bolt 2.7.0 → 2.11.1

data/lib/bolt/config/transport/base.rb

@@ -9,12 +9,12 @@ module Bolt
       class Base
         attr_reader :input
 
-        def initialize(data = {}, boltdir = nil)
+        def initialize(data = {}, project = nil)
           assert_hash_or_config(data)
           @input    = data
           @resolved = !Bolt::Util.references?(input)
           @config   = resolved? ? Bolt::Util.deep_merge(defaults, filter(input)) : defaults
-          @boltdir  = boltdir
+          @project  = project
 
           validate if resolved?
         end
@@ -62,7 +62,7 @@ module Bolt
             Bolt::Util.deep_merge(acc, layer_data)
           end
 
-          self.class.new(merged, @boltdir)
+          self.class.new(merged, @project)
         end
 
         # Resolve any references in the input data, then remerge it with the defaults

data/lib/bolt/config/transport/docker.rb

@@ -7,6 +7,8 @@ module Bolt
   class Config
     module Transport
       class Docker < Base
+        # NOTE: All transport configuration options should have a corresponding schema definition
+        #       in schemas/bolt-transport-definitions.json
         OPTIONS = {
           "cleanup"       => { type: TrueClass,
                                desc: "Whether to clean up temporary files created on targets." },

data/lib/bolt/config/transport/local.rb

@@ -7,6 +7,8 @@ module Bolt
   class Config
     module Transport
       class Local < Base
+        # NOTE: All transport configuration options should have a corresponding schema definition
+        #       in schemas/bolt-transport-definitions.json
         OPTIONS = {
           "cleanup"         => { type: TrueClass,
                                  desc: "Whether to clean up temporary files created on targets." },

data/lib/bolt/config/transport/orch.rb

@@ -7,6 +7,8 @@ module Bolt
   class Config
     module Transport
       class Orch < Base
+        # NOTE: All transport configuration options should have a corresponding schema definition
+        #       in schemas/bolt-transport-definitions.json
         OPTIONS = {
           "cacert"            => { type: String,
                                    desc: "The path to the CA certificate." },
@@ -32,12 +34,12 @@ module Bolt
           super
 
           if @config['cacert']
-            @config['cacert'] = File.expand_path(@config['cacert'], @boltdir)
+            @config['cacert'] = File.expand_path(@config['cacert'], @project)
             Bolt::Util.validate_file('cacert', @config['cacert'])
           end
 
           if @config['token-file']
-            @config['token-file'] = File.expand_path(@config['token-file'], @boltdir)
+            @config['token-file'] = File.expand_path(@config['token-file'], @project)
             Bolt::Util.validate_file('token-file', @config['token-file'])
           end
         end

data/lib/bolt/config/transport/remote.rb

@@ -7,6 +7,8 @@ module Bolt
   class Config
     module Transport
       class Remote < Base
+        # NOTE: All transport configuration options should have a corresponding schema definition
+        #       in schemas/bolt-transport-definitions.json
         OPTIONS = {
           "run-on" => { type: String,
                         desc: "The proxy target that the task executes on." }

data/lib/bolt/config/transport/ssh.rb

@@ -8,16 +8,25 @@ module Bolt
     module Transport
       class SSH < Base
         LOGIN_SHELLS = %w[sh bash zsh dash ksh powershell].freeze
+
+        # NOTE: All transport configuration options should have a corresponding schema definition
+        #       in schemas/bolt-transport-definitions.json
         OPTIONS = {
           "cleanup"            => { type: TrueClass,
+                                    external: true,
                                     desc: "Whether to clean up temporary files created on targets." },
           "connect-timeout"    => { type: Integer,
                                     desc: "How long to wait when establishing connections." },
+          "copy-command"       => { external: true,
+                                    desc: "Command to use when copying files using ssh-command. "\
+                                          "Bolt runs `<copy-command> <src> <dest>`. **This option is experimental.**" },
           "disconnect-timeout" => { type: Integer,
                                     desc: "How long to wait before force-closing a connection." },
           "host"               => { type: String,
+                                    external: true,
                                     desc: "Host name." },
           "host-key-check"     => { type: TrueClass,
+                                    external: true,
                                     desc: "Whether to perform host key validation when connecting." },
           "extensions"         => { type: Array,
                                     desc: "List of file extensions that are accepted for scripts or tasks on Windows. "\
@@ -26,6 +35,7 @@ module Bolt
                                          "a `.py` script runs with `python.exe`. The extensions `.ps1`, `.rb`, and "\
                                          "`.pp` are always allowed and run via hard-coded executables." },
           "interpreters"       => { type: Hash,
+                                    external: true,
                                     desc: "A map of an extension name to the absolute path of an executable, "\
                                           "enabling you to override the shebang defined in a task executable. The "\
                                           "extension can optionally be specified with the `.` character (`.py` and "\
@@ -41,26 +51,36 @@ module Bolt
           "password"           => { type: String,
                                     desc: "Login password." },
           "port"               => { type: Integer,
+                                    external: true,
                                     desc: "Connection port." },
-          "private-key"        => { desc: "Either the path to the private key file to use for authentication, or a "\
+          "private-key"        => { external: true,
+                                    desc: "Either the path to the private key file to use for authentication, or a "\
                                           "hash with the key `key-data` and the contents of the private key." },
           "proxyjump"          => { type: String,
                                     desc: "A jump host to proxy connections through, and an optional user to "\
                                           "connect with." },
           "run-as"             => { type: String,
+                                    external: true,
                                     desc: "A different user to run commands as after login." },
           "run-as-command"     => { type: Array,
+                                    external: true,
                                     desc: "The command to elevate permissions. Bolt appends the user and command "\
                                           "strings to the configured `run-as-command` before running it on the "\
                                           "target. This command must not require an interactive password prompt, "\
                                           "and the `sudo-password` option is ignored when `run-as-command` is "\
                                           "specified. The `run-as-command` must be specified as an array." },
           "script-dir"         => { type: String,
+                                    external: true,
                                     desc: "The subdirectory of the tmpdir to use in place of a randomized "\
                                           "subdirectory for uploading and executing temporary files on the "\
                                           "target. It's expected that this directory already exists as a subdir "\
                                           "of tmpdir, which is either configured or defaults to `/tmp`." },
+          "ssh-command"        => { external: true,
+                                    desc: "Command and flags to use when SSHing. This enables the external "\
+                                          "SSH transport which shells out to the specified command. "\
+                                          "**This option is experimental.**" },
           "sudo-executable"    => { type: String,
+                                    external: true,
                                     desc: "The executable to use when escalating to the configured `run-as` "\
                                           "user. This is useful when you want to escalate using the configured "\
                                           "`sudo-password`, since `run-as-command` does not use `sudo-password` "\
@@ -68,14 +88,17 @@ module Bolt
                                           "`<sudo-executable> -S -u <user> -p custom_bolt_prompt <command>`. "\
                                           "**This option is experimental.**" },
           "sudo-password"      => { type: String,
+                                    external: true,
                                     desc: "Password to use when changing users via `run-as`." },
           "tmpdir"             => { type: String,
+                                    external: true,
                                     desc: "The directory to upload and execute temporary files on the target." },
           "tty"                => { type: TrueClass,
                                     desc: "Request a pseudo tty for the session. This option is generally "\
                                           "only used in conjunction with the `run-as` option when the sudoers "\
                                           "policy requires a `tty`." },
           "user"               => { type: String,
+                                    external: true,
                                     desc: "Login user." }
         }.freeze
 
@@ -99,7 +122,14 @@ module Bolt
             end
 
             if key_opt.instance_of?(String)
-              @config['private-key'] = File.expand_path(key_opt, @boltdir)
+              @config['private-key'] = File.expand_path(key_opt, @project)
+
+              # We have an explicit test for this to only warn if using net-ssh transport
+              Bolt::Util.validate_file('ssh key', @config['private-key']) if @config['ssh-command']
+            end
+
+            if key_opt.instance_of?(Hash) && @config['ssh-command']
+              raise Bolt::ValidationError, 'private-key must be a filepath when using ssh-command'
             end
           end
 
@@ -127,6 +157,25 @@ module Bolt
               end
             end
           end
+
+          if @config['ssh-command'] && !@config['load-config']
+            msg = 'Cannot use external SSH transport with load-config set to false'
+            raise Bolt::ValidationError, msg
+          end
+
+          if (ssh_cmd = @config['ssh-command'])
+            unless ssh_cmd.is_a?(String) || ssh_cmd.is_a?(Array)
+              raise Bolt::ValidationError,
+                    "ssh-command must be a String or Array, received #{ssh_cmd.class} #{ssh_cmd.inspect}"
+            end
+          end
+
+          if (copy_cmd = @config['copy-command'])
+            unless copy_cmd.is_a?(String) || copy_cmd.is_a?(Array)
+              raise Bolt::ValidationError,
+                    "copy-command must be a String or Array, received #{copy_cmd.class} #{copy_cmd.inspect}"
+            end
+          end
         end
       end
     end

data/lib/bolt/config/transport/winrm.rb

@@ -7,6 +7,8 @@ module Bolt
   class Config
     module Transport
       class WinRM < Base
+        # NOTE: All transport configuration options should have a corresponding schema definition
+        #       in schemas/bolt-transport-definitions.json
         OPTIONS = {
           "basic-auth-only" => { type: TrueClass,
                                  desc: "Force basic authentication. This option is only available when using SSL." },
@@ -71,7 +73,7 @@ module Bolt
             end
 
             if @config['cacert']
-              @config['cacert'] = File.expand_path(@config['cacert'], @boltdir)
+              @config['cacert'] = File.expand_path(@config['cacert'], @project)
               Bolt::Util.validate_file('cacert', @config['cacert'])
             end
           end

data/lib/bolt/executor.rb

@@ -278,6 +278,22 @@ module Bolt
       end
     end
 
+    def run_task_with(target_mapping, task, options = {})
+      targets = target_mapping.keys
+      description = options.fetch(:description, "task #{task.name}")
+
+      log_action(description, targets) do
+        options[:run_as] = run_as if run_as && !options.key?(:run_as)
+        target_mapping.each_value { |arguments| arguments['_task'] = task.name }
+
+        batch_execute(targets) do |transport, batch|
+          with_node_logging("Running task #{task.name}'", batch) do
+            transport.batch_task_with(batch, task, target_mapping, options, &method(:publish_event))
+          end
+        end
+      end
+    end
+
     def upload_file(targets, source, destination, options = {})
       description = options.fetch(:description, "file upload from #{source} to #{destination}")
       log_action(description, targets) do

data/lib/bolt/inventory.rb

@@ -15,6 +15,7 @@ module Bolt
 
     class ValidationError < Bolt::Error
       attr_accessor :path
+
       def initialize(message, offending_group)
         super(message, 'bolt.inventory/validation-error')
         @_message = message
@@ -83,7 +84,7 @@ module Bolt
 
     def self.empty
       config  = Bolt::Config.default
-      plugins = Bolt::Plugin.setup(config, nil, nil, Bolt::Analytics::NoopClient)
+      plugins = Bolt::Plugin.setup(config, nil)
 
       create_version({}, config.transport, config.transports, plugins)
     end

data/lib/bolt/inventory/group.rb

@@ -12,6 +12,7 @@ module Bolt
       # Regex used to validate group names and target aliases.
       NAME_REGEX = /\A[a-z0-9_][a-z0-9_-]*\Z/.freeze
 
+      # NOTE: All keys should have a corresponding schema property in schemas/bolt-inventory.schema.json
       DATA_KEYS = %w[config facts vars features plugin_hooks].freeze
       TARGET_KEYS = DATA_KEYS + %w[name alias uri]
       GROUP_KEYS = DATA_KEYS + %w[name groups targets]

data/lib/bolt/inventory/inventory.rb

@@ -7,6 +7,7 @@ module Bolt
   class Inventory
     class Inventory
       attr_reader :targets, :plugins, :config, :transport
+
       class WildcardError < Bolt::Error
         def initialize(target)
           super("Found 0 targets matching wildcard pattern #{target}", 'bolt.inventory/wildcard-error')
@@ -318,6 +319,10 @@ module Bolt
       def target_config(target)
         @targets[target.name].config
       end
+
+      def resources(target)
+        @targets[target.name].resources
+      end
     end
   end
 end

data/lib/bolt/inventory/target.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
+require 'bolt/resource_instance'
+
 module Bolt
   class Inventory
     # This class represents the active state of a target within the inventory.
     class Target
-      attr_reader :name, :uri, :safe_name, :target_alias
+      attr_reader :name, :uri, :safe_name, :target_alias, :resources
 
       def initialize(target_data, inventory)
         unless target_data['name'] || target_data['uri']
@@ -36,12 +38,26 @@ module Bolt
         # When alias is specified in a plan, the key will be `target_alias`, when
         # alias is specified in inventory the key will be `alias`.
         @target_alias = target_data['target_alias'] || target_data['alias'] || []
+        @resources = {}
 
         @inventory = inventory
 
         validate
       end
 
+      # rubocop:disable Naming/AccessorMethodName
+      def set_resource(resource)
+        if (existing_resource = resources[resource.reference])
+          existing_resource.overwrite_state(resource.state)
+          existing_resource.overwrite_desired_state(resource.desired_state)
+          existing_resource.events = existing_resource.events + resource.events
+          existing_resource
+        else
+          @resources[resource.reference] = resource
+        end
+      end
+      # rubocop:enable Naming/AccessorMethodName
+
       def vars
         group_cache['vars'].merge(@vars)
       end

data/lib/bolt/node/output.rb

@@ -12,7 +12,7 @@ module Bolt
       def initialize
         @stdout = StringIO.new
         @stderr = StringIO.new
-        @exit_code = 'unkown'
+        @exit_code = 'unknown'
       end
     end
   end

data/lib/bolt/outputter/human.rb

@@ -107,13 +107,14 @@ module Bolt
 
           # Use special handling if the result looks like a command or script result
           if result.generic_value.keys == %w[stdout stderr exit_code]
-            unless result['stdout'].strip.empty?
+            safe_value = result.safe_value
+            unless safe_value['stdout'].strip.empty?
               @stream.puts(indent(2, "STDOUT:"))
-              @stream.puts(indent(4, result['stdout']))
+              @stream.puts(indent(4, safe_value['stdout']))
             end
-            unless result['stderr'].strip.empty?
+            unless safe_value['stderr'].strip.empty?
               @stream.puts(indent(2, "STDERR:"))
-              @stream.puts(indent(4, result['stderr']))
+              @stream.puts(indent(4, safe_value['stderr']))
             end
           elsif result.generic_value.any?
             @stream.puts(indent(2, ::JSON.pretty_generate(result.generic_value)))

data/lib/bolt/outputter/json.rb

@@ -28,7 +28,7 @@ module Bolt
 
       def print_result(result)
         @stream.puts ',' if @preceding_item
-        @stream.puts result.status_hash.to_json
+        @stream.puts result.to_json
         @preceding_item = true
       end
 

data/lib/bolt/pal.rb

@@ -40,7 +40,7 @@ module Bolt
     attr_reader :modulepath
 
     def initialize(modulepath, hiera_config, resource_types, max_compiles = Etc.nprocessors,
-                   trusted_external = nil, apply_settings = {})
+                   trusted_external = nil, apply_settings = {}, project = nil)
       # Nothing works without initialized this global state. Reinitializing
       # is safe and in practice only happens in tests
       self.class.load_puppet
@@ -52,6 +52,7 @@ module Bolt
       @apply_settings = apply_settings
       @max_compiles = max_compiles
       @resource_types = resource_types
+      @project = project
 
       @logger = Logging.logger[self]
       if modulepath && !modulepath.empty?
@@ -114,7 +115,7 @@ module Bolt
       compiler.evaluate_string('type PlanResult = Boltlib::PlanResult')
     end
 
-    # Register all resource types defined in $Boltdir/.resource_types as well as
+    # Register all resource types defined in $Project/.resource_types as well as
     # the built in types registered with the runtime_3_init method.
     def register_resource_types(loaders)
       static_loader = loaders.static_loader
@@ -136,19 +137,34 @@ module Bolt
       # TODO: If we always call this inside a bolt_executor we can remove this here
       setup
       r = Puppet::Pal.in_tmp_environment('bolt', modulepath: @modulepath, facts: {}) do |pal|
-        pal.with_script_compiler do |compiler|
-          alias_types(compiler)
-          register_resource_types(Puppet.lookup(:loaders)) if @resource_types
-          begin
-            Puppet.override(yaml_plan_instantiator: Bolt::PAL::YamlPlan::Loader) do
+        Puppet.override(bolt_project: @project,
+                        yaml_plan_instantiator: Bolt::PAL::YamlPlan::Loader) do
+          pal.with_script_compiler do |compiler|
+            alias_types(compiler)
+            register_resource_types(Puppet.lookup(:loaders)) if @resource_types
+            begin
               yield compiler
+            rescue Bolt::Error => e
+              e
+            rescue Puppet::DataBinding::LookupError => e
+              if e.issue_code == :HIERA_UNDEFINED_VARIABLE
+                message = "Interpolations are not supported in lookups outside of an apply block: #{e.message}"
+                PALError.new(message)
+              else
+                PALError.from_preformatted_error(e)
+              end
+            rescue Puppet::PreformattedError => e
+              if e.issue_code == :UNKNOWN_VARIABLE &&
+                 %w[facts trusted server_facts settings].include?(e.arguments[:name])
+                message = "Evaluation Error: Variable '#{e.arguments[:name]}' is not available in the current scope "\
+                  "unless explicitly defined. (file: #{e.file}, line: #{e.line}, column: #{e.pos})"
+                PALError.new(message)
+              else
+                PALError.from_preformatted_error(e)
+              end
+            rescue StandardError => e
+              PALError.from_preformatted_error(e)
             end
-          rescue Bolt::Error => e
-            e
-          rescue Puppet::PreformattedError => e
-            PALError.from_preformatted_error(e)
-          rescue StandardError => e
-            PALError.from_preformatted_error(e)
           end
         end
       end
@@ -215,6 +231,7 @@ module Bolt
         Puppet.initialize_settings(cli)
         Puppet::GettextConfig.create_default_text_domain
         Puppet[:trusted_external_command] = @trusted_external
+        Puppet.settings[:hiera_config] = @hiera_config
         self.class.configure_logging
         yield
       end
@@ -312,7 +329,8 @@ module Bolt
         raise Bolt::Error.unknown_plan(plan_name)
       end
 
-      mod = plan_sig.instance_variable_get(:@plan_func).loader.parent.path
+      # path may be a Pathname object, so make sure to stringify it
+      mod = plan_sig.instance_variable_get(:@plan_func).loader.parent.path.to_s
 
       # If it's a Puppet language plan, use strings to extract data. The only
       # way to tell is to check which filename exists in the module.