*PS_ARGS, '-File', path]
           ]
         when '.pp'
           [
@@ -119,11 +119,11 @@ module Bolt
         end
       end
 
-      def make_tempdir
+      def make_tmpdir
         find_parent = target.options['tmpdir'] ? "\"#{target.options['tmpdir']}\"" : '[System.IO.Path]::GetTempPath()'
-        result = execute(Snippets.make_tempdir(find_parent))
+        result = execute(Snippets.make_tmpdir(find_parent))
         if result.exit_code != 0
-          raise Bolt::Node::FileError.new("Could not make tempdir: #{result.stderr.string}", 'TEMPDIR_ERROR')
+          raise Bolt::Node::FileError.new("Could not make tmpdir: #{result.stderr.string}", 'TMPDIR_ERROR')
         end
         result.stdout.string.chomp
       end
@@ -132,11 +132,21 @@ module Bolt
         execute(Snippets.rmdir(dir))
       end
 
-      def with_tempdir
-        dir = make_tempdir
-        yield dir
+      def with_tmpdir
+        unless @tmpdir
+          # Only cleanup the directory afterward if we made it to begin with
+          owner = true
+          @tmpdir = make_tmpdir
+        end
+        yield @tmpdir
       ensure
-        rmdir(dir)
+        if owner && @tmpdir
+          if target.options['cleanup']
+            rmdir(@tmpdir)
+          else
+            @logger.warn("Skipping cleanup of tmpdir '#{@tmpdir}'")
+          end
+        end
       end
 
       def run_ps_task(task_path, arguments, input_method)
@@ -167,7 +177,7 @@ module Bolt
       def run_script(script, arguments, _options = {})
         # unpack any Sensitive data
         arguments = unwrap_sensitive_args(arguments)
-        with_tempdir do |dir|
+        with_tmpdir do |dir|
           script_path = write_executable(dir, script)
           command = if powershell_file?(script_path)
                       Snippets.run_script(arguments, script_path)
@@ -194,7 +204,7 @@ module Bolt
 
         # unpack any Sensitive data
         arguments = unwrap_sensitive_args(arguments)
-        with_tempdir do |dir|
+        with_tmpdir do |dir|
           if extra_files.empty?
             task_dir = dir
           else
@@ -243,14 +253,32 @@ module Bolt
       end
 
       def execute(command)
+        if conn.max_command_length && command.length > conn.max_command_length
+          return with_tmpdir do |dir|
+            command += "\r\nif (!$?) { if($LASTEXITCODE) { exit $LASTEXITCODE } else { exit 1 } }"
+            script_file = File.join(dir, "#{SecureRandom.uuid}_wrapper.ps1")
+            conn.copy_file(StringIO.new(command), script_file)
+            args = escape_arguments([script_file])
+            script_invocation = ['powershell.exe', *PS_ARGS, '-File', *args].join(' ')
+            execute(script_invocation)
+          end
+        end
         inp, out, err, t = conn.execute(command)
 
         result = Bolt::Node::Output.new
         inp.close
-        out.binmode
-        err.binmode
-        stdout = Thread.new { result.stdout << out.read }
-        stderr = Thread.new { result.stderr << err.read }
+        stdout = Thread.new do
+          # Set to binmode to preserve \r\n line endings, but save and restore
+          # the proper encoding so the string isn't later misinterpreted
+          encoding = out.external_encoding
+          out.binmode
+          result.stdout << out.read.force_encoding(encoding)
+        end
+        stderr = Thread.new do
+          encoding = err.external_encoding
+          err.binmode
+          result.stderr << err.read.force_encoding(encoding)
+        end
 
         stdout.join
         stderr.join

data/lib/bolt/shell/powershell/snippets.rb

@@ -20,7 +20,7 @@ module Bolt
             PS
           end
 
-          def make_tempdir(parent)
+          def make_tmpdir(parent)
             <<~PS
             $parent = #{parent}
             $name = [System.IO.Path]::GetRandomFileName()

data/lib/bolt/target.rb

@@ -31,7 +31,8 @@ module Bolt
                                 facts = nil,
                                 vars = nil,
                                 features = nil,
-                                plugin_hooks = nil)
+                                plugin_hooks = nil,
+                                resources = nil)
       from_asserted_hash('uri' => uri)
     end
     # rubocop:enable Lint/UnusedMethodArgument
@@ -75,6 +76,16 @@ module Bolt
       inventory_target.target_alias
     end
 
+    def resources
+      inventory_target.resources
+    end
+
+    # rubocop:disable Naming/AccessorMethodName
+    def set_resource(resource)
+      inventory_target.set_resource(resource)
+    end
+    # rubocop:enable Naming/AccessorMethodName
+
     def to_h
       options.to_h.merge(
         'name' => name,
@@ -99,7 +110,8 @@ module Bolt
         'vars' => vars,
         'features' => features,
         'facts' => facts,
-        'plugin_hooks' => plugin_hooks
+        'plugin_hooks' => plugin_hooks,
+        'groups' => @inventory.group_names_for(name)
       }
     end
 
@@ -154,5 +166,9 @@ module Bolt
       self.class.equal?(other.class) && @name == other.name
     end
     alias == eql?
+
+    def hash
+      @name.hash
+    end
   end
 end

data/lib/bolt/transport/base.rb

@@ -32,7 +32,7 @@ module Bolt
     # Transports that need their own batching, like the Orch transport, can
     # instead override the batches() method to split Targets into sets that can
     # be executed together, and override the batch_task() and related methods
-    # to execute a batch of nodes. In that case, those Transports should accept
+    # to execute a batch of targets. In that case, those Transports should accept
     # a block argument and call it with a :node_start event for each Target
     # before executing, and a :node_result event for each Target after
     # execution.
@@ -90,12 +90,12 @@ module Bolt
       # case and raises an error if it's not.
       def assert_batch_size_one(method, targets)
         if targets.length > 1
-          message = "#{self.class.name} must implement #{method} to support batches (got #{targets.length} nodes)"
+          message = "#{self.class.name} must implement #{method} to support batches (got #{targets.length} targets)"
           raise NotImplementedError, message
         end
       end
 
-      # Runs the given task on a batch of nodes.
+      # Runs the given task on a batch of targets.
       #
       # The default implementation only supports batches of size 1 and will fail otherwise.
       #
@@ -104,12 +104,28 @@ module Bolt
         assert_batch_size_one("batch_task()", targets)
         target = targets.first
         with_events(target, callback, 'task') do
-          @logger.debug { "Running task run '#{task}' on #{target.safe_name}" }
+          @logger.debug { "Running task '#{task.name}' on #{target.safe_name}" }
           run_task(target, task, arguments, options)
         end
       end
 
-      # Runs the given command on a batch of nodes.
+      # Runs the given task on a batch of targets with variable parameters.
+      #
+      # The default implementation only supports batches of size 1 and will fail otherwise.
+      #
+      # Transports may override this method to implment their own batch processing.
+      def batch_task_with(targets, task, target_mapping, options = {}, &callback)
+        assert_batch_size_one("batch_task_with()", targets)
+        target = targets.first
+        arguments = target_mapping[target]
+
+        with_events(target, callback, 'task') do
+          @logger.debug { "Running task '#{task.name}' on #{target.safe_name} with '#{arguments.to_json}'" }
+          run_task(target, task, arguments, options)
+        end
+      end
+
+      # Runs the given command on a batch of targets.
       #
       # The default implementation only supports batches of size 1 and will fail otherwise.
       #
@@ -123,7 +139,7 @@ module Bolt
         end
       end
 
-      # Runs the given script on a batch of nodes.
+      # Runs the given script on a batch of targets.
       #
       # The default implementation only supports batches of size 1 and will fail otherwise.
       #
@@ -137,7 +153,7 @@ module Bolt
         end
       end
 
-      # Uploads the given source file to the destination location on a batch of nodes.
+      # Uploads the given source file to the destination location on a batch of targets.
       #
       # The default implementation only supports batches of size 1 and will fail otherwise.
       #
@@ -157,7 +173,7 @@ module Bolt
       end
 
       # Split the given list of targets into a list of batches. The default
-      # implementation returns single-node batches.
+      # implementation returns single-target batches.
       #
       # Transports may override this method, and the corresponding batch_*
       # methods, to implement their own batch processing.

data/lib/bolt/transport/docker.rb

@@ -19,7 +19,7 @@ module Bolt
 
       def upload(target, source, destination, _options = {})
         with_connection(target) do |conn|
-          conn.with_remote_tempdir do |dir|
+          conn.with_remote_tmpdir do |dir|
             basename = File.basename(destination)
             tmpfile = "#{dir}/#{basename}"
             if File.directory?(source)
@@ -57,7 +57,7 @@ module Bolt
         arguments = unwrap_sensitive_args(arguments)
 
         with_connection(target) do |conn|
-          conn.with_remote_tempdir do |dir|
+          conn.with_remote_tmpdir do |dir|
             remote_path = conn.write_remote_executable(dir, script)
             stdout, stderr, exitcode = conn.execute(remote_path, *arguments, {})
             Bolt::Result.for_command(target, stdout, stderr, exitcode, 'script', script)
@@ -77,7 +77,7 @@ module Bolt
         with_connection(target) do |conn|
           execute_options = {}
           execute_options[:interpreter] = select_interpreter(executable, target.options['interpreters'])
-          conn.with_remote_tempdir do |dir|
+          conn.with_remote_tmpdir do |dir|
             if extra_files.empty?
               task_dir = dir
             else

data/lib/bolt/transport/docker/connection.rb

@@ -103,25 +103,29 @@ module Bolt
           end
         end
 
-        def make_tempdir
+        def make_tmpdir
           tmpdir = @target.options.fetch('tmpdir', container_tmpdir)
           tmppath = "#{tmpdir}/#{SecureRandom.uuid}"
 
           stdout, stderr, exitcode = execute('mkdir', '-m', '700', tmppath, {})
           if exitcode != 0
-            raise Bolt::Node::FileError.new("Could not make tempdir: #{stderr}", 'TEMPDIR_ERROR')
+            raise Bolt::Node::FileError.new("Could not make tmpdir: #{stderr}", 'TMPDIR_ERROR')
           end
           tmppath || stdout.first
         end
 
-        def with_remote_tempdir
-          dir = make_tempdir
+        def with_remote_tmpdir
+          dir = make_tmpdir
           yield dir
         ensure
           if dir
-            _, stderr, exitcode = execute('rm', '-rf', dir, {})
-            if exitcode != 0
-              @logger.warn("Failed to clean up tempdir '#{dir}': #{stderr}")
+            if @target.options['cleanup']
+              _, stderr, exitcode = execute('rm', '-rf', dir, {})
+              if exitcode != 0
+                @logger.warn("Failed to clean up tmpdir '#{dir}': #{stderr}")
+              end
+            else
+              @logger.warn("Skipping cleanup of tmpdir '#{dir}'")
             end
           end
         end